Refactor I/O and add SD_NOTIFY proxy support

Refactored all the conn_sock functionality to be more generic. It can deal with different types of sockets, stream vs dgram, and reuses all the same callbacks, shutdown and async functionality. Conmon creates a notify socket which podman bind-mounts into the container, and passes in via the spec's environment variables. Conmon relays the READY=1 signal. This is similar to what runc and crun do, but doing it in conmon and NOT passing NOTIFY_SOCKET to the OCI runtime allows us to start up properly without runc and crun blocking on the "start" command. It would also be trivial to add more proxied sockets, i.e. the /dev/log proof of concept I did would now be super easy, if we wanted to revisit that. Signed-off-by: Joseph Gooch <[email protected]>
containers · Jun 24, 2020 · 22741d9 · 22741d9
1 parent 42414b8
commit 22741d9
Show file tree

Hide file tree

Showing 4 changed files with 270 additions and 62 deletions.
diff --git a/src/conmon.c b/src/conmon.c
@@ -84,6 +84,15 @@ int main(int argc, char *argv[])
 		exit(0);
 	}
 
+	if (getenv("NOTIFY_SOCKET") != NULL) {
+		setup_notify_socket(getenv("NOTIFY_SOCKET"));
+		int r = unsetenv("NOTIFY_SOCKET");
+		if (r < 0) {
+			nwarnf("Cannot unset NOTIFY_SOCKET %d", r)
+		}
+	}
+
+
 	/* Environment variables */
 	sync_pipe_fd = get_pipe_fd_from_env("_OCI_SYNCPIPE");