confile: add lxc.monitor.signal.pdeath

Set the signal to be sent to the container's init when the lxc monitor exits.
By default it is set to SIGKILL which will cause all container processes to be
killed when the lxc monitor process dies.
To ensure that containers stay alive even if lxc monitor dies set this to 0.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 4b2183435abbb8344d0c092af6a808bf4d63dcbc..9808ade6c999c73b09daa694b6983428d2364ffb 100644 (file)
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -2378,6 +2378,21 @@ dev/null proc/kcore none bind,relative 0 0
             </para>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term>
+            <option>lxc.monitor.signal.pdeath</option>
+          </term>
+          <listitem>
+            <para>
+              Set the signal to be sent to the container's init when the lxc
+              monitor exits. By default it is set to SIGKILL which will cause
+              all container processes to be killed when the lxc monitor process
+              dies.
+              To ensure that containers stay alive even if lxc monitor dies set
+              this to 0.
+            </para>
+          </listitem>
+        </varlistentry>
         <varlistentry>
           <term>
             <option>lxc.group</option>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 1ff2f5e0a89e97e12ee542be9248e363ff93a1c5..33beb43d1efc112de091b258343268bdd413c514 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2673,6 +2673,7 @@ struct lxc_conf *lxc_conf_init(void)
        new->console.name[0] = '\0';
        memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf));
        new->maincmd_fd = -1;
+       new->monitor_signal_pdeath = SIGKILL;
        new->nbd_idx = -1;
        new->rootfs.mount = strdup(default_rootfs_mount);
        if (!new->rootfs.mount) {

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index ea3a71dfbab2ed016259f064b042f779d596d0d6..f7a879c301b0230441bc05017c1ae46261731605 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -303,6 +303,7 @@ struct lxc_conf {
 
        /* unshare the mount namespace in the monitor */
        unsigned int monitor_unshare;
+       unsigned int monitor_signal_pdeath;
 
        /* list of included files */
        struct lxc_list includes;

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 2743dc84778ab1b40e7a871b82f5fbc2a857a676..5a18d11bfe410fb8a11819240340cd3be411aa11 100644 (file)
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -111,6 +111,7 @@ lxc_config_define(log_file);
 lxc_config_define(log_level);
 lxc_config_define(log_syslog);
 lxc_config_define(monitor);
+lxc_config_define(monitor_signal_pdeath);
 lxc_config_define(mount);
 lxc_config_define(mount_auto);
 lxc_config_define(mount_fstab);
@@ -194,6 +195,7 @@ static struct lxc_config_t config[] = {
        { "lxc.log.level",                 set_config_log_level,                   get_config_log_level,                   clr_config_log_level,                 },
        { "lxc.log.syslog",                set_config_log_syslog,                  get_config_log_syslog,                  clr_config_log_syslog,                },
        { "lxc.monitor.unshare",           set_config_monitor,                     get_config_monitor,                     clr_config_monitor,                   },
+       { "lxc.monitor.signal.pdeath",     set_config_monitor_signal_pdeath,       get_config_monitor_signal_pdeath,       clr_config_monitor_signal_pdeath,     },
        { "lxc.mount.auto",                set_config_mount_auto,                  get_config_mount_auto,                  clr_config_mount_auto,                },
        { "lxc.mount.entry",               set_config_mount,                       get_config_mount,                       clr_config_mount,                     },
        { "lxc.mount.fstab",               set_config_mount_fstab,                 get_config_mount_fstab,                 clr_config_mount_fstab,               },
@@ -976,6 +978,28 @@ static int set_config_monitor(const char *key, const char *value,
        return -1;
 }
 
+static int set_config_monitor_signal_pdeath(const char *key, const char *value,
+                                           struct lxc_conf *lxc_conf, void *data)
+{
+       if (lxc_config_value_empty(value)) {
+               lxc_conf->monitor_signal_pdeath = 0;
+               return 0;
+       }
+
+       if (strcmp(key + 12, "signal.pdeath") == 0) {
+               int sig_n;
+
+               sig_n = sig_parse(value);
+               if (sig_n < 0)
+                       return -1;
+
+               lxc_conf->monitor_signal_pdeath = sig_n;
+               return 0;
+       }
+
+       return -EINVAL;
+}
+
 static int set_config_group(const char *key, const char *value,
                            struct lxc_conf *lxc_conf, void *data)
 {
@@ -3420,6 +3444,13 @@ static int get_config_monitor(const char *key, char *retv, int inlen,
        return lxc_get_conf_int(c, retv, inlen, c->monitor_unshare);
 }
 
+static int get_config_monitor_signal_pdeath(const char *key, char *retv,
+                                           int inlen, struct lxc_conf *c,
+                                           void *data)
+{
+       return lxc_get_conf_int(c, retv, inlen, c->monitor_signal_pdeath);
+}
+
 static int get_config_group(const char *key, char *retv, int inlen,
                            struct lxc_conf *c, void *data)
 {
@@ -3971,6 +4002,13 @@ static inline int clr_config_monitor(const char *key, struct lxc_conf *c,
        return 0;
 }
 
+static inline int clr_config_monitor_signal_pdeath(const char *key,
+                                                  struct lxc_conf *c, void *data)
+{
+       c->monitor_signal_pdeath = 0;
+       return 0;
+}
+
 static inline int clr_config_group(const char *key, struct lxc_conf *c,
                                   void *data)
 {

diff --git a/src/lxc/start.c b/src/lxc/start.c
index f100b9515a0fb739e3947007a5c146edaaa1ea98..180a37ab44d838ac93bca8d19ae9ca27e62a8172 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1370,6 +1370,15 @@ static int do_start(void *data)
                goto out_warn_father;
        }
 
+       if (handler->conf->monitor_signal_pdeath != SIGKILL) {
+               ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath);
+               if (ret < 0) {
+                       SYSERROR("Failed to set PR_SET_PDEATHSIG to %d",
+                                handler->conf->monitor_signal_pdeath);
+                       goto out_warn_father;
+               }
+       }
+
        /* After this call, we are in error because this ops should not return
         * as it execs.
         */