confile: add lxc.namespace.<namespace-key>
This commit also gets rid of ~10 unnecessarily file descriptors that were kept
open. Before we kept open:
- A set of file descriptors that refer to the monitor's namespaces. These were
only used to reattach to the monitor's namespace in lxc_spawn() and were
never used anywhere else. So close them and don't keep them around.
- A list of inherited file descriptors.
- A list of file descriptors referring to the containers's namespaces to pass
to lxc.hook.stop. This list duplicated inherited file descriptors.
Let's simply use a single list in the handler that has all file descriptors we
need and get rid of all other ones. As an illustration. Starting a container
1. Without this patch and looking at the fds that the monitor keeps open (26):
chb@conventiont|~
> ls -al /proc/27219/fd
total 0
dr-x------ 2 root root 0 Oct 29 14:30 .
dr-xr-xr-x 9 root root 0 Oct 29 14:30 ..
lrwx------ 1 root root 64 Oct 29 14:30 0 -> /dev/null
lrwx------ 1 root root 64 Oct 29 14:30 1 -> /dev/null
lrwx------ 1 root root 64 Oct 29 14:30 10 -> anon_inode:[signalfd]
lrwx------ 1 root root 64 Oct 29 14:30 11 -> /dev/ptmx
lrwx------ 1 root root 64 Oct 29 14:30 12 -> /dev/pts/10
lr-x------ 1 root root 64 Oct 29 14:30 13 -> net:[
4026532553]
lrwx------ 1 root root 64 Oct 29 14:30 15 -> socket:[
7909181]
lrwx------ 1 root root 64 Oct 29 14:30 16 -> socket:[
7909182]
lr-x------ 1 root root 64 Oct 29 14:30 17 -> uts:[
4026531838]
lr-x------ 1 root root 64 Oct 29 14:30 18 -> ipc:[
4026531839]
lr-x------ 1 root root 64 Oct 29 14:30 19 -> net:[
4026532009]
lrwx------ 1 root root 64 Oct 29 14:30 2 -> /dev/null
lr-x------ 1 root root 64 Oct 29 14:30 20 -> mnt:[
4026532611]
lr-x------ 1 root root 64 Oct 29 14:30 21 -> pid:[
4026532612]
lr-x------ 1 root root 64 Oct 29 14:30 22 -> uts:[
4026532548]
lr-x------ 1 root root 64 Oct 29 14:30 23 -> ipc:[
4026532549]
lr-x------ 1 root root 64 Oct 29 14:30 24 -> net:[
4026532553]
l-wx------ 1 root root 64 Oct 29 14:30 3 -> /var/log/lxc/a1.log
lr-x------ 1 root root 64 Oct 29 14:30 4 -> uts:[
4026532548]
lr-x------ 1 root root 64 Oct 29 14:30 5 -> ipc:[
4026532549]
lr-x------ 1 root root 64 Oct 29 14:30 6 -> net:[
4026532553]
lrwx------ 1 root root 64 Oct 29 14:30 7 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Oct 29 14:30 9 -> socket:[
7911594]
2. With this patch and looking at the fds that the monitor keeps open (19):
chb@conventiont|~
> ls -al /proc/28465/fd
total 0
dr-x------ 2 root root 0 Oct 29 14:31 .
dr-xr-xr-x 9 root root 0 Oct 29 14:31 ..
lrwx------ 1 root root 64 Oct 29 14:31 0 -> /dev/null
lrwx------ 1 root root 64 Oct 29 14:31 1 -> /dev/null
lr-x------ 1 root root 64 Oct 29 14:31 10 -> net:[
4026532820]
lrwx------ 1 root root 64 Oct 29 14:31 12 -> socket:[
7912349]
lrwx------ 1 root root 64 Oct 29 14:31 13 -> socket:[
7912350]
lr-x------ 1 root root 64 Oct 29 14:31 14 -> mnt:[
4026532611]
lr-x------ 1 root root 64 Oct 29 14:31 15 -> pid:[
4026532813]
lr-x------ 1 root root 64 Oct 29 14:31 16 -> uts:[
4026532612]
lr-x------ 1 root root 64 Oct 29 14:31 17 -> ipc:[
4026532613]
lr-x------ 1 root root 64 Oct 29 14:31 18 -> net:[
4026532820]
lrwx------ 1 root root 64 Oct 29 14:31 2 -> /dev/null
l-wx------ 1 root root 64 Oct 29 14:31 3 -> /var/log/lxc/a1.log
lrwx------ 1 root root 64 Oct 29 14:31 4 -> anon_inode:[signalfd]
lrwx------ 1 root root 64 Oct 29 14:31 5 -> /dev/ptmx
lrwx------ 1 root root 64 Oct 29 14:31 6 -> /dev/pts/10
lrwx------ 1 root root 64 Oct 29 14:31 7 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Oct 29 14:31 9 -> socket:[
7913041]
Relates to #1881.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
projects / mirror_lxc.git / commit