-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Socket activation works with TCP socket but not with Unix Domain socket #10443
Comments
@eriksjolund Nice job designing this tests, but do you have any idea what podman is doing incorrectly? Is there something about socket activated unix domain sockets that we are not passing in correctly? Perhaps the pack of the socket? |
Ooops, I made a mistake with the curl command. It shouldn't be
Probably
I'll see if this changes things. |
I think I've now figured out how to use When I tried it once again, the test with Podman TCP socket also fails.
Testing the TCP socket without Podman works.
(I truncated the output as it was quite long). My goal was to create a minimal example of running a container with Podman in a |
Ok so we are not correctly passing the socket activation down to the container within podman. |
I discovered one more thing.
I tried to "socket-activate" this Bash command:
Hmm, should those PID:s be equal? Regarding the many $ dollar signs. I am not quite sure why I need to provide so many. Probably there is some escaping going on. I wonder if we should close this issue? I could open up a new issue when I know some more. (Hopefully I could find some time for this during the weekend) |
I would argue that Podman should be handling the passing of these environment variables itself, when running |
A friendly reminder that this issue had no activity for 30 days. |
If a container is running within a systemd service and it is socket activated, we need to leak the LISTEN_* environment variables into the container. Fixes: containers#10443 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
A friendly reminder that this issue had no activity for 30 days. |
Make sure that Podman passes the LISTEN_* environment into containers. Similar to runc, LISTEN_PID is set to 1. Also remove conditionally passing the LISTEN_FDS as extra files. The condition was wrong (inverted) and introduced to fix containers#3572 which related to running under varlink which has been dropped entirely with Podman 3.0. Note that the NOTIFY_SOCKET and LISTEN_* variables are cleared when running `system service`. Fixes: containers#10443 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
I tested socket activation with /usr/lib/systemd/systemd-socket-proxyd in four different ways.
The tests were performed in Systemd user services (i.e. running rootless).
I also tried adding the --privileged flag but it didn't help.
Steps to reproduce the issue:
TCP socket with Podman : Success
Unix domain socket with Podman : Failure
I also tried adding the --privileged flag to the
podman run
command but it didn't help.TCP socket without Podman : Success
Unix domain socket without Podman : Success
Describe the results you received:
The test Unix domain socket with Podman failed.
Describe the results you expected:
I expected it to work.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
I have checked the Podman Troubleshooting Guide.
Additional environment details (AWS, VirtualBox, physical, etc.):
Physical computer
The text was updated successfully, but these errors were encountered: