[lxc.git] / debian / patches / fixes / 0008-fix-signal-sending-in-lxc.init.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@tycho.ws>
Date: Wed, 4 Apr 2018 17:45:29 -0600
Subject: [PATCH] fix signal sending in lxc.init

The problem here is that these two clauses were ordered backwards: we first
check if the signal came from not the init pid, and if it did, then we give
a notice and return. The comment notes that this is intended to protect
against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
because that's tested in the next hunk.

The symptom is that if I e.g. send SIGTERM from the outside world to the
container init, it ignores it and gives this notice. If we re-order these
clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
things that aren't the real container process.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
---
 src/lxc/start.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index ae13aae9..1982270e 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -380,6 +380,12 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
 	}
 
+	if (siginfo.ssi_signo != SIGCHLD) {
+		kill(hdlr->pid, siginfo.ssi_signo);
+		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
+		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+	}
+
 	/* More robustness, protect ourself from a SIGCHLD sent
 	 * by a process different from the container init.
 	 */
@@ -389,12 +395,6 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
 	}
 
-	if (siginfo.ssi_signo != SIGCHLD) {
-		kill(hdlr->pid, siginfo.ssi_signo);
-		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
-		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
-	}
-
 	if (siginfo.ssi_code == CLD_STOPPED) {
 		INFO("Container init process was stopped");
 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
-- 
2.11.0
Commit	Line	Data
99be5c8c WB	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Tycho Andersen <tycho@tycho.ws>
	3	Date: Wed, 4 Apr 2018 17:45:29 -0600
	4	Subject: [PATCH] fix signal sending in lxc.init
	5
	6	The problem here is that these two clauses were ordered backwards: we first
	7	check if the signal came from not the init pid, and if it did, then we give
	8	a notice and return. The comment notes that this is intended to protect
	9	against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
	10	because that's tested in the next hunk.
	11
	12	The symptom is that if I e.g. send SIGTERM from the outside world to the
	13	container init, it ignores it and gives this notice. If we re-order these
	14	clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
	15	things that aren't the real container process.
	16
	17	Signed-off-by: Tycho Andersen <tycho@tycho.ws>
	18	---
	19	src/lxc/start.c \| 12 ++++++------
	20	1 file changed, 6 insertions(+), 6 deletions(-)
	21
	22	diff --git a/src/lxc/start.c b/src/lxc/start.c
	23	index ae13aae9..1982270e 100644
	24	--- a/src/lxc/start.c
	25	+++ b/src/lxc/start.c
	26	@@ -380,6 +380,12 @@ static int signal_handler(int fd, uint32_t events, void *data,
	27	return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
	28	}
	29
	30	+ if (siginfo.ssi_signo != SIGCHLD) {
	31	+ kill(hdlr->pid, siginfo.ssi_signo);
	32	+ INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
	33	+ return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
	34	+ }
	35	+
	36	/* More robustness, protect ourself from a SIGCHLD sent
	37	* by a process different from the container init.
	38	*/
	39	@@ -389,12 +395,6 @@ static int signal_handler(int fd, uint32_t events, void *data,
	40	return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
	41	}
	42
	43	- if (siginfo.ssi_signo != SIGCHLD) {
	44	- kill(hdlr->pid, siginfo.ssi_signo);
	45	- INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
	46	- return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
	47	- }
	48	-
	49	if (siginfo.ssi_code == CLD_STOPPED) {
	50	INFO("Container init process was stopped");
	51	return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
	52	--
	53	2.11.0
	54