[lxc-devel] [PATCH 2/2] c/r: re-open fds after clone()

Serge Hallyn serge.hallyn at ubuntu.com
Tue Apr 21 16:14:56 UTC 2015

Quoting Tycho Andersen (tycho.andersen at canonical.com):
> On Tue, Apr 21, 2015 at 03:18:16PM +0000, Serge Hallyn wrote:
> > Quoting Tycho Andersen (tycho.andersen at canonical.com):
> > > If we don't re-open these after clone, the init process has a pointer to the
> > > parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
> > > mount namespace, which is unnecessary. Instead, we should just re-open
> > > stdin/out/err after we do the clone and pivot root, to ensure that we have
> > > pointers to the devcies in init's rootfs instead of the host's.
> > > 
> > > v2: Only close fds if the container was daemonized. This didn't turn out as
> > >     nicely as described on the list because lxc_start() doesn't actually have
> > >     the struct lxc_container,
> > 
> > No, but lxc_container has a pointer to the handler.  I was suggesting adding a
> > flag to the handler and (un/)setting that in lxcapi_start.
> The handler is allocated in __lxc_start, though, so lxcapi_start
> doesn't know about it.


> I suppose we could move the handler allocation
> up as an alternative.

or you could store it in c->lxc_conf, and then pass it into the handler
in __lxc_start().  The per-instance variable in lxc_conf has precedence
in the need_utmp_watch set in lxc_start().

More information about the lxc-devel mailing list