Enable masking stop signals within container creation

Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes containers#7941 Signed-off-by: Matthew Heon <mheon@redhat.com>
mheon · Oct 12, 2020 · d322f3d · d322f3d
1 parent 8381f3f
commit d322f3d
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 0 deletions.
diff --git a/libpod/runtime.go b/libpod/runtime.go
@@ -17,6 +17,7 @@ import (
 	"github.com/containers/podman/v2/libpod/events"
 	"github.com/containers/podman/v2/libpod/image"
 	"github.com/containers/podman/v2/libpod/lock"
+	"github.com/containers/podman/v2/libpod/shutdown"
 	"github.com/containers/podman/v2/pkg/cgroups"
 	"github.com/containers/podman/v2/pkg/registries"
 	"github.com/containers/podman/v2/pkg/rootless"
@@ -174,9 +175,21 @@ func newRuntimeFromConfig(ctx context.Context, conf *config.Config, options ...R
 		}
 	}
 
+	if err := shutdown.Start(); err != nil {
+		return nil, errors.Wrapf(err, "error starting shutdown signal handler")
+	}
+
 	if err := makeRuntime(ctx, runtime); err != nil {
 		return nil, err
 	}
+
+	if err := shutdown.Register("libpod", func() error {
+		os.Exit(1)
+		return nil
+	}); err != nil {
+		logrus.Errorf("Error registering shutdown handler for libpod: %v", err)
+	}
+
 	return runtime, nil
 }
 

diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
@@ -12,6 +12,7 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/libpod/events"
+	"github.com/containers/podman/v2/libpod/shutdown"
 	"github.com/containers/podman/v2/pkg/cgroups"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/storage"
@@ -149,6 +150,10 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		return nil, err
 	}
 
+	// Inhibit shutdown until creation succeeds
+	shutdown.Inhibit()
+	defer shutdown.Uninhibit()
+
 	// Allocate a lock for the container
 	lock, err := r.lockManager.AllocateLock()
 	if err != nil {

diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
@@ -190,6 +190,9 @@ func (s *APIServer) Serve() error {
 	}); err != nil {
 		return err
 	}
+	// Unregister the libpod handler, which just calls exit(1).
+	// Ignore errors if it doesn't exist.
+	_ = shutdown.Unregister("libpod")
 
 	errChan := make(chan error, 1)
 

diff --git a/pkg/domain/infra/abi/terminal/sigproxy_linux.go b/pkg/domain/infra/abi/terminal/sigproxy_linux.go
@@ -5,12 +5,17 @@ import (
 	"syscall"
 
 	"github.com/containers/podman/v2/libpod"
+	"github.com/containers/podman/v2/libpod/shutdown"
 	"github.com/containers/podman/v2/pkg/signal"
 	"github.com/sirupsen/logrus"
 )
 
 // ProxySignals ...
 func ProxySignals(ctr *libpod.Container) {
+	// Stop catching the shutdown signals (SIGINT, SIGTERM) - they're going
+	// to the container now.
+	shutdown.Stop()
+
 	sigBuffer := make(chan os.Signal, 128)
 	signal.CatchAll(sigBuffer)