[lxc-devel] [PATCH] don't leak the rootfs.pin fd into the container
Ward, David - 0663 - MITLL
david.ward at ll.mit.edu
Mon Mar 11 01:51:34 UTC 2013
Hi Serge,
This patch seems to have introduced a regression. When I use
lxc-execute with a very simple container (which only sets the utsname),
the terminal input is not forwarded to the application anymore. In
particular, running "lxc-execute -n $CONTAINER -- bash" returns
immediately without opening a shell. (This is with Fedora 18 and kernel
3.8.2.)
David
On 01/17/2013 10:53 AM, Serge Hallyn wrote:
> Only the container parent needs to keep that fd open. Close it
> as soon as the container's first task is spawned. Else it can
> show up in /proc/$$/fd in the container.
>
> Signed-off-by: Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA at public.gmane.org>
> ---
> src/lxc/start.c | 12 +++++++-----
> src/lxc/start.h | 1 +
> 2 files changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 90696f6..5083b24 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -575,6 +575,9 @@ static int do_start(void *data)
>
> lxc_sync_fini_parent(handler);
>
> + /* don't leak the pinfd to the container */
> + close(handler->pinfd);
> +
> /* Tell the parent task it can begin to configure the
> * container and wait for it to finish
> */
> @@ -691,7 +694,6 @@ int lxc_spawn(struct lxc_handler *handler)
> {
> int failed_before_rename = 0;
> const char *name = handler->name;
> - int pinfd;
>
> if (lxc_sync_init(handler))
> return -1;
> @@ -735,8 +737,8 @@ int lxc_spawn(struct lxc_handler *handler)
> * marking it readonly.
> */
>
> - pinfd = pin_rootfs(handler->conf->rootfs.path);
> - if (pinfd == -1) {
> + handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
> + if (handler->pinfd == -1) {
> ERROR("failed to pin the container's rootfs");
> goto out_abort;
> }
> @@ -818,8 +820,8 @@ int lxc_spawn(struct lxc_handler *handler)
>
> lxc_sync_fini(handler);
>
> - if (pinfd >= 0)
> - close(pinfd);
> + if (handler->pinfd >= 0)
> + close(handler->pinfd);
>
> return 0;
>
> diff --git a/src/lxc/start.h b/src/lxc/start.h
> index 4b2e2b5..27688f3 100644
> --- a/src/lxc/start.h
> +++ b/src/lxc/start.h
> @@ -49,6 +49,7 @@ struct lxc_handler {
> #if HAVE_APPARMOR
> int aa_enabled;
> #endif
> + int pinfd;
> };
>
> extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4571 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130310/220c8fe9/attachment.bin>
More information about the lxc-devel
mailing list