From 2377617fb19b0ca0e1fd4321068fab8fadc859ba Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Mon, 13 Feb 2023 15:11:19 +0800
Subject: [PATCH] runc:Make sure signalAllProcesses is invoked in the function
 of destroy when container shares pid namespace

---
 git-commit                                    |  2 +-
 ...AllProcesses-is-invoked-in-the-funct.patch | 40 +++++++++++++++++++
 runc.spec                                     |  8 +++-
 series.conf                                   |  1 +
 4 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 patch/0135-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch

diff --git a/git-commit b/git-commit
index 993b1a1..e73249e 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-488a807caede978cbaa888f1854bb38207a573b6
+c4222ffdffcf68669ae4a8c82d760d070ab07d93
diff --git a/patch/0135-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch b/patch/0135-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch
new file mode 100644
index 0000000..3a62b5b
--- /dev/null
+++ b/patch/0135-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch
@@ -0,0 +1,40 @@
+From 45ca12f818735aa098a4d832d5b23c480adc37ce Mon Sep 17 00:00:00 2001
+From: Shukui Yang <keloyangsk@gmail.com>
+Date: Fri, 12 Jul 2019 09:54:52 +0800
+Subject: [PATCH] Make sure signalAllProcesses is invoked in the function of
+ destroy
+
+It's expect that signalAllProcesses is invoked when container shares
+pid namespace. share pid ns contains the following conditions:
+
+{
+    // no specify pid ns
+}
+{
+    "type": "pid",
+    "path": "/proc/${num}/ns/pid"
+}
+
+Signed-off-by: Shukui Yang <jryangshukui@jd.com>
+Signed-off-by: Shukui Yang <keloyangsk@gmail.com>
+---
+ libcontainer/state_linux.go | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go
+index b570a244..c77d4f2d 100644
+--- a/libcontainer/state_linux.go
++++ b/libcontainer/state_linux.go
+@@ -38,7 +38,8 @@ type containerState interface {
+ }
+ 
+ func destroy(c *linuxContainer) error {
+-	if !c.config.Namespaces.Contains(configs.NEWPID) {
++	if !c.config.Namespaces.Contains(configs.NEWPID) ||
++		c.config.Namespaces.PathOf(configs.NEWPID) != "" {
+ 		if err := signalAllProcesses(c.cgroupManager, syscall.SIGKILL); err != nil {
+ 			logrus.Warn(err)
+ 		}
+-- 
+2.33.0
+
diff --git a/runc.spec b/runc.spec
index 55383b5..f173b40 100644
--- a/runc.spec
+++ b/runc.spec
@@ -4,7 +4,7 @@
 
 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 306
+Release: 307
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -53,6 +53,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Mon Feb 13 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-307
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Make sure signalAllProcesses is invoked in the function of destroy when container shares pid namespace
+
 * Sat Dec 17 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-306
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index 7ad17aa..8a1aae5 100644
--- a/series.conf
+++ b/series.conf
@@ -132,4 +132,5 @@ patch/0131-runc-save-state-atomic.patch
 patch/0132-runc-change-Umask-to-0022.patch
 patch/0133-runc-fix-systemd-cgroup-after-memory-type-changed.patch
 patch/0134-runc-support-specify-umask.patch
+patch/0135-Make-sure-signalAllProcesses-is-invoked-in-the-funct.patch
 #end
-- 
Gitee