[Devel] [PATCH] ct: fix exec to really enter into pidns (v3)

Andrey Vagin avagin at openvz.org
Tue Jul 9 21:02:03 PDT 2013 

setns() of the pid namespace unlike unsharing of other namespaces
does not take affect immediately. Instead it affects the children
created with fork and clone.

v2: don't forget about the end mark in close_fds
v3: use nice and dandy env_wait()

https://bugzilla.openvz.org/show_bug.cgi?id=2658

Reported-by: Igor Gnatenko <i.gnatenko.brain at gmail.com>
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 src/lib/exec.c     | 10 ++++++++--
 src/lib/hooks_ct.c | 21 +++++++++++++++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/lib/exec.c b/src/lib/exec.c
index 50cd3a3..1f3c3bd 100644
--- a/src/lib/exec.c
+++ b/src/lib/exec.c
@@ -124,9 +124,15 @@ int env_wait(int pid)
 {
 	int ret, status;
 
-	while ((ret = waitpid(pid, &status, 0)) == -1)
-		if (errno != EINTR)
+	do {
+		ret = waitpid(pid, &status, 0);
+		if (ret == -1) {
+			if (errno == EINTR)
+				continue;
 			break;
+		}
+	} while (WIFSTOPPED(status) || WIFCONTINUED(status));
+
 	if (ret == pid) {
 		ret = VZ_SYSTEM_ERROR;
 		if (WIFEXITED(status))
diff --git a/src/lib/hooks_ct.c b/src/lib/hooks_ct.c
index 3cd1404..1657218 100644
--- a/src/lib/hooks_ct.c
+++ b/src/lib/hooks_ct.c
@@ -13,6 +13,7 @@
 
 #include "vzerror.h"
 #include "env.h"
+#include "exec.h"
 #include "util.h"
 #include "logger.h"
 #include "script.h"
@@ -536,9 +537,8 @@ static int ct_enter(vps_handler *h, envid_t veid, const char *root, int flags)
 	char path[STR_SIZE]; /* long enough for any pid */
 	pid_t task_pid;
 	int ret = VZ_RESOURCE_ERROR;
-	int err;
 	bool joined_mnt_ns = false;
-	int fd;
+	int fd, err;
 
 	if (!h->can_join_pidns) {
 		logger(-1, 0, "Kernel lacks setns for pid namespace");
@@ -621,8 +621,25 @@ static int ct_enter(vps_handler *h, envid_t veid, const char *root, int flags)
 	if (!joined_mnt_ns && (ret = ct_chroot(root)))
 		goto out;
 
+	/*
+	 * setns() of the pid namespace unlike unsharing of other namespaces
+	 * does not take affect immediately.  Instead it affects the children
+	 * created with fork and clone.
+	 */
+	task_pid = fork();
+	if (task_pid < 0) {
+		logger(-1, errno, "Unable to fork");
+		goto out;
+	}
+
 	ret = 0;
+	if (task_pid == 0)
+		goto out;
+
+	close_fds(false, -1);
 
+	ret = env_wait(task_pid);
+	exit(ret);
 out:
 	closedir(dp);
 	return ret;
-- 
1.8.3.1

More information about the Devel mailing list