opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-31 10:00:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/pkg/systemd/generate/common.go
Paul Holzinger 6a9338ad6c podman generate systemd: handle --sdnotify correctly 
When a container was created with `--sdnotify value` we would remove
this arg instead of using it like with `--sdnotfiy=value`.

Also when the arg is set to ignore we should force conmon in order to
make the resulting Type=notify units work.

Fixes #15052

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-07-25 14:16:17 +02:00

172 lines
5.3 KiB
Go
Raw Blame History

package generate
import (
"fmt"
"strconv"
"strings"
"github.com/containers/podman/v4/pkg/systemd/define"
)
// minTimeoutStopSec is the minimal stop timeout for generated systemd units.
// Once exceeded, processes of the services are killed and the cgroup(s) are
// cleaned up.
const minTimeoutStopSec = 60
// validateRestartPolicy checks that the user-provided policy is valid.
func validateRestartPolicy(restart string) error {
for _, i := range define.RestartPolicies {
if i == restart {
return nil
}
}
return fmt.Errorf("%s is not a valid restart policy", restart)
}
const headerTemplate = `# {{{{.ServiceName}}}}{{{{- if (eq .IdentifySpecifier true) }}}}@{{{{- end}}}}.service
{{{{- if (eq .GenerateNoHeader false) }}}}
# autogenerated by Podman {{{{.PodmanVersion}}}}
{{{{- if .TimeStamp}}}}
# {{{{.TimeStamp}}}}
{{{{- end}}}}
{{{{- end}}}}
[Unit]
Description=Podman {{{{.ServiceName}}}}.service{{{{- if (eq .IdentifySpecifier true) }}}} for %I{{{{- end}}}}
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor={{{{.RunRoot}}}}
`
// filterPodFlags removes --pod, --pod-id-file and --infra-conmon-pidfile from the specified command.
// argCount is the number of last arguments which should not be filtered, e.g. the container entrypoint.
func filterPodFlags(command []string, argCount int) []string {
processed := make([]string, 0, len(command))
for i := 0; i < len(command)-argCount; i++ {
s := command[i]
if s == "--pod" || s == "--pod-id-file" || s == "--infra-conmon-pidfile" {
i++
continue
}
if strings.HasPrefix(s, "--pod=") ||
strings.HasPrefix(s, "--pod-id-file=") ||
strings.HasPrefix(s, "--infra-conmon-pidfile=") {
continue
}
processed = append(processed, s)
}
processed = append(processed, command[len(command)-argCount:]...)
return processed
}
// filterCommonContainerFlags removes --sdnotify, --rm and --cgroups from the specified command.
// argCount is the number of last arguments which should not be filtered, e.g. the container entrypoint.
func filterCommonContainerFlags(command []string, argCount int) []string {
processed := make([]string, 0, len(command))
for i := 0; i < len(command)-argCount; i++ {
s := command[i]
switch {
case s == "--rm":
// Boolean flags support --flag and --flag={true,false}.
continue
case s == "--cgroups", s == "--cidfile", s == "--restart":
i++
continue
case strings.HasPrefix(s, "--rm="),
strings.HasPrefix(s, "--cgroups="),
strings.HasPrefix(s, "--cidfile="),
strings.HasPrefix(s, "--restart="):
continue
}
processed = append(processed, s)
}
processed = append(processed, command[len(command)-argCount:]...)
return processed
}
// escapeSystemdArguments makes sure that all arguments with at least one whitespace
// are quoted to make sure those are interpreted as one argument instead of
// multiple ones. Also make sure to escape all characters which have a special
// meaning to systemd -> $,% and \
// see: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines
func escapeSystemdArguments(command []string) []string {
for i := range command {
command[i] = escapeSystemdArg(command[i])
}
return command
}
func escapeSystemdArg(arg string) string {
arg = strings.ReplaceAll(arg, "$", "$$")
arg = strings.ReplaceAll(arg, "%", "%%")
if strings.ContainsAny(arg, " \t\"") {
arg = strconv.Quote(arg)
} else if strings.Contains(arg, `\`) {
// strconv.Quote also escapes backslashes so
// we should replace only if strconv.Quote was not used
arg = strings.ReplaceAll(arg, `\`, `\\`)
}
return arg
}
func removeSdNotifyArg(args []string, argCount int) []string {
processed := make([]string, 0, len(args))
for i := 0; i < len(args)-argCount; i++ {
s := args[i]
switch {
case s == "--sdnotify":
i++
continue
case strings.HasPrefix(s, "--sdnotify="):
continue
}
processed = append(processed, s)
}
processed = append(processed, args[len(args)-argCount:]...)
return processed
}
func removeDetachArg(args []string, argCount int) []string {
// "--detach=false" could also be in the container entrypoint
// split them off so we do not remove it there
realArgs := args[len(args)-argCount:]
flagArgs := removeArg("-d=false", args[:len(args)-argCount])
flagArgs = removeArg("--detach=false", flagArgs)
return append(flagArgs, realArgs...)
}
func removeReplaceArg(args []string, argCount int) []string {
// "--replace=false" could also be in the container entrypoint
// split them off so we do not remove it there
realArgs := args[len(args)-argCount:]
flagArgs := removeArg("--replace=false", args[:len(args)-argCount])
return append(flagArgs, realArgs...)
}
func removeArg(arg string, args []string) []string {
newArgs := []string{}
for _, a := range args {
if a != arg {
newArgs = append(newArgs, a)
}
}
return newArgs
}
// This function is used to get name of systemd service from prefix, separator, and
// container/pod name. If prefix is empty, the service name does not include the
// separator. This is to avoid a situation where service name starts with the separator
// which is usually hyphen.
func getServiceName(prefix string, separator string, name string) string {
serviceName := name
if len(prefix) > 0 {
serviceName = prefix + separator + name
}
return serviceName
}
Reference in New Issue View Git Blame Copy Permalink