"Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > This patch does some simple re-factoring of the way the TTYs and > control socket are handled to reduce the amount of state stored > in the lxc_vm_t structure, in preparation for the switchover to > the generic domain handling APIs. One more thing: ... > diff -r 63b8398c302e src/lxc_container.c > --- a/src/lxc_container.c Mon Jul 14 12:18:23 2008 +0100 > +++ b/src/lxc_container.c Tue Jul 15 11:55:48 2008 +0100 ... > - close(0); close(1); close(2); > + /* Just in case someone forget to set FD_CLOEXEC, explicitly > + * close all FDs before executing the container */ > + open_max = sysconf (_SC_OPEN_MAX); > + for (i = 0; i < open_max; i++) > + if (i != ttyfd) > + close(i); Do you really need to close all file descriptors > 2 ? I seem to recall that an application doing this caused trouble when it closed a file descriptor (opened via the shell that I was using for log output. I think this might have caused trouble also when I used valgrind with its --log-* options on that program. -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list