Mapping between host & container PIDs ?

Eric W. Biederman ebiederm at xmission.com
Tue Nov 27 21:49:31 UTC 2012


"Daniel P. Berrange" <berrange at redhat.com> writes:

> Thinking about it more generally, this isn't really a container specific
> problem, but rather an issue with the kill() syscall. It is the same
> general class of problem as you see checking file permissions for example,
> which is why you would use fstat() instead of stat() in many cases. It
> might call for a way to get a FD associated with a pid (eg the /proc/$pid
> dir handle) and then be able to kill() via that FD. eg something like
>
>
>   dirfd = open("/proc/$pid", O_RDONLY);
>
>   exefd = openat(dirfd, "exe", O_RDONLY);
>   ...check it is the exe you think it is...
>
>   cgroupfd = openat(dirfd, "cgroups", O_RDONLY);
>   ...check the process is where you expect it to be...
>
>   fkill(dirfd, SIG_KILL)
>
> that's probably a whole can of worms though, so I think i'll just
> restrict myself to killing processes based on the container's view
> of the PID for now.

Yes that is the general solution.  It is very reasonable to have a proc
file that you can write to that will send a signal to it's process.

I keep thinking it will be worth implementing one of these days.

Eric


More information about the Containers mailing list