Upstart should close all non-standard fds before starting a job
Bug #931584 reported by
Stéphane Graber
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| upstart |
New
|
Undecided
|
Unassigned | ||
| openldap (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Bug Description
In bug 931220 I discovered that LXC fails to start because the lxc upstart job inherits a socket in some cases.
Further investigation showed this socket to come from upstart => nss => nss-ldap => libldap and points to the LDAP server.
I'm not sure there's a good use case for letting the jobs inherit the fds from upstart, if there's, this should be optional, if there isn't, then upstart should be changed to close all these fds.
Revision history for this message
| Steve Langasek (vorlon) wrote | #1 |
| Changed in openldap (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
Revision history for this message
| James Hunt (jamesodhunt) wrote | #2 |
| Changed in upstart: | |
| importance: | Undecided → Medium |
| importance: | Medium → Undecided |
To post a comment you must log in.
Opening a task for openldap here. I don't really like the idea of init of all things having to loop through a list of fds it knows nothing about, closing them one-by-one, to clean up after nss modules. I think libldap needs to be better behaved, and that this socket needs to be marked CLOEXEC when it's opened.
I defer to James on the question of whether upstart should close the fds anyway.