runc/utils at 356d006895b6d22858543e37a2629159109d9bea - runc

History

Alexander Larsson f6028219a5 Fix invalid fd race Sometimes I was getting: 2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor This happens when applying the capabilities, and the code that reads the current caps opens /proc/1/status and then reads some data from it. But during this it gets a EBADFD error. The problem is that FinalizeNamespace() closes all FDs before applying the caps, and if a GC then happens after /proc/1/status is opened but before reading from the fd, then an old os.File finalizer may close the already closed-and-reused fd, wreaking havoc. We fix this by instead of closing the FDs we mark them close-on-exec which guarantees that they will be closed when we do the final exec into the container. Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)	2014-06-16 10:26:18 +02:00
..
utils.go	Fix invalid fd race	2014-06-16 10:26:18 +02:00

Alexander Larsson f6028219a5 Fix invalid fd race

Sometimes I was getting:

2014/06/13 13:47:24 finalize namespace drop bounding set read /proc/1/status: bad file descriptor

This happens when applying the capabilities, and the code that
reads the current caps opens /proc/1/status and then reads some data from it.
But during this it gets a EBADFD error.

The problem is that FinalizeNamespace() closes all FDs before applying
the caps, and if a GC then happens after /proc/1/status is opened but
before reading from the fd, then an old os.File finalizer may close the
already closed-and-reused fd, wreaking havoc.

We fix this by instead of closing the FDs we mark them close-on-exec
which guarantees that they will be closed when we do the final
exec into the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)

2014-06-16 10:26:18 +02:00

utils.go

Fix invalid fd race

2014-06-16 10:26:18 +02:00