summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--runsc/boot/loader.go33
1 files changed, 17 insertions, 16 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index f3dc15f00..973578484 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -430,6 +430,15 @@ func (l *Loader) run() error {
}
}
+ l.mu.Lock()
+ defer l.mu.Unlock()
+
+ eid := execID{cid: l.sandboxID}
+ ep, ok := l.processes[eid]
+ if !ok {
+ return fmt.Errorf("trying to start deleted container %q", l.sandboxID)
+ }
+
// Finally done with all configuration. Setup filters before user code
// is loaded.
if l.conf.DisableSeccomp {
@@ -478,14 +487,6 @@ func (l *Loader) run() error {
l.rootProcArgs.FDMap.DecRef()
}
- l.mu.Lock()
- defer l.mu.Unlock()
-
- eid := execID{cid: l.sandboxID}
- ep := l.processes[eid]
- if ep == nil {
- return fmt.Errorf("trying to start deleted container %q", l.sandboxID)
- }
ep.tg = l.k.GlobalInit()
if l.console {
ttyFile := l.rootProcArgs.FDMap.GetFile(0)
@@ -524,6 +525,14 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config
return fmt.Errorf("creating capabilities: %v", err)
}
+ l.mu.Lock()
+ defer l.mu.Unlock()
+
+ eid := execID{cid: cid}
+ if _, ok := l.processes[eid]; !ok {
+ return fmt.Errorf("trying to start a deleted container %q", cid)
+ }
+
// Convert the spec's additional GIDs to KGIDs.
extraKGIDs := make([]auth.KGID, 0, len(spec.Process.User.AdditionalGids))
for _, GID := range spec.Process.User.AdditionalGids {
@@ -586,14 +595,6 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config
return fmt.Errorf("setting executable path for %+v: %v", procArgs, err)
}
- l.mu.Lock()
- defer l.mu.Unlock()
-
- eid := execID{cid: cid}
- if _, ok := l.processes[eid]; !ok {
- return fmt.Errorf("trying to start a deleted container %q", cid)
- }
-
tg, _, err := l.k.CreateProcess(procArgs)
if err != nil {
return fmt.Errorf("creating process: %v", err)