aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2022-03-23 14:12:07 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2022-03-23 15:05:30 -0400
commit5e28cbc5fcdd89fc3623fe2324d7ba7fa6117d21 (patch)
tree9b88539a5407c6f9f1d3268412b91a0aac0ac83e
parentf049cba47c31d31a4a8ed9a9180f0e847be3411c (diff)
downloadpodman-5e28cbc5fcdd89fc3623fe2324d7ba7fa6117d21.tar.gz
podman-5e28cbc5fcdd89fc3623fe2324d7ba7fa6117d21.tar.bz2
podman-5e28cbc5fcdd89fc3623fe2324d7ba7fa6117d21.zip
When running systemd in a container set container_uuid
systemd expects the container_uuid environment variable be set when it is running in a container. Fixes: https://github.com/containers/podman/issues/13187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--docs/source/markdown/podman-create.1.md23
-rw-r--r--docs/source/markdown/podman-run.1.md29
-rw-r--r--libpod/container_internal_linux.go10
-rw-r--r--test/system/250-systemd.bats7
4 files changed, 46 insertions, 23 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 506f575fe..1f0d485ca 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -1020,15 +1020,20 @@ Run container in systemd mode. The default is *true*.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is systemd, /usr/sbin/init,
-/sbin/init or /usr/local/sbin/init.
-
-If the command you are running inside of the container is systemd,
-Podman will setup tmpfs mount points in the following directories:
-
-/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
-
-It will also set the default stop signal to SIGRTMIN+3.
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
+
+Running the container in systemd mode causes the following changes:
+
+* Podman mounts tmpfs file systems on the following directories
+ * _/run_
+ * _/run/lock_
+ * _/tmp_
+ * _/sys/fs/cgroup/systemd_
+ * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 7fa7bda30..03e46bf85 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -1082,20 +1082,21 @@ Note: if you use the **--network=host** option, these sysctls will not be allowe
Run container in systemd mode. The default is **true**.
The value *always* enforces the systemd mode is enforced without
-looking at the executable name. Otherwise, if set to **true** and the
-command you are running inside the container is systemd, _/usr/sbin/init_,
-_/sbin/init_ or _/usr/local/sbin/init_.
-
-If the command you are running inside of the container is systemd
-Podman will setup tmpfs mount points in the following directories:
-
-- _/run_
-- _/run/lock_
-- _/tmp_
-- _/sys/fs/cgroup/systemd_
-- _/var/lib/journal_
-
-It will also set the default stop signal to **SIGRTMIN+3**.
+looking at the executable name. Otherwise, if set to true and the
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
+
+Running the container in systemd mode causes the following changes:
+
+* Podman mounts tmpfs file systems on the following directories
+ * _/run_
+ * _/run/lock_
+ * _/tmp_
+ * _/sys/fs/cgroup/systemd_
+ * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 4d6922d73..11ca169ca 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -968,6 +968,16 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
// systemd expects to have /run, /run/lock and /tmp on tmpfs
// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
+ var containerUUIDSet bool
+ for _, s := range c.config.Spec.Process.Env {
+ if strings.HasPrefix(s, "container_uuid=") {
+ containerUUIDSet = true
+ break
+ }
+ }
+ if !containerUUIDSet {
+ g.AddProcessEnv("container_uuid", c.ID()[:32])
+ }
options := []string{"rw", "rprivate", "nosuid", "nodev"}
for _, dest := range []string{"/run", "/run/lock"} {
if MountExists(mounts, dest) {
diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats
index 3847d9510..6c72e14e8 100644
--- a/test/system/250-systemd.bats
+++ b/test/system/250-systemd.bats
@@ -281,6 +281,13 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
is "$output" "" "output should be empty"
}
+@test "podman --systemd sets container_uuid" {
+ run_podman run --systemd=always --name test $IMAGE printenv container_uuid
+ container_uuid=$output
+ run_podman inspect test --format '{{ .ID }}'
+ is "${container_uuid}" "${output:0:32}" "UUID should be first 32 chars of Container id"
+}
+
# https://github.com/containers/podman/issues/13153
@test "podman rootless-netns slirp4netns process should be in different cgroup" {
is_rootless || skip "only meaningful for rootless"