@@ -22,16 +22,20 @@ func execCommand(container *libcontainer.Container, args []string) (int, error)

 		return -1, err

 	}

-	command := createCommand(container, console, args)

 	// create a pipe so that we can syncronize with the namespaced process and

 	// pass the veth name to the child

-	inPipe, err := command.StdinPipe()

+	r, w, err := os.Pipe()

 	if err != nil {

 		return -1, err

 	}

+	system.UsetCloseOnExec(r.Fd())

+

+	command := createCommand(container, console, r.Fd(), args)

+

 	if err := command.Start(); err != nil {

 		return -1, err

 	}

+

 	if err := writePidFile(command); err != nil {

 		command.Process.Kill()

 		return -1, err

@@ -52,11 +56,11 @@ func execCommand(container *libcontainer.Container, args []string) (int, error)

 		if err != nil {

 			return -1, err

 		}

-		sendVethName(vethPair, inPipe)

+		sendVethName(vethPair, w)

 	}

 	// Sync with child

-	inPipe.Close()

+	w.Close()

 	go io.Copy(os.Stdout, master)

 	go io.Copy(master, os.Stdin)

@@ -163,8 +167,8 @@ func deletePidFile() error {

 // createCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces

 // defined on the container's configuration and use the current binary as the init with the

 // args provided

-func createCommand(container *libcontainer.Container, console string, args []string) *exec.Cmd {

-	command := exec.Command("nsinit", append([]string{"-console", console, "init"}, args...)...)

+func createCommand(container *libcontainer.Container, console string, pipe uintptr, args []string) *exec.Cmd {

+	command := exec.Command("nsinit", append([]string{"-console", console, "-pipe", fmt.Sprint(pipe), "init"}, args...)...)

 	command.SysProcAttr = &syscall.SysProcAttr{

 		Cloneflags: uintptr(getNamespaceFlags(container.Namespaces)),

 	}

@@ -8,20 +8,21 @@ import (

 	"github.com/dotcloud/docker/pkg/libcontainer/capabilities"

 	"github.com/dotcloud/docker/pkg/libcontainer/network"

 	"github.com/dotcloud/docker/pkg/system"

+	"io"

 	"io/ioutil"

 	"os"

 	"path/filepath"

 	"syscall"

 )

-func initCommand(container *libcontainer.Container, console string, args []string) error {

+func initCommand(container *libcontainer.Container, console string, pipe io.ReadCloser, args []string) error {

 	rootfs, err := resolveRootfs()

 	if err != nil {

 		return err

 	}

 	// We always read this as it is a way to sync with the parent as well

-	tempVethName, err := getVethName()

+	tempVethName, err := getVethName(pipe)

 	if err != nil {

 		return err

 	}

@@ -164,8 +165,10 @@ func setupVethNetwork(config *libcontainer.Network, tempVethName string) error {

 // getVethName reads from Stdin the temp veth name

 // sent by the parent processes after the veth pair

 // has been created and setup

-func getVethName() (string, error) {

-	data, err := ioutil.ReadAll(os.Stdin)

+func getVethName(pipe io.ReadCloser) (string, error) {

+	defer pipe.Close()

+

+	data, err := ioutil.ReadAll(pipe)

 	if err != nil {

 		return "", fmt.Errorf("error reading from stdin %s", err)

 	}

@@ -18,6 +18,7 @@ var (

 func main() {

 	console := flag.String("console", "", "Console (pty slave) name")

+	pipeFd := flag.Int("pipe", 0, "sync pipe fd")

 	flag.Parse()

 	container, err := loadContainer()

@@ -50,7 +51,7 @@ func main() {

 		if flag.NArg() < 2 {

 			log.Fatal(ErrWrongArguments)

 		}

-		if err := initCommand(container, *console, flag.Args()[1:]); err != nil {

+		if err := initCommand(container, *console, os.NewFile(uintptr(*pipeFd), "pipe"), flag.Args()[1:]); err != nil {

 			log.Fatal(err)

 		}

 	default: