95b1d4
From dfb3496c174377b860b62872ce6af951364cc3ac Mon Sep 17 00:00:00 2001
95b1d4
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
95b1d4
Date: Tue, 12 Dec 2017 13:22:42 +0530
95b1d4
Subject: [PATCH] Revert "Apply cgroups earlier"
95b1d4
95b1d4
This reverts commit 7062c7556b71188abc18d7516441ff4b03fbc1fc.
95b1d4
---
95b1d4
 libcontainer/process_linux.go | 31 ++++++++++++++-----------------
95b1d4
 1 file changed, 14 insertions(+), 17 deletions(-)
95b1d4
95b1d4
diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
95b1d4
index 149b1126..b8a395af 100644
95b1d4
--- a/libcontainer/process_linux.go
95b1d4
+++ b/libcontainer/process_linux.go
95b1d4
@@ -272,6 +272,20 @@ func (p *initProcess) start() error {
95b1d4
 		p.process.ops = nil
95b1d4
 		return newSystemErrorWithCause(err, "starting init process command")
95b1d4
 	}
95b1d4
+	if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil {
95b1d4
+		return newSystemErrorWithCause(err, "copying bootstrap data to pipe")
95b1d4
+	}
95b1d4
+	if err := p.execSetns(); err != nil {
95b1d4
+		return newSystemErrorWithCause(err, "running exec setns process for init")
95b1d4
+	}
95b1d4
+	// Save the standard descriptor names before the container process
95b1d4
+	// can potentially move them (e.g., via dup2()).  If we don't do this now,
95b1d4
+	// we won't know at checkpoint time which file descriptor to look up.
95b1d4
+	fds, err := getPipeFds(p.pid())
95b1d4
+	if err != nil {
95b1d4
+		return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid())
95b1d4
+	}
95b1d4
+	p.setExternalDescriptors(fds)
95b1d4
 	// Do this before syncing with child so that no children can escape the
95b1d4
 	// cgroup. We don't need to worry about not doing this and not being root
95b1d4
 	// because we'd be using the rootless cgroup manager in that case.
95b1d4
@@ -292,23 +306,6 @@ func (p *initProcess) start() error {
95b1d4
 			}
95b1d4
 		}
95b1d4
 	}()
95b1d4
-
95b1d4
-	if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil {
95b1d4
-		return newSystemErrorWithCause(err, "copying bootstrap data to pipe")
95b1d4
-	}
95b1d4
-
95b1d4
-	if err := p.execSetns(); err != nil {
95b1d4
-		return newSystemErrorWithCause(err, "running exec setns process for init")
95b1d4
-	}
95b1d4
-
95b1d4
-	// Save the standard descriptor names before the container process
95b1d4
-	// can potentially move them (e.g., via dup2()).  If we don't do this now,
95b1d4
-	// we won't know at checkpoint time which file descriptor to look up.
95b1d4
-	fds, err := getPipeFds(p.pid())
95b1d4
-	if err != nil {
95b1d4
-		return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid())
95b1d4
-	}
95b1d4
-	p.setExternalDescriptors(fds)
95b1d4
 	if err := p.createNetworkInterfaces(); err != nil {
95b1d4
 		return newSystemErrorWithCause(err, "creating network interfaces")
95b1d4
 	}
95b1d4
-- 
95b1d4
2.14.3
95b1d4