libxl is leaking self pipes to child processes. These can be seen when
running with env var _LIBXL_DEBUG_EXEC_FDS=1:
libxl: debug: libxl_aoutils.c:593:libxl__async_exec_start: forking to execute: /etc/xen/scripts/vif-bridge online
[Detaching after fork from child process 5099]
libxl: execing /etc/xen/scripts/vif-bridge: fd 4 is open to pipe:[46805] with flags 0
libxl: execing /etc/xen/scripts/vif-bridge: fd 13 is open to pipe:[46807] with flags 0
libxl: execing /etc/xen/scripts/vif-bridge: fd 14 is open to pipe:[46807] with flags 0
libxl: execing /etc/xen/scripts/vif-bridge: fd 19 is open to pipe:[48570] with flags 0
libxl: execing /etc/xen/scripts/vif-bridge: fd 20 is open to pipe:[48570] with flags 0
(fd 3 is also open, but the check only starts at 4 for some reason.)
For xl, this is the poller created by libxl_ctx_alloc, the poller
created by do_domain_create -> libxl__ao_create, and the self pipe for
libxl__sigchld_needed. Set CLOEXEC on the FDs so they are not leaked
into children.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
rc = libxl__pipe_nonblock(CTX, p->wakeup_pipe);
if (rc) goto out;
+ libxl_fd_set_cloexec(CTX, p->wakeup_pipe[0], 1);
+ libxl_fd_set_cloexec(CTX, p->wakeup_pipe[1], 1);
+
return 0;
out:
if (CTX->sigchld_selfpipe[0] < 0) {
rc = libxl__pipe_nonblock(CTX, CTX->sigchld_selfpipe);
if (rc) goto out;
+ libxl_fd_set_cloexec(CTX, CTX->sigchld_selfpipe[0], 1);
+ libxl_fd_set_cloexec(CTX, CTX->sigchld_selfpipe[1], 1);
}
if (!libxl__ev_fd_isregistered(&CTX->sigchld_selfpipe_efd)) {
rc = libxl__ev_fd_register(gc, &CTX->sigchld_selfpipe_efd,
projects / xen.git / commitdiff