[lxc-devel] [lxd/master] VM: forklimits exec

[tomponline on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 385 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200129/f31493ed/attachment.bin>
-------------- next part --------------
From 4a882f26a830c3a771c0053d9862bdad787fbdef Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 29 Jan 2020 18:38:55 +0000
Subject: [PATCH 1/2] lxd/instance/drivers/driver/qemu: Adds qemu binary path
 lookup

As forklimits doesn't do that anymore.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/instance/drivers/driver_qemu.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go
index eaa47a0a61..556b1bc32a 100644
--- a/lxd/instance/drivers/driver_qemu.go
+++ b/lxd/instance/drivers/driver_qemu.go
@@ -684,7 +684,7 @@ func (vm *qemu) Start(stateful bool) error {
 	}
 
 	// Check qemu is installed.
-	_, err = exec.LookPath(qemuBinary)
+	qemuPath, err := exec.LookPath(qemuBinary)
 	if err != nil {
 		op.Done(err)
 		return err
@@ -692,7 +692,7 @@ func (vm *qemu) Start(stateful bool) error {
 
 	qemuCmd := []string{
 		"--",
-		qemuBinary,
+		qemuPath,
 		"-S",
 		"-name", vm.Name(),
 		"-uuid", vmUUID,

From d3dce6f175f63855d5acdbc396dacdc545441ae2 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 29 Jan 2020 18:39:41 +0000
Subject: [PATCH 2/2] lxd/main/forklimits: Switches forklimits to use
 syscall.Exec

So that the process replace's Go's to avoid high memory usage.

Also removes cloexec flag on passed file handles to allow the new process to inherit them.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/main_forklimits.go | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/lxd/main_forklimits.go b/lxd/main_forklimits.go
index c15d3fa31a..ed7b257755 100644
--- a/lxd/main_forklimits.go
+++ b/lxd/main_forklimits.go
@@ -3,10 +3,10 @@ package main
 import (
 	"fmt"
 	"os"
-	"os/exec"
 	"regexp"
 	"strconv"
 	"strings"
+	"syscall"
 
 	"golang.org/x/sys/unix"
 
@@ -129,15 +129,16 @@ func (c *cmdForklimits) Run(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("Missing required command argument")
 	}
 
-	execCmd := exec.Command(cmdParts[0], cmdParts[1:]...)
-	execCmd.Stdin = os.Stdin
-	execCmd.Stdout = os.Stdout
-	execCmd.Stderr = os.Stderr
-
-	// Pass through any file descriptors specified.
+	// Clear the cloexec flag on the file descriptors we are passing through.
 	for _, fd := range fds {
-		execCmd.ExtraFiles = append(execCmd.ExtraFiles, os.NewFile(fd, ""))
+		_, _, syscallErr := syscall.Syscall(unix.SYS_FCNTL, fd, syscall.F_SETFD, uintptr(0))
+		if syscallErr != 0 {
+			err := os.NewSyscallError(fmt.Sprintf("fcntl failed on FD %d", fd), syscallErr)
+			if err != nil {
+				return err
+			}
+		}
 	}
 
-	return execCmd.Run()
+	return syscall.Exec(cmdParts[0], cmdParts, os.Environ())
 }