diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container.go | 4 | ||||
| -rw-r--r-- | libpod/container_config.go | 2 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 2 | ||||
| -rw-r--r-- | libpod/container_internal.go | 5 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 5 | ||||
| -rw-r--r-- | libpod/container_validate.go | 4 | ||||
| -rw-r--r-- | libpod/define/config.go | 7 | ||||
| -rw-r--r-- | libpod/define/container_inspect.go | 4 | ||||
| -rw-r--r-- | libpod/define/sdnotify.go | 20 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 11 | ||||
| -rw-r--r-- | libpod/options.go | 24 |
11 files changed, 54 insertions, 34 deletions
diff --git a/libpod/container.go b/libpod/container.go index 4e2d93860..6c05b1084 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -124,10 +124,6 @@ type Container struct { // This is true if a container is restored from a checkpoint. restoreFromCheckpoint bool - // Used to query the NOTIFY_SOCKET once along with setting up - // mounts etc. - notifySocket string - slirp4netnsSubnet *net.IPNet } diff --git a/libpod/container_config.go b/libpod/container_config.go index 544c45a8c..bd9816651 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -386,6 +386,8 @@ type ContainerMiscConfig struct { IsService bool `json:"isService"` // SdNotifyMode tells libpod what to do with a NOTIFY_SOCKET if passed SdNotifyMode string `json:"sdnotifyMode,omitempty"` + // SdNotifySocket stores NOTIFY_SOCKET in use by the container + SdNotifySocket string `json:"sdnotifySocket,omitempty"` // Systemd tells libpod to set up the container in systemd mode, a value of nil denotes false Systemd *bool `json:"systemd,omitempty"` // HealthCheckConfig has the health check command and related timings diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index fa2130a28..5e2ab2818 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -414,6 +414,8 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp ctrConfig.Passwd = c.config.Passwd ctrConfig.ChrootDirs = append(ctrConfig.ChrootDirs, c.config.ChrootDirs...) + ctrConfig.SdNotifyMode = c.config.SdNotifyMode + ctrConfig.SdNotifySocket = c.config.SdNotifySocket return ctrConfig } diff --git a/libpod/container_internal.go b/libpod/container_internal.go index bad68991b..7cef067b0 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -31,6 +31,7 @@ import ( "github.com/containers/podman/v4/pkg/lookup" "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/selinux" + "github.com/containers/podman/v4/pkg/systemd/notifyproxy" "github.com/containers/podman/v4/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" @@ -1224,9 +1225,9 @@ func (c *Container) start() error { payload += "\n" payload += daemon.SdNotifyReady } - if sent, err := daemon.SdNotify(false, payload); err != nil { + if err := notifyproxy.SendMessage(c.config.SdNotifySocket, payload); err != nil { logrus.Errorf("Notifying systemd of Conmon PID: %s", err.Error()) - } else if sent { + } else { logrus.Debugf("Notify sent successfully") } } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 64e0af284..3c77cb18c 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -971,12 +971,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { // and if the sdnotify mode is set to container. It also sets c.notifySocket // to avoid redundantly looking up the env variable. func (c *Container) mountNotifySocket(g generate.Generator) error { - notify, ok := os.LookupEnv("NOTIFY_SOCKET") - if !ok { + if c.config.SdNotifySocket == "" { return nil } - c.notifySocket = notify - if c.config.SdNotifyMode != define.SdNotifyModeContainer { return nil } diff --git a/libpod/container_validate.go b/libpod/container_validate.go index e280c60d2..da33f6db7 100644 --- a/libpod/container_validate.go +++ b/libpod/container_validate.go @@ -133,5 +133,9 @@ func (c *Container) validate() error { if len(c.config.InitContainerType) > 0 && len(c.config.Pod) < 1 { return fmt.Errorf("init containers must be created in a pod: %w", define.ErrInvalidArg) } + + if c.config.SdNotifyMode == define.SdNotifyModeIgnore && len(c.config.SdNotifySocket) > 0 { + return fmt.Errorf("cannot set sd-notify socket %q with sd-notify mode %q", c.config.SdNotifySocket, c.config.SdNotifyMode) + } return nil } diff --git a/libpod/define/config.go b/libpod/define/config.go index 0181bd31c..34c1a675d 100644 --- a/libpod/define/config.go +++ b/libpod/define/config.go @@ -81,13 +81,6 @@ const NoLogging = "none" // PassthroughLogging is the string conmon expects when specifying to use the passthrough driver const PassthroughLogging = "passthrough" -// Strings used for --sdnotify option to podman -const ( - SdNotifyModeContainer = "container" - SdNotifyModeConmon = "conmon" - SdNotifyModeIgnore = "ignore" -) - // DefaultRlimitValue is the value set by default for nofile and nproc const RLimitDefaultValue = uint64(1048576) diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index e6a34ba61..5982d684c 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -79,6 +79,10 @@ type InspectContainerConfig struct { // treated as root directories. Standard bind mounts will be mounted // into paths relative to these directories. ChrootDirs []string `json:"ChrootDirs,omitempty"` + // SdNotifyMode is the sd-notify mode of the container. + SdNotifyMode string `json:"sdNotifyMode,omitempty"` + // SdNotifySocket is the NOTIFY_SOCKET in use by/configured for the container. + SdNotifySocket string `json:"sdNotifySocket,omitempty"` } // InspectRestartPolicy holds information about the container's restart policy. diff --git a/libpod/define/sdnotify.go b/libpod/define/sdnotify.go new file mode 100644 index 000000000..1d548c764 --- /dev/null +++ b/libpod/define/sdnotify.go @@ -0,0 +1,20 @@ +package define + +import "fmt" + +// Strings used for --sdnotify option to podman +const ( + SdNotifyModeContainer = "container" + SdNotifyModeConmon = "conmon" + SdNotifyModeIgnore = "ignore" +) + +// ValidateSdNotifyMode validates the specified mode. +func ValidateSdNotifyMode(mode string) error { + switch mode { + case "", SdNotifyModeContainer, SdNotifyModeConmon, SdNotifyModeIgnore: + return nil + default: + return fmt.Errorf("%w: invalid sdnotify value %q: must be %s, %s or %s", ErrInvalidArg, mode, SdNotifyModeContainer, SdNotifyModeConmon, SdNotifyModeIgnore) + } +} diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index cb76de72c..1b654ed33 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1062,8 +1062,8 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co args := r.sharedConmonArgs(ctr, ctr.ID(), ctr.bundlePath(), pidfile, ctr.LogPath(), r.exitsDir, ociLog, ctr.LogDriver(), logTag) - if ctr.config.SdNotifyMode == define.SdNotifyModeContainer && ctr.notifySocket != "" { - args = append(args, fmt.Sprintf("--sdnotify-socket=%s", ctr.notifySocket)) + if ctr.config.SdNotifyMode == define.SdNotifyModeContainer && ctr.config.SdNotifySocket != "" { + args = append(args, fmt.Sprintf("--sdnotify-socket=%s", ctr.config.SdNotifySocket)) } if ctr.config.Spec.Process.Terminal { @@ -1391,14 +1391,13 @@ func startCommand(cmd *exec.Cmd, ctr *Container) error { // Make sure to unset the NOTIFY_SOCKET and reset it afterwards if needed. switch ctr.config.SdNotifyMode { case define.SdNotifyModeContainer, define.SdNotifyModeIgnore: - if ctr.notifySocket != "" { + if prev := os.Getenv("NOTIFY_SOCKET"); prev != "" { if err := os.Unsetenv("NOTIFY_SOCKET"); err != nil { logrus.Warnf("Error unsetting NOTIFY_SOCKET %v", err) } - defer func() { - if err := os.Setenv("NOTIFY_SOCKET", ctr.notifySocket); err != nil { - logrus.Errorf("Resetting NOTIFY_SOCKET=%s", ctr.notifySocket) + if err := os.Setenv("NOTIFY_SOCKET", prev); err != nil { + logrus.Errorf("Resetting NOTIFY_SOCKET=%s", prev) } }() } diff --git a/libpod/options.go b/libpod/options.go index b31cb4ab2..43ed1ff78 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -6,14 +6,12 @@ import ( "net" "os" "path/filepath" - "strings" "syscall" "github.com/containers/buildah/pkg/parse" nettypes "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/secrets" - cutil "github.com/containers/common/pkg/util" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/containers/podman/v4/libpod/define" @@ -29,12 +27,6 @@ import ( "github.com/sirupsen/logrus" ) -// Runtime Creation Options -var ( - // SdNotifyModeValues describes the only values that SdNotifyMode can be - SdNotifyModeValues = []string{define.SdNotifyModeContainer, define.SdNotifyModeConmon, define.SdNotifyModeIgnore} -) - // WithStorageConfig uses the given configuration to set up container storage. // If this is not specified, the system default configuration will be used // instead. @@ -613,6 +605,17 @@ func WithSystemd() CtrCreateOption { } } +// WithSdNotifySocket sets the sd-notify of the container +func WithSdNotifySocket(socketPath string) CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrCtrFinalized + } + ctr.config.SdNotifySocket = socketPath + return nil + } +} + // WithSdNotifyMode sets the sd-notify method func WithSdNotifyMode(mode string) CtrCreateOption { return func(ctr *Container) error { @@ -620,9 +623,8 @@ func WithSdNotifyMode(mode string) CtrCreateOption { return define.ErrCtrFinalized } - // verify values - if len(mode) > 0 && !cutil.StringInSlice(strings.ToLower(mode), SdNotifyModeValues) { - return fmt.Errorf("--sdnotify values must be one of %q: %w", strings.Join(SdNotifyModeValues, ", "), define.ErrInvalidArg) + if err := define.ValidateSdNotifyMode(mode); err != nil { + return err } ctr.config.SdNotifyMode = mode |