func (s *cpuacctGroup) getProcStarttime(d *data) (float64, error) { rawStart, err := system.GetProcessStartTime(d.pid) if err != nil { return 0, err } return strconv.ParseFloat(rawStart, 64) }
func (d *driver) Terminate(p *execdriver.Command) error { // lets check the start time for the process state, err := libcontainer.GetState(filepath.Join(d.root, p.ID)) if err != nil { if !os.IsNotExist(err) { return err } // TODO: Remove this part for version 1.2.0 // This is added only to ensure smooth upgrades from pre 1.1.0 to 1.1.0 data, err := ioutil.ReadFile(filepath.Join(d.root, p.ID, "start")) if err != nil { // if we don't have the data on disk then we can assume the process is gone // because this is only removed after we know the process has stopped if os.IsNotExist(err) { return nil } return err } state = &libcontainer.State{InitStartTime: string(data)} } currentStartTime, err := system.GetProcessStartTime(p.Process.Pid) if err != nil { return err } if state.InitStartTime == currentStartTime { err = syscall.Kill(p.Process.Pid, 9) syscall.Wait4(p.Process.Pid, nil, 0, nil) } d.removeContainerRoot(p.ID) return err }
func (d *driver) Terminate(p *execdriver.Command) error { // lets check the start time for the process started, err := d.readStartTime(p) if err != nil { // if we don't have the data on disk then we can assume the process is gone // because this is only removed after we know the process has stopped if os.IsNotExist(err) { return nil } return err } currentStartTime, err := system.GetProcessStartTime(p.Process.Pid) if err != nil { return err } if started == currentStartTime { err = syscall.Kill(p.Process.Pid, 9) } d.removeContainerRoot(p.ID) return err }
// TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work. // Move this to libcontainer package. // Exec performs setup outside of a namespace so that a container can be // executed. Exec is a high level function for working with container namespaces. func Exec(container *libcontainer.Config, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) { var ( master *os.File console string err error ) // create a pipe so that we can syncronize with the namespaced process and // pass the veth name to the child syncPipe, err := syncpipe.NewSyncPipe() if err != nil { return -1, err } defer syncPipe.Close() if container.Tty { master, console, err = system.CreateMasterAndConsole() if err != nil { return -1, err } term.SetMaster(master) } command := createCommand(container, console, rootfs, dataPath, os.Args[0], syncPipe.Child(), args) if err := term.Attach(command); err != nil { return -1, err } defer term.Close() if err := command.Start(); err != nil { return -1, err } // Now we passed the pipe to the child, close our side syncPipe.CloseChild() started, err := system.GetProcessStartTime(command.Process.Pid) if err != nil { return -1, err } // Do this before syncing with child so that no children // can escape the cgroup cleaner, err := SetupCgroups(container, command.Process.Pid) if err != nil { command.Process.Kill() command.Wait() return -1, err } if cleaner != nil { defer cleaner.Cleanup() } var networkState network.NetworkState if err := InitializeNetworking(container, command.Process.Pid, syncPipe, &networkState); err != nil { command.Process.Kill() command.Wait() return -1, err } state := &libcontainer.State{ InitPid: command.Process.Pid, InitStartTime: started, NetworkState: networkState, } if err := libcontainer.SaveState(dataPath, state); err != nil { command.Process.Kill() command.Wait() return -1, err } defer libcontainer.DeleteState(dataPath) // Sync with child if err := syncPipe.ReadFromChild(); err != nil { command.Process.Kill() command.Wait() return -1, err } if startCallback != nil { startCallback() } if err := command.Wait(); err != nil { if _, ok := err.(*exec.ExitError); !ok { return -1, err } } return command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil }
// Exec performes setup outside of a namespace so that a container can be // executed. Exec is a high level function for working with container namespaces. func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, pidRoot string, args []string, startCallback func()) (int, error) { var ( master *os.File console string err error ) // create a pipe so that we can syncronize with the namespaced process and // pass the veth name to the child syncPipe, err := NewSyncPipe() if err != nil { return -1, err } if container.Tty { master, console, err = system.CreateMasterAndConsole() if err != nil { return -1, err } term.SetMaster(master) } command := ns.commandFactory.Create(container, console, syncPipe.child, args) if err := term.Attach(command); err != nil { return -1, err } defer term.Close() if err := command.Start(); err != nil { return -1, err } started, err := system.GetProcessStartTime(command.Process.Pid) if err != nil { return -1, err } if err := WritePid(pidRoot, command.Process.Pid, started); err != nil { command.Process.Kill() return -1, err } defer DeletePid(pidRoot) // Do this before syncing with child so that no children // can escape the cgroup cleaner, err := SetupCgroups(container, command.Process.Pid) if err != nil { command.Process.Kill() return -1, err } if cleaner != nil { defer cleaner.Cleanup() } if err := InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil { command.Process.Kill() return -1, err } // Sync with child syncPipe.Close() if startCallback != nil { startCallback() } if err := command.Wait(); err != nil { if _, ok := err.(*exec.ExitError); !ok { return -1, err } } status := command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() return status, err }
// Exec performes setup outside of a namespace so that a container can be // executed. Exec is a high level function for working with container namespaces. func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) { var ( master *os.File console string err error ) // create a pipe so that we can syncronize with the namespaced process and // pass the veth name to the child syncPipe, err := NewSyncPipe() if err != nil { return -1, err } ns.logger.Printf("created sync pipe parent fd %d child fd %d\n", syncPipe.parent.Fd(), syncPipe.child.Fd()) if container.Tty { ns.logger.Println("creating master and console") master, console, err = system.CreateMasterAndConsole() if err != nil { return -1, err } term.SetMaster(master) } command := ns.commandFactory.Create(container, console, syncPipe.child, args) ns.logger.Println("attach terminal to command") if err := term.Attach(command); err != nil { return -1, err } defer term.Close() ns.logger.Println("starting command") if err := command.Start(); err != nil { return -1, err } started, err := system.GetProcessStartTime(command.Process.Pid) if err != nil { return -1, err } ns.logger.Printf("writting pid %d to file\n", command.Process.Pid) if err := ns.stateWriter.WritePid(command.Process.Pid, started); err != nil { command.Process.Kill() return -1, err } defer func() { ns.logger.Println("removing pid file") ns.stateWriter.DeletePid() }() // Do this before syncing with child so that no children // can escape the cgroup ns.logger.Println("setting cgroups") activeCgroup, err := ns.SetupCgroups(container, command.Process.Pid) if err != nil { command.Process.Kill() return -1, err } if activeCgroup != nil { defer activeCgroup.Cleanup() } ns.logger.Println("setting up network") if err := ns.InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil { command.Process.Kill() return -1, err } ns.logger.Println("closing sync pipe with child") // Sync with child syncPipe.Close() if err := command.Wait(); err != nil { if _, ok := err.(*exec.ExitError); !ok { return -1, err } } status := command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() ns.logger.Printf("process exited with status %d\n", status) return status, err }