From e28c26c110f822455e4ce07d6f19b019cea7c08c Mon Sep 17 00:00:00 2001
From: Noel <noel@noel.sh>
Date: Sat, 28 Feb 2026 21:01:19 +0100
Subject: [PATCH] fix(unshare): close pidfd after setns

---
 src/unshare.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/unshare.rs b/src/unshare.rs
index 2194f08..440b756 100644
--- a/src/unshare.rs
+++ b/src/unshare.rs
@@ -44,11 +44,14 @@ pub fn setns<'x>(
     let flags = iter.into_iter().fold(0, |acc, x| acc | to_clone_flags(*x));
     let pid_fd = pidfd_open(target_pid)?;
 
-    unsafe {
+    let result = unsafe {
         if libc::setns(pid_fd, flags) < 0 {
             Err(io::Error::last_os_error().into())
         } else {
             Ok(())
         }
-    }
+    };
+    // Always close pidfd regardless of setns result.
+    unsafe { libc::close(pid_fd); }
+    result
 }