From 2026161f6e1e05c7b52aaaa0aae177295ddfd43d Mon Sep 17 00:00:00 2001 From: jianghao53 Date: Mon, 18 Nov 2024 19:47:46 +0800 Subject: [PATCH] The state.json should be generated prior to the creation of the cgroup. --- libcontainer/process_linux.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index fcbb54a3e41..46367c62a98 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -561,6 +561,13 @@ func (p *initProcess) start() (retErr error) { } }() + // A SIGKILL can happen at any time, and without the state.json, + // the 'runc delete --force' command won't be able to clear the cgroup. + _, err = p.container.updateState(p) + if err != nil { + return fmt.Errorf("unable to store init state: %w", err) + } + // Do this before syncing with child so that no children can escape the // cgroup. We don't need to worry about not doing this and not being root // because we'd be using the rootless cgroup manager in that case.