Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runc exec: refuze paused container/cgroup #727

Merged
merged 2 commits into from
Sep 1, 2021
Merged

runc exec: refuze paused container/cgroup #727

merged 2 commits into from
Sep 1, 2021

Conversation

kolyshkin
Copy link
Collaborator

In case the container is paused, crun exec is stuck without
any diagnostics, and this is hard to debug by end user.

Add a check, and refuse to exec in a paused container/cgroup.

Before:

# crun exec xx34 echo yes
^C^Z^C

(crun exec stuck, it's unclear what is going on, and there is nothing we can do from this terminal)

After:

# crun exec xx34 echo yes
2021-09-01T18:20:30.000549846Z: the container `xx34` is paused.

@kolyshkin
cgroup: drop cgroup_mode arg from libcrun_cgroup_is_container_paused
7d35659 
This is a minor refactor, adding call to libcrun_get_cgroup_mode() in
libcrun_cgroup_is_container_paused(), instead of having a caller do it,
and dropping the int cgroup_mode argument.

Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin
exec: refuse paused container/cgroup
4810ac6 
In case the container is paused, crun exec is stuck without
any diagnostics, and this is hard to debug by end user.

Add a check, and refuse to exec in a paused container/cgroup.

Signed-off-by: Kir Kolyshkin <[email protected]>
giuseppe
giuseppe approved these changes Sep 1, 2021
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks for the patch!

src/libcrun/cgroup.h
@@ -65,8 +65,7 @@ LIBCRUN_PUBLIC int libcrun_move_process_to_cgroup (pid_t pid, pid_t init_pid, ch
LIBCRUN_PUBLIC int libcrun_update_cgroup_resources (int cgroup_mode,
runtime_spec_schema_config_linux_resources *resources, char *path,
libcrun_error_t *err);
LIBCRUN_PUBLIC int libcrun_cgroup_is_container_paused (const char *cgroup_path, int cgroup_mode, bool *paused,
libcrun_error_t *err);
LIBCRUN_PUBLIC int libcrun_cgroup_is_container_paused (const char *cgroup_path, bool *paused, libcrun_error_t *err);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is a breaking change in a public libcrun function, but I guess we probably don't hurt anyone :-) and the API is nicer

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debian packaging might complain about it (I barely remember they actually check that).

@giuseppe giuseppe merged commit 1453a0e into containers:main Sep 1, 2021
@kolyshkin kolyshkin mentioned this pull request Sep 2, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giuseppe giuseppe giuseppe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kolyshkin @giuseppe