lxccontainer: add init_pidfd() API extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index e5fa29fed130140ba0ad51e2edf647c6d3215fb7..9413c7df9a61325fd2eb3772d2514688da57b9f2 100644 (file)
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -120,3 +120,7 @@ cgroup of the container when the controller is available.
 This enables `LXC` to make complete use of the unified cgroup hierarchy. With
 this extension it is possible to run `LXC` containers on systems that use
 a pure unified cgroup layout.
+
+# init\_pidfd
+
+This adds a new API function `init_pidfd()` which allows to retrieve a pidfd for the container's init process allowing process management interactions such as sending signal to be completely reliable and rac-e free.

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index bf0c44d217d1af3087d20b26304946427e014c52..5f9fd1240674c36d7a5800e52aac72f3fd8fcd90 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -611,6 +611,16 @@ static pid_t do_lxcapi_init_pid(struct lxc_container *c)
 
 WRAP_API(pid_t, lxcapi_init_pid)
 
+static int do_lxcapi_init_pidfd(struct lxc_container *c)
+{
+       if (!c)
+               return ret_errno(EBADF);
+
+       return lxc_cmd_get_init_pidfd(c->name, c->config_path);
+}
+
+WRAP_API(int, lxcapi_init_pidfd)
+
 static bool load_config_locked(struct lxc_container *c, const char *fname)
 {
        if (!c->lxc_conf)
@@ -5319,6 +5329,7 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
        c->console = lxcapi_console;
        c->console_getfd = lxcapi_console_getfd;
        c->init_pid = lxcapi_init_pid;
+       c->init_pidfd = lxcapi_init_pidfd;
        c->load_config = lxcapi_load_config;
        c->want_daemonize = lxcapi_want_daemonize;
        c->want_close_all_fds = lxcapi_want_close_all_fds;

diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index 5bb38e45321f907ed224eee3aef3cbf002a6e842..4577de7ff5c383d8d52ce680c1a0e9a3b09714d7 100644 (file)
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -856,6 +856,15 @@ struct lxc_container {
         * \return file descriptor for container's seccomp filter
         */
        int (*seccomp_notify_fd)(struct lxc_container *c);
+
+       /*!
+        * \brief Retrieve a pidfd for the container's init process.
+        *
+        * \param c Container.
+        *
+        * \return pidfd of init process of the container.
+        */
+       int (*init_pidfd)(struct lxc_container *c);
 };
 
 /*!