diff options
-rw-r--r-- | runsc/boot/loader.go | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index f3dc15f00..973578484 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -430,6 +430,15 @@ func (l *Loader) run() error { } } + l.mu.Lock() + defer l.mu.Unlock() + + eid := execID{cid: l.sandboxID} + ep, ok := l.processes[eid] + if !ok { + return fmt.Errorf("trying to start deleted container %q", l.sandboxID) + } + // Finally done with all configuration. Setup filters before user code // is loaded. if l.conf.DisableSeccomp { @@ -478,14 +487,6 @@ func (l *Loader) run() error { l.rootProcArgs.FDMap.DecRef() } - l.mu.Lock() - defer l.mu.Unlock() - - eid := execID{cid: l.sandboxID} - ep := l.processes[eid] - if ep == nil { - return fmt.Errorf("trying to start deleted container %q", l.sandboxID) - } ep.tg = l.k.GlobalInit() if l.console { ttyFile := l.rootProcArgs.FDMap.GetFile(0) @@ -524,6 +525,14 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config return fmt.Errorf("creating capabilities: %v", err) } + l.mu.Lock() + defer l.mu.Unlock() + + eid := execID{cid: cid} + if _, ok := l.processes[eid]; !ok { + return fmt.Errorf("trying to start a deleted container %q", cid) + } + // Convert the spec's additional GIDs to KGIDs. extraKGIDs := make([]auth.KGID, 0, len(spec.Process.User.AdditionalGids)) for _, GID := range spec.Process.User.AdditionalGids { @@ -586,14 +595,6 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config return fmt.Errorf("setting executable path for %+v: %v", procArgs, err) } - l.mu.Lock() - defer l.mu.Unlock() - - eid := execID{cid: cid} - if _, ok := l.processes[eid]; !ok { - return fmt.Errorf("trying to start a deleted container %q", cid) - } - tg, _, err := l.k.CreateProcess(procArgs) if err != nil { return fmt.Errorf("creating process: %v", err) |