[docker-up] don't leak passed socket

akosyakov · akosyakov · commit de24fda2f74a · 2023-07-03T14:45:30.000Z
diff --git a/components/docker-up/docker-up/main.go b/components/docker-up/docker-up/main.go
@@ -63,9 +63,25 @@ const (
 )
 
 func main() {
+	listenFDs, _ := strconv.Atoi(os.Getenv("LISTEN_FDS"))
+	err := run(listenFDs)
+	if err == nil {
+		return
+	}
+	// ensure to close passed FD to avoid leaking them
+	// in case we fail to start dockerd
+	if listenFDs > 0 {
+		for fd := 3; fd < listenFDs+3; fd++ {
+			_ = unix.Close(fd)
+		}
+	}
+	logrus.WithError(err).Fatal("failed")
+}
+
+func run(listenFDs int) (err error) {
 	self, err := os.Executable()
 	if err != nil {
-		logrus.WithError(err).Fatal()
+		return err
 	}
 
 	pflag.BoolVarP(&opts.Verbose, "verbose", "v", false, "enables verbose logging")
@@ -85,23 +101,18 @@ func main() {
 
 	listenFD := os.Getenv("LISTEN_FDS") != ""
 	if _, err := os.Stat(dockerSocketFN); !listenFD && (err == nil || !os.IsNotExist(err)) {
-		logger.Fatalf("Docker socket already exists at %s.\nIn a Gitpod workspace Docker will start automatically when used.\nIf all else fails, please remove %s and try again.", dockerSocketFN, dockerSocketFN)
+		return xerrors.Errorf("Docker socket already exists at %s.\nIn a Gitpod workspace Docker will start automatically when used.\nIf all else fails, please remove %s and try again.", dockerSocketFN, dockerSocketFN)
 	}
 
 	err = ensurePrerequisites()
 	if err != nil {
-		log.WithError(err).Fatal("failed")
+		return err
 	}
 
-	err = runWithinNetns()
-	if err != nil {
-		log.WithError(err).Fatal("failed")
-	}
+	return runWithinNetns(listenFDs)
 }
 
-func runWithinNetns() (err error) {
-	listenFDs, _ := strconv.Atoi(os.Getenv("LISTEN_FDS"))
-
+func runWithinNetns(listenFDs int) (err error) {
 	args := []string{
 		"--data-root=/workspace/.docker-root",
 	}
