mirror of
https://github.com/containers/podman.git
synced 2025-10-19 12:12:36 +08:00
Merge pull request #9722 from giuseppe/backport-proc-self-fd-2.2
[2.2] oci: use /proc/self/fd/FD to open unix socket
This commit is contained in:
@ -28,6 +28,15 @@ const (
|
|||||||
AttachPipeStderr = 3
|
AttachPipeStderr = 3
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func openUnixSocket(path string) (*net.UnixConn, error) {
|
||||||
|
fd, err := unix.Open(path, unix.O_PATH, 0)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer unix.Close(fd)
|
||||||
|
return net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: fmt.Sprintf("/proc/self/fd/%d", fd), Net: "unixpacket"})
|
||||||
|
}
|
||||||
|
|
||||||
// Attach to the given container
|
// Attach to the given container
|
||||||
// Does not check if state is appropriate
|
// Does not check if state is appropriate
|
||||||
// started is only required if startContainer is true
|
// started is only required if startContainer is true
|
||||||
@ -52,11 +61,10 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
socketPath := buildSocketPath(attachSock)
|
|
||||||
|
|
||||||
conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
|
conn, err := openUnixSocket(attachSock)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
|
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
|
||||||
}
|
}
|
||||||
defer func() {
|
defer func() {
|
||||||
if err := conn.Close(); err != nil {
|
if err := conn.Close(); err != nil {
|
||||||
@ -124,7 +132,6 @@ func (c *Container) attachToExec(streams *define.AttachStreams, keys *string, se
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
socketPath := buildSocketPath(sockPath)
|
|
||||||
|
|
||||||
// 2: read from attachFd that the parent process has set up the console socket
|
// 2: read from attachFd that the parent process has set up the console socket
|
||||||
if _, err := readConmonPipeData(attachFd, ""); err != nil {
|
if _, err := readConmonPipeData(attachFd, ""); err != nil {
|
||||||
@ -132,9 +139,9 @@ func (c *Container) attachToExec(streams *define.AttachStreams, keys *string, se
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 2: then attach
|
// 2: then attach
|
||||||
conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
|
conn, err := openUnixSocket(sockPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
|
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", sockPath)
|
||||||
}
|
}
|
||||||
defer func() {
|
defer func() {
|
||||||
if err := conn.Close(); err != nil {
|
if err := conn.Close(); err != nil {
|
||||||
@ -182,16 +189,6 @@ func registerResizeFunc(resize <-chan remotecommand.TerminalSize, bundlePath str
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func buildSocketPath(socketPath string) string {
|
|
||||||
maxUnixLength := unixPathLength()
|
|
||||||
if maxUnixLength < len(socketPath) {
|
|
||||||
socketPath = socketPath[0:maxUnixLength]
|
|
||||||
}
|
|
||||||
|
|
||||||
logrus.Debug("connecting to socket ", socketPath)
|
|
||||||
return socketPath
|
|
||||||
}
|
|
||||||
|
|
||||||
func setupStdioChannels(streams *define.AttachStreams, conn *net.UnixConn, detachKeys []byte) (chan error, chan error) {
|
func setupStdioChannels(streams *define.AttachStreams, conn *net.UnixConn, detachKeys []byte) (chan error, chan error) {
|
||||||
receiveStdoutError := make(chan error)
|
receiveStdoutError := make(chan error)
|
||||||
go func() {
|
go func() {
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
//+build linux,cgo
|
|
||||||
|
|
||||||
package libpod
|
|
||||||
|
|
||||||
//#include <sys/un.h>
|
|
||||||
// extern int unix_path_length(){struct sockaddr_un addr; return sizeof(addr.sun_path) - 1;}
|
|
||||||
import "C"
|
|
||||||
|
|
||||||
func unixPathLength() int {
|
|
||||||
return int(C.unix_path_length())
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
//+build linux,!cgo
|
|
||||||
|
|
||||||
package libpod
|
|
||||||
|
|
||||||
func unixPathLength() int {
|
|
||||||
return 107
|
|
||||||
}
|
|
@ -2,7 +2,6 @@ package libpod
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
@ -516,7 +515,6 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
socketPath := buildSocketPath(sockPath)
|
|
||||||
|
|
||||||
// 2: read from attachFd that the parent process has set up the console socket
|
// 2: read from attachFd that the parent process has set up the console socket
|
||||||
if _, err := readConmonPipeData(pipes.attachPipe, ""); err != nil {
|
if _, err := readConmonPipeData(pipes.attachPipe, ""); err != nil {
|
||||||
@ -524,9 +522,9 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 2: then attach
|
// 2: then attach
|
||||||
conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
|
conn, err := openUnixSocket(sockPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
|
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", sockPath)
|
||||||
}
|
}
|
||||||
defer func() {
|
defer func() {
|
||||||
if err := conn.Close(); err != nil {
|
if err := conn.Close(); err != nil {
|
||||||
|
@ -521,13 +521,12 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
socketPath := buildSocketPath(attachSock)
|
|
||||||
|
|
||||||
var conn *net.UnixConn
|
var conn *net.UnixConn
|
||||||
if streamAttach {
|
if streamAttach {
|
||||||
newConn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
|
newConn, err := openUnixSocket(attachSock)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
|
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
|
||||||
}
|
}
|
||||||
conn = newConn
|
conn = newConn
|
||||||
defer func() {
|
defer func() {
|
||||||
@ -536,7 +535,7 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
logrus.Debugf("Successfully connected to container %s attach socket %s", ctr.ID(), socketPath)
|
logrus.Debugf("Successfully connected to container %s attach socket %s", ctr.ID(), attachSock)
|
||||||
}
|
}
|
||||||
|
|
||||||
detachString := ctr.runtime.config.Engine.DetachKeys
|
detachString := ctr.runtime.config.Engine.DetachKeys
|
||||||
|
Reference in New Issue
Block a user