when ushare is used within dived with pid, the PID is that of the namespace

Question

when ushare is used within dived with pid, the PID is that of the namespace

osamasorour opened this issue 12 years ago · 5 comments

When the "-s" is used with "pid" to create a process ID namespace, the PID file is written with the new namespace PID. This makes it impossible for scripts to kill the main dived.
The solution is to write the PID returned from the clone() syscall:

--- dive-master/dived.c 2012-10-13 22:10:38.000000000 -0400
+++ dive-master-patched/dived.c 2012-11-27 05:55:33.000000000 -0500
@@ -426,7 +426,7 @@ int serve(struct dived_options* opts) {
}

 /* Save pidfile */

if (opts->pidfile){
if (opts->pidfile && !opts->unshare_){
FILE* f = fopen(opts->pidfile, "w");
fprintf(f, "%d\n", getpid());
fclose(f);
@@ -657,11 +657,17 @@ int main(int argc, char* argv[], char* e
}

 char* stack = malloc(1024*16);

   int cpid = clone( (int(_)(void_)) serve, stack, CLONE_VM|flags, opts);

   int cpid = clone( (int(_)(void_)) serve, stack+1024*16, CLONE_VM|flags, opts);
 if (cpid == -1) {
     perror("clone");
     return 19;
 }

```
   if (opts->pidfile){
```

       FILE\* f = fopen(opts->pidfile, "w");

```
       fprintf(f, "%d\n", cpid);
```
```
       fclose(f);
```
```
   }
```
- return 0;
  }
  }

Answer 1 · 2012-11-27T11:02:24.000Z

patched got reformatted. Here it is again


--- dive-master/dived.c 2012-10-13 22:10:38.000000000 -0400
+++ dive-master-patched/dived.c 2012-11-27 05:55:33.000000000 -0500
@@ -426,7 +426,7 @@ int serve(struct dived_options* opts) {
     }

     /* Save pidfile */
-    if (opts->pidfile){
+    if (opts->pidfile && !opts->unshare_){
         FILE* f = fopen(opts->pidfile, "w");
         fprintf(f, "%d\n", getpid());
         fclose(f);
@@ -657,11 +657,17 @@ int main(int argc, char* argv[], char* e
         }

         char* stack = malloc(1024*16);
-        int cpid = clone( (int(*)(void*)) serve, stack, CLONE_VM|flags, opts);
+        int cpid = clone( (int(*)(void*)) serve, stack+1024*16, CLONE_VM|flags, opts);
         if (cpid == -1) {
             perror("clone");
             return 19;
         }
+        if (opts->pidfile){
+            FILE* f = fopen(opts->pidfile, "w");
+            fprintf(f, "%d\n", cpid);
+            fclose(f);
+        }
+
         return 0; 
     }
 }

Answer 2 · 2012-11-27T11:28:26.000Z

Applied. (and rewritten the "v0.9" tag and deb package yet again)

Answer 3 · 2012-11-27T11:30:38.000Z

Actually I initially quickly hacked "clone" mode to play with CLONE_... options that are missing in /usr/bin/unshare.

Answer 4 · 2012-11-27T11:36:13.000Z

Note: looks like "--unshare" with "--detach" work poorly. Trying to fix again.

Answer 5 · 2012-11-27T11:54:50.000Z

Fixed. Now can do dived --unshare ... --detach --pidfile .... I need to use "kill -9" when pid namespace is detach for some reason. Killing dived --pidfile --unshare without --detach leaves sleeping stub around.