<div dir="ltr">Hi Pavel,<div><br></div><div>There seems to be a problem in or below parasite_drain_fds_seized() when seizing a process's open file descriptors. Here is the problem I ran into:</div><div><br></div><div>
When a Docker container is started in the detached mode (-d flag), its stdin inside its own mount namespace is set to its /dev/null as you can see below:</div><div><br></div><div>$ docker run -d ubuntu:latest /bin/sh -c 'ls -l /proc/self/fd >> /LOG; stat /dev/null >> /LOG; sleep 3000'<br>
</div><div><div>64bb55e56db391c11d3d8442fdb2f960252ce4c8edc6349d59d73b692d1b0b6c</div><div>$</div><div><br></div><div>$ sudo cat /var/lib/docker/vfs/dir/64bb55e56db391c11d3d8442fdb2f960252ce4c8edc6349d59d73b692d1b0b6c/LOG</div>
<div>total 0</div><div>lr-x------ 1 root root 64 Jul 15 05:59 0 -> /dev/null</div><div>l-wx------ 1 root root 64 Jul 15 05:59 1 -> /LOG</div><div>l-wx------ 1 root root 64 Jul 15 05:59 2 -> pipe:[47269]</div><div>
lr-x------ 1 root root 64 Jul 15 05:59 3 -> /proc/9/fd</div><div> File: '/dev/null'</div><div> Size: 0 <span class="" style="white-space:pre"> </span>Blocks: 0 IO Block: 4096 character special file</div>
<div>Device: 2ah/42d<span class="" style="white-space:pre"> </span>Inode: 47496 Links: 1 Device type: 1,3</div><div>Access: (0666/crw-rw-rw-) Uid: ( 0/ root) Gid: ( 0/ root)</div><div>Access: 2014-07-15 05:59:48.235291004 +0000</div>
<div>Modify: 2014-07-15 05:59:48.235291004 +0000</div><div>Change: 2014-07-15 05:59:48.235291004 +0000</div><div> Birth: -</div><div>$</div><div><br></div><div>Apparently, what is recorded as the open file descriptor 0 during dump is the system's /dev/null in the global mount namespace, not the /dev/null in the container's mount namespace. As a result, we get the following error in check_map_remap():</div>
<div><br></div><div><div>(00.061198) Error (files-reg.c:605): Unaccessible path ./dev/null opened 42:47496, need 5:5294</div></div><div><br></div><div>Notice that 5:5294 is system's /dev/null in the global mount namespace (see the stat command below) whereas 42:47496 is the container's /dev/null.</div>
<div><br></div><div>$ stat /dev/null</div><div> File: ‘/dev/null’</div><div> Size: 0 <span class="" style="white-space:pre"> </span>Blocks: 0 IO Block: 4096 character special file</div><div>Device: 5h/5d<span class="" style="white-space:pre"> </span>Inode: 5294 Links: 1 Device type: 1,3</div>
<div>Access: (0666/crw-rw-rw-) Uid: ( 0/ root) Gid: ( 0/ root)</div><div>Access: 2014-07-14 11:20:13.847273000 -0700</div><div>Modify: 2014-07-14 11:20:13.847273000 -0700</div><div>Change: 2014-07-14 11:20:13.847273000 -0700</div>
<div> Birth: -</div><div>$</div><div><br></div><div>Attached is dump.log. Does this analysis make sense or am I missing something?</div></div><div><br></div><div>--Saied</div></div>