Comment 3 for bug 931220

Assigning to Serge at his request ;)

The issue was tracked down to be an inherited fd likely from libldap passed to libnss-ldap then passed to libnss and eventually to upstart. This socket isn't marked as CLOEXEC so all processes inherit it.

I'll file a separate bug against upstart to have all the fds closed before running the jobs, for now though we think it'd be good to have a close-all-fds option in lxc, possibly making it the default for -d so we can use it to workaround these issues.