From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 22 Dec 2017 21:17:44 +0000 (+0100)
Subject: start: fix death signal
X-Git-Tag: lxc-3.0.0.beta1~92^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=912314fc9b63e8cffaf3d5160f9171fc6a0805d4;p=thirdparty%2Flxc.git

start: fix death signal

On set{g,u}id() the kernel does:

 	/* dumpability changes */
	if (!uid_eq(old->euid, new->euid) ||
	    !gid_eq(old->egid, new->egid) ||
	    !uid_eq(old->fsuid, new->fsuid) ||
	    !gid_eq(old->fsgid, new->fsgid) ||
	    !cred_cap_issubset(old, new)) {
		if (task->mm)
			set_dumpable(task->mm, suid_dumpable);
		task->pdeath_signal = 0;
		smp_wmb();
	}

which means we need to re-enable the deat signal after the set{g,u}id().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index c7d87fb3c..2b09d89ab 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -888,8 +888,9 @@ static int do_start(void *data)
 	 * exit before we set the pdeath signal leading to a unsupervized
 	 * container.
 	 */
-	if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0)) {
-		SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL.");
+	ret = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+	if (ret < 0) {
+		SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL");
 		return -1;
 	}
 
@@ -946,6 +947,13 @@ static int do_start(void *data)
 			if (ret < 0)
 				goto out_warn_father;
 		}
+
+		/* set{g,u}id() clears deathsignal */
+		ret = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+		if (ret < 0) {
+			SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL");
+			goto out_warn_father;
+		}
 	}
 
 	if (access(handler->lxcpath, X_OK)) {