From ad2fa3945997905760a4c7ef0444580ffb4b939a Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 3 Mar 2016 19:42:54 -0800 Subject: [PATCH] Fix race in container creation Only register a container once it's successfully started. This avoids a race condition where the daemon is killed while in the process of calling `libcontainer.Container.Start`, and ends up killing -1. There is a time window where the container `initProcess` is not set, and its PID unknown. This commit fixes the race Engine side. Signed-off-by: Arnaud Porterie --- daemon/execdriver/native/driver.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go index fb7ef26271..98d64a32cf 100644 --- a/daemon/execdriver/native/driver.go +++ b/daemon/execdriver/native/driver.go @@ -157,6 +157,10 @@ func (d *Driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, hooks execd if err != nil { return execdriver.ExitStatus{ExitCode: -1}, err } + + if err := cont.Start(p); err != nil { + return execdriver.ExitStatus{ExitCode: -1}, err + } d.Lock() d.activeContainers[c.ID] = cont d.Unlock() @@ -167,10 +171,6 @@ func (d *Driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, hooks execd d.cleanContainer(c.ID) }() - if err := cont.Start(p); err != nil { - return execdriver.ExitStatus{ExitCode: -1}, err - } - //close the write end of any opened pipes now that they are dup'ed into the container for _, writer := range writers { writer.Close() @@ -302,6 +302,9 @@ func (d *Driver) Kill(c *execdriver.Command, sig int) error { if err != nil { return err } + if state.InitProcessPid == -1 { + return fmt.Errorf("avoid sending signal %d to container %s with pid -1", sig, c.ID) + } return syscall.Kill(state.InitProcessPid, syscall.Signal(sig)) }