From ef5a2dc3bff09beb572a306de698c9def67d48bf Mon Sep 17 00:00:00 2001 From: Feng Wang Date: Thu, 6 Oct 2022 19:30:20 -0700 Subject: [PATCH] agent: don't exit early if signal fails due to ESRCH ESRCH usually means the process has exited. In this case, the execution should continue to kill remaining container processes. Fixes: #5366 Signed-off-by: Feng Wang [Fix up cargo updates] Signed-off-by: Peng Tao --- src/agent/Cargo.lock | 2 +- src/agent/rustjail/Cargo.toml | 2 +- src/agent/rustjail/src/console.rs | 12 +++++------- src/agent/src/rpc.rs | 18 ++++++++++++++++-- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 98be055b0f..4f6ccd9582 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -1507,7 +1507,7 @@ dependencies = [ "lazy_static", "libc", "libseccomp", - "nix 0.23.1", + "nix 0.24.2", "oci", "path-absolutize", "protobuf", diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index b8cdb90299..324f540e1d 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -12,7 +12,7 @@ serde_derive = "1.0.91" oci = { path = "../../libs/oci" } protocols = { path ="../../libs/protocols" } caps = "0.5.0" -nix = "0.23.0" +nix = "0.24.2" scopeguard = "1.0.0" capctl = "0.2.0" lazy_static = "1.3.0" diff --git a/src/agent/rustjail/src/console.rs b/src/agent/rustjail/src/console.rs index 52e33f3929..3ac351357e 100644 --- a/src/agent/rustjail/src/console.rs +++ b/src/agent/rustjail/src/console.rs @@ -6,8 +6,9 @@ use anyhow::{anyhow, Result}; use nix::errno::Errno; use nix::pty; -use nix::sys::{socket, uio}; +use nix::sys::socket; use nix::unistd::{self, dup2}; +use std::io::IoSlice; use std::os::unix::io::{AsRawFd, RawFd}; use std::path::Path; @@ -23,10 +24,7 @@ pub fn setup_console_socket(csocket_path: &str) -> Result> { None, )?; - match socket::connect( - socket_fd, - &socket::SockAddr::Unix(socket::UnixAddr::new(Path::new(csocket_path))?), - ) { + match socket::connect(socket_fd, &socket::UnixAddr::new(Path::new(csocket_path))?) { Ok(()) => Ok(Some(socket_fd)), Err(errno) => Err(anyhow!("failed to open console fd: {}", errno)), } @@ -36,11 +34,11 @@ pub fn setup_master_console(socket_fd: RawFd) -> Result<()> { let pseudo = pty::openpty(None, None)?; let pty_name: &[u8] = b"/dev/ptmx"; - let iov = [uio::IoVec::from_slice(pty_name)]; + let iov = [IoSlice::new(pty_name)]; let fds = [pseudo.master]; let cmsg = socket::ControlMessage::ScmRights(&fds); - socket::sendmsg(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?; + socket::sendmsg::<()>(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?; unistd::setsid()?; let ret = unsafe { libc::ioctl(pseudo.slave, libc::TIOCSCTTY) }; diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index be6f8a8f3b..bf6420e9b7 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -390,8 +390,22 @@ impl AgentService { if p.init && sig == libc::SIGTERM && !is_signal_handled(&proc_status_file, sig as u32) { sig = libc::SIGKILL; } - p.signal(sig)?; - } + + match p.signal(sig) { + Err(Errno::ESRCH) => { + info!( + sl!(), + "signal encounter ESRCH, continue"; + "container-id" => cid.clone(), + "exec-id" => eid.clone(), + "pid" => p.pid, + "signal" => sig, + ); + } + Err(err) => return Err(anyhow!(err)), + Ok(()) => (), + } + }; if eid.is_empty() { // eid is empty, signal all the remaining processes in the container cgroup