Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libct.Start: fix locking, do not allow a second container init #4271

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

libct.Start: fix locking, do not allow a second container init #4271

wants to merge 3 commits into from
+21 −21

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented May 7, 2024
edited

By definition, every container has only 1 init (i.e. PID 1) process.

Apparently, libcontainer API supported running more than 1 "init", and
two tests mistakenly used it. Of course, the second "init" was not
PID 1, but it was started like init and, I guess, some of the Container fields
were set to wrong values.

Let's not allow that, erroring out if we already have init running.

Fix two cases in libct/int which ran two inits inside a container.
Also, fix a locking issue and remove some code that's not needed.

@kolyshkin kolyshkin force-pushed the two-inits branch 2 times, most recently from dfe38a9 to 2575cf4 Compare May 7, 2024 21:06
@kolyshkin kolyshkin marked this pull request as ready for review May 7, 2024 21:06
@kolyshkin kolyshkin requested a review from lifubang May 7, 2024 21:07
@kolyshkin
libct: createExecFifo: rm unneeded os.Stat
da62ce6 
In case file already exists, mknod(2) will return EEXIST.

This os.Stat call was (inadvertently?) added by commit 805b8c7.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
libct: fix locking in Start/Run/Exec
b43f565 
1. The code to call c.exec from c.Run was initially added by commit
   3aacff6. At the time, there was a lock in c.Run. That lock was
   removed by commit bd3c4f8, which resulted in part of c.Run executing
   without the lock.

2. All the Start/Run/Exec calls were a mere wrappers for start/run/exec
   adding a lock, but some more code crept into Start at some point,
   e.g. by commits 805b8c7 and 108ee85. Since the reason mentioned in
   commit 805b8c7 is no longer true after refactoring, we can fix this.

Fix both issues by moving code out of wrappers, and adding locking into
c.Run.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
libct: don't allow to start second init process
dac5486 
By definition, every container has only 1 init (i.e. PID 1) process.

Apparently, libcontainer API supported running more than 1 init, and
at least one tests mistakenly used it.

Let's not allow that, erroring out if we already have init. Doing
otherwise _probably_ results in some confusion inside the library.

Fix two cases in libct/int which ran two inits inside a container.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
Copy link
Contributor Author

@opencontainers/runc-maintainers PTAL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@lifubang lifubang Awaiting requested review from lifubang

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kolyshkin @AkihiroSuda