diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-03-24 19:05:44 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-24 19:05:44 +0100 |
commit | e657c7a170f3ed35d56d099c5c7c15c84374c4f2 (patch) | |
tree | 0a0f013d472cf6c4ccf26b25e3be0e19b9cee8d5 | |
parent | b6c713f4d7cbf039ec2c0abcb15d2307c639b026 (diff) | |
parent | 5e28cbc5fcdd89fc3623fe2324d7ba7fa6117d21 (diff) | |
download | podman-e657c7a170f3ed35d56d099c5c7c15c84374c4f2.tar.gz podman-e657c7a170f3ed35d56d099c5c7c15c84374c4f2.tar.bz2 podman-e657c7a170f3ed35d56d099c5c7c15c84374c4f2.zip |
Merge pull request #13622 from rhatdan/systemd1
When running systemd in a container set container_uuid
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 23 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 29 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 10 | ||||
-rw-r--r-- | test/system/250-systemd.bats | 7 |
4 files changed, 46 insertions, 23 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 7ef5cb2d3..a85ad9200 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1037,15 +1037,20 @@ Run container in systemd mode. The default is *true*. The value *always* enforces the systemd mode is enforced without looking at the executable name. Otherwise, if set to true and the -command you are running inside the container is systemd, /usr/sbin/init, -/sbin/init or /usr/local/sbin/init. - -If the command you are running inside of the container is systemd, -Podman will setup tmpfs mount points in the following directories: - -/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal - -It will also set the default stop signal to SIGRTMIN+3. +command you are running inside the container is **systemd**, **/usr/sbin/init**, +**/sbin/init** or **/usr/local/sbin/init**. + +Running the container in systemd mode causes the following changes: + +* Podman mounts tmpfs file systems on the following directories + * _/run_ + * _/run/lock_ + * _/tmp_ + * _/sys/fs/cgroup/systemd_ + * _/var/lib/journal_ +* Podman sets the default stop signal to **SIGRTMIN+3**. +* Podman sets **container_uuid** environment variable in the container to the +first 32 characters of the container id. This allows systemd to run in a confined container without any modifications. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index ffe84e287..616635c69 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1098,20 +1098,21 @@ Note: if you use the **--network=host** option, these sysctls will not be allowe Run container in systemd mode. The default is **true**. The value *always* enforces the systemd mode is enforced without -looking at the executable name. Otherwise, if set to **true** and the -command you are running inside the container is systemd, _/usr/sbin/init_, -_/sbin/init_ or _/usr/local/sbin/init_. - -If the command you are running inside of the container is systemd -Podman will setup tmpfs mount points in the following directories: - -- _/run_ -- _/run/lock_ -- _/tmp_ -- _/sys/fs/cgroup/systemd_ -- _/var/lib/journal_ - -It will also set the default stop signal to **SIGRTMIN+3**. +looking at the executable name. Otherwise, if set to true and the +command you are running inside the container is **systemd**, **/usr/sbin/init**, +**/sbin/init** or **/usr/local/sbin/init**. + +Running the container in systemd mode causes the following changes: + +* Podman mounts tmpfs file systems on the following directories + * _/run_ + * _/run/lock_ + * _/tmp_ + * _/sys/fs/cgroup/systemd_ + * _/var/lib/journal_ +* Podman sets the default stop signal to **SIGRTMIN+3**. +* Podman sets **container_uuid** environment variable in the container to the +first 32 characters of the container id. This allows systemd to run in a confined container without any modifications. diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 4d6922d73..11ca169ca 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -968,6 +968,16 @@ func (c *Container) mountNotifySocket(g generate.Generator) error { // systemd expects to have /run, /run/lock and /tmp on tmpfs // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error { + var containerUUIDSet bool + for _, s := range c.config.Spec.Process.Env { + if strings.HasPrefix(s, "container_uuid=") { + containerUUIDSet = true + break + } + } + if !containerUUIDSet { + g.AddProcessEnv("container_uuid", c.ID()[:32]) + } options := []string{"rw", "rprivate", "nosuid", "nodev"} for _, dest := range []string{"/run", "/run/lock"} { if MountExists(mounts, dest) { diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 3847d9510..6c72e14e8 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -281,6 +281,13 @@ LISTEN_FDNAMES=listen_fdnames" | sort) is "$output" "" "output should be empty" } +@test "podman --systemd sets container_uuid" { + run_podman run --systemd=always --name test $IMAGE printenv container_uuid + container_uuid=$output + run_podman inspect test --format '{{ .ID }}' + is "${container_uuid}" "${output:0:32}" "UUID should be first 32 chars of Container id" +} + # https://github.com/containers/podman/issues/13153 @test "podman rootless-netns slirp4netns process should be in different cgroup" { is_rootless || skip "only meaningful for rootless" |