[lxc-devel] [lxc/master] start: reap intermediate process

brauner on Github lxc-bot at linuxcontainers.org
Mon Dec 18 13:09:19 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 433 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171218/d6e062ec/attachment.bin>
-------------- next part --------------
From 4e2324665201b97132a6e96739f6be94c838a233 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 18 Dec 2017 14:08:02 +0100
Subject: [PATCH] start: reap intermediate process

When we inherit namespaces we need to reap the attaching process.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/error.h |  2 ++
 src/lxc/start.c | 24 +++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/lxc/error.h b/src/lxc/error.h
index d5d60de0f..6fe474a13 100644
--- a/src/lxc/error.h
+++ b/src/lxc/error.h
@@ -23,6 +23,8 @@
 #ifndef __LXC_ERROR_H
 #define __LXC_ERROR_H
 
+#define LXC_CLONE_ERROR "Failed to clone a new set of namespaces"
+
 extern int  lxc_error_set_and_log(int pid, int status);
 
 #endif
diff --git a/src/lxc/start.c b/src/lxc/start.c
index e17507606..c53d43656 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1399,14 +1399,28 @@ static int lxc_spawn(struct lxc_handler *handler)
 	/* The cgroup namespace gets unshare()ed not clone()ed. */
 	handler->on_clone_flags &= ~CLONE_NEWCGROUP;
 
-	if (share_ns)
-		ret = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
-	else
+	if (share_ns) {
+		pid_t attacher_pid;
+
+		attacher_pid = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
+		if (attacher_pid < 0) {
+			SYSERROR(LXC_CLONE_ERROR);
+			goto out_delete_net;
+		}
+
+		ret = wait_for_pid(attacher_pid);
+		if (ret < 0) {
+			SYSERROR("Intermediate process failed");
+			goto out_delete_net;
+		}
+	} else {
 		handler->pid = lxc_clone(do_start, handler, handler->on_clone_flags);
-	if (handler->pid < 0 || ret < 0) {
-		SYSERROR("Failed to clone a new set of namespaces.");
+	}
+	if (handler->pid < 0) {
+		SYSERROR(LXC_CLONE_ERROR);
 		goto out_delete_net;
 	}
+
 	TRACE("Cloned child process %d", handler->pid);
 
 	for (i = 0; i < LXC_NS_MAX; i++)

More information about the lxc-devel mailing list