[FS#464] Syslog dnsmasq errors, where dnsmasq thinks it is running as pid 1 (procd) when using ujail/seccomp

[LEDE Bugs]

The following task has a new comment added:

FS#464 - Syslog dnsmasq errors, where dnsmasq thinks it is running as pid 1 (procd) when using ujail/seccomp
User who did this - Etienne CHAMPETIER (champtar)

----------
Hi @KPapad

ujail uses Linux kernel namespaces to "jail" processes (like all container technologies (docker/lxc) and other jail project like firejail)
http://man7.org/linux/man-pages/man7/namespaces.7.html

In a new namespace with CLONE_NEWPID, the processes in this new namespace doesn't see processes in the parent namespace, and the PID numbers start at 1 again inside this new namespaces,
so it's totally normal that dnsmasq with ujail thinks he is PID 1 (because that's what he is inside the namespace / from his point of view)
and it's also normal that you don't see dnsmasq having PID 1 with ps, because you are looking from the parent namespace (different point of view).

Now for the implementation details, procd (Lede PID 1 / init / process manager) launch ujail, which takes care of setting up the namespaces, and then launch dnsmasq. So it's normal to have an ujail process for each "jailed" process.

What is happening I think, is that for some reason the ujail process is killed/die, but doesn't kill his children dnsmasq, so procd not seeing his children, try to restart, but dnsmasq is still running, so the new dnsmasq can't bind

You can try to play with strace to see exactly what is happening (if you can launch strace before the reboot loop)

strace -f -p 1 -p $(pgrep dnsmasq) -p $(pgrep ujail) -o /tmp/trace

Regards
Etienne
----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=464#comment1615