Re: [lxc-devel] [PATCH] don't leak the rootfs.pin fd into the container

Stéphane Graber Mon, 21 Jan 2013 13:22:39 -0800

On 01/17/2013 10:53 AM, Serge Hallyn wrote:
> Only the container parent needs to keep that fd open.  Close it
> as soon as the container's first task is spawned.  Else it can
> show up in /proc/$$/fd in the container.
> 
> Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>


Acked-by: Stéphane Graber <stgra...@ubuntu.com>

> ---
>  src/lxc/start.c | 12 +++++++-----
>  src/lxc/start.h |  1 +
>  2 files changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 90696f6..5083b24 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -575,6 +575,9 @@ static int do_start(void *data)
>  
>       lxc_sync_fini_parent(handler);
>  
> +     /* don't leak the pinfd to the container */
> +     close(handler->pinfd);
> +
>       /* Tell the parent task it can begin to configure the
>        * container and wait for it to finish
>        */
> @@ -691,7 +694,6 @@ int lxc_spawn(struct lxc_handler *handler)
>  {
>       int failed_before_rename = 0;
>       const char *name = handler->name;
> -     int pinfd;
>  
>       if (lxc_sync_init(handler))
>               return -1;
> @@ -735,8 +737,8 @@ int lxc_spawn(struct lxc_handler *handler)
>        * marking it readonly.
>        */
>  
> -     pinfd = pin_rootfs(handler->conf->rootfs.path);
> -     if (pinfd == -1) {
> +     handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
> +     if (handler->pinfd == -1) {
>               ERROR("failed to pin the container's rootfs");
>               goto out_abort;
>       }
> @@ -818,8 +820,8 @@ int lxc_spawn(struct lxc_handler *handler)
>  
>       lxc_sync_fini(handler);
>  
> -     if (pinfd >= 0)
> -             close(pinfd);
> +     if (handler->pinfd >= 0)
> +             close(handler->pinfd);
>  
>       return 0;
>  
> diff --git a/src/lxc/start.h b/src/lxc/start.h
> index 4b2e2b5..27688f3 100644
> --- a/src/lxc/start.h
> +++ b/src/lxc/start.h
> @@ -49,6 +49,7 @@ struct lxc_handler {
>  #if HAVE_APPARMOR
>       int aa_enabled;
>  #endif
> +     int pinfd;
>  };
>  
>  extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *);
> 


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412

_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] don't leak the rootfs.pin fd into the container

Reply via email to