exec: expose --preserve-fds #1995
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Seems reasonable, though I would like an integration test. |
This was referenced Feb 25, 2019
giuseppe
force-pushed
the
exec-preserve-fds
branch
8 times, most recently
from
6287951
to
9b01eab
Compare
The implementation is already there, we only need to add the CLI option and pass it down. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
force-pushed
the
exec-preserve-fds
branch
from
9b01eab
to
52f4e0f
Compare
|
tests are passing now |
|
LGTM. |
|
LGTM |
|
@caniszczyk pull-approve is taking a long time to detect LGTMs. |
thaJeztah
added a commit
to thaJeztah/containerd
that referenced
this pull request
Mar 7, 2019
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/containerd
that referenced
this pull request
Mar 7, 2019
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit b8d40b3) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/containerd
that referenced
this pull request
Mar 7, 2019
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit b8d40b3) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
kolyshkin
reviewed
Oct 22, 2020
| runc run -d --console-socket $CONSOLE_SOCKET test_busybox | ||
| [ "$status" -eq 0 ] | ||
|
|
||
| run bash -c "cat hello > preserve-fds.test; exec 3<preserve-fds.test; $RUNC --log /proc/self/fd/2 --root $ROOT exec --preserve-fds=1 test_busybox cat /proc/self/fd/3" |
There was a problem hiding this comment.
What I don't understand is why cat hello is not failing. There is no such file named hello.
There was a problem hiding this comment.
I guess the error is just ignored but the file is still created by the shell. I guess it had to be echo but too long ago to remember :)
There was a problem hiding this comment.
I mean, yes, cat hello should fail and this is ignored by bash since it does not run with set -e.
What I don't understand is how the check below (that checks that $output contains hello works at all.
There was a problem hiding this comment.
@giuseppe pointed out that cat hello produces the message like cat: hello: no such file or directory, and thus the check for hello in the $output succeeds!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The implementation is already there, we only need to add the CLI
option and pass it down.
Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com