From 466e46958ff78e49fd5d168392a7388aa2c34672 Mon Sep 17 00:00:00 2001
From: Faiyaz Ahmed <faiyaza@cs.princeton.edu>
Date: Wed, 16 Apr 2008 18:48:46 +0000
Subject: [PATCH] Added code from NodeManager.tools to close non standard file
 descriptors.  Avoids zombies and priv'ed fds from entering context.

---
 python/vserver.py | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/python/vserver.py b/python/vserver.py
index e3748f4..33c1952 100644
--- a/python/vserver.py
+++ b/python/vserver.py
@@ -267,7 +267,6 @@ class VServer:
             block_usage = self.disk_blocks
             inode_usage = self.disk_inodes
 
-
         try:
             vserverimpl.setdlimit(self.dir,
                                   self.ctx,
@@ -396,13 +395,18 @@ class VServer:
         self.__do_chroot()
         self.__do_chcontext(None)
 
-    def start(self, wait, runlevel = 3):
-        self.vm_running = True
+    def start(self, runlevel = 3):
 
-        child_pid = os.fork()
-        if child_pid == 0:
+        if (os.fork() != 0):
+            # Parent should just return.
+            self.vm_running = True
+            return
+        else:
             # child process
             try:
+                # so we don't chcontext with priv'ed fds
+                close_nonstandard_fds()
+
                 # get a new session
                 os.setsid()
 
@@ -447,9 +451,6 @@ class VServer:
                 self.log(traceback.format_exc())
             os._exit(0)
 
-        # parent process
-        return child_pid
-
     def set_resources(self):
 
         """ Called when vserver context is entered for first time,
@@ -506,3 +507,12 @@ def create(vm_name, static = False, ctor = VServer):
     vm_id = pwd.getpwnam(vm_name)[2]
 
     return ctor(vm_name, vm_id)
+
+
+def close_nonstandard_fds():
+    """Close all open file descriptors other than 0, 1, and 2."""
+    _SC_OPEN_MAX = 4
+    for fd in range(3, os.sysconf(_SC_OPEN_MAX)):
+        try: os.close(fd)
+        except OSError: pass  # most likely an fd that isn't open
+
-- 
2.43.0