Being able to set close_all_fds via API would be usefull for the
situations like running an application (let's say web server)
that controls the lifecycle of the container using the LXC API.
We don't want forked process to inherit parent's resource (file, socket, ...)
Signed-off-by: S.Çağlar Onur <cag...@10ur.org>
---
src/lxc/lxc_start.c | 2 +-
src/lxc/lxccontainer.c | 13 +++++++++++++
src/lxc/lxccontainer.h | 1 +
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
index dfc514e..a30a9f6 100644
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -265,7 +265,7 @@ int main(int argc, char *argv[])
}
if (my_args.close_all_fds)
- conf->close_all_fds = 1;
+ c->want_close_all_fds(c);
err = c->start(c, 0, args) ? 0 : -1;
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index e8dde91..727c680 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -456,6 +456,18 @@ static void lxcapi_want_daemonize(struct lxc_container *c)
container_mem_unlock(c);
}
+static void lxcapi_want_close_all_fds(struct lxc_container *c)
+{
+ if (!c || !c->lxc_conf)
+ return;
+ if (container_mem_lock(c)) {
+ ERROR("Error getting mem lock");
+ return;
+ }
+ c->lxc_conf->close_all_fds = 1;
+ container_mem_unlock(c);
+}
+
static bool lxcapi_wait(struct lxc_container *c, const char *state, int
timeout)
{
int ret;
@@ -2682,6 +2694,7 @@ struct lxc_container *lxc_container_new(const char *name,
const char *configpath
c->init_pid = lxcapi_init_pid;
c->load_config = lxcapi_load_config;
c->want_daemonize = lxcapi_want_daemonize;
+ c->want_close_all_fds = lxcapi_want_close_all_fds;
c->start = lxcapi_start;
c->startl = lxcapi_startl;
c->stop = lxcapi_stop;
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index 89b55bd..8b6c6ef 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -68,6 +68,7 @@ struct lxc_container {
bool (*startl)(struct lxc_container *c, int useinit, ...);
bool (*stop)(struct lxc_container *c);
void (*want_daemonize)(struct lxc_container *c);
+ void (*want_close_all_fds)(struct lxc_container *c);
// Return current config file name. The result is strdup()d, so free
the result.
char *(*config_file_name)(struct lxc_container *c);
// for wait, timeout == -1 means wait forever, timeout == 0 means don't
wait.
--
1.8.1.2
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
