diff --git a/src/lxc/execute.c b/src/lxc/execute.c index b78bcbfc0..a0f7ff11c 100644 --- a/src/lxc/execute.c +++ b/src/lxc/execute.c @@ -118,7 +118,7 @@ int lxc_execute(const char *name, char *const argv[], int quiet, .quiet = quiet }; - if (lxc_check_inherited(conf, -1)) + if (lxc_check_inherited(conf, false, -1)) return -1; conf->is_execute = 1; diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 0d366873b..7ed871708 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -606,7 +606,6 @@ static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv * while container is running... */ if (daemonize) { - conf->close_all_fds = 1; lxc_monitord_spawn(c->config_path); pid_t pid = fork(); @@ -634,7 +633,7 @@ static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv SYSERROR("Error chdir()ing to /."); return false; } - lxc_check_inherited(conf, -1); + lxc_check_inherited(conf, true, -1); close(0); close(1); close(2); @@ -673,6 +672,13 @@ static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv reboot: conf->reboot = 0; + + if (lxc_check_inherited(conf, daemonize, -1)) { + ERROR("Inherited fds found"); + ret = 1; + goto out; + } + ret = lxc_start(c->name, argv, conf, c->config_path); c->error_num = ret; @@ -682,6 +688,7 @@ reboot: goto reboot; } +out: if (c->pidfile) { unlink(c->pidfile); free(c->pidfile); diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c index f6d36a96b..1e1c094a9 100644 --- a/src/lxc/monitor.c +++ b/src/lxc/monitor.c @@ -331,7 +331,7 @@ int lxc_monitord_spawn(const char *lxcpath) SYSERROR("failed to setsid"); exit(EXIT_FAILURE); } - lxc_check_inherited(NULL, pipefd[1]); + lxc_check_inherited(NULL, true, pipefd[1]); close(0); close(1); close(2); diff --git a/src/lxc/start.c b/src/lxc/start.c index cd78665ec..f9bff5192 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -170,12 +170,24 @@ static int match_fd(int fd) return (fd == 0 || fd == 1 || fd == 2); } -int lxc_check_inherited(struct lxc_conf *conf, int fd_to_ignore) +/* + * Check for any fds we need to close + * * if fd_to_ignore != -1, then if we find that fd open we will ignore it. + * * By default we warn about open fds we find. + * * If closeall is true, we will close open fds. + * * If lxc-start was passed "-C", then conf->close_all_fds will be true, + * in which case we also close all open fds. + * * A daemonized container will always pass closeall=true. + */ +int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int fd_to_ignore) { struct dirent dirent, *direntp; int fd, fddir; DIR *dir; + if (conf && conf->close_all_fds) + closeall = true; + restart: dir = opendir("/proc/self/fd"); if (!dir) { @@ -203,7 +215,7 @@ restart: if (match_fd(fd)) continue; - if (conf == NULL || conf->close_all_fds) { + if (closeall) { close(fd); closedir(dir); INFO("closed inherited fd %d", fd); @@ -1187,9 +1199,6 @@ int lxc_start(const char *name, char *const argv[], struct lxc_conf *conf, .argv = argv, }; - if (lxc_check_inherited(conf, -1)) - return -1; - conf->need_utmp_watch = 1; return __lxc_start(name, conf, &start_ops, &start_arg, lxcpath); } diff --git a/src/lxc/start.h b/src/lxc/start.h index 7c75b16f3..d39b3b46a 100644 --- a/src/lxc/start.h +++ b/src/lxc/start.h @@ -25,6 +25,7 @@ #include #include +#include #include "config.h" #include "state.h" @@ -81,7 +82,7 @@ extern void lxc_abort(const char *name, struct lxc_handler *handler); extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *, const char *); extern void lxc_fini(const char *name, struct lxc_handler *handler); -extern int lxc_check_inherited(struct lxc_conf *conf, int fd_to_ignore); +extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int fd_to_ignore); int __lxc_start(const char *, struct lxc_conf *, struct lxc_operations *, void *, const char *);