In privileged mode, the container startup looses a file descriptor for "handler->nsfd[LX_NS_NET]". At line 1782, we preserve the namespaces file descriptor (in privileged mode, the network namespace is also preserved) :
for (i = 0; i < LXC_NS_MAX; i++)
if (handler->ns_on_clone_flags & ns_info[i].clone_flag)
INFO("Cloned %s", ns_info[i].flag_name);
if (!lxc_try_preserve_namespaces(handler, handler->ns_on_clone_flags, handler->pid)) {
ERROR("Failed to preserve cloned namespaces for lxc.hook.stop");
goto out_delete_net;
}
Then at line 1830, we preserve one more time the network namespace :
ret = lxc_try_preserve_ns(handler->pid, "net");
if (ret < 0) {
if (ret != -EOPNOTSUPP) {
SYSERROR("Failed to preserve net namespace");
goto out_delete_net;
}
The latter overwrites the file descriptor already stored in handler->nsfd[LXC_NS_NET] at line 1786.
So, this fix checks that the entry is not already filled.
projects / mirror_lxc.git / commit