mirror of
https://github.com/containers/podman.git
synced 2025-07-09 05:57:21 +08:00
libpod: Move mountNotifySocket to container_internal_common.go
[NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
This commit is contained in:
Doug Rabson
@ -644,3 +644,35 @@ func lookupHostUser(name string) (*runcuser.ExecUser, error) {
|
|||||||
execUser.Home = u.HomeDir
|
execUser.Home = u.HomeDir
|
||||||
return &execUser, nil
|
return &execUser, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
|
||||||
|
// and if the sdnotify mode is set to container. It also sets c.notifySocket
|
||||||
|
// to avoid redundantly looking up the env variable.
|
||||||
|
func (c *Container) mountNotifySocket(g generate.Generator) error {
|
||||||
|
if c.config.SdNotifySocket == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if c.config.SdNotifyMode != define.SdNotifyModeContainer {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
notifyDir := filepath.Join(c.bundlePath(), "notify")
|
||||||
|
logrus.Debugf("Checking notify %q dir", notifyDir)
|
||||||
|
if err := os.MkdirAll(notifyDir, 0755); err != nil {
|
||||||
|
if !os.IsExist(err) {
|
||||||
|
return fmt.Errorf("unable to create notify %q dir: %w", notifyDir, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil {
|
||||||
|
return fmt.Errorf("relabel failed %q: %w", notifyDir, err)
|
||||||
|
}
|
||||||
|
logrus.Debugf("Add bindmount notify %q dir", notifyDir)
|
||||||
|
if _, ok := c.state.BindMounts["/run/notify"]; !ok {
|
||||||
|
c.state.BindMounts["/run/notify"] = notifyDir
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the container's notify socket to the proxy socket created by conmon
|
||||||
|
g.AddProcessEnv("NOTIFY_SOCKET", "/run/notify/notify.sock")
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -187,36 +187,6 @@ func (c *Container) reloadNetwork() error {
|
|||||||
return c.save()
|
return c.save()
|
||||||
}
|
}
|
||||||
|
|
||||||
// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
|
|
||||||
// and if the sdnotify mode is set to container. It also sets c.notifySocket
|
|
||||||
// to avoid redundantly looking up the env variable.
|
|
||||||
func (c *Container) mountNotifySocket(g generate.Generator) error {
|
|
||||||
|
|
||||||
if c.config.SdNotifyMode != define.SdNotifyModeContainer {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
notifyDir := filepath.Join(c.bundlePath(), "notify")
|
|
||||||
logrus.Debugf("Checking notify %q dir", notifyDir)
|
|
||||||
if err := os.MkdirAll(notifyDir, 0755); err != nil {
|
|
||||||
if !os.IsExist(err) {
|
|
||||||
return fmt.Errorf("unable to create notify %q dir: %w", notifyDir, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil {
|
|
||||||
return fmt.Errorf("relabel failed %q: %w", notifyDir, err)
|
|
||||||
}
|
|
||||||
logrus.Debugf("Add bindmount notify %q dir", notifyDir)
|
|
||||||
if _, ok := c.state.BindMounts["/run/notify"]; !ok {
|
|
||||||
c.state.BindMounts["/run/notify"] = notifyDir
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set the container's notify socket to the proxy socket created by conmon
|
|
||||||
g.AddProcessEnv("NOTIFY_SOCKET", "/run/notify/notify.sock")
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add an existing container's network jail
|
// Add an existing container's network jail
|
||||||
func (c *Container) addNetworkContainer(g *generate.Generator, ctr string) error {
|
func (c *Container) addNetworkContainer(g *generate.Generator, ctr string) error {
|
||||||
nsCtr, err := c.runtime.state.Container(ctr)
|
nsCtr, err := c.runtime.state.Container(ctr)
|
||||||
|
|||||||
@ -220,38 +220,6 @@ func (c *Container) reloadNetwork() error {
|
|||||||
return c.save()
|
return c.save()
|
||||||
}
|
}
|
||||||
|
|
||||||
// mountNotifySocket mounts the NOTIFY_SOCKET into the container if it's set
|
|
||||||
// and if the sdnotify mode is set to container. It also sets c.notifySocket
|
|
||||||
// to avoid redundantly looking up the env variable.
|
|
||||||
func (c *Container) mountNotifySocket(g generate.Generator) error {
|
|
||||||
if c.config.SdNotifySocket == "" {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
if c.config.SdNotifyMode != define.SdNotifyModeContainer {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
notifyDir := filepath.Join(c.bundlePath(), "notify")
|
|
||||||
logrus.Debugf("Checking notify %q dir", notifyDir)
|
|
||||||
if err := os.MkdirAll(notifyDir, 0755); err != nil {
|
|
||||||
if !os.IsExist(err) {
|
|
||||||
return fmt.Errorf("unable to create notify %q dir: %w", notifyDir, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil {
|
|
||||||
return fmt.Errorf("relabel failed %q: %w", notifyDir, err)
|
|
||||||
}
|
|
||||||
logrus.Debugf("Add bindmount notify %q dir", notifyDir)
|
|
||||||
if _, ok := c.state.BindMounts["/run/notify"]; !ok {
|
|
||||||
c.state.BindMounts["/run/notify"] = notifyDir
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set the container's notify socket to the proxy socket created by conmon
|
|
||||||
g.AddProcessEnv("NOTIFY_SOCKET", "/run/notify/notify.sock")
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// systemd expects to have /run, /run/lock and /tmp on tmpfs
|
// systemd expects to have /run, /run/lock and /tmp on tmpfs
|
||||||
// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
|
// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
|
||||||
func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
|
func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
|
||||||
|
|||||||
Reference in New Issue
Block a user