Use cleanup_fd to close intermediate pid sockets

This closes the fd and sets the variable to -1 as a single operation, which is easier to reason about because it does not leave any variables containing dangling references to invalid fds. Signed-off-by: Simon McVittie <smcv@collabora.com>
containers · Oct 30, 2024 · 09169eb · 09169eb
1 parent 3f0847d
commit 09169eb
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/bubblewrap.c b/bubblewrap.c
@@ -3148,7 +3148,7 @@ main (int    argc,
       if (intermediate_pids_sockets[PIPE_READ_END] != -1)
         {
           pid = read_pid_from_socket (intermediate_pids_sockets[PIPE_READ_END]);
-          close (intermediate_pids_sockets[PIPE_READ_END]);
+          cleanup_fdp (&intermediate_pids_sockets[PIPE_READ_END]);
         }
 
       /* Discover namespace ids before we drop privileges */
@@ -3234,7 +3234,7 @@ main (int    argc,
 
       /* We're back, either in a child or grandchild, so message the actual pid to the monitor */
       send_pid_on_socket (intermediate_pids_sockets[PIPE_WRITE_END]);
-      close (intermediate_pids_sockets[PIPE_WRITE_END]);
+      cleanup_fdp (&intermediate_pids_sockets[PIPE_WRITE_END]);
     }
 
   /* Child, in sandbox, privileged in the parent or in the user namespace (if --unshare-user).