The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/917
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
I have a container whose /dev is populated by its /init, so I don't need autodev hook.
However, recent versions of LXC (starting from 1.1, I think) try to open /dev/null from container's rootfs when starting daemonized.
I moved redirection to /dev/null before root switch, so now container's init will be connected to host's /dev/null. I think it shouldn't break anything or cause a security problem.
Also, the error message was a bit confusing ("unexpected sequence number"). I tried to improve it here too.
This PR fixes #910.
From ea720ff1d0bf82557888b400e8866227f7545cc1 Mon Sep 17 00:00:00 2001
From: Aleksandr Mezin <mezin.alexan...@gmail.com>
Date: Thu, 24 Mar 2016 17:54:26 +0600
Subject: [PATCH 1/3] sync: add LXC_SYNC_ERROR to report errors from another
process.
Signed-off-by: Aleksandr Mezin <mezin.alexan...@gmail.com>
---
src/lxc/sync.c | 7 +++++++
src/lxc/sync.h | 1 +
2 files changed, 8 insertions(+)
diff --git a/src/lxc/sync.c b/src/lxc/sync.c
index 52e02ae..f06d302 100644
--- a/src/lxc/sync.c
+++ b/src/lxc/sync.c
@@ -27,6 +27,7 @@
#include <errno.h>
#include <fcntl.h>
+#include "sync.h"
#include "log.h"
#include "start.h"
@@ -46,6 +47,12 @@ static int __sync_wait(int fd, int sequence)
if (!ret)
return 0;
+ if (sync == LXC_SYNC_ERROR) {
+ ERROR("An error occurred in another process "
+ "(expected sequence number %d)", sequence);
+ return -1;
+ }
+
if (sync != sequence) {
ERROR("invalid sequence number %d. expected %d",
sync, sequence);
diff --git a/src/lxc/sync.h b/src/lxc/sync.h
index 930fcb3..d0aee6f 100644
--- a/src/lxc/sync.h
+++ b/src/lxc/sync.h
@@ -32,6 +32,7 @@ enum {
LXC_SYNC_POST_CGROUP,
LXC_SYNC_RESTART,
LXC_SYNC_POST_RESTART,
+ LXC_SYNC_ERROR = -1 /* Used to report errors from another process */
};
int lxc_sync_init(struct lxc_handler *handler);
From d1ccb562a9d71fe94c5b93706233d1a00280600e Mon Sep 17 00:00:00 2001
From: Aleksandr Mezin <mezin.alexan...@gmail.com>
Date: Thu, 24 Mar 2016 17:55:03 +0600
Subject: [PATCH 2/3] start: use LXC_SYNC_ERROR to report errors.
This gives more meaningful error message than "invalid sequence".
Signed-off-by: Aleksandr Mezin <mezin.alexan...@gmail.com>
---
src/lxc/start.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3e51ad5..bb7009b 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -868,9 +868,9 @@ static int do_start(void *data)
handler->ops->start(handler, handler->data);
out_warn_father:
- /* we want the parent to know something went wrong, so any
- * value other than what it expects is ok. */
- lxc_sync_wake_parent(handler, LXC_SYNC_POST_CONFIGURE);
+ /* we want the parent to know something went wrong, so we return a
special
+ * error code. */
+ lxc_sync_wake_parent(handler, LXC_SYNC_ERROR);
return -1;
}
From 9bade5290c4fecbd6f6941d11288abe51eec6553 Mon Sep 17 00:00:00 2001
From: Aleksandr Mezin <mezin.alexan...@gmail.com>
Date: Thu, 24 Mar 2016 18:46:17 +0600
Subject: [PATCH 3/3] start: open /dev/null from "host" /dev
Sometimes, a container doesn't have /dev/null.
For example, I have this problem with Android container.
This fixes #910 (github) for me.
Signed-off-by: Aleksandr Mezin <mezin.alexan...@gmail.com>
---
src/lxc/start.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index bb7009b..83a0141 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -788,6 +788,10 @@ static int do_start(void *data)
}
#endif
+ /* Use host's /dev/null. The container sometimes doesn't have it */
+ if (handler->backgrounded && null_stdfds() < 0)
+ goto out_warn_father;
+
/* Setup the container, ip, names, utsname, ... */
if (lxc_setup(handler)) {
ERROR("failed to setup the container");
@@ -853,9 +857,6 @@ static int do_start(void *data)
close(handler->sigfd);
- if (handler->backgrounded && null_stdfds() < 0)
- goto out_warn_father;
-
if (cgns_supported() && unshare(CLONE_NEWCGROUP) != 0) {
SYSERROR("Failed to unshare cgroup namespace");
goto out_warn_father;
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
