Merge pull request #1984 from cyphar/memfd-cleanups

nsenter: cloned_binary: "memfd" cleanups
mrunalp committed Mar 7, 2019
2 parents 923a8f8 + 2d4a37b commit 2b18fe1d885ee5083ef9f0838fee39b62d653e30
Showing with 307 additions and 55 deletions.
  1. +1 −0 libcontainer/container_linux.go
  2. +306 −55 libcontainer/nsenter/cloned_binary.c
@@ -482,6 +482,7 @@ func (c *linuxContainer) commandTemplate(p *Process, childPipe *os.File) (*exec.
cmd.ExtraFiles = append(cmd.ExtraFiles, childPipe)
cmd.Env = append(cmd.Env,
fmt.Sprintf("_LIBCONTAINER_INITPIPE=%d", stdioFdCount+len(cmd.ExtraFiles)-1),
fmt.Sprintf("_LIBCONTAINER_STATEDIR=%s", c.root),
// NOTE: when running a container with no PID namespace and the parent process spawning the container is
// PID1 the pdeathsig is being delivered to the container's init process by the kernel for some reason
