Add option to configure watchdog action

PiperOrigin-RevId: 202494747
Change-Id: I4d4a18e71468690b785060e580a5f83c616bd90f

3 files changed, 25 insertions, 1 deletions

diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 24be82906..074cd6a63 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -18,6 +18,8 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+
+	"gvisor.googlesource.com/gvisor/pkg/sentry/watchdog"
 )
 
 // PlatformType tells which platform to use.
@@ -130,6 +132,18 @@ func (n NetworkType) String() string {
 	}
 }
 
+// MakeWatchdogAction converts type from string.
+func MakeWatchdogAction(s string) (watchdog.Action, error) {
+	switch strings.ToLower(s) {
+	case "log", "logwarning":
+		return watchdog.LogWarning, nil
+	case "panic":
+		return watchdog.Panic, nil
+	default:
+		return 0, fmt.Errorf("invalid watchdog action %q", s)
+	}
+}
+
 // Config holds configuration that is not part of the runtime spec.
 type Config struct {
 	// RootDir is the runtime root directory.
@@ -180,6 +194,8 @@ type Config struct {
 	// MultiContainer enables multiple containers support inside one sandbox.
 	// TODO: Remove this when multiple container is fully supported.
 	MultiContainer bool
+
+	WatchdogAction watchdog.Action
 }
 
 // ToFlags returns a slice of flags that correspond to the given Config.
@@ -199,5 +215,6 @@ func (c *Config) ToFlags() []string {
 		"--strace=" + strconv.FormatBool(c.Strace),
 		"--strace-syscalls=" + strings.Join(c.StraceSyscalls, ","),
 		"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
+		"--watchdog-action=" + c.WatchdogAction.String(),
 	}
 }
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 69b982ff8..da95fa0e7 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -205,7 +205,7 @@ func New(spec *specs.Spec, conf *Config, controllerFD, restoreFD int, ioFDs []in
 	}
 
 	// Create a watchdog.
-	watchdog := watchdog.New(k, watchdog.DefaultTimeout, watchdog.LogWarning)
+	watchdog := watchdog.New(k, watchdog.DefaultTimeout, conf.WatchdogAction)
 
 	// Create the control server using the provided FD.
 	//
diff --git a/runsc/main.go b/runsc/main.go
index aa5796d42..563ef8c67 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -60,6 +60,7 @@ var (
 	fileAccess     = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.")
 	overlay        = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
 	multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.")
+	watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.")
 )
 
 var gitRevision = ""
@@ -110,6 +111,11 @@ func main() {
 		cmd.Fatalf("%v", err)
 	}
 
+	wa, err := boot.MakeWatchdogAction(*watchdogAction)
+	if err != nil {
+		cmd.Fatalf("%v", err)
+	}
+
 	// Create a new Config from the flags.
 	conf := &boot.Config{
 		RootDir:        *rootDir,
@@ -125,6 +131,7 @@ func main() {
 		Strace:         *strace,
 		StraceLogSize:  *straceLogSize,
 		MultiContainer: *multiContainer,
+		WatchdogAction: wa,
 	}
 	if len(*straceSyscalls) != 0 {
 		conf.StraceSyscalls = strings.Split(*straceSyscalls, ",")