a5ae485fa6
A node's private mounts are currently removed before killing vnoded, which makes them unavailable during container service shutdown. Any such service accessing the filesystem for atexit() cleanup (e.g., rsyslogd), will do so on the host filesystem instead, very likely causing unintended damage. For example, the default behavior of rsyslogd is to remove its listening socket (/dev/log, or /run/systemd/journal/dev-log) at shutdown from its atexit() handler. If the node's private '/dev' or '/run/systemd/journal' mount has already been removed, the host-side /dev/log or /run/systemd/journal/dev-log sockets will be removed instead! Since non-persistent (mount) namespaces are automatically destroyed by the kernel when the last process referencing them is killed, we should simply rely on that behavior instead of explicitly (and prematurely) unmounting a node's private directories during shutdown. Signed-off-by: Gabriel Somlo <glsomlo@cert.org> |
||
|---|---|---|
| .. | ||
| core | ||
| data | ||
| doc | ||
| examples | ||
| ns3 | ||
| sbin | ||
| src | ||
| tests | ||
| .gitignore | ||
| CORE.e4p | ||
| Makefile.am | ||
| MANIFEST.in | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test.py | ||