'created' state not changed after 'crun exec'

[joaompinto]

After creating a container with "crun create" and executing sh on it with "crun exec", while the shell is being executed within the container, crun reports the container is in the "created" state.

Test setup:

• config.json: rootless spec
• rootfs: Alpine 3.10.3

How to reproduce:

In terminal 1:
socat -d UNIX-LISTEN:/tmp/my_test_socket,fork TCP:localhost:8080

In terminal2:
nc -nvkl 8080

In terminal 3

crun create --console-socket=/tmp/my_test_socket my-own-id && crun exec my-own-id /bin/sh

In terminal 4
crun list

[giuseppe]

the state should change after you issue a crun start

[joaompinto]

I am finding a bit hard to understand the "state" meaning across different tools. I will put some questions and eventually update/create some documentation:

a) Is the container "state" only relative to the «main containter» "process" defined in config.json?
b) when the main container process finishes should all other processes (created by exec) terminated (in order to remove associated ns/cgroups)?
c) in the context of libcrun calls should we care about potential race conditions between create/start/run/exec or is that something that should be managed at the application levell ?

[giuseppe]

a) yes the state is only relative to the main process
b) they should be killed when you do a crun kill --all or crun delete. They are also automatically killed if the container has a PID namespace. It is a good practice to have a PID namespace.
c) create/start should be already race free. Once the container is in the created state and create finished, start can be used. Is there any kind of race you have in mind?

[joaompinto]

@giuseppe thanks for the info

About the potential for race conditions this is a very high level «Did not look at the code» concern with "crun exec".

[joaompinto]

The issue was my lack of understanding of the "state" meaning.