Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libcontainer: Do not change container state when exec'ing a process #1767

Closed
sboeuf opened this issue Mar 27, 2018 · 2 comments
Closed

libcontainer: Do not change container state when exec'ing a process #1767

sboeuf opened this issue Mar 27, 2018 · 2 comments

Comments

@sboeuf
Copy link
Contributor

sboeuf commented Mar 27, 2018

I was trying to exec a process on a container that was not running from Kata Containers, and I have realized that we get an issue because of the way our agent relies on libcontainer. Indeed, our agent is a long lasting process that keeps libcontainer.Container containers and libcontainer.Process processes pointers in memory.
The case of the exec being started on a created container does not support this behavior. It assumes the container status will be asked from the disk everytime. That's a problem in our case and I found how to fix this, by removing this.

Basically, this else statement modifies the in-memory status of the container but never saves/stores it on disk. That's a problem when you rely exclusively on in-memory statuses like we do in case of our agent.

Now, I have opened this issue to suggest that we could remove this code part, but I might be missing a real use case for that, and I am looking for guidance here.

@crosbymichael @mrunalp @cyphar please let me know what you think about this.
@crosbymichael
Copy link
Member

I think it makes sense but maybe we should do a refresh on the state to make sure its is written. You will have to work on the implementation some to figureout what is the right course of action.

@sboeuf
Copy link
Contributor Author

sboeuf commented Mar 30, 2018

I am glad you're okay with that @crosbymichael , and of course I'll do the implementation :).

I am not sure about what you mean by "refresh" ? My understanding is that we don't want this state to be written on disk because that would mean the container would be considered running because we did an exec, which would be wrong because the container workload would not have been started.

sboeuf pushed a commit to sboeuf/runc that referenced this issue Mar 30, 2018
libcontainer: Don't set container state to running when exec'ing
985628d 
There is no reason to set the container state to "running" as a
temporary value when exec'ing a process on a container in "created"
state. The problem doing this is that consumers of the libcontainer
library might use it by keeping pointers in memory. In this case,
the container state will indicate that the container is running, which
is wrong, and this will end up with a failure on the next action
because the check for the container state transition will complain.

Fixes opencontainers#1767

Signed-off-by: Sebastien Boeuf <[email protected]>
@sboeuf sboeuf mentioned this issue Mar 30, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crosbymichael @sboeuf