[lxc.git] / debian / patches / extra / 0001-confile-add-lxc.monitor.signal.pdeath.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 16 Jul 2018 11:07:58 +0200
Subject: [PATCH] confile: add lxc.monitor.signal.pdeath

Set the signal to be sent to the container's init when the lxc monitor exits.
By default it is set to SIGKILL which will cause all container processes to be
killed when the lxc monitor process dies.
To ensure that containers stay alive even if lxc monitor dies set this to 0.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
(cherry picked from commit 258f80519f3bb0a41c26083020154e9a61df8468)
---
 doc/lxc.container.conf.sgml.in | 15 +++++++++++++++
 src/lxc/conf.c                 |  1 +
 src/lxc/conf.h                 |  1 +
 src/lxc/confile.c              | 38 ++++++++++++++++++++++++++++++++++++++
 src/lxc/start.c                |  9 +++++++++
 5 files changed, 64 insertions(+)

diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 8caee9ee..2d85ab7f 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -2382,6 +2382,21 @@ dev/null proc/kcore none bind,relative 0 0
         </varlistentry>
         <varlistentry>
           <term>
+            <option>lxc.monitor.signal.pdeath</option>
+          </term>
+          <listitem>
+            <para>
+              Set the signal to be sent to the container's init when the lxc
+              monitor exits. By default it is set to SIGKILL which will cause
+              all container processes to be killed when the lxc monitor process
+              dies.
+              To ensure that containers stay alive even if lxc monitor dies set
+              this to 0.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
             <option>lxc.group</option>
           </term>
           <listitem>
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 85ae6cd2..4dd063e6 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2707,6 +2707,7 @@ struct lxc_conf *lxc_conf_init(void)
 	new->console.name[0] = '\0';
 	memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf));
 	new->maincmd_fd = -1;
+	new->monitor_signal_pdeath = SIGKILL;
 	new->nbd_idx = -1;
 	new->rootfs.mount = strdup(default_rootfs_mount);
 	if (!new->rootfs.mount) {
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index d87b3347..1c029fea 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -307,6 +307,7 @@ struct lxc_conf {
 
 	/* unshare the mount namespace in the monitor */
 	unsigned int monitor_unshare;
+	unsigned int monitor_signal_pdeath;
 
 	/* list of included files */
 	struct lxc_list includes;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index f4a01b04..3bc86790 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -111,6 +111,7 @@ lxc_config_define(log_file);
 lxc_config_define(log_level);
 lxc_config_define(log_syslog);
 lxc_config_define(monitor);
+lxc_config_define(monitor_signal_pdeath);
 lxc_config_define(mount);
 lxc_config_define(mount_auto);
 lxc_config_define(mount_fstab);
@@ -194,6 +195,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.log.level",                 set_config_log_level,                   get_config_log_level,                   clr_config_log_level,                 },
 	{ "lxc.log.syslog",                set_config_log_syslog,                  get_config_log_syslog,                  clr_config_log_syslog,                },
 	{ "lxc.monitor.unshare",           set_config_monitor,                     get_config_monitor,                     clr_config_monitor,                   },
+	{ "lxc.monitor.signal.pdeath",     set_config_monitor_signal_pdeath,       get_config_monitor_signal_pdeath,       clr_config_monitor_signal_pdeath,     },
 	{ "lxc.mount.auto",                set_config_mount_auto,                  get_config_mount_auto,                  clr_config_mount_auto,                },
 	{ "lxc.mount.entry",               set_config_mount,                       get_config_mount,                       clr_config_mount,                     },
 	{ "lxc.mount.fstab",               set_config_mount_fstab,                 get_config_mount_fstab,                 clr_config_mount_fstab,               },
@@ -976,6 +978,28 @@ static int set_config_monitor(const char *key, const char *value,
 	return -1;
 }
 
+static int set_config_monitor_signal_pdeath(const char *key, const char *value,
+					    struct lxc_conf *lxc_conf, void *data)
+{
+	if (lxc_config_value_empty(value)) {
+		lxc_conf->monitor_signal_pdeath = 0;
+		return 0;
+	}
+
+	if (strcmp(key + 12, "signal.pdeath") == 0) {
+		int sig_n;
+
+		sig_n = sig_parse(value);
+		if (sig_n < 0)
+			return -1;
+
+		lxc_conf->monitor_signal_pdeath = sig_n;
+		return 0;
+	}
+
+	return -EINVAL;
+}
+
 static int set_config_group(const char *key, const char *value,
 			    struct lxc_conf *lxc_conf, void *data)
 {
@@ -3413,6 +3437,13 @@ static int get_config_monitor(const char *key, char *retv, int inlen,
 	return lxc_get_conf_int(c, retv, inlen, c->monitor_unshare);
 }
 
+static int get_config_monitor_signal_pdeath(const char *key, char *retv,
+					    int inlen, struct lxc_conf *c,
+					    void *data)
+{
+	return lxc_get_conf_int(c, retv, inlen, c->monitor_signal_pdeath);
+}
+
 static int get_config_group(const char *key, char *retv, int inlen,
 			    struct lxc_conf *c, void *data)
 {
@@ -3968,6 +3999,13 @@ static inline int clr_config_monitor(const char *key, struct lxc_conf *c,
 	return 0;
 }
 
+static inline int clr_config_monitor_signal_pdeath(const char *key,
+						   struct lxc_conf *c, void *data)
+{
+	c->monitor_signal_pdeath = 0;
+	return 0;
+}
+
 static inline int clr_config_group(const char *key, struct lxc_conf *c,
 				   void *data)
 {
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 827a9ee9..f67e3f66 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1385,6 +1385,15 @@ static int do_start(void *data)
 		goto out_warn_father;
 	}
 
+	if (handler->conf->monitor_signal_pdeath != SIGKILL) {
+		ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath);
+		if (ret < 0) {
+			SYSERROR("Failed to set PR_SET_PDEATHSIG to %d",
+				 handler->conf->monitor_signal_pdeath);
+			goto out_warn_father;
+		}
+	}
+
 	/* After this call, we are in error because this ops should not return
 	 * as it execs.
 	 */
-- 
2.11.0
Commit	Line	Data
2d8021b3 WB	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Christian Brauner <christian.brauner@ubuntu.com>
	3	Date: Mon, 16 Jul 2018 11:07:58 +0200
	4	Subject: [PATCH] confile: add lxc.monitor.signal.pdeath
	5
	6	Set the signal to be sent to the container's init when the lxc monitor exits.
	7	By default it is set to SIGKILL which will cause all container processes to be
	8	killed when the lxc monitor process dies.
	9	To ensure that containers stay alive even if lxc monitor dies set this to 0.
	10
	11	Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
	12	(cherry picked from commit 258f80519f3bb0a41c26083020154e9a61df8468)
	13	---
	14	doc/lxc.container.conf.sgml.in \| 15 +++++++++++++++
	15	src/lxc/conf.c \| 1 +
	16	src/lxc/conf.h \| 1 +
	17	src/lxc/confile.c \| 38 ++++++++++++++++++++++++++++++++++++++
	18	src/lxc/start.c \| 9 +++++++++
	19	5 files changed, 64 insertions(+)
	20
	21	diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
f46e8fbf	22	index 8caee9ee..2d85ab7f 100644
2d8021b3 WB	23	--- a/doc/lxc.container.conf.sgml.in
2d8021b3 WB	24	+++ b/doc/lxc.container.conf.sgml.in
f46e8fbf	25	@@ -2382,6 +2382,21 @@ dev/null proc/kcore none bind,relative 0 0
2d8021b3 WB	26	</varlistentry>
	27	<varlistentry>
	28	<term>
	29	+ <option>lxc.monitor.signal.pdeath</option>
	30	+ </term>
	31	+ <listitem>
	32	+ <para>
	33	+ Set the signal to be sent to the container's init when the lxc
	34	+ monitor exits. By default it is set to SIGKILL which will cause
	35	+ all container processes to be killed when the lxc monitor process
	36	+ dies.
	37	+ To ensure that containers stay alive even if lxc monitor dies set
	38	+ this to 0.
	39	+ </para>
	40	+ </listitem>
	41	+ </varlistentry>
	42	+ <varlistentry>
	43	+ <term>
	44	<option>lxc.group</option>
	45	</term>
	46	<listitem>
	47	diff --git a/src/lxc/conf.c b/src/lxc/conf.c
f46e8fbf	48	index 85ae6cd2..4dd063e6 100644
2d8021b3 WB	49	--- a/src/lxc/conf.c
2d8021b3 WB	50	+++ b/src/lxc/conf.c
f46e8fbf	51	@@ -2707,6 +2707,7 @@ struct lxc_conf *lxc_conf_init(void)
2d8021b3 WB	52	new->console.name[0] = '\0';
	53	memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf));
	54	new->maincmd_fd = -1;
	55	+ new->monitor_signal_pdeath = SIGKILL;
	56	new->nbd_idx = -1;
	57	new->rootfs.mount = strdup(default_rootfs_mount);
	58	if (!new->rootfs.mount) {
	59	diff --git a/src/lxc/conf.h b/src/lxc/conf.h
f46e8fbf	60	index d87b3347..1c029fea 100644
2d8021b3 WB	61	--- a/src/lxc/conf.h
2d8021b3 WB	62	+++ b/src/lxc/conf.h
f46e8fbf	63	@@ -307,6 +307,7 @@ struct lxc_conf {
2d8021b3 WB	64
	65	/* unshare the mount namespace in the monitor */
	66	unsigned int monitor_unshare;
	67	+ unsigned int monitor_signal_pdeath;
	68
	69	/* list of included files */
	70	struct lxc_list includes;
	71	diff --git a/src/lxc/confile.c b/src/lxc/confile.c
f46e8fbf	72	index f4a01b04..3bc86790 100644
2d8021b3 WB	73	--- a/src/lxc/confile.c
	74	+++ b/src/lxc/confile.c
	75	@@ -111,6 +111,7 @@ lxc_config_define(log_file);
	76	lxc_config_define(log_level);
	77	lxc_config_define(log_syslog);
	78	lxc_config_define(monitor);
	79	+lxc_config_define(monitor_signal_pdeath);
	80	lxc_config_define(mount);
	81	lxc_config_define(mount_auto);
	82	lxc_config_define(mount_fstab);
	83	@@ -194,6 +195,7 @@ static struct lxc_config_t config[] = {
	84	{ "lxc.log.level", set_config_log_level, get_config_log_level, clr_config_log_level, },
	85	{ "lxc.log.syslog", set_config_log_syslog, get_config_log_syslog, clr_config_log_syslog, },
	86	{ "lxc.monitor.unshare", set_config_monitor, get_config_monitor, clr_config_monitor, },
	87	+ { "lxc.monitor.signal.pdeath", set_config_monitor_signal_pdeath, get_config_monitor_signal_pdeath, clr_config_monitor_signal_pdeath, },
	88	{ "lxc.mount.auto", set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, },
	89	{ "lxc.mount.entry", set_config_mount, get_config_mount, clr_config_mount, },
	90	{ "lxc.mount.fstab", set_config_mount_fstab, get_config_mount_fstab, clr_config_mount_fstab, },
	91	@@ -976,6 +978,28 @@ static int set_config_monitor(const char key, const char value,
	92	return -1;
	93	}
	94
	95	+static int set_config_monitor_signal_pdeath(const char key, const char value,
	96	+ struct lxc_conf lxc_conf, void data)
	97	+{
	98	+ if (lxc_config_value_empty(value)) {
	99	+ lxc_conf->monitor_signal_pdeath = 0;
	100	+ return 0;
	101	+ }
	102	+
	103	+ if (strcmp(key + 12, "signal.pdeath") == 0) {
	104	+ int sig_n;
	105	+
	106	+ sig_n = sig_parse(value);
	107	+ if (sig_n < 0)
	108	+ return -1;
	109	+
	110	+ lxc_conf->monitor_signal_pdeath = sig_n;
	111	+ return 0;
	112	+ }
	113	+
	114	+ return -EINVAL;
	115	+}
	116	+
	117	static int set_config_group(const char key, const char value,
	118	struct lxc_conf lxc_conf, void data)
	119	{
f46e8fbf	120	@@ -3413,6 +3437,13 @@ static int get_config_monitor(const char key, char retv, int inlen,
2d8021b3 WB	121	return lxc_get_conf_int(c, retv, inlen, c->monitor_unshare);
	122	}
	123
	124	+static int get_config_monitor_signal_pdeath(const char key, char retv,
	125	+ int inlen, struct lxc_conf *c,
	126	+ void *data)
	127	+{
	128	+ return lxc_get_conf_int(c, retv, inlen, c->monitor_signal_pdeath);
	129	+}
	130	+
	131	static int get_config_group(const char key, char retv, int inlen,
	132	struct lxc_conf c, void data)
	133	{
f46e8fbf	134	@@ -3968,6 +3999,13 @@ static inline int clr_config_monitor(const char key, struct lxc_conf c,
2d8021b3 WB	135	return 0;
	136	}
	137
	138	+static inline int clr_config_monitor_signal_pdeath(const char *key,
	139	+ struct lxc_conf c, void data)
	140	+{
	141	+ c->monitor_signal_pdeath = 0;
	142	+ return 0;
	143	+}
	144	+
	145	static inline int clr_config_group(const char key, struct lxc_conf c,
	146	void *data)
	147	{
	148	diff --git a/src/lxc/start.c b/src/lxc/start.c
f46e8fbf	149	index 827a9ee9..f67e3f66 100644
2d8021b3 WB	150	--- a/src/lxc/start.c
2d8021b3 WB	151	+++ b/src/lxc/start.c
f46e8fbf	152	@@ -1385,6 +1385,15 @@ static int do_start(void *data)
2d8021b3 WB	153	goto out_warn_father;
	154	}
	155
	156	+ if (handler->conf->monitor_signal_pdeath != SIGKILL) {
	157	+ ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath);
	158	+ if (ret < 0) {
	159	+ SYSERROR("Failed to set PR_SET_PDEATHSIG to %d",
	160	+ handler->conf->monitor_signal_pdeath);
	161	+ goto out_warn_father;
	162	+ }
	163	+ }
	164	+
	165	/* After this call, we are in error because this ops should not return
	166	* as it execs.
	167	*/
	168	--
	169	2.11.0
	170