set a specific flag when sharing pid namespace

because we cant depends on CloneFlags now, setting a separate flag to indicate that the current container shares pid namespace so init process can clean up properly. Signed-off-by: Daniel, Dao Quang Minh <[email protected]>
opencontainers · Sep 1, 2015 · 2142fbc · 2142fbc
1 parent 759ba54
commit 2142fbc
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
@@ -174,6 +174,7 @@ func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, parentPipe, c
 			nsMaps[ns.Type] = ns.Path
 		}
 	}
+	_, sharePidns := nsMaps[configs.NEWPID]
 	data, err := c.bootstrapData(cmd, c.config.Namespaces.CloneFlags(), nsMaps, "")
 	if err != nil {
 		return nil, err
@@ -185,6 +186,7 @@ func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, parentPipe, c
 		manager:       c.cgroupManager,
 		config:        c.newInitConfig(p),
 		bootstrapData: data,
+		sharePidns:    sharePidns,
 	}, nil
 }
 

diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
@@ -169,6 +169,7 @@ type initProcess struct {
 	container     *linuxContainer
 	fds           []string
 	bootstrapData io.Reader
+	sharePidns    bool
 }
 
 func (p *initProcess) pid() int {
@@ -264,9 +265,7 @@ func (p *initProcess) wait() (*os.ProcessState, error) {
 		return p.cmd.ProcessState, err
 	}
 	// we should kill all processes in cgroup when init is died if we use host PID namespace
-	// FIXME: instead of checking here, we should check when create the init
-	// process
-	if p.cmd.SysProcAttr.Cloneflags&syscall.CLONE_NEWPID == 0 {
+	if p.sharePidns {
 		killCgroupProcesses(p.manager)
 	}
 	return p.cmd.ProcessState, nil