In order to get systemd socket passing to work properly
the listen PID needs to match the process ID of the OCI runtime.
This match modifies the LISTEN_PID if it is set to the new runtime.
conmon will check that the LISTEN_PID the pid that conmon is running as and
will ignore it if they are different. But, if the caller specifies the
--replace-listen-pid flag, then the LISTEN_PID/LISTEN_FDS will always be used.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
and forward them to the watched process. A side effect is that we can
correctly invoke the exit command if conmon receives them.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Avoid:
$ make clean && make CFLAGS='-Wpedantic' cmsg.o 2>&1 | head -n5
rm -f conmon.o cmsg.o ../bin/conmon
cc -Wpedantic -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o cmsg.o cmsg.c
cmsg.c: In function ‘recvfd’:
cmsg.c:30:2: warning: ISO C forbids braced-groups within expressions [-Wpedantic]
({ \
^
Signed-off-by: W. Trevor King <wking@tremily.us>
Avoid:
$ make clean && make CFLAGS=-Wpedantic 2>&1 | head -n5
rm -f conmon.o cmsg.o ../bin/conmon
cc -Wpedantic -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o conmon.o conmon.c
conmon.c: In function ‘write_k8s_log’:
conmon.c:32:19: warning: ISO C does not support the ‘%m’ gnu_printf format [-Wformat=]
fprintf(stderr, "[conmon:e]: %s %m\n", s); \
^
from printf(3) [1]:
m (Glibc extension; supported by uClibc and musl.) Print output of
strerror(errno). No argument is required.
strerror, on the other hand, is in POSIX [2].
[1]: http://man7.org/linux/man-pages/man3/printf.3.html
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/strerror.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Avoid:
$ make clean && make CFLAGS=-Wpedantic 2>&1 | head -n 5
rm -f conmon.o cmsg.o ../bin/conmon
cc -Wpedantic -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o conmon.o conmon.c
conmon.c: In function ‘write_k8s_log’:
conmon.c:342:33: warning: ISO C99 requires at least one argument for the "..." in a variadic macro
ninfo("Creating new log file");
^
by distinguishing between calls with and without user-supplied
formatting.
Also remove some user-supplied newlines from the following
* nwarn for "Could not find newline in entire buffer"
* ninfo for "Got ctl message..."
* ninfo for "container %d exited with status..."
* nexitf for "Failed to write %s to exit file..."
because the macros add their own trailing newlines.
Also drop some redundant user-specified strerror() arguments from the
following:
* pexit for "Failed to open log file..."
* pexit for "Runtime path %s is not valid..."
because the pexit* macros add strerror on their own.
Signed-off-by: W. Trevor King <wking@tremily.us>
CRI-O's server relies on this for creation attempts, but it can set
the option. conmon itself doesn't need to care one way or the other.
Perhaps it is being called by a process that doesn't care about the
container exit code or has another way to access that information.
With this commit, we trust callers to set --exit-dir if they want it,
instead of requiring non-exec callers to set it.
Signed-off-by: W. Trevor King <wking@tremily.us>
add the possibility to run a custom command, and optionally provide
additional arguments to it, when conmon exits.
For example, it could be possible to delete the terminated container
with:
conmon [...] --exit-command /usr/bin/runc \
--exit-command-arg delete \
--exit-command-arg $CONTAINER_UUID
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Avoid:
$ make clean && make conmon.o 2>&1
rm -f conmon.o cmsg.o ../bin/conmon
cc -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -DVERSION=\"1.9.0-dev\" -DGIT_COMMIT=\""74cd1ec97c13a9784ce5e67a9e50e8977b5d2f38"\" -c -o conmon.o conmon.c
conmon.c: In function ‘main’:
conmon.c:1175:3: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
read(start_pipe_fd, buf, BUF_SIZE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by catching and exiting on any read errors. A read error here would
be because the caller died before writing to the start pipe, and we
don't want to continue in those cases because it would reopen the
cgroup race discussed in af4fbcd9 (conmon: Don't leave zombies and fix
cgroup race, 2017-06-09, #583). af4fbcd9 is where this line
originally landed, and it didn't have error checking then.
Signed-off-by: W. Trevor King <wking@tremily.us>
We leave the stdin open on first client disconnect if stdin once
is not set in the container configuration.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
runc has a `--no-pivot` flag, that uses MS_MOVE instead.
This patch set bubbles up a runtime config to enable using no-pivot
globally.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This allows the container list API to return updated status
for exited container without having to call container status first.
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
During my testing in OpenShift I've noticed that conmon leaves some
zombies processes. The reason is that we are using
PR_SET_CHILD_SUBREAPER in conmon and runC forks a new process (runc
init) each time we start a container. Using g_child_watch_add only on
the main runc process and on the container process is not enough as we
do not cleanup any other zombie process.
Since glib doesn't allow to catch SIGCHLD and to better integrate in the
existing code, catch it with signal(2) then raise a SIGUSR1 that glib
handles.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Instead of waiting until stderr/out is closed and then waiting for
the container to exit we wait for the container to exit in the
gmainloop, in addition to everything else, exiting only when
the child dies.
We then drain any output in stderr/out after the child has exited.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We build paths using g_build_filename and g_strdup_printf() instead
which means we don't have any arbitrary pathname lenght issue, and
the code becomes cleaner.
We also convert asprintf to g_strdup_printf so that we can use
the glib OOM checker instead of open coding it everywhere.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This moves the timeout handling from the go code to conmon, whic
removes some of the complexity from criod, and additionally it will
makes it possible to do the double-fork in the exec case too.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
