diff options
| author |   Serge Hallyn <serge@hallyn.com> | 2012-02-16 14:08:18 -0600 |
|---|---|---|
| committer |   Daniel Lezcano <daniel.lezcano@free.fr> | 2012-02-26 10:44:41 +0100 |
| commit | b119f36293ef2cf3bdb0f9ed7b24b9eb25453fac (patch) | |
| tree | de627e391c7b770f3555d35225cc901b2f5e132b | |
| parent | ubuntu template changes (diff) | |
| download | lxc-b119f36293ef2cf3bdb0f9ed7b24b9eb25453fac.tar.gz lxc-b119f36293ef2cf3bdb0f9ed7b24b9eb25453fac.tar.bz2 lxc-b119f36293ef2cf3bdb0f9ed7b24b9eb25453fac.zip | |
add option to close inherited fds
The option is implied by '-d', because the admin won't see the warning
message.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
| -rw-r--r-- | src/lxc/arguments.h | 3 | ||||
| -rw-r--r-- | src/lxc/conf.h | 1 | ||||
| -rw-r--r-- | src/lxc/execute.c | 2 | ||||
| -rw-r--r-- | src/lxc/lxc_start.c | 10 | ||||
| -rw-r--r-- | src/lxc/restart.c | 2 | ||||
| -rw-r--r-- | src/lxc/start.c | 11 | ||||
| -rw-r--r-- | src/lxc/start.h | 2 |
7 files changed, 25 insertions, 6 deletions
diff --git a/src/lxc/arguments.h b/src/lxc/arguments.h index 6a2ffc6..40f0d6c 100644 --- a/src/lxc/arguments.h +++ b/src/lxc/arguments.h @@ -58,6 +58,9 @@ struct lxc_arguments { /* for lxc-wait */ char *states; + /* close fds from parent? */ + int close_all_fds; + /* remaining arguments */ char *const *argv; int argc; diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 24e7c43..09f55cb 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -215,6 +215,7 @@ struct lxc_conf { struct lxc_console console; struct lxc_rootfs rootfs; char *ttydir; + int close_all_fds; }; /* diff --git a/src/lxc/execute.c b/src/lxc/execute.c index 43210e2..8f428f1 100644 --- a/src/lxc/execute.c +++ b/src/lxc/execute.c @@ -83,7 +83,7 @@ int lxc_execute(const char *name, char *const argv[], int quiet, .quiet = quiet }; - if (lxc_check_inherited(-1)) + if (lxc_check_inherited(conf, -1)) return -1; return __lxc_start(name, conf, &execute_start_ops, &args); diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c index fdd4c72..7559444 100644 --- a/src/lxc/lxc_start.c +++ b/src/lxc/lxc_start.c @@ -58,8 +58,9 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg) { switch (c) { case 'c': args->console = arg; break; - case 'd': args->daemonize = 1; break; + case 'd': args->daemonize = 1; args->close_all_fds = 1; break; case 'f': args->rcfile = arg; break; + case 'C': args->close_all_fds = 1; break; case 's': return lxc_config_define_add(&defines, arg); } return 0; @@ -70,6 +71,7 @@ static const struct option my_longopts[] = { {"rcfile", required_argument, 0, 'f'}, {"define", required_argument, 0, 's'}, {"console", required_argument, 0, 'c'}, + {"close-all-fds", no_argument, 0, 'C'}, LXC_COMMON_OPTIONS }; @@ -85,6 +87,9 @@ Options :\n\ -d, --daemon daemonize the container\n\ -f, --rcfile=FILE Load configuration file FILE\n\ -c, --console=FILE Set the file output for the container console\n\ + -C, --close-all-fds If any fds are inherited, close them\n\ + If not specified, exit with failure instead\n\ + Note: --daemon implies --close-all-fds\n\ -s, --define KEY=VAL Assign VAL to configuration variable KEY\n", .options = my_longopts, .parser = my_parser, @@ -199,6 +204,9 @@ int main(int argc, char *argv[]) return err; } + if (my_args.close_all_fds) + conf->close_all_fds = 1; + err = lxc_start(my_args.name, args, conf); /* diff --git a/src/lxc/restart.c b/src/lxc/restart.c index a19b948..a054838 100644 --- a/src/lxc/restart.c +++ b/src/lxc/restart.c @@ -71,7 +71,7 @@ int lxc_restart(const char *name, int sfd, struct lxc_conf *conf, int flags) .flags = flags }; - if (lxc_check_inherited(sfd)) + if (lxc_check_inherited(conf, sfd)) return -1; return __lxc_start(name, conf, &restart_ops, &restart_arg); diff --git a/src/lxc/start.c b/src/lxc/start.c index f3a47a3..fc2a1b1 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -134,12 +134,13 @@ static int match_fd(int fd) return (fd == 0 || fd == 1 || fd == 2); } -int lxc_check_inherited(int fd_to_ignore) +int lxc_check_inherited(struct lxc_conf *conf, int fd_to_ignore) { struct dirent dirent, *direntp; int fd, fddir; DIR *dir; +restart: dir = opendir("/proc/self/fd"); if (!dir) { WARN("failed to open directory: %m"); @@ -166,6 +167,12 @@ int lxc_check_inherited(int fd_to_ignore) if (match_fd(fd)) continue; + if (conf->close_all_fds) { + close(fd); + closedir(dir); + INFO("closed inherited fd %d", fd); + goto restart; + } WARN("inherited fd %d", fd); } @@ -709,7 +716,7 @@ int lxc_start(const char *name, char *const argv[], struct lxc_conf *conf) .argv = argv, }; - if (lxc_check_inherited(-1)) + if (lxc_check_inherited(conf, -1)) return -1; conf->need_utmp_watch = 1; diff --git a/src/lxc/start.h b/src/lxc/start.h index 4009e1d..016d3ee 100644 --- a/src/lxc/start.h +++ b/src/lxc/start.h @@ -54,7 +54,7 @@ extern int lxc_poll(const char *name, struct lxc_handler *handler); extern void lxc_abort(const char *name, struct lxc_handler *handler); extern void lxc_fini(const char *name, struct lxc_handler *handler); extern int lxc_set_state(const char *, struct lxc_handler *, lxc_state_t); -extern int lxc_check_inherited(int fd_to_ignore); +extern int lxc_check_inherited(struct lxc_conf *conf, int fd_to_ignore); int __lxc_start(const char *, struct lxc_conf *, struct lxc_operations *, void *); |