Skip to content

Commit

Permalink
fix runc's poststart behaviour doesn't match the runtime-spec
Browse files Browse the repository at this point in the history
Signed-off-by: ningmingxiao <[email protected]>
  • Loading branch information
ningmingxiao committed Jul 18, 2024
1 parent 3778ae6 commit adcf828
Showing 1 changed file with 34 additions and 14 deletions.
48 changes: 34 additions & 14 deletions libcontainer/container_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,16 @@ func (c *Container) exec() error {
for {
select {
case result := <-blockingFifoOpenCh:
return handleFifoResult(result)
err := handleFifoResult(result)
if err != nil {
return err
}
err = c.postStart()
if err != nil {
logrus.Warnf("postStart: %v", err)
return c.signal(unix.SIGKILL)
}
return nil

case <-time.After(time.Millisecond * 100):
stat, err := system.Stat(pid)
Expand All @@ -246,12 +255,30 @@ func (c *Container) exec() error {
if err := handleFifoResult(fifoOpen(path, false)); err != nil {
return errors.New("container process is already dead")
}
err := c.postStart()
if err != nil {
logrus.Warnf("postStart: %v", err)
return c.signal(unix.SIGKILL)
}
return nil
}
}
}
}

func (c *Container) postStart() error {
s, err := c.currentOCIState()
if err != nil {
return err
}
if c.config.Hooks != nil {
if err := c.config.Hooks.Run(configs.Poststart, s); err != nil {
return fmt.Errorf("run postStart hook: %w", err)
}
}
return nil
}

func readFromExecFifo(execFifo io.Reader) error {
data, err := io.ReadAll(execFifo)
if err != nil {
Expand Down Expand Up @@ -353,19 +380,6 @@ func (c *Container) start(process *Process) (retErr error) {

if process.Init {
c.fifo.Close()
if c.config.Hooks != nil {
s, err := c.currentOCIState()
if err != nil {
return err
}

if err := c.config.Hooks.Run(configs.Poststart, s); err != nil {
if err := ignoreTerminateErrors(parent.terminate()); err != nil {
logrus.Warn(fmt.Errorf("error running poststart hook: %w", err))
}
return err
}
}
}
return nil
}
Expand All @@ -378,6 +392,12 @@ func (c *Container) start(process *Process) (retErr error) {
func (c *Container) Signal(s os.Signal) error {
c.m.Lock()
defer c.m.Unlock()
return c.signal(s)
}

func (c *Container) signal(s os.Signal) error {
c.m.Lock()
defer c.m.Unlock()

// When a container has its own PID namespace, inside it the init PID
// is 1, and thus it is handled specially by the kernel. In particular,
Expand Down

0 comments on commit adcf828

Please sign in to comment.