summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot/loader.go
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-02-22 17:40:49 +0000
committergVisor bot <gvisor-bot@google.com>2021-02-22 17:40:49 +0000
commit05500cae9a2043a975546b765b0d7c2565590f68 (patch)
treeae34fb567d26e1ad870f8eda3df2bb86abaae1ac /runsc/boot/loader.go
parent28599de5147ae22d1f4364baa2eb2463a1e1f892 (diff)
parent19fe3a2bfb72622c307311dc61019238896a756b (diff)
Merge release-20210208.0-79-g19fe3a2bf (automated)
Diffstat (limited to 'runsc/boot/loader.go')
-rw-r--r--runsc/boot/loader.go17
1 files changed, 8 insertions, 9 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index a02eb2ec5..5afce232d 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -1171,7 +1171,8 @@ func (f *sandboxNetstackCreator) CreateStack() (inet.Stack, error) {
// signal sends a signal to one or more processes in a container. If PID is 0,
// then the container init process is used. Depending on the SignalDeliveryMode
// option, the signal may be sent directly to the indicated process, to all
-// processes in the container, or to the foreground process group.
+// processes in the container, or to the foreground process group. pid is
+// relative to the root PID namespace, not the container's.
func (l *Loader) signal(cid string, pid, signo int32, mode SignalDeliveryMode) error {
if pid < 0 {
return fmt.Errorf("PID (%d) must be positive", pid)
@@ -1208,6 +1209,8 @@ func (l *Loader) signal(cid string, pid, signo int32, mode SignalDeliveryMode) e
}
}
+// signalProcess sends signal to process in the given container. tgid is
+// relative to the root PID namespace, not the container's.
func (l *Loader) signalProcess(cid string, tgid kernel.ThreadID, signo int32) error {
execTG, err := l.threadGroupFromID(execID{cid: cid, pid: tgid})
if err == nil {
@@ -1216,18 +1219,14 @@ func (l *Loader) signalProcess(cid string, tgid kernel.ThreadID, signo int32) er
}
// The caller may be signaling a process not started directly via exec.
- // In this case, find the process in the container's PID namespace and
- // signal it.
- initTG, err := l.threadGroupFromID(execID{cid: cid})
- if err != nil {
- return fmt.Errorf("no thread group found: %v", err)
- }
- tg := initTG.PIDNamespace().ThreadGroupWithID(tgid)
+ // In this case, find the process and check that the process belongs to the
+ // container in question.
+ tg := l.k.RootPIDNamespace().ThreadGroupWithID(tgid)
if tg == nil {
return fmt.Errorf("no such process with PID %d", tgid)
}
if tg.Leader().ContainerID() != cid {
- return fmt.Errorf("process %d is part of a different container: %q", tgid, tg.Leader().ContainerID())
+ return fmt.Errorf("process %d belongs to a different container: %q", tgid, tg.Leader().ContainerID())
}
return l.k.SendExternalSignalThreadGroup(tg, &arch.SignalInfo{Signo: signo})
}