Re: [lxc-devel] [PATCH 2/2] c/r: re-open fds after clone()

Mon, 20 Apr 2015 10:06:34 -0700 

Quoting Tycho Andersen (tycho.ander...@canonical.com):
> If we don't re-open these after clone, the init process has a pointer to the
> parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
> mount namespace, which is unnecessary. Instead, we should just re-open
> stdin/out/err after we do the clone and pivot root, to ensure that we have
> pointers to the devcies in init's rootfs instead of the host's.
> 
> Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com>

AFAICT you're switching this from doing it sometimes to doing it
always.  That will break foreground containers.

I guess you may have to add a 'backgrounded' boolean to the
src/lxc/start.h:lxc_handler struct, set in lxcapi_start, and
checked in do_start to decide whether to do this.

> ---
>  src/lxc/lxccontainer.c | 6 ------
>  src/lxc/start.c        | 7 +++++++
>  2 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 0ca5b9f..2a536ed 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -642,12 +642,6 @@ static bool lxcapi_start(struct lxc_container *c, int 
> useinit, char * const argv
>                       return false;
>               }
>               lxc_check_inherited(conf, true, -1);
> -             close(0);
> -             close(1);
> -             close(2);
> -             open("/dev/zero", O_RDONLY);
> -             open("/dev/null", O_RDWR);
> -             open("/dev/null", O_RDWR);
>               setsid();
>       } else {
>               if (!am_single_threaded()) {
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index d615375..6939826 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -759,6 +759,13 @@ static int do_start(void *data)
>  
>       close(handler->sigfd);
>  
> +     close(0);
> +     close(1);
> +     close(2);
> +     open("/dev/zero", O_RDONLY);
> +     open("/dev/null", O_RDWR);
> +     open("/dev/null", O_RDWR);
> +
>       /* after this call, we are in error because this
>        * ops should not return as it execs */
>       handler->ops->start(handler, handler->data);
> -- 
> 2.1.4
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to