From 54fd1a7bb962fbce828dd2fb2295518e3c706d8f Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Sun, 10 Mar 2019 14:25:13 -0400 Subject: Fix generation of infra container command When sourcing from an image, we need to grab its entrypoint first and then add command on to mimic the behavior of Docker. The default Kube pause image just sets ENTRYPOINT, and not CMD, so nothing changes there, but this ought to fix other images (for example, nginx would try to run the pause command instead of an nginx process without this patch) Signed-off-by: Matthew Heon --- libpod/runtime_pod_infra_linux.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 6b07bcb31..0a5f78cf8 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -12,6 +12,7 @@ import ( spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" + "github.com/sirupsen/logrus" ) const ( @@ -34,9 +35,24 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID // I've seen circumstances where config is being passed as nil. // Let's err on the side of safety and make sure it's safe to use. if config != nil { + setEntrypoint := false // default to entrypoint in image if there is one if len(config.Entrypoint) > 0 { entryCmd = config.Entrypoint + setEntrypoint = true + } + if len(config.Cmd) > 0 { + // We can't use the default pause command, since we're + // sourcing from the image. If we didn't already set an + // entrypoint, set one now. + if !setEntrypoint { + // Use the Docker default "/bin/sh -c" + // entrypoint, as we're overriding command. + // If an image doesn't want this, it can + // override entrypoint too. + entryCmd = []string{"/bin/sh", "-c"} + } + entryCmd = append(entryCmd, config.Cmd...) } if len(config.Env) > 0 { for _, nameValPair := range config.Env { @@ -52,6 +68,8 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID g.SetRootReadonly(true) g.SetProcessArgs(entryCmd) + logrus.Debugf("Using %q as infra container entrypoint", entryCmd) + if isRootless { g.RemoveMount("/dev/pts") devPts := spec.Mount{ -- cgit v1.2.3-54-g00ecf