-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add command-pid member to --json-status-fd #576
base: main
Are you sure you want to change the base?
Conversation
Note that unlike For
Unless I'm missing some simple solution, we'll have to introduce another block_fd-like fd that would be leaked to the COMMAND process (and even then COMMAND may close it early, making the code inadvertently fail). |
Heh. I'll rebase and fix conflicts in a day or so. |
In cases where bwrap runs its own additional PID 1 process (e.g. --unshare-pid), child-pid is the PID of that process, not the PID of the user-specified COMMAND. This is inconvenient as the user might want to send e.g. SIGTERM to the command to give it a chance to exit gracefully. Closes containers#553 Signed-off-by: WGH <wgh@torlan.ru>
Rebased |
close (command_pid_sockets[1]); | ||
command_pid = read_pid_from_socket (command_pid_sockets[0]); | ||
close (command_pid_sockets[0]); | ||
|
||
if (opt_json_status_fd != -1) | ||
{ | ||
cleanup_free char *output = xasprintf ("{ \"command-pid\": %i }\n", command_pid); | ||
dump_info (opt_json_status_fd, output, TRUE); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will make the uppermost process (the monitor process, outside the sandbox) block until the final process sends its pid. And, if the child process (reported as child-pid
) fails for any reason, then read_pid_from_socket()
will fail with a fatal error, preventing monitor_child()
from relaying the true exit status of the child.
I think it would be better to monitor command_pid_sockets[0]
in monitor_child()
, and use non-blocking I/O for that, so that we output the information when we have it, but we don't wait for it.
Yeah, that's quite a serious limitation. It doesn't necessarily make this feature addition entirely useless, but it's certainly something that users of this feature would need to be careful about.
I think the better way to solve this particular use-case would be a fixed version of #586: teach the top-level bwrap monitor process to be able to forward signals like That way, instead of sending your signals to the |
In cases where
bwrap
runs its own additional PID 1 process (e.g.--unshare-pid
),child-pid
is the PID of that process, not the PID of the user-specified COMMAND.This is inconvenient as the user might want to send e.g.
SIGTERM
to the command to give it a chance to exit gracefully.Example:
Closes #553