mobi/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2025-12-09 10:01:25 +03:00
Code Activity

Close extraneous file descriptors in containers

Browse Source 
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This commit is contained in:
Tianon Gravi
2014-04-28 23:22:54 -06:00
parent e4114e6b94
commit d5d62ff955
7 changed files with 80 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
integration-cli/docker_cli_run_test.go
View File

@@ -91,6 +91,22 @@ func TestDockerRunEchoNamedContainer(t *testing.T) {
logDone("run - echo with named container")
}
// docker run should not leak file descriptors
func TestDockerRunLeakyFileDescriptors(t *testing.T) {
runCmd := exec.Command(dockerBinary, "run", "busybox", "ls", "-C", "/proc/self/fd")
out, _, _, err := runCommandWithStdoutStderr(runCmd)
errorOut(err, t, out)
// normally, we should only get 0, 1, and 2, but 3 gets created by "ls" when it does "opendir" on the "fd" directory
if out != "0 1 2 3\n" {
t.Errorf("container should've printed '0 1 2 3', not: %s", out)
}
deleteAllContainers()
logDone("run - check file descriptor leakage")
}
// it should be possible to ping Google DNS resolver
// this will fail when Internet access is unavailable
func TestDockerRunPingGoogle(t *testing.T) {