Dup stdio FDs for VFS2 when starting a child container

Currently the stdio FDs are not dupped and will be closed unexpectedly in VFS2 when starting a child container. This patch fixes this issue. Fixes: #3821 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
author: Tiwei Bie <tiwei.btw@antgroup.com> 2020-09-01 14:55:57 +0800
committer: Tiwei Bie <tiwei.btw@antgroup.com> 2020-09-01 15:51:08 +0800
commit: 66ee7c0e98a98d4046a23b85af42bc68b5ab6b13 (patch)
tree: 777c17e0ed534ddd336e1bb2c3b795590f167b8e /runsc
parent: 67484384935fa814e978f08dfa0f0bdbddbbd371 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index c3c754046..882cf270b 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -689,9 +689,18 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *config.Config, cid strin
 		return fmt.Errorf("creating new process: %v", err)
 	}
 
-	// setupContainerFS() dups stdioFDs, so we don't need to dup them here.
+	// VFS1 dups stdioFDs, so we don't need to dup them here. VFS2 takes
+	// ownership of the passed FDs, and we need to dup them here.
 	for _, f := range files[:3] {
-		info.stdioFDs = append(info.stdioFDs, int(f.Fd()))
+		if !kernel.VFS2Enabled {
+			info.stdioFDs = append(info.stdioFDs, int(f.Fd()))
+		} else {
+			fd, err := unix.Dup(int(f.Fd()))
+			if err != nil {
+				return fmt.Errorf("failed to dup file: %v", err)
+			}
+			info.stdioFDs = append(info.stdioFDs, fd)
+		}
 	}
 
 	// Can't take ownership away from os.File. dup them to get a new FDs.
author	Tiwei Bie <tiwei.btw@antgroup.com>	2020-09-01 14:55:57 +0800
committer	Tiwei Bie <tiwei.btw@antgroup.com>	2020-09-01 15:51:08 +0800
commit	66ee7c0e98a98d4046a23b85af42bc68b5ab6b13 (patch)
tree	777c17e0ed534ddd336e1bb2c3b795590f167b8e /runsc
parent	67484384935fa814e978f08dfa0f0bdbddbbd371 (diff)