container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-20 01:03:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13622 from rhatdan/systemd1

Browse source 
When running systemd in a container set container_uuid
This commit is contained in:
OpenShift Merge Robot 2022-03-24 19:05:44 +01:00 committed by GitHub
parent b6c713f4d7 5e28cbc5fc
commit e657c7a170
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docs/source/markdown/podman-create.1.md
View file

@ -1037,15 +1037,20 @@ Run container in systemd mode. The default is *true*.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is systemd, /usr/sbin/init,
/sbin/init or /usr/local/sbin/init.
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
If the command you are running inside of the container is systemd,
Podman will setup tmpfs mount points in the following directories:
Running the container in systemd mode causes the following changes:
/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
It will also set the default stop signal to SIGRTMIN+3.
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.

25
docs/source/markdown/podman-run.1.md
View file

@ -1098,20 +1098,21 @@ Note: if you use the **--network=host** option, these sysctls will not be allowe
Run container in systemd mode. The default is **true**.
The value *always* enforces the systemd mode is enforced without
looking at the executable name. Otherwise, if set to **true** and the
command you are running inside the container is systemd, _/usr/sbin/init_,
_/sbin/init_ or _/usr/local/sbin/init_.
looking at the executable name. Otherwise, if set to true and the
command you are running inside the container is **systemd**, **/usr/sbin/init**,
**/sbin/init** or **/usr/local/sbin/init**.
If the command you are running inside of the container is systemd
Podman will setup tmpfs mount points in the following directories:
Running the container in systemd mode causes the following changes:
- _/run_
- _/run/lock_
- _/tmp_
- _/sys/fs/cgroup/systemd_
- _/var/lib/journal_
It will also set the default stop signal to **SIGRTMIN+3**.
* Podman mounts tmpfs file systems on the following directories
* _/run_
* _/run/lock_
* _/tmp_
* _/sys/fs/cgroup/systemd_
* _/var/lib/journal_
* Podman sets the default stop signal to **SIGRTMIN+3**.
* Podman sets **container_uuid** environment variable in the container to the
first 32 characters of the container id.
This allows systemd to run in a confined container without any modifications.

10
libpod/container_internal_linux.go
View file

@ -968,6 +968,16 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
// systemd expects to have /run, /run/lock and /tmp on tmpfs
// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
var containerUUIDSet bool
for _, s := range c.config.Spec.Process.Env {
if strings.HasPrefix(s, "container_uuid=") {
containerUUIDSet = true
break
}
}
if !containerUUIDSet {
g.AddProcessEnv("container_uuid", c.ID()[:32])
}
options := []string{"rw", "rprivate", "nosuid", "nodev"}
for _, dest := range []string{"/run", "/run/lock"} {
if MountExists(mounts, dest) {

7
test/system/250-systemd.bats
View file

@ -281,6 +281,13 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
is "$output" "" "output should be empty"
}
@test "podman --systemd sets container_uuid" {
run_podman run --systemd=always --name test $IMAGE printenv container_uuid
container_uuid=$output
run_podman inspect test --format '{{ .ID }}'
is "${container_uuid}" "${output:0:32}" "UUID should be first 32 chars of Container id"
}
# https://github.com/containers/podman/issues/13153
@test "podman rootless-netns slirp4netns process should be in different cgroup" {
is_rootless || skip "only meaningful for rootless"