[libvirt] [PATCH 3/4] lxc: validate container process during load config

Fri May 30 11:27:27 UTC 2008

On Fri, May 30, 2008 at 02:28:46AM -0400, Daniel Veillard wrote:
> On Thu, May 29, 2008 at 03:20:15PM -0700, Dave Leskovec wrote:
> > +            if (ESRCH == errno) {
> > +                rc = 0;
> > +                DEBUG("pid %d no longer exists", def->id);
> > +                goto done;
> > +            }
> > +
> > +            lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
> > +                     _("error checking container process: %d %s"),
> > +                     def->id, strerror(errno));
> > +            goto done;
> > +        }
> 
>   The problem though is that by doing just  a passive test for the PID
> it feels like there is a possible race if the process counter rolled over and
> another process with the same PID got create in the meantime.
>   i have the feeling that a test based on the state of the file descriptors
> used to communicate with the container would be more reliable. Basically if the
> container disapear, then the pipe should get in a half-closed state, 
> detecting the change at that level sounds like it would be more reliable,
> don't you think so ?

Yes, after checking the PID still exists, it needs to validate /proc/$PID/exe
to verify it points to the binary we expect it to.

Regards,
Dan.
-- 
|: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|