Description: lxc_spawn: don't close pinfd until container is stopped Otherwise containers may be able to remount -o ro their rootfs at shutdown. . lxc (0.9.0~alpha3-2+deb8u1.1) UNRELEASED; urgency=low . * Non-maintainer upload. * Add patch "lxc_spawn: don't close pinfd until container is stopped" Author: markus --- Original patch for Ubuntu https://lists.linuxcontainers.org/pipermail/lxc-devel/2013-September/005165.html --- lxc-0.9.0~alpha3.orig/src/lxc/start.c +++ lxc-0.9.0~alpha3/src/lxc/start.c @@ -379,6 +379,7 @@ struct lxc_handler *lxc_init(const char memset(handler, 0, sizeof(*handler)); handler->conf = conf; + handler->pinfd = -1; apparmor_handler_init(handler); handler->name = strdup(name); @@ -820,9 +821,6 @@ int lxc_spawn(struct lxc_handler *handle lxc_sync_fini(handler); - if (handler->pinfd >= 0) - close(handler->pinfd); - return 0; out_delete_net: @@ -831,6 +829,10 @@ out_delete_net: out_abort: lxc_abort(name, handler); lxc_sync_fini(handler); + if (handler->pinfd >= 0) { + close(handler->pinfd); + handler->pinfd = -1; + } return -1; } @@ -898,6 +900,11 @@ int __lxc_start(const char *name, struct lxc_rename_phys_nics_on_shutdown(handler->conf); + if (handler->pinfd >= 0) { + close(handler->pinfd); + handler->pinfd = -1; + } + err = lxc_error_set_and_log(handler->pid, status); out_fini: lxc_delete_network(handler);