Skip to content

Commit

Permalink
Pass Systemd LISTEN_* environment to the container
Browse files Browse the repository at this point in the history
If a container is running within a systemd service and it is socket
activated, we need to leak the LISTEN_* environment variables into the
container.

Fixes: #10443

Signed-off-by: Daniel J Walsh <[email protected]>
  • Loading branch information
rhatdan committed Jun 30, 2021
1 parent 61b7bea commit c3bdae5
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 0 deletions.
12 changes: 12 additions & 0 deletions libpod/container_internal_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -648,6 +648,18 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
g.AddProcessEnv("HOSTNAME", hostname)
}

for _, lEnv := range []string{"LISTEN_PID", "LISTEN_FDS", "LISTEN_FDNAMES"} {
if val, ok := os.LookupEnv(lEnv); ok {
// The primary process within the container will be PID=1, so this
// value needs to be reset
if lEnv == "LISTEN_PID" {
g.AddProcessEnv(lEnv, "1")
continue
}
g.AddProcessEnv(lEnv, val)
}
}

if c.config.UTSNsCtr != "" {
if err := c.addNamespaceContainer(&g, UTSNS, c.config.UTSNsCtr, spec.UTSNamespace); err != nil {
return nil, err
Expand Down
10 changes: 10 additions & 0 deletions libpod/oci_conmon_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -1055,6 +1055,16 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
}
}

if l, ok := os.LookupEnv("LISTEN_FDS"); ok {
listenFds, err := strconv.ParseUint(l, 10, 64)
if err != nil {
logrus.Warnf("Error LISTEN_FDS environment variable for %s not an int %v", ctr.ID(), err)
}

if uint(listenFds) > ctr.config.PreserveFDs {
ctr.config.PreserveFDs = uint(listenFds)
}
}
if ctr.config.PreserveFDs > 0 {
args = append(args, formatRuntimeOpts("--preserve-fds", fmt.Sprintf("%d", ctr.config.PreserveFDs))...)
}
Expand Down
39 changes: 39 additions & 0 deletions test/system/250-systemd.bats
Original file line number Diff line number Diff line change
Expand Up @@ -148,4 +148,43 @@ function service_cleanup() {
service_cleanup
}

@test "podman pass run LISTEN environment " {
tmpdir=$PODMAN_TMPDIR/build-test
subdir=$tmpdir/subdir
run_podman run --hostname=host1 --rm $IMAGE printenv
std_output=$output

export LISTEN_PID="100" LISTEN_FDS="1" LISTEN_FDNAMES="listen_fdnames"
run_podman run --hostname=host1 --rm $IMAGE printenv
if is_remote; then
is "$output" "$std_output" "LISTEN Environment did not pass"
else
is "$output" "$std_output
LISTEN_PID=1
LISTEN_FDS=1
LISTEN_FDNAMES=listen_fdnames" "LISTEN Environment passed"
fi
unset LISTEN_PID LISTEN_FDS LISTEN_FDNAMES
}

@test "podman pass start LISTEN environment " {
tmpdir=$PODMAN_TMPDIR/build-test
subdir=$tmpdir/subdir
run_podman run --hostname=host1 --rm $IMAGE printenv
std_output=$output

run_podman create --name=test --hostname=host1 --rm $IMAGE printenv
export LISTEN_PID="100" LISTEN_FDS="1" LISTEN_FDNAMES="listen_fdnames"
run_podman start --attach test
if is_remote; then
is "$output" "$std_output" "LISTEN Environment did not pass"
else
is "$output" "$std_output
LISTEN_PID=1
LISTEN_FDS=1
LISTEN_FDNAMES=listen_fdnames" "LISTEN Environment passed"
fi
unset LISTEN_PID LISTEN_FDS LISTEN_FDNAMES
}

# vim: filetype=sh

0 comments on commit c3bdae5

Please sign in to comment.