[lxc-devel] [PATCH RFC] don't block signals until after we build signalfd
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jul 3 05:13:38 UTC 2013
When we start a container, we first block most signals including
sigchld, then create a signalfd fd for those signals. This leaves
a tiny tiny window during which signals may be lost.
So swap those.
In theory, AFAICS this *should* fix any race with container init
exiting before we get to lxc_mainloop(). (In practice, a race
remains - though it remains to be seen if this is a kernel or lxc
bug)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/start.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 8c8af9c..edc61a8 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -135,9 +135,8 @@ static int setup_signal_fd(sigset_t *oldmask)
sigdelset(&mask, SIGILL) ||
sigdelset(&mask, SIGSEGV) ||
sigdelset(&mask, SIGBUS) ||
- sigdelset(&mask, SIGWINCH) ||
- sigprocmask(SIG_BLOCK, &mask, oldmask)) {
- SYSERROR("failed to set signal mask");
+ sigdelset(&mask, SIGWINCH)) {
+ SYSERROR("failed to build the signal mask");
return -1;
}
@@ -147,6 +146,12 @@ static int setup_signal_fd(sigset_t *oldmask)
return -1;
}
+ if (sigprocmask(SIG_BLOCK, &mask, oldmask)) {
+ SYSERROR("failed to block signals");
+ close(fd);
+ return -1;
+ }
+
if (fcntl(fd, F_SETFD, FD_CLOEXEC)) {
SYSERROR("failed to set sigfd to close-on-exec");
close(fd);
--
1.8.1.2
More information about the lxc-devel
mailing list