Fix instance directory permission for privacy and exit when container…

… instance doesn't contain processes
sylabs · Jan 2, 2019 · b4dcb0e · b4dcb0e
1 parent 6896067
commit b4dcb0e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/etc/actions/start b/etc/actions/start
@@ -1,9 +1,5 @@
 #!/bin/sh
 
-# if we are here start notify PID 1 to continue
-# DON'T REMOVE
-kill -CONT 1
-
 for script in /.singularity.d/env/*.sh; do
     if [ -f "$script" ]; then
         . "$script"

diff --git a/internal/pkg/instance/instance.go b/internal/pkg/instance/instance.go
@@ -197,6 +197,18 @@ func (i *File) Update() error {
 	if err := os.MkdirAll(path, 0755); err != nil {
 		return err
 	}
+	if i.PrivilegedPath() {
+		pw, err := user.GetPwNam(i.User)
+		if err != nil {
+			return err
+		}
+		if err := os.Chmod(path, 0550); err != nil {
+			return err
+		}
+		if err := os.Chown(path, int(pw.UID), 0); err != nil {
+			return err
+		}
+	}
 	file, err := os.OpenFile(i.Path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
 	if err != nil {
 		return err

diff --git a/internal/pkg/runtime/engines/singularity/process.go b/internal/pkg/runtime/engines/singularity/process.go
@@ -220,8 +220,9 @@ func (engine *EngineOperations) StartProcess(masterConn net.Conn) error {
 				}
 			default:
 				if isInstance {
-					if s != syscall.SIGCONT {
-						syscall.Kill(-1, s.(syscall.Signal))
+					if err := syscall.Kill(-1, s.(syscall.Signal)); err == syscall.ESRCH {
+						sylog.Debugf("No child process, exiting ...")
+						os.Exit(128 + int(s.(syscall.Signal)))
 					}
 				} else {
 					// kill ourself with SIGKILL whatever signal was received