api_start: always close fds 0-2 when daemonized

commit 507cee3618237d3 moved the close and re-open of fds 0-2 into
do_start.  But this means that the lxc monitor itself keeps the
caller's fds 0-2 open, which is wrong for daemonized containers.

Closes #548

Reported-by: Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index fd56327e6eda42059bfaacda729d55f85b60ae0b..916c99c916eba38ab04aa939fbbdbb2195007ced 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -722,6 +722,12 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
                        return false;
                }
                lxc_check_inherited(conf, true, -1);
+               close(0);
+               close(1);
+               close(2);
+               open("/dev/zero", O_RDONLY);
+               open("/dev/null", O_RDWR);
+               open("/dev/null", O_RDWR);
                setsid();
        } else {
                if (!am_single_threaded()) {