bubblewrap: add --as-pid-1

[giuseppe]

Useful to run a process with PID=1

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

[cgwalters]

Only minor nits, though it should be pretty easy to at least add a use of this in tests/test-run.sh, something like run bash -c 'echo $$' and assert the output is 1?

[cgwalters]

How about --as-pid1, like the inverse of systemd-nspawn --as-pid2?

[giuseppe]

I am fine with it. @alexlarsson do you like --as-pid1 more?

[alexlarsson]

In general, this option only makes sense with unshare-pid. Maybe we should verify that and print a warning if not. Maybe it could be --unshare-pid-noinit?

[cgwalters]

I dunno...it feels like we're optimizing for the wrong thing here. We can easily error out if the user doesn't pass --unshare-pid too.

But if I was looking at the --help output I would be a lot less likely to find --unshare-pid-noinit if I was looking for this functionality.

--as-pid1 The executed program will be PID 1 (suppress builtin init)
vs
--unshare-pid-noinit Do not install a reaper process with PID=1

?

[cgwalters]

(Sorry to bikeshed, but OTOH the command line is the bwrap "API" and it makes sense to consider it carefully I think)

[giuseppe]

I also like --as-pid-1 more, easier to find it the --help output. I am fine to change the patch if consensus is reached

[alexlarsson]

--as-pid-1 sounds good to me!

[cgwalters]

!as_pid1 as a variable would also read better than the double-negative !no

[alexlarsson]

I think we should also check if the user specified any lock files or a sync-fd and error out, because those require support from our own pid1.

[alexlarsson]

Also, opt_die_with_parent needs pid1 too.

[alexlarsson]

Also, if opt_unshare_pid is set *and no_reaper, then we should not allocate event_fd (because it needs the init process).

[giuseppe]

hm.. doesn't opt_die_with_parent still work without pid1? The handle_die_with_parent() just before the execvp will still be valid no?

I've done a quick test and the process in the sandbox exits when bwrap is killed.

[alexlarsson]

True, i was just looking at the handle_die_with_parent call in do_init(). It should work.

[cgwalters]

We don't need this hunk, since we can rely on sync_fd = -1 in this case right?

[giuseppe]

I thought of leaking opt_sync_fd into the container process so that sync_fd would still work with --no-reaper (unless the container process doesn't close it), so that the two options are not mutually exclusive.

I'd say it should be fine to leak opt_sync_fd, or do we change to an explicit error?

[alexlarsson]

I guess that leaking the fd should work. However, please add a more detailed comment about this in the code.

[alexlarsson]

Call this opt_no_reaper to match the other options.

[giuseppe]

pushed a new version with all the comments addressed

[giuseppe]

I changed the option name to --as-pid-1

[cgwalters]

@alexlarsson This repo uses homu, now we have a merge commit 😞

[alexlarsson]

@cgwalters :( too many different repos...

[cgwalters]

I understand, it bites me too. Things should now be set up on this repo though so that only homu can push.