start: fix death signal

On set{g,u}id() the kernel does: /* dumpability changes */ if (!uid_eq(old->euid, new->euid) || !gid_eq(old->egid, new->egid) || !uid_eq(old->fsuid, new->fsuid) || !gid_eq(old->fsgid, new->fsgid) || !cred_cap_issubset(old, new)) { if (task->mm) set_dumpable(task->mm, suid_dumpable); task->pdeath_signal = 0; smp_wmb(); } which means we need to re-enable the deat signal after the set{g,u}id(). Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc · Dec 22, 2017 · 912314f · 912314f
1 parent 8bf3abf
commit 912314f
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/src/lxc/start.c b/src/lxc/start.c
@@ -888,8 +888,9 @@ static int do_start(void *data)
 	 * exit before we set the pdeath signal leading to a unsupervized
 	 * container.
 	 */
-	if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0)) {
-		SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL.");
+	ret = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+	if (ret < 0) {
+		SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL");
 		return -1;
 	}
 
@@ -946,6 +947,13 @@ static int do_start(void *data)
 			if (ret < 0)
 				goto out_warn_father;
 		}
+
+		/* set{g,u}id() clears deathsignal */
+		ret = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+		if (ret < 0) {
+			SYSERROR("Failed to set PR_SET_PDEATHSIG to SIGKILL");
+			goto out_warn_father;
+		}
 	}
 
 	if (access(handler->lxcpath, X_OK)) {