summaryrefslogtreecommitdiff
path: root/src/shared/cgroup-util.c
diff options
context:
space:
mode:
authorAlban Crequy <alban@endocode.com>2015-05-18 16:45:30 +0200
committerLennart Poettering <lennart@poettering.net>2015-05-18 22:24:15 +0200
commit6b7d2e9ea4cdb4cfa1512d37548a1a967623d7f2 (patch)
tree6d5d468c937a6da40631af5d84621d6e6068f168 /src/shared/cgroup-util.c
parent8dc26de6da7a7611ecf0362ffc4f178569109d23 (diff)
nspawn: close extra fds before execing init
When systemd-nspawn gets exec*()ed, it inherits the followings file descriptors: - 0, 1, 2: stdin, stdout, stderr - SD_LISTEN_FDS_START, ... SD_LISTEN_FDS_START+LISTEN_FDS: file descriptors passed by the system manager (useful for socket activation). They are passed to the child process (process leader). - extra lock fd: rkt passes a locked directory as an extra fd, so the directory remains locked as long as the container is alive. systemd-nspawn used to close all open fds except 0, 1, 2 and the SD_LISTEN_FDS_START..SD_LISTEN_FDS_START+LISTEN_FDS. This patch delays the close just before the exec so the nspawn process (parent) keeps the extra fds open. This patch supersedes the previous attempt ("cloexec extraneous fds"): http://lists.freedesktop.org/archives/systemd-devel/2015-May/031608.html
Diffstat (limited to 'src/shared/cgroup-util.c')
0 files changed, 0 insertions, 0 deletions