Hi Serge,

This patch seems to have introduced a regression. When I use lxc-execute with a very simple container (which only sets the utsname), the terminal input is not forwarded to the application anymore. In particular, running "lxc-execute -n $CONTAINER -- bash" returns immediately without opening a shell. (This is with Fedora 18 and kernel 3.8.2.)

David

On 01/17/2013 10:53 AM, Serge Hallyn wrote:
Only the container parent needs to keep that fd open.  Close it
as soon as the container's first task is spawned.  Else it can
show up in /proc/$$/fd in the container.

Signed-off-by: Serge Hallyn 
<serge.hallyn-GeWIH/nmzzlqt0dzr+a...@public.gmane.org>
---
  src/lxc/start.c | 12 +++++++-----
  src/lxc/start.h |  1 +
  2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 90696f6..5083b24 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -575,6 +575,9 @@ static int do_start(void *data)
lxc_sync_fini_parent(handler); + /* don't leak the pinfd to the container */
+       close(handler->pinfd);
+
        /* Tell the parent task it can begin to configure the
         * container and wait for it to finish
         */
@@ -691,7 +694,6 @@ int lxc_spawn(struct lxc_handler *handler)
  {
        int failed_before_rename = 0;
        const char *name = handler->name;
-       int pinfd;
if (lxc_sync_init(handler))
                return -1;
@@ -735,8 +737,8 @@ int lxc_spawn(struct lxc_handler *handler)
         * marking it readonly.
         */
- pinfd = pin_rootfs(handler->conf->rootfs.path);
-       if (pinfd == -1) {
+       handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
+       if (handler->pinfd == -1) {
                ERROR("failed to pin the container's rootfs");
                goto out_abort;
        }
@@ -818,8 +820,8 @@ int lxc_spawn(struct lxc_handler *handler)
lxc_sync_fini(handler); - if (pinfd >= 0)
-               close(pinfd);
+       if (handler->pinfd >= 0)
+               close(handler->pinfd);
return 0; diff --git a/src/lxc/start.h b/src/lxc/start.h
index 4b2e2b5..27688f3 100644
--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@@ -49,6 +49,7 @@ struct lxc_handler {
  #if HAVE_APPARMOR
        int aa_enabled;
  #endif
+       int pinfd;
  };
extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *);

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to