Daniel P. Berrange wrote:
On Fri, May 30, 2008 at 02:28:46AM -0400, Daniel Veillard wrote:
> On Thu, May 29, 2008 at 03:20:15PM -0700, Dave Leskovec wrote:
>> + if (ESRCH == errno) {
>> + rc = 0;
>> + DEBUG("pid %d no longer exists", def->id);
>> + goto done;
>> + }
>> +
>> + lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
>> + _("error checking container process: %d %s"),
>> + def->id, strerror(errno));
>> + goto done;
>> + }
> The problem though is that by doing just a passive test for the PID
> it feels like there is a possible race if the process counter rolled over and
> another process with the same PID got create in the meantime.
> i have the feeling that a test based on the state of the file descriptors
> used to communicate with the container would be more reliable. Basically if the
> container disapear, then the pipe should get in a half-closed state,
> detecting the change at that level sounds like it would be more reliable,
> don't you think so ?
Yes, after checking the PID still exists, it needs to validate /proc/$PID/exe
to verify it points to the binary we expect it to.
Hmmm.... Worked with this a bit and I don't think we can reliably know what to
expect /proc/$PID/exe to point to. For scripts, /proc/$PID/exe seems to point
the shell. Also, if the container does an exec, /proc/$PID/exe points to
whatever it exec'd rather than the init program.
There currently isn't pipe into the container although one may be added as part
of the network support for other reasons. My concern there is that if something
has happened that we're not getting SIGCHLD from exiting containers, wouldn't we
have lost the pipe as well?
--
Best Regards,
Dave Leskovec
IBM Linux Technology Center
Open Virtualization