!125 [sync] PR-123: runMake sure signalAllProcesses is invoked in the function of destroy when container shares pid namespace

From: @openeuler-sync-bot Reviewed-by: @duguhaotian, @Vanient Signed-off-by: @duguhaotian
2023-02-13 08:07:42 +00:00 · 2023-02-13 08:07:42 +00:00 · 2260d19bfc
commit 2260d19bfc
parent 87e544d115 c6a37443f6
3 changed files with 48 additions and 1 deletions
--- a/patch/0132-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch
+++ b/patch/0132-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch
@ -0,0 +1,40 @@
+From 45ca12f818735aa098a4d832d5b23c480adc37ce Mon Sep 17 00:00:00 2001
+From: Shukui Yang <keloyangsk@gmail.com>
+Date: Fri, 12 Jul 2019 09:54:52 +0800
+Subject: [PATCH] Make sure signalAllProcesses is invoked in the function of
+ destroy
+
+It's expect that signalAllProcesses is invoked when container shares
+pid namespace. share pid ns contains the following conditions:
+
+{
+    // no specify pid ns
+}
+{
+    "type": "pid",
+    "path": "/proc/${num}/ns/pid"
+}
+
+Signed-off-by: Shukui Yang <jryangshukui@jd.com>
+Signed-off-by: Shukui Yang <keloyangsk@gmail.com>
+---
+ libcontainer/state_linux.go | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go
+index b570a244..c77d4f2d 100644
+--- a/libcontainer/state_linux.go
+++ b/libcontainer/state_linux.go
+@@ -38,7 +38,8 @@ type containerState interface {
+ }
+ 
+ func destroy(c *linuxContainer) error {
+-	if !c.config.Namespaces.Contains(configs.NEWPID) {
+	if !c.config.Namespaces.Contains(configs.NEWPID) ||
+		c.config.Namespaces.PathOf(configs.NEWPID) != "" {
+ 		if err := signalAllProcesses(c.cgroupManager, syscall.SIGKILL); err != nil {
+ 			logrus.Warn(err)
+ 		}
+-- 
+2.33.0
+
--- a/runc.spec
+++ b/runc.spec
@ -2,7 +2,7 @@

 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 208
+Release: 209
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.

 License: ASL 2.0
@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc

 %changelog
+* Mon Feb 13 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-209
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Make sure signalAllProcesses is invoked in the function of destroy when container shares pid namespace
+
 * Sat Dec 17 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-208
 - Type:bugfix
 - ID:NA
--- a/series.conf
+++ b/series.conf
@ -123,3 +123,4 @@
 0129-runc-Makefile-modify.patch
 0130-runc-add-logs.patch
 0131-runc-support-specify-umask.patch
+0132-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch