Public bug reported:
Environments:
System: zesty
libvirt version: 2.5.0-3ubuntu5
vm rootfs release: ubuntu:16.04
Reproduce:
1. Run command "virsh -c lxc:// start vm" and the release of vm is xenial
2. Run command "pa aux|grep init" ,you would find the pid of init launch by vm.
3. Run command "virsh -c lxc:// destroy vm".
4. Run command "virsh -c lxc:// list --all" and "ps aux|grep init" ,you could
find that vm is shutoff, but the init process launch by vm is still running.
Infact I have found the case of this bug, there is a patch after 1.3.1
that import this bug.
-------------------------------------------------------------
Commit: dc576025c360a1d2c89da410d0f3f0da55d0143f [dc57602]
Parents: 511e7c5bba
Author: Daniel P. Berrange <berra...@redhat.com>
Date: 2016年1月23日 GMT+8 上午12:07:18
Commit Date: 2016年1月27日 GMT+8 上午12:11:32
lxc: don't try to hide parent cgroups inside container
-------------------------------------------------------------
Cgroups inside container does't hide parent, so the process of container can
change it own cgroup to another cgroup.
lxc destroy process by read cgroup tasks file,if process change it own
cgroup,it can't destroy container process normally.
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: Confirmed
** Changed in: libvirt (Ubuntu)
Status: New => Confirmed
** Description changed:
Environments:
System: zesty
libvirt version: 2.5.0-3ubuntu5
vm rootfs release: ubuntu:16.04
Reproduce:
1. Run command "virsh -c lxc:// start vm" and the release of vm is xenial
2. Run command "pa aux|grep init" ,you would find the pid of init launch by
vm.
3. Run command "virsh -c lxc:// destroy vm".
- 4. Run command "virsh -c lxc:// list --all" and "ps aux|grep init" ,you would
find that vm is
- shutoff, but the init process launch by vm is still running.
+ 4. Run command "virsh -c lxc:// list --all" and "ps aux|grep init" ,you could
find that vm is shutoff, but the init process launch by vm is still running.
- Infact I have found the case of this bug, there is a patch after 1.3.1 that
import this bug.
- Cgroups inside container does't hide parent, so the process of container can
change it own cgroup to another cgroup.
- lxc destroy process by read cgroup tasks file,if process change it own
cgroup,it can't destroy container process normally.
+ Infact I have found the case of this bug, there is a patch after 1.3.1
+ that import this bug.
+ -------------------------------------------------------------
Commit: dc576025c360a1d2c89da410d0f3f0da55d0143f [dc57602]
Parents: 511e7c5bba
Author: Daniel P. Berrange <berra...@redhat.com>
Date: 2016年1月23日 GMT+8 上午12:07:18
Commit Date: 2016年1月27日 GMT+8 上午12:11:32
lxc: don't try to hide parent cgroups inside container
+ -------------------------------------------------------------
+
+ Cgroups inside container does't hide parent, so the process of container can
change it own cgroup to another cgroup.
+ lxc destroy process by read cgroup tasks file,if process change it own
cgroup,it can't destroy container process normally.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1709224
Title:
libvirt lxc can't stop all process when destroy vm.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1709224/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
