From a1a79c08b72793cf2f75490d8ffc844c3d16bd4a Mon Sep 17 00:00:00 2001 From: Peter Hunt Date: Mon, 1 Jul 2019 13:55:03 -0400 Subject: Implement conmon exec This includes: Implement exec -i and fix some typos in description of -i docs pass failed runtime status to caller Add resize handling for a terminal connection Customize exec systemd-cgroup slice fix healthcheck fix top add --detach-keys Implement podman-remote exec (jhonce) * Cleanup some orphaned code (jhonce) adapt remote exec for conmon exec (pehunt) Fix healthcheck and exec to match docs Introduce two new OCIRuntime errors to more comprehensively describe situations in which the runtime can error Use these different errors in branching for exit code in healthcheck and exec Set conmon to use new api version Signed-off-by: Jhon Honce Signed-off-by: Peter Hunt --- libpod/oci.go | 104 +--------------------------------------------------------- 1 file changed, 1 insertion(+), 103 deletions(-) (limited to 'libpod/oci.go') diff --git a/libpod/oci.go b/libpod/oci.go index 3daf9f834..193e66aaf 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -62,12 +62,6 @@ type OCIRuntime struct { supportsJSON bool } -// syncInfo is used to return data from monitor process to daemon -type syncInfo struct { - Pid int `json:"pid"` - Message string `json:"message,omitempty"` -} - // ociError is used to parse the OCI runtime JSON log. It is not part of the // OCI runtime specifications, it follows what runc does type ociError struct { @@ -245,6 +239,7 @@ func (r *OCIRuntime) updateContainerStatus(ctr *Container, useRuntime bool) erro cmd := exec.Command(r.path, "state", ctr.ID()) cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)) + outPipe, err := cmd.StdoutPipe() if err != nil { return errors.Wrapf(err, "getting stdout pipe") @@ -390,103 +385,6 @@ func (r *OCIRuntime) unpauseContainer(ctr *Container) error { return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, "resume", ctr.ID()) } -// execContainer executes a command in a running container -// TODO: Add --detach support -// TODO: Convert to use conmon -// TODO: add --pid-file and use that to generate exec session tracking -func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty bool, cwd, user, sessionID string, streams *AttachStreams, preserveFDs int) (*exec.Cmd, error) { - if len(cmd) == 0 { - return nil, errors.Wrapf(define.ErrInvalidArg, "must provide a command to execute") - } - - if sessionID == "" { - return nil, errors.Wrapf(define.ErrEmptyID, "must provide a session ID for exec") - } - - runtimeDir, err := util.GetRootlessRuntimeDir() - if err != nil { - return nil, err - } - - args := []string{} - - // TODO - should we maintain separate logpaths for exec sessions? - args = append(args, "exec") - - if cwd != "" { - args = append(args, "--cwd", cwd) - } - - args = append(args, "--pid-file", c.execPidPath(sessionID)) - - if tty { - args = append(args, "--tty") - } else { - args = append(args, "--tty=false") - } - - if user != "" { - args = append(args, "--user", user) - } - - if preserveFDs > 0 { - args = append(args, fmt.Sprintf("--preserve-fds=%d", preserveFDs)) - } - if c.config.Spec.Process.NoNewPrivileges { - args = append(args, "--no-new-privs") - } - - for _, capabilityAdd := range capAdd { - args = append(args, "--cap", capabilityAdd) - } - - for _, envVar := range env { - args = append(args, "--env", envVar) - } - - // Append container ID, name and command - args = append(args, c.ID()) - args = append(args, cmd...) - - logrus.Debugf("Starting runtime %s with following arguments: %v", r.path, args) - - execCmd := exec.Command(r.path, args...) - - if streams.AttachOutput { - execCmd.Stdout = streams.OutputStream - } - if streams.AttachInput { - execCmd.Stdin = streams.InputStream - } - if streams.AttachError { - execCmd.Stderr = streams.ErrorStream - } - - execCmd.Env = append(execCmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)) - - if preserveFDs > 0 { - for fd := 3; fd < 3+preserveFDs; fd++ { - execCmd.ExtraFiles = append(execCmd.ExtraFiles, os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd))) - } - } - - if err := execCmd.Start(); err != nil { - return nil, errors.Wrapf(err, "cannot start container %s", c.ID()) - } - - if preserveFDs > 0 { - for fd := 3; fd < 3+preserveFDs; fd++ { - // These fds were passed down to the runtime. Close them - // and not interfere - if err := os.NewFile(uintptr(fd), fmt.Sprintf("fd-%d", fd)).Close(); err != nil { - logrus.Debugf("unable to close file fd-%d", fd) - } - } - } - - return execCmd, nil -} - // checkpointContainer checkpoints the given container func (r *OCIRuntime) checkpointContainer(ctr *Container, options ContainerCheckpointOptions) error { if err := label.SetSocketLabel(ctr.ProcessLabel()); err != nil { -- cgit v1.2.3-54-g00ecf