From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 23825 invoked from network); 9 Oct 2020 17:54:46 -0000
Received: from alyss.skarnet.org (95.142.172.232)
  by inbox.vuxu.org with ESMTPUTF8; 9 Oct 2020 17:54:46 -0000
Received: (qmail 15510 invoked by uid 89); 9 Oct 2020 17:55:12 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
Sender: <supervision@list.skarnet.org>
Precedence: bulk
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Id: <supervision.list.skarnet.org>
Received: (qmail 15503 invoked from network); 9 Oct 2020 17:55:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.us; h=
	mime-version:message-id:date:from:to:subject:content-type; s=
	fm1; bh=odNhPt/mVxS55/JCmA4QRtQkLe2XBP4iwXyGPACUZnI=; b=C/SOV0Gx
	0Tjb1sT8popIT4y0mEtzcjEUWS1ZF+PaEZtzLRg+n9ugSbSOy+83/CqXSLzb6N65
	TsP9+t5KNg7IOSt9dq/d/TsU4DycvAEe8cburwJ2JYvBg8lB66Ne5gjP9fAp5JoV
	s4RoAbb9/jU2THf7oi8pF/7ktPnU8rH2e4ol+0PB+9GTV0wpfJDwfSwtyYU58mmb
	wq6VpbS5xY4Est3J7EiRUpIyV2lLDqHj9Eejqg8p5Id+r39ANWsBFU6ToPyfXFcC
	jirND7GMWOzjABIvA5edMrHDgfJYzl1dTynFC8aBq2UbsnnqwZ5P50Yuyz/Lul8z
	aKGOVFdNb1B2HA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-type:date:from:message-id
	:mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm1; bh=odNhPt/mVxS55/JCmA4QRtQkLe2XB
	P4iwXyGPACUZnI=; b=ZkNbWSL0BuGmCZmhTG9jE1+oAMuOhw7xAyucSprtQ2oM0
	ceEcgs4hliBwQpK9AGxRM2jwX8kNvswm/F4bq2m7GfOgraGsw2DZiboOtLL2Vupg
	xZIQbnDC6C2MXbzHVM0OVwYUzFYKehcZOJioX8op7zACJe+YwLN4OEK41+0sw90W
	P4+S3DMaSFJGp914lm8IAtt+9o3oNh/WtPYOHhyTY4Zms9asKYn68SXIxcgxT8Mt
	mi28f6KfI2Otmof0GHeptT653ytZFewr3yeV4siolq7FjVkgeWhHkBCbYV5YFPIM
	TZyGfIAsYjz8U7e0aRpapCIZKDx9xgp6v3scpDFFQ==
X-ME-Sender: <xms:46OAXyYBMsbWaE73D658UGPS9Xe9JqmqjKX_bDh5AKaQk1d6KLRJiQ>
    <xme:46OAX1a9UJszdaj-g9-VZGIUhZKi3z-vuHD3OisoYJSnwmQGT3KQNZQ6SXfE5Tfum
    ZPtnu04iywRZsMjfA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrhedugdduvddtucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd
    erredtnecuhfhrohhmpeftrghulhcuoehpkhhgshhrtgduvdeksehfrghsthhmrghilhdr
    uhhsqeenucggtffrrghtthgvrhhnpeekvdffhffhteeludeuvdehuddvffegudeiueetud
    elieeutdetkefhfffgtdeuueenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep
    mhgrihhlfhhrohhmpehpkhhgshhrtgduvdeksehfrghsthhmrghilhdruhhs
X-ME-Proxy: <xmx:46OAX885JMIwtheuP3My_rfaL8KQ-9Opkw2z1nimlPfSzSeqxMnvSg>
    <xmx:46OAX0oDFEfF22QymtoxQdeNwBdK6dl6PPcSyRki_huQzxLJVmRx3g>
    <xmx:46OAX9qm9a6CpApKOyyRFiJswuG7rzSM1mO-qAGmaxsWxKqZy8Idvg>
    <xmx:46OAX60q9-sukEIqSmw_sSbB4TnUtA4HkvuWDau5Br-DOLjJ4tQvnA>
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-407-g461656c-fm-20201004.001-g461656c6
Mime-Version: 1.0
x-forwarded-message-id: 
 <f08fd32f-c3d7-419e-a3e0-7673078616eb@www.fastmail.com>
Message-Id: <2725dea8-7bc6-47d4-b9a3-3fd372644392@www.fastmail.com>
Date: Fri, 09 Oct 2020 11:54:21 -0600
From: Raul <pkgsrc128@fastmail.us>
To: supervision@list.skarnet.org
Subject: runit-init inside docker container
Content-Type: text/plain

Hello,
I was trying to get runit-init working inside a docker container as PID 1. The problem I'm running into is shutting down runit. I have the ctrlaltdel handler configured to `touch /etc/runint/stopit` && chmod 100. This causes runit to execute stage 3, and then try to `reboot_system(RB_POWER_OFF);` followed by `reboot_system(RB_HALT_SYSTEM);`.

Using strace I can see that the reboot_system calls are failing:

> write(2, "- runit: sending KILL signal to "..., 49) = 49
> kill(-1, SIGKILL)                       = -1 ESRCH (No such process)
> clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDstrace: Process 838211 attached
 > <unfinished ...>
> [pid 838211] stat("/etc/runit/reboot",  <unfinished ...>
> [pid 826923] <... clone resumed>, child_tidptr=0x7f217fdff810) = 1351
> [pid 838211] <... stat resumed>0x7fffd71a8880) = -1 ENOENT (No such file or directory)
> [pid 826923] rt_sigprocmask(SIG_UNBLOCK, [CHLD],  <unfinished ...>
> [pid 838211] write(2, "- runit: power off...\n", 22 <unfinished ...>
> [pid 826923] <... rt_sigprocmask resumed>NULL, 8) = 0
> [pid 838211] <... write resumed>)       = 22
> [pid 826923] wait4(1351,  <unfinished ...>
> [pid 838211] sync()                     = 0
> [pid 838211] reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_POWER_OFF) = -1 EPERM (Operation not permitted)
> [pid 838211] clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=2, tv_nsec=0}, 0x7fffd71a87f0) = 0
> [pid 838211] write(2, "- runit: system halt.\n", 22) = 22
> [pid 838211] sync()                     = 0
> [pid 838211] reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_HALT) = -1 EPERM (Operation not permitted)
> [pid 838211] exit_group(0)              = ?
> [pid 838211] +++ exited with 0 +++
> <... wait4 resumed>NULL, 0, NULL)       = 1351
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1351, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
> write(4, "\0", 1)                       = 1
> rt_sigreturn({mask=[HUP INT PIPE ALRM TERM CONT]}) = 1351
> rt_sigsuspend([], 8)                    = ? ERESTARTNOHAND (To be restarted if no handler)
> --- SIGURG {si_signo=SIGURG, si_code=SI_USER, si_pid=0, si_uid=0} ---


Trying /etc/runit/reboot, the LINUX_REBOOT_CMD_RESTART call also fails:

> write(2, "- runit: sending KILL signal to "..., 49) = 49
> kill(-1, SIGKILL)                       = -1 ESRCH (No such process)
> clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDstrace: Process 843128 attached
> , child_tidptr=0x7f64972e7810) = 57
> [pid 842660] rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
> [pid 842660] wait4(57,  <unfinished ...>
> [pid 843128] stat("/etc/runit/reboot", {st_mode=S_IFREG|0100, st_size=0, ...}) = 0
> [pid 843128] write(2, "- runit: system reboot.\n", 24) = 24
> [pid 843128] sync()                     = 0
> [pid 843128] reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART) = -1 EPERM (Operation not permitted)
> [pid 843128] exit_group(0)              = ?
> [pid 843128] +++ exited with 0 +++
> <... wait4 resumed>NULL, 0, NULL)       = 57
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
> write(4, "\0", 1)                       = 1
> rt_sigreturn({mask=[HUP INT PIPE ALRM TERM CONT]}) = 57
> rt_sigsuspend([], 8

I think the correct behavior when running inside a PID namespace might be to `return`. We can determine if we are running inside a PID namespace if `/proc/1/ns/pid` exists.

> 5437036aeb1f / # stat /proc/1/ns/pid
>   File: /proc/1/ns/pid -> pid:[4026532181]

Outside of a pid namespce, the symlink doesn't exist.

I tried the following patch and runit now exits the container correctly:

--- src/runit.orig.c    2020-10-09 14:39:30.334482968 -0000
+++ src/runit.c 2020-10-09 14:45:58.457307181 -0000
@@ -299,6 +299,12 @@
   strerr_warn2(INFO, "sending KILL signal to all processes...", 0);
   kill(-1, SIGKILL);

+  /* If running in a PID namespace all we can do is exit */
+  if (stat("/proc/self/ns/pid", &s) != -1) {
+    strerr_warn2(INFO, "Exiting.", 0);
+    return(0);
+  }
+
   pid =fork();
   switch (pid) {
   case  0:

What are the thoughts on integrating this patch or something like it?