summaryrefslogtreecommitdiff
path: root/pkg/rootlessport/rootlessport_linux.go
Commit message (Collapse)AuthorAge
* rootlessport: use two different channelsGiuseppe Scrivano2020-04-29
| | | | | | | | | | | The same channel is written to by two different goroutines. Use a different channel for each of them so to avoid writing to a closed channel. Closes: https://github.com/containers/libpod/issues/6018 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: use x/sys/unix instead of syscallGiuseppe Scrivano2020-03-24
| | | | | | | | Dup2 is not defined on arm64 in the syscall package. Closes: https://github.com/containers/libpod/issues/5587 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: handle SIGPIPEGiuseppe Scrivano2020-03-19
| | | | | | | | | when a sigpipe is received the stdout/stderr pipe was closed, so reopen them with /dev/null. Closes: https://github.com/containers/libpod/issues/5541 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: detect rootless-child exitGiuseppe Scrivano2020-03-12
| | | | | | | otherwise the rootless parent process might wait indefinitely when the rootless-child process exits early. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: drop Pdeathsig in favor of KillGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | | | there is a race condition where the child process is immediately killed: [pid 2576752] arch_prctl(0x3001 /* ARCH_??? */, 0x7ffdf612f170) = -1 EINVAL (Invalid argument) [pid 2576752] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) [pid 2576752] --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=2576742, si_uid=0} --- [pid 2576752] +++ killed by SIGTERM +++ this happens because the parent process here really means the "parent thread". Since there is no way of running it on the main thread, let's skip this functionality altogether and use kill(2). Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: fix potential hangGiuseppe Scrivano2020-02-12
| | | | | | | | | | | write to the error pipe only in case of an error. Otherwise we may end up in a race condition in the select statement below as the read from errChan happens before initComplete and the function returns immediately nil. Closes: https://github.com/containers/libpod/issues/5182 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: honor ctr.runtime.config.TmpDirAkihiro Suda2020-01-09
| | | | | | Previously, rootlessport was using /var/tmp as the tmp dir. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootlessport: remove state dir on exitAkihiro Suda2020-01-09
| | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* rootless: use RootlessKit port forwarderAkihiro Suda2020-01-08
RootlessKit port forwarder has a lot of advantages over the slirp4netns port forwarder: * Very high throughput. Benchmark result on Travis: socat: 5.2 Gbps, slirp4netns: 8.3 Gbps, RootlessKit: 27.3 Gbps (https://travis-ci.org/rootless-containers/rootlesskit/builds/597056377) * Connections from the host are treated as 127.0.0.1 rather than 10.0.2.2 in the namespace. No UDP issue (#4586) * No tcp_rmem issue (#4537) * Probably works with IPv6. Even if not, it is trivial to support IPv6. (#4311) * Easily extensible for future support of SCTP * Easily extensible for future support of `lxc-user-nic` SUID network RootlessKit port forwarder has been already adopted as the default port forwarder by Rootless Docker/Moby, and no issue has been reported AFAIK. As the port forwarder is imported as a Go package, no `rootlesskit` binary is required for Podman. Fix #4586 May-fix #4559 Fix #4537 May-fix #4311 See https://github.com/rootless-containers/rootlesskit/blob/v0.7.0/pkg/port/builtin/builtin.go Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>