Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jun 2016 12:29:26 +0200
From: Natanael Copa <ncopa@...inelinux.org>
To: Karl Böhlmark <karl.bohlmark@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: abort() fails to terminate PID 1 process

On Sat, 18 Jun 2016 22:32:23 +0200
Karl Böhlmark <karl.bohlmark@...il.com> wrote:

> Hi!
> 
> After running alpine-linux based docker containers for a while we noticed
> some problematic behaviour when one of our services had a memory leak
> causing the process to abort.
> 
> Instead of getting abnormal process termination we were seeing the process
> hanging at 100% cpu.
> 
> A minimal reproduction of this issue is to run
> 
> #include <stdlib.h>
> int main ()
> {
> abort();
> }
> 
> with "unshare --fork --pid" so that it runs as PID 1 in it's own PID
> namespace.
> 
> Would it be reasonable to add a fallback strategy in abort() for
> terminating processes when the signals don't have any effect?

A workaround is to run your service under a minimalistic init like tini
https://github.com/krallin/tini

Then your application will no longer run as pid 1.

-nc

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.