From ecf53c23545092019602578583031c28fde4d2a1 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 25 May 2018 18:04:06 +0200
Subject: [PATCH] sd-notify: do not hang when NOTIFY_SOCKET is used with create

if NOTIFY_SOCKET is used, do not block the main runc process waiting
for events on the notify socket.  Change the logic to create a new
process that monitors exclusively the notify socket until an event is
received.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 init.go          |  12 +++++++
 notify_socket.go | 101 ++++++++++++++++++++++++++++++++++++++++++++++---------
 signals.go       |   5 +--
 3 files changed, 99 insertions(+), 19 deletions(-)

diff --git a/init.go b/init.go
index c8f453192..6a3d9e91c 100644
--- a/init.go
+++ b/init.go
@@ -20,6 +20,18 @@ var initCommand = cli.Command{
 	Name:  "init",
 	Usage: `initialize the namespaces and launch the process (do not call it outside of runc)`,
 	Action: func(context *cli.Context) error {
+		// If NOTIFY_SOCKET is used create a new process that stays around
+		// so to not block "runc start".  It will automatically exits when the
+		// container notifies that it is ready, or when the container is deleted
+		if os.Getenv("_NOTIFY_SOCKET_FD") != "" {
+			fd := os.Getenv("_NOTIFY_SOCKET_FD")
+			pid := os.Getenv("_NOTIFY_SOCKET_PID")
+			hostNotifySocket := os.Getenv("_NOTIFY_SOCKET_HOST")
+			notifySocketPath := os.Getenv("_NOTIFY_SOCKET_PATH")
+			notifySocketInit(fd, pid, hostNotifySocket, notifySocketPath)
+			os.Exit(0)
+		}
+
 		factory, _ := libcontainer.New("")
 		if err := factory.StartInitialization(); err != nil {
 			// as the error is sent back to the parent there is no need to log
diff --git a/notify_socket.go b/notify_socket.go
index cd6c0a989..e04e9d660 100644
--- a/notify_socket.go
+++ b/notify_socket.go
@@ -6,10 +6,13 @@ import (
 	"bytes"
 	"fmt"
 	"net"
+	"os"
+	"os/exec"
 	"path/filepath"
+	"strconv"
+	"time"
 
 	"github.com/opencontainers/runtime-spec/specs-go"
-
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
@@ -64,24 +67,94 @@ func (s *notifySocket) setupSocket() error {
 	return nil
 }
 
+func (notifySocket *notifySocket) notifyNewPid(pid int) {
+	notifySocketHostAddr := net.UnixAddr{Name: notifySocket.host, Net: "unixgram"}
+	client, err := net.DialUnix("unixgram", nil, &notifySocketHostAddr)
+	if err != nil {
+		return
+	}
+	newPid := fmt.Sprintf("MAINPID=%d\n", pid)
+	client.Write([]byte(newPid))
+}
+
 // pid1 must be set only with -d, as it is used to set the new process as the main process
 // for the service in systemd
 func (notifySocket *notifySocket) run(pid1 int) {
-	buf := make([]byte, 512)
-	notifySocketHostAddr := net.UnixAddr{Name: notifySocket.host, Net: "unixgram"}
-	client, err := net.DialUnix("unixgram", nil, &notifySocketHostAddr)
+	file, err := notifySocket.socket.File()
 	if err != nil {
 		logrus.Error(err)
 		return
 	}
-	for {
-		r, err := notifySocket.socket.Read(buf)
-		if err != nil {
-			break
+	defer file.Close()
+	defer notifySocket.socket.Close()
+
+	cmd := exec.Command("/proc/self/exe", "init")
+	cmd.ExtraFiles = []*os.File{file}
+	cmd.Env = append(cmd.Env, "_NOTIFY_SOCKET_FD=3",
+		fmt.Sprintf("_NOTIFY_SOCKET_PID=%d", pid1),
+		fmt.Sprintf("_NOTIFY_SOCKET_HOST=%s", notifySocket.host),
+		fmt.Sprintf("_NOTIFY_SOCKET_PATH=%s", notifySocket.socketPath))
+
+	if err := cmd.Start(); err != nil {
+		logrus.Fatal(err)
+	}
+	notifySocket.notifyNewPid(cmd.Process.Pid)
+	cmd.Process.Release()
+}
+
+func notifySocketInit(envFd string, envPid string, notifySocketHost string, notifySocketPath string) {
+	intFd, err := strconv.Atoi(envFd)
+	if err != nil {
+		return
+	}
+	pid1, err := strconv.Atoi(envPid)
+	if err != nil {
+		return
+	}
+
+	file := os.NewFile(uintptr(intFd), "unixgram")
+	defer file.Close()
+
+	fileChan := make(chan []byte)
+	exitChan := make(chan bool)
+
+	go func() {
+		for {
+			buf := make([]byte, 512)
+			r, err := file.Read(buf)
+			if err != nil {
+				return
+			}
+			fileChan <- buf[0:r]
 		}
-		var out bytes.Buffer
-		for _, line := range bytes.Split(buf[0:r], []byte{'\n'}) {
-			if bytes.HasPrefix(line, []byte("READY=")) {
+	}()
+	go func() {
+		for {
+			if _, err := os.Stat(notifySocketPath); os.IsNotExist(err) {
+				exitChan <- true
+				return
+			}
+			time.Sleep(time.Second)
+		}
+	}()
+
+	notifySocketHostAddr := net.UnixAddr{Name: notifySocketHost, Net: "unixgram"}
+	client, err := net.DialUnix("unixgram", nil, &notifySocketHostAddr)
+	if err != nil {
+		return
+	}
+
+	for {
+		select {
+		case <-exitChan:
+			return
+		case b := <-fileChan:
+			for _, line := range bytes.Split(b, []byte{'\n'}) {
+				if !bytes.HasPrefix(line, []byte("READY=")) {
+					continue
+				}
+
+				var out bytes.Buffer
 				_, err = out.Write(line)
 				if err != nil {
 					return
@@ -98,10 +171,8 @@ func (notifySocket *notifySocket) run(pid1 int) {
 				}
 
 				// now we can inform systemd to use pid1 as the pid to monitor
-				if pid1 > 0 {
-					newPid := fmt.Sprintf("MAINPID=%d\n", pid1)
-					client.Write([]byte(newPid))
-				}
+				newPid := fmt.Sprintf("MAINPID=%d\n", pid1)
+				client.Write([]byte(newPid))
 				return
 			}
 		}
diff --git a/signals.go b/signals.go
index 1811de837..d0988cb39 100644
--- a/signals.go
+++ b/signals.go
@@ -70,7 +70,7 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach
 			h.notifySocket.run(pid1)
 			return 0, nil
 		} else {
-			go h.notifySocket.run(0)
+			h.notifySocket.run(os.Getpid())
 		}
 	}
 
@@ -98,9 +98,6 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach
 					// status because we must ensure that any of the go specific process
 					// fun such as flushing pipes are complete before we return.
 					process.Wait()
-					if h.notifySocket != nil {
-						h.notifySocket.Close()
-					}
 					return e.status, nil
 				}
 			}