From: Tycho Andersen Date: Tue, 29 Mar 2016 00:43:20 +0000 (-0600) Subject: start: only use host's /dev/null when absolutely necessary X-Git-Tag: lxc-2.0.0.rc14~2^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F927%2Fhead;p=thirdparty%2Flxc.git start: only use host's /dev/null when absolutely necessary See comments for details, but basically, only use the host's /dev/null when absolutely necessary (i.e. there is no reasonable /dev/null in the container). Signed-off-by: Tycho Andersen --- diff --git a/src/lxc/start.c b/src/lxc/start.c index fc98eb396..6d2c7b5f5 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -710,7 +710,8 @@ static int do_start(void *data) { struct lxc_list *iterator; struct lxc_handler *handler = data; - int devnull_fd = -1; + int devnull_fd = -1, ret; + char path[PATH_MAX]; if (sigprocmask(SIG_SETMASK, &handler->oldmask, NULL)) { SYSERROR("failed to set sigprocmask"); @@ -789,11 +790,28 @@ static int do_start(void *data) } #endif - if (handler->backgrounded) { + ret = sprintf(path, "%s/dev/null", handler->conf->rootfs.mount); + if (ret < 0 || ret >= sizeof(path)) { + SYSERROR("sprintf'd too many chars"); + goto out_warn_father; + } + + /* In order to checkpoint restore, we need to have everything in the + * same mount namespace. However, some containers may not have a + * reasonable /dev (in particular, they may not have /dev/null), so we + * can't set init's std fds to /dev/null by opening it from inside the + * container. + * + * If that's the case, fall back to using the host's /dev/null. This + * means that migration won't work, but at least we won't spew output + * where it isn't wanted. + */ + if (handler->backgrounded && !handler->conf->autodev && access(path, F_OK) < 0) { devnull_fd = open_devnull(); if (devnull_fd < 0) goto out_warn_father; + WARN("using host's /dev/null for container init's std fds, migraiton won't work"); } /* Setup the container, ip, names, utsname, ... */ @@ -861,6 +879,13 @@ static int do_start(void *data) close(handler->sigfd); + if (devnull_fd < 0) { + devnull_fd = open_devnull(); + + if (devnull_fd < 0) + goto out_warn_father; + } + if (handler->backgrounded && set_stdfds(devnull_fd)) goto out_warn_father;