From 879dfdd980f3c27c5d928cae9bf97e8fbee6dea0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Fri, 6 Nov 2015 16:49:06 -0800
Subject: [PATCH] Fix race setting process opts

When starting and quering for pids a container can start and exit before
this is set.  So set the opts after the process is started and while
libcontainer still has the container's process blocking on the pipe.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 libcontainer/container_linux.go | 3 ++-
 libcontainer/process_linux.go   | 8 +++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index 94cb8979..578def6b 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -179,7 +179,6 @@ func (c *linuxContainer) Start(process *Process) error {
 		}
 		return newSystemError(err)
 	}
-	process.ops = parent
 	if doInit {
 		c.updateState(parent)
 	}
@@ -254,6 +253,7 @@ func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, parentPipe, c
 		manager:    c.cgroupManager,
 		config:     c.newInitConfig(p),
 		container:  c,
+		process:    p,
 	}, nil
 }
 
@@ -272,6 +272,7 @@ func (c *linuxContainer) newSetnsProcess(p *Process, cmd *exec.Cmd, parentPipe,
 		childPipe:   childPipe,
 		parentPipe:  parentPipe,
 		config:      c.newInitConfig(p),
+		process:     p,
 	}
 }
 
diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
index 01021f75..4d17cbc5 100644
--- a/libcontainer/process_linux.go
+++ b/libcontainer/process_linux.go
@@ -47,6 +47,7 @@ type setnsProcess struct {
 	cgroupPaths map[string]string
 	config      *initConfig
 	fds         []string
+	process     *Process
 }
 
 func (p *setnsProcess) startTime() (string, error) {
@@ -87,7 +88,6 @@ func (p *setnsProcess) start() (err error) {
 		p.wait()
 		return newSystemError(ierr)
 	}
-
 	return nil
 }
 
@@ -115,13 +115,12 @@ func (p *setnsProcess) execSetns() error {
 		p.cmd.Wait()
 		return newSystemError(err)
 	}
-
 	process, err := os.FindProcess(pid.Pid)
 	if err != nil {
 		return err
 	}
-
 	p.cmd.Process = process
+	p.process.ops = p
 	return nil
 }
 
@@ -165,6 +164,7 @@ type initProcess struct {
 	manager    cgroups.Manager
 	container  *linuxContainer
 	fds        []string
+	process    *Process
 }
 
 func (p *initProcess) pid() int {
@@ -178,8 +178,10 @@ func (p *initProcess) externalDescriptors() []string {
 func (p *initProcess) start() (err error) {
 	defer p.parentPipe.Close()
 	err = p.cmd.Start()
+	p.process.ops = p
 	p.childPipe.Close()
 	if err != nil {
+		p.process.ops = nil
 		return newSystemError(err)
 	}
 	// Save the standard descriptor names before the container process