diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-09-27 15:00:03 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-09-27 15:00:58 -0700 |
| commit | 491faac03b2815ca1bc9b5425c1b3f6291468e20 (patch) | |
| tree | 0a8f0c1ad99c3d8660f36802132ecd9386c54518 /pkg/sentry/control | |
| parent | 68ac2ad1e1f16e65d9d1318d6827edf8487578d0 (diff) | |
Implement 'runsc kill --all'
In order to implement kill --all correctly, the Sentry needs
to track all tasks that belong to a given container. This change
introduces ContainerID to the task, that gets inherited by all
children. 'kill --all' then iterates over all tasks comparing the
ContainerID field to find all processes that need to be signalled.
PiperOrigin-RevId: 214841768
Change-Id: I693b2374be8692d88cc441ef13a0ae34abf73ac6
Diffstat (limited to 'pkg/sentry/control')
| -rw-r--r-- | pkg/sentry/control/proc.go | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go index b120471cb..106055e86 100644 --- a/pkg/sentry/control/proc.go +++ b/pkg/sentry/control/proc.go @@ -83,6 +83,9 @@ type ExecArgs struct { // FilePayload determines the files to give to the new process. urpc.FilePayload + + // ContainerID is the container for the process being executed. + ContainerID string } // Exec runs a new task. @@ -133,6 +136,7 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI UTSNamespace: proc.Kernel.RootUTSNamespace(), IPCNamespace: proc.Kernel.RootIPCNamespace(), AbstractSocketNamespace: proc.Kernel.RootAbstractSocketNamespace(), + ContainerID: args.ContainerID, } if initArgs.Root != nil { // initArgs must hold a reference on Root. This ref is dropped @@ -182,7 +186,7 @@ type PsArgs struct { // Ps provides a process listing for the running kernel. func (proc *Proc) Ps(args *PsArgs, out *string) error { var p []*Process - if e := Processes(proc.Kernel, &p); e != nil { + if e := Processes(proc.Kernel, "", &p); e != nil { return e } if !args.JSON { @@ -258,8 +262,9 @@ func PrintPIDsJSON(pl []*Process) (string, error) { return string(b), nil } -// Processes retrieves information about processes running in the sandbox. -func Processes(k *kernel.Kernel, out *[]*Process) error { +// Processes retrieves information about processes running in the sandbox with +// the given container id. All processes are returned if 'containerID' is empty. +func Processes(k *kernel.Kernel, containerID string, out *[]*Process) error { ts := k.TaskSet() now := k.RealtimeClock().Now() for _, tg := range ts.Root.ThreadGroups() { @@ -268,6 +273,9 @@ func Processes(k *kernel.Kernel, out *[]*Process) error { if pid == 0 { continue } + if containerID != "" && containerID != tg.Leader().ContainerID() { + continue + } ppid := kernel.ThreadID(0) if tg.Leader().Parent() != nil { |