From d01005057adaee4ac60c15abad6438ec6ea68445 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 17 Feb 2020 19:11:39 +0100 Subject: [PATCH] rootless: check if the conmon process is valid if the pause process doesn't exist and we try to join a conmon namespace, make sure the process still exists. Otherwise re-create the user namespace. Signed-off-by: Giuseppe Scrivano --- pkg/rootless/rootless_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 182a39f6b0..f71d557765 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -452,6 +452,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st var lastErr error var pausePid int + foundProcess := false for _, path := range paths { if !needNewNamespace { @@ -502,12 +503,16 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st } pausePid, err = strconv.Atoi(string(b[:n])) - if err == nil { + if err == nil && unix.Kill(pausePid, 0) == nil { + foundProcess = true lastErr = nil break } } } + if !foundProcess { + return BecomeRootInUserNS(pausePidPath) + } if lastErr != nil { return false, 0, lastErr }