Missing fork() handling and pitfalls #10

新しいイシュー

crtxcr · 2021-08-09T20:17:19+02:00

crtxcr がコメント

2021-08-09 20:17:19 +02:00

オーナー

We don't do fork()/clone() ourselves, opening the door for many pitfalls, e. g. we inherit open file descriptories which may enable bypassing of the policies we set. Otoh, some open fd's may actually be desired.

We must either offer a safe fork()/clone() or check that the current process is in a reasonable state and/or transform to that state.

We don't do fork()/clone() ourselves, opening the door for many pitfalls, e. g. we inherit open file descriptories which may enable bypassing of the policies we set. Otoh, some open fd's may actually be desired. We must either offer a safe fork()/clone() or check that the current process is in a reasonable state and/or transform to that state.

crtxcr がラベル

bug

enhancement

を追加 2021-08-09 20:17:19 +02:00

crtxcr がコミットでこのイシューを参照

2022-07-17 13:01:24 +02:00

Close file fds by default, introduce policy->keep_fds_open

サインインしてこの会話に参加。