opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-11 09:18:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman: new option --preserve-fd

Browse Source 
add a new option --preserve-fd that allows to specify a list of FDs to
pass down to the container.

It is similar to --preserve-fds but it allows to specify a list of FDs
instead of the maximum FD number to preserve.

--preserve-fd and --preserve-fds are mutually exclusive.

It requires crun since runc would complain if any fd below
--preserve-fds is not preserved.

Closes: https://github.com/containers/podman/issues/20844

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2023-12-01 11:49:29 +01:00
parent 6b9221d852
commit 01d397a658
19 changed files with 172 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
test/system/030-run.bats
View File

@@ -80,6 +80,25 @@ echo $rand | 0 | $rand
is "$output" "$content" "container read input from fd 4"
}
# 'run --preserve-fd' passes a list of additional file descriptors into the container
@test "podman run --preserve-fd" {
skip_if_remote "preserve-fd is meaningless over remote"
runtime=$(podman_runtime)
if [[ $runtime != "crun" ]]; then
skip "runtime is $runtime; preserve-fd requires crun"
fi
content=$(random_string 20)
echo "$content" > $PODMAN_TMPDIR/tempfile
# /proc/self/fd will have 0 1 2, possibly 3 & 4, but no 2-digit fds other than 40
run_podman run --rm -i --preserve-fd=9,40 $IMAGE sh -c '/bin/ls -C -w999 /proc/self/fd; cat <&9; cat <&40' 9<<<"fd9" 10</dev/null 40<$PODMAN_TMPDIR/tempfile
assert "${lines[0]}" !~ [123][0-9] "/proc/self/fd must not contain 10-39"
assert "${lines[1]}" = "fd9" "cat from fd 9"
assert "${lines[2]}" = "$content" "cat from fd 40"
}
@test "podman run - uidmapping has no /sys/kernel mounts" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
skip_if_rootless "cannot umount as rootless"

22
test/system/075-exec.bats
View File

@@ -223,4 +223,26 @@ load helpers
assert "$output" = "0" ".ExecIDs must be empty"
}
# 'exec --preserve-fd' passes a list of additional file descriptors into the container
@test "podman exec --preserve-fd" {
skip_if_remote "preserve-fd is meaningless over remote"
runtime=$(podman_runtime)
if [[ $runtime != "crun" ]]; then
skip "runtime is $runtime; preserve-fd requires crun"
fi
run_podman run -d $IMAGE top
cid="$output"
content=$(random_string 20)
echo "$content" > $PODMAN_TMPDIR/tempfile
# /proc/self/fd will have 0 1 2, possibly 3 & 4, but no 2-digit fds other than 40
run_podman exec --preserve-fd=9,40 $cid sh -c '/bin/ls -C -w999 /proc/self/fd; cat <&9; cat <&40' 9<<<"fd9" 10</dev/null 40<$PODMAN_TMPDIR/tempfile
assert "${lines[0]}" !~ [123][0-9] "/proc/self/fd must not contain 10-39"
assert "${lines[1]}" = "fd9" "cat from fd 9"
assert "${lines[2]}" = "$content" "cat from fd 40"
}
# vim: filetype=sh