cgroups: close dfd_mon but keep dfd_con and dfd_lim open for all cgroup hierarchies

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 345f5f65582be77b807a58ec701bda9032164ba8..c3363279ab67b949a79ab56a050fe310af1d7c25 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1364,7 +1364,7 @@ __cgfsng_ops static bool cgfsng_chown(struct cgroup_ops *ops,
        return true;
 }
 
-__cgfsng_ops static void cgfsng_payload_finalize(struct cgroup_ops *ops)
+__cgfsng_ops static void cgfsng_finalize(struct cgroup_ops *ops)
 {
        if (!ops)
                return;
@@ -1372,6 +1372,15 @@ __cgfsng_ops static void cgfsng_payload_finalize(struct cgroup_ops *ops)
        if (!ops->hierarchies)
                return;
 
+       for (int i = 0; ops->hierarchies[i]; i++) {
+               struct hierarchy *h = ops->hierarchies[i];
+
+               /* Close all monitor cgroup file descriptors. */
+               close_prot_errno_disarm(h->dfd_mon);
+       }
+       /* Close the cgroup root file descriptor. */
+       close_prot_errno_disarm(ops->dfd_mnt);
+
        /*
         * The checking for freezer support should obviously be done at cgroup
         * initialization time but that doesn't work reliable. The freezer
@@ -3313,7 +3322,7 @@ struct cgroup_ops *cgroup_ops_init(struct lxc_conf *conf)
        cgfsng_ops->payload_delegate_controllers        = cgfsng_payload_delegate_controllers;
        cgfsng_ops->payload_create                      = cgfsng_payload_create;
        cgfsng_ops->payload_enter                       = cgfsng_payload_enter;
-       cgfsng_ops->payload_finalize                    = cgfsng_payload_finalize;
+       cgfsng_ops->finalize                            = cgfsng_finalize;
        cgfsng_ops->get_cgroup                          = cgfsng_get_cgroup;
        cgfsng_ops->get                                 = cgfsng_get;
        cgfsng_ops->set                                 = cgfsng_set;

diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index 85ffb260de66d64fc6bab96037d146639b0d5d70..7226c7ce50f08285bf9a91a21e83fe37d189a1e3 100644 (file)
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -218,7 +218,7 @@ struct cgroup_ops {
                                 struct lxc_handler *handler);
        bool (*monitor_delegate_controllers)(struct cgroup_ops *ops);
        bool (*payload_delegate_controllers)(struct cgroup_ops *ops);
-       void (*payload_finalize)(struct cgroup_ops *ops);
+       void (*finalize)(struct cgroup_ops *ops);
        const char *(*get_limiting_cgroup)(struct cgroup_ops *ops, const char *controller);
 };
 

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 67a2348480b2c7a893e217c7e0b9bfd4d009e3dd..f8c22ff73b8a5fec6f79161628c0a7b0d9579f52 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1888,7 +1888,7 @@ static int lxc_spawn(struct lxc_handler *handler)
                }
        }
 
-       cgroup_ops->payload_finalize(cgroup_ops);
+       cgroup_ops->finalize(cgroup_ops);
        TRACE("Finished setting up cgroups");
 
        if (handler->ns_unshare_flags & CLONE_NEWTIME) {