Skip to content

L
lxc
Unverified Commit c326c196 by Serge Hallyn Committed by GitHub
Options

Merge pull request #2058 from brauner/2017-12-22/bugfixes

start: fix death signal
parents 71558435 18225d19
Showing with 46 additions and 11 deletions
src/lxc/start.c
...@@ -866,6 +866,32 @@ void lxc_abort(const char *name, struct lxc_handler *handler) ...@@ -866,6 +866,32 @@ void lxc_abort(const char *name, struct lxc_handler *handler)
} }
} }
static int lxc_set_death_signal(int signal)
{
int ret;
pid_t ppid;
ret = prctl(PR_SET_PDEATHSIG, signal, 0, 0, 0);
/* Check whether we have been orphaned. */
ppid = (pid_t)syscall(SYS_getppid);
if (ppid == 1) {
pid_t self;
self = lxc_raw_getpid();
ret = kill(self, SIGKILL);
if (ret < 0)
return -1;
}
if (ret < 0) {
SYSERROR("Failed to set PR_SET_PDEATHSIG to %d", signal);
return -1;
}
return 0;
}
static int do_start(void *data) static int do_start(void *data)
{ {
int ret; int ret;
...@@ -877,10 +903,7 @@ static int do_start(void *data) ...@@ -877,10 +903,7 @@ static int do_start(void *data)
gid_t new_gid; gid_t new_gid;
int devnull_fd = -1; int devnull_fd = -1;
if (sigprocmask(SIG_SETMASK, &handler->oldmask, NULL)) { lxc_sync_fini_parent(handler);
SYSERROR("Failed to set signal mask.");
return -1;
}
/* This prctl must be before the synchro, so if the parent dies before /* This prctl must be before the synchro, so if the parent dies before
* we set the parent death signal, we will detect its death with the * we set the parent death signal, we will detect its death with the
...@@ -888,19 +911,25 @@ static int do_start(void *data) ...@@ -888,19 +911,25 @@ static int do_start(void *data)
* exit before we set the pdeath signal leading to a unsupervized * exit before we set the pdeath signal leading to a unsupervized
* container. * container.
*/ */
if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0)) { ret = lxc_set_death_signal(SIGKILL);
SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL."); if (ret < 0) {
return -1; SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL");
goto out_warn_father;
} }
lxc_sync_fini_parent(handler); ret = sigprocmask(SIG_SETMASK, &handler->oldmask, NULL);
if (ret < 0) {
SYSERROR("Failed to set signal mask");
goto out_warn_father;
}
/* Don't leak the pinfd to the container. */ /* Don't leak the pinfd to the container. */
if (handler->pinfd >= 0) if (handler->pinfd >= 0)
close(handler->pinfd); close(handler->pinfd);
if (lxc_sync_wait_parent(handler, LXC_SYNC_STARTUP)) ret = lxc_sync_wait_parent(handler, LXC_SYNC_STARTUP);
return -1; if (ret < 0)
goto out_warn_father;
/* Unshare CLONE_NEWNET after CLONE_NEWUSER. See /* Unshare CLONE_NEWNET after CLONE_NEWUSER. See
* https://github.com/lxc/lxd/issues/1978. * https://github.com/lxc/lxd/issues/1978.
...@@ -946,6 +975,13 @@ static int do_start(void *data) ...@@ -946,6 +975,13 @@ static int do_start(void *data)
if (ret < 0) if (ret < 0)
goto out_warn_father; goto out_warn_father;
} }
/* set{g,u}id() clears deathsignal */
ret = lxc_set_death_signal(SIGKILL);
if (ret < 0) {
SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL");
goto out_warn_father;
}
} }
if (access(handler->lxcpath, X_OK)) { if (access(handler->lxcpath, X_OK)) {
...@@ -1417,7 +1453,6 @@ static int lxc_spawn(struct lxc_handler *handler) ...@@ -1417,7 +1453,6 @@ static int lxc_spawn(struct lxc_handler *handler)
SYSERROR(LXC_CLONE_ERROR); SYSERROR(LXC_CLONE_ERROR);
goto out_delete_net; goto out_delete_net;
} }
TRACE("Cloned child process %d", handler->pid); TRACE("Cloned child process %d", handler->pid);
for (i = 0; i < LXC_NS_MAX; i++) for (i = 0; i < LXC_NS_MAX; i++)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment