rootlessport: reduce memory usage of the process

Don't use reexec for the rootlessport process, instead make it a separate binary to reduce the memory usage. The problem with reexec is that it will import all packages that podman uses and therefore loads a lot of stuff into the heap. The rootlessport process however only needs the rootlesskit library. The memory usage is a concern since the rootlessport process will spawn two process per container which has ports forwarded. The processes stay until the container dies. On my laptop the current reexec version uses 47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is more than a 90% improvement. The Makefile has been updated to compile the new binary and install it to the libexec directory. Fixes containers#10790 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <[email protected]>
Luap99 · Oct 12, 2021 · 3ba69dc · 3ba69dc
1 parent c90beed
commit 3ba69dc
Show file tree

Hide file tree

Showing 8 changed files with 394 additions and 361 deletions.
diff --git a/Makefile b/Makefile
@@ -39,6 +39,7 @@ LIBPOD_INSTANCE := libpod_dev
 PREFIX ?= /usr/local
 BINDIR ?= ${PREFIX}/bin
 LIBEXECDIR ?= ${PREFIX}/libexec
+LIBEXECPODMAN ?= ${LIBEXECDIR}/podman
 MANDIR ?= ${PREFIX}/share/man
 SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers
 ETCDIR ?= ${PREFIX}/etc
@@ -186,7 +187,7 @@ default: all
 all: binaries docs
 
 .PHONY: binaries
-binaries: podman podman-remote ## Build podman and podman-remote binaries
+binaries: podman podman-remote rootlessport ## Build podman, podman-remote and rootlessport binaries
 
 # Extract text following double-# for targets, as their description for
 # the `help` target.  Otherwise These simple-substitutions are resolved
@@ -355,6 +356,15 @@ podman-remote-darwin: ## Build podman-remote for macOS
 		GOARCH=$(GOARCH) \
 		bin/darwin/podman
 
+bin/rootlessport: .gopathok $(SOURCES) go.mod go.sum
+	CGO_ENABLED=$(CGO_ENABLED) \
+		$(GO) build \
+		$(BUILDFLAGS) \
+		-o $@ ./cmd/rootlessport
+
+.PHONY: rootlessport
+rootlessport: bin/rootlessport
+
 ###
 ### Secondary binary-build targets
 ###
@@ -718,11 +728,14 @@ install.bin-nobuild:
 	install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR)
 	install ${SELINUXOPT} -m 755 bin/podman $(DESTDIR)$(BINDIR)/podman
 	test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(BINDIR)/podman bin/podman
+	install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(LIBEXECPODMAN)
+	install ${SELINUXOPT} -m 755 bin/rootlessport $(DESTDIR)$(LIBEXECPODMAN)/rootlessport
+	test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(LIBEXECPODMAN)/rootlessport bin/rootlessport
 	install ${SELINUXOPT} -m 755 -d ${DESTDIR}${TMPFILESDIR}
 	install ${SELINUXOPT} -m 644 contrib/tmpfile/podman.conf ${DESTDIR}${TMPFILESDIR}/podman.conf
 
 .PHONY: install.bin
-install.bin: podman install.bin-nobuild
+install.bin: podman rootlessport install.bin-nobuild
 
 .PHONY: install.man-nobuild
 install.man-nobuild: