[lxc-devel] [lxc/master] start: reap intermediate process
brauner on Github
lxc-bot at linuxcontainers.org
Mon Dec 18 13:09:19 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 433 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171218/d6e062ec/attachment.bin>
-------------- next part --------------
From 4e2324665201b97132a6e96739f6be94c838a233 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 18 Dec 2017 14:08:02 +0100
Subject: [PATCH] start: reap intermediate process
When we inherit namespaces we need to reap the attaching process.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/error.h | 2 ++
src/lxc/start.c | 24 +++++++++++++++++++-----
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/src/lxc/error.h b/src/lxc/error.h
index d5d60de0f..6fe474a13 100644
--- a/src/lxc/error.h
+++ b/src/lxc/error.h
@@ -23,6 +23,8 @@
#ifndef __LXC_ERROR_H
#define __LXC_ERROR_H
+#define LXC_CLONE_ERROR "Failed to clone a new set of namespaces"
+
extern int lxc_error_set_and_log(int pid, int status);
#endif
diff --git a/src/lxc/start.c b/src/lxc/start.c
index e17507606..c53d43656 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1399,14 +1399,28 @@ static int lxc_spawn(struct lxc_handler *handler)
/* The cgroup namespace gets unshare()ed not clone()ed. */
handler->on_clone_flags &= ~CLONE_NEWCGROUP;
- if (share_ns)
- ret = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
- else
+ if (share_ns) {
+ pid_t attacher_pid;
+
+ attacher_pid = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
+ if (attacher_pid < 0) {
+ SYSERROR(LXC_CLONE_ERROR);
+ goto out_delete_net;
+ }
+
+ ret = wait_for_pid(attacher_pid);
+ if (ret < 0) {
+ SYSERROR("Intermediate process failed");
+ goto out_delete_net;
+ }
+ } else {
handler->pid = lxc_clone(do_start, handler, handler->on_clone_flags);
- if (handler->pid < 0 || ret < 0) {
- SYSERROR("Failed to clone a new set of namespaces.");
+ }
+ if (handler->pid < 0) {
+ SYSERROR(LXC_CLONE_ERROR);
goto out_delete_net;
}
+
TRACE("Cloned child process %d", handler->pid);
for (i = 0; i < LXC_NS_MAX; i++)
More information about the lxc-devel
mailing list