git.ipfire.org Git - thirdparty/lxc.git/commit

start: fix cgroup namespace preservation

Prior to this patch we raced with a very short-lived init process. Essentially,
the init process could exit before we had time to record the cgroup namespace
causing the container to abort and report ABORTING to the caller when it
actually started just fine. Let's not do this.

(This uses syscall(SYS_getpid) in the the child to retrieve the pid just in case
we're on an older glibc version and we end up in the namespace sharing branch
of the actual lxc_clone() call.)

Additionally this fixes the shortlived tests. They were faulty so far and
should have actually failed because of the cgroup namespace recording race but
the ret variable used to return from the function was not correctly
initialized. This fixes it.
Furthermore, the shortlived tests used the c->error_num variable to determine
success or failure but this is actually not correct when the container is
started daemonized.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

author	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 12 Dec 2017 23:22:47 +0000 (00:22 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Fri, 15 Dec 2017 12:45:58 +0000 (13:45 +0100)
commit	93b20b93311a8c141334ca07178bb2498428ee3d
tree	5b3445199c0b7761db852134e575ac69a667ae90	tree \| snapshot
parent	f73fa4b06a6b9598942fa7a1dcd1d6e14222a15c	commit \| diff

src/lxc/criu.c		diff \| blob \| blame \| history
src/lxc/start.c		diff \| blob \| blame \| history
src/lxc/start.h		diff \| blob \| blame \| history
src/tests/shortlived.c		diff \| blob \| blame \| history