git.ipfire.org Git - thirdparty/lxc.git/commit

author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Tue, 13 Jan 2015 06:02:26 +0000 (06:02 +0000)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Thu, 15 Jan 2015 22:11:54 +0000 (17:11 -0500)
commit	d2cf4c378588cc1d497fe8b2ba3f835d6b03fe38
tree	6c391ccd58cf1b34305ad6f777bbe2e400093489	tree
parent	4799a1e7eced77ae8ef48579b81aa71127958a61	commit \| diff

close-all-fds: fix behavior

We want to close all inherited fds in three cases - one, if a container
is daemonized.  Two, if the user specifies -C on the lxc-start command
line.  Three, in src/lxc/monitor.c.  The presence of -C is passed in the
lxc_conf may not always exist.

One call to lxc_check_inherited was being done from lxc_start(), which
doesn't know whether we are daemonized.  Move that call to its caller,
lxcapi_start(), which does know.

Pass an explicit closeall boolean as second argument to lxc_check_inherited.
If it is true, then all fds are closed.  If it is false, then we check
the lxc_conf->close_all_fds.

With this, all tests pass, and the logic appears correct.

Note that when -C is not true, then we only warn about inherited fds,
but we do not abort the container start.  This appears to have ben the case
since commit 92c7f6295518 in 2011.  Unfortunately the referenced URL with
the justification is no longer valid.  We may want to consider becoming
stricter about this again.  (Note that the commit did say "for now")

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

src/lxc/execute.c		diff \| blob \| blame \| history
src/lxc/lxccontainer.c		diff \| blob \| blame \| history
src/lxc/monitor.c		diff \| blob \| blame \| history
src/lxc/start.c		diff \| blob \| blame \| history
src/lxc/start.h		diff \| blob \| blame \| history