[lxc-devel] [lxc/lxc] aa0c0e: Fixed file descriptor leak for network namespace
Christian Brauner
noreply at github.com
Sun Jun 16 02:11:37 UTC 2019
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: aa0c0e7b8a6394bc1c124ec93f58128f101ed68a
https://github.com/lxc/lxc/commit/aa0c0e7b8a6394bc1c124ec93f58128f101ed68a
Author: Rachid Koucha <47061324+Rachid-Koucha at users.noreply.github.com>
Date: 2019-06-15 (Sat, 15 Jun 2019)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
Fixed file descriptor leak for network namespace
In privileged mode, the container startup looses a file descriptor for "handler->nsfd[LX_NS_NET]". At line 1782, we preserve the namespaces file descriptor (in privileged mode, the network namespace is also preserved) :
for (i = 0; i < LXC_NS_MAX; i++)
if (handler->ns_on_clone_flags & ns_info[i].clone_flag)
INFO("Cloned %s", ns_info[i].flag_name);
if (!lxc_try_preserve_namespaces(handler, handler->ns_on_clone_flags, handler->pid)) {
ERROR("Failed to preserve cloned namespaces for lxc.hook.stop");
goto out_delete_net;
}
Then at line 1830, we preserve one more time the network namespace :
ret = lxc_try_preserve_ns(handler->pid, "net");
if (ret < 0) {
if (ret != -EOPNOTSUPP) {
SYSERROR("Failed to preserve net namespace");
goto out_delete_net;
}
The latter overwrites the file descriptor already stored in handler->nsfd[LXC_NS_NET] at line 1786.
So, this fix checks that the entry is not already filled.
Signed-off-by: Rachid Koucha <rachid.koucha at gmail.com>
Commit: 52ac245b5228b9b4de1112a0eca77c52b52a0431
https://github.com/lxc/lxc/commit/52ac245b5228b9b4de1112a0eca77c52b52a0431
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2019-06-16 (Sun, 16 Jun 2019)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
Merge pull request #3047 from Rachid-Koucha/patch-11
Fixed file descriptor leak for network namespace
Compare: https://github.com/lxc/lxc/compare/3d43f6113bfa...52ac245b5228
More information about the lxc-devel
mailing list