Merge pull request #13950 from Luap99/systemd-activation

systemd socket activation: check listener
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2022-04-21 10:03:03 -0400
committer: GitHub <noreply@github.com> 2022-04-21 10:03:03 -0400
commit: bfb23363edf0716ce5610146c62723e5164182d0 (patch)
tree: 824cb5ab2c1efb0cf31de95f6bcd032768d48141
parent: de58f58ee6f76bf6e079fce999d4d0beeb17e797 (diff)
parent: eb71712626f96fc0a7e2803a6b6e6f82bec0a3a2 (diff)
download: podman-bfb23363edf0716ce5610146c62723e5164182d0.tar.gz
podman-bfb23363edf0716ce5610146c62723e5164182d0.tar.bz2
podman-bfb23363edf0716ce5610146c62723e5164182d0.zip
2 files changed, 14 insertions, 13 deletions
diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go
index d6b42ed29..f8abea3aa 100644
--- a/cmd/podman/system/service_abi.go
+++ b/cmd/podman/system/service_abi.go
@@ -23,7 +23,7 @@ import (
 
 func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error {
 	var (
-		listener *net.Listener
+		listener net.Listener
 		err      error
 	)
 
@@ -44,17 +44,15 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
 				// If it is activated by systemd, use the first LISTEN_FD (3)
 				// instead of opening the socket file.
 				f := os.NewFile(uintptr(3), "podman.sock")
-				l, err := net.FileListener(f)
+				listener, err = net.FileListener(f)
 				if err != nil {
 					return err
 				}
-				listener = &l
 			} else {
-				l, err := net.Listen(uri.Scheme, path)
+				listener, err = net.Listen(uri.Scheme, path)
 				if err != nil {
 					return errors.Wrapf(err, "unable to create socket")
 				}
-				listener = &l
 			}
 		case "tcp":
 			host := uri.Host
@@ -62,11 +60,10 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
 				// For backward compatibility, support "tcp:<host>:<port>" and "tcp://<host>:<port>"
 				host = uri.Opaque
 			}
-			l, err := net.Listen(uri.Scheme, host)
+			listener, err = net.Listen(uri.Scheme, host)
 			if err != nil {
 				return errors.Wrapf(err, "unable to create socket %v", host)
 			}
-			listener = &l
 		default:
 			logrus.Debugf("Attempting API Service endpoint scheme %q", uri.Scheme)
 		}
@@ -101,7 +98,7 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
 
 	err = server.Serve()
 	if listener != nil {
-		_ = (*listener).Close()
+		_ = listener.Close()
 	}
 	return err
 }
diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index 73740a6f9..a906a01f1 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -60,11 +60,11 @@ func NewServer(runtime *libpod.Runtime) (*APIServer, error) {
 }
 
 // NewServerWithSettings will create and configure a new API server using provided settings
-func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
+func NewServerWithSettings(runtime *libpod.Runtime, listener net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
 	return newServer(runtime, listener, opts)
 }
 
-func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
+func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
 	// If listener not provided try socket activation protocol
 	if listener == nil {
 		if _, found := os.LookupEnv("LISTEN_PID"); !found {
@@ -78,7 +78,11 @@ func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.Se
 		if len(listeners) != 1 {
 			return nil, fmt.Errorf("wrong number of file descriptors for socket activation protocol (%d != 1)", len(listeners))
 		}
-		listener = &listeners[0]
+		listener = listeners[0]
+		// note that activation.Listeners() return nil when it cannot listen on the fd (i.e. udp connection)
+		if listener == nil {
+			return nil, fmt.Errorf("unexpected fd received from systemd: cannot listen on it")
+		}
 	}
 	if opts.CorsHeaders == "" {
 		logrus.Debug("CORS Headers were not set")
@@ -86,7 +90,7 @@ func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.Se
 		logrus.Debugf("CORS Headers were set to %q", opts.CorsHeaders)
 	}
 
-	logrus.Infof("API service listening on %q", (*listener).Addr())
+	logrus.Infof("API service listening on %q", listener.Addr())
 	router := mux.NewRouter().UseEncodedPath()
 	tracker := idle.NewTracker(opts.Timeout)
 
@@ -101,7 +105,7 @@ func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.Se
 			IdleTimeout: opts.Timeout * 2,
 		},
 		CorsHeaders: opts.CorsHeaders,
-		Listener:    *listener,
+		Listener:    listener,
 		PProfAddr:   opts.PProfAddr,
 		idleTracker: tracker,
 	}
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2022-04-21 10:03:03 -0400
committer	GitHub <noreply@github.com>	2022-04-21 10:03:03 -0400
commit	bfb23363edf0716ce5610146c62723e5164182d0 (patch)
tree	824cb5ab2c1efb0cf31de95f6bcd032768d48141
parent	de58f58ee6f76bf6e079fce999d4d0beeb17e797 (diff)
parent	eb71712626f96fc0a7e2803a6b6e6f82bec0a3a2 (diff)
download	podman-bfb23363edf0716ce5610146c62723e5164182d0.tar.gz podman-bfb23363edf0716ce5610146c62723e5164182d0.tar.bz2 podman-bfb23363edf0716ce5610146c62723e5164182d0.zip