diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-03-29 17:40:21 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-29 17:40:21 +0000 |
| commit | aa96cb6739303a4bf76aeb6395e8ef79ff8ef0ee (patch) | |
| tree | 99e4531c9d83b290dc6a74d8c16c26c44fb7a8c0 | |
| parent | 26b0ebd22f0a516eae9daf2439697f1f793894cc (diff) | |
| parent | c064acd78e418943edae8ec2998f855721157f30 (diff) | |
| download | podman-aa96cb6739303a4bf76aeb6395e8ef79ff8ef0ee.tar.gz podman-aa96cb6739303a4bf76aeb6395e8ef79ff8ef0ee.tar.bz2 podman-aa96cb6739303a4bf76aeb6395e8ef79ff8ef0ee.zip | |
Merge pull request #9855 from giuseppe/fix-service-race-condition
service: use LISTEN_FDS
| -rw-r--r-- | cmd/podman/system/service_abi.go | 30 | ||||
| -rw-r--r-- | pkg/rootless/rootless_linux.c | 11 |
2 files changed, 27 insertions, 14 deletions
diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 0e96e1fbb..9e8a9f9b4 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -24,16 +24,28 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti ) if opts.URI != "" { - fields := strings.Split(opts.URI, ":") - if len(fields) == 1 { - return errors.Errorf("%s is an invalid socket destination", opts.URI) + if os.Getenv("LISTEN_FDS") != "" { + // If it is activated by systemd, use the first LISTEN_FD (3) + // instead of opening the socket file. + f := os.NewFile(uintptr(3), "podman.sock") + l, err := net.FileListener(f) + if err != nil { + return err + } + listener = &l + } else { + fields := strings.Split(opts.URI, ":") + if len(fields) == 1 { + return errors.Errorf("%s is an invalid socket destination", opts.URI) + } + network := fields[0] + address := strings.Join(fields[1:], ":") + l, err := net.Listen(network, address) + if err != nil { + return errors.Wrapf(err, "unable to create socket") + } + listener = &l } - address := strings.Join(fields[1:], ":") - l, err := net.Listen(fields[0], address) - if err != nil { - return errors.Wrapf(err, "unable to create socket") - } - listener = &l } // Close stdin, so shortnames will not prompt diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index d93e4c10c..7a2bf0377 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -233,9 +233,8 @@ int is_fd_inherited(int fd) { if (open_files_set == NULL || fd > open_files_max_fd || fd < 0) - { return 0; - } + return FD_ISSET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])) ? 1 : 0; } @@ -633,9 +632,10 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path) close (user_ns); close (mnt_ns); - for (f = 3; f < open_files_max_fd; f++) - if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) + for (f = 3; f <= open_files_max_fd; f++) + if (is_fd_inherited (f)) close (f); + return pid; } @@ -813,13 +813,14 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re if (do_socket_activation) { long num_fds; + num_fds = strtol (listen_fds, NULL, 10); if (num_fds != LONG_MIN && num_fds != LONG_MAX) { int f; for (f = 3; f < num_fds + 3; f++) - if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) + if (is_fd_inherited (f)) close (f); } unsetenv ("LISTEN_PID"); |