[lxc-devel] [PATCH] don't leak the rootfs.pin fd into the container

Ward, David - 0663 - MITLL david.ward at ll.mit.edu
Mon Mar 11 13:02:18 UTC 2013 

On 03/10/2013 11:45 PM, Serge Hallyn wrote:
> Quoting Ward, David - 0663 - MITLL (david.ward at ll.mit.edu):
>> Hi Serge,
>>
>> This patch seems to have introduced a regression.  When I use
>> lxc-execute with a very simple container (which only sets the
>> utsname), the terminal input is not forwarded to the application
>> anymore.  In particular, running "lxc-execute -n $CONTAINER -- bash"
>> returns immediately without opening a shell.  (This is with Fedora
>> 18 and kernel 3.8.2.)
> Thanks, David.  The following patch definately looks like it is
> needed.  It may or may not fix the bug you're seeing.  Can you
> confirm?

Serge,

Yes, the patch below fixes the issue for me.  Thanks!

Acked-by: David Ward <david.ward at ll.mit.edu>

>    Subject: [PATCH 1/1] rootfs pin: fix two bugs
>
> 1. if there's no rootfs, return -2, not 0.
> 2. don't close pinfd unconditionally in do_start().
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> ---
>   src/lxc/conf.c  | 2 +-
>   src/lxc/start.c | 3 ++-
>   2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index add3c74..97b4ae4 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -578,7 +578,7 @@ int pin_rootfs(const char *rootfs)
>   	int ret, fd;
>   
>   	if (rootfs == NULL || strlen(rootfs) == 0)
> -		return 0;
> +		return -2;
>   
>   	if (!realpath(rootfs, absrootfs)) {
>   		SYSERROR("failed to get real path for '%s'", rootfs);
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 75d1fd6..51b2f06 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -652,7 +652,8 @@ static int do_start(void *data)
>   	lxc_sync_fini_parent(handler);
>   
>   	/* don't leak the pinfd to the container */
> -	close(handler->pinfd);
> +	if (handler->pinfd >= 0)
> +		close(handler->pinfd);
>   
>   	/* Tell the parent task it can begin to configure the
>   	 * container and wait for it to finish

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4571 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130311/50ea34e1/attachment.bin>

More information about the lxc-devel mailing list