Pass NOTIFY_SOCKET and LISTEN_FDS env to OCI RUntime if set

In order to have sd_notify from systemd to work in containers we need to pass down the NOTIFY_SOCKET environment variable to the container. LISTEN_FDS, tells the application inside of the container to use socket activation and grab the FDS that are leaked into the container. Signed-off-by: Daniel J Walsh <[email protected]> Closes: #271 Approved by: umohnani8
containers · Feb 5, 2018 · 989f5e3 · 989f5e3
1 parent 095aaaa
commit 989f5e3
Show file tree

Hide file tree

Showing 5 changed files with 169 additions and 0 deletions.
diff --git a/libpod/oci.go b/libpod/oci.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/containerd/cgroups"
+	"github.com/coreos/go-systemd/activation"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -210,6 +211,14 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string) (err e
 	// 0, 1 and 2 are stdin, stdout and stderr
 	cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_STARTPIPE=%d", 4))
+	if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
+		cmd.Env = append(cmd.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
+	}
+	if listenfds, ok := os.LookupEnv("LISTEN_FDS"); ok {
+		cmd.Env = append(cmd.Env, fmt.Sprintf("LISTEN_FDS=%s", listenfds))
+		fds := activation.Files(false)
+		cmd.ExtraFiles = append(cmd.ExtraFiles, fds...)
+	}
 
 	err = cmd.Start()
 	if err != nil {

diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
@@ -185,6 +185,17 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("15"))
 	})
 
+	It("podman run notify_socket", func() {
+		sock := "/run/sock"
+		os.Setenv("NOTIFY_SOCKET", sock)
+		session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "NOTIFY_SOCKET"})
+		session.Wait(10)
+		Expect(session.ExitCode()).To(Equal(0))
+		match, _ := session.GrepString(sock)
+		Expect(match).Should(BeTrue())
+		os.Unsetenv("NOTIFY_SOCKET")
+	})
+
 	It("podman run log-opt", func() {
 		log := filepath.Join(podmanTest.TempDir, "/container.log")
 		session := podmanTest.Podman([]string{"run", "--rm", "--log-opt", fmt.Sprintf("path=%s", log), ALPINE, "ls"})

diff --git a/vendor/github.com/coreos/go-systemd/activation/files.go b/vendor/github.com/coreos/go-systemd/activation/files.go
diff --git a/vendor/github.com/coreos/go-systemd/activation/listeners.go b/vendor/github.com/coreos/go-systemd/activation/listeners.go
diff --git a/vendor/github.com/coreos/go-systemd/activation/packetconns.go b/vendor/github.com/coreos/go-systemd/activation/packetconns.go