[lxc-devel] [PATCH] api_start: always close fds 0-2 when daemonized
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Jun 2 22:33:34 UTC 2015
commit 507cee3618237d3 moved the close and re-open of fds 0-2 into
do_start. But this means that the lxc monitor itself keeps the
caller's fds 0-2 open, which is wrong for daemonized containers.
Reported-by: Mathieu Le Marec - Pasquet <kiorky at cryptelium.net>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/lxccontainer.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index fd56327..916c99c 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -722,6 +722,12 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
return false;
}
lxc_check_inherited(conf, true, -1);
+ close(0);
+ close(1);
+ close(2);
+ open("/dev/zero", O_RDONLY);
+ open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR);
setsid();
} else {
if (!am_single_threaded()) {
--
2.1.4
More information about the lxc-devel
mailing list