propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

comment_3_1405e20c8f5dc6e9cca3732e3e368d03._comment (1057B)


      1 [[!comment format=mdwn
      2  username="joey"
      3  subject="""comment 3"""
      4  date="2017-09-01T22:32:43Z"
      5  content="""
      6 One way would be to use System.Process's `close_fds` when executing
      7 vgs/lvs. BTW, I've seen such complaints from lvm before, in some
      8 situations not involving propellor.
      9 
     10 I've made a commit that makes the propellor lock FD be close-on-exec,
     11 which is generally a good idea for lock FDs anyway. (To prevent some 
     12 long-running daemon process that does not close such FDs keeping the lock
     13 held.)
     14 
     15 My guess is that the other 4 FDs, which are apparently pairs of FDs
     16 at both sides of a pipe, come from
     17 System.Console.Concurrent.Internal.bgProcess, which sets up just such a
     18 pipe. Quite possibly when vgs/lvs are run, it's via that function.
     19 
     20 Generally leaking non-lock-related FDs to child processes is not a big
     21 problem, as long as the child process doesn't write to random FDs (which
     22 would be pretty bad, but what would ever do that?) ... So I don't know if I
     23 want to try to chase down every FD used all through propellor to set them
     24 close-on-exec.
     25 """]]