start: reap intermediate process

When we inherit namespaces we need to reap the attaching process. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: reap intermediate process
4e232466 · Christian Brauner · 9aff2c83 · 4e232466 · 4e232466
Unverified Commit 4e232466 authored Dec 18, 2017 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 5 deletions

error.h src/lxc/error.h +2 -0

start.c src/lxc/start.c +19 -5

No files found.
--- a/src/lxc/error.h
+++ b/src/lxc/error.h
@@ -23,6 +23,8 @@
 #ifndef __LXC_ERROR_H
 #define __LXC_ERROR_H
+#define LXC_CLONE_ERROR "Failed to clone a new set of namespaces"
 extern int  lxc_error_set_and_log(int pid, int status);
 #endif
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1399,14 +1399,28 @@ static int lxc_spawn(struct lxc_handler *handler)
 	/* The cgroup namespace gets unshare()ed not clone()ed. */
 	handler->on_clone_flags &= ~CLONE_NEWCGROUP;
-	if (share_ns)
+	if (share_ns) {
-		ret = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
+		pid_t attacher_pid;
-	else
+		attacher_pid = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
+		if (attacher_pid < 0) {
+			SYSERROR(LXC_CLONE_ERROR);
+			goto out_delete_net;
+		}
+		ret = wait_for_pid(attacher_pid);
+		if (ret < 0) {
+			SYSERROR("Intermediate process failed");
+			goto out_delete_net;
+		}
+	} else {
 		handler->pid = lxc_clone(do_start, handler, handler->on_clone_flags);
-	if (handler->pid < 0 || ret < 0) {
+	}
-		SYSERROR("Failed to clone a new set of namespaces.");
+	if (handler->pid < 0) {
+		SYSERROR(LXC_CLONE_ERROR);
 		goto out_delete_net;
 	}
 	TRACE("Cloned child process %d", handler->pid);
 	for (i = 0; i < LXC_NS_MAX; i++)