From d7e5a6ac35af9b1d48231c9797f229ea0afcea5a Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 5 Sep 2018 11:17:07 -0400
Subject: cleanup

---
 src/firejail/sbox.c                         | 1 +
 src/libpostexecseccomp/libpostexecseccomp.c | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index 1c6f3c327..10c96225a 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -139,6 +139,7 @@ int sbox_run(unsigned filter, int num, ...) {
 				exit(1);
 			}
 			dup2(fd,STDIN_FILENO);
+			close(fd);
 		}
 		else if ((filter & SBOX_ALLOW_STDIN) == 0) {
 			int fd = open("/dev/null",O_RDWR, 0);
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c
index de64d50c5..856adb8fe 100644
--- a/src/libpostexecseccomp/libpostexecseccomp.c
+++ b/src/libpostexecseccomp/libpostexecseccomp.c
@@ -32,8 +32,10 @@ static void load_seccomp(void) {
 		return;
 
 	off_t size = lseek(fd, 0, SEEK_END);
-	if (size <= 0)
+	if (size <= 0) {
+		close(fd);
 		return;
+	}
 	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
 	struct sock_filter *filter = MAP_FAILED;
 	if (size != 0)
-- 
cgit v1.2.3-54-g00ecf