search

containers / libkrun

A dynamic library providing Virtualization-based process isolation capabilities
Apache License 2.0
889 stars 74 forks source link

passt socket set via `krun_set_passt_fd` is never closed #185

Closed teohhanhui closed 5 months ago

teohhanhui commented 5 months ago

The nature of raw fd's means that we should assume ownership, and close it so that the passt process can exit.

The calling program e.g. chroot_vm cannot do this, as once krun_start_enter is called, control never returns to the caller.

teohhanhui commented 5 months ago

From man passt:

   -F, --fd FD
          Pass a pre-opened, connected socket to passt. Usually the socket is opened in the parent
          process and passt inherits it when run as a child. This allows the parent process to open
          sockets using another address family or requiring special privileges.

          This option implies the behaviour described for --one-off, once this socket is closed.

   -1, --one-off
          Quit after handling a single client connection, that is, once the client closes the socket,
          or once we get a socket error.
teohhanhui commented 5 months ago

Sorry. I was mistaken. This has been explained to me in https://github.com/slp/krun/pull/1#discussion_r1596761479 :pray: