Hi Serge,This patch seems to have introduced a regression. When I use lxc-execute with a very simple container (which only sets the utsname), the terminal input is not forwarded to the application anymore. In particular, running "lxc-execute -n $CONTAINER -- bash" returns immediately without opening a shell. (This is with Fedora 18 and kernel 3.8.2.)
David On 01/17/2013 10:53 AM, Serge Hallyn wrote:
Only the container parent needs to keep that fd open. Close it as soon as the container's first task is spawned. Else it can show up in /proc/$$/fd in the container. Signed-off-by: Serge Hallyn <serge.hallyn-GeWIH/nmzzlqt0dzr+a...@public.gmane.org> --- src/lxc/start.c | 12 +++++++----- src/lxc/start.h | 1 + 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 90696f6..5083b24 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -575,6 +575,9 @@ static int do_start(void *data)lxc_sync_fini_parent(handler); + /* don't leak the pinfd to the container */+ close(handler->pinfd); + /* Tell the parent task it can begin to configure the * container and wait for it to finish */ @@ -691,7 +694,6 @@ int lxc_spawn(struct lxc_handler *handler) { int failed_before_rename = 0; const char *name = handler->name; - int pinfd;if (lxc_sync_init(handler))return -1; @@ -735,8 +737,8 @@ int lxc_spawn(struct lxc_handler *handler) * marking it readonly. */- pinfd = pin_rootfs(handler->conf->rootfs.path);- if (pinfd == -1) { + handler->pinfd = pin_rootfs(handler->conf->rootfs.path); + if (handler->pinfd == -1) { ERROR("failed to pin the container's rootfs"); goto out_abort; } @@ -818,8 +820,8 @@ int lxc_spawn(struct lxc_handler *handler)lxc_sync_fini(handler); - if (pinfd >= 0)- close(pinfd); + if (handler->pinfd >= 0) + close(handler->pinfd);return 0; diff --git a/src/lxc/start.h b/src/lxc/start.hindex 4b2e2b5..27688f3 100644 --- a/src/lxc/start.h +++ b/src/lxc/start.h @@ -49,6 +49,7 @@ struct lxc_handler { #if HAVE_APPARMOR int aa_enabled; #endif + int pinfd; };extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *);
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
