fix process leakage in container delete when use share pid namespace

We should send SIGKILL to all processes in the container for situations as follows: 1. The container joined the host's pid namespace; 2. The container joined the other process's pid namespace. Signed-off-by: Lifubang <lifubang@acmcoder.com>
2019-04-07 11:12:05 +08:00 · 2019-04-07 11:12:05 +08:00 · 302fa700d3
parent dd8d48ede8
commit 302fa700d3
1 changed files with 16 additions and 1 deletions
--- a/libcontainer/state_linux.go
+++ b/libcontainer/state_linux.go
@ -37,8 +37,23 @@ type containerState interface {
 	status() Status
 }

+func shouldKillAll(c *linuxContainer) bool {
+	blNewPid := false
+	blNewPidPath := false
+	for _, n := range c.config.Namespaces {
+		if n.Type == configs.NEWPID {
+			blNewPid = true
+			if n.Path != "" {
+				blNewPidPath = true
+			}
+			break
+		}
+	}
+	return !blNewPid || blNewPidPath
+}
+
 func destroy(c *linuxContainer) error {
-	if !c.config.Namespaces.Contains(configs.NEWPID) {
+	if shouldKillAll(c) {
 		if err := signalAllProcesses(c.cgroupManager, unix.SIGKILL); err != nil {
 			logrus.Warn(err)
 		}