Skip to content

Commit

Permalink
agent: Fix container creation
Browse files Browse the repository at this point in the history
Commit bd3c4f844abed063a0d0a8575eb596159f33732c is included through
the new libcontainer vendoring:
    Fix race in runc exec

    There is a race in runc exec when the init process stops just before
    the check for the container status. It is then wrongly assumed that
    we are trying to start an init process instead of an exec process.

    This commit add an Init field to libcontainer Process to distinguish
    between init and exec processes to prevent this race.

In order to prevent from breaking Kata Containers with this commit,
we have to provide explicit information if the process is the init
process or not, depending if we're creating a new container or exec'ing
a process on an existing container.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
  • Loading branch information
Sebastien Boeuf committed Apr 11, 2019
1 parent 6e558f7 commit 3e12793
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions grpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,7 @@ func setConsoleCarriageReturn(fd int) error {
return unix.IoctlSetTermios(fd, unix.TCSETS, termios)
}

func buildProcess(agentProcess *pb.Process, procID string) (*process, error) {
func buildProcess(agentProcess *pb.Process, procID string, init bool) (*process, error) {
user := agentProcess.User.Username
if user == "" {
// We can specify the user and the group separated by ":"
Expand All @@ -313,6 +313,7 @@ func buildProcess(agentProcess *pb.Process, procID string) (*process, error) {
Env: agentProcess.Env,
User: user,
AdditionalGroups: additionalGids,
Init: init,
},
}

Expand Down Expand Up @@ -584,7 +585,7 @@ func (a *agentGRPC) finishCreateContainer(ctr *container, req *pb.CreateContaine
}
ctr.config = *config

ctr.initProcess, err = buildProcess(req.OCI.Process, req.ExecId)
ctr.initProcess, err = buildProcess(req.OCI.Process, req.ExecId, true)
if err != nil {
return emptyResp, err
}
Expand Down Expand Up @@ -875,7 +876,7 @@ func (a *agentGRPC) ExecProcess(ctx context.Context, req *pb.ExecProcessRequest)
return nil, grpcStatus.Errorf(codes.FailedPrecondition, "Cannot exec in stopped container %s", req.ContainerId)
}

proc, err := buildProcess(req.Process, req.ExecId)
proc, err := buildProcess(req.Process, req.ExecId, false)
if err != nil {
return emptyResp, err
}
Expand Down

0 comments on commit 3e12793

Please sign in to comment.