mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 02:35:43 +08:00 
			
		
		
		
	Merge pull request #16512 from dfr/freebsd-preserve-fds
Add support for --preserve-fds on FreeBSD for run and exec
This commit is contained in:
		| @ -870,7 +870,7 @@ func makeExecConfig(options entities.ExecOptions, rt *libpod.Runtime) (*libpod.E | ||||
|  | ||||
| func checkExecPreserveFDs(options entities.ExecOptions) error { | ||||
| 	if options.PreserveFDs > 0 { | ||||
| 		entries, err := os.ReadDir("/proc/self/fd") | ||||
| 		entries, err := os.ReadDir(processFileDescriptorsPath) | ||||
| 		if err != nil { | ||||
| 			return err | ||||
| 		} | ||||
| @ -879,7 +879,7 @@ func checkExecPreserveFDs(options entities.ExecOptions) error { | ||||
| 		for _, e := range entries { | ||||
| 			i, err := strconv.Atoi(e.Name()) | ||||
| 			if err != nil { | ||||
| 				return fmt.Errorf("cannot parse %s in /proc/self/fd: %w", e.Name(), err) | ||||
| 				return fmt.Errorf("cannot parse %s in %s: %w", e.Name(), processFileDescriptorsPath, err) | ||||
| 			} | ||||
| 			m[i] = true | ||||
| 		} | ||||
|  | ||||
							
								
								
									
										3
									
								
								pkg/domain/infra/abi/containers_freebsd.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								pkg/domain/infra/abi/containers_freebsd.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,3 @@ | ||||
| package abi | ||||
|  | ||||
| const processFileDescriptorsPath = "/dev/fd" | ||||
							
								
								
									
										3
									
								
								pkg/domain/infra/abi/containers_linux.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								pkg/domain/infra/abi/containers_linux.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,3 @@ | ||||
| package abi | ||||
|  | ||||
| const processFileDescriptorsPath = "/proc/self/fd" | ||||
							
								
								
									
										63
									
								
								pkg/rootless/rootless_freebsd.c
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										63
									
								
								pkg/rootless/rootless_freebsd.c
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,63 @@ | ||||
| #include <dirent.h> | ||||
| #include <stdio.h> | ||||
| #include <stdlib.h> | ||||
| #include <unistd.h> | ||||
| #include <sys/select.h> | ||||
|  | ||||
| static int open_files_max_fd; | ||||
| static fd_set *open_files_set; | ||||
|  | ||||
| int | ||||
| is_fd_inherited(int fd) | ||||
| { | ||||
|   if (open_files_set == NULL || fd > open_files_max_fd || fd < 0) | ||||
|     return 0; | ||||
|  | ||||
|   return FD_ISSET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])) ? 1 : 0; | ||||
| } | ||||
|  | ||||
| static void __attribute__((constructor)) init() | ||||
| { | ||||
|   /* Store how many FDs were open before the Go runtime kicked in.  */ | ||||
|   DIR* d = opendir ("/dev/fd"); | ||||
|   if (d) | ||||
|     { | ||||
|       struct dirent *ent; | ||||
|       size_t size = 0; | ||||
|  | ||||
|       for (ent = readdir (d); ent; ent = readdir (d)) | ||||
|         { | ||||
|           int fd; | ||||
|  | ||||
|           if (ent->d_name[0] == '.') | ||||
|             continue; | ||||
|  | ||||
|           fd = atoi (ent->d_name); | ||||
|           if (fd == dirfd (d)) { | ||||
|             continue; | ||||
|           } | ||||
|  | ||||
|           if (fd >= size * FD_SETSIZE) | ||||
|             { | ||||
|               int i; | ||||
|               size_t new_size; | ||||
|  | ||||
|               new_size = (fd / FD_SETSIZE) + 1; | ||||
|               open_files_set = realloc (open_files_set, new_size * sizeof (fd_set)); | ||||
|               if (open_files_set == NULL) | ||||
|                 _exit (EXIT_FAILURE); | ||||
|  | ||||
|               for (i = size; i < new_size; i++) | ||||
|                 FD_ZERO (&(open_files_set[i])); | ||||
|  | ||||
|               size = new_size; | ||||
|             } | ||||
|  | ||||
|           if (fd > open_files_max_fd) { | ||||
|             open_files_max_fd = fd; | ||||
|           } | ||||
|  | ||||
|           FD_SET (fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])); | ||||
|         } | ||||
|     } | ||||
| } | ||||
							
								
								
									
										69
									
								
								pkg/rootless/rootless_freebsd.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								pkg/rootless/rootless_freebsd.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,69 @@ | ||||
| //go:build freebsd && cgo | ||||
| // +build freebsd,cgo | ||||
|  | ||||
| package rootless | ||||
|  | ||||
| import ( | ||||
| 	"errors" | ||||
|  | ||||
| 	"github.com/containers/storage/pkg/idtools" | ||||
| ) | ||||
|  | ||||
| // extern int is_fd_inherited(int fd); | ||||
| import "C" | ||||
|  | ||||
| // IsRootless returns whether the user is rootless | ||||
| func IsRootless() bool { | ||||
| 	return false | ||||
| } | ||||
|  | ||||
| // BecomeRootInUserNS re-exec podman in a new userNS.  It returns whether podman was re-executed | ||||
| // into a new user namespace and the return code from the re-executed podman process. | ||||
| // If podman was re-executed the caller needs to propagate the error code returned by the child | ||||
| // process.  It is a convenience function for BecomeRootInUserNSWithOpts with a default configuration. | ||||
| func BecomeRootInUserNS(pausePid string) (bool, int, error) { | ||||
| 	return false, -1, errors.New("this function is not supported on this os") | ||||
| } | ||||
|  | ||||
| // GetRootlessUID returns the UID of the user in the parent userNS | ||||
| func GetRootlessUID() int { | ||||
| 	return -1 | ||||
| } | ||||
|  | ||||
| // GetRootlessGID returns the GID of the user in the parent userNS | ||||
| func GetRootlessGID() int { | ||||
| 	return -1 | ||||
| } | ||||
|  | ||||
| // TryJoinFromFilePaths attempts to join the namespaces of the pid files in paths. | ||||
| // This is useful when there are already running containers and we | ||||
| // don't have a pause process yet.  We can use the paths to the conmon | ||||
| // processes to attempt joining their namespaces. | ||||
| // If needNewNamespace is set, the file is read from a temporary user | ||||
| // namespace, this is useful for containers that are running with a | ||||
| // different uidmap and the unprivileged user has no way to read the | ||||
| // file owned by the root in the container. | ||||
| func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error) { | ||||
| 	return false, -1, errors.New("this function is not supported on this os") | ||||
| } | ||||
|  | ||||
| // ConfigurationMatches checks whether the additional uids/gids configured for the user | ||||
| // match the current user namespace. | ||||
| func ConfigurationMatches() (bool, error) { | ||||
| 	return true, nil | ||||
| } | ||||
|  | ||||
| // GetConfiguredMappings returns the additional IDs configured for the current user. | ||||
| func GetConfiguredMappings(quiet bool) ([]idtools.IDMap, []idtools.IDMap, error) { | ||||
| 	return nil, nil, errors.New("this function is not supported on this os") | ||||
| } | ||||
|  | ||||
| // ReadMappingsProc returns the uid_map and gid_map | ||||
| func ReadMappingsProc(path string) ([]idtools.IDMap, error) { | ||||
| 	return nil, nil | ||||
| } | ||||
|  | ||||
| // IsFdInherited checks whether the fd is opened and valid to use | ||||
| func IsFdInherited(fd int) bool { | ||||
| 	return int(C.is_fd_inherited(C.int(fd))) > 0 | ||||
| } | ||||
| @ -1,5 +1,5 @@ | ||||
| //go:build !linux || !cgo | ||||
| // +build !linux !cgo | ||||
| //go:build !(linux || freebsd) || !cgo | ||||
| // +build !linux,!freebsd !cgo | ||||
|  | ||||
| package rootless | ||||
|  | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 OpenShift Merge Robot
					OpenShift Merge Robot