Web lists-archives.com

Re: /lib/lsb/init-functions on LXC servers




	Hi.

On Fri, Feb 02, 2018 at 11:35:04AM +0100, Harald Dunkel wrote:
> Hi folks,
> 
> I see a weird effect of pidofproc (defined in /lib/lsb/init-functions):
> If there is no local daemon with a given search path running, then it
> returns the PIDs the daemons running in the LXC containers. AFAICT this
> affects the startup scripts of
> 
> 	apache2
> 	opensmtpd
> 	rpcbind
> 
> and maybe others. #888743
> 
> Is this just me? Can anybody reproduce?

No, it's everyone. That's the problematic part of this script:

       # pid file doesn't exist, try to find the pid nevertheless
       if [ -x /bin/pidof ] && [ ! "$specified" ]; then
         status="0"
         /bin/pidof -o %PPID -x $1 || status="$?"

With those arguments pidof finds each and every process regardless of
which mount namespace (aka container) they belong to.

In the case of LXC, adding "-c" switch to pidof should solve this issue.
Maybe. I'm unsure. I did not consider all the cornercases.

The way I see it, a correct way of solving this is to rewrite
problematic part altogether:

       # pid file doesn't exist, try to find the pid nevertheless
       if [ -x /usr/bin/pgrep ] && [ ! "$specified" ]; then
         status="0"
         /usr/bin/pgrep --ns 1 -f $1 || status="$?"

But that opens several can of worms at once: extra dependencies, binary
in /usr, etc.

Reco