diff options
| -rwxr-xr-x | contrib/build_rpm.sh | 7 | ||||
| -rw-r--r-- | pkg/rootless/rootless_linux.c | 51 | ||||
| -rw-r--r-- | pkg/rootless/rootless_linux.go | 2 | ||||
| -rw-r--r-- | test/apiv2/01-basic.at | 15 | ||||
| -rw-r--r-- | test/apiv2/40-pods.at | 26 | ||||
| -rwxr-xr-x | test/apiv2/test-apiv2 | 2 |
6 files changed, 74 insertions, 29 deletions
diff --git a/contrib/build_rpm.sh b/contrib/build_rpm.sh index e6acbdb15..de6941199 100755 --- a/contrib/build_rpm.sh +++ b/contrib/build_rpm.sh @@ -46,8 +46,13 @@ if [[ $pkg_manager == *dnf ]]; then ) fi +# Package name on fedora 30 is golang-github-cpuguy83-go-md2man +if (grep -i 'Fedora' /etc/redhat-release | grep " 30" ) ; then + PKGS+=(golang-github-cpuguy83-go-md2man \ + btrfs-progs-devel \ + ) # btrfs-progs-devel is not available in CentOS/RHEL-8 -if ! (grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep " 8" ); then +elif ! (grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep " 8" ) ; then PKGS+=(golang-github-cpuguy83-md2man \ btrfs-progs-devel \ ) diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 83f4f3254..db898e706 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -58,7 +58,7 @@ static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces"; static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone"; static int open_files_max_fd; -fd_set open_files_set; +static fd_set *open_files_set; static uid_t rootless_uid_init; static gid_t rootless_gid_init; @@ -240,17 +240,39 @@ static void __attribute__((constructor)) init() if (d) { struct dirent *ent; + size_t size = 0; - FD_ZERO (&open_files_set); for (ent = readdir (d); ent; ent = readdir (d)) { - int fd = atoi (ent->d_name); - if (fd != dirfd (d)) + int fd; + + if (ent->d_name[0] == '.') + continue; + + fd = atoi (ent->d_name); + if (fd == dirfd (d)) + continue; + + if (fd >= size * FD_SETSIZE) { - if (fd > open_files_max_fd) - open_files_max_fd = fd; - FD_SET (fd, &open_files_set); + int i; + size_t new_size; + + new_size = (fd / FD_SETSIZE) + 1; + open_files_set = realloc (open_files_set, new_size * sizeof (fd_set)); + if (open_files_set == NULL) + _exit (EXIT_FAILURE); + + for (i = size; i < new_size; i++) + FD_ZERO (&(open_files_set[i])); + + size = new_size; } + + if (fd > open_files_max_fd) + open_files_max_fd = fd; + + FD_SET (fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])); } closedir (d); } @@ -553,10 +575,8 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path) /* We passed down these fds, close them. */ int f; for (f = 3; f < open_files_max_fd; f++) - { - if (FD_ISSET (f, &open_files_set)) - close (f); - } + if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) + close (f); return pid; } @@ -747,10 +767,11 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re num_fds = strtol (listen_fds, NULL, 10); if (num_fds != LONG_MIN && num_fds != LONG_MAX) { - long i; - for (i = 3; i < num_fds + 3; i++) - if (FD_ISSET (i, &open_files_set)) - close (i); + int f; + + for (f = 3; f < num_fds + 3; f++) + if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) + close (f); } unsetenv ("LISTEN_PID"); unsetenv ("LISTEN_FDS"); diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index f71d55776..5ddfab7ad 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -510,7 +510,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st } } } - if !foundProcess { + if !foundProcess && pausePidPath != "" { return BecomeRootInUserNS(pausePidPath) } if lastErr != nil { diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at index a54063260..b8a049cdf 100644 --- a/test/apiv2/01-basic.at +++ b/test/apiv2/01-basic.at @@ -47,4 +47,19 @@ t GET info 200 \ .DefaultRuntime=runc \ .MemTotal~[0-9]\\+ +# Timing: make sure server stays responsive +t0=$SECONDS +for i in $(seq 1 10); do + # FIXME: someday: refactor t(), separate out the 'curl' logic so we + # can call it directly. Then we won't get ten annoying 'ok' lines. + t GET info 200 +done +t1=$SECONDS +delta_t=$((t1 - t2)) +if [ $delta_t -le 5 ]; then + _show_ok 1 "Time for ten /info requests ($delta_t seconds) <= 5s" +else + _show_ok 0 "Time for ten /info requests" "<= 5 seconds" "$delta_t seconds" +fi + # vim: filetype=sh diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at index 705de94d2..8b5651cff 100644 --- a/test/apiv2/40-pods.at +++ b/test/apiv2/40-pods.at @@ -3,18 +3,20 @@ # test pod-related endpoints # -# FIXME! Shouldn't /create give an actual pod ID? -expected_id='machine.slice' -if rootless; then - expected_id=/libpod_parent -fi - t GET libpod/pods/json 200 null -t POST libpod/pods/create name=foo 201 .id=$expected_id +t POST libpod/pods/create name=foo 201 .id~[0-9a-f]\\{64\\} +pod_id=$(jq -r .id <<<"$output") t GET libpod/pods/foo/exists 204 +t GET libpod/pods/$pod_id/exists 204 t GET libpod/pods/notfoo/exists 404 -t GET libpod/pods/foo/json 200 .Config.name=foo .Containers=null -t GET libpod/pods/json 200 .[0].Config.name=foo .[0].Containers=null +t GET libpod/pods/foo/json 200 \ + .Config.name=foo \ + .Config.id=$pod_id \ + .Containers=null +t GET libpod/pods/json 200 \ + .[0].Config.name=foo \ + .[0].Config.id=$pod_id \ + .[0].Containers=null # Cannot create a dup pod with the same name t POST libpod/pods/create name=foo 409 .cause="pod already exists" @@ -35,8 +37,10 @@ t POST libpod/pods/foo/restart '' 500 .cause="no such container" t POST libpod/pods/bar/restart '' 404 -#t POST libpod/pods/prune '' 200 # FIXME: unimplemented, returns 500 -#t POST libpod/pods/prune 'a=b' 400 # FIXME: unimplemented, returns 500 +# FIXME: I'm not sure what 'prune' is supposed to do; as of 20200224 it +# just returns 200 (ok) with empty result list. +#t POST libpod/pods/prune '' 200 # FIXME: 2020-02-24 returns 200 {} +#t POST libpod/pods/prune 'a=b' 400 # FIXME: 2020-02-24 returns 200 # Clean up; and try twice, making sure that the second time fails t DELETE libpod/pods/foo 204 diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index fffd7b085..bc2ed142c 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -253,7 +253,7 @@ function start_service() { die "Cannot start service on non-localhost ($HOST)" fi - $PODMAN_BIN --root $WORKDIR system service --timeout 15000 tcp:127.0.0.1:$PORT \ + $PODMAN_BIN --root $WORKDIR system service --timeout 15 tcp:127.0.0.1:$PORT \ &> $WORKDIR/server.log & service_pid=$! |