From 75578aad61c1e9fae021223ece70cb83e3e2bcf2 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <rothberg@redhat.com>
Date: Sat, 22 Dec 2018 14:59:43 +0100
Subject: add container-init support

Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes.  When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.

The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1].  This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.

[1] https://github.com/openSUSE/catatonit

Fixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
---
 cmd/podman/common.go                 |  9 +++++++++
 cmd/podman/create.go                 | 10 ++++++++++
 cmd/podman/varlink/io.podman.varlink |  2 ++
 3 files changed, 21 insertions(+)

(limited to 'cmd')

diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index 8404a29b8..0fc9a6acc 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -320,6 +320,15 @@ var createFlags = []cli.Flag{
 		Usage: "Tells podman how to handle the builtin image volumes. The options are: 'bind', 'tmpfs', or 'ignore' (default 'bind')",
 		Value: "bind",
 	},
+	cli.BoolFlag{
+		Name:  "init",
+		Usage: "Run an init binary inside the container that forwards signals and reaps processes",
+	},
+	cli.StringFlag{
+		Name: "init-path",
+		// Do not use  the Value field for setting the default value to determine user input (i.e., non-empty string)
+		Usage: fmt.Sprintf("Path to the container-init binary (default: %q)", libpod.DefaultInitPath),
+	},
 	cli.BoolFlag{
 		Name:  "interactive, i",
 		Usage: "Keep STDIN open even if not attached",
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index dae429047..395a64b3b 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -809,6 +809,16 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
 		Syslog:      c.GlobalBool("syslog"),
 	}
 
+	if c.Bool("init") {
+		initPath := c.String("init-path")
+		if initPath == "" {
+			initPath = runtime.GetConfig().InitPath
+		}
+		if err := config.AddContainerInitBinary(initPath); err != nil {
+			return nil, err
+		}
+	}
+
 	if config.Privileged {
 		config.LabelOpts = label.DisableSecOpt()
 	} else {
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index c1b7c703a..4e8b69faf 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -211,6 +211,8 @@ type Create (
     hostname: string,
     image: string,
     image_id: string,
+    init: bool,
+    init_path: string,
     builtin_imgvolumes: []string,
     id_mappings: IDMappingOptions,
     image_volume_type: string,
-- 
cgit v1.2.3-54-g00ecf