Skip to content

Kill processes in cgroup even if process Wait fails#2633

Merged
kolyshkin merged 1 commit into
opencontainers:masterfrom
chaitanyabandi:2632-fix
Oct 8, 2020
Merged

Kill processes in cgroup even if process Wait fails#2633
kolyshkin merged 1 commit into
opencontainers:masterfrom
chaitanyabandi:2632-fix

Conversation

@chaitanyabandi
Copy link
Copy Markdown
Contributor

@chaitanyabandi chaitanyabandi commented Oct 5, 2020

If the cgroup's init process doesn't complete successfully, Wait returns a
non-nil error. We should still kill all the processes in the cgroup in that
case, if process namespace is shared. Otherwise, it may result in process leak.

Fixes #2632

Signed-off-by: Chaitanya Bandi kbandi@cs.stonybrook.edu

@kolyshkin
Copy link
Copy Markdown
Contributor

kolyshkin commented Oct 5, 2020

@chaitanyabandi thanks! I suppose you have a repro... care to add a test case?

@chaitanyabandi chaitanyabandi force-pushed the 2632-fix branch 3 times, most recently from 31ecc1a to 6be9179 Compare October 6, 2020 21:15
@chaitanyabandi
Copy link
Copy Markdown
Contributor Author

chaitanyabandi commented Oct 6, 2020

@chaitanyabandi thanks! I suppose you have a repro... care to add a test case?

Added a test in libcontainer/integration. Thanks for the feedback.

@chaitanyabandi
Copy link
Copy Markdown
Contributor Author

chaitanyabandi commented Oct 7, 2020

@mrunalp , @kolyshkin PTAL, thank you.

kolyshkin
kolyshkin reviewed Oct 7, 2020
View reviewed changes
Comment thread libcontainer/integration/exec_test.go Outdated
kolyshkin
kolyshkin reviewed Oct 7, 2020
View reviewed changes
Comment thread libcontainer/integration/exec_test.go Outdated
kolyshkin
kolyshkin reviewed Oct 7, 2020
View reviewed changes
Comment thread libcontainer/integration/exec_test.go Outdated
@kolyshkin
Copy link
Copy Markdown
Contributor

kolyshkin commented Oct 7, 2020

Looks good except a few nits, and I have checked the test case works (i.e. fails without the fix).

kolyshkin
kolyshkin reviewed Oct 8, 2020
View reviewed changes
Comment thread libcontainer/integration/exec_test.go Outdated
@chaitanyabandi
Kill all processes in cgroup even if init process Wait fails
0aa0fae 
If the cgroup's init process doesn't complete successfully, Wait returns a
non-nil error. We should still kill all the process in the cgroup if process
namespace is shared. Otherwise, it may result in process leak.

Fixes opencontainers#2632

Signed-off-by: Chaitanya Bandi <kbandi@cs.stonybrook.edu>
kolyshkin
kolyshkin approved these changes Oct 8, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kolyshkin kolyshkin merged commit 44f221e into opencontainers:master Oct 8, 2020
@chaitanyabandi chaitanyabandi deleted the 2632-fix branch October 8, 2020 18:05
@mauriciovasquezbernal mauriciovasquezbernal mentioned this pull request Oct 23, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp mrunalp approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Process leak if cgroup init process shares process namespace

3 participants

@chaitanyabandi @kolyshkin @mrunalp