Skip to content

--cidfile fails if file exists even if empty #5954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hydrargyrum opened this issue Mar 22, 2025 · 3 comments
Open

--cidfile fails if file exists even if empty #5954

hydrargyrum opened this issue Mar 22, 2025 · 3 comments
Labels
kind/bug status/0-triage

Comments

@hydrargyrum
Copy link

Description

The best practice when creating a temporary file is not only to generate a filename of a file that does not already exist, but also to create/open the file with O_EXCL, to avoid TOCTOU, typically that's what mkstemp(3) does.
Unfortunately, docker-run's --cidfile prevents from passing it a safe temporary file, because docker-run will fail if the given file merely exists.

Reproduce

t=$(mktemp)
docker run --rm --cidfile=$t debian

Expected behavior

docker-run should fail only if the file given as --cidfile contains a PID (even better, check if the PID is alive by using kill(the_pid, 0) which is designed for that)

docker version

Client:
 Version:           20.10.24+dfsg1
 API version:       1.41
 Go version:        go1.19.8
 Git commit:        297e128
 Built:             Sat Oct 12 15:19:49 2024
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.5+dfsg1
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.15.15
  Git commit:       363e9a8
  Built:            Mon May 30 18:34:49 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.20~ds1
  GitCommit:        1.6.20~ds1-1+deb12u1
 runc:
  Version:          1.1.5+ds1
  GitCommit:        1.1.5+ds1-1+deb12u1
 docker-init:
  Version:          0.19.0
  GitCommit:

docker info

too much identifying info

Additional Info

No response
@nagenbiswal123
Copy link

Hello @hydrargyrum ,
I would like to work on this bug.

@thaJeztah
Copy link
Member

docker-run should fail only if the file given as --cidfile contains a PID (even better, check if the PID is alive by using kill(the_pid, 0) which is designed for that)

Note that this file contains the container ID (not a PID); on docker run, it contains the ID that was generated after the container is created (as part of the docker run)

@hydrargyrum
Copy link
Author

@thaJeztah indeed, that part about using kill() is completely mistaken (but it's still possible to check if the container is alive, if desired)

@thaJeztah thaJeztah mentioned this issue Apr 15, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thaJeztah @hydrargyrum @nagenbiswal123