github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Use EPOLL/O_CLOEXEC in evicition notifier

Browse Source 
This prevents fd's from leaking to subprocesses.
This commit is contained in:
Brian Goff 2019-02-27 17:03:18 -08:00
parent b130ff4502
commit 45b0261290
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/eviction/threshold_notifier_linux.go
View File

@ -48,12 +48,12 @@ var _ CgroupNotifier = &linuxCgroupNotifier{}
func NewCgroupNotifier(path, attribute string, threshold int64) (CgroupNotifier, error) {
var watchfd, eventfd, epfd, controlfd int
var err error
watchfd, err = unix.Open(fmt.Sprintf("%s/%s", path, attribute), unix.O_RDONLY, 0)
watchfd, err = unix.Open(fmt.Sprintf("%s/%s", path, attribute), unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil {
return nil, err
}
defer unix.Close(watchfd)
controlfd, err = unix.Open(fmt.Sprintf("%s/cgroup.event_control", path), unix.O_WRONLY, 0)
controlfd, err = unix.Open(fmt.Sprintf("%s/cgroup.event_control", path), unix.O_WRONLY|unix.O_CLOEXEC, 0)
if err != nil {
return nil, err
}
@ -72,7 +72,7 @@ func NewCgroupNotifier(path, attribute string, threshold int64) (CgroupNotifier,
unix.Close(eventfd)
}
}()
epfd, err = unix.EpollCreate1(0)
epfd, err = unix.EpollCreate1(unix.EPOLL_CLOEXEC)
if err != nil {
return nil, err
}