[lxc-devel] [PATCH 2/2] c/r: re-open fds after clone()
Tycho Andersen
tycho.andersen at canonical.com
Mon Apr 20 16:47:32 UTC 2015
If we don't re-open these after clone, the init process has a pointer to the
parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
mount namespace, which is unnecessary. Instead, we should just re-open
stdin/out/err after we do the clone and pivot root, to ensure that we have
pointers to the devcies in init's rootfs instead of the host's.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
src/lxc/lxccontainer.c | 6 ------
src/lxc/start.c | 7 +++++++
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 0ca5b9f..2a536ed 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -642,12 +642,6 @@ static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv
return false;
}
lxc_check_inherited(conf, true, -1);
- close(0);
- close(1);
- close(2);
- open("/dev/zero", O_RDONLY);
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
setsid();
} else {
if (!am_single_threaded()) {
diff --git a/src/lxc/start.c b/src/lxc/start.c
index d615375..6939826 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -759,6 +759,13 @@ static int do_start(void *data)
close(handler->sigfd);
+ close(0);
+ close(1);
+ close(2);
+ open("/dev/zero", O_RDONLY);
+ open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR);
+
/* after this call, we are in error because this
* ops should not return as it execs */
handler->ops->start(handler, handler->data);
--
2.1.4
More information about the lxc-devel
mailing list