From 2142fbcd57230c31e9d09aff663298830e3c67ce Mon Sep 17 00:00:00 2001 From: "Daniel, Dao Quang Minh" Date: Tue, 1 Sep 2015 00:35:28 +0000 Subject: [PATCH] set a specific flag when sharing pid namespace because we cant depends on CloneFlags now, setting a separate flag to indicate that the current container shares pid namespace so init process can clean up properly. Signed-off-by: Daniel, Dao Quang Minh --- libcontainer/container_linux.go | 2 ++ libcontainer/process_linux.go | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 24aaeae03eb..a586581b0ad 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -174,6 +174,7 @@ func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, parentPipe, c nsMaps[ns.Type] = ns.Path } } + _, sharePidns := nsMaps[configs.NEWPID] data, err := c.bootstrapData(cmd, c.config.Namespaces.CloneFlags(), nsMaps, "") if err != nil { return nil, err @@ -185,6 +186,7 @@ func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, parentPipe, c manager: c.cgroupManager, config: c.newInitConfig(p), bootstrapData: data, + sharePidns: sharePidns, }, nil } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 048f1cff57d..b7c4bf7c2d7 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -169,6 +169,7 @@ type initProcess struct { container *linuxContainer fds []string bootstrapData io.Reader + sharePidns bool } func (p *initProcess) pid() int { @@ -264,9 +265,7 @@ func (p *initProcess) wait() (*os.ProcessState, error) { return p.cmd.ProcessState, err } // we should kill all processes in cgroup when init is died if we use host PID namespace - // FIXME: instead of checking here, we should check when create the init - // process - if p.cmd.SysProcAttr.Cloneflags&syscall.CLONE_NEWPID == 0 { + if p.sharePidns { killCgroupProcesses(p.manager) } return p.cmd.ProcessState, nil