opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-24 11:28:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9855 from giuseppe/fix-service-race-condition

Browse Source 
service: use LISTEN_FDS
This commit is contained in:
OpenShift Merge Robot
2021-03-29 17:40:21 +00:00
committed by GitHub
parent 26b0ebd22f c064acd78e
commit aa96cb6739
2 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/podman/system/service_abi.go
View File

@ -24,16 +24,28 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti
) )
if opts.URI != "" { if opts.URI != "" {
fields := strings.Split(opts.URI, ":") if os.Getenv("LISTEN_FDS") != "" {
if len(fields) == 1 { // If it is activated by systemd, use the first LISTEN_FD (3)
return errors.Errorf("%s is an invalid socket destination", opts.URI) // instead of opening the socket file.
f := os.NewFile(uintptr(3), "podman.sock")
l, err := net.FileListener(f)
if err != nil {
return err
}
listener = &l
} else {
fields := strings.Split(opts.URI, ":")
if len(fields) == 1 {
return errors.Errorf("%s is an invalid socket destination", opts.URI)
}
network := fields[0]
address := strings.Join(fields[1:], ":")
l, err := net.Listen(network, address)
if err != nil {
return errors.Wrapf(err, "unable to create socket")
}
listener = &l
} }
address := strings.Join(fields[1:], ":")
l, err := net.Listen(fields[0], address)
if err != nil {
return errors.Wrapf(err, "unable to create socket")
}
listener = &l
} }
// Close stdin, so shortnames will not prompt // Close stdin, so shortnames will not prompt

11
pkg/rootless/rootless_linux.c
View File

@ -233,9 +233,8 @@ int
is_fd_inherited(int fd) is_fd_inherited(int fd)
{ {
if (open_files_set == NULL || fd > open_files_max_fd || fd < 0) if (open_files_set == NULL || fd > open_files_max_fd || fd < 0)
{
return 0; return 0;
}
return FD_ISSET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])) ? 1 : 0; return FD_ISSET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])) ? 1 : 0;
} }
@ -633,9 +632,10 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path)
close (user_ns); close (user_ns);
close (mnt_ns); close (mnt_ns);
for (f = 3; f < open_files_max_fd; f++) for (f = 3; f <= open_files_max_fd; f++)
if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) if (is_fd_inherited (f))
close (f); close (f);
return pid; return pid;
} }
@ -813,13 +813,14 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re
if (do_socket_activation) if (do_socket_activation)
{ {
long num_fds; long num_fds;
num_fds = strtol (listen_fds, NULL, 10); num_fds = strtol (listen_fds, NULL, 10);
if (num_fds != LONG_MIN && num_fds != LONG_MAX) if (num_fds != LONG_MIN && num_fds != LONG_MAX)
{ {
int f; int f;
for (f = 3; f < num_fds + 3; f++) for (f = 3; f < num_fds + 3; f++)
if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) if (is_fd_inherited (f))
close (f); close (f);
} }
unsetenv ("LISTEN_PID"); unsetenv ("LISTEN_PID");