jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nsenter waits for parent signal before forking 

this allows the parent to place the process into cgroup first so it can track
the children properly

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
This commit is contained in:
Daniel, Dao Quang Minh 2015-01-08 02:27:49 -05:00
parent 29ba9b3179
commit 9946e299af
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
namespaces/execin.go
View File

@ -73,6 +73,11 @@ func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs
return terminate(err)
}
// finish cgroups' setup, unblock the child process.
if _, err := parent.WriteString("1"); err != nil {
return terminate(err)
}
if err := json.NewEncoder(parent).Encode(container); err != nil {
return terminate(err)
}

6
namespaces/nsenter/nsenter.c
View File

@ -155,6 +155,12 @@ void nsenter()
exit(1);
}
}
// blocking until the parent placed the process inside correct cgroups.
unsigned char s;
if (read(3, &s, 1) != 1 || s != '1') {
pr_perror("failed to receive synchronization data from parent");
exit(1);
}
// Setns on all supported namespaces.
char ns_dir[PATH_MAX];
memset(ns_dir, 0, PATH_MAX);