]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6711ffc)
Expose underlying close_all_fds config value via API
authorS.Çağlar Onur <caglar@10ur.org>
Fri, 20 Sep 2013 22:45:21 +0000 (18:45 -0400)
committerSerge Hallyn <serge.hallyn@ubuntu.com>
Sat, 21 Sep 2013 04:48:20 +0000 (23:48 -0500)
Being able to set close_all_fds via API would be usefull for the
situations like running an application (let's say web server)
that controls the lifecycle of the container using the LXC API.
We don't want forked process to inherit parent's resource (file, socket, ...)

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
src/lxc/lxc_start.c patch | blob | blame | history
src/lxc/lxccontainer.c patch | blob | blame | history
src/lxc/lxccontainer.h patch | blob | blame | history

diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
index dfc514e1d32b1c0c40aa97e85bf912469871058b..a30a9f683d927dd066c6f2abfca2f212047cab48 100644 (file)
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -265,7 +265,7 @@ int main(int argc, char *argv[])
        }
 
        if (my_args.close_all_fds)
-               conf->close_all_fds = 1;
+               c->want_close_all_fds(c);
 
        err = c->start(c, 0, args) ? 0 : -1;
 
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index e8dde91b81dc9344b69ea273394c32ca28bada47..727c6809ee00a27fbffe2acb5575549067b9da54 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -456,6 +456,18 @@ static void lxcapi_want_daemonize(struct lxc_container *c)
        container_mem_unlock(c);
 }
 
+static void lxcapi_want_close_all_fds(struct lxc_container *c)
+{
+       if (!c || !c->lxc_conf)
+               return;
+       if (container_mem_lock(c)) {
+               ERROR("Error getting mem lock");
+               return;
+       }
+       c->lxc_conf->close_all_fds = 1;
+       container_mem_unlock(c);
+}
+
 static bool lxcapi_wait(struct lxc_container *c, const char *state, int timeout)
 {
        int ret;
@@ -2682,6 +2694,7 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
        c->init_pid = lxcapi_init_pid;
        c->load_config = lxcapi_load_config;
        c->want_daemonize = lxcapi_want_daemonize;
+       c->want_close_all_fds = lxcapi_want_close_all_fds;
        c->start = lxcapi_start;
        c->startl = lxcapi_startl;
        c->stop = lxcapi_stop;
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index 89b55bd64e5d71f8f1af4efe03b4d5e012d76bb9..8b6c6ef2b61d3fb4ca51e8f154601d732112295a 100644 (file)
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -68,6 +68,7 @@ struct lxc_container {
        bool (*startl)(struct lxc_container *c, int useinit, ...);
        bool (*stop)(struct lxc_container *c);
        void (*want_daemonize)(struct lxc_container *c);
+       void (*want_close_all_fds)(struct lxc_container *c);
        // Return current config file name.  The result is strdup()d, so free the result.
        char *(*config_file_name)(struct lxc_container *c);
        // for wait, timeout == -1 means wait forever, timeout == 0 means don't wait.
Mirror of https://github.com/lxc/lxc.git