opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-28 22:53:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4206 from giuseppe/systemd-mode-look-full-path

Browse Source 
systemd: expect full path /usr/sbin/init
This commit is contained in:
OpenShift Merge Robot
2019-10-10 14:58:41 -07:00
committed by GitHub
parent cec8edd6f5 5963077e93
commit fd389d28ce
12 changed files with 104 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
API.md
View File

@ -1591,7 +1591,7 @@ subgidname [?string](#?string)
sysctl [?[]string](#?[]string) sysctl [?[]string](#?[]string)
systemd [?bool](#?bool) systemd [?string](#?string)
tmpfs [?[]string](#?[]string) tmpfs [?[]string](#?[]string)

5
cmd/podman/cliconfig/defaults.go
View File

@ -1,10 +1,5 @@
package cliconfig package cliconfig
const (
// DefaultSystemD value
DefaultSystemD bool = true
)
var ( var (
// DefaultHealthCheckInterval default value // DefaultHealthCheckInterval default value
DefaultHealthCheckInterval = "30s" DefaultHealthCheckInterval = "30s"

6
cmd/podman/common.go
View File

@ -455,9 +455,9 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
"sysctl", []string{}, "sysctl", []string{},
"Sysctl options (default [])", "Sysctl options (default [])",
) )
createFlags.Bool( createFlags.String(
"systemd", cliconfig.DefaultSystemD, "systemd", "true",
"Run container in systemd mode if the command executable is systemd or init", `Run container in systemd mode ("true"|"false"|"always" (default "true")`,
) )
createFlags.StringArray( createFlags.StringArray(
"tmpfs", []string{}, "tmpfs", []string{},

14
cmd/podman/shared/create.go
View File

@ -662,9 +662,17 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
return nil, errors.Errorf("invalid image-volume type %q. Pick one of bind, tmpfs, or ignore", c.String("image-volume")) return nil, errors.Errorf("invalid image-volume type %q. Pick one of bind, tmpfs, or ignore", c.String("image-volume"))
} }
var systemd bool systemd := c.String("systemd") == "always"
if command != nil && c.Bool("systemd") && ((filepath.Base(command[0]) == "init") || (filepath.Base(command[0]) == "systemd")) { if !systemd && command != nil {
systemd = true x, err := strconv.ParseBool(c.String("systemd"))
if err != nil {
return nil, errors.Wrapf(err, "cannot parse bool %s", c.String("systemd"))
}
if x && (command[0] == "/usr/sbin/init" || (filepath.Base(command[0]) == "systemd")) {
systemd = true
}
}
if systemd {
if signalString == "" { if signalString == "" {
stopSignal, err = signal.ParseSignal("RTMIN+3") stopSignal, err = signal.ParseSignal("RTMIN+3")
if err != nil { if err != nil {

2
cmd/podman/shared/intermediate.go
View File

@ -449,7 +449,7 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes
m["subgidname"] = newCRString(c, "subgidname") m["subgidname"] = newCRString(c, "subgidname")
m["subuidname"] = newCRString(c, "subuidname") m["subuidname"] = newCRString(c, "subuidname")
m["sysctl"] = newCRStringSlice(c, "sysctl") m["sysctl"] = newCRStringSlice(c, "sysctl")
m["systemd"] = newCRBool(c, "systemd") m["systemd"] = newCRString(c, "systemd")
m["tmpfs"] = newCRStringArray(c, "tmpfs") m["tmpfs"] = newCRStringArray(c, "tmpfs")
m["tty"] = newCRBool(c, "tty") m["tty"] = newCRBool(c, "tty")
m["uidmap"] = newCRStringSlice(c, "uidmap") m["uidmap"] = newCRStringSlice(c, "uidmap")

5
cmd/podman/shared/intermediate_varlink.go
View File

@ -152,7 +152,7 @@ func (g GenericCLIResults) MakeVarlink() iopodman.Create {
Subuidname: StringToPtr(g.Find("subuidname")), Subuidname: StringToPtr(g.Find("subuidname")),
Subgidname: StringToPtr(g.Find("subgidname")), Subgidname: StringToPtr(g.Find("subgidname")),
Sysctl: StringSliceToPtr(g.Find("sysctl")), Sysctl: StringSliceToPtr(g.Find("sysctl")),
Systemd: BoolToPtr(g.Find("systemd")), Systemd: StringToPtr(g.Find("systemd")),
Tmpfs: StringSliceToPtr(g.Find("tmpfs")), Tmpfs: StringSliceToPtr(g.Find("tmpfs")),
Tty: BoolToPtr(g.Find("tty")), Tty: BoolToPtr(g.Find("tty")),
Uidmap: StringSliceToPtr(g.Find("uidmap")), Uidmap: StringSliceToPtr(g.Find("uidmap")),
@ -321,6 +321,7 @@ func VarlinkCreateToGeneric(opts iopodman.Create) GenericCLIResults {
var memSwapDefault int64 = -1 var memSwapDefault int64 = -1
netModeDefault := "bridge" netModeDefault := "bridge"
systemdDefault := "true"
if rootless.IsRootless() { if rootless.IsRootless() {
netModeDefault = "slirp4netns" netModeDefault = "slirp4netns"
} }
@ -409,7 +410,7 @@ func VarlinkCreateToGeneric(opts iopodman.Create) GenericCLIResults {
m["subgidname"] = stringFromVarlink(opts.Subgidname, "subgidname", nil) m["subgidname"] = stringFromVarlink(opts.Subgidname, "subgidname", nil)
m["subuidname"] = stringFromVarlink(opts.Subuidname, "subuidname", nil) m["subuidname"] = stringFromVarlink(opts.Subuidname, "subuidname", nil)
m["sysctl"] = stringSliceFromVarlink(opts.Sysctl, "sysctl", nil) m["sysctl"] = stringSliceFromVarlink(opts.Sysctl, "sysctl", nil)
m["systemd"] = boolFromVarlink(opts.Systemd, "systemd", cliconfig.DefaultSystemD) m["systemd"] = stringFromVarlink(opts.Systemd, "systemd", &systemdDefault)
m["tmpfs"] = stringSliceFromVarlink(opts.Tmpfs, "tmpfs", nil) m["tmpfs"] = stringSliceFromVarlink(opts.Tmpfs, "tmpfs", nil)
m["tty"] = boolFromVarlink(opts.Tty, "tty", false) m["tty"] = boolFromVarlink(opts.Tty, "tty", false)
m["uidmap"] = stringSliceFromVarlink(opts.Uidmap, "uidmap", nil) m["uidmap"] = stringSliceFromVarlink(opts.Uidmap, "uidmap", nil)

2
cmd/podman/varlink/io.podman.varlink
View File

@ -363,7 +363,7 @@ type Create (
subuidname: ?string, subuidname: ?string,
subgidname: ?string, subgidname: ?string,
sysctl: ?[]string, sysctl: ?[]string,
systemd: ?bool, systemd: ?string,
tmpfs: ?[]string, tmpfs: ?[]string,
tty: ?bool, tty: ?bool,
uidmap: ?[]string, uidmap: ?[]string,

12
docs/podman-create.1.md
View File

@ -710,12 +710,18 @@ Network Namespace - current sysctls allowed:
Note: if you use the --network=host option these sysctls will not be allowed. Note: if you use the --network=host option these sysctls will not be allowed.
**--systemd**=*true|false* **--systemd**=*true|false|always*
Run container in systemd mode. The default is *true*. Run container in systemd mode. The default is *true*.
If the command you running inside of the container is systemd or init, podman The value *always* enforces the systemd mode is enforced without
will setup tmpfs mount points in the following directories: looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is systemd or
/usr/sbin/init.
If the command you are running inside of the container is systemd or
/usr/sbin/init, Podman will setup tmpfs mount points in the following
directories:
/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal /run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal

64
docs/podman-derivative-api Normal file
View File

@ -0,0 +1,64 @@
.TH How to use libpod for custom/derivative projects
.PP
libpod today is a Golang library and a CLI. The choice of interface you make has advantages and disadvantages.
.SH Running as a subprocess
.PP
Advantages:
.RS
.IP \(bu 2
Many commands output JSON
.IP \(bu 2
Works with languages other than Golang
.IP \(bu 2
Easy to get started
.RE
.PP
Disadvantages:
.RS
.IP \(bu 2
Error handling is harder
.IP \(bu 2
May be slower
.IP \(bu 2
Can't hook into or control low\-level things like how images are pulled
.RE
.SH Vendoring into a Go project
.PP
Advantages:
.RS
.IP \(bu 2
Significant power and control
.RE
.PP
Disadvantages:
.RS
.IP \(bu 2
You are now on the hook for container runtime security updates (partially, \fB\fCrunc\fR/\fB\fCcrun\fR are separate)
.IP \(bu 2
Binary size
.IP \(bu 2
Potential skew between multiple libpod versions operating on the same storage can cause problems
.RE
.SH Varlink
.PP
Some code exists for this; splits the difference. Future uncertain.
.SH Making the choice
.PP
A good question to ask first is: Do you want users to be able to use \fB\fCpodman\fR to manipulate the containers created by your project?
If so, that makes it more likely that you want to run \fB\fCpodman\fR as a subprocess. If you want a separate image store and a fundamentally
different experience; if what you're doing with containers is quite different from those created by the \fB\fCpodman\fR CLI,
that may drive you towards vendoring.

12
docs/podman-run.1.md
View File

@ -747,12 +747,18 @@ Network Namespace - current sysctls allowed:
Note: if you use the `--network=host` option these sysctls will not be allowed. Note: if you use the `--network=host` option these sysctls will not be allowed.
**--systemd**=*true|false* **--systemd**=*true|false|always*
Run container in systemd mode. The default is *true*. Run container in systemd mode. The default is *true*.
If the command you are running inside of the container is systemd or init, Podman The value *always* enforces the systemd mode is enforced without
will setup tmpfs mount points in the following directories: looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is systemd or
/usr/sbin/init.
If the command you are running inside of the container is systemd or
/usr/sbin/init, Podman will setup tmpfs mount points in the following
directories:
/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal /run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal

3
pkg/spec/createconfig.go
View File

@ -195,8 +195,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
if c.Interactive { if c.Interactive {
options = append(options, libpod.WithStdin()) options = append(options, libpod.WithStdin())
} }
if c.Systemd && (strings.HasSuffix(c.Command[0], "init") || if c.Systemd {
strings.HasSuffix(c.Command[0], "systemd")) {
options = append(options, libpod.WithSystemd()) options = append(options, libpod.WithSystemd())
} }
if c.Name != "" { if c.Name != "" {

2
test/e2e/systemd_test.go
View File

@ -94,7 +94,7 @@ WantedBy=multi-user.target
Expect(pull.ExitCode()).To(Equal(0)) Expect(pull.ExitCode()).To(Equal(0))
ctrName := "testSystemd" ctrName := "testSystemd"
run := podmanTest.Podman([]string{"run", "--name", ctrName, "-t", "-i", "-d", systemdImage, "init"}) run := podmanTest.Podman([]string{"run", "--name", ctrName, "-t", "-i", "-d", systemdImage, "/usr/sbin/init"})
run.WaitWithDefaultTimeout() run.WaitWithDefaultTimeout()
Expect(run.ExitCode()).To(Equal(0)) Expect(run.ExitCode()).To(Equal(0))
ctrID := run.OutputToString() ctrID := run.OutputToString()