start: reap intermediate process

When we inherit namespaces we need to reap the attaching process.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

src/lxc/error.h

@@ -23,6 +23,8 @@
 #ifndef __LXC_ERROR_H
 #define __LXC_ERROR_H
 
+#define LXC_CLONE_ERROR "Failed to clone a new set of namespaces"
+
 extern int  lxc_error_set_and_log(int pid, int status);
 
 #endif

src/lxc/start.c

@@ -1399,14 +1399,28 @@ static int lxc_spawn(struct lxc_handler *handler)
 	/* The cgroup namespace gets unshare()ed not clone()ed. */
 	handler->on_clone_flags &= ~CLONE_NEWCGROUP;
 
-	if (share_ns)
+	if (share_ns) {
-		ret = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
+		pid_t attacher_pid;
-	else
+
-		handler->pid = lxc_clone(do_start, handler, handler->on_clone_flags);
+		attacher_pid = lxc_clone(do_share_ns, handler, CLONE_VFORK | CLONE_VM | CLONE_FILES);
-	if (handler->pid < 0 || ret < 0) {
+		if (attacher_pid < 0) {
-		SYSERROR("Failed to clone a new set of namespaces.");
+			SYSERROR(LXC_CLONE_ERROR);
 			goto out_delete_net;
 		}
+
+		ret = wait_for_pid(attacher_pid);
+		if (ret < 0) {
+			SYSERROR("Intermediate process failed");
+			goto out_delete_net;
+		}
+	} else {
+		handler->pid = lxc_clone(do_start, handler, handler->on_clone_flags);
+	}
+	if (handler->pid < 0) {
+		SYSERROR(LXC_CLONE_ERROR);
+		goto out_delete_net;
+	}
+
 	TRACE("Cloned child process %d", handler->pid);
 
 	for (i = 0; i < LXC_NS_MAX; i++)