[lxc-devel] [PATCH] Expose underlying close_all_fds config value via API

Fri Sep 20 22:45:21 UTC 2013

Being able to set close_all_fds via API would be usefull for the
situations like running an application (let's say web server)
that controls the lifecycle of the container using the LXC API.
We don't want forked process to inherit parent's resource (file, socket, ...)

Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
---
 src/lxc/lxc_start.c    |  2 +-
 src/lxc/lxccontainer.c | 13 +++++++++++++
 src/lxc/lxccontainer.h |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
index dfc514e..a30a9f6 100644
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -265,7 +265,7 @@ int main(int argc, char *argv[])
 	}
 
 	if (my_args.close_all_fds)
-		conf->close_all_fds = 1;
+		c->want_close_all_fds(c);
 
 	err = c->start(c, 0, args) ? 0 : -1;
 
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index e8dde91..727c680 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -456,6 +456,18 @@ static void lxcapi_want_daemonize(struct lxc_container *c)
 	container_mem_unlock(c);
 }
 
+static void lxcapi_want_close_all_fds(struct lxc_container *c)
+{
+	if (!c || !c->lxc_conf)
+		return;
+	if (container_mem_lock(c)) {
+		ERROR("Error getting mem lock");
+		return;
+	}
+	c->lxc_conf->close_all_fds = 1;
+	container_mem_unlock(c);
+}
+
 static bool lxcapi_wait(struct lxc_container *c, const char *state, int timeout)
 {
 	int ret;
@@ -2682,6 +2694,7 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
 	c->init_pid = lxcapi_init_pid;
 	c->load_config = lxcapi_load_config;
 	c->want_daemonize = lxcapi_want_daemonize;
+	c->want_close_all_fds = lxcapi_want_close_all_fds;
 	c->start = lxcapi_start;
 	c->startl = lxcapi_startl;
 	c->stop = lxcapi_stop;
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index 89b55bd..8b6c6ef 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -68,6 +68,7 @@ struct lxc_container {
 	bool (*startl)(struct lxc_container *c, int useinit, ...);
 	bool (*stop)(struct lxc_container *c);
 	void (*want_daemonize)(struct lxc_container *c);
+	void (*want_close_all_fds)(struct lxc_container *c);
 	// Return current config file name.  The result is strdup()d, so free the result.
 	char *(*config_file_name)(struct lxc_container *c);
 	// for wait, timeout == -1 means wait forever, timeout == 0 means don't wait.
-- 
1.8.1.2



