[Devel] [PATCH] ct: fix exec to really enter into pidns (v2)

Kir Kolyshkin kir at openvz.org
Tue Jul 9 20:16:19 PDT 2013 

On 07/09/2013 10:25 AM, Andrey Vagin wrote:
> setns() of the pid namespace unlike unsharing of other namespaces
> does not take affect immediately. Instead it affects the children
> created with fork and clone.
>
> v2: don't forget about the end mark in close_fds
>
> https://bugzilla.openvz.org/show_bug.cgi?id=2658
>
> Reported-by: Igor Gnatenko <i.gnatenko.brain at gmail.com>
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> ---
>   src/lib/hooks_ct.c | 34 ++++++++++++++++++++++++++++++++--
>   1 file changed, 32 insertions(+), 2 deletions(-)
>
> diff --git a/src/lib/hooks_ct.c b/src/lib/hooks_ct.c
> index 3cd1404..9854bc9 100644
> --- a/src/lib/hooks_ct.c
> +++ b/src/lib/hooks_ct.c
> @@ -536,9 +536,8 @@ static int ct_enter(vps_handler *h, envid_t veid, const char *root, int flags)
>   	char path[STR_SIZE]; /* long enough for any pid */
>   	pid_t task_pid;
>   	int ret = VZ_RESOURCE_ERROR;
> -	int err;
>   	bool joined_mnt_ns = false;
> -	int fd;
> +	int fd, err, status;
>   
>   	if (!h->can_join_pidns) {
>   		logger(-1, 0, "Kernel lacks setns for pid namespace");
> @@ -621,7 +620,38 @@ static int ct_enter(vps_handler *h, envid_t veid, const char *root, int flags)
>   	if (!joined_mnt_ns && (ret = ct_chroot(root)))
>   		goto out;
>   
> +	/*
> +	 * setns() of the pid namespace unlike unsharing of other namespaces
> +	 * does not take affect immediately.  Instead it affects the children
> +	 * created with fork and clone.
> +	 */
> +	task_pid = fork();
> +	if (task_pid < 0) {
> +		logger(-1, errno, "Unable to fork");
> +		goto out;
> +	}
> +
>   	ret = 0;
> +	if (task_pid == 0)
> +		goto out;
> +
> +	close_fds(false, -1);
> +	while (1) {
> +		ret = waitpid(task_pid, &status, 0);
> +		if (ret < 0) {
> +			logger(-1, errno, "Unable to wait the child %d", task_pid);
> +			exit(VZ_RESOURCE_ERROR);
> +		}
> +		if (WIFSTOPPED(status) || WIFCONTINUED(status))
> +			continue;
> +
> +		break;
> +	}
> +
> +	if (WIFEXITED(status))
> +		exit(WEXITSTATUS(status));
> +	else
> +		exit(-WTERMSIG(status));

Can we please use nice and dandy wait_child function?

>   
>   out:
>   	closedir(dp);

More information about the Devel mailing list