Skip to content

Commit

Permalink
kill all processes in container without private ps ns
Browse files Browse the repository at this point in the history 
Signed-off-by: lifubang <[email protected]>
  • Loading branch information
@lifubang
lifubang committed Oct 2, 2023
1 parent ee45b9b commit c30faf4
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions libcontainer/container_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,10 @@ func (c *Container) Signal(s os.Signal) error {
// To avoid a PID reuse attack, don't kill non-running container.
switch status {
case Running, Created, Paused:
case Stopped:
if c.config.Namespaces.IsPrivate(configs.NEWPID) || !c.cgroupManager.Exists() {
return ErrNotRunning
}
default:
return ErrNotRunning
}
Expand Down

0 comments on commit c30faf4

Please sign in to comment.