opencontainers · mrunalp · Feb 26, 2019 · Feb 25, 2019 · kolyshkin · Oct 22, 2020
diff --git a/exec.go b/exec.go
@@ -89,6 +89,10 @@ following will output a list of processes running in the container:
 			Usage:  "disable the use of the subreaper used to reap reparented processes",
 			Hidden: true,
 		},
+		cli.IntFlag{
+			Name:  "preserve-fds",
+			Usage: "Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)",
+		},
 	},
 	Action: func(context *cli.Context) error {
 		if err := checkArgs(context, 1, minArgs); err != nil {
@@ -141,6 +145,7 @@ func execProcess(context *cli.Context) (int, error) {
 		pidFile:         context.String("pid-file"),
 		action:          CT_ACT_RUN,
 		init:            false,
+		preserveFDs:     context.Int("preserve-fds"),
 	}
 	return r.run(p)
 }

diff --git a/man/runc-exec.8.md b/man/runc-exec.8.md
@@ -28,3 +28,4 @@ following will output a list of processes running in the container:
    --no-new-privs                           set the no new privileges value for the process
    --cap value, -c value                    add a capability to the bounding set for the process
    --no-subreaper                           disable the use of the subreaper used to reap reparented processes
+   --preserve-fds value                     pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total) (default: 0)
diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats
@@ -127,3 +127,14 @@ function teardown() {
 
   [[ ${output} == "uid=1000 gid=1000 groups=99(nogroup),100(users)" ]]
 }
+
+@test "runc exec --preserve-fds" {
+  # run busybox detached
+  runc run -d --console-socket $CONSOLE_SOCKET test_busybox
+  [ "$status" -eq 0 ]
+
+  run bash -c "cat hello > preserve-fds.test; exec 3<preserve-fds.test; $RUNC --log /proc/self/fd/2 --root $ROOT exec --preserve-fds=1 test_busybox cat /proc/self/fd/3"
+  [ "$status" -eq 0 ]
+
+  [[ "${output}" == *"hello"* ]]
+}