runc init: remove some code

init.go

@@ -10,11 +10,12 @@ import (
 	"github.com/opencontainers/runc/libcontainer/logs"
 	_ "github.com/opencontainers/runc/libcontainer/nsenter"
 	"github.com/sirupsen/logrus"
-	"github.com/urfave/cli"
 )
 
 func init() {
 	if len(os.Args) > 1 && os.Args[1] == "init" {
+		// This is the golang entry point for runc init, executed
+		// before main() but after libcontainer/nsenter's nsexec().
 		runtime.GOMAXPROCS(1)
 		runtime.LockOSThread()
 
@@ -38,19 +39,13 @@ func init() {
 			panic(fmt.Sprintf("libcontainer: failed to configure logging: %v", err))
 		}
 		logrus.Debug("child process in init()")
-	}
-}
 
-var initCommand = cli.Command{
-	Name:  "init",
-	Usage: `initialize the namespaces and launch the process (do not call it outside of runc)`,
-	Action: func(context *cli.Context) error {
 		factory, _ := libcontainer.New("")
 		if err := factory.StartInitialization(); err != nil {
 			// as the error is sent back to the parent there is no need to log
 			// or write it to stderr because the parent process will handle this
 			os.Exit(1)
 		}
 		panic("libcontainer: container init failed to exec")
-	},
+	}
 }

libcontainer/nsenter/nsexec.c

@@ -41,12 +41,6 @@ enum sync_t {
 	SYNC_CHILD_FINISH = 0x45,	/* The child or grandchild has finished. */
 };
 
-/*
- * Synchronisation value for cgroup namespace setup.
- * The same constant is defined in process_linux.go as "createCgroupns".
- */
-#define CREATECGROUPNS 0x80
-
 #define STAGE_SETUP  -1
 /* longjmp() arguments. */
 #define STAGE_PARENT  0
@@ -1075,24 +1069,9 @@ void nsexec(void)
 					bail("setgroups failed");
 			}
 
-			/*
-			 * Wait until our topmost parent has finished cgroup setup in
-			 * p.manager.Apply().
-			 *
-			 * TODO(cyphar): Check if this code is actually needed because we
-			 *               should be in the cgroup even from stage-0, so
-			 *               waiting until now might not make sense.
-			 */
 			if (config.cloneflags & CLONE_NEWCGROUP) {
-				uint8_t value;
-				if (read(pipenum, &value, sizeof(value)) != sizeof(value))
-					bail("read synchronisation value failed");
-				if (value == CREATECGROUPNS) {
-					write_log(DEBUG, "unshare cgroup namespace");
-					if (unshare(CLONE_NEWCGROUP) < 0)
-						bail("failed to unshare cgroup namespace");
-				} else
-					bail("received unknown synchronisation value");
+				if (unshare(CLONE_NEWCGROUP) < 0)
+					bail("failed to unshare cgroup namespace");
 			}
 
 			write_log(DEBUG, "signal completion to stage-0");

libcontainer/process_linux.go

@@ -25,10 +25,6 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-// Synchronisation value for cgroup namespace setup.
-// The same constant is defined in nsexec.c as "CREATECGROUPNS".
-const createCgroupns = 0x80
-
 type parentProcess interface {
 	// pid returns the pid for the running process.
 	pid() int
@@ -411,13 +407,6 @@ func (p *initProcess) start() (retErr error) {
 	}
 	p.setExternalDescriptors(fds)
 
-	// Now it's time to setup cgroup namesapce
-	if p.config.Config.Namespaces.Contains(configs.NEWCGROUP) && p.config.Config.Namespaces.PathOf(configs.NEWCGROUP) == "" {
-		if _, err := p.messageSockPair.parent.Write([]byte{createCgroupns}); err != nil {
-			return fmt.Errorf("error sending synchronization value to init process: %w", err)
-		}
-	}
-
 	// Wait for our first child to exit
 	if err := p.waitForChildExit(childPid); err != nil {
 		return fmt.Errorf("error waiting for our first child to exit: %w", err)

main.go

@@ -119,7 +119,6 @@ func main() {
 		deleteCommand,
 		eventsCommand,
 		execCommand,
-		initCommand,
 		killCommand,
 		listCommand,
 		pauseCommand,
@@ -149,10 +148,7 @@ func main() {
 		if err := reviseRootDir(context); err != nil {
 			return err
 		}
-		// let init configure logging on its own
-		if args := context.Args(); args != nil && args.First() == "init" {
-			return nil
-		}
+
 		return logs.ConfigureLogging(createLogConfig(context))
 	}