runsc: Add --pid flag to runsc kill.

--pid allows specific processes to be signalled rather than the container root
process or all processes in the container. containerd needs to SIGKILL exec'd
processes that timeout and check whether processes are still alive.

PiperOrigin-RevId: 217547636
Change-Id: I2058ebb548b51c8eb748f5884fb88bad0b532e45

1 files changed, 15 insertions, 1 deletions

diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 0a3f67774..fa169d090 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -756,8 +756,22 @@ func (l *Loader) signalProcess(cid string, pid, signo int32, sendToFGProcess boo
 	ep, ok := l.processes[eid]
 	l.mu.Unlock()
 
+	// The caller may be signaling a process not started directly via exec.
+	// In this case, find the process in the container's PID namespace and
+	// signal it.
 	if !ok {
-		return fmt.Errorf("failed to signal container %q PID %d: no such PID", cid, pid)
+		ep, ok := l.processes[execID{cid: cid}]
+		if !ok {
+			return fmt.Errorf("no container with ID: %q", cid)
+		}
+		tg := ep.tg.PIDNamespace().ThreadGroupWithID(kernel.ThreadID(pid))
+		if tg == nil {
+			return fmt.Errorf("failed to signal container %q PID %d: no such process", cid, pid)
+		}
+		if tg.Leader().ContainerID() != cid {
+			return fmt.Errorf("process %d is part of a different container: %q", pid, tg.Leader().ContainerID())
+		}
+		return tg.SendSignal(&arch.SignalInfo{Signo: signo})
 	}
 
 	if !sendToFGProcess {