Isolate: Close metafile to prevent box_inside writing false data to it

See https://github.com/ronalchn/isolate-cheater for an exploit.

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 687edbfea765dae9348d4e2a9645a8524dc89658..2164c9087bc448f6d70a1f8d45a2af1e759288ae 100644 (file)
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -1244,6 +1244,7 @@ box_inside(void *arg)
   char **args = arg;
   write_errors_to_fd = error_pipes[1];
   close(error_pipes[0]);
+  meta_close();
 
   cg_enter();
   setup_root();