From 8f0b6e7fc02919df034dea9e9c9dbab1b80de2be Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Wed, 5 Sep 2018 21:13:46 -0700 Subject: runsc: Support runsc kill multi-container. Now, we can kill individual containers rather than the entire sandbox. PiperOrigin-RevId: 211748106 Change-Id: Ic97e91db33d53782f838338c4a6d0aab7a313ead --- runsc/boot/controller.go | 11 +---------- runsc/boot/loader.go | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 10 deletions(-) (limited to 'runsc/boot') diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go index ec1110059..45aa255c4 100644 --- a/runsc/boot/controller.go +++ b/runsc/boot/controller.go @@ -22,7 +22,6 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "gvisor.googlesource.com/gvisor/pkg/control/server" "gvisor.googlesource.com/gvisor/pkg/log" - "gvisor.googlesource.com/gvisor/pkg/sentry/arch" "gvisor.googlesource.com/gvisor/pkg/sentry/control" "gvisor.googlesource.com/gvisor/pkg/sentry/fs" "gvisor.googlesource.com/gvisor/pkg/sentry/kernel" @@ -387,13 +386,5 @@ type SignalArgs struct { // Signal sends a signal to the init process of the container. func (cm *containerManager) Signal(args *SignalArgs, _ *struct{}) error { log.Debugf("containerManager.Signal") - // TODO: Use the cid and send the signal to the init - // process in theat container. Currently we just signal PID 1 in the - // sandbox. - si := arch.SignalInfo{Signo: args.Signo} - t := cm.l.k.TaskSet().Root.TaskWithID(1) - if t == nil { - return fmt.Errorf("cannot signal: no task with id 1") - } - return t.SendSignal(&si) + return cm.l.signal(args.CID, args.Signo) } diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index 2733c4d69..ae2226e12 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -31,6 +31,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/abi/linux" "gvisor.googlesource.com/gvisor/pkg/cpuid" "gvisor.googlesource.com/gvisor/pkg/log" + "gvisor.googlesource.com/gvisor/pkg/sentry/arch" "gvisor.googlesource.com/gvisor/pkg/sentry/inet" "gvisor.googlesource.com/gvisor/pkg/sentry/kernel" "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/auth" @@ -576,3 +577,19 @@ func newEmptyNetworkStack(conf *Config, clock tcpip.Clock) (inet.Stack, error) { panic(fmt.Sprintf("invalid network configuration: %v", conf.Network)) } } + +func (l *Loader) signal(cid string, signo int32) error { + l.mu.Lock() + tgid, ok := l.containerRootTGIDs[cid] + l.mu.Unlock() + if !ok { + return fmt.Errorf("failed to signal container %q: no such container", cid) + } + + // The thread group ID of a process is the leading task's thread ID. + t := l.k.TaskSet().Root.TaskWithID(tgid) + if t == nil { + return fmt.Errorf("cannot signal: no task with ID %d", tgid) + } + return t.SendSignal(&arch.SignalInfo{Signo: signo}) +} -- cgit v1.2.3