diff options
| author | Andrei Vagin <avagin@google.com> | 2019-01-31 10:33:09 -0800 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2019-01-31 10:34:15 -0800 |
| commit | 7e8a56087bfb4ab89e058cd9f9d2459a06275559 (patch) | |
| tree | ce7bb64c16d7090c3cecb2fe2a57edc5ba1c43e5 | |
| parent | cedff8d3aef3bc2055b1a7c3ad47a4c8297367ea (diff) | |
runsc: check whether a container is deleted or not before setupContainerFS
PiperOrigin-RevId: 231811387
Change-Id: Ib143fb9a4d0fa1f105d1a3a3bd533dfc44e792af
| -rw-r--r-- | runsc/boot/loader.go | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index f3dc15f00..973578484 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -430,6 +430,15 @@ func (l *Loader) run() error { } } + l.mu.Lock() + defer l.mu.Unlock() + + eid := execID{cid: l.sandboxID} + ep, ok := l.processes[eid] + if !ok { + return fmt.Errorf("trying to start deleted container %q", l.sandboxID) + } + // Finally done with all configuration. Setup filters before user code // is loaded. if l.conf.DisableSeccomp { @@ -478,14 +487,6 @@ func (l *Loader) run() error { l.rootProcArgs.FDMap.DecRef() } - l.mu.Lock() - defer l.mu.Unlock() - - eid := execID{cid: l.sandboxID} - ep := l.processes[eid] - if ep == nil { - return fmt.Errorf("trying to start deleted container %q", l.sandboxID) - } ep.tg = l.k.GlobalInit() if l.console { ttyFile := l.rootProcArgs.FDMap.GetFile(0) @@ -524,6 +525,14 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config return fmt.Errorf("creating capabilities: %v", err) } + l.mu.Lock() + defer l.mu.Unlock() + + eid := execID{cid: cid} + if _, ok := l.processes[eid]; !ok { + return fmt.Errorf("trying to start a deleted container %q", cid) + } + // Convert the spec's additional GIDs to KGIDs. extraKGIDs := make([]auth.KGID, 0, len(spec.Process.User.AdditionalGids)) for _, GID := range spec.Process.User.AdditionalGids { @@ -586,14 +595,6 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config return fmt.Errorf("setting executable path for %+v: %v", procArgs, err) } - l.mu.Lock() - defer l.mu.Unlock() - - eid := execID{cid: cid} - if _, ok := l.processes[eid]; !ok { - return fmt.Errorf("trying to start a deleted container %q", cid) - } - tg, _, err := l.k.CreateProcess(procArgs) if err != nil { return fmt.Errorf("creating process: %v", err) |