more robustness against SIGCHLD

If the SIGCHLD is sent from a process different from the container's init
process we ignore it, otherwise we finish to wait it.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

diff --git a/src/lxc/start.c b/src/lxc/start.c
index acdfd1b7f00fbeba1d77f8434f64fa3f3c78ef83..7e34cceaea0b51815c27f53e3363693fbd514890 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -225,6 +225,7 @@ static int sigchld_handler(int fd, void *data,
 {
        struct signalfd_siginfo siginfo;
        int ret;
+       pid_t *pid = data;
 
        ret = read(fd, &siginfo, sizeof(siginfo));
        if (ret < 0) {
@@ -243,6 +244,14 @@ static int sigchld_handler(int fd, void *data,
                return 0;
        }
 
+       /* more robustness, protect ourself from a SIGCHLD sent
+        * by a process different from the container init
+        */
+       if (siginfo.ssi_pid != *pid) {
+               WARN("invalid pid for SIGCHLD");
+               return 0;
+       }
+
        DEBUG("container init process exited");
        return 1;
 }