From dc2ca45d751ee04253742bfafd5d807ce52c24ec Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@pm.me>
Date: Mon, 13 Jul 2020 11:03:01 -0400
Subject: When determining systemd mode, use full command

We were only using the Command field in specgen when determining
whether to enable systemd if systemd=true (the default) was used.
This does not include the entrypoint, and does not include any
entrypoint/command sourced from the image - so an image could be
running systemd and we'd not correctly detect this. Using the
full, final command resolves this and matches Podman v1.9.x
behavior.

Fixes #6920

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
---
 pkg/specgen/generate/container_create.go | 16 ++++++++++------
 pkg/specgen/generate/oci.go              |  6 +-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 1bcd33672..c1ceac69e 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -106,11 +106,12 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		return nil, err
 	}
 
-	if s.PreserveFDs > 0 {
-		options = append(options, libpod.WithPreserveFDs(s.PreserveFDs))
+	command, err := makeCommand(ctx, s, newImage, rtc)
+	if err != nil {
+		return nil, err
 	}
 
-	opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, newImage)
+	opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, newImage, command)
 	if err != nil {
 		return nil, err
 	}
@@ -122,17 +123,21 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	}
 	options = append(options, libpod.WithExitCommand(exitCommandArgs))
 
-	runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod)
+	runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod, command)
 	if err != nil {
 		return nil, err
 	}
 	return rt.NewContainer(ctx, runtimeSpec, options...)
 }
 
-func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, img *image.Image) ([]libpod.CtrCreateOption, error) {
+func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, img *image.Image, command []string) ([]libpod.CtrCreateOption, error) {
 	var options []libpod.CtrCreateOption
 	var err error
 
+	if s.PreserveFDs > 0 {
+		options = append(options, libpod.WithPreserveFDs(s.PreserveFDs))
+	}
+
 	if s.Stdin {
 		options = append(options, libpod.WithStdin())
 	}
@@ -148,7 +153,6 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
 	case "false":
 		break
 	case "", "true":
-		command := s.Command
 		if len(command) == 0 {
 			command, err = img.Cmd(ctx)
 			if err != nil {
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 0a485e7cd..d7818c062 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -126,7 +126,7 @@ func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image
 	return finalCommand, nil
 }
 
-func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *image.Image, mounts []spec.Mount, pod *libpod.Pod) (*spec.Spec, error) {
+func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *image.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string) (*spec.Spec, error) {
 	var (
 		inUserNS bool
 	)
@@ -252,10 +252,6 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 	}
 	g.SetProcessCwd(s.WorkDir)
 
-	finalCmd, err := makeCommand(ctx, s, newImage, rtc)
-	if err != nil {
-		return nil, err
-	}
 	g.SetProcessArgs(finalCmd)
 
 	g.SetProcessTerminal(s.Terminal)
-- 
cgit v1.2.3-54-g00ecf


From 05988fc74fc25f2ad2256d6e011dfb7ad0b9a4eb Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@pm.me>
Date: Tue, 14 Jul 2020 13:21:05 -0400
Subject: Add SystemdMode to inspect for containers

This allows us to determine if the container auto-detected that
systemd was in use, and correctly activated systemd integration.
Use this to wire up some integration tests to verify that systemd
integration is working properly.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
---
 libpod/container_inspect.go        |  1 +
 libpod/define/container_inspect.go | 57 ++++++++++++++++++++++++++++++++++++++
 libpod/define/ctr_inspect.go       | 54 ------------------------------------
 test/e2e/systemd_test.go           | 35 +++++++++++++++++++++++
 4 files changed, 93 insertions(+), 54 deletions(-)
 delete mode 100644 libpod/define/ctr_inspect.go

diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 94d5dc93b..b1d86b0a5 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -289,6 +289,7 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp
 
 	ctrConfig.OpenStdin = c.config.Stdin
 	ctrConfig.Image = c.config.RootfsImageName
+	ctrConfig.SystemdMode = c.config.Systemd
 
 	// Leave empty is not explicitly overwritten by user
 	if len(c.config.Command) != 0 {
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index 614882467..fbd9da3e7 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -57,6 +57,10 @@ type InspectContainerConfig struct {
 	// Timezone is the timezone inside the container.
 	// Local means it has the same timezone as the host machine
 	Timezone string `json:"Timezone,omitempty"`
+	// SystemdMode is whether the container is running in systemd mode. In
+	// systemd mode, the container configuration is customized to optimize
+	// running systemd in the container.
+	SystemdMode bool `json:"SystemdMode,omitempty"`
 }
 
 // InspectRestartPolicy holds information about the container's restart policy.
@@ -631,3 +635,56 @@ type InspectContainerData struct {
 	Config          *InspectContainerConfig     `json:"Config"`
 	HostConfig      *InspectContainerHostConfig `json:"HostConfig"`
 }
+
+// InspectExecSession contains information about a given exec session.
+type InspectExecSession struct {
+	// CanRemove is legacy and used purely for compatibility reasons.
+	// Will always be set to true, unless the exec session is running.
+	CanRemove bool `json:"CanRemove"`
+	// ContainerID is the ID of the container this exec session is attached
+	// to.
+	ContainerID string `json:"ContainerID"`
+	// DetachKeys are the detach keys used by the exec session.
+	// If set to "" the default keys are being used.
+	// Will show "<none>" if no detach keys are set.
+	DetachKeys string `json:"DetachKeys"`
+	// ExitCode is the exit code of the exec session. Will be set to 0 if
+	// the exec session has not yet exited.
+	ExitCode int `json:"ExitCode"`
+	// ID is the ID of the exec session.
+	ID string `json:"ID"`
+	// OpenStderr is whether the container's STDERR stream will be attached.
+	// Always set to true if the exec session created a TTY.
+	OpenStderr bool `json:"OpenStderr"`
+	// OpenStdin is whether the container's STDIN stream will be attached
+	// to.
+	OpenStdin bool `json:"OpenStdin"`
+	// OpenStdout is whether the container's STDOUT stream will be attached.
+	// Always set to true if the exec session created a TTY.
+	OpenStdout bool `json:"OpenStdout"`
+	// Running is whether the exec session is running.
+	Running bool `json:"Running"`
+	// Pid is the PID of the exec session's process.
+	// Will be set to 0 if the exec session is not running.
+	Pid int `json:"Pid"`
+	// ProcessConfig contains information about the exec session's process.
+	ProcessConfig *InspectExecProcess `json:"ProcessConfig"`
+}
+
+// InspectExecProcess contains information about the process in a given exec
+// session.
+type InspectExecProcess struct {
+	// Arguments are the arguments to the entrypoint command of the exec
+	// session.
+	Arguments []string `json:"arguments"`
+	// Entrypoint is the entrypoint for the exec session (the command that
+	// will be executed in the container).
+	Entrypoint string `json:"entrypoint"`
+	// Privileged is whether the exec session will be started with elevated
+	// privileges.
+	Privileged bool `json:"privileged"`
+	// Tty is whether the exec session created a terminal.
+	Tty bool `json:"tty"`
+	// User is the user the exec session was started as.
+	User string `json:"user"`
+}
diff --git a/libpod/define/ctr_inspect.go b/libpod/define/ctr_inspect.go
deleted file mode 100644
index b7cd13f82..000000000
--- a/libpod/define/ctr_inspect.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package define
-
-// InspectExecSession contains information about a given exec session.
-type InspectExecSession struct {
-	// CanRemove is legacy and used purely for compatibility reasons.
-	// Will always be set to true, unless the exec session is running.
-	CanRemove bool `json:"CanRemove"`
-	// ContainerID is the ID of the container this exec session is attached
-	// to.
-	ContainerID string `json:"ContainerID"`
-	// DetachKeys are the detach keys used by the exec session.
-	// If set to "" the default keys are being used.
-	// Will show "<none>" if no detach keys are set.
-	DetachKeys string `json:"DetachKeys"`
-	// ExitCode is the exit code of the exec session. Will be set to 0 if
-	// the exec session has not yet exited.
-	ExitCode int `json:"ExitCode"`
-	// ID is the ID of the exec session.
-	ID string `json:"ID"`
-	// OpenStderr is whether the container's STDERR stream will be attached.
-	// Always set to true if the exec session created a TTY.
-	OpenStderr bool `json:"OpenStderr"`
-	// OpenStdin is whether the container's STDIN stream will be attached
-	// to.
-	OpenStdin bool `json:"OpenStdin"`
-	// OpenStdout is whether the container's STDOUT stream will be attached.
-	// Always set to true if the exec session created a TTY.
-	OpenStdout bool `json:"OpenStdout"`
-	// Running is whether the exec session is running.
-	Running bool `json:"Running"`
-	// Pid is the PID of the exec session's process.
-	// Will be set to 0 if the exec session is not running.
-	Pid int `json:"Pid"`
-	// ProcessConfig contains information about the exec session's process.
-	ProcessConfig *InspectExecProcess `json:"ProcessConfig"`
-}
-
-// InspectExecProcess contains information about the process in a given exec
-// session.
-type InspectExecProcess struct {
-	// Arguments are the arguments to the entrypoint command of the exec
-	// session.
-	Arguments []string `json:"arguments"`
-	// Entrypoint is the entrypoint for the exec session (the command that
-	// will be executed in the container).
-	Entrypoint string `json:"entrypoint"`
-	// Privileged is whether the exec session will be started with elevated
-	// privileges.
-	Privileged bool `json:"privileged"`
-	// Tty is whether the exec session created a terminal.
-	Tty bool `json:"tty"`
-	// User is the user the exec session was started as.
-	User string `json:"user"`
-}
diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go
index a1cdff70e..7b9be2275 100644
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@@ -112,5 +112,40 @@ WantedBy=multi-user.target
 		systemctl.WaitWithDefaultTimeout()
 		Expect(systemctl.ExitCode()).To(Equal(0))
 		Expect(strings.Contains(systemctl.OutputToString(), "State:")).To(BeTrue())
+
+		result := podmanTest.Podman([]string{"inspect", ctrName})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+		conData := result.InspectContainerToJSON()
+		Expect(len(conData)).To(Equal(1))
+		Expect(conData[0].Config.SystemdMode).To(BeTrue())
+	})
+
+	It("podman create container with systemd entrypoint triggers systemd mode", func() {
+		ctrName := "testCtr"
+		run := podmanTest.Podman([]string{"create", "--name", ctrName, "--entrypoint", "/sbin/init", ubi_init})
+		run.WaitWithDefaultTimeout()
+		Expect(run.ExitCode()).To(Equal(0))
+
+		result := podmanTest.Podman([]string{"inspect", ctrName})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+		conData := result.InspectContainerToJSON()
+		Expect(len(conData)).To(Equal(1))
+		Expect(conData[0].Config.SystemdMode).To(BeTrue())
+	})
+
+	It("podman create container with systemd=always triggers systemd mode", func() {
+		ctrName := "testCtr"
+		run := podmanTest.Podman([]string{"create", "--name", ctrName, "--systemd", "always", ALPINE})
+		run.WaitWithDefaultTimeout()
+		Expect(run.ExitCode()).To(Equal(0))
+
+		result := podmanTest.Podman([]string{"inspect", ctrName})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+		conData := result.InspectContainerToJSON()
+		Expect(len(conData)).To(Equal(1))
+		Expect(conData[0].Config.SystemdMode).To(BeTrue())
 	})
 })
-- 
cgit v1.2.3-54-g00ecf