[lxc-devel] [PATCH 2/2] c/r: re-open fds after clone()

Tycho Andersen tycho.andersen at canonical.com
Tue Apr 21 15:35:22 UTC 2015

On Tue, Apr 21, 2015 at 03:18:16PM +0000, Serge Hallyn wrote:
> Quoting Tycho Andersen (tycho.andersen at canonical.com):
> > If we don't re-open these after clone, the init process has a pointer to the
> > parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
> > mount namespace, which is unnecessary. Instead, we should just re-open
> > stdin/out/err after we do the clone and pivot root, to ensure that we have
> > pointers to the devcies in init's rootfs instead of the host's.
> > 
> > v2: Only close fds if the container was daemonized. This didn't turn out as
> >     nicely as described on the list because lxc_start() doesn't actually have
> >     the struct lxc_container,
> No, but lxc_container has a pointer to the handler.  I was suggesting adding a
> flag to the handler and (un/)setting that in lxcapi_start.

The handler is allocated in __lxc_start, though, so lxcapi_start
doesn't know about it. I suppose we could move the handler allocation
up as an alternative.


> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

More information about the lxc-devel mailing list