[lxc-devel] the lxc.tty option leaks file descriptors
Môshe van der Sterre
me at moshe.nl
Thu Apr 9 20:46:41 UTC 2009
On Thu, 09 Apr 2009 09:04:12 +0200, Daniel Lezcano <daniel.lezcano at free.fr>
wrote:
> Thanks for catching this.
> I think it is better to set the close on exec flag on the master and the
> slave in lxc_create_tty.
This seems to work as expected.
Greetings,
Môshe van der Sterre
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 57e29e1..c1ff883 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1739,6 +1739,10 @@ int lxc_create_tty(const char *name, struct
lxc_tty_info *tty_info)
goto out_free;
}
+ /* Prevent leaking the file descriptors to the container */
+ fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
+ fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
+
pty_info->busy = 0;
}
More information about the lxc-devel
mailing list