vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

libcontainer: Don't use UsetCloseOnExec, it is racy

Browse source 
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.

Instead we just use Cmd.ExtraFiles which handles all this for us.

This fixes https://github.com/dotcloud/docker/issues/4493

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This commit is contained in:
Alexander Larsson 2014-03-06 14:10:32 +01:00
parent d3bbd78cc5
commit 0caa2d3992
3 changed files with 5 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
libcontainer/nsinit/sync_pipe.go
View file

@ -4,7 +4,6 @@ import (
"encoding/json"
"fmt"
"github.com/dotcloud/docker/pkg/libcontainer"
"github.com/dotcloud/docker/pkg/system"
"io/ioutil"
"os"
)
@ -22,7 +21,6 @@ func NewSyncPipe() (s *SyncPipe, err error) {
if err != nil {
return nil, err
}
system.UsetCloseOnExec(s.child.Fd())
return s, nil
}