CRI-O's server relies on this for creation attempts, but it can set
the option. conmon itself doesn't need to care one way or the other.
Perhaps it is being called by a process that doesn't care about the
container exit code or has another way to access that information.
With this commit, we trust callers to set --exit-dir if they want it,
instead of requiring non-exec callers to set it.
Signed-off-by: W. Trevor King <wking@tremily.us>
add the possibility to run a custom command, and optionally provide
additional arguments to it, when conmon exits.
For example, it could be possible to delete the terminated container
with:
conmon [...] --exit-command /usr/bin/runc \
--exit-command-arg delete \
--exit-command-arg $CONTAINER_UUID
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Avoid:
$ make clean && make conmon.o 2>&1
rm -f conmon.o cmsg.o ../bin/conmon
cc -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -DVERSION=\"1.9.0-dev\" -DGIT_COMMIT=\""74cd1ec97c13a9784ce5e67a9e50e8977b5d2f38"\" -c -o conmon.o conmon.c
conmon.c: In function ‘main’:
conmon.c:1175:3: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
read(start_pipe_fd, buf, BUF_SIZE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by catching and exiting on any read errors. A read error here would
be because the caller died before writing to the start pipe, and we
don't want to continue in those cases because it would reopen the
cgroup race discussed in af4fbcd9 (conmon: Don't leave zombies and fix
cgroup race, 2017-06-09, #583). af4fbcd9 is where this line
originally landed, and it didn't have error checking then.
Signed-off-by: W. Trevor King <wking@tremily.us>
We leave the stdin open on first client disconnect if stdin once
is not set in the container configuration.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
runc has a `--no-pivot` flag, that uses MS_MOVE instead.
This patch set bubbles up a runtime config to enable using no-pivot
globally.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This allows the container list API to return updated status
for exited container without having to call container status first.
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
During my testing in OpenShift I've noticed that conmon leaves some
zombies processes. The reason is that we are using
PR_SET_CHILD_SUBREAPER in conmon and runC forks a new process (runc
init) each time we start a container. Using g_child_watch_add only on
the main runc process and on the container process is not enough as we
do not cleanup any other zombie process.
Since glib doesn't allow to catch SIGCHLD and to better integrate in the
existing code, catch it with signal(2) then raise a SIGUSR1 that glib
handles.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Instead of waiting until stderr/out is closed and then waiting for
the container to exit we wait for the container to exit in the
gmainloop, in addition to everything else, exiting only when
the child dies.
We then drain any output in stderr/out after the child has exited.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We build paths using g_build_filename and g_strdup_printf() instead
which means we don't have any arbitrary pathname lenght issue, and
the code becomes cleaner.
We also convert asprintf to g_strdup_printf so that we can use
the glib OOM checker instead of open coding it everywhere.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This moves the timeout handling from the go code to conmon, whic
removes some of the complexity from criod, and additionally it will
makes it possible to do the double-fork in the exec case too.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Currently, when creating containers we never call Wait on the
conmon exec.Command, which means that the child hangs around
forever as a zombie after it dies.
However, instead of doing this waitpid() in the parent we instead
do a double-fork in conmon, to daemonize it. That makes a lot of
sense, as conmon really is not tied to the launcher, but needs
to outlive it if e.g. the cri-o daemon restarts.
However, this makes even more obvious a race condition which we
already have. When crio-d puts the conmon pid in a cgroup there
is a race where conmon could already have spawned a child, and
it would then not be part of the cgroup. In order to fix this
we add another synchronization pipe to conmon, which we block
on before we create any children. The parent then makes sure the
pid is in the cgroup before letting it continue.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We use a SOCK_SEQPACKET socket for the attach unix domain socket, which
means the kernel will ensure that the reading side only ever get the
data from one write operation. We use this for frameing, where the
first byte is the pipe that the next bytes are for. We have to make sure
that all reads from the socket are using at least the same size of buffer
as the write side, because otherwise the extra data in the message
will be dropped.
This also adds a stdin pipe for the container, similar to the ones we
use for stdout/err, because we need a way for an attached client
to write to stdin, even if not using a tty.
This fixes https://github.com/kubernetes-incubator/cri-o/issues/569
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We don't want to block on accepting the terminal fd, because then
we can't detect if runc died before calling out to pass the terminal
fd. To handle this we spin the glib mainloop listening to both the
terminal accept fd and a child pid watch.
Signed-off-by: Alexander Larsson <alexl@redhat.com>