From: Christian Brauner Date: Mon, 16 Jul 2018 09:07:58 +0000 (+0200) Subject: confile: add lxc.monitor.signal.pdeath X-Git-Tag: lxc-3.1.0~205^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=258f80519f3bb0a41c26083020154e9a61df8468;p=thirdparty%2Flxc.git confile: add lxc.monitor.signal.pdeath Set the signal to be sent to the container's init when the lxc monitor exits. By default it is set to SIGKILL which will cause all container processes to be killed when the lxc monitor process dies. To ensure that containers stay alive even if lxc monitor dies set this to 0. Signed-off-by: Christian Brauner --- diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index 4b2183435..9808ade6c 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -2378,6 +2378,21 @@ dev/null proc/kcore none bind,relative 0 0 + + + + + + + Set the signal to be sent to the container's init when the lxc + monitor exits. By default it is set to SIGKILL which will cause + all container processes to be killed when the lxc monitor process + dies. + To ensure that containers stay alive even if lxc monitor dies set + this to 0. + + + diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 1ff2f5e0a..33beb43d1 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2673,6 +2673,7 @@ struct lxc_conf *lxc_conf_init(void) new->console.name[0] = '\0'; memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf)); new->maincmd_fd = -1; + new->monitor_signal_pdeath = SIGKILL; new->nbd_idx = -1; new->rootfs.mount = strdup(default_rootfs_mount); if (!new->rootfs.mount) { diff --git a/src/lxc/conf.h b/src/lxc/conf.h index ea3a71dfb..f7a879c30 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -303,6 +303,7 @@ struct lxc_conf { /* unshare the mount namespace in the monitor */ unsigned int monitor_unshare; + unsigned int monitor_signal_pdeath; /* list of included files */ struct lxc_list includes; diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 2743dc847..5a18d11bf 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -111,6 +111,7 @@ lxc_config_define(log_file); lxc_config_define(log_level); lxc_config_define(log_syslog); lxc_config_define(monitor); +lxc_config_define(monitor_signal_pdeath); lxc_config_define(mount); lxc_config_define(mount_auto); lxc_config_define(mount_fstab); @@ -194,6 +195,7 @@ static struct lxc_config_t config[] = { { "lxc.log.level", set_config_log_level, get_config_log_level, clr_config_log_level, }, { "lxc.log.syslog", set_config_log_syslog, get_config_log_syslog, clr_config_log_syslog, }, { "lxc.monitor.unshare", set_config_monitor, get_config_monitor, clr_config_monitor, }, + { "lxc.monitor.signal.pdeath", set_config_monitor_signal_pdeath, get_config_monitor_signal_pdeath, clr_config_monitor_signal_pdeath, }, { "lxc.mount.auto", set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, }, { "lxc.mount.entry", set_config_mount, get_config_mount, clr_config_mount, }, { "lxc.mount.fstab", set_config_mount_fstab, get_config_mount_fstab, clr_config_mount_fstab, }, @@ -976,6 +978,28 @@ static int set_config_monitor(const char *key, const char *value, return -1; } +static int set_config_monitor_signal_pdeath(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) +{ + if (lxc_config_value_empty(value)) { + lxc_conf->monitor_signal_pdeath = 0; + return 0; + } + + if (strcmp(key + 12, "signal.pdeath") == 0) { + int sig_n; + + sig_n = sig_parse(value); + if (sig_n < 0) + return -1; + + lxc_conf->monitor_signal_pdeath = sig_n; + return 0; + } + + return -EINVAL; +} + static int set_config_group(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { @@ -3420,6 +3444,13 @@ static int get_config_monitor(const char *key, char *retv, int inlen, return lxc_get_conf_int(c, retv, inlen, c->monitor_unshare); } +static int get_config_monitor_signal_pdeath(const char *key, char *retv, + int inlen, struct lxc_conf *c, + void *data) +{ + return lxc_get_conf_int(c, retv, inlen, c->monitor_signal_pdeath); +} + static int get_config_group(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { @@ -3971,6 +4002,13 @@ static inline int clr_config_monitor(const char *key, struct lxc_conf *c, return 0; } +static inline int clr_config_monitor_signal_pdeath(const char *key, + struct lxc_conf *c, void *data) +{ + c->monitor_signal_pdeath = 0; + return 0; +} + static inline int clr_config_group(const char *key, struct lxc_conf *c, void *data) { diff --git a/src/lxc/start.c b/src/lxc/start.c index f100b9515..180a37ab4 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1370,6 +1370,15 @@ static int do_start(void *data) goto out_warn_father; } + if (handler->conf->monitor_signal_pdeath != SIGKILL) { + ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath); + if (ret < 0) { + SYSERROR("Failed to set PR_SET_PDEATHSIG to %d", + handler->conf->monitor_signal_pdeath); + goto out_warn_father; + } + } + /* After this call, we are in error because this ops should not return * as it execs. */