[lxc-devel] [lxc/master] start: only use host's /dev/null when absolutely necessary

tych0 on Github lxc-bot at linuxcontainers.org
Tue Mar 29 05:04:41 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 520 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160329/0bd55a15/attachment.bin>
-------------- next part --------------
From 7a55c1576e2752e27882c52e34edcb8388120ad1 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho.andersen at canonical.com>
Date: Mon, 28 Mar 2016 18:43:20 -0600
Subject: [PATCH] start: only use host's /dev/null when absolutely necessary

See comments for details, but basically, only use the host's /dev/null when
absolutely necessary (i.e. there is no reasonable /dev/null in the
container).

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
 src/lxc/start.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index fc98eb3..6d2c7b5 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -710,7 +710,8 @@ static int do_start(void *data)
 {
 	struct lxc_list *iterator;
 	struct lxc_handler *handler = data;
-	int devnull_fd = -1;
+	int devnull_fd = -1, ret;
+	char path[PATH_MAX];
 
 	if (sigprocmask(SIG_SETMASK, &handler->oldmask, NULL)) {
 		SYSERROR("failed to set sigprocmask");
@@ -789,11 +790,28 @@ static int do_start(void *data)
 	}
 	#endif
 
-	if (handler->backgrounded) {
+	ret = sprintf(path, "%s/dev/null", handler->conf->rootfs.mount);
+	if (ret < 0 || ret >= sizeof(path)) {
+		SYSERROR("sprintf'd too many chars");
+		goto out_warn_father;
+	}
+
+	/* In order to checkpoint restore, we need to have everything in the
+	 * same mount namespace. However, some containers may not have a
+	 * reasonable /dev (in particular, they may not have /dev/null), so we
+	 * can't set init's std fds to /dev/null by opening it from inside the
+	 * container.
+	 *
+	 * If that's the case, fall back to using the host's /dev/null. This
+	 * means that migration won't work, but at least we won't spew output
+	 * where it isn't wanted.
+	 */
+	if (handler->backgrounded && !handler->conf->autodev && access(path, F_OK) < 0) {
 		devnull_fd = open_devnull();
 
 		if (devnull_fd < 0)
 			goto out_warn_father;
+		WARN("using host's /dev/null for container init's std fds, migraiton won't work");
 	}
 
 	/* Setup the container, ip, names, utsname, ... */
@@ -861,6 +879,13 @@ static int do_start(void *data)
 
 	close(handler->sigfd);
 
+	if (devnull_fd < 0) {
+		devnull_fd = open_devnull();
+
+		if (devnull_fd < 0)
+			goto out_warn_father;
+	}
+
 	if (handler->backgrounded && set_stdfds(devnull_fd))
 		goto out_warn_father;

More information about the lxc-devel mailing list