From f461c8073dee9cd10bfae5ae3586e785ec8a5d07 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 21 Aug 2014 17:35:19 +0200
Subject: [PATCH] execute: explain in a comment, why close_all_fds() is invoked
 the second time differently

---
 src/core/execute.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index 2544a2470..b5b22472d 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1635,7 +1635,9 @@ int exec_spawn(ExecCommand *command,
                 }
 
                 /* We repeat the fd closing here, to make sure that
-                 * nothing is leaked from the PAM modules */
+                 * nothing is leaked from the PAM modules. Note that
+                 * we are more aggressive this time since socket_fd
+                 * and the netns fds we don#t need anymore. */
                 err = close_all_fds(fds, n_fds);
                 if (err >= 0)
                         err = shift_fds(fds, n_fds);
-- 
2.30.2