fix signal sending in lxc.init

The problem here is that these two clauses were ordered backwards: we first check if the signal came from not the init pid, and if it did, then we give a notice and return. The comment notes that this is intended to protect against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet, because that's tested in the next hunk. The symptom is that if I e.g. send SIGTERM from the outside world to the container init, it ignores it and gives this notice. If we re-order these clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from things that aren't the real container process. Signed-off-by: Tycho Andersen <[email protected]>
vpsfreecz · Apr 4, 2018 · 9cb9438 · 9cb9438
1 parent 22b2b9c
commit 9cb9438
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/src/lxc/start.c b/src/lxc/start.c
@@ -380,6 +380,12 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
 	}
 
+	if (siginfo.ssi_signo != SIGCHLD) {
+		kill(hdlr->pid, siginfo.ssi_signo);
+		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
+		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+	}
+
 	/* More robustness, protect ourself from a SIGCHLD sent
 	 * by a process different from the container init.
 	 */
@@ -389,12 +395,6 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
 	}
 
-	if (siginfo.ssi_signo != SIGCHLD) {
-		kill(hdlr->pid, siginfo.ssi_signo);
-		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
-		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
-	}
-
 	if (siginfo.ssi_code == CLD_STOPPED) {
 		INFO("Container init process was stopped");
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;