mirror of
https://github.com/containers/podman
synced 2024-10-20 01:03:51 +00:00
Merge pull request #13622 from rhatdan/systemd1
When running systemd in a container set container_uuid
This commit is contained in:
commit
e657c7a170
|
@ -1037,15 +1037,20 @@ Run container in systemd mode. The default is *true*.
|
|||
|
||||
The value *always* enforces the systemd mode is enforced without
|
||||
looking at the executable name. Otherwise, if set to true and the
|
||||
command you are running inside the container is systemd, /usr/sbin/init,
|
||||
/sbin/init or /usr/local/sbin/init.
|
||||
command you are running inside the container is **systemd**, **/usr/sbin/init**,
|
||||
**/sbin/init** or **/usr/local/sbin/init**.
|
||||
|
||||
If the command you are running inside of the container is systemd,
|
||||
Podman will setup tmpfs mount points in the following directories:
|
||||
Running the container in systemd mode causes the following changes:
|
||||
|
||||
/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
|
||||
|
||||
It will also set the default stop signal to SIGRTMIN+3.
|
||||
* Podman mounts tmpfs file systems on the following directories
|
||||
* _/run_
|
||||
* _/run/lock_
|
||||
* _/tmp_
|
||||
* _/sys/fs/cgroup/systemd_
|
||||
* _/var/lib/journal_
|
||||
* Podman sets the default stop signal to **SIGRTMIN+3**.
|
||||
* Podman sets **container_uuid** environment variable in the container to the
|
||||
first 32 characters of the container id.
|
||||
|
||||
This allows systemd to run in a confined container without any modifications.
|
||||
|
||||
|
|
|
@ -1098,20 +1098,21 @@ Note: if you use the **--network=host** option, these sysctls will not be allowe
|
|||
Run container in systemd mode. The default is **true**.
|
||||
|
||||
The value *always* enforces the systemd mode is enforced without
|
||||
looking at the executable name. Otherwise, if set to **true** and the
|
||||
command you are running inside the container is systemd, _/usr/sbin/init_,
|
||||
_/sbin/init_ or _/usr/local/sbin/init_.
|
||||
looking at the executable name. Otherwise, if set to true and the
|
||||
command you are running inside the container is **systemd**, **/usr/sbin/init**,
|
||||
**/sbin/init** or **/usr/local/sbin/init**.
|
||||
|
||||
If the command you are running inside of the container is systemd
|
||||
Podman will setup tmpfs mount points in the following directories:
|
||||
Running the container in systemd mode causes the following changes:
|
||||
|
||||
- _/run_
|
||||
- _/run/lock_
|
||||
- _/tmp_
|
||||
- _/sys/fs/cgroup/systemd_
|
||||
- _/var/lib/journal_
|
||||
|
||||
It will also set the default stop signal to **SIGRTMIN+3**.
|
||||
* Podman mounts tmpfs file systems on the following directories
|
||||
* _/run_
|
||||
* _/run/lock_
|
||||
* _/tmp_
|
||||
* _/sys/fs/cgroup/systemd_
|
||||
* _/var/lib/journal_
|
||||
* Podman sets the default stop signal to **SIGRTMIN+3**.
|
||||
* Podman sets **container_uuid** environment variable in the container to the
|
||||
first 32 characters of the container id.
|
||||
|
||||
This allows systemd to run in a confined container without any modifications.
|
||||
|
||||
|
|
|
@ -968,6 +968,16 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
|
|||
// systemd expects to have /run, /run/lock and /tmp on tmpfs
|
||||
// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
|
||||
func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
|
||||
var containerUUIDSet bool
|
||||
for _, s := range c.config.Spec.Process.Env {
|
||||
if strings.HasPrefix(s, "container_uuid=") {
|
||||
containerUUIDSet = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !containerUUIDSet {
|
||||
g.AddProcessEnv("container_uuid", c.ID()[:32])
|
||||
}
|
||||
options := []string{"rw", "rprivate", "nosuid", "nodev"}
|
||||
for _, dest := range []string{"/run", "/run/lock"} {
|
||||
if MountExists(mounts, dest) {
|
||||
|
|
|
@ -281,6 +281,13 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
|
|||
is "$output" "" "output should be empty"
|
||||
}
|
||||
|
||||
@test "podman --systemd sets container_uuid" {
|
||||
run_podman run --systemd=always --name test $IMAGE printenv container_uuid
|
||||
container_uuid=$output
|
||||
run_podman inspect test --format '{{ .ID }}'
|
||||
is "${container_uuid}" "${output:0:32}" "UUID should be first 32 chars of Container id"
|
||||
}
|
||||
|
||||
# https://github.com/containers/podman/issues/13153
|
||||
@test "podman rootless-netns slirp4netns process should be in different cgroup" {
|
||||
is_rootless || skip "only meaningful for rootless"
|
||||
|
|
Loading…
Reference in a new issue