Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libct.Start: fix locking, do not allow a second container init #4271

Merged
merged 3 commits into from
Jun 11, 2024
Merged

libct.Start: fix locking, do not allow a second container init #4271

merged 3 commits into from
Jun 11, 2024

Commits on Jun 11, 2024

  1. libct: createExecFifo: rm unneeded os.Stat 

    In case file already exists, mknod(2) will return EEXIST.

This os.Stat call was (inadvertently?) added by commit 805b8c7.

Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    304a4c0 View commit details
    Browse the repository at this point in the history

  2. libct: fix locking in Start/Run/Exec 

    1. The code to call c.exec from c.Run was initially added by commit
   3aacff6. At the time, there was a lock in c.Run. That lock was
   removed by commit bd3c4f8, which resulted in part of c.Run executing
   without the lock.

2. All the Start/Run/Exec calls were a mere wrappers for start/run/exec
   adding a lock, but some more code crept into Start at some point,
   e.g. by commits 805b8c7 and 108ee85. Since the reason mentioned in
   commit 805b8c7 is no longer true after refactoring, we can fix this.

Fix both issues by moving code out of wrappers, and adding locking into
c.Run.

Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    e3e1072 View commit details
    Browse the repository at this point in the history

  3. libct: don't allow to start second init process 

    By definition, every container has only 1 init (i.e. PID 1) process.

Apparently, libcontainer API supported running more than 1 init, and
at least one tests mistakenly used it.

Let's not allow that, erroring out if we already have init. Doing
otherwise _probably_ results in some confusion inside the library.

Fix two cases in libct/int which ran two inits inside a container.

Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    42cea2e View commit details
    Browse the repository at this point in the history