Skip to content

Commit

Permalink
libct: rm obsoleted comment
Browse files Browse the repository at this point in the history
This was added by commit f2f1621 when runc-dmz was still a thing.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 5586d7c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
  • Loading branch information
kolyshkin committed Nov 1, 2024
1 parent b66c139 commit e5abb3d
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 10 deletions.
5 changes: 0 additions & 5 deletions libcontainer/setns_init_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,11 +150,6 @@ func (l *linuxSetnsInit) Init() error {
// (otherwise the (*os.File) finaliser could close the wrong file). See
// CVE-2024-21626 for more information as to why this protection is
// necessary.
//
// This is not needed for runc-dmz, because the extra execve(2) step means
// that all O_CLOEXEC file descriptors have already been closed and thus
// the second execve(2) from runc-dmz cannot access internal file
// descriptors from runc.
if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil {
return err
}
Expand Down
5 changes: 0 additions & 5 deletions libcontainer/standard_init_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -284,11 +284,6 @@ func (l *linuxStandardInit) Init() error {
// (otherwise the (*os.File) finaliser could close the wrong file). See
// CVE-2024-21626 for more information as to why this protection is
// necessary.
//
// This is not needed for runc-dmz, because the extra execve(2) step means
// that all O_CLOEXEC file descriptors have already been closed and thus
// the second execve(2) from runc-dmz cannot access internal file
// descriptors from runc.
if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil {
return err
}
Expand Down

0 comments on commit e5abb3d

Please sign in to comment.