pidns : PR_SET_PDEATHSIG + SIGKILL regression

Serge E. Hallyn serue at us.ibm.com
Fri Oct 2 08:47:02 PDT 2009


Thanks, Daniel, great testcase.

Suka, Pavel, the problem is because send_signal() only calls a
signal from_ancestor_ns if is_si_special(info), while reparent_thread()
sends SEND_SIG_NOINFO.

Why is the '!is_si_special(info)' check there for from_ancestor_ns()?

-serge

Quoting Daniel Lezcano (dlezcano at fr.ibm.com):
> Hi,
> 
> I noticed a changed behaviour with the PR_SET_PDEATHSIG and SIGKILL 
> between different kernel versions.
> 
> With a kernel 2.6.27.21-78.2.41.fc9.x86_64, the SIGKILL signal is 
> delivered to the child process when the parent dies but with a 2.6.31 
> kernel version that don't happen.
> 
> The program below shows the problem. I remember there was were some 
> modifications about not killing the init process of the container from 
> inside, but in this case, that happens _conceptually_ from outside. 
> Keeping this feature is very important to be able to wipe out the 
> container when the parent process of the container dies.
> 
> #include <stdio.h>
> #include <unistd.h>
> #include <stdlib.h>
> #include <sys/prctl.h>
> #include <sys/param.h>
> #include <sys/poll.h>
> #include <signal.h>
> #include <sched.h>
> 
> #ifndef CLONE_NEWPID
> #  define CLONE_NEWPID            0x20000000
> #endif
> 
> int child(void *arg)
> {
>     if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0)) {
>         perror("prctl");
>         return -1;
>     }
> 
>     sleep(3);
>     printf("I should have gone with my parent\n");
>     return -1;
> }
> 
> pid_t clonens(int (*fn)(void *), void *arg, int flags)
> {
>     long stack_size = sysconf(_SC_PAGESIZE);
>      void *stack = alloca(stack_size) + stack_size;
>     return clone(fn, stack, flags | SIGCHLD, arg);
> }
> 
> int main(int argc, char *argv[])
> {
>     pid_t pid;
> 
>     pid = clonens(child, NULL, CLONE_NEWNS|CLONE_NEWPID);
>     if (pid < 0) {
>         perror("clone");
>         return -1;
>     }
> 
>     /* let the child to be ready, ugly but simple code */
>     sleep(1);
>     
>     return 0;
> }
> 
> _______________________________________________
> Containers mailing list
> Containers at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/containers


More information about the Containers mailing list