From 06834931a68e74316095df680b98b7ec19e74952 Mon Sep 17 00:00:00 2001
From: Tim Zhang <tim@hyper.sh>
Date: Mon, 3 Aug 2020 10:03:51 +0800
Subject: [PATCH] agent: Fix fd leaks in execute_hook

Fixes: #480

Signed-off-by: Tim Zhang <tim@hyper.sh>
---
 src/agent/rustjail/src/container.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs
index 859d2ccab..0b2f36cfb 100644
--- a/src/agent/rustjail/src/container.rs
+++ b/src/agent/rustjail/src/container.rs
@@ -1495,6 +1495,11 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
     //	state.push_str("\n");
 
     let (rfd, wfd) = unistd::pipe2(OFlag::O_CLOEXEC)?;
+    defer!({
+        let _ = unistd::close(rfd);
+        let _ = unistd::close(wfd);
+    });
+
     match unistd::fork()? {
         ForkResult::Parent { child: _ch } => {
             let buf = read_sync(rfd)?;