confile: add lxc.monitor.signal.pdeath

Set the signal to be sent to the container's init when the lxc monitor exits. By default it is set to SIGKILL which will cause all container processes to be killed when the lxc monitor process dies. To ensure that containers stay alive even if lxc monitor dies set this to 0. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: add lxc.monitor.signal.pdeath
258f8051 · Christian Brauner · f6e32eb0 · 258f8051 · 258f8051 · 258f8051
Unverified Commit 258f8051 authored Jul 16, 2018 by Christian Brauner
Showing with 64 additions and 0 deletions

lxc.container.conf.sgml.in doc/lxc.container.conf.sgml.in +15 -0

conf.c src/lxc/conf.c +1 -0

conf.h src/lxc/conf.h +1 -0

confile.c src/lxc/confile.c +38 -0

start.c src/lxc/start.c +9 -0

No files found.
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -2380,6 +2380,21 @@ dev/null proc/kcore none bind,relative 0 0
        </varlistentry>
        <varlistentry>
          <term>
+            <option>lxc.monitor.signal.pdeath</option>
+          </term>
+          <listitem>
+            <para>
+              Set the signal to be sent to the container's init when the lxc
+              monitor exits. By default it is set to SIGKILL which will cause
+              all container processes to be killed when the lxc monitor process
+              dies.
+              To ensure that containers stay alive even if lxc monitor dies set
+              this to 0.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
            <option>lxc.group</option>
          </term>
          <listitem>

--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2673,6 +2673,7 @@ struct lxc_conf *lxc_conf_init(void)
 	new->console.name[0] = '\0';
 	memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf));
 	new->maincmd_fd = -1;
+	new->monitor_signal_pdeath = SIGKILL;
 	new->nbd_idx = -1;
 	new->rootfs.mount = strdup(default_rootfs_mount);
 	if (!new->rootfs.mount) {

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -303,6 +303,7 @@ struct lxc_conf {
 	/* unshare the mount namespace in the monitor */
 	unsigned int monitor_unshare;
+	unsigned int monitor_signal_pdeath;
 	/* list of included files */
 	struct lxc_list includes;

--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -111,6 +111,7 @@ lxc_config_define(log_file);
 lxc_config_define(log_level);
 lxc_config_define(log_syslog);
 lxc_config_define(monitor);
+lxc_config_define(monitor_signal_pdeath);
 lxc_config_define(mount);
 lxc_config_define(mount_auto);
 lxc_config_define(mount_fstab);
@@ -194,6 +195,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.log.level",                 set_config_log_level,                   get_config_log_level,                   clr_config_log_level,                 },
 	{ "lxc.log.syslog",                set_config_log_syslog,                  get_config_log_syslog,                  clr_config_log_syslog,                },
 	{ "lxc.monitor.unshare",           set_config_monitor,                     get_config_monitor,                     clr_config_monitor,                   },
+	{ "lxc.monitor.signal.pdeath",     set_config_monitor_signal_pdeath,       get_config_monitor_signal_pdeath,       clr_config_monitor_signal_pdeath,     },
 	{ "lxc.mount.auto",                set_config_mount_auto,                  get_config_mount_auto,                  clr_config_mount_auto,                },
 	{ "lxc.mount.entry",               set_config_mount,                       get_config_mount,                       clr_config_mount,                     },
 	{ "lxc.mount.fstab",               set_config_mount_fstab,                 get_config_mount_fstab,                 clr_config_mount_fstab,               },
@@ -976,6 +978,28 @@ static int set_config_monitor(const char *key, const char *value,
 	return -1;
 }
+static int set_config_monitor_signal_pdeath(const char *key, const char *value,
+					    struct lxc_conf *lxc_conf, void *data)
+{
+	if (lxc_config_value_empty(value)) {
+		lxc_conf->monitor_signal_pdeath = 0;
+		return 0;
+	}
+	if (strcmp(key + 12, "signal.pdeath") == 0) {
+		int sig_n;
+		sig_n = sig_parse(value);
+		if (sig_n < 0)
+			return -1;
+		lxc_conf->monitor_signal_pdeath = sig_n;
+		return 0;
+	}
+	return -EINVAL;
+}
 static int set_config_group(const char *key, const char *value,
 			    struct lxc_conf *lxc_conf, void *data)
 {
@@ -3420,6 +3444,13 @@ static int get_config_monitor(const char *key, char *retv, int inlen,
 	return lxc_get_conf_int(c, retv, inlen, c->monitor_unshare);
 }
+static int get_config_monitor_signal_pdeath(const char *key, char *retv,
+					    int inlen, struct lxc_conf *c,
+					    void *data)
+{
+	return lxc_get_conf_int(c, retv, inlen, c->monitor_signal_pdeath);
+}
 static int get_config_group(const char *key, char *retv, int inlen,
 			    struct lxc_conf *c, void *data)
 {
@@ -3971,6 +4002,13 @@ static inline int clr_config_monitor(const char *key, struct lxc_conf *c,
 	return 0;
 }
+static inline int clr_config_monitor_signal_pdeath(const char *key,
+						   struct lxc_conf *c, void *data)
+{
+	c->monitor_signal_pdeath = 0;
+	return 0;
+}
 static inline int clr_config_group(const char *key, struct lxc_conf *c,
 				   void *data)
 {

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1370,6 +1370,15 @@ static int do_start(void *data)
 		goto out_warn_father;
 	}
+	if (handler->conf->monitor_signal_pdeath != SIGKILL) {
+		ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath);
+		if (ret < 0) {
+			SYSERROR("Failed to set PR_SET_PDEATHSIG to %d",
+				 handler->conf->monitor_signal_pdeath);
+			goto out_warn_father;
+		}
+	}
 	/* After this call, we are in error because this ops should not return
 	 * as it execs.
 	 */