Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use the close_range syscall for sanitizing the jailer process
Closes all open FDs in a single syscall. In case close_range is not available then fallback to the old approach. In case the fallback fails then discover open FDs by reading from /proc/self/fds. Fixes a bug where firecracker would end up spending minutes starting which arises when running on systems with OPEN_MAX set to a very high number. Signed-off-by: Grzegorz Uriasz <gorbak25@gmail.com>
- Loading branch information