pyrox.dev
Merge pull request #11602 from zimbatm/stricter-chroot-user
build-fhs-userenv: don't leak file descriptors
+2
-2
pkgs/build-support/build-fhs-userenv/chroot-user.rb
+2
-2
pkgs/build-support/build-fhs-userenv/chroot-user.rb
···
140
140
link_swdir.call swdir, Pathname.new('')
141
141
142
142
# New environment
143
-
ENV.replace(Hash[ envvars.map { |x| [x, ENV[x]] } ])
143
+
new_env = Hash[ envvars.map { |x| [x, ENV[x]] } ]
144
144
145
145
# Finally, exec!
146
-
exec *execp
146
+
exec(new_env, *execp, close_others: true, unsetenv_others: true)
147
147
end
148
148
149
149
# Wait for a child. If we catch a signal, resend it to child and continue