From 4e2324665201b97132a6e96739f6be94c838a233 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 18 Dec 2017 14:08:02 +0100 Subject: [PATCH] start: reap intermediate process When we inherit namespaces we need to reap the attaching process. Signed-off-by: Christian Brauner --- src/lxc/error.h | 2 ++ src/lxc/start.c | 24 +++++++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/lxc/error.h b/src/lxc/error.h index d5d60de0f..6fe474a13 100644 --- a/src/lxc/error.h +++ b/src/lxc/error.h @@ -23,6 +23,8 @@ #ifndef __LXC_ERROR_H #define __LXC_ERROR_H +#define LXC_CLONE_ERROR "Failed to clone a new set of namespaces" + extern int lxc_error_set_and_log(int pid, int status); #endif diff --git a/src/lxc/start.c b/src/lxc/start.c index e17507606..c53d43656 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1399,14 +1399,28 @@ static int lxc_spawn(struct lxc_handler *handler) /* The cgroup namespace gets unshare()ed not clone()ed. */ handler->on_clone_flags &= ~CLONE_NEWCGROUP; - if (share_ns) - ret = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES); - else + if (share_ns) { + pid_t attacher_pid; + + attacher_pid = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES); + if (attacher_pid < 0) { + SYSERROR(LXC_CLONE_ERROR); + goto out_delete_net; + } + + ret = wait_for_pid(attacher_pid); + if (ret < 0) { + SYSERROR("Intermediate process failed"); + goto out_delete_net; + } + } else { handler->pid = lxc_clone(do_start, handler, handler->on_clone_flags); - if (handler->pid < 0 || ret < 0) { - SYSERROR("Failed to clone a new set of namespaces."); + } + if (handler->pid < 0) { + SYSERROR(LXC_CLONE_ERROR); goto out_delete_net; } + TRACE("Cloned child process %d", handler->pid); for (i = 0; i < LXC_NS_MAX; i++) -- 2.47.2