By default, only the stdin, stdout and stderr file descriptors are kept open for the application by the runtime.
The runtime MAY pass additional file descriptors to the application to support features such as socket activation.
Some of the file descriptors MAY be redirected to /dev/null even though they are open.
While creating the container (step 2 in the lifecycle), runtimes MUST create the following symlinks if the source file exists after processing mounts:
| Source | Destination |
|---|---|
| /proc/self/fd | /dev/fd |
| /proc/self/fd/0 | /dev/stdin |
| /proc/self/fd/1 | /dev/stdout |
| /proc/self/fd/2 | /dev/stderr |