From f6be5fe6193163ad46722bc36209572da4a15ad0 Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Thu, 21 Jun 2018 13:21:25 -0700 Subject: Forward SIGUSR2 to the sandbox too SIGUSR2 was being masked out to be used as a way to dump sentry stacks. This could cause compatibility problems in cases anyone uses SIGUSR2 to communicate with the container init process. PiperOrigin-RevId: 201575374 Change-Id: I312246e828f38ad059139bb45b8addc2ed055d74 --- pkg/sentry/sighandling/sighandling.go | 10 ++-------- runsc/boot/loader.go | 5 ++--- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/pkg/sentry/sighandling/sighandling.go b/pkg/sentry/sighandling/sighandling.go index 0c3a14da5..ef6f7f617 100644 --- a/pkg/sentry/sighandling/sighandling.go +++ b/pkg/sentry/sighandling/sighandling.go @@ -95,7 +95,7 @@ func forwardSignals(k *kernel.Kernel, sigchans []chan os.Signal, start, stop cha // PrepareForwarding ensures that synchronous signals are forwarded to k and // returns a callback that starts signal delivery, which itself returns a // callback that stops signal forwarding. -func PrepareForwarding(k *kernel.Kernel) func() func() { +func PrepareForwarding(k *kernel.Kernel, enablePanicSignal bool) func() func() { start := make(chan struct{}) stop := make(chan struct{}) @@ -112,7 +112,7 @@ func PrepareForwarding(k *kernel.Kernel) func() func() { sigchans = append(sigchans, sigchan) // SignalPanic is handled by Run. - if linux.Signal(sig) == kernel.SignalPanic { + if enablePanicSignal && linux.Signal(sig) == kernel.SignalPanic { continue } @@ -128,9 +128,3 @@ func PrepareForwarding(k *kernel.Kernel) func() func() { } } } - -// StartForwarding ensures that synchronous signals are forwarded to k and -// returns a callback that stops signal forwarding. -func StartForwarding(k *kernel.Kernel) func() { - return PrepareForwarding(k)() -} diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index e1194bd03..a0a28dc43 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -215,9 +215,8 @@ func New(spec *specs.Spec, conf *Config, controllerFD, restoreFD int, ioFDs []in if err := sighandling.IgnoreChildStop(); err != nil { return nil, fmt.Errorf("failed to ignore child stop signals: %v", err) } - // Ensure that most signals received in sentry context are forwarded to - // the emulated kernel. - stopSignalForwarding := sighandling.StartForwarding(k) + // Ensure that signals received are forwarded to the emulated kernel. + stopSignalForwarding := sighandling.PrepareForwarding(k, false)() procArgs, err := newProcess(spec, conf, ioFDs, console, creds, utsns, ipcns, k) if err != nil { -- cgit v1.2.3