Skip to content

Commit

Permalink
libct: don't allow to start second init process
Browse files Browse the repository at this point in the history
By definition, every container has only 1 init (i.e. PID 1) process.

Apparently, libcontainer API supported running more than 1 init, and
at least one tests mistakenly used it.

Let's not allow that, erroring out if we already have init. Doing
otherwise _probably_ results in some confusion inside the library.

Fix two cases in libct/int which ran two inits inside a container.

Signed-off-by: Kir Kolyshkin <[email protected]>
  • Loading branch information
kolyshkin committed May 7, 2024
1 parent 64f3c17 commit dfe38a9
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 3 additions & 0 deletions libcontainer/container_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,9 @@ func (c *Container) start(process *Process) (retErr error) {
return errors.New("can't start container with SkipDevices set")
}
if process.Init {
if c.initProcessStartTime != 0 {
return errors.New("container already has init process")
}
if err := c.createExecFifo(); err != nil {
return err
}
Expand Down
2 changes: 0 additions & 2 deletions libcontainer/integration/execin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,6 @@ func testExecInRlimit(t *testing.T, userns bool) {
// increase process rlimit higher than container rlimit to test per-process limit
{Type: unix.RLIMIT_NOFILE, Hard: 1026, Soft: 1026},
},
Init: true,
}
err = container.Run(ps)
ok(t, err)
Expand Down Expand Up @@ -359,7 +358,6 @@ func TestExecInEnvironment(t *testing.T) {
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
Stderr: buffers.Stderr,
Init: true,
}
err = container.Run(process2)
ok(t, err)
Expand Down

0 comments on commit dfe38a9

Please sign in to comment.