summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-02-22 17:40:49 +0000
committergVisor bot <gvisor-bot@google.com>2021-02-22 17:40:49 +0000
commit05500cae9a2043a975546b765b0d7c2565590f68 (patch)
treeae34fb567d26e1ad870f8eda3df2bb86abaae1ac /runsc/boot
parent28599de5147ae22d1f4364baa2eb2463a1e1f892 (diff)
parent19fe3a2bfb72622c307311dc61019238896a756b (diff)
Merge release-20210208.0-79-g19fe3a2bf (automated)
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/controller.go3
-rw-r--r--runsc/boot/loader.go17
2 files changed, 10 insertions, 10 deletions
diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go
index cb5d8ea31..5e849cb37 100644
--- a/runsc/boot/controller.go
+++ b/runsc/boot/controller.go
@@ -547,7 +547,8 @@ type SignalArgs struct {
// Signo is the signal to send to the process.
Signo int32
- // PID is the process ID in the given container that will be signaled.
+ // PID is the process ID in the given container that will be signaled,
+ // relative to the root PID namespace, not the container's.
// If 0, the root container will be signalled.
PID int32
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index a02eb2ec5..5afce232d 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -1171,7 +1171,8 @@ func (f *sandboxNetstackCreator) CreateStack() (inet.Stack, error) {
// signal sends a signal to one or more processes in a container. If PID is 0,
// then the container init process is used. Depending on the SignalDeliveryMode
// option, the signal may be sent directly to the indicated process, to all
-// processes in the container, or to the foreground process group.
+// processes in the container, or to the foreground process group. pid is
+// relative to the root PID namespace, not the container's.
func (l *Loader) signal(cid string, pid, signo int32, mode SignalDeliveryMode) error {
if pid < 0 {
return fmt.Errorf("PID (%d) must be positive", pid)
@@ -1208,6 +1209,8 @@ func (l *Loader) signal(cid string, pid, signo int32, mode SignalDeliveryMode) e
}
}
+// signalProcess sends signal to process in the given container. tgid is
+// relative to the root PID namespace, not the container's.
func (l *Loader) signalProcess(cid string, tgid kernel.ThreadID, signo int32) error {
execTG, err := l.threadGroupFromID(execID{cid: cid, pid: tgid})
if err == nil {
@@ -1216,18 +1219,14 @@ func (l *Loader) signalProcess(cid string, tgid kernel.ThreadID, signo int32) er
}
// The caller may be signaling a process not started directly via exec.
- // In this case, find the process in the container's PID namespace and
- // signal it.
- initTG, err := l.threadGroupFromID(execID{cid: cid})
- if err != nil {
- return fmt.Errorf("no thread group found: %v", err)
- }
- tg := initTG.PIDNamespace().ThreadGroupWithID(tgid)
+ // In this case, find the process and check that the process belongs to the
+ // container in question.
+ tg := l.k.RootPIDNamespace().ThreadGroupWithID(tgid)
if tg == nil {
return fmt.Errorf("no such process with PID %d", tgid)
}
if tg.Leader().ContainerID() != cid {
- return fmt.Errorf("process %d is part of a different container: %q", tgid, tg.Leader().ContainerID())
+ return fmt.Errorf("process %d belongs to a different container: %q", tgid, tg.Leader().ContainerID())
}
return l.k.SendExternalSignalThreadGroup(tg, &arch.SignalInfo{Signo: signo})
}