From 9cb943843a70cef5478d224615ca53c315020ef3 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Wed, 4 Apr 2018 17:45:29 -0600 Subject: [PATCH] fix signal sending in lxc.init The problem here is that these two clauses were ordered backwards: we first check if the signal came from not the init pid, and if it did, then we give a notice and return. The comment notes that this is intended to protect against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet, because that's tested in the next hunk. The symptom is that if I e.g. send SIGTERM from the outside world to the container init, it ignores it and gives this notice. If we re-order these clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from things that aren't the real container process. Signed-off-by: Tycho Andersen --- src/lxc/start.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index f66f50a7b8..d7f079979e 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -380,6 +380,12 @@ static int signal_handler(int fd, uint32_t events, void *data, return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0; } + if (siginfo.ssi_signo != SIGCHLD) { + kill(hdlr->pid, siginfo.ssi_signo); + INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid); + return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0; + } + /* More robustness, protect ourself from a SIGCHLD sent * by a process different from the container init. */ @@ -389,12 +395,6 @@ static int signal_handler(int fd, uint32_t events, void *data, return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0; } - if (siginfo.ssi_signo != SIGCHLD) { - kill(hdlr->pid, siginfo.ssi_signo); - INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid); - return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0; - } - if (siginfo.ssi_code == CLD_STOPPED) { INFO("Container init process was stopped"); return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;