github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/daemon/kill.go (about) 1 package daemon // import "github.com/docker/docker/daemon" 2 3 import ( 4 "context" 5 "fmt" 6 "runtime" 7 "syscall" 8 "time" 9 10 containerpkg "github.com/docker/docker/container" 11 "github.com/docker/docker/errdefs" 12 libcontainerdtypes "github.com/docker/docker/libcontainerd/types" 13 "github.com/docker/docker/pkg/signal" 14 "github.com/pkg/errors" 15 "github.com/sirupsen/logrus" 16 ) 17 18 type errNoSuchProcess struct { 19 pid int 20 signal int 21 } 22 23 func (e errNoSuchProcess) Error() string { 24 return fmt.Sprintf("Cannot kill process (pid=%d) with signal %d: no such process.", e.pid, e.signal) 25 } 26 27 func (errNoSuchProcess) NotFound() {} 28 29 // isErrNoSuchProcess returns true if the error 30 // is an instance of errNoSuchProcess. 31 func isErrNoSuchProcess(err error) bool { 32 _, ok := err.(errNoSuchProcess) 33 return ok 34 } 35 36 // ContainerKill sends signal to the container 37 // If no signal is given (sig 0), then Kill with SIGKILL and wait 38 // for the container to exit. 39 // If a signal is given, then just send it to the container and return. 40 func (daemon *Daemon) ContainerKill(name string, sig uint64) error { 41 container, err := daemon.GetContainer(name) 42 if err != nil { 43 return err 44 } 45 46 if sig != 0 && !signal.ValidSignalForPlatform(syscall.Signal(sig)) { 47 return fmt.Errorf("The %s daemon does not support signal %d", runtime.GOOS, sig) 48 } 49 50 // If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait()) 51 if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL { 52 return daemon.Kill(container) 53 } 54 return daemon.killWithSignal(container, int(sig)) 55 } 56 57 // killWithSignal sends the container the given signal. This wrapper for the 58 // host specific kill command prepares the container before attempting 59 // to send the signal. An error is returned if the container is paused 60 // or not running, or if there is a problem returned from the 61 // underlying kill command. 62 func (daemon *Daemon) killWithSignal(container *containerpkg.Container, sig int) error { 63 logrus.Debugf("Sending kill signal %d to container %s", sig, container.ID) 64 container.Lock() 65 defer container.Unlock() 66 67 if !container.Running { 68 return errNotRunning(container.ID) 69 } 70 71 var unpause bool 72 if container.Config.StopSignal != "" && syscall.Signal(sig) != syscall.SIGKILL { 73 containerStopSignal, err := signal.ParseSignal(container.Config.StopSignal) 74 if err != nil { 75 return err 76 } 77 if containerStopSignal == syscall.Signal(sig) { 78 container.ExitOnNext() 79 unpause = container.Paused 80 } 81 } else { 82 container.ExitOnNext() 83 unpause = container.Paused 84 } 85 86 if !daemon.IsShuttingDown() { 87 container.HasBeenManuallyStopped = true 88 container.CheckpointTo(daemon.containersReplica) 89 } 90 91 // if the container is currently restarting we do not need to send the signal 92 // to the process. Telling the monitor that it should exit on its next event 93 // loop is enough 94 if container.Restarting { 95 return nil 96 } 97 98 if err := daemon.kill(container, sig); err != nil { 99 if errdefs.IsNotFound(err) { 100 unpause = false 101 logrus.WithError(err).WithField("container", container.ID).WithField("action", "kill").Debug("container kill failed because of 'container not found' or 'no such process'") 102 go func() { 103 // We need to clean up this container but it is possible there is a case where we hit here before the exit event is processed 104 // but after it was fired off. 105 // So let's wait the container's stop timeout amount of time to see if the event is eventually processed. 106 // Doing this has the side effect that if no event was ever going to come we are waiting a a longer period of time uneccessarily. 107 // But this prevents race conditions in processing the container. 108 ctx, cancel := context.WithTimeout(context.TODO(), time.Duration(container.StopTimeout())*time.Second) 109 defer cancel() 110 s := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning) 111 if s.Err() != nil { 112 daemon.handleContainerExit(container, nil) 113 } 114 }() 115 } else { 116 return errors.Wrapf(err, "Cannot kill container %s", container.ID) 117 } 118 } 119 120 if unpause { 121 // above kill signal will be sent once resume is finished 122 if err := daemon.containerd.Resume(context.Background(), container.ID); err != nil { 123 logrus.Warnf("Cannot unpause container %s: %s", container.ID, err) 124 } 125 } 126 127 attributes := map[string]string{ 128 "signal": fmt.Sprintf("%d", sig), 129 } 130 daemon.LogContainerEventWithAttributes(container, "kill", attributes) 131 return nil 132 } 133 134 // Kill forcefully terminates a container. 135 func (daemon *Daemon) Kill(container *containerpkg.Container) error { 136 if !container.IsRunning() { 137 return errNotRunning(container.ID) 138 } 139 140 // 1. Send SIGKILL 141 if err := daemon.killPossiblyDeadProcess(container, int(syscall.SIGKILL)); err != nil { 142 // kill failed, check if process is no longer running. 143 if isErrNoSuchProcess(err) { 144 return nil 145 } 146 } 147 148 ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 149 defer cancel() 150 151 status := <-container.Wait(ctx, containerpkg.WaitConditionNotRunning) 152 if status.Err() == nil { 153 return nil 154 } 155 156 logrus.WithError(status.Err()).WithField("container", container.ID).Error("Container failed to exit within 10 seconds of kill - trying direct SIGKILL") 157 158 if err := killProcessDirectly(container); err != nil { 159 if isErrNoSuchProcess(err) { 160 return nil 161 } 162 return err 163 } 164 165 // wait for container to exit one last time, if it doesn't then kill didnt work, so return error 166 ctx2, cancel2 := context.WithTimeout(context.Background(), 2*time.Second) 167 defer cancel2() 168 169 if status := <-container.Wait(ctx2, containerpkg.WaitConditionNotRunning); status.Err() != nil { 170 return errors.New("tried to kill container, but did not receive an exit event") 171 } 172 return nil 173 } 174 175 // killPossibleDeadProcess is a wrapper around killSig() suppressing "no such process" error. 176 func (daemon *Daemon) killPossiblyDeadProcess(container *containerpkg.Container, sig int) error { 177 err := daemon.killWithSignal(container, sig) 178 if errdefs.IsNotFound(err) { 179 e := errNoSuchProcess{container.GetPID(), sig} 180 logrus.Debug(e) 181 return e 182 } 183 return err 184 } 185 186 func (daemon *Daemon) kill(c *containerpkg.Container, sig int) error { 187 return daemon.containerd.SignalProcess(context.Background(), c.ID, libcontainerdtypes.InitProcessName, sig) 188 }