From 9b3550f70bf1612e2c474b3826b0347b21503401 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Wed, 17 Oct 2018 10:50:24 -0700 Subject: runsc: Add --pid flag to runsc kill. --pid allows specific processes to be signalled rather than the container root process or all processes in the container. containerd needs to SIGKILL exec'd processes that timeout and check whether processes are still alive. PiperOrigin-RevId: 217547636 Change-Id: I2058ebb548b51c8eb748f5884fb88bad0b532e45 --- runsc/boot/loader.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'runsc/boot') diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index 0a3f67774..fa169d090 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -756,8 +756,22 @@ func (l *Loader) signalProcess(cid string, pid, signo int32, sendToFGProcess boo ep, ok := l.processes[eid] l.mu.Unlock() + // The caller may be signaling a process not started directly via exec. + // In this case, find the process in the container's PID namespace and + // signal it. if !ok { - return fmt.Errorf("failed to signal container %q PID %d: no such PID", cid, pid) + ep, ok := l.processes[execID{cid: cid}] + if !ok { + return fmt.Errorf("no container with ID: %q", cid) + } + tg := ep.tg.PIDNamespace().ThreadGroupWithID(kernel.ThreadID(pid)) + if tg == nil { + return fmt.Errorf("failed to signal container %q PID %d: no such process", cid, pid) + } + if tg.Leader().ContainerID() != cid { + return fmt.Errorf("process %d is part of a different container: %q", pid, tg.Leader().ContainerID()) + } + return tg.SendSignal(&arch.SignalInfo{Signo: signo}) } if !sendToFGProcess { -- cgit v1.2.3