Add an option to close all open file descriptors This adds the minijail_close_open_fds() API to close all open file descriptors (except the pipes that are internally set up to communicate with the jailed process). Bug: 32005517 Test: libminijail_unittest Change-Id: Ia392f14c080716297c5766ad31af983ee6c5ead3

commit: 43ff080dede627c40d1e87bfce549fd955c7a117 [log] [tgz]
author: Luis Hector Chavez <lhchavez@google.com> Fri Oct 07 12:21:07 2016 -0700
committer: Luis Hector Chavez <lhchavez@google.com> Fri Oct 14 08:24:01 2016 -0700
tree: e3692c4623b142a56d76b0c898a392b82d718e3d
parent: 713f6fbed8fd14efce499d5d609d24487b2518a4 [diff] [blame]
diff --git a/libminijail.h b/libminijail.h
index ae829d9..63d1c11 100644
--- a/libminijail.h
+++ b/libminijail.h

@@ -69,6 +69,8 @@
 void minijail_namespace_net(struct minijail *j);
 void minijail_namespace_enter_net(struct minijail *j, const char *ns_path);
 void minijail_namespace_cgroups(struct minijail *j);
+/* Closes all open file descriptors after forking. */
+void minijail_close_open_fds(struct minijail *j);
 /*
  * Implies namespace_vfs and remount_proc_readonly.
  * WARNING: this is NOT THREAD SAFE. See the block comment in </libminijail.c>.
commit	43ff080dede627c40d1e87bfce549fd955c7a117	[log] [tgz]
author	Luis Hector Chavez <lhchavez@google.com>	Fri Oct 07 12:21:07 2016 -0700
committer	Luis Hector Chavez <lhchavez@google.com>	Fri Oct 14 08:24:01 2016 -0700
tree	e3692c4623b142a56d76b0c898a392b82d718e3d
parent	713f6fbed8fd14efce499d5d609d24487b2518a4 [diff] [blame]