lxccontainer: add init_pidfd() API extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: add init_pidfd() API extension
fa3621ea · Christian Brauner · 746aab51 · fa3621ea · fa3621ea · fa3621ea
Unverified Commit fa3621ea authored Mar 11, 2020 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 0 deletions

api-extensions.md doc/api-extensions.md +4 -0

lxccontainer.c src/lxc/lxccontainer.c +11 -0

lxccontainer.h src/lxc/lxccontainer.h +9 -0

No files found.
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -120,3 +120,7 @@ cgroup of the container when the controller is available.
 This enables `LXC` to make complete use of the unified cgroup hierarchy. With
 this extension it is possible to run `LXC` containers on systems that use
 a pure unified cgroup layout.
+# init\_pidfd
+This adds a new API function `init_pidfd()` which allows to retrieve a pidfd for the container's init process allowing process management interactions such as sending signal to be completely reliable and rac-e free.
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -611,6 +611,16 @@ static pid_t do_lxcapi_init_pid(struct lxc_container *c)
 WRAP_API(pid_t, lxcapi_init_pid)
+static int do_lxcapi_init_pidfd(struct lxc_container *c)
+{
+	if (!c)
+		return ret_errno(EBADF);
+	return lxc_cmd_get_init_pidfd(c->name, c->config_path);
+}
+WRAP_API(int, lxcapi_init_pidfd)
 static bool load_config_locked(struct lxc_container *c, const char *fname)
 {
 	if (!c->lxc_conf)
@@ -5319,6 +5329,7 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
 	c->console = lxcapi_console;
 	c->console_getfd = lxcapi_console_getfd;
 	c->init_pid = lxcapi_init_pid;
+	c->init_pidfd = lxcapi_init_pidfd;
 	c->load_config = lxcapi_load_config;
 	c->want_daemonize = lxcapi_want_daemonize;
 	c->want_close_all_fds = lxcapi_want_close_all_fds;

--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -856,6 +856,15 @@ struct lxc_container {
 	 * \return file descriptor for container's seccomp filter
 	 */
 	int (*seccomp_notify_fd)(struct lxc_container *c);
+	/*!
+	 * \brief Retrieve a pidfd for the container's init process.
+	 *
+	 * \param c Container.
+	 *
+	 * \return pidfd of init process of the container.
+	 */
+	int (*init_pidfd)(struct lxc_container *c);
 };
 /*!