libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon #20425
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@vrothberg PTAL |
There was a problem hiding this comment.
Code LGTM
Could you extend the test (7ade972#diff-78c7444aee8aa212e7101395b618015dec2d5d1eab06fb7de2a8ecdf7418cde4) to make sure we won't regress again?
giuseppe
force-pushed
the
podman-do-not-leak-DBUS_SESSION_BUS_ADDRESS-into-conmon
branch
from
b5f95b6 to
6cb3081
Compare
sure, added a test |
giuseppe
force-pushed
the
podman-do-not-leak-DBUS_SESSION_BUS_ADDRESS-into-conmon
branch
from
6cb3081 to
c1896d0
Compare
|
/lgtm |
openshift-ci
bot
added
the
do-not-merge/hold
giuseppe
force-pushed
the
podman-do-not-leak-DBUS_SESSION_BUS_ADDRESS-into-conmon
branch
from
c1896d0 to
09ca548
Compare
test/system/030-run.bats
Outdated
| @@ -1298,10 +1298,18 @@ search | $IMAGE | | |||
| run_podman run -d -q --syslog $IMAGE sleep infinity | |||
| cid="$output" | |||
|
|
|||
| # The CIRRUS_CHANGE_TITLE env variable should not affect the tests below: | |||
| unset CIRRUS_CHANGE_TITLE | |||
There was a problem hiding this comment.
@giuseppe how did this variable affect the test? I'm trying to understand it but failed to see a connection
There was a problem hiding this comment.
it contained the title of the PR "libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon" so DBUS_SESSION_BUS_ADDRESS was still found in the environment variables
There was a problem hiding this comment.
:-D that's hilarious in a way. Thanks, makes sense!
There was a problem hiding this comment.
if I need to repush, I'll also change the check for DBUS_SESSION_BUS_ADDRESS= instead of DBUS_SESSION_BUS_ADDRESS
commit 7ade972 introduced the change that caused an issue in crun since it forces the root user session instead of the system one when DBUS_SESSION_BUS_ADDRESS is set. I am addressing it in crun, but for the time being, let's also not pass the variable down to conmon since the assumption is that when running as root the containers must be created on the system bus. Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe
force-pushed
the
podman-do-not-leak-DBUS_SESSION_BUS_ADDRESS-into-conmon
branch
from
09ca548 to
03947ab
Compare
|
Ephemeral COPR build failed. @containers/packit-build please check. |
|
/lgtm |
| @@ -1301,7 +1301,12 @@ search | $IMAGE | | |||
| run_podman container inspect $cid --format "{{ .State.ConmonPid }}" | |||
| conmon_pid="$output" | |||
| is "$(< /proc/$conmon_pid/cmdline)" ".*--exit-command-arg--syslog.*" "conmon's exit-command has --syslog set" | |||
| assert "$(< /proc/$conmon_pid/environ)" =~ "BATS_TEST_TMPDIR" "entire env is passed down to conmon (incl. BATS variables)" | |||
| conmon_env="$(< /proc/$conmon_pid/environ)" | |||
There was a problem hiding this comment.
On a future iteration this might be nicer: conmon_env=$(sed -z -e 's/=.*/\n/g' </proc/$conmon_pid/environ) which gives you one envariable per line. No need for repush though.
| assert "$(< /proc/$conmon_pid/environ)" =~ "BATS_TEST_TMPDIR" "entire env is passed down to conmon (incl. BATS variables)" | ||
| conmon_env="$(< /proc/$conmon_pid/environ)" | ||
| assert "$conmon_env" =~ "BATS_TEST_TMPDIR" "entire env is passed down to conmon (incl. BATS variables)" | ||
| assert "$conmon_env" !~ "NOTIFY_SOCKET=" "NOTIFY_SOCKET is not included (incl. BATS variables)" |
There was a problem hiding this comment.
the incl part makes no sense on this line, nor 1308, but again I won't insist on a repush.
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
github-actions
bot
added
the
locked - please file new issue/PR
commit 7ade972 introduced the change that caused an issue in crun since it forces the root user session instead of the system one when DBUS_SESSION_BUS_ADDRESS is set.
I am addressing it in crun, but for the time being, let's also not pass the variable down to conmon since the assumption is that when running as root the containers must be created on the system bus.
[NO NEW TESTS NEEDED]
the crun PR: containers/crun#1328
Does this PR introduce a user-facing change?