Skip to content
This repository has been archived by the owner on Apr 3, 2018. It is now read-only.

Commit

Permalink
shim: Start shims inside PID namespace
Browse files Browse the repository at this point in the history 
The shim representing the container process needs to be in its own
PID namespace as the "init" process. The reason is that we need to
make sure it will wait for its exec'ed processes in the same PID
namespace to be killed before to return. This happens inside each
agent, but if this is not reproduced on the host, we get some race
conditions leading the shim container process to return before its
exec'ed processes are killed. And this leads those shims to never
return their exit codes.

This commit solves this issue by making sure a new shim representing
a container process enters a new PID namespace, and any exec'ed
process related to this container enters this PID namespace previously
created.

Fixes #613

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
  • Loading branch information
Sebastien Boeuf committed Feb 27, 2018
1 parent ed3a0ea commit 9f1b05c
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 6 deletions.
11 changes: 8 additions & 3 deletions hyperstart_agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,11 +322,15 @@ func (h *hyper) exec(pod *Pod, c Container, cmd Cmd) (*Process, error) {
Console: cmd.Console,
Terminal: cmd.Interactive,
Detach: cmd.Detach,
EnterNS: []ns.Namespace{
EnterNS: []ns.Namespace{
{
Path: pod.networkNS.NetNsPath,
PID: c.process.Pid,
Type: ns.NSTypeNet,
},
{
PID: c.process.Pid,
Type: ns.NSTypePID,
},
},
}

Expand Down Expand Up @@ -511,7 +515,8 @@ func (h *hyper) createContainer(pod *Pod, c *Container) (*Process, error) {
Console: c.config.Cmd.Console,
Terminal: c.config.Cmd.Interactive,
Detach: c.config.Cmd.Detach,
EnterNS: []ns.Namespace{
CreateNS: []ns.NSType{ns.NSTypePID},
EnterNS: []ns.Namespace{
{
Path: pod.networkNS.NetNsPath,
Type: ns.NSTypeNet,
Expand Down
11 changes: 8 additions & 3 deletions kata_agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,11 +305,15 @@ func (k *kataAgent) exec(pod *Pod, c Container, cmd Cmd) (*Process, error) {
Console: cmd.Console,
Terminal: cmd.Interactive,
Detach: cmd.Detach,
EnterNS: []ns.Namespace{
EnterNS: []ns.Namespace{
{
Path: pod.networkNS.NetNsPath,
PID: c.process.Pid,
Type: ns.NSTypeNet,
},
{
PID: c.process.Pid,
Type: ns.NSTypePID,
},
},
}

Expand Down Expand Up @@ -694,7 +698,8 @@ func (k *kataAgent) createContainer(pod *Pod, c *Container) (*Process, error) {
Console: c.config.Cmd.Console,
Terminal: c.config.Cmd.Interactive,
Detach: c.config.Cmd.Detach,
EnterNS: []ns.Namespace{
CreateNS: []ns.NSType{ns.NSTypePID},
EnterNS: []ns.Namespace{
{
Path: pod.networkNS.NetNsPath,
Type: ns.NSTypeNet,
Expand Down

0 comments on commit 9f1b05c

Please sign in to comment.