Merge pull request #137 from mrunalp/dev/moveuplockthread

Lock the thread first thing in init.

namespaces/init.go

@@ -5,7 +5,6 @@ package namespaces
 import (
 	"fmt"
 	"os"
-	"runtime"
 	"strings"
 	"syscall"
 
@@ -28,6 +27,8 @@ import (
 // Move this to libcontainer package.
 // Init is the init process that first runs inside a new namespace to setup mounts, users, networking,
 // and other options required for the new container.
+// The caller of Init function has to ensure that the go runtime is locked to an OS thread
+// (using runtime.LockOSThread) else system calls like setns called within Init may not work as intended.
 func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *syncpipe.SyncPipe, args []string) (err error) {
 	defer func() {
 		if err != nil {
@@ -87,8 +88,6 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syn
 		}
 	}
 
-	runtime.LockOSThread()
-
 	if err := apparmor.ApplyProfile(container.AppArmorProfile); err != nil {
 		return fmt.Errorf("set apparmor profile %s: %s", container.AppArmorProfile, err)
 	}

nsinit/init.go

@@ -3,6 +3,7 @@ package nsinit
 import (
 	"log"
 	"os"
+	"runtime"
 	"strconv"
 
 	"github.com/codegangsta/cli"
@@ -23,6 +24,8 @@ var (
 )
 
 func initAction(context *cli.Context) {
+	runtime.LockOSThread()
+
 	container, err := loadContainer()
 	if err != nil {
 		log.Fatal(err)