"Daniel P. Berrange" <berrange@redhat.com> wrote:
This patch does some simple re-factoring of the way the TTYs and control socket are handled to reduce the amount of state stored in the lxc_vm_t structure, in preparation for the switchover to the generic domain handling APIs.
One more thing: ...
diff -r 63b8398c302e src/lxc_container.c --- a/src/lxc_container.c Mon Jul 14 12:18:23 2008 +0100 +++ b/src/lxc_container.c Tue Jul 15 11:55:48 2008 +0100 ... - close(0); close(1); close(2); + /* Just in case someone forget to set FD_CLOEXEC, explicitly + * close all FDs before executing the container */ + open_max = sysconf (_SC_OPEN_MAX); + for (i = 0; i < open_max; i++) + if (i != ttyfd) + close(i);
Do you really need to close all file descriptors > 2 ? I seem to recall that an application doing this caused trouble when it closed a file descriptor (opened via the shell that I was using for log output. I think this might have caused trouble also when I used valgrind with its --log-* options on that program.