Dup stdio FDs for VFS2 when starting a child container

Currently the stdio FDs are not dupped and will be closed unexpectedly in VFS2 when starting a child container. This patch fixes this issue. Fixes: #3821 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
author: Tiwei Bie <tiwei.btw@antgroup.com> 2020-09-01 14:55:57 +0800
committer: Andrei Vagin <avagin@gmail.com> 2020-09-09 17:53:10 -0700
commit: e56e26eda28c14a3237678ce5610f03989b19736 (patch)
tree: cead656a0abc3a89762c4f7a9993842424b1fdaa
parent: d19d0d44f6b910f777d3ddd880cef21324758bf2 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index c3c754046..882cf270b 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -689,9 +689,18 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *config.Config, cid strin
 		return fmt.Errorf("creating new process: %v", err)
 	}
 
-	// setupContainerFS() dups stdioFDs, so we don't need to dup them here.
+	// VFS1 dups stdioFDs, so we don't need to dup them here. VFS2 takes
+	// ownership of the passed FDs, and we need to dup them here.
 	for _, f := range files[:3] {
-		info.stdioFDs = append(info.stdioFDs, int(f.Fd()))
+		if !kernel.VFS2Enabled {
+			info.stdioFDs = append(info.stdioFDs, int(f.Fd()))
+		} else {
+			fd, err := unix.Dup(int(f.Fd()))
+			if err != nil {
+				return fmt.Errorf("failed to dup file: %v", err)
+			}
+			info.stdioFDs = append(info.stdioFDs, fd)
+		}
 	}
 
 	// Can't take ownership away from os.File. dup them to get a new FDs.
author	Tiwei Bie <tiwei.btw@antgroup.com>	2020-09-01 14:55:57 +0800
committer	Andrei Vagin <avagin@gmail.com>	2020-09-09 17:53:10 -0700
commit	e56e26eda28c14a3237678ce5610f03989b19736 (patch)
tree	cead656a0abc3a89762c4f7a9993842424b1fdaa
parent	d19d0d44f6b910f777d3ddd880cef21324758bf2 (diff)