podman: add required argv0 to wrapper.

[KenMacD]

Description of changes

In cases where podman uses conmon it passes its own path
as a command line argument in --exit-command. This exit
command is used for container cleanup. For it to work the path
must be the wrapper instead of the unwrapped executable.

Without this change rootless podman runs can hang for 20 seconds
before killing the container itself. The debug logs will show:

Exceeded conmon timeout waiting for container ___ to exit

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[zowoq]

Does this work?

Suggested change

	--argv0 $out/bin/podman \
	--inherit-argv0 \

[b12f]

Result of nixpkgs-review pr 188108 run on x86_64-linux 1

1 package built:

• podman

[KenMacD]

With more testing it seems this isn't generally working in Linux cases where /proc/self/exe can be read. I'll close this PR and see if I can come up with something better.

[dawidd6]

@KenMacD did you find a better way to fix that? This issue is still present.

[dawidd6]

Setting conmon_env_vars in containers.conf with PATH=<nix-profile-bin>:/bin:/sbin might help. Dunno why but it solved the issue on my end.

[KenMacD]

Sorry @dawidd6, I should have added another comment here. I ended up getting this PR applied upstream. As it's not released yet I've been using a local overlay for it (the filename changed upstream, so I didn't bother with fetchpatch):

self: super:
{
  podman-unwrapped = super.podman-unwrapped.overrideAttrs (old: {
    patches = (old.patches or []) ++ [
      ./add-path.patch
    ];
  });
}

With that patch simply being:

diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index cb76de72c..261068082 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1297,6 +1297,7 @@ func (r *ConmonOCIRuntime) configureConmonEnv(runtimeDir string) []string {
 	if ok {
 		env = append(env, fmt.Sprintf("CONTAINERS_CONF=%s", conf))
 	}
+	env = append(env, fmt.Sprintf("PATH=%s", os.Getenv("PATH")))
 	env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
 	env = append(env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED")))
 	env = append(env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%s", os.Getenv("_CONTAINERS_ROOTLESS_UID")))

[dawidd6]

Thanks for the patch @KenMacD!