[lxc-devel] [lxc/master] Fix daemonized containers without autodev and/or /dev mount

Thu Mar 24 13:04:48 UTC 2016

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 838 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160324/b9c03cce/attachment.bin>
-------------- next part --------------
From ea720ff1d0bf82557888b400e8866227f7545cc1 Mon Sep 17 00:00:00 2001
From: Aleksandr Mezin <mezin.alexander at gmail.com>
Date: Thu, 24 Mar 2016 17:54:26 +0600
Subject: [PATCH 1/3] sync: add LXC_SYNC_ERROR to report errors from another
 process.

Signed-off-by: Aleksandr Mezin <mezin.alexander at gmail.com>
---
 src/lxc/sync.c | 7 +++++++
 src/lxc/sync.h | 1 +
 2 files changed, 8 insertions(+)

diff --git a/src/lxc/sync.c b/src/lxc/sync.c
index 52e02ae..f06d302 100644
--- a/src/lxc/sync.c
+++ b/src/lxc/sync.c
@@ -27,6 +27,7 @@
 #include <errno.h>
 #include <fcntl.h>
 
+#include "sync.h"
 #include "log.h"
 #include "start.h"
 
@@ -46,6 +47,12 @@ static int __sync_wait(int fd, int sequence)
 	if (!ret)
 		return 0;
 
+	if (sync == LXC_SYNC_ERROR) {
+		ERROR("An error occurred in another process "
+		      "(expected sequence number %d)", sequence);
+		return -1;
+	}
+
 	if (sync != sequence) {
 		ERROR("invalid sequence number %d. expected %d",
 		      sync, sequence);
diff --git a/src/lxc/sync.h b/src/lxc/sync.h
index 930fcb3..d0aee6f 100644
--- a/src/lxc/sync.h
+++ b/src/lxc/sync.h
@@ -32,6 +32,7 @@ enum {
 	LXC_SYNC_POST_CGROUP,
 	LXC_SYNC_RESTART,
 	LXC_SYNC_POST_RESTART,
+	LXC_SYNC_ERROR = -1 /* Used to report errors from another process */
 };
 
 int lxc_sync_init(struct lxc_handler *handler);

From d1ccb562a9d71fe94c5b93706233d1a00280600e Mon Sep 17 00:00:00 2001
From: Aleksandr Mezin <mezin.alexander at gmail.com>
Date: Thu, 24 Mar 2016 17:55:03 +0600
Subject: [PATCH 2/3] start: use LXC_SYNC_ERROR to report errors.

This gives more meaningful error message than "invalid sequence".

Signed-off-by: Aleksandr Mezin <mezin.alexander at gmail.com>
---
 src/lxc/start.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3e51ad5..bb7009b 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -868,9 +868,9 @@ static int do_start(void *data)
 	handler->ops->start(handler, handler->data);
 
 out_warn_father:
-	/* we want the parent to know something went wrong, so any
-	 * value other than what it expects is ok. */
-	lxc_sync_wake_parent(handler, LXC_SYNC_POST_CONFIGURE);
+	/* we want the parent to know something went wrong, so we return a special
+	 * error code. */
+	lxc_sync_wake_parent(handler, LXC_SYNC_ERROR);
 	return -1;
 }
 

From 9bade5290c4fecbd6f6941d11288abe51eec6553 Mon Sep 17 00:00:00 2001
From: Aleksandr Mezin <mezin.alexander at gmail.com>
Date: Thu, 24 Mar 2016 18:46:17 +0600
Subject: [PATCH 3/3] start: open /dev/null from "host" /dev

Sometimes, a container doesn't have /dev/null.
For example, I have this problem with Android container.

This fixes #910 (github) for me.

Signed-off-by: Aleksandr Mezin <mezin.alexander at gmail.com>
---
 src/lxc/start.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index bb7009b..83a0141 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -788,6 +788,10 @@ static int do_start(void *data)
 	}
 	#endif
 
+	/* Use host's /dev/null. The container sometimes doesn't have it */
+	if (handler->backgrounded && null_stdfds() < 0)
+		goto out_warn_father;
+
 	/* Setup the container, ip, names, utsname, ... */
 	if (lxc_setup(handler)) {
 		ERROR("failed to setup the container");
@@ -853,9 +857,6 @@ static int do_start(void *data)
 
 	close(handler->sigfd);
 
-	if (handler->backgrounded && null_stdfds() < 0)
-		goto out_warn_father;
-
 	if (cgns_supported() && unshare(CLONE_NEWCGROUP) != 0) {
 		SYSERROR("Failed to unshare cgroup namespace");
 		goto out_warn_father;
