commit cfe762ae667859c926dd2bd03d9f82ea83d39243
author Brian Harring <ferringb@chromium.org> Wed Feb 29 13:03:53 2012 -0800
committer Gerrit <chrome-bot@google.com> Sat Mar 03 11:14:09 2012 -0800
tree 42c48e6fc872e4a42f6459da8f1ce7671d7bc70d
parent c92a701339bfcde18d432e11f9fa0a0f1244ec61

cros_sdk: contain children in a cgroup.

This is done to ensure that no children escape cros_sdk.

BUG=chromium-os:26913
TEST=cros_sdk

Change-Id: I3580901d592af366776d7c64c5949dbd6039ab4f
Reviewed-on: https://gerrit.chromium.org/gerrit/17077
Commit-Ready: Brian Harring <ferringb@chromium.org>
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>

scripts/cros_sdk.py

diff --git a/scripts/cros_sdk.py b/scripts/cros_sdk.py
index 0afa0a0..8642d73 100644
--- a/scripts/cros_sdk.py
+++ b/scripts/cros_sdk.py
@@ -12,9 +12,10 @@
 import urlparse
 
 from chromite.buildbot import constants
+from chromite.lib import cgroups
 from chromite.lib import cros_build_lib
-from chromite.lib import sudo
 from chromite.lib import locking
+from chromite.lib import sudo
 
 cros_build_lib.STRICT_SUDO = True
 
@@ -325,29 +326,29 @@
   lock_path = os.path.join(lock_path,
                            '.%s_lock' % os.path.basename(chroot_path))
   with sudo.SudoKeepAlive():
-    _CreateLockFile(lock_path)
-    with locking.FileLock(lock_path, 'chroot lock') as lock:
+    with cgroups.ContainChildren('cros_sdk'):
+      _CreateLockFile(lock_path)
+      with locking.FileLock(lock_path, 'chroot lock') as lock:
+        if options.delete:
+          lock.write_lock()
+          DeleteChroot(chroot_path)
+          sys.exit(0)
 
-      if options.delete:
-        lock.write_lock()
-        DeleteChroot(chroot_path)
-        sys.exit(0)
+        # Print a suggestion for replacement, but not if running just --enter.
+        if os.path.exists(chroot_path) and not options.replace and \
+            (options.bootstrap or options.download):
+          print "Chroot already exists. Run with --replace to re-create."
 
-      # Print a suggestion for replacement, but not if running just --enter.
-      if os.path.exists(chroot_path) and not options.replace and \
-          (options.bootstrap or options.download):
-        print "Chroot already exists. Run with --replace to re-create."
-
-      # Chroot doesn't exist or asked to replace.
-      if not os.path.exists(chroot_path) or options.replace:
-        lock.write_lock()
-        if options.bootstrap:
-          BootstrapChroot(chroot_path, options.sdk_url,
-                          options.replace)
-        else:
-          CreateChroot(options.sdk_url, sdk_version,
-                       chroot_path, options.replace)
-      if options.enter:
-        lock.read_lock()
-        EnterChroot(chroot_path, options.chrome_root,
-                    options.chrome_root_mount, remaining_arguments)
+        # Chroot doesn't exist or asked to replace.
+        if not os.path.exists(chroot_path) or options.replace:
+          lock.write_lock()
+          if options.bootstrap:
+            BootstrapChroot(chroot_path, options.sdk_url,
+                            options.replace)
+          else:
+            CreateChroot(options.sdk_url, sdk_version,
+                         chroot_path, options.replace)
+        if options.enter:
+          lock.read_lock()
+          EnterChroot(chroot_path, options.chrome_root,
+                      options.chrome_root_mount, remaining_arguments)