From: Grzegorz Nosek <root-AfQBxy1nhrQ00sYp1HPQUA@public.gmane.org>
To: Matt Helsley <matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Roland McGrath <roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: Testing lxc 0.6.5 in Fedora 13
Date: Thu, 25 Mar 2010 22:33:56 +0100 [thread overview]
Message-ID: <20100325213356.GB20541@megiteam.pl> (raw)
In-Reply-To: <20100323212834.GH20796-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
On wto, mar 23, 2010 at 02:28:34 -0700, Matt Helsley wrote:
> On Sun, Mar 21, 2010 at 08:50:44PM +0100, Grzegorz Nosek wrote:
>
> <snip>
>
> > 2. Weird strace behaviour across pidns boundary
> >
> > When strace'ing (with -ff) lxc-start, I get a proper strace for the
> > directly spawned process and the container init. However, any processes
> > spawned by the container's init are not straced properly (I get two
> > empty files, named <foo>.<pid-in-root-ns> and <foo>.2 -- presumably pid
> > inside the container). The container also seems to malfunction under
> > strace (looks like exec() failing as lxc-ps shows two "init" processes).
> >
> > This is quite painful as it prevents strace'ing processes in containers
> > even after startup. Here's a snippet of strace'ing a bash (pid 179
> > inside, pid 2959 outside) trying to run 'ls'. The shell hangs until I
> > kill the strace process.
> >
> > pipe([3, 4]) = 0
> > clone(Process 197 attached
> > child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7859708) = 197
> > Process 2999 attached (waiting for parent)
> > [pid 2959] setpgid(197, 197) = 0
> > [pid 2959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > [pid 2959] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> > [pid 2959] close(3) = 0
> > [pid 2959] close(4) = 0
> > [pid 2959] rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [CHLD], 8) = 0
> > [pid 2959] ioctl(255, TIOCSPGRP, [197]) = 0
> > [pid 2959] rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0
> > [pid 2959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> > [pid 2959] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> > [pid 2959] waitpid(-1, Process 2959 suspended
> > ^C <unfinished ...>
> > Process 2959 detached
> > Process 197 detached
> > Process 2999 detached
> >
> > 'strace ls' ran completely inside the container works as expected.
>
> I'm suprised strace of ls works across pid namespaces. I've been looking
> at strace and it seemed to me that one kernel change and a bunch of strace
> changes are needed to make strace'ing in child pid namespaces work. Eric
> Biederman's setns() patches also might help.
Thanks for the patch and the detailed explanation.
> Can you get a little farther with the kernel fix below?
No, not really. Attaching from outside to a shell running in a container
and running a command yields:
| rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
| pipe([3, 4]) = 0
| clone(Process 2581 attached (waiting for parent)
| Process 190 attached
Without the patch the order of reported pids is reversed (and at least
with the patched kernel the outside pid is consistently reported first)
| child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7713708) = 190
| [pid 2549] setpgid(190, 190) = 0
| [pid 2549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
| [pid 2549] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
| [pid 2549] close(3) = 0
| [pid 2549] close(4) = 0
| [pid 2549] rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [CHLD], 8) = 0
| [pid 2549] ioctl(255, TIOCSPGRP, [190]) = 0
| [pid 2549] rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0
| [pid 2549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
| [pid 2549] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
| [pid 2549] waitpid(-1, Process 2549 suspended
(the shell hangs here)
^C <unfinished ...>
| Process 2549 detached
| Process 2581 detached
| Process 190 detached
(the command executes here normally).
Best regards,
Grzegorz Nosek
next prev parent reply other threads:[~2010-03-25 21:33 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-21 19:50 Testing lxc 0.6.5 in Fedora 13 Grzegorz Nosek
[not found] ` <20100321195044.GA23757-yp6mvK3Bdd2rDJvtcaxF/A@public.gmane.org>
2010-03-23 21:28 ` Matt Helsley
[not found] ` <20100323212834.GH20796@count0.beaverton.ibm.com>
[not found] ` <20100323212834.GH20796-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-03-24 9:25 ` Greg Kurz
2010-03-25 21:33 ` Grzegorz Nosek [this message]
[not found] ` <20100325213356.GB20541-yp6mvK3Bdd2rDJvtcaxF/A@public.gmane.org>
2010-03-26 11:11 ` Oleg Nesterov
[not found] ` <20100326111131.GA8604@redhat.com>
[not found] ` <20100326111131.GA8604-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-03-26 11:32 ` Grzegorz Nosek
2010-03-26 11:53 ` Matt Helsley
[not found] ` <20100326113201.GB17113@megiteam.pl>
[not found] ` <20100326113201.GB17113-yp6mvK3Bdd2rDJvtcaxF/A@public.gmane.org>
2010-03-26 12:00 ` Oleg Nesterov
[not found] ` <20100326120028.GA11311@redhat.com>
[not found] ` <20100326120028.GA11311-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-03-26 12:46 ` Matt Helsley
[not found] ` <20100326124619.GC3345@count0.beaverton.ibm.com>
[not found] ` <20100326124619.GC3345-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-03-26 13:34 ` Oleg Nesterov
[not found] ` <20100326115357.GA3345@count0.beaverton.ibm.com>
[not found] ` <20100326115357.GA3345-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-03-26 12:45 ` Grzegorz Nosek
[not found] ` <20100326124522.GD17113@megiteam.pl>
[not found] ` <20100326124522.GD17113-yp6mvK3Bdd2rDJvtcaxF/A@public.gmane.org>
2010-03-26 12:54 ` Matt Helsley
2010-03-26 13:47 ` Oleg Nesterov
[not found] ` <20100326125459.GD3345@count0.beaverton.ibm.com>
[not found] ` <20100326125459.GD3345-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-03-26 13:56 ` Oleg Nesterov
[not found] ` <20100326134709.GB15790@redhat.com>
[not found] ` <20100326134709.GB15790-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-04-06 3:44 ` Roland McGrath
[not found] ` <20100406034443.8B40ED477@magilla.sf.frob.com>
[not found] ` <20100406034443.8B40ED477-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-04-06 13:53 ` Matt Helsley
[not found] ` <20100406135345.GC3345@count0.beaverton.ibm.com>
[not found] ` <20100406135345.GC3345-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-04-06 14:36 ` Oleg Nesterov
2010-04-06 15:13 ` Eric W. Biederman
[not found] ` <20100406143635.GA12315@redhat.com>
[not found] ` <20100406143635.GA12315-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-04-06 15:17 ` Eric W. Biederman
[not found] ` <m1vdc48vhy.fsf@fess.ebiederm.org>
[not found] ` <m1vdc48vhy.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-04-06 15:29 ` Matt Helsley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100325213356.GB20541@megiteam.pl \
--to=root-afqbxy1nhrq00syp1hpqua@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox