Set $container_uuid and mount basic /run/host #13217
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: jfroy The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Thanks @jfroy |
|
LGTM aside from existing comments |
|
Thanks for the feedback, I'll be sending an updated patchset soon. |
jfroy
changed the title
$container_uuid in systemd mode
|
New patchset is up for review. It includes the feedback for the environment variable and also implements a basic |
openshift-ci
bot
added
the
needs-rebase
This patch sets the `container_uuid` environment variable to the container's fist 32 characters. This patch also mounts a basic /run/host that contains container-manager and container-uuid. See https://systemd.io/CONTAINER_INTERFACE for the details. Fixed containers#13187 Signed-off-by: Jean-Francois Roy <[email protected]>
openshift-ci
bot
removed
the
needs-rebase
| if err := c.makeRunHostMount(g); err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| if err := c.injectContainerUUID(g); err != nil { | ||
| return nil, err | ||
| } |
There was a problem hiding this comment.
I think this should only be added for systemd containers
There was a problem hiding this comment.
I probably agree, does machinectl and other tools do anything in the case where systemd is not running within the container.
There was a problem hiding this comment.
The container interface is something coming out of systemd, for sure, but if I set that aside, it is not bad to have basic container information available in the filesystem, in addition to the environment. I'm happy to make this conditional.
There was a problem hiding this comment.
We have some container information in /run/.containerenv, but we only leak information their in --privileged mode.
podman run --privileged fedora cat /run/.containerenv
engine="podman-4.0.0-rc4"
name="musing_swartz"
id="fde1c78d6d4cc8a461dc2eb53d6f235946b79e43f812a048b7c79ea5a71df950"
image="registry.fedoraproject.org/fedora:latest"
imageid="e417cd49a84e1749071c516c4f0013ea62113cb5adc98a8504a63a04bfd43479"
rootless=1
|
@jfroy: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
A friendly reminder that this PR had no activity for 30 days. |
|
container_uuid is now set when running in systemd mode, rebase and repush if you want the rest of this PR. |
github-actions
bot
added
the
locked - please file new issue/PR
The
container_uuidenvironment variable is read by systemd to set the machine ID, per https://systemd.io/CONTAINER_INTERFACE/#environment-variables. This patch modifiesgenerateSpecto apply this environment variable. The "UUID" is the container ID's first 32 characters.Fixed #13187