rootless: use a pause process

use a pause process to keep the user and mount namespace alive.

The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.

This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.

As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

2 files changed, 16 insertions, 0 deletions

diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go
index 8b98658c2..3d9140a23 100644
--- a/pkg/util/utils_supported.go
+++ b/pkg/util/utils_supported.go
@@ -82,3 +82,13 @@ func GetRootlessRuntimeDir() (string, error) {
 	}
 	return rootlessRuntimeDir, nil
 }
+
+// GetRootlessPauseProcessPidPath returns the path to the file that holds the pid for
+// the pause process
+func GetRootlessPauseProcessPidPath() (string, error) {
+	runtimeDir, err := GetRootlessRuntimeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(runtimeDir, "libpod", "pause.pid"), nil
+}
diff --git a/pkg/util/utils_windows.go b/pkg/util/utils_windows.go
index b33733da9..3faa6f10c 100644
--- a/pkg/util/utils_windows.go
+++ b/pkg/util/utils_windows.go
@@ -15,3 +15,9 @@ func GetRootlessRuntimeDir() (string, error) {
 func IsCgroup2UnifiedMode() (bool, error) {
 	return false, errors.New("this function is not implemented for windows")
 }
+
+// GetRootlessPauseProcessPidPath returns the path to the file that holds the pid for
+// the pause process
+func GetRootlessPauseProcessPidPath() (string, error) {
+	return "", errors.New("this function is not implemented for windows")
+}