opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-17 15:08:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adjust LISTEN_PID for reexec in varlink mode

Browse Source 
Because the varlink server honors the socket activation protocol,
LISTEN_PID has to be adjusted with the new PID.

https://varlink.org/FAQ.html#how-does-socket-activation-work
Signed-off-by: Harald Hoyer <harald@redhat.com>
This commit is contained in:
Harald Hoyer
2019-02-21 09:33:06 +01:00
parent 4934bf2327
commit 3f60dc02e3
1 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
pkg/rootless/rootless_linux.c
View File

@ -12,6 +12,7 @@
#include <fcntl.h> #include <fcntl.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <string.h> #include <string.h>
#include <stdbool.h>
static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces"; static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces";
static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone"; static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone";
@ -186,6 +187,18 @@ reexec_in_user_namespace (int ready)
pid_t ppid = getpid (); pid_t ppid = getpid ();
char **argv; char **argv;
char uid[16]; char uid[16];
char *listen_fds = NULL;
char *listen_pid = NULL;
bool do_socket_activation = false;
listen_pid = getenv("LISTEN_PID");
listen_fds = getenv("LISTEN_FDS");
if (listen_pid != NULL && listen_fds != NULL) {
if (strtol(listen_pid, NULL, 10) == getpid()) {
do_socket_activation = true;
}
}
sprintf (uid, "%d", geteuid ()); sprintf (uid, "%d", geteuid ());
@ -197,8 +210,22 @@ reexec_in_user_namespace (int ready)
check_proc_sys_userns_file (_max_user_namespaces); check_proc_sys_userns_file (_max_user_namespaces);
check_proc_sys_userns_file (_unprivileged_user_namespaces); check_proc_sys_userns_file (_unprivileged_user_namespaces);
} }
if (pid) if (pid) {
if (do_socket_activation) {
long num_fds;
num_fds = strtol(listen_fds, NULL, 10);
if (num_fds != LONG_MIN && num_fds != LONG_MAX) {
long i;
for (i = 0; i < num_fds; i++) {
close(3+i);
}
}
unsetenv("LISTEN_PID");
unsetenv("LISTEN_FDS");
unsetenv("LISTEN_FDNAMES");
}
return pid; return pid;
}
argv = get_cmd_line_args (ppid); argv = get_cmd_line_args (ppid);
if (argv == NULL) if (argv == NULL)
@ -207,6 +234,12 @@ reexec_in_user_namespace (int ready)
_exit (EXIT_FAILURE); _exit (EXIT_FAILURE);
} }
if (do_socket_activation) {
char s[32];
sprintf(s, "%d", getpid());
setenv("LISTEN_PID", s, true);
}
setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1); setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1);
setenv ("_LIBPOD_ROOTLESS_UID", uid, 1); setenv ("_LIBPOD_ROOTLESS_UID", uid, 1);