Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rootless: fix killing daemon #39222

Merged
merged 2 commits into from
May 15, 2019
Merged

rootless: fix killing daemon #39222

merged 2 commits into from
May 15, 2019

Conversation

AkihiroSuda
Copy link
Member

- What I did

Fixed the issue where the daemon kept running even when dockerd-rootless.sh (and its descendent) was killed.

$ dockerd-rootless.sh --experimental &
$ ps
   PID TTY          TIME CMD
  1083 pts/1    00:00:00 bash
  8696 pts/1    00:00:00 dockerd-rootles
  8702 pts/1    00:00:00 rootlesskit
  8706 pts/1    00:00:00 exe
  8717 pts/1    00:00:00 slirp4netns
  8733 pts/1    00:00:00 dockerd-rootles
  8740 pts/1    00:00:00 dockerd
  8886 pts/1    00:00:00 ps
$ kill 8696
$ ps
   PID TTY          TIME CMD
  1083 pts/1    00:00:00 bash
  8702 pts/1    00:00:00 rootlesskit
  8706 pts/1    00:00:00 exe
  8717 pts/1    00:00:00 slirp4netns
  8733 pts/1    00:00:00 dockerd-rootles
  8740 pts/1    00:00:00 dockerd
  8887 pts/1    00:00:00 ps
$ kill 8702
$ ps
   PID TTY          TIME CMD
  1083 pts/1    00:00:00 bash
  8706 pts/1    00:00:00 exe
  8733 pts/1    00:00:00 dockerd-rootles
  8740 pts/1    00:00:00 dockerd
  8888 pts/1    00:00:00 ps
$ kill 8706
$ ps
   PID TTY          TIME CMD
  1083 pts/1    00:00:00 bash
  8740 pts/1    00:00:00 dockerd
  8889 pts/1    00:00:00 ps

The causes of the issue were:

  1. The parent process of RootlessKit had invoked the child process with Pdeathsig, but it was invalidated after running newuidmap (Support new pid namespace or ability to kill all children rootless-containers/rootlesskit#65)
  2. dockerd-rootless.sh had invoked rootlesskit and dockerd without setting up trap for propagating signals

- How I did it

  1. updated RootlessKit to v0.4.1 with fix child: reconfigure Pdeathsig (release v0.4.1) rootless-containers/rootlesskit#66 (full changes: rootless-containers/rootlesskit@e92d5e7...27a0c7a)
  2. updated dockerd-rootless.sh to exec the processes without forking

- How to verify it

$ dockerd-rootless.sh --experimental &
$ ps
   PID TTY          TIME CMD
  1083 pts/1    00:00:00 bash
  8460 pts/1    00:00:00 rootlesskit
  8470 pts/1    00:00:00 exe
  8484 pts/1    00:00:00 slirp4netns
  8500 pts/1    00:00:00 dockerd
  8653 pts/1    00:00:00 ps
$ kill 8460
$ ps
   PID TTY          TIME CMD
  1083 pts/1    00:00:00 bash
  8654 pts/1    00:00:00 ps

- Description for the changelog

rootless: fix killing daemon

- A picture of a cute animal (not mandatory but encouraged)
https://twitter.com/13033303/status/1128454769050128384

@AkihiroSuda
bump up rootlesskit to v0.4.1
00c92a6 
Now the child process is killed when the parent dies (rootless-containers/rootlesskit#66)

rootless-containers/rootlesskit@e92d5e7...27a0c7a

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@AkihiroSuda
dockerd-rootless.sh: use exec
34cc5c2 
Killing the shell script process does not kill the forked process.

This commit switches to `exec` so that the executed process can be
easily killed.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@AkihiroSuda AkihiroSuda requested a review from tianon as a code owner May 15, 2019 12:12
@AkihiroSuda AkihiroSuda mentioned this pull request May 15, 2019
Merged
@AkihiroSuda
Copy link
Member Author

@tonistiigi @tiborvass

cpuguy83
cpuguy83 approved these changes May 15, 2019
View reviewed changes
Copy link
Member

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cpuguy83 cpuguy83 merged commit 34b5672 into moby:master May 15, 2019
@AkihiroSuda AkihiroSuda mentioned this pull request May 16, 2019
Merged
@thaJeztah thaJeztah added this to the 20.03.0 milestone Apr 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@tiborvass tiborvass tiborvass approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees
No one assigned
Labels
process/cherry-picked status/0-triage
Projects
None yet
Milestone
20.10.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@AkihiroSuda @cpuguy83 @tiborvass @thaJeztah @GordonTheTurtle