当PID namespace中的init进程结束时,会销毁对应的PID namespace,并向所有其它的子进程发送SIGKILL。这也是为什么当我们手动kill掉容器的第一个init进程,容器会自动结束。

    image.png

    1. static struct task_struct *find_child_reaper(struct task_struct *father,
    2.                         struct list_head *dead)
    3.     __releases(&tasklist_lock)
    4.     __acquires(&tasklist_lock)
    5. {
    6.     struct pid_namespace *pid_ns = task_active_pid_ns(father);
    7.     struct task_struct *reaper = pid_ns->child_reaper; // pid_ns->child_reaper记录的pid namespace的1号进程
    8.     struct task_struct *p, *n;
    10.     if (likely(reaper != father))
    11.         return reaper;
    13.     //这个father要是命名空间的1号进程,它要退出了好像问题有点严重了...还会有托孤吗?这个命名空间是继续存在还是走向毁灭呢?
    14.     //内核秉承稳定第一的理念,处理起事情来总是小心翼翼。首先它想到的就是退出的father是否还有活着的兄弟姐妹,有的话赶紧扶正上位,可别让整个命名空间群龙无首呀。
    16.     reaper = find_alive_thread(father);
    17.     if (reaper) {
    18.         pid_ns->child_reaper = reaper;
    19.         return reaper;
    20.     }
    22.     // 1号进程退出了,也没有alive_thread了
    24.     write_unlock_irq(&tasklist_lock);
    26.     list_for_each_entry_safe(p, n, dead, ptrace_entry) {
    27.         list_del_init(&p->ptrace_entry);
    28.         release_task(p);
    29.     }
    31.     zap_pid_ns_processes(pid_ns);
    32.     write_lock_irq(&tasklist_lock);
    34.     return father;
    35. }
    1. /*
    2.  * When we die, we re-parent all our children, and try to:
    3.  * 1. give them to another thread in our thread group, if such a member exists
    4.  * 2. give it to the first ancestor process which prctl'd itself as a
    5.  *    child_subreaper for its children (like a service manager)
    6.  * 3. give it to the init process (PID 1) in our pid namespace
    7.  */
    8. static struct task_struct *find_new_reaper(struct task_struct *father,
    9.                        struct task_struct *child_reaper)
    10. {
    11.     struct task_struct *thread, *reaper;
    13.     thread = find_alive_thread(father);
    14.     if (thread)
    15.         return thread;
    17.     if (father->signal->has_child_subreaper) {
    18.         unsigned int ns_level = task_pid(father)->level;
    19.         /*
    20.          * Find the first ->is_child_subreaper ancestor in our pid_ns.
    21.          * We can't check reaper != child_reaper to ensure we do not
    22.          * cross the namespaces, the exiting parent could be injected
    23.          * by setns() + fork().
    24.          * We check pid->level, this is slightly more efficient than
    25.          * task_active_pid_ns(reaper) != task_active_pid_ns(father).
    26.          */
    27.         for (reaper = father->real_parent;
    28.              task_pid(reaper)->level == ns_level;
    29.              reaper = reaper->real_parent) {
    30.             if (reaper == &init_task)
    31.                 break;
    32.             if (!reaper->signal->is_child_subreaper)
    33.                 continue;
    34.             thread = find_alive_thread(reaper);
    35.             if (thread)
    36.                 return thread;
    37.         }
    38.     }
    40.     return child_reaper;
    41. }