opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-20 11:13:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3813 from baude/nofds

Browse Source 
do not activate sd_notify support when varlink
This commit is contained in:
OpenShift Merge Robot
2019-08-18 19:25:13 +02:00
committed by GitHub
parent 76f327f73f e6673012b5
commit 438cbf4c89
6 changed files with 38 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/podman/libpodruntime/runtime.go
View File

@ -15,25 +15,30 @@ import (
// GetRuntimeMigrate gets a libpod runtime that will perform a migration of existing containers // GetRuntimeMigrate gets a libpod runtime that will perform a migration of existing containers
func GetRuntimeMigrate(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { func GetRuntimeMigrate(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
return getRuntime(ctx, c, false, true, false) return getRuntime(ctx, c, false, true, false, true)
}
// GetRuntimeDisableFDs gets a libpod runtime that will disable sd notify
func GetRuntimeDisableFDs(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
return getRuntime(ctx, c, false, false, false, false)
} }
// GetRuntimeRenumber gets a libpod runtime that will perform a lock renumber // GetRuntimeRenumber gets a libpod runtime that will perform a lock renumber
func GetRuntimeRenumber(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { func GetRuntimeRenumber(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
return getRuntime(ctx, c, true, false, false) return getRuntime(ctx, c, true, false, false, true)
} }
// GetRuntime generates a new libpod runtime configured by command line options // GetRuntime generates a new libpod runtime configured by command line options
func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
return getRuntime(ctx, c, false, false, false) return getRuntime(ctx, c, false, false, false, true)
} }
// GetRuntimeNoStore generates a new libpod runtime configured by command line options // GetRuntimeNoStore generates a new libpod runtime configured by command line options
func GetRuntimeNoStore(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { func GetRuntimeNoStore(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
return getRuntime(ctx, c, false, false, true) return getRuntime(ctx, c, false, false, true, true)
} }
func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migrate, noStore bool) (*libpod.Runtime, error) { func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migrate, noStore, withFDS bool) (*libpod.Runtime, error) {
options := []libpod.RuntimeOption{} options := []libpod.RuntimeOption{}
storageOpts := storage.StoreOptions{} storageOpts := storage.StoreOptions{}
storageSet := false storageSet := false
@ -165,6 +170,10 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migra
infraCommand, _ := c.Flags().GetString("infra-command") infraCommand, _ := c.Flags().GetString("infra-command")
options = append(options, libpod.WithDefaultInfraCommand(infraCommand)) options = append(options, libpod.WithDefaultInfraCommand(infraCommand))
} }
if withFDS {
options = append(options, libpod.WithEnableSDNotify())
}
if c.Flags().Changed("config") { if c.Flags().Changed("config") {
return libpod.NewRuntimeFromConfig(ctx, c.GlobalFlags.Config, options...) return libpod.NewRuntimeFromConfig(ctx, c.GlobalFlags.Config, options...)
} }

2
cmd/podman/varlink.go
View File

@ -79,7 +79,7 @@ func varlinkCmd(c *cliconfig.VarlinkValues) error {
timeout := time.Duration(c.Timeout) * time.Millisecond timeout := time.Duration(c.Timeout) * time.Millisecond
// Create a single runtime for varlink // Create a single runtime for varlink
runtime, err := libpodruntime.GetRuntime(getContext(), &c.PodmanCommand) runtime, err := libpodruntime.GetRuntimeDisableFDs(getContext(), &c.PodmanCommand)
if err != nil { if err != nil {
return errors.Wrapf(err, "error creating libpod runtime") return errors.Wrapf(err, "error creating libpod runtime")
} }

2
libpod/oci.go
View File

@ -60,6 +60,7 @@ type OCIRuntime struct {
noPivot bool noPivot bool
reservePorts bool reservePorts bool
supportsJSON bool supportsJSON bool
sdNotify bool
} }
// ociError is used to parse the OCI runtime JSON log. It is not part of the // ociError is used to parse the OCI runtime JSON log. It is not part of the
@ -87,6 +88,7 @@ func newOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *R
runtime.logSizeMax = runtimeCfg.MaxLogSize runtime.logSizeMax = runtimeCfg.MaxLogSize
runtime.noPivot = runtimeCfg.NoPivotRoot runtime.noPivot = runtimeCfg.NoPivotRoot
runtime.reservePorts = runtimeCfg.EnablePortReservation runtime.reservePorts = runtimeCfg.EnablePortReservation
runtime.sdNotify = runtimeCfg.SDNotify
// TODO: probe OCI runtime for feature and enable automatically if // TODO: probe OCI runtime for feature and enable automatically if
// available. // available.

12
libpod/oci_internal_linux.go
View File

@ -247,10 +247,14 @@ func (r *OCIRuntime) configureConmonEnv(runtimeDir string) ([]string, []*os.File
if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok { if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify)) env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
} }
if listenfds, ok := os.LookupEnv("LISTEN_FDS"); ok { if !r.sdNotify {
env = append(env, fmt.Sprintf("LISTEN_FDS=%s", listenfds), "LISTEN_PID=1") if listenfds, ok := os.LookupEnv("LISTEN_FDS"); ok {
fds := activation.Files(false) env = append(env, fmt.Sprintf("LISTEN_FDS=%s", listenfds), "LISTEN_PID=1")
extraFiles = append(extraFiles, fds...) fds := activation.Files(false)
extraFiles = append(extraFiles, fds...)
}
} else {
logrus.Debug("disabling SD notify")
} }
return env, extraFiles, nil return env, extraFiles, nil
} }

9
libpod/options.go
View File

@ -482,6 +482,15 @@ func WithEventsLogger(logger string) RuntimeOption {
} }
} }
// WithEnableSDNotify sets a runtime option so we know whether to disable socket/FD
// listening
func WithEnableSDNotify() RuntimeOption {
return func(rt *Runtime) error {
rt.config.SDNotify = true
return nil
}
}
// Container Creation Options // Container Creation Options
// WithShmDir sets the directory that should be mounted on /dev/shm. // WithShmDir sets the directory that should be mounted on /dev/shm.

4
libpod/runtime.go
View File

@ -252,6 +252,10 @@ type RuntimeConfig struct {
EventsLogFilePath string `toml:"-events_logfile_path"` EventsLogFilePath string `toml:"-events_logfile_path"`
//DetachKeys is the sequence of keys used to detach a container //DetachKeys is the sequence of keys used to detach a container
DetachKeys string `toml:"detach_keys"` DetachKeys string `toml:"detach_keys"`
// SDNotify tells Libpod to allow containers to notify the host
// systemd of readiness using the SD_NOTIFY mechanism
SDNotify bool
} }
// runtimeConfiguredFrom is a struct used during early runtime init to help // runtimeConfiguredFrom is a struct used during early runtime init to help