Skip to content

Commit

Permalink
rootless: fix hang when newidmap is not installed
Browse files Browse the repository at this point in the history
when newidmap is not installed the code would hit the
reexec_in_user_namespace_wait code and wait for the child process to
be terminated.  The child process is blocked waiting on the w pipe.

So make sure to unblock the child process first and then clean it up.

Closes: #7776

Signed-off-by: Giuseppe Scrivano <[email protected]>
(cherry picked from commit 7147c93)
  • Loading branch information
giuseppe committed Oct 2, 2020
1 parent ce5b48b commit ed5f1d6
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions pkg/rootless/rootless_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,8 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
}
r, w := os.NewFile(uintptr(fds[0]), "sync host"), os.NewFile(uintptr(fds[1]), "sync child")

var pid int

defer errorhandling.CloseQuiet(r)
defer errorhandling.CloseQuiet(w)
defer func() {
Expand All @@ -226,18 +228,19 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
if _, err := w.Write(toWrite); err != nil {
logrus.Errorf("failed to write byte 0: %q", err)
}
if retErr != nil && pid > 0 {
if err := unix.Kill(pid, unix.SIGKILL); err != nil {
logrus.Errorf("failed to kill %d", pid)
}
C.reexec_in_user_namespace_wait(C.int(pid), 0)
}
}()

pidC := C.reexec_in_user_namespace(C.int(r.Fd()), cPausePid, cFileToRead, fileOutputFD)
pid := int(pidC)
pid = int(pidC)
if pid < 0 {
return false, -1, errors.Errorf("cannot re-exec process")
}
defer func() {
if retErr != nil {
C.reexec_in_user_namespace_wait(pidC, 0)
}
}()

uids, gids, err := GetConfiguredMappings()
if err != nil {
Expand Down

0 comments on commit ed5f1d6

Please sign in to comment.