mirrors/bird
mirrors/bird
0
0
Fork 0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2025-01-03 23:51:54 +00:00
Code Releases Activity

Flock: Container killing

Browse Source
This commit is contained in:
Maria Matejka 2024-09-27 18:49:49 +02:00
parent 8e5c2a67c1
commit f1519fc9b7
1 changed files with 64 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
flock/container.c
View File

@ -5,6 +5,7 @@
#include "lib/io-loop.h" #include "lib/io-loop.h"
#include "lib/hash.h" #include "lib/hash.h"
#include <poll.h>
#include <sched.h> #include <sched.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/wait.h> #include <sys/wait.h>
@ -43,6 +44,20 @@ struct container_runtime {
#define CRT_EQ(a,h,b,i) ((h) == (i)) && (!strcmp(a,b)) #define CRT_EQ(a,h,b,i) ((h) == (i)) && (!strcmp(a,b))
#define CRT_FN(a,h) h #define CRT_FN(a,h) h
static sig_atomic_t poweroff, zombie;
static void
container_poweroff_sighandler(int signo)
{
poweroff = signo;
}
static void
container_child_sighandler(int signo UNUSED)
{
zombie = 1;
}
static int container_forker_fd = -1; static int container_forker_fd = -1;
static void static void
@ -50,12 +65,37 @@ container_mainloop(int fd)
{ {
log(L_INFO "container mainloop with fd %d", fd); log(L_INFO "container mainloop with fd %d", fd);
signal(SIGTERM, container_poweroff_sighandler);
signal(SIGINT, container_poweroff_sighandler);
signal(SIGCHLD, container_child_sighandler);
/* TODO: mount overlayfs and chroot */ /* TODO: mount overlayfs and chroot */
while (1) while (1)
{ {
pause(); struct pollfd pfd = {
.fd = fd,
.events = POLLIN,
};
sigset_t newmask;
sigemptyset(&newmask);
int res = ppoll(&pfd, 1, NULL, &newmask);
if (poweroff)
{
byte outbuf[128];
linpool *lp = lp_new(&root_pool);
struct cbor_writer *cw = cbor_init(outbuf, sizeof outbuf, lp);
cbor_open_block_with_length(cw, 1);
cbor_add_int(cw, -4);
cbor_add_int(cw, poweroff);
ASSERT_DIE(write(fd, outbuf, cw->pt) == cw->pt);
exit(0);
}
/* TODO: check for telnet socket */ /* TODO: check for telnet socket */
log(L_INFO "woken up!"); log(L_INFO "woken up, res %d (%m)!", res);
} }
} }
@ -102,10 +142,20 @@ container_start(void)
return; return;
} }
e = unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWTIME | CLONE_NEWNET); e = unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWTIME | CLONE_NEWNET);
if (e < 0) if (e < 0)
die("Failed to unshare container: %m"); die("Failed to unshare container: %m");
/* Mask signals for forking and other fragile stuff */
sigset_t oldmask;
sigset_t newmask;
sigemptyset(&newmask);
#define KILLABLE_SIGNALS SIGINT, SIGTERM, SIGHUP, SIGQUIT
#define FROB(x) sigaddset(&newmask, x);
MACRO_FOREACH(FROB, KILLABLE_SIGNALS);
#undef FROB
sigprocmask(SIG_BLOCK, &newmask, &oldmask);
pid = fork(); pid = fork();
if (pid < 0) if (pid < 0)
die("Failed to fork container (child): %m"); die("Failed to fork container (child): %m");
@ -154,10 +204,19 @@ container_start(void)
/* The Parent */ /* The Parent */
static int static int
hypervisor_container_rx(sock *sk, uint sz) hypervisor_container_rx(sock *sk, uint _sz UNUSED)
{ {
byte buf[128];
ssize_t sz = read(sk->fd, buf, sizeof buf);
if (sz < 0)
{
log(L_ERR "error reading data from %p (container_rx): %m", sk);
sk_close(sk);
return 0;
}
log(L_INFO "received %u data from %p (container_rx)", sz, sk); log(L_INFO "received %u data from %p (container_rx)", sz, sk);
return 1; return 0;
} }
static int static int