libcontainer: Do not wait for signalled processes if subreaper is set #1678
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@mrunalp @crosbymichael @sameo |
|
Instead of using a bool set my the user just use |
|
@crosbymichael oh yeah I haven't thought about this way, but this will simplify things :) |
|
Probably safer each time to check it. |
|
@crosbymichael sounds fair to me ! |
sboeuf
force-pushed
the
sboeuf/subreaper
branch
from
ec1934b to
f6d216c
Compare
|
Just updated it ! |
libcontainer/init_linux.go
Outdated
| @@ -494,6 +494,11 @@ func signalAllProcesses(m cgroups.Manager, s os.Signal) error { | |||
| logrus.Warn(err) | |||
| } | |||
|
|
|||
| subreaper, err := system.GetSubreaper() | |||
| if err != nil { | |||
| return err | |||
There was a problem hiding this comment.
One thing, this will fail on kernels older than 3.4 that don't support it. I would maybe ignore the error and set subreaper to 0 in this case.
There was a problem hiding this comment.
Good point. We don't want to fail in such a case since the application is still supposed to work.
There was a problem hiding this comment.
@crosbymichael I think I should make this a bit smarter, by assigning subreaper = 0 only when the error is EINVAL. WDYT ?
There was a problem hiding this comment.
No nevermind, in case of PR_GET_CHILD_SUBREAPER, there is no specific errno set.
There was a problem hiding this comment.
Sounds good but I don't know what returning this error here would accomplish in the execution flow. Either works for me.
There was a problem hiding this comment.
I have updated the PR with the simple case. We fallback to original behavior in case getting subreaper status fails.
When a subreaper is enabled, it might expect to reap a process and retrieve its exit code. That's the reason why this patch is giving the possibility to define the usage of a subreaper as a consumer of libcontainer. Relying on this information, libcontainer will not wait for signalled processes in case a subreaper has been set. Fixes opencontainers#1677 Signed-off-by: Sebastien Boeuf <[email protected]>
sboeuf
force-pushed
the
sboeuf/subreaper
branch
from
f6d216c to
bb912eb
Compare
|
LGTM |
|
LGTM |
This was referenced Dec 15, 2017
vbmade2000
added a commit
to vbmade2000/agent
that referenced
this pull request
Jan 11, 2018
Bump the vendoring version of libcontainer in order to get the fix opencontainers/runc#1678 included in our code. This will prevent libcontainer from waiting SIGKILL'ed processes. Fixes: kata-containers#70 Signed-off-by: Malhar Vora <[email protected]>
vbmade2000
added a commit
to vbmade2000/agent
that referenced
this pull request
Jan 12, 2018
Bump the vendoring version of libcontainer in order to get the fix opencontainers/runc#1678 included in our code. This will prevent libcontainer from waiting SIGKILL'ed processes. Fixes: kata-containers#70 Signed-off-by: Malhar Vora <[email protected]>
vbmade2000
added a commit
to vbmade2000/agent
that referenced
this pull request
Jan 12, 2018
Bump the vendoring version of libcontainer in order to get the fix opencontainers/runc#1678 included in our code. This will prevent libcontainer from waiting SIGKILL'ed processes. Shortlog: db093f62 libcontainer: remove dependency on libapparmor bb912eb0 libcontainer: Do not wait for signalled processes if subreaper is set 5061fd3e stopped container can't be checkpoint fec6b0fe Update criu_opts_linux.go 57edfbba specconv: avoid skipping gidmappings applied when uidmappings is empty 0495fece Ensure container tests do not write on the host 93c5f706 vendor: removed more build=ignore vendor 8898b6b4 remove placeholder for non-linux platforms 4d27f20d libcontainer: drop FreeBSD support 38d1e6ec Delete xattr related code 17db6560 support unbindable,runbindable for rootfs propagation bca53e7b systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling 604dbfbe enable integration test on arm64 platform 03ca562b Remove github.com/docker/docker from vendor 3ca4c78b Import docker/docker/pkg/mount into runc ab0a6dd2 Add build 1.9 to travis 0aac2368 specconv.Example(): add /proc/scsi to masked paths dc609cc5 enable unit test on arm64 platform fdbb9e3e Avoid disk usage explosion when copying busybox 59450147 Use cyphar/filepath-securejoin instead of docker pkg/symlink 780f8ef5 Specconv: Test create command hooks and seccomp setup 1cda65c3 tests: add missing cgroups_kmem requirement c0e6e12f Test Cgroup creation and memory allocations ffe5cdc4 tests: add various !terminal tests ff5075c3 init: correctly handle unmapped stdio with multiple mappings e9193ba6 Fix breaking change in Seccomp profile behavior d8921751 libcontainer: intelrdt: fix a GetStats() issue 0eed453b libcontainer: use Major/Minor from x/sys/unix 80988286 propagate argv0 when re-execing from /proc/self/exe 23f4d316 tests: improve rootless_cg testing d2bc0814 libcontainer: merge common syscall implementations acb93c9c libcontainer: cgroups: Write freezer state after every state check 5f9284cb Check for negative gid f55f79d6 Use Int64SliceFlag instead of StringFlag to get additional gids. 7a386c2b Add --additional-gids to runc exec. 472fa3d0 Update Travis config to use trusty-backports libseccomp bbc847a4 Add integration tests for multi-argument Seccomp filters 03a5a747 Vendor updated libseccomp-golang for bugfix bfe3058f Make process check more forgiving eb68b900 Prevent invalid errors from terminate d4f0f9a5 specconv: emit an error when using MS_PRIVATE with --no-pivot ca4f427a Support cgroups with limits as rootless 2edd36fd libcontainer: create Cwd when it does not exist 605dc5c8 Set initial console size based on process spec f364c1a5 Set ClearONLCR in tests 9ba16b6d Update console and golang/sys deps d713652b libcontainer: remove unnecessary type conversions 4301b440 libcontainer: default mount propagation correctly 4155902a Delete unused variable 65918b02 intelrdt: add update command support 2549545d intelrdt: always init IntelRdtManager if Intel RDT is enabled 00ad8e1e Drop support golang 1.5 e9944d0f Disable systemd in static build ec42eaa4 Add `-installsuffix netgo` in static build 337c3fb8 Use `netgo` for static build eb5bd4fa tests: add tests for rootless multi-mapping configurations d0aec23c tests: generalise rootless runner 1a5fdc1c init: support setting -u with rootless containers 969bb49c nsenter: do not resolve path in nsexec context 6097ce74 nsenter: correctly handle newgidmap path for rootless containers 3282f5a7 tests: fix for rootless multiple uids/gids d8b66940 rootless: allow multiple user/group mappings fdf85e35 main: honor XDG_RUNTIME_DIR for rootless containers 88d22fde libcontainer: intelrdt: use init() to avoid race condition c795b869 Delete unused function c3d20e78 Fixes #1585 config.Namespaces is empty when accessed 7062c755 Apply cgroups earlier ec260653 lazy-migration: add test case 60ae7091 checkpoint: support lazy migration a3a632ad checkpoint: add support to query for lazy page support 4d2756c1 libcontainer: add test cases for Intel RDT/CAT 692f6e1e libcontainer: add support for Intel RDT/CAT in runc af3b0d9d libcontainer/SPEC.md: add documentation for Intel RDT/CAT ace083b6 travis: drop shfmt install 10b175ce signal: ignore tty.resize errors 1f32fff4 setns init: delay seccomp as late as possible 3ddde27d init: move close(stateDirFd) before seccomp apply acaf6897 Fix systemd cgroup after memory type changed 7d66aab7 init: switch away from stateDirFd entirely 66eb2a3e fix --read-only containers under --userns-remap 3f234b15 Add auto-dedup flag for checkpoint/restore da4a5a95 Add AutoDedup option to CriuOpts 4c5bf649 Check error return values c24f6024 ci: smoke-test the release script ed68ee1e release: import umoci's release.sh script 2333e7dc fix panic when Linux is nil for rootless case e6e1c34a Update state after update b45e243f *: enable -buildmode=pie 7726bcf0 Some fixes for testMemoryNotification 40a1fb0e Fix flaky test TestNotifyOnOOM 6581d0f4 makefile: drop usage of --install 527dc5ac fix panic when Linux is nil 3ed492ad Handle non-devices correctly in DeviceFromPath e92add21 Pass back the pid of runc:[1:CHILD] so we can wait on it 60569122 Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric" 25f4c7e7 Move user pkg unix specific calls to unix file 9ed15e94 Fix condition to detect device type in DeviceFromPath b9cff3c1 Remove @avagin as a maintainer 5d386f6e checkpoint: use CRIU VERSION RPC if available 23936925 criurpc.proto: copy latest criurpc.proto from criu 3.3 c71d9cd4 criuSwrk: prepare for CRIU VERSION RPC c5f0ce97 checkCriuVersion: only ask criu once about its version b6c47281 checkCriuVersion: switch to version using int 190d0ba2 VERSION: back to development e4e56cb6 libcontainer: remove ineffective break statements 24a4273c libcontainer: handle error cases 6cfb498d tty: remove remaining usages of docker/pkg/term 1439022b bump vendor to have latest console with patches 91eafcbc tty: move IO of master pty to be done with epoll 9c36ffbc make localintegration fails on Ubuntu 17.04 e939079a Always save own namespace paths 117c9274 rootfs: switch ms_private remount of oldroot to ms_slave d01050e6 Add support for mips/mips64 9916b791 Put signalMap in a separate file, so it may be arch-specific 602c85fd trailing punctuation in header Fixes: kata-containers#70 Signed-off-by: Malhar Vora <[email protected]>
vbmade2000
added a commit
to vbmade2000/agent
that referenced
this pull request
Jan 12, 2018
to get the fix opencontainers/runc#1678 included in our code. This will prevent libcontainer from waiting SIGKILL'ed processes. Shortlog: db093f62 libcontainer: remove dependency on libapparmor bb912eb0 libcontainer: Do not wait for signalled processes if subreaper is set 5061fd3e stopped container can't be checkpoint fec6b0fe Update criu_opts_linux.go 57edfbba specconv: avoid skipping gidmappings applied when uidmappings is empty 0495fece Ensure container tests do not write on the host 93c5f706 vendor: removed more build=ignore vendor 8898b6b4 remove placeholder for non-linux platforms 4d27f20d libcontainer: drop FreeBSD support 38d1e6ec Delete xattr related code 17db6560 support unbindable,runbindable for rootfs propagation bca53e7b systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling 604dbfbe enable integration test on arm64 platform 03ca562b Remove github.com/docker/docker from vendor 3ca4c78b Import docker/docker/pkg/mount into runc ab0a6dd2 Add build 1.9 to travis 0aac2368 specconv.Example(): add /proc/scsi to masked paths dc609cc5 enable unit test on arm64 platform fdbb9e3e Avoid disk usage explosion when copying busybox 59450147 Use cyphar/filepath-securejoin instead of docker pkg/symlink 780f8ef5 Specconv: Test create command hooks and seccomp setup 1cda65c3 tests: add missing cgroups_kmem requirement c0e6e12f Test Cgroup creation and memory allocations ffe5cdc4 tests: add various !terminal tests ff5075c3 init: correctly handle unmapped stdio with multiple mappings e9193ba6 Fix breaking change in Seccomp profile behavior d8921751 libcontainer: intelrdt: fix a GetStats() issue 0eed453b libcontainer: use Major/Minor from x/sys/unix 80988286 propagate argv0 when re-execing from /proc/self/exe 23f4d316 tests: improve rootless_cg testing d2bc0814 libcontainer: merge common syscall implementations acb93c9c libcontainer: cgroups: Write freezer state after every state check 5f9284cb Check for negative gid f55f79d6 Use Int64SliceFlag instead of StringFlag to get additional gids. 7a386c2b Add --additional-gids to runc exec. 472fa3d0 Update Travis config to use trusty-backports libseccomp bbc847a4 Add integration tests for multi-argument Seccomp filters 03a5a747 Vendor updated libseccomp-golang for bugfix bfe3058f Make process check more forgiving eb68b900 Prevent invalid errors from terminate d4f0f9a5 specconv: emit an error when using MS_PRIVATE with --no-pivot ca4f427a Support cgroups with limits as rootless 2edd36fd libcontainer: create Cwd when it does not exist 605dc5c8 Set initial console size based on process spec f364c1a5 Set ClearONLCR in tests 9ba16b6d Update console and golang/sys deps d713652b libcontainer: remove unnecessary type conversions 4301b440 libcontainer: default mount propagation correctly 4155902a Delete unused variable 65918b02 intelrdt: add update command support 2549545d intelrdt: always init IntelRdtManager if Intel RDT is enabled 00ad8e1e Drop support golang 1.5 e9944d0f Disable systemd in static build ec42eaa4 Add `-installsuffix netgo` in static build 337c3fb8 Use `netgo` for static build eb5bd4fa tests: add tests for rootless multi-mapping configurations d0aec23c tests: generalise rootless runner 1a5fdc1c init: support setting -u with rootless containers 969bb49c nsenter: do not resolve path in nsexec context 6097ce74 nsenter: correctly handle newgidmap path for rootless containers 3282f5a7 tests: fix for rootless multiple uids/gids d8b66940 rootless: allow multiple user/group mappings fdf85e35 main: honor XDG_RUNTIME_DIR for rootless containers 88d22fde libcontainer: intelrdt: use init() to avoid race condition c795b869 Delete unused function c3d20e78 Fixes #1585 config.Namespaces is empty when accessed 7062c755 Apply cgroups earlier ec260653 lazy-migration: add test case 60ae7091 checkpoint: support lazy migration a3a632ad checkpoint: add support to query for lazy page support 4d2756c1 libcontainer: add test cases for Intel RDT/CAT 692f6e1e libcontainer: add support for Intel RDT/CAT in runc af3b0d9d libcontainer/SPEC.md: add documentation for Intel RDT/CAT ace083b6 travis: drop shfmt install 10b175ce signal: ignore tty.resize errors 1f32fff4 setns init: delay seccomp as late as possible 3ddde27d init: move close(stateDirFd) before seccomp apply acaf6897 Fix systemd cgroup after memory type changed 7d66aab7 init: switch away from stateDirFd entirely 66eb2a3e fix --read-only containers under --userns-remap 3f234b15 Add auto-dedup flag for checkpoint/restore da4a5a95 Add AutoDedup option to CriuOpts 4c5bf649 Check error return values c24f6024 ci: smoke-test the release script ed68ee1e release: import umoci's release.sh script 2333e7dc fix panic when Linux is nil for rootless case e6e1c34a Update state after update b45e243f *: enable -buildmode=pie 7726bcf0 Some fixes for testMemoryNotification 40a1fb0e Fix flaky test TestNotifyOnOOM 6581d0f4 makefile: drop usage of --install 527dc5ac fix panic when Linux is nil 3ed492ad Handle non-devices correctly in DeviceFromPath e92add21 Pass back the pid of runc:[1:CHILD] so we can wait on it 60569122 Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric" 25f4c7e7 Move user pkg unix specific calls to unix file 9ed15e94 Fix condition to detect device type in DeviceFromPath b9cff3c1 Remove @avagin as a maintainer 5d386f6e checkpoint: use CRIU VERSION RPC if available 23936925 criurpc.proto: copy latest criurpc.proto from criu 3.3 c71d9cd4 criuSwrk: prepare for CRIU VERSION RPC c5f0ce97 checkCriuVersion: only ask criu once about its version b6c47281 checkCriuVersion: switch to version using int 190d0ba2 VERSION: back to development e4e56cb6 libcontainer: remove ineffective break statements 24a4273c libcontainer: handle error cases 6cfb498d tty: remove remaining usages of docker/pkg/term 1439022b bump vendor to have latest console with patches 91eafcbc tty: move IO of master pty to be done with epoll 9c36ffbc make localintegration fails on Ubuntu 17.04 e939079a Always save own namespace paths 117c9274 rootfs: switch ms_private remount of oldroot to ms_slave d01050e6 Add support for mips/mips64 9916b791 Put signalMap in a separate file, so it may be arch-specific 602c85fd trailing punctuation in header Fixes: kata-containers#70 Signed-off-by: Malhar Vora <[email protected]>
vbmade2000
added a commit
to vbmade2000/agent
that referenced
this pull request
Jan 12, 2018
Bump the vendoring version of libcontainer in order to get the fix opencontainers/runc#1678 included in our code. This will prevent libcontainer from waiting SIGKILL'ed processes. Shortlog: db093f62 libcontainer: remove dependency on libapparmor bb912eb0 libcontainer: Do not wait for signalled processes if subreaper is set 5061fd3e stopped container can't be checkpoint fec6b0fe Update criu_opts_linux.go 57edfbba specconv: avoid skipping gidmappings applied when uidmappings is empty 0495fece Ensure container tests do not write on the host 93c5f706 vendor: removed more build=ignore vendor 8898b6b4 remove placeholder for non-linux platforms 4d27f20d libcontainer: drop FreeBSD support 38d1e6ec Delete xattr related code 17db6560 support unbindable,runbindable for rootfs propagation bca53e7b systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling 604dbfbe enable integration test on arm64 platform 03ca562b Remove github.com/docker/docker from vendor 3ca4c78b Import docker/docker/pkg/mount into runc ab0a6dd2 Add build 1.9 to travis 0aac2368 specconv.Example(): add /proc/scsi to masked paths dc609cc5 enable unit test on arm64 platform fdbb9e3e Avoid disk usage explosion when copying busybox 59450147 Use cyphar/filepath-securejoin instead of docker pkg/symlink 780f8ef5 Specconv: Test create command hooks and seccomp setup 1cda65c3 tests: add missing cgroups_kmem requirement c0e6e12f Test Cgroup creation and memory allocations ffe5cdc4 tests: add various !terminal tests ff5075c3 init: correctly handle unmapped stdio with multiple mappings e9193ba6 Fix breaking change in Seccomp profile behavior d8921751 libcontainer: intelrdt: fix a GetStats() issue 0eed453b libcontainer: use Major/Minor from x/sys/unix 80988286 propagate argv0 when re-execing from /proc/self/exe 23f4d316 tests: improve rootless_cg testing d2bc0814 libcontainer: merge common syscall implementations acb93c9c libcontainer: cgroups: Write freezer state after every state check 5f9284cb Check for negative gid f55f79d6 Use Int64SliceFlag instead of StringFlag to get additional gids. 7a386c2b Add --additional-gids to runc exec. 472fa3d0 Update Travis config to use trusty-backports libseccomp bbc847a4 Add integration tests for multi-argument Seccomp filters 03a5a747 Vendor updated libseccomp-golang for bugfix bfe3058f Make process check more forgiving eb68b900 Prevent invalid errors from terminate d4f0f9a5 specconv: emit an error when using MS_PRIVATE with --no-pivot ca4f427a Support cgroups with limits as rootless 2edd36fd libcontainer: create Cwd when it does not exist 605dc5c8 Set initial console size based on process spec f364c1a5 Set ClearONLCR in tests 9ba16b6d Update console and golang/sys deps d713652b libcontainer: remove unnecessary type conversions 4301b440 libcontainer: default mount propagation correctly 4155902a Delete unused variable 65918b02 intelrdt: add update command support 2549545d intelrdt: always init IntelRdtManager if Intel RDT is enabled 00ad8e1e Drop support golang 1.5 e9944d0f Disable systemd in static build ec42eaa4 Add `-installsuffix netgo` in static build 337c3fb8 Use `netgo` for static build eb5bd4fa tests: add tests for rootless multi-mapping configurations d0aec23c tests: generalise rootless runner 1a5fdc1c init: support setting -u with rootless containers 969bb49c nsenter: do not resolve path in nsexec context 6097ce74 nsenter: correctly handle newgidmap path for rootless containers 3282f5a7 tests: fix for rootless multiple uids/gids d8b66940 rootless: allow multiple user/group mappings fdf85e35 main: honor XDG_RUNTIME_DIR for rootless containers 88d22fde libcontainer: intelrdt: use init() to avoid race condition c795b869 Delete unused function c3d20e78 Fixes #1585 config.Namespaces is empty when accessed 7062c755 Apply cgroups earlier ec260653 lazy-migration: add test case 60ae7091 checkpoint: support lazy migration a3a632ad checkpoint: add support to query for lazy page support 4d2756c1 libcontainer: add test cases for Intel RDT/CAT 692f6e1e libcontainer: add support for Intel RDT/CAT in runc af3b0d9d libcontainer/SPEC.md: add documentation for Intel RDT/CAT ace083b6 travis: drop shfmt install 10b175ce signal: ignore tty.resize errors 1f32fff4 setns init: delay seccomp as late as possible 3ddde27d init: move close(stateDirFd) before seccomp apply acaf6897 Fix systemd cgroup after memory type changed 7d66aab7 init: switch away from stateDirFd entirely 66eb2a3e fix --read-only containers under --userns-remap 3f234b15 Add auto-dedup flag for checkpoint/restore da4a5a95 Add AutoDedup option to CriuOpts 4c5bf649 Check error return values c24f6024 ci: smoke-test the release script ed68ee1e release: import umoci's release.sh script 2333e7dc fix panic when Linux is nil for rootless case e6e1c34a Update state after update b45e243f *: enable -buildmode=pie 7726bcf0 Some fixes for testMemoryNotification 40a1fb0e Fix flaky test TestNotifyOnOOM 6581d0f4 makefile: drop usage of --install 527dc5ac fix panic when Linux is nil 3ed492ad Handle non-devices correctly in DeviceFromPath e92add21 Pass back the pid of runc:[1:CHILD] so we can wait on it 60569122 Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric" 25f4c7e7 Move user pkg unix specific calls to unix file 9ed15e94 Fix condition to detect device type in DeviceFromPath b9cff3c1 Remove @avagin as a maintainer 5d386f6e checkpoint: use CRIU VERSION RPC if available 23936925 criurpc.proto: copy latest criurpc.proto from criu 3.3 c71d9cd4 criuSwrk: prepare for CRIU VERSION RPC c5f0ce97 checkCriuVersion: only ask criu once about its version b6c47281 checkCriuVersion: switch to version using int 190d0ba2 VERSION: back to development e4e56cb6 libcontainer: remove ineffective break statements 24a4273c libcontainer: handle error cases 6cfb498d tty: remove remaining usages of docker/pkg/term 1439022b bump vendor to have latest console with patches 91eafcbc tty: move IO of master pty to be done with epoll 9c36ffbc make localintegration fails on Ubuntu 17.04 e939079a Always save own namespace paths 117c9274 rootfs: switch ms_private remount of oldroot to ms_slave d01050e6 Add support for mips/mips64 9916b791 Put signalMap in a separate file, so it may be arch-specific 602c85fd trailing punctuation in header Fixes: kata-containers#70 Signed-off-by: Malhar Vora <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a subreaper is enabled, it might expect to reap a process and
retrieve its exit code. That's the reason why this patch is giving
the possibility to define the usage of a subreaper as a consumer of
libcontainer. Relying on this information, libcontainer will not
wait for signalled processes in case a subreaper has been set.
Fixes #1677
Signed-off-by: Sebastien Boeuf [email protected]