fd = lxc_try_preserve_ns(pid, ns_info[i].proc_name);
if (fd < 0) {
- handler->nsfd[i] = -EBADF;
-
/* Do not fail to start container on kernels that do
* not support interacting with namespaces through
* /proc.
return (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO);
}
+#ifdef HAVE_DLOG
+static bool match_dlog_fds(struct dirent *direntp)
+{
+ char path[PATH_MAX] = {0};
+ char link[PATH_MAX] = {0};
+ ssize_t linklen;
+ int ret;
+
+ ret = snprintf(path, PATH_MAX, "/proc/self/fd/%s", direntp->d_name);
+ if (ret < 0 || ret >= PATH_MAX) {
+ ERROR("Failed to create file descriptor name");
+ return false;
+ }
+
+ linklen = readlink(path, link, PATH_MAX);
+ if (linklen < 0) {
+ SYSERROR("Failed to read link path - \"%s\"", path);
+ return false;
+ } else if (linklen >= PATH_MAX) {
+ ERROR("The name of link path is too long - \"%s\"", path);
+ return false;
+ }
+
+ if (strcmp(link, "/dev/log_main") == 0 ||
+ strcmp(link, "/dev/log_system") == 0 ||
+ strcmp(link, "/dev/log_radio") == 0)
+ return true;
+
+ return false;
+}
+#endif
+
int lxc_check_inherited(struct lxc_conf *conf, bool closeall,
int *fds_to_ignore, size_t len_fds)
{
if (matched)
continue;
+#ifdef HAVE_DLOG
+ if (match_dlog_fds(direntp))
+ continue;
+
+#endif
if (current_config && fd == current_config->logfd)
continue;
static int setup_signal_fd(sigset_t *oldmask)
{
int ret;
- int sig;
sigset_t mask;
const int signals[] = {SIGBUS, SIGILL, SIGSEGV, SIGWINCH};
if (ret < 0)
return -EBADF;
- for (sig = 0; sig < (sizeof(signals) / sizeof(signals[0])); sig++) {
+ for (int sig = 0; sig < (sizeof(signals) / sizeof(signals[0])); sig++) {
ret = sigdelset(&mask, signals[sig]);
if (ret < 0)
return -EBADF;
if (siginfo.ssi_signo == SIGHUP) {
kill(hdlr->pid, SIGTERM);
INFO("Killing %d since terminal hung up", hdlr->pid);
- return hdlr->init_died ? LXC_MAINLOOP_CLOSE : LXC_MAINLOOP_CONTINUE;
+ return hdlr->init_died ? LXC_MAINLOOP_CLOSE
+ : LXC_MAINLOOP_CONTINUE;
}
if (siginfo.ssi_signo != SIGCHLD) {
kill(hdlr->pid, siginfo.ssi_signo);
INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
- return hdlr->init_died ? LXC_MAINLOOP_CLOSE : LXC_MAINLOOP_CONTINUE;
+ return hdlr->init_died ? LXC_MAINLOOP_CLOSE
+ : LXC_MAINLOOP_CONTINUE;
}
/* More robustness, protect ourself from a SIGCHLD sent
if (siginfo.ssi_pid != hdlr->pid) {
NOTICE("Received %d from pid %d instead of container init %d",
siginfo.ssi_signo, siginfo.ssi_pid, hdlr->pid);
- return hdlr->init_died ? LXC_MAINLOOP_CLOSE : LXC_MAINLOOP_CONTINUE;
+ return hdlr->init_died ? LXC_MAINLOOP_CLOSE
+ : LXC_MAINLOOP_CONTINUE;
}
if (siginfo.ssi_code == CLD_STOPPED) {
INFO("Container init process was stopped");
- return hdlr->init_died ? LXC_MAINLOOP_CLOSE : LXC_MAINLOOP_CONTINUE;
- } else if (siginfo.ssi_code == CLD_CONTINUED) {
+ return hdlr->init_died ? LXC_MAINLOOP_CLOSE
+ : LXC_MAINLOOP_CONTINUE;
+ }
+
+ if (siginfo.ssi_code == CLD_CONTINUED) {
INFO("Container init process was continued");
- return hdlr->init_died ? LXC_MAINLOOP_CLOSE : LXC_MAINLOOP_CONTINUE;
+ return hdlr->init_died ? LXC_MAINLOOP_CLOSE
+ : LXC_MAINLOOP_CONTINUE;
}
DEBUG("Container init process %d exited", hdlr->pid);
+
return LXC_MAINLOOP_CLOSE;
}
if (handler->state_socket_pair[1] >= 0)
close(handler->state_socket_pair[1]);
+ if (handler->cgroup_ops)
+ cgroup_exit(handler->cgroup_ops);
+
handler->conf = NULL;
free(handler);
handler = NULL;
cgroup_ops->payload_destroy(cgroup_ops, handler);
cgroup_ops->monitor_destroy(cgroup_ops, handler);
- cgroup_exit(cgroup_ops);
if (handler->conf->reboot == REBOOT_NONE) {
/* For all new state clients simply close the command socket.
struct lxc_conf *conf = handler->conf;
for (i = 0; i < LXC_NS_MAX; i++) {
- if (conf->ns_keep != 0) {
+ if (conf->ns_keep > 0) {
if ((conf->ns_keep & ns_info[i].clone_flag) == 0)
handler->ns_clone_flags |= ns_info[i].clone_flag;
- } else if (conf->ns_clone != 0) {
+ } else if (conf->ns_clone > 0) {
if ((conf->ns_clone & ns_info[i].clone_flag) > 0)
handler->ns_clone_flags |= ns_info[i].clone_flag;
} else {
* getpid() in the child would return the parent's pid. This is all fixed in
* newer glibc versions where the getpid() cache is removed and the pid/tid is
* not reset anymore.
- * However, if for whatever reason you - dear commiter - somehow need to get the
+ * However, if for whatever reason you - dear committer - somehow need to get the
* pid of the dummy intermediate process for do_share_ns() you need to call
* lxc_raw_getpid(). The next lxc_raw_clone() call does not employ CLONE_VM and
* will be fine.
}
/* Now all networks are created, network devices are moved into place,
- * and the correct names and ifindeces in the respective namespaces have
+ * and the correct names and ifindices in the respective namespaces have
* been recorded. The corresponding structs have now all been filled. So
* log them for debugging purposes.
*/