This fixes the incorrect kill handling introduced in
b76f8c0248. We need to send the
SIGKILL to the in-container process, not the runc process. This patch
adds an abstraction over the kill handling:
* for `runc run` processes use `runc kill`
* for `runc exec` processes, read pid (in host PID namespace) from
pidfile created by `runc exec`, then send the signal directly to
that process.
Also use the kill abstraction when we receive a SIGKILL over the
signal channel for containers created by gateway NewContainer
Signed-off-by: coryb <cbennett@netflix.com>
This patch makes the process handling consistent between runc.Run and
runc.Exec usage. Previously runc.Run would use context.Background
for the runc.Run process and would monitor the request context for
shutdown requests, sending a SIGKILL to the container pid1 process. This
allowed runc.Run to gracefully shutdown and reap child processes. This
logic was not used for runc.Exec where instead we were passing in the
request context to runc.Exec, and if that request context was cancelled
the runc process would immediately terminate preventing runc from reaping
the child process. In this scenario the extra pid will remain forever
and then when the pid1 process will get wedged in zap_pid_ns_processes
syscall upon shutdown waiting fo the zombie pid to exit.
With this fix both runc.Run and runc.Exec will use context.Background
for runc processes and monitor the request context for shutdown request
triggering a SIGKILL to the pid being monitored by runc.
Signed-off-by: coryb <cbennett@netflix.com>
