Add "trace signal" option

This option is effectively equivalent to -panic-signal, except that the
sandbox does not die after logging the traceback.

PiperOrigin-RevId: 225089593
Change-Id: Ifb1c411210110b6104613f404334bd02175e484e

3 files changed, 17 insertions, 3 deletions

diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 2d89ad87e..b98e38ae9 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -198,10 +198,17 @@ type Config struct {
 	// WatchdogAction sets what action the watchdog takes when triggered.
 	WatchdogAction watchdog.Action
 
-	// PanicSignal register signal handling that panics. Usually set to
+	// PanicSignal registers signal handling that panics. Usually set to
 	// SIGUSR2(12) to troubleshoot hangs. -1 disables it.
+	//
+	// PanicSignal takes precedence over TraceSignal.
 	PanicSignal int
 
+	// TraceSignal registers signal handling that logs a traceback of all
+	// goroutines. Usually set to SIGUSR2(12) to troubleshoot hangs. -1
+	// disables it.
+	TraceSignal int
+
 	// TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in
 	// tests. It allows runsc to start the sandbox process as the current
 	// user, and without chrooting the sandbox process. This can be
@@ -228,5 +235,6 @@ func (c *Config) ToFlags() []string {
 		"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
 		"--watchdog-action=" + c.WatchdogAction.String(),
 		"--panic-signal=" + strconv.Itoa(c.PanicSignal),
+		"--trace-signal=" + strconv.Itoa(c.TraceSignal),
 	}
 }
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 7cac346c9..a9c549790 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -324,10 +324,14 @@ func New(args Args) (*Loader, error) {
 	// Handle signals by forwarding them to the root container process
 	// (except for panic signal, which should cause a panic).
 	l.startSignalForwarding = sighandling.PrepareHandler(func(sig linux.Signal) {
-		// Panic signal should cause a panic.
+		// Tracing signals should cause their respective actions.
 		if args.Conf.PanicSignal != -1 && sig == linux.Signal(args.Conf.PanicSignal) {
 			panic("Signal-induced panic")
 		}
+		if args.Conf.TraceSignal != -1 && sig == linux.Signal(args.Conf.TraceSignal) {
+			log.TracebackAll("Signal-induced traceback")
+			return
+		}
 
 		// Otherwise forward to root container.
 		deliveryMode := DeliverToProcess
diff --git a/runsc/main.go b/runsc/main.go
index 81c36067b..013b250f7 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -62,7 +62,8 @@ var (
 	fileAccess     = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.")
 	overlay        = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
 	watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.")
-	panicSignal    = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.")
+	panicSignal    = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it. This takes precendence over -trace-signal.")
+	traceSignal    = flag.Int("trace-signal", -1, "register signal handling that logs a traceback of all goroutines. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.")
 )
 
 // gitRevision is set during linking.
@@ -144,6 +145,7 @@ func main() {
 		StraceLogSize:  *straceLogSize,
 		WatchdogAction: wa,
 		PanicSignal:    *panicSignal,
+		TraceSignal:    *traceSignal,
 	}
 	if len(*straceSyscalls) != 0 {
 		conf.StraceSyscalls = strings.Split(*straceSyscalls, ",")