[lxc-devel] fixing restoring of tty mode after lxc-start

Michael Tokarev mjt at tls.msk.ru
Tue Nov 24 13:13:27 UTC 2009 

[Another reply in this thread, and now I think I see the light... ;) ]

Michael Tokarev wrote:
> Michel Normand wrote:
>> Michael Tokarev a écrit :
>>> Michel Normand wrote:
>>>> Michael Tokarev a e'crit :
>>>>> Hello.
>>>>>
>>>>> While trying to fix the tty mode after lxc-start, I come across
>>>>> lxc_close_all_inherited_fd() routine.  Which closes all fds which
>>>>> were inherited when lxc-start started.
>>>>>
>>>>> It's called this way:
>>>>>
>>>>>   lxc_start.c:main():
>>>>>     lxc_start():
>>>>>      lxc_spawn();
>>>>>      lxc_close_all_inherited_fd()
>>>>>      lxc_poll()
>>>>>
>>>>> The question is why lxc_close_all_inherited() is needed here.
>>>>> And why it is ever needed _outside_ of the container to start
>>>>> with.
>>>>>
>>>>> This call to close_all_inherited_fd() is the reason why tty
>>>>> modes are not restored after lxc-start: because stdin is now
>>>>> closed and hence nothing to restore.
>>>>>
>>>>> It looks like the whole inherited_fd thing is only needed in
>>>>> lxc_init helper binary, 

>>>> In fact the lxc_close_all_inherited_fd function was defined
>>>> to cover the case of a user appli creating pipes before to fork
>>>> the lxc-start, and to use these pipes to communicate with the appli
>>>> started inside the container.
              ^^^^^^

So the key word which I overlooked initially is this one -- "inside".

I come from virtual machine background (like kvm or xen or whatnot) --
where the guest never, ever, is able to communicate with host without
special "drivers" of some sort, and where all file descriptors which
are open on host makes absolutely no sense in guest as it is a different
machine entirely.

But here, we've a possibilty to "export" a file descriptor to a container
from host since the two processes - the one in host and one in a container -
are in fact just two processes running under the same kernel and nothing
more, there's no extra separation between them.

So what you were saying and I were overlooked and missed and did not
understand is this very thing: it is possible to communicate with
processes in a container by normal means of passing filedescriptors
to child processes.

And this makes perfect sense to me finally, when I actually understand
what is going on.  And why we are closing the filedescriptors in
lxc-start and not in the child of it (in the to-be-container).

With all this in mind, the whole thing still looks like a big hack ;)

Thanks!

/mjt

More information about the lxc-devel mailing list