container: Set primary process to 1 via LISTEN_PID by default if configuration is missing
#721
Conversation
flouthoc
force-pushed
the
set_listen_pid
branch
from
02d085d
to
649b273
Compare
|
@giuseppe PTAL |
flouthoc
force-pushed
the
set_listen_pid
branch
from
649b273
to
8cd3fc1
Compare
|
@vrothberg PTAL |
flouthoc
force-pushed
the
set_listen_pid
branch
from
8cd3fc1
to
fd2c5a6
Compare
src/libcrun/container.c
Outdated
| @@ -1187,6 +1187,13 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket, int sync_s | |||
| if (clearenv ()) | |||
| return crun_make_error (err, errno, "clearenv"); | |||
|
|
|||
| // set primary process to 1 explicitly if nothing is configured and LISTEN_FD is not set | |||
| if (getenv ("LISTEN_PID") == NULL && entrypoint_args->context->preserve_fds == 0) | |||
There was a problem hiding this comment.
it should also check for LISTEN_FDS to be set.
If LISTEN_FDS is not set, then we don't want to set LISTEN_PID
There was a problem hiding this comment.
the check should be entrypoint_args->context->preserve_fds > 0
There was a problem hiding this comment.
I concur, that's what runc does:
There was a problem hiding this comment.
@giuseppe ah I thought context->preserve_fds is always 0 when LISTEN_FDS is not set but let me confirm.
There was a problem hiding this comment.
@vrothberg @giuseppe fixed in latest commit.
flouthoc
force-pushed
the
set_listen_pid
branch
from
fd2c5a6
to
43b78fb
Compare
flouthoc
force-pushed
the
set_listen_pid
branch
from
43b78fb
to
7201016
Compare
|
I am a bit confused by the current implementation. It is adding a systemd specific feature and set the environment variable inside the container no matter how these fds are passed. runc does it only for file descriptors that are obtained through I think we would need to store the value of How have you tested this? Let's hold this PR after the release. |
flouthoc
force-pushed
the
set_listen_pid
branch
from
7201016
to
15630c5
Compare
|
@giuseppe Sure I could test this better then we could move this into separate release. |
|
@giuseppe We are mostly using |
I think we need to differentiate between the FDs added through LISTEN_FDS thus handled us by systemd, and the generic fds that can be passed through |
|
makes sense write now |
|
LGTM |
|
@vrothberg @rhatdan There is a change which is still pending which @giuseppe suggested #721 (comment) , I still have to add that. |
do we still need this PR given that we are addressing the issue in Podman anyway? |
|
Would it be useful if crun was launched via a different tool? Should it match runc behaviour? |
flouthoc
force-pushed
the
set_listen_pid
branch
2 times, most recently
from
e2e5867
to
682a3cf
Compare
src/libcrun/container.c
Outdated
| if (entrypoint_args->context->listen_fds > 0) | ||
| { | ||
| setenv ("LISTEN_PID", "1", 1); | ||
| libcrun_warning ("setting LISTEN_PID=1 since no previous configuration was found"); |
There was a problem hiding this comment.
don't we need to make sure the variable wasn't already set like: if (entrypoint_args->context->listen_fds > 0 && getenv ("LISTEN_PID") == NULL)?
I think at this point it is always unset, since we are calling it just after clearenv (). We need to make sure this code snippet is done below the other putenv and setenv.
I think this can be easily tested, and we can add a test for it.
There was a problem hiding this comment.
Yes it has to be below putenv(def->process->env[i]) and set_home_env making changes and adding tests as well.
… configuration is missing Adds a new field to context listen_fds which differentiates between the fds coming from preserve_fds and the ones coming from LISTEN_FDS if LISTEN_FDS is configured set primary process to 1. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
flouthoc
force-pushed
the
set_listen_pid
branch
from
682a3cf
to
44377aa
Compare
|
@giuseppe PTAL made relevant changes and added tests |
|
@rhatdan @vrothberg this is good to merge now. |
Following PR adds a default configuration of seting primary process to 1 via
LISTEN_PIDif configuration is missing.Following behavior is similar to runc.