github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 02:09:56 +00:00
Code Issues Projects Releases Wiki Activity

Use EPOLL/O_CLOEXEC in evicition notifier

Browse Source 
This prevents fd's from leaking to subprocesses.
This commit is contained in:
Brian Goff 2019-02-27 17:03:18 -08:00
parent b130ff4502
commit 45b0261290
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/eviction/threshold_notifier_linux.go
View File

@ -48,12 +48,12 @@ var _ CgroupNotifier = &linuxCgroupNotifier{}
func NewCgroupNotifier(path, attribute string, threshold int64) (CgroupNotifier, error) { func NewCgroupNotifier(path, attribute string, threshold int64) (CgroupNotifier, error) {
var watchfd, eventfd, epfd, controlfd int var watchfd, eventfd, epfd, controlfd int
var err error var err error
watchfd, err = unix.Open(fmt.Sprintf("%s/%s", path, attribute), unix.O_RDONLY, 0) watchfd, err = unix.Open(fmt.Sprintf("%s/%s", path, attribute), unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return nil, err return nil, err
} }
defer unix.Close(watchfd) defer unix.Close(watchfd)
controlfd, err = unix.Open(fmt.Sprintf("%s/cgroup.event_control", path), unix.O_WRONLY, 0) controlfd, err = unix.Open(fmt.Sprintf("%s/cgroup.event_control", path), unix.O_WRONLY|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -72,7 +72,7 @@ func NewCgroupNotifier(path, attribute string, threshold int64) (CgroupNotifier,
unix.Close(eventfd) unix.Close(eventfd)
} }
}() }()
epfd, err = unix.EpollCreate1(0) epfd, err = unix.EpollCreate1(unix.EPOLL_CLOEXEC)
if err != nil { if err != nil {
return nil, err return nil, err
} }