[lxc-devel] [PATCH 2/2] c/r: re-open fds after clone()

Tycho Andersen tycho.andersen at canonical.com
Mon Apr 20 18:36:02 UTC 2015 

On Mon, Apr 20, 2015 at 05:06:02PM +0000, Serge Hallyn wrote:
> Quoting Tycho Andersen (tycho.andersen at canonical.com):
> > If we don't re-open these after clone, the init process has a pointer to the
> > parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
> > mount namespace, which is unnecessary. Instead, we should just re-open
> > stdin/out/err after we do the clone and pivot root, to ensure that we have
> > pointers to the devcies in init's rootfs instead of the host's.
> > 
> > Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
> 
> AFAICT you're switching this from doing it sometimes to doing it
> always.  That will break foreground containers.

Oh, whoops, good point.

> I guess you may have to add a 'backgrounded' boolean to the
> src/lxc/start.h:lxc_handler struct, set in lxcapi_start, and
> checked in do_start to decide whether to do this.

Sounds good.

Tycho

> > ---
> >  src/lxc/lxccontainer.c | 6 ------
> >  src/lxc/start.c        | 7 +++++++
> >  2 files changed, 7 insertions(+), 6 deletions(-)
> > 
> > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> > index 0ca5b9f..2a536ed 100644
> > --- a/src/lxc/lxccontainer.c
> > +++ b/src/lxc/lxccontainer.c
> > @@ -642,12 +642,6 @@ static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv
> >  			return false;
> >  		}
> >  		lxc_check_inherited(conf, true, -1);
> > -		close(0);
> > -		close(1);
> > -		close(2);
> > -		open("/dev/zero", O_RDONLY);
> > -		open("/dev/null", O_RDWR);
> > -		open("/dev/null", O_RDWR);
> >  		setsid();
> >  	} else {
> >  		if (!am_single_threaded()) {
> > diff --git a/src/lxc/start.c b/src/lxc/start.c
> > index d615375..6939826 100644
> > --- a/src/lxc/start.c
> > +++ b/src/lxc/start.c
> > @@ -759,6 +759,13 @@ static int do_start(void *data)
> >  
> >  	close(handler->sigfd);
> >  
> > +	close(0);
> > +	close(1);
> > +	close(2);
> > +	open("/dev/zero", O_RDONLY);
> > +	open("/dev/null", O_RDWR);
> > +	open("/dev/null", O_RDWR);
> > +
> >  	/* after this call, we are in error because this
> >  	 * ops should not return as it execs */
> >  	handler->ops->start(handler, handler->data);
> > -- 
> > 2.1.4
> > 
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

More information about the lxc-devel mailing list