From fa3621ea820dce2bcc08ced13b81399a64b21aa7 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 11 Mar 2020 13:11:07 +0100
Subject: [PATCH] lxccontainer: add init_pidfd() API extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 doc/api-extensions.md  |  4 ++++
 src/lxc/lxccontainer.c | 11 +++++++++++
 src/lxc/lxccontainer.h |  9 +++++++++
 3 files changed, 24 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index e5fa29fed..9413c7df9 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -120,3 +120,7 @@ cgroup of the container when the controller is available.
 This enables `LXC` to make complete use of the unified cgroup hierarchy. With
 this extension it is possible to run `LXC` containers on systems that use
 a pure unified cgroup layout.
+
+# init\_pidfd
+
+This adds a new API function `init_pidfd()` which allows to retrieve a pidfd for the container's init process allowing process management interactions such as sending signal to be completely reliable and rac-e free.
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index bf0c44d21..5f9fd1240 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -611,6 +611,16 @@ static pid_t do_lxcapi_init_pid(struct lxc_container *c)
 
 WRAP_API(pid_t, lxcapi_init_pid)
 
+static int do_lxcapi_init_pidfd(struct lxc_container *c)
+{
+	if (!c)
+		return ret_errno(EBADF);
+
+	return lxc_cmd_get_init_pidfd(c->name, c->config_path);
+}
+
+WRAP_API(int, lxcapi_init_pidfd)
+
 static bool load_config_locked(struct lxc_container *c, const char *fname)
 {
 	if (!c->lxc_conf)
@@ -5319,6 +5329,7 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
 	c->console = lxcapi_console;
 	c->console_getfd = lxcapi_console_getfd;
 	c->init_pid = lxcapi_init_pid;
+	c->init_pidfd = lxcapi_init_pidfd;
 	c->load_config = lxcapi_load_config;
 	c->want_daemonize = lxcapi_want_daemonize;
 	c->want_close_all_fds = lxcapi_want_close_all_fds;
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index 5bb38e453..4577de7ff 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -856,6 +856,15 @@ struct lxc_container {
 	 * \return file descriptor for container's seccomp filter
 	 */
 	int (*seccomp_notify_fd)(struct lxc_container *c);
+
+	/*!
+	 * \brief Retrieve a pidfd for the container's init process.
+	 *
+	 * \param c Container.
+	 *
+	 * \return pidfd of init process of the container.
+	 */
+	int (*init_pidfd)(struct lxc_container *c);
 };
 
 /*!
-- 
2.47.2