[lxc-devel] [lxc/master] fix signal sending in lxc.init

tych0 on Github lxc-bot at linuxcontainers.org
Wed Apr 4 23:59:02 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 968 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180404/e069c1c9/attachment.bin>
-------------- next part --------------
From 9cb943843a70cef5478d224615ca53c315020ef3 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Wed, 4 Apr 2018 17:45:29 -0600
Subject: [PATCH] fix signal sending in lxc.init

The problem here is that these two clauses were ordered backwards: we first
check if the signal came from not the init pid, and if it did, then we give
a notice and return. The comment notes that this is intended to protect
against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
because that's tested in the next hunk.

The symptom is that if I e.g. send SIGTERM from the outside world to the
container init, it ignores it and gives this notice. If we re-order these
clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
things that aren't the real container process.

Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
 src/lxc/start.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index f66f50a7b..d7f079979 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -380,6 +380,12 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
 	}
 
+	if (siginfo.ssi_signo != SIGCHLD) {
+		kill(hdlr->pid, siginfo.ssi_signo);
+		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
+		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+	}
+
 	/* More robustness, protect ourself from a SIGCHLD sent
 	 * by a process different from the container init.
 	 */
@@ -389,12 +395,6 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
 	}
 
-	if (siginfo.ssi_signo != SIGCHLD) {
-		kill(hdlr->pid, siginfo.ssi_signo);
-		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
-		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
-	}
-
 	if (siginfo.ssi_code == CLD_STOPPED) {
 		INFO("Container init process was stopped");
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;

More information about the lxc-devel mailing list