cr-restore: block SIGCHLD for restoring namespaces

Restore of namespaces requires executions of external tools
(ip, tar, etc). We want to know return codes, so we should
block a default sigchld handler. Before we did that for each
command, I suggest to block SIGCHLD, then restore namespace and
unblock SIGCHLD.

The default sigchld handler is used for catching target processes,
but all this processes (except a current one ) are started after
restoring namespaces.

Currently we forgot to block SIGCHLD before executing "ip",
and this bug was caught.

Reported-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

namespaces.c

@@ -151,9 +151,19 @@ int dump_namespaces(struct pid *ns_pid, unsigned int ns_flags)
 
 int prepare_namespace(int pid, unsigned long clone_flags)
 {
+	sigset_t blockmask, oldmask;
+	int ret = -1;
+
 	pr_info("Restoring namespaces %d flags 0x%lx\n",
 			pid, clone_flags);
 
+	sigemptyset(&blockmask);
+	sigaddset(&blockmask, SIGCHLD);
+	if (sigprocmask(SIG_BLOCK, &blockmask, &oldmask) == -1) {
+		pr_perror("Can not set mask of blocked signals");
+		return -1;
+	}
+
 	/*
 	 * On netns restore we launch an IP tool, thus we
 	 * have to restore it _before_ altering the mount
@@ -161,15 +171,22 @@ int prepare_namespace(int pid, unsigned long clone_flags)
 	 */
 
 	if ((clone_flags & CLONE_NEWNET) && prepare_net_ns(pid))
-		return -1;
+		goto out;
 	if ((clone_flags & CLONE_NEWUTS) && prepare_utsns(pid))
-		return -1;
+		goto out;
 	if ((clone_flags & CLONE_NEWIPC) && prepare_ipc_ns(pid))
-		return -1;
+		goto out;
 	if ((clone_flags & CLONE_NEWNS)  && prepare_mnt_ns(pid))
-		return -1;
+		goto out;
 
-	return 0;
+	ret = 0;
+out:
+	if (sigprocmask(SIG_SETMASK, &oldmask, NULL) == -1) {
+		pr_perror("Can not set mask of blocked signals");
+		BUG();
+	}
+
+	return ret;
 }
 
 int try_show_namespaces(int ns_pid, struct cr_options *o)