filter_chroot: filter also by pid namespace

author Elan Ruusamäe <glen@delfi.ee>

Wed, 20 Nov 2013 10:18:01 +0000 (12:18 +0200)

committer Elan Ruusamäe <glen@delfi.ee>

Wed, 20 Nov 2013 10:18:01 +0000 (12:18 +0200)
author Elan Ruusamäe <glen@delfi.ee>
Wed, 20 Nov 2013 10:18:01 +0000 (12:18 +0200)
committer Elan Ruusamäe <glen@delfi.ee>
Wed, 20 Nov 2013 10:18:01 +0000 (12:18 +0200)
diff --git a/lib/functions b/lib/functions

index 58efafee4c4d5093f29afdf60c19c7ed0fcf79ab..f7af7defeabe93dc1981b5a864f777941a6f3ff9 100644 (file)
--- a/lib/functions
+++ b/lib/functions
@@ -493,14 +493,23 @@ checkpid() {
  # (note: some processes like named are chrooted but run outside chroot)
  # - do nothing inside vserver
  filter_chroot() {
+       # filter by pid namespace if such dir exists for current process
+       # we do filter in containers as stacked containers are possible with LXC
+       if [ -d /proc/$$/ns ]; then
+               local pids
+               pids=$(filter_ns "$@") && set -- "$pids"
+       fi
+
         if is_yes "$VSERVER"; then
                 echo $@
                 return
         fi
+
         if [ $# -lt 1 -o ! -d /proc/1 ]; then
                 echo $@
                 return
         fi
+
         local root_dir good_pids="" good_add_pid
         for root_pid in $@; do
                 root_dir=$(resolvesymlink /proc/${root_pid}/root)
@@ -519,6 +528,24 @@ filter_chroot() {
         echo $good_pids
  }
  
+# similar to filter_chroot, but filter based on /proc/PID/ns/pid value
+filter_ns() {
+       local cur_ns=$(resolvesymlink /proc/$$/ns/pid)
+       [ "$cur_ns" ] || return 1
+
+       local pid ns pids=""
+       for pid in "$@"; do
+               ns=$(resolvesymlink /proc/$pid/ns/pid)
+               # add if matches current pid namespace
+               # also add if empty ns found (for dead pids?) FIXME
+               if [ -z "$ns" -o "$ns" = "$cur_ns" ]; then
+                       pids="$pids $pid"
+               fi
+       done
+       echo $pids
+       return 0
+}
+
  # Usage:
  # run_cmd Message command_to_run
  # run_cmd -a Message command_to_run
@@ -932,7 +959,7 @@ pidofproc() {
  
         # Next try "pidof"
         [ -z "$pid" ] && pidof -o $$ -o $PPID -o %PPID -x "$1"
-       pid=$(filter_chroot "$pid")
+       pid=$(filter_chroot $pid)
         echo $pid
  }
  
@@ -964,7 +991,7 @@ status() {
         else
                 pid=$(pidof -o $$ -o $PPID -o %PPID -x $daemon)
         fi
-       pid=$(filter_chroot "$pid")
+       pid=$(filter_chroot $pid)
  
         if [ "$pid" ]; then
                 cpuset_msg="..."
@@ -983,7 +1010,7 @@ status() {
         local base=${daemon##*/}
         if [ -z "$pidfile" -a -f /var/run/${base}.pid ]; then
                 read pid < /var/run/${base}.pid
-               pid=$(filter_chroot "$pid")
+               pid=$(filter_chroot $pid)
                 if [ "$pid" ]; then
                         nls "%s dead but pid file (%s) exists" "$subsys" /var/run/${base}.pid
                         return 1
author	Elan Ruusamäe <glen@delfi.ee>
	Wed, 20 Nov 2013 10:18:01 +0000 (12:18 +0200)
committer	Elan Ruusamäe <glen@delfi.ee>
	Wed, 20 Nov 2013 10:18:01 +0000 (12:18 +0200)