Upstart should close all non-standard fds before starting a job

Bug #931584 reported by Stéphane Graber on 2012-02-13
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)

Bug Description

In bug 931220 I discovered that LXC fails to start because the lxc upstart job inherits a socket in some cases.

Further investigation showed this socket to come from upstart => nss => nss-ldap => libldap and points to the LDAP server.

I'm not sure there's a good use case for letting the jobs inherit the fds from upstart, if there's, this should be optional, if there isn't, then upstart should be changed to close all these fds.

Steve Langasek (vorlon) wrote :

Opening a task for openldap here. I don't really like the idea of init of all things having to loop through a list of fds it knows nothing about, closing them one-by-one, to clean up after nss modules. I think libldap needs to be better behaved, and that this socket needs to be marked CLOEXEC when it's opened.

I defer to James on the question of whether upstart should close the fds anyway.

Changed in openldap (Ubuntu):
status: New → Triaged
importance: Undecided → High
James Hunt (jamesodhunt) wrote :

I agree with Steve here: Upstart is careful to set CLOEXEC on all the fds it has control over, so I would much prefer this be fixed at source.

A temporary work-around for jobs that are affected by this issue is to add the following code at the top of all appropriate script sections - remember that all script and exec sections run as different processes so if you have a pre-start and a script section, the code below should be added to the top of *both* those sections:

  # close unexpectedly open fds
  # The 'readlink' ensures we don't try to close the fd we're using to read the /proc/self/fd directory.
  for fd in /proc/self/fd/*
    fd=$(basename $fd)
    case "$fd" in
      0|1|2) ;;
      *) readlink $fd && eval "exec $fd>&-" || :;;

  # << do something useful here >>

end script

James Hunt (jamesodhunt) on 2012-02-15
Changed in upstart:
importance: Undecided → Medium
importance: Medium → Undecided
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers