Ubuntu
lxc package

lxc-start should get a close-all-fds option to avoid weird issues

Bug #931220 reported by Stéphane Graber
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Serge Hallyn
upstart (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

root@vorash:~# cat /var/log/upstart/lxc.log
+ [ -f /etc/default/lxc ]
+ . /etc/default/lxc
+ LXC_AUTO=true
+ USE_LXC_BRIDGE=false
+ LXC_BRIDGE=lxcbr0
+ LXC_ADDR=10.0.3.1
+ LXC_NETMASK=255.255.255.0
+ LXC_NETWORK=10.0.3.0/24
+ LXC_DHCP_RANGE=10.0.3.2,10.0.3.254
+ LXC_DHCP_MAX=253
+ [ xtrue = xtrue ]
+ ls /etc/lxc/auto/v6test01.conf
+ basename /etc/lxc/auto/v6test01.conf .conf
+ c=v6test01
+ lxc-info -n v6test01
+ grep state
+ grep -q RUNNING
+ lxc-start -l debug -o /run/debug -n v6test01 -f /etc/lxc/auto/v6test01.conf -d

root@vorash:~# cat /run/debug
      lxc-start 1329097397.477 ERROR lxc_start - inherited fd 21 on socket:[17416]

The first listing is the output of lxc.conf running with "set -x" and upstart logging with an added "-l debug -o /run/debug" to the lxc-start command line.
The second is the output in /run/debug

Apparently lxc-start is inheriting an fd from upstart causing lxc to fail to start.

I'm marking this high against lxc and also adding an upstart task in case we're inheriting this fd from some upstart issue.

Related branches

lp:ubuntu/precise/lxc
Stéphane Graber (stgraber)
Changed in lxc (Ubuntu):
importance: Undecided → High
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Interesting, I didn't get this in my original testing of the upstart job.

Do you know which file is open? (ls -l /proc/<pid-of-lxc-start/fd should show it)

The lxc.conf upstart job could, I suppose, explicitly close all fds under 1024, but in my opinion this is simply a bug in upstart. It should not start jobs with open fds. SELinux would prevent jobs from starting too.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Note that I still can't reproduce this here.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Assigning to Serge at his request ;)

The issue was tracked down to be an inherited fd likely from libldap passed to libnss-ldap then passed to libnss and eventually to upstart. This socket isn't marked as CLOEXEC so all processes inherit it.

I'll file a separate bug against upstart to have all the fds closed before running the jobs, for now though we think it'd be good to have a close-all-fds option in lxc, possibly making it the default for -d so we can use it to workaround these issues.

Changed in upstart (Ubuntu):
status: New → Invalid
Changed in lxc (Ubuntu):
status: New → Triaged
assignee: nobody → Serge Hallyn (serge-hallyn)
summary: - lxc.conf upstart job fails to spawn containers at boot time
+ lxc-start should get a close-all-fds option to avoid weird issues
Revision history for this message
Stéphane Graber (stgraber) wrote :

The upstart bug is now being tracked in bug 931584

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.7.5-3ubuntu25

---------------
lxc (0.7.5-3ubuntu25) precise; urgency=low

  * 0042-close-fds.patch: add a new --close-all-fds option. Normally if
    lxc-start is started with an open fd, it exits with failiure. With
    this option specified, the fds will be closed and startup will continue.
    --daemon now implies --close-all-fds. (LP: #931220)
 -- Serge Hallyn <email address hidden> Mon, 13 Feb 2012 14:03:25 -0600

Changed in lxc (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.