github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-29 20:24:31 +00:00
Code Issues Projects Releases Wiki Activity

rustjail: fix the issue of missing join pid namespace

Browse Source 
It shouldn't skip joining an container existed
pid namespace.

Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This commit is contained in:
fupan.lfp 2020-07-13 18:42:23 +08:00
parent 2bff7a16f5
commit afcf269c9b
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/agent/rustjail/src/container.rs
View File

@ -844,10 +844,7 @@ impl BaseContainer for LinuxContainer {
unistd::close(old_pid_ns); unistd::close(old_pid_ns);
}); });
let mut pidns = None; let pidns = get_pid_namespace(&self.logger, linux)?;
if !p.init {
pidns = Some(get_pid_namespace(&self.logger, linux)?);
}
if pidns.is_some() { if pidns.is_some() {
sched::setns(pidns.unwrap(), CloneFlags::CLONE_NEWPID) sched::setns(pidns.unwrap(), CloneFlags::CLONE_NEWPID)
@ -1071,12 +1068,11 @@ fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Resul
Ok(()) Ok(())
} }
fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<RawFd> { fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<Option<RawFd>> {
for ns in &linux.namespaces { for ns in &linux.namespaces {
if ns.r#type == "pid" { if ns.r#type == "pid" {
if ns.path == "" { if ns.path == "" {
error!(logger, "pid ns path is empty"); return Ok(None);
return Err(ErrorKind::ErrorCode("pid ns path is empty".to_string()).into());
} }
let fd = match fcntl::open(ns.path.as_str(), OFlag::O_CLOEXEC, Mode::empty()) { let fd = match fcntl::open(ns.path.as_str(), OFlag::O_CLOEXEC, Mode::empty()) {
@ -1093,7 +1089,7 @@ fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<RawFd> {
} }
}; };
return Ok(fd); return Ok(Some(fd));
} }
} }