debian/patches/extra/0001-confile-add-lxc.monitor.signal.pdeath.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Christian Brauner <christian.brauner@ubuntu.com>
   3 Date: Mon, 16 Jul 2018 11:07:58 +0200
   4 Subject: [PATCH] confile: add lxc.monitor.signal.pdeath
   5
   6 Set the signal to be sent to the container's init when the lxc monitor exits.
   7 By default it is set to SIGKILL which will cause all container processes to be
   8 killed when the lxc monitor process dies.
   9 To ensure that containers stay alive even if lxc monitor dies set this to 0.
  10
  11 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
  12 (cherry picked from commit 258f80519f3bb0a41c26083020154e9a61df8468)
  13 ---
  14  doc/lxc.container.conf.sgml.in | 15 +++++++++++++++
  15  src/lxc/conf.c                 |  1 +
  16  src/lxc/conf.h                 |  1 +
  17  src/lxc/confile.c              | 38 ++++++++++++++++++++++++++++++++++++++
  18  src/lxc/start.c                |  9 +++++++++
  19  5 files changed, 64 insertions(+)
  20
  21 diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
  22 index 4ac26058..3e9e4e03 100644
  23 --- a/doc/lxc.container.conf.sgml.in
  24 +++ b/doc/lxc.container.conf.sgml.in
  25 @@ -2380,6 +2380,21 @@ dev/null proc/kcore none bind,relative 0 0
  26          </varlistentry>
  27          <varlistentry>
  28            <term>
  29 +            <option>lxc.monitor.signal.pdeath</option>
  30 +          </term>
  31 +          <listitem>
  32 +            <para>
  33 +              Set the signal to be sent to the container's init when the lxc
  34 +              monitor exits. By default it is set to SIGKILL which will cause
  35 +              all container processes to be killed when the lxc monitor process
  36 +              dies.
  37 +              To ensure that containers stay alive even if lxc monitor dies set
  38 +              this to 0.
  39 +            </para>
  40 +          </listitem>
  41 +        </varlistentry>
  42 +        <varlistentry>
  43 +          <term>
  44              <option>lxc.group</option>
  45            </term>
  46            <listitem>
  47 diff --git a/src/lxc/conf.c b/src/lxc/conf.c
  48 index c5d6f5b1..d36987c8 100644
  49 --- a/src/lxc/conf.c
  50 +++ b/src/lxc/conf.c
  51 @@ -2683,6 +2683,7 @@ struct lxc_conf *lxc_conf_init(void)
  52         new->console.name[0] = '\0';
  53         memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf));
  54         new->maincmd_fd = -1;
  55 +       new->monitor_signal_pdeath = SIGKILL;
  56         new->nbd_idx = -1;
  57         new->rootfs.mount = strdup(default_rootfs_mount);
  58         if (!new->rootfs.mount) {
  59 diff --git a/src/lxc/conf.h b/src/lxc/conf.h
  60 index ea3a71df..f7a879c3 100644
  61 --- a/src/lxc/conf.h
  62 +++ b/src/lxc/conf.h
  63 @@ -303,6 +303,7 @@ struct lxc_conf {
  64
  65         /* unshare the mount namespace in the monitor */
  66         unsigned int monitor_unshare;
  67 +       unsigned int monitor_signal_pdeath;
  68
  69         /* list of included files */
  70         struct lxc_list includes;
  71 diff --git a/src/lxc/confile.c b/src/lxc/confile.c
  72 index 4f46d7bf..8a7505da 100644
  73 --- a/src/lxc/confile.c
  74 +++ b/src/lxc/confile.c
  75 @@ -111,6 +111,7 @@ lxc_config_define(log_file);
  76  lxc_config_define(log_level);
  77  lxc_config_define(log_syslog);
  78  lxc_config_define(monitor);
  79 +lxc_config_define(monitor_signal_pdeath);
  80  lxc_config_define(mount);
  81  lxc_config_define(mount_auto);
  82  lxc_config_define(mount_fstab);
  83 @@ -194,6 +195,7 @@ static struct lxc_config_t config[] = {
  84         { "lxc.log.level",                 set_config_log_level,                   get_config_log_level,                   clr_config_log_level,                 },
  85         { "lxc.log.syslog",                set_config_log_syslog,                  get_config_log_syslog,                  clr_config_log_syslog,                },
  86         { "lxc.monitor.unshare",           set_config_monitor,                     get_config_monitor,                     clr_config_monitor,                   },
  87 +       { "lxc.monitor.signal.pdeath",     set_config_monitor_signal_pdeath,       get_config_monitor_signal_pdeath,       clr_config_monitor_signal_pdeath,     },
  88         { "lxc.mount.auto",                set_config_mount_auto,                  get_config_mount_auto,                  clr_config_mount_auto,                },
  89         { "lxc.mount.entry",               set_config_mount,                       get_config_mount,                       clr_config_mount,                     },
  90         { "lxc.mount.fstab",               set_config_mount_fstab,                 get_config_mount_fstab,                 clr_config_mount_fstab,               },
  91 @@ -976,6 +978,28 @@ static int set_config_monitor(const char *key, const char *value,
  92         return -1;
  93  }
  94
  95 +static int set_config_monitor_signal_pdeath(const char *key, const char *value,
  96 +                                           struct lxc_conf *lxc_conf, void *data)
  97 +{
  98 +       if (lxc_config_value_empty(value)) {
  99 +               lxc_conf->monitor_signal_pdeath = 0;
 100 +               return 0;
 101 +       }
 102 +
 103 +       if (strcmp(key + 12, "signal.pdeath") == 0) {
 104 +               int sig_n;
 105 +
 106 +               sig_n = sig_parse(value);
 107 +               if (sig_n < 0)
 108 +                       return -1;
 109 +
 110 +               lxc_conf->monitor_signal_pdeath = sig_n;
 111 +               return 0;
 112 +       }
 113 +
 114 +       return -EINVAL;
 115 +}
 116 +
 117  static int set_config_group(const char *key, const char *value,
 118                             struct lxc_conf *lxc_conf, void *data)
 119  {
 120 @@ -3406,6 +3430,13 @@ static int get_config_monitor(const char *key, char *retv, int inlen,
 121         return lxc_get_conf_int(c, retv, inlen, c->monitor_unshare);
 122  }
 123
 124 +static int get_config_monitor_signal_pdeath(const char *key, char *retv,
 125 +                                           int inlen, struct lxc_conf *c,
 126 +                                           void *data)
 127 +{
 128 +       return lxc_get_conf_int(c, retv, inlen, c->monitor_signal_pdeath);
 129 +}
 130 +
 131  static int get_config_group(const char *key, char *retv, int inlen,
 132                             struct lxc_conf *c, void *data)
 133  {
 134 @@ -3957,6 +3988,13 @@ static inline int clr_config_monitor(const char *key, struct lxc_conf *c,
 135         return 0;
 136  }
 137
 138 +static inline int clr_config_monitor_signal_pdeath(const char *key,
 139 +                                                  struct lxc_conf *c, void *data)
 140 +{
 141 +       c->monitor_signal_pdeath = 0;
 142 +       return 0;
 143 +}
 144 +
 145  static inline int clr_config_group(const char *key, struct lxc_conf *c,
 146                                    void *data)
 147  {
 148 diff --git a/src/lxc/start.c b/src/lxc/start.c
 149 index bccd5807..3343f9bf 100644
 150 --- a/src/lxc/start.c
 151 +++ b/src/lxc/start.c
 152 @@ -1383,6 +1383,15 @@ static int do_start(void *data)
 153                 goto out_warn_father;
 154         }
 155
 156 +       if (handler->conf->monitor_signal_pdeath != SIGKILL) {
 157 +               ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath);
 158 +               if (ret < 0) {
 159 +                       SYSERROR("Failed to set PR_SET_PDEATHSIG to %d",
 160 +                                handler->conf->monitor_signal_pdeath);
 161 +                       goto out_warn_father;
 162 +               }
 163 +       }
 164 +
 165         /* After this call, we are in error because this ops should not return
 166          * as it execs.
 167          */
 168 --
 169 2.11.0
 170