github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #36853 from verb/init

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 39446, 40023, 36853)

Add SIGCHLD handler to pause container

**What this PR does / why we need it**: This allows pause to reap orphaned zombies in a shared PID namespace. (#1615)

**Special notes for your reviewer**: I plan to discuss this with SIG Node to ensure compatibility with future runtimes.

**Release note**: This will have no effect until shared PID namespace is enabled, so recommend release-note-none.

This allows pause to reap zombies in the upcoming Shared PID namespace
(#1615). Uses the better defined sigaction() instead of signal() for all
signals both for consistency (SIGCHLD handler avoids SA_RESTART) and to
avoid the implicit signal()->sigaction() translation of various libc
versions.

Also makes warnings errors and includes a tool to make orphaned zombies
for manual testing.
This commit is contained in:
Kubernetes Submit Queue 2017-01-19 18:53:49 -08:00 committed by GitHub
commit 4f8f6006cf
3 changed files with 75 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
build/pause/Makefile
View File

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
.PHONY: all push push-legacy container clean .PHONY: all push push-legacy container clean orphan
REGISTRY ?= gcr.io/google_containers REGISTRY ?= gcr.io/google_containers
IMAGE = $(REGISTRY)/pause-$(ARCH) IMAGE = $(REGISTRY)/pause-$(ARCH)
@ -25,7 +25,7 @@ ARCH ?= amd64
ALL_ARCH = amd64 arm arm64 ppc64le s390x ALL_ARCH = amd64 arm arm64 ppc64le s390x
CFLAGS = -Os -Wall -static CFLAGS = -Os -Wall -Werror -static
KUBE_CROSS_IMAGE ?= gcr.io/google_containers/kube-cross KUBE_CROSS_IMAGE ?= gcr.io/google_containers/kube-cross
KUBE_CROSS_VERSION ?= $(shell cat ../build-image/cross/VERSION) KUBE_CROSS_VERSION ?= $(shell cat ../build-image/cross/VERSION)
@ -97,5 +97,16 @@ ifeq ($(ARCH),amd64)
endif endif
touch $@ touch $@
# Useful for testing, not automatically included in container image
orphan: bin/orphan-$(ARCH)
bin/orphan-$(ARCH): orphan.c
mkdir -p bin
docker run -u $$(id -u):$$(id -g) -v $$(pwd):/build \
$(KUBE_CROSS_IMAGE):$(KUBE_CROSS_VERSION) \
/bin/bash -c "\
cd /build && \
$(TRIPLE)-gcc $(CFLAGS) -o $@ $^ && \
$(TRIPLE)-strip $@"
clean: clean:
rm -rf .container-* .push-* bin/ rm -rf .container-* .push-* bin/

36
build/pause/orphan.c Normal file
View File

@ -0,0 +1,36 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/* Creates a zombie to be reaped by init. Useful for testing. */
#include <stdio.h>
#include <unistd.h>
int main() {
pid_t pid;
pid = fork();
if (pid == 0) {
while (getppid() > 1)
;
printf("Child exiting: pid=%d ppid=%d\n", getpid(), getppid());
return 0;
} else if (pid > 0) {
printf("Parent exiting: pid=%d ppid=%d\n", getpid(), getppid());
return 0;
}
perror("Could not create child");
return 1;
}

28
build/pause/pause.c
View File

@ -17,20 +17,36 @@ limitations under the License.
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
static void sigdown(int signo) { static void sigdown(int signo) {
psignal(signo, "shutting down, got signal"); psignal(signo, "Shutting down, got signal");
exit(0); exit(0);
} }
static void sigreap(int signo) {
while (waitpid(-1, NULL, WNOHANG) > 0)
;
}
int main() { int main() {
if (signal(SIGINT, sigdown) == SIG_ERR) if (getpid() != 1)
/* Not an error because pause sees use outside of infra containers. */
fprintf(stderr, "Warning: pause should be the first process in a pod\n");
if (sigaction(SIGINT, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0)
return 1; return 1;
if (signal(SIGTERM, sigdown) == SIG_ERR) if (sigaction(SIGTERM, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0)
return 2; return 2;
signal(SIGKILL, sigdown); if (sigaction(SIGCHLD, &(struct sigaction){.sa_handler = sigreap,
for (;;) pause(); .sa_flags = SA_NOCLDSTOP},
fprintf(stderr, "error: infinite loop terminated\n"); NULL) < 0)
return 3;
for (;;)
pause();
fprintf(stderr, "Error: infinite loop terminated\n");
return 42; return 42;
} }