Skip to content

catatonit 0.1.6
Compare
Choose a tag to compare
@cyphar cyphar released this 16 Sep 05:14
v0.1.6
This tag was signed with the committer’s verified signature. The key has been revoked.
cyphar Aleksa Sarai
GPG key ID: 9D94B96321B9D012
Revoked
Learn about vigilant mode.
3242186
This commit was signed with the committer’s verified signature. The key has been revoked.
cyphar Aleksa Sarai
GPG key ID: 9D94B96321B9D012
Revoked
Learn about vigilant mode.

This release fixes two issues found by @alexlarsson and fixed by @guiseppe:

  • Container-based socket activation support with runc sets LISTEN_PID=1 when
    forwarding socket-activation-related file descriptors, but with catatonit
    this doesn't work because catatonit is pid1 not the actual container
    process. As such, catatonit will now rewrite the LISTEN_PIDS environment
    variable to equal the pid2 pid if LISTEN_PIDS is equal to the pid of
    catatonit.

  • File descriptors passed to the pid2 process were not closed by catatonit
    after starting pid2 which could lead to several negative scenarios (such as
    resources being kept around unnecessarily). Now catatonit will close all >=3
    file descriptors after spawning the child process.

And a miscellaneous issue about a file handle for /dev/tty being leaked to pid2
because O_CLOEXEC wasn't set (in the original Rust version O_CLOEXEC isn't
necessary because that's the default setting for Rust file handles).

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Contributors

alexlarsson and guiseppe
Assets 7