github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-29 12:14:48 +00:00
Code Issues Projects Releases Wiki Activity

rustjail: fix the issue of missing join pid namespace

Browse Source 
It shouldn't skip joining an container existed
pid namespace.

Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This commit is contained in:
fupan.lfp 2020-07-13 18:42:23 +08:00
parent 2bff7a16f5
commit afcf269c9b
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/agent/rustjail/src/container.rs
View File

@ -844,10 +844,7 @@ impl BaseContainer for LinuxContainer {
unistd::close(old_pid_ns);
});
let mut pidns = None;
if !p.init {
pidns = Some(get_pid_namespace(&self.logger, linux)?);
}
let pidns = get_pid_namespace(&self.logger, linux)?;
if pidns.is_some() {
sched::setns(pidns.unwrap(), CloneFlags::CLONE_NEWPID)
@ -1071,12 +1068,11 @@ fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Resul
Ok(())
}
fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<RawFd> {
fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<Option<RawFd>> {
for ns in &linux.namespaces {
if ns.r#type == "pid" {
if ns.path == "" {
error!(logger, "pid ns path is empty");
return Err(ErrorKind::ErrorCode("pid ns path is empty".to_string()).into());
return Ok(None);
}
let fd = match fcntl::open(ns.path.as_str(), OFlag::O_CLOEXEC, Mode::empty()) {
@ -1093,7 +1089,7 @@ fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<RawFd> {
}
};
return Ok(fd);
return Ok(Some(fd));
}
}