diff options
| author | Kevin Krakauer <krakauer@google.com> | 2018-09-19 22:19:10 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-09-19 22:20:41 -0700 |
| commit | ffb5fdd69021713e88ec965e77487b7fc28bc104 (patch) | |
| tree | f063a16a1acb56efc62f3b501b9c905648705080 /runsc/boot/fs.go | |
| parent | 915d76aa924c08b1fcb80a58e3caa24529a23d04 (diff) | |
runsc: Fix stdin/stdout/stderr in multi-container mode.
The issue with the previous change was that the stdin/stdout/stderr passed to
the sentry were dup'd by host.ImportFile. This left a dangling FD that by never
closing caused containerd to timeout waiting on container stop.
PiperOrigin-RevId: 213753032
Change-Id: Ia5e4c0565c42c8610d3b59f65599a5643b0901e4
Diffstat (limited to 'runsc/boot/fs.go')
| -rw-r--r-- | runsc/boot/fs.go | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 110f67de8..a97a4a3da 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -82,7 +82,7 @@ func (f *fdDispenser) empty() bool { // createMountNamespace creates a mount namespace containing the root filesystem // and all mounts. 'rootCtx' is used to walk directories to find mount points. -func createMountNamespace(userCtx context.Context, rootCtx context.Context, spec *specs.Spec, conf *Config, ioFDs []int) (*fs.MountNamespace, error) { +func createMountNamespace(userCtx context.Context, rootCtx context.Context, spec *specs.Spec, conf *Config, goferFDs []int) (*fs.MountNamespace, error) { mounts := compileMounts(spec) if conf.MultiContainer { // Create a tmpfs mount where we create and mount a root filesystem for @@ -92,7 +92,7 @@ func createMountNamespace(userCtx context.Context, rootCtx context.Context, spec Destination: ChildContainersDir, }) } - fds := &fdDispenser{fds: ioFDs} + fds := &fdDispenser{fds: goferFDs} rootInode, err := createRootMount(rootCtx, spec, conf, fds, mounts) if err != nil { return nil, fmt.Errorf("failed to create root mount: %v", err) @@ -587,14 +587,14 @@ func subtargets(root string, mnts []specs.Mount) []string { } // setFileSystemForProcess is used to set up the file system and amend the procArgs accordingly. -// procArgs are passed by reference and the FDMap field is modified. -func setFileSystemForProcess(procArgs *kernel.CreateProcessArgs, spec *specs.Spec, conf *Config, ioFDs []int, console bool, creds *auth.Credentials, ls *limits.LimitSet, k *kernel.Kernel, cid string) error { +// procArgs are passed by reference and the FDMap field is modified. It dups stdioFDs. +func setFileSystemForProcess(procArgs *kernel.CreateProcessArgs, spec *specs.Spec, conf *Config, stdioFDs, goferFDs []int, console bool, creds *auth.Credentials, ls *limits.LimitSet, k *kernel.Kernel, cid string) error { ctx := procArgs.NewContext(k) // Create the FD map, which will set stdin, stdout, and stderr. If // console is true, then ioctl calls will be passed through to the host // fd. - fdm, err := createFDMap(ctx, k, ls, console) + fdm, err := createFDMap(ctx, k, ls, console, stdioFDs) if err != nil { return fmt.Errorf("error importing fds: %v", err) } @@ -618,7 +618,7 @@ func setFileSystemForProcess(procArgs *kernel.CreateProcessArgs, spec *specs.Spe mns := k.RootMountNamespace() if mns == nil { // Create the virtual filesystem. - mns, err := createMountNamespace(ctx, rootCtx, spec, conf, ioFDs) + mns, err := createMountNamespace(ctx, rootCtx, spec, conf, goferFDs) if err != nil { return fmt.Errorf("error creating mounts: %v", err) } @@ -630,7 +630,7 @@ func setFileSystemForProcess(procArgs *kernel.CreateProcessArgs, spec *specs.Spe // Create the container's root filesystem mount. log.Infof("Creating new process in child container.") - fds := &fdDispenser{fds: append([]int{}, ioFDs...)} + fds := &fdDispenser{fds: append([]int{}, goferFDs...)} rootInode, err := createRootMount(rootCtx, spec, conf, fds, nil) if err != nil { return fmt.Errorf("error creating filesystem for container: %v", err) |