Close sync pipe explicitly in exec

[lifubang]

Fix #4183
To simplify the implemention, we can keep it the same as in standard_init_linux.go.

---

Recent CVE-2024-21626 fix (commit f2f1621) broke a recently added test (commit 0bc4732, #4173) because if exec fails, runc is unable to communicate the error back to the parent.

Let's not close syncPipe.

This fixes the following test failure:

# bats tests/integration/exec.bats 
...
 ✗ RUNC_DMZ=legacy runc exec [execve error]
   (in test file tests/integration/exec.bats, line 340)
     `[ ${#lines[@]} -eq 1 ]' failed
   runc spec (status=0):
   
   runc run -d --console-socket /tmp/bats-run-77CvQx/runc.JurXM2/tty/sock test_busybox (status=0):
   
   runc exec -t test_busybox /run.sh (status=255):
   writing sync procError: write sync: bad file descriptor
   exec /run.sh: no such file or directory

[kolyshkin]

@lifubang I did that initially (instead of what I do in #4183) , and then I thought there is actually no need to close it. It's a socket.

[lifubang]

and then I thought there is actually no need to close it. It's a socket.

Yes, maybe there is no need to close it at this time, but my thought is that we should get the same error msg for runc start and runc exec if there is an error returned by execve, because we took two phrases to start a container, so we need to close the sync pipe to tell the runc create process to exit(maybe we can change to other ways), this is not the same as runc exec, so it causes two different error msgs for execve.

[rata]

LGTM

[kolyshkin]

@lifubang we can merge it if you can remove last commit.

[kolyshkin]

LGMT (except the last commit)

[lifubang]

if you can remove last commit.

If we remove the last commit, the tests for centos will fail.

[kolyshkin]

If we remove the last commit, the tests for centos will fail.

I know, but we're fixing those in #4193

[lifubang]

As go has released v1.22.0, so there is no 1.20.x in https://go.dev/dl/?mode=json anymore.
Please see #4193
If we split the last commit to a seperate PR, it also will fail because of this PR.
So I think we should combine them together to one PR.

[kolyshkin]

I mean, a maintainer can merge bypassing the branch protection rules, and that's what I'm going to do. Unfortunately we're slow to fix CI and the issues are piling up.

[lifubang]

@opencontainers/runc-maintainers PTAL, the cirrus CI errors will be fixed in #4198 .