prctl(PR_SET_PDEATHSIG, ...) should be called after fork(), not before

krallin / tini

A tiny but valid `init` for containers

MIT License

9.66k stars 505 forks source link

prctl(PR_SET_PDEATHSIG, ...) should be called after fork(), not before #213

Closed igor-anferov closed 1 year ago

igor-anferov commented 1 year ago

From the official Linux documentation:

The parent-death signal setting is cleared for the child of a fork(2).

So, calling prctl(PR_SET_PDEATHSIG, ...) before spawn(), which is currently the case, doesn't make sense.

krallin commented 1 year ago

The commit that introduced this explains the use case:

https://github.com/krallin/tini/commit/eb0f6de3a5efc57bba81992ad8463494a6f45c4a

Their goal was indeed to signal Tini when its parent dies, not to signal Tini’s child when Tini dies.

On Tue, 13 Jun 2023 at 16:24, Igor Anferov @.***> wrote:

From the official Linux documentation https://man7.org/linux/man-pages/man2/prctl.2.html:

The parent-death signal setting is cleared for the child of a fork(2).

So, calling prctl(PR_SET_PDEATHSIG, ...) before spawn(), which is currently the case, doesn't make sense.

— Reply to this email directly, view it on GitHub https://github.com/krallin/tini/issues/213, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANIHVTRI5BEKRWQ4PPLPCLXLBZYXANCNFSM6AAAAAAZE6XQOM . You are receiving this because you are subscribed to this thread.Message ID: @.***>

igor-anferov commented 1 year ago

Aaah, I see, thanks for your explanation. But I still don't understand the last phrase from the commit message:

    $ unshare --pid --fork setpriv --reuid user tini -s -p SIGKILL -- <prog>

As soon as unshare is getting killed, tini will get signalled SIGKILL
and exit as well, tearing down <prog> with it.

Why would be torn down in this case?

krallin commented 1 year ago

When you’re in a PID namespace and PID1 in that namespace exits the rest of the namespace will be killed too

On Wed, 14 Jun 2023 at 01:40, Igor Anferov @.***> wrote:

Aaah, I see, thanks for your explanation. But I still don't understand the last phrase from the commit message:
$ unshare --pid --fork setpriv --reuid user tini -s -p SIGKILL -- <prog>
As soon as unshare is getting killed, tini will get signalled SIGKILL and exit as well, tearing down with it.

Why would be torn down in this case?

— Reply to this email directly, view it on GitHub https://github.com/krallin/tini/issues/213#issuecomment-1590199240, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANIHVSNLP3L2GOOV7GBTXLXLD27TANCNFSM6AAAAAAZE6XQOM . You are receiving this because you commented.Message ID: @.***>

igor-anferov commented 1 year ago

Got it, thank you!