44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
From b39f29f48456ae7e9b85ff7584adeb7e68fda460 Mon Sep 17 00:00:00 2001
|
|
From: xiadanni1 <xiadanni1@huawei.com>
|
|
Date: Thu, 19 Dec 2019 02:35:01 +0800
|
|
Subject: [PATCH 3/5] runc: may kill other process when container
|
|
has been stopped
|
|
|
|
reason:may kill other process when container has been stopped
|
|
|
|
Change-Id: Iaa1af6f44dec5d7eac3518ff1dbdfedc68eb7219
|
|
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
|
|
---
|
|
libcontainer/container_linux.go | 14 +++++++++++---
|
|
1 file changed, 11 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
|
|
index e7c178b..9b25183 100644
|
|
--- a/libcontainer/container_linux.go
|
|
+++ b/libcontainer/container_linux.go
|
|
@@ -358,10 +358,18 @@ func (c *linuxContainer) Signal(s os.Signal, all bool) error {
|
|
if all {
|
|
return signalAllProcesses(c.cgroupManager, s)
|
|
}
|
|
- if err := c.initProcess.signal(s); err != nil {
|
|
- return newSystemErrorWithCause(err, "signaling init process")
|
|
+ status, err := c.currentStatus()
|
|
+ if err != nil {
|
|
+ return err
|
|
}
|
|
- return nil
|
|
+ // to avoid a PID reuse attack
|
|
+ if status == Running || status == Created {
|
|
+ if err := c.initProcess.signal(s); err != nil {
|
|
+ return newSystemErrorWithCause(err, "signaling init process")
|
|
+ }
|
|
+ return nil
|
|
+ }
|
|
+ return newGenericError(fmt.Errorf("container not running"), ContainerNotRunning)
|
|
}
|
|
|
|
func (c *linuxContainer) createExecFifo() error {
|
|
--
|
|
1.8.3.1
|
|
|