Close unused ends of intermediate_pids_sockets sooner

Instead of making this conditional and keeping track of the correct
condition under which to call it, we can use cleanup_fdp(), which is
a no-op when called with a pointer to a negative number, to close the
socket unconditionally.

In the parent bwrap monitor process (outside the sandbox), we never
want to use the write end (which is reserved for the child), so we
can and should close it as soon as we have forked.

Conversely, in the child process, we never want to use the read end
(which is reserved for the parent), so we should close that as soon
as we know we are in the child.

Signed-off-by: Simon McVittie <smcv@collabora.com>

Author: smcv

bubblewrap.c

@@ -3143,10 +3143,10 @@ main (int    argc,
   if (pid != 0)
     {
       /* Parent, outside sandbox, privileged (initially) */
+      cleanup_fdp (&intermediate_pids_sockets[PIPE_WRITE_END]);
 
       if (intermediate_pids_sockets[PIPE_READ_END] != -1)
         {
-          close (intermediate_pids_sockets[PIPE_WRITE_END]);
           pid = read_pid_from_socket (intermediate_pids_sockets[PIPE_READ_END]);
           close (intermediate_pids_sockets[PIPE_READ_END]);
         }
@@ -3212,6 +3212,8 @@ main (int    argc,
       return monitor_child (event_fd, pid, setup_finished_pipe[0]);
     }
 
+  cleanup_fdp (&intermediate_pids_sockets[PIPE_READ_END]);
+
   if (opt_pidns_fd > 0)
     {
       if (setns (opt_pidns_fd, CLONE_NEWPID) != 0)
@@ -3231,8 +3233,6 @@ main (int    argc,
         }
 
       /* We're back, either in a child or grandchild, so message the actual pid to the monitor */
-
-      close (intermediate_pids_sockets[PIPE_READ_END]);
       send_pid_on_socket (intermediate_pids_sockets[PIPE_WRITE_END]);
       close (intermediate_pids_sockets[PIPE_WRITE_END]);
     }