Skip to content

Commit

Permalink
oci: use /proc/self/fd/FD to open unix socket
Browse files Browse the repository at this point in the history
instead of opening directly the UNIX socket path, grab a reference to
it through a O_PATH file descriptor and use the fixed size string
"/proc/self/fd/%d" to open the UNIX socket.  In this way it won't hit
the 108 chars length limit.

Closes: #8798

Signed-off-by: Giuseppe Scrivano <[email protected]>
(cherry picked from commit fdbc278)
  • Loading branch information
giuseppe committed Mar 16, 2021
1 parent 12c87e0 commit b50ba1f
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 42 deletions.
29 changes: 13 additions & 16 deletions libpod/oci_attach_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,15 @@ const (
AttachPipeStderr = 3
)

func openUnixSocket(path string) (*net.UnixConn, error) {
fd, err := unix.Open(path, unix.O_PATH, 0)
if err != nil {
return nil, err
}
defer unix.Close(fd)
return net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: fmt.Sprintf("/proc/self/fd/%d", fd), Net: "unixpacket"})
}

// Attach to the given container
// Does not check if state is appropriate
// started is only required if startContainer is true
Expand All @@ -52,11 +61,10 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
if err != nil {
return err
}
socketPath := buildSocketPath(attachSock)

conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
conn, err := openUnixSocket(attachSock)
if err != nil {
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
}
defer func() {
if err := conn.Close(); err != nil {
Expand Down Expand Up @@ -124,17 +132,16 @@ func (c *Container) attachToExec(streams *define.AttachStreams, keys *string, se
if err != nil {
return err
}
socketPath := buildSocketPath(sockPath)

// 2: read from attachFd that the parent process has set up the console socket
if _, err := readConmonPipeData(attachFd, ""); err != nil {
return err
}

// 2: then attach
conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
conn, err := openUnixSocket(sockPath)
if err != nil {
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", sockPath)
}
defer func() {
if err := conn.Close(); err != nil {
Expand Down Expand Up @@ -182,16 +189,6 @@ func registerResizeFunc(resize <-chan remotecommand.TerminalSize, bundlePath str
})
}

func buildSocketPath(socketPath string) string {
maxUnixLength := unixPathLength()
if maxUnixLength < len(socketPath) {
socketPath = socketPath[0:maxUnixLength]
}

logrus.Debug("connecting to socket ", socketPath)
return socketPath
}

func setupStdioChannels(streams *define.AttachStreams, conn *net.UnixConn, detachKeys []byte) (chan error, chan error) {
receiveStdoutError := make(chan error)
go func() {
Expand Down
11 changes: 0 additions & 11 deletions libpod/oci_attach_linux_cgo.go

This file was deleted.

7 changes: 0 additions & 7 deletions libpod/oci_attach_linux_nocgo.go

This file was deleted.

6 changes: 2 additions & 4 deletions libpod/oci_conmon_exec_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package libpod

import (
"fmt"
"net"
"net/http"
"os"
"os/exec"
Expand Down Expand Up @@ -516,17 +515,16 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
if err != nil {
return err
}
socketPath := buildSocketPath(sockPath)

// 2: read from attachFd that the parent process has set up the console socket
if _, err := readConmonPipeData(pipes.attachPipe, ""); err != nil {
return err
}

// 2: then attach
conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
conn, err := openUnixSocket(sockPath)
if err != nil {
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", sockPath)
}
defer func() {
if err := conn.Close(); err != nil {
Expand Down
7 changes: 3 additions & 4 deletions libpod/oci_conmon_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -521,13 +521,12 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.
if err != nil {
return err
}
socketPath := buildSocketPath(attachSock)

var conn *net.UnixConn
if streamAttach {
newConn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"})
newConn, err := openUnixSocket(attachSock)
if err != nil {
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath)
return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
}
conn = newConn
defer func() {
Expand All @@ -536,7 +535,7 @@ func (r *ConmonOCIRuntime) HTTPAttach(ctr *Container, req *http.Request, w http.
}
}()

logrus.Debugf("Successfully connected to container %s attach socket %s", ctr.ID(), socketPath)
logrus.Debugf("Successfully connected to container %s attach socket %s", ctr.ID(), attachSock)
}

detachString := ctr.runtime.config.Engine.DetachKeys
Expand Down

0 comments on commit b50ba1f

Please sign in to comment.