libcontainer/standard_init_linux: Move LookPath to post-wait

This avoids a panic for containers that do not set Process. And even if Process was set, there is no reason to require the executable to be available *at create time* [1]. Subsequent activity could be scheduled to get a binary in place at the configured location before 'start' is called. [1]: opencontainers#827 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
wking · Feb 20, 2018 · 0cd9a7e · 0cd9a7e
1 parent ed4b83c
commit 0cd9a7e
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go
@@ -3,6 +3,7 @@
 package libcontainer
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
@@ -152,12 +153,6 @@ func (l *linuxStandardInit) Init() error {
 	if unix.Getppid() != l.parentPid {
 		return unix.Kill(unix.Getpid(), unix.SIGKILL)
 	}
-	// Check for the arg before waiting to make sure it exists and it is
-	// returned as a create time error.
-	name, err := exec.LookPath(l.config.Args[0])
-	if err != nil {
-		return err
-	}
 	// Close the pipe to signal that we have completed our init.
 	l.pipe.Close()
 	// Wait for the FIFO to be opened on the other side before exec-ing the
@@ -186,6 +181,13 @@ func (l *linuxStandardInit) Init() error {
 			return newSystemErrorWithCause(err, "init seccomp")
 		}
 	}
+	if len(l.config.Args) == 0 {
+		return errors.New("no process arguments configured")
+	}
+	name, err := exec.LookPath(l.config.Args[0])
+	if err != nil {
+		return err
+	}
 	if err := syscall.Exec(name, l.config.Args[0:], os.Environ()); err != nil {
 		return newSystemErrorWithCause(err, "exec user process")
 	}