Merge pull request #3084 from giuseppe/rootless-pause-process

rootless: use a pause process to keep namespaces alive

3 files changed, 52 insertions, 21 deletions

diff --git a/libpod/runtime.go b/libpod/runtime.go
index 18e9dfeb3..def7ba639 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -892,7 +892,11 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 		// we will need to access the storage.
 		if os.Geteuid() != 0 {
 			aliveLock.Unlock()
-			became, ret, err := rootless.BecomeRootInUserNS()
+			pausePid, err := util.GetRootlessPauseProcessPidPath()
+			if err != nil {
+				return errors.Wrapf(err, "could not get pause process pid file path")
+			}
+			became, ret, err := rootless.BecomeRootInUserNS(pausePid)
 			if err != nil {
 				return err
 			}
@@ -966,18 +970,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 	runtime.valid = true
 
 	if runtime.doMigrate {
-		if os.Geteuid() != 0 {
-			aliveLock.Unlock()
-			locked = false
-
-			became, ret, err := rootless.BecomeRootInUserNS()
-			if err != nil {
-				return err
-			}
-			if became {
-				os.Exit(ret)
-			}
-		}
 		if err := runtime.migrate(ctx); err != nil {
 			return err
 		}
diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go
index 0bb8e952f..e32e6edf6 100644
--- a/libpod/runtime_migrate.go
+++ b/libpod/runtime_migrate.go
@@ -1,13 +1,47 @@
+// +build linux
+
 package libpod
 
 import (
 	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
 	"path/filepath"
+	"strconv"
+	"syscall"
 
+	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
+func stopPauseProcess() error {
+	if rootless.IsRootless() {
+		pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+		if err != nil {
+			return errors.Wrapf(err, "could not get pause process pid file path")
+		}
+		data, err := ioutil.ReadFile(pausePidPath)
+		if err != nil {
+			if os.IsNotExist(err) {
+				return nil
+			}
+			return errors.Wrapf(err, "cannot read pause process pid file %s", pausePidPath)
+		}
+		pausePid, err := strconv.Atoi(string(data))
+		if err != nil {
+			return errors.Wrapf(err, "cannot parse pause pid file %s", pausePidPath)
+		}
+		if err := os.Remove(pausePidPath); err != nil {
+			return errors.Wrapf(err, "cannot delete pause pid file %s", pausePidPath)
+		}
+		syscall.Kill(pausePid, syscall.SIGKILL)
+	}
+	return nil
+}
+
 func (r *Runtime) migrate(ctx context.Context) error {
 	runningContainers, err := r.GetRunningContainers()
 	if err != nil {
@@ -21,7 +55,7 @@ func (r *Runtime) migrate(ctx context.Context) error {
 
 	logrus.Infof("stopping all containers")
 	for _, ctr := range runningContainers {
-		logrus.Infof("stopping %s", ctr.ID())
+		fmt.Printf("stopped %s\n", ctr.ID())
 		if err := ctr.Stop(); err != nil {
 			return errors.Wrapf(err, "cannot stop container %s", ctr.ID())
 		}
@@ -38,11 +72,5 @@ func (r *Runtime) migrate(ctx context.Context) error {
 		}
 	}
 
-	for _, ctr := range runningContainers {
-		if err := ctr.Start(ctx, true); err != nil {
-			logrus.Errorf("error restarting container %s", ctr.ID())
-		}
-	}
-
-	return nil
+	return stopPauseProcess()
 }
diff --git a/libpod/runtime_migrate_unsupported.go b/libpod/runtime_migrate_unsupported.go
new file mode 100644
index 000000000..1a9e46fdc
--- /dev/null
+++ b/libpod/runtime_migrate_unsupported.go
@@ -0,0 +1,11 @@
+// +build !linux
+
+package libpod
+
+import (
+	"context"
+)
+
+func (r *Runtime) migrate(ctx context.Context) error {
+	return nil
+}