From 13c6fd067cab2fd21f96837c6b6105ebb740fd1d Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 21 Apr 2022 12:55:31 +0200
Subject: system service: remove unnecessary pointer to listner

Since the listener is already an interface there is no reason to use a
extra pointer for it.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 pkg/api/server/server.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'pkg/api/server/server.go')

diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index 73740a6f9..9344101ce 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -60,11 +60,11 @@ func NewServer(runtime *libpod.Runtime) (*APIServer, error) {
 }
 
 // NewServerWithSettings will create and configure a new API server using provided settings
-func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
+func NewServerWithSettings(runtime *libpod.Runtime, listener net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
 	return newServer(runtime, listener, opts)
 }
 
-func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
+func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.ServiceOptions) (*APIServer, error) {
 	// If listener not provided try socket activation protocol
 	if listener == nil {
 		if _, found := os.LookupEnv("LISTEN_PID"); !found {
@@ -78,7 +78,7 @@ func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.Se
 		if len(listeners) != 1 {
 			return nil, fmt.Errorf("wrong number of file descriptors for socket activation protocol (%d != 1)", len(listeners))
 		}
-		listener = &listeners[0]
+		listener = listeners[0]
 	}
 	if opts.CorsHeaders == "" {
 		logrus.Debug("CORS Headers were not set")
@@ -86,7 +86,7 @@ func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.Se
 		logrus.Debugf("CORS Headers were set to %q", opts.CorsHeaders)
 	}
 
-	logrus.Infof("API service listening on %q", (*listener).Addr())
+	logrus.Infof("API service listening on %q", listener.Addr())
 	router := mux.NewRouter().UseEncodedPath()
 	tracker := idle.NewTracker(opts.Timeout)
 
@@ -101,7 +101,7 @@ func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.Se
 			IdleTimeout: opts.Timeout * 2,
 		},
 		CorsHeaders: opts.CorsHeaders,
-		Listener:    *listener,
+		Listener:    listener,
 		PProfAddr:   opts.PProfAddr,
 		idleTracker: tracker,
 	}
-- 
cgit v1.2.3-54-g00ecf


From eb71712626f96fc0a7e2803a6b6e6f82bec0a3a2 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 21 Apr 2022 14:07:54 +0200
Subject: systemd socker activation: check listener

activation.Listeners() can return an net.Listener array which contains
nil entries if it cannot listen on the given fds. This can cause podman
to panic so we should check the we have non nil net.Listener first.

[NO NEW TESTS NEEDED] No idea how to reproduce this.

Fixes #13911

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 pkg/api/server/server.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/api/server/server.go')

diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index 9344101ce..a906a01f1 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -79,6 +79,10 @@ func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.Ser
 			return nil, fmt.Errorf("wrong number of file descriptors for socket activation protocol (%d != 1)", len(listeners))
 		}
 		listener = listeners[0]
+		// note that activation.Listeners() return nil when it cannot listen on the fd (i.e. udp connection)
+		if listener == nil {
+			return nil, fmt.Errorf("unexpected fd received from systemd: cannot listen on it")
+		}
 	}
 	if opts.CorsHeaders == "" {
 		logrus.Debug("CORS Headers were not set")
-- 
cgit v1.2.3-54-g00ecf