[lxc-devel] [PATCH] api_start: always close fds 0-2 when daemonized
Stéphane Graber
stgraber at ubuntu.com
Tue Jun 2 23:03:21 UTC 2015
On Tue, Jun 02, 2015 at 10:33:34PM +0000, Serge Hallyn wrote:
> commit 507cee3618237d3 moved the close and re-open of fds 0-2 into
> do_start. But this means that the lxc monitor itself keeps the
> caller's fds 0-2 open, which is wrong for daemonized containers.
>
> Reported-by: Mathieu Le Marec - Pasquet <kiorky at cryptelium.net>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/lxccontainer.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index fd56327..916c99c 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -722,6 +722,12 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
> return false;
> }
> lxc_check_inherited(conf, true, -1);
> + close(0);
> + close(1);
> + close(2);
> + open("/dev/zero", O_RDONLY);
> + open("/dev/null", O_RDWR);
> + open("/dev/null", O_RDWR);
> setsid();
> } else {
> if (!am_single_threaded()) {
> --
> 2.1.4
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150602/533fd163/attachment.sig>
More information about the lxc-devel
mailing list