rootlessport: reduce memory usage of the process

Don't use reexec for the rootlessport process, instead make it a
separate binary to reduce the memory usage. The problem with reexec is
that it will import all packages that podman uses and therefore loads a
lot of stuff into the heap. The rootlessport process however only needs
the rootlesskit library.
The memory usage is a concern since the rootlessport process will spawn
two process per container which has ports forwarded. The processes stay
until the container dies. On my laptop the current reexec version uses
47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is
more than a 90% improvement.

The Makefile has been updated to compile the new binary and install it
to the libexec directory.

Fixes #10790

[NO TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

1 files changed, 7 insertions, 3 deletions

diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index 46cda89a9..ffd53ec2b 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -484,10 +484,14 @@ func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath strin
 	}
 	cfgR := bytes.NewReader(cfgJSON)
 	var stdout bytes.Buffer
-	cmd := exec.Command(fmt.Sprintf("/proc/%d/exe", os.Getpid()))
-	cmd.Args = []string{rootlessport.ReexecKey}
-	// Leak one end of the pipe in rootlessport process, the other will be sent to conmon
+	path, err := r.config.FindHelperBinary(rootlessport.BinaryName, false)
+	if err != nil {
+		return err
+	}
+	cmd := exec.Command(path)
+	cmd.Args = []string{rootlessport.BinaryName}
 
+	// Leak one end of the pipe in rootlessport process, the other will be sent to conmon
 	if ctr.rootlessPortSyncR != nil {
 		defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR)
 	}