Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow file-descriptor passing from podman-exec #2372

Closed
chergert opened this issue Feb 19, 2019 · 10 comments
Closed

allow file-descriptor passing from podman-exec #2372

chergert opened this issue Feb 19, 2019 · 10 comments
Assignees
@giuseppe
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@chergert
Copy link

/kind feature

Description

Add support for passing file-descriptors across podman exec execution boundary.

I've started integrating some basic podman support into GNOME Builder using our native container abstractions (like we do for flatpak). One thing that makes this possible with flatpak is that we can pass file descriptors across the execution boundary. That way, I can feed a PTY for the debugger inferior to tooling like gdb while using the controlling PTY to control gdb itself.

I've looked at calling runc directly using --preserve-fds, but that would mean duplicating a lot of what podman already does for us.
@openshift-ci-robot openshift-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 19, 2019
@rhatdan
Copy link
Member

rhatdan commented Feb 20, 2019

So you want to add a --preserve-fds flag to podman run/create?

@debarshiray
Copy link
Member

So you want to add a --preserve-fds flag to podman run/create?

Yes, but to podman run/exec, if I understood @chergert properly.

@rhatdan
Copy link
Member

rhatdan commented Feb 20, 2019

@mheon @giuseppe WDYT?

@giuseppe
Copy link
Member

It is an useful idea.

The only issue is that we are already passing down a bunch of fds, so we would need to properly reassign them.

@mheon
Copy link
Member

mheon commented Feb 20, 2019

The Flatpak way of doing this is --forward-fd=FD, which seems like a sane enough interface... I don't see many people using this, but the exec command isn't very cluttered right now, so I'm not opposed to adding it.

@rhatdan
Copy link
Member

rhatdan commented Feb 20, 2019

@giuseppe Do you have time to work on it?

@rhatdan
Copy link
Member

rhatdan commented Feb 20, 2019

There are probably going to be SELinux issues with this. SELinux should block the use of these fd's being passed in.

@rhatdan
Copy link
Member

rhatdan commented Feb 20, 2019

Unless they are labeled with something like
system_u:system_r:container_t:s0

@rhatdan
Copy link
Member

rhatdan commented Feb 23, 2019

@giuseppe Could you take a look at this?

@giuseppe giuseppe mentioned this issue Feb 25, 2019
Merged
@giuseppe
Copy link
Member

PR for runc here: opencontainers/runc#1995

PR for libpod here: #2426

giuseppe added a commit to giuseppe/libpod that referenced this issue Mar 2, 2019
@giuseppe
exec: support --preserve-fds
0b34327 
Allow to pass additional FDs to the process being executed.

Closes: containers#2372

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 24, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@giuseppe giuseppe

Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@chergert @giuseppe @rhatdan @debarshiray @mheon @openshift-ci-robot