diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-02-22 17:40:49 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-22 17:40:49 +0000 |
commit | 05500cae9a2043a975546b765b0d7c2565590f68 (patch) | |
tree | ae34fb567d26e1ad870f8eda3df2bb86abaae1ac /runsc/boot/loader.go | |
parent | 28599de5147ae22d1f4364baa2eb2463a1e1f892 (diff) | |
parent | 19fe3a2bfb72622c307311dc61019238896a756b (diff) |
Merge release-20210208.0-79-g19fe3a2bf (automated)
Diffstat (limited to 'runsc/boot/loader.go')
-rw-r--r-- | runsc/boot/loader.go | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index a02eb2ec5..5afce232d 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -1171,7 +1171,8 @@ func (f *sandboxNetstackCreator) CreateStack() (inet.Stack, error) { // signal sends a signal to one or more processes in a container. If PID is 0, // then the container init process is used. Depending on the SignalDeliveryMode // option, the signal may be sent directly to the indicated process, to all -// processes in the container, or to the foreground process group. +// processes in the container, or to the foreground process group. pid is +// relative to the root PID namespace, not the container's. func (l *Loader) signal(cid string, pid, signo int32, mode SignalDeliveryMode) error { if pid < 0 { return fmt.Errorf("PID (%d) must be positive", pid) @@ -1208,6 +1209,8 @@ func (l *Loader) signal(cid string, pid, signo int32, mode SignalDeliveryMode) e } } +// signalProcess sends signal to process in the given container. tgid is +// relative to the root PID namespace, not the container's. func (l *Loader) signalProcess(cid string, tgid kernel.ThreadID, signo int32) error { execTG, err := l.threadGroupFromID(execID{cid: cid, pid: tgid}) if err == nil { @@ -1216,18 +1219,14 @@ func (l *Loader) signalProcess(cid string, tgid kernel.ThreadID, signo int32) er } // The caller may be signaling a process not started directly via exec. - // In this case, find the process in the container's PID namespace and - // signal it. - initTG, err := l.threadGroupFromID(execID{cid: cid}) - if err != nil { - return fmt.Errorf("no thread group found: %v", err) - } - tg := initTG.PIDNamespace().ThreadGroupWithID(tgid) + // In this case, find the process and check that the process belongs to the + // container in question. + tg := l.k.RootPIDNamespace().ThreadGroupWithID(tgid) if tg == nil { return fmt.Errorf("no such process with PID %d", tgid) } if tg.Leader().ContainerID() != cid { - return fmt.Errorf("process %d is part of a different container: %q", tgid, tg.Leader().ContainerID()) + return fmt.Errorf("process %d belongs to a different container: %q", tgid, tg.Leader().ContainerID()) } return l.k.SendExternalSignalThreadGroup(tg, &arch.SignalInfo{Signo: signo}) } |