67 lines
2.5 KiB
Diff
67 lines
2.5 KiB
Diff
From f7dc43d7b356f2e70968e229f3fbab3e19d7b134 Mon Sep 17 00:00:00 2001
|
|
From: xulei <xulei@xfusion.com>
|
|
Date: Wed, 25 Dec 2024 11:11:08 +0800
|
|
Subject: [PATCH] runc:Fix failed exec after systemctl daemon-reload
|
|
|
|
Reference: https://github.com/opencontainers/runc/pull/3554/files
|
|
|
|
---
|
|
libcontainer/cgroups/systemd/common.go | 16 +++++++++-------
|
|
tests/integration/dev.bats | 16 ++++++++++++++++
|
|
2 files changed, 25 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go
|
|
index 5a68a3c..45744c1 100644
|
|
--- a/libcontainer/cgroups/systemd/common.go
|
|
+++ b/libcontainer/cgroups/systemd/common.go
|
|
@@ -288,14 +288,16 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
|
|
case devices.CharDevice:
|
|
entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor)
|
|
}
|
|
+ // systemd will issue a warning if the path we give here doesn't exist.
|
|
+ // Since all of this logic is best-effort anyway (we manually set these
|
|
+ // rules separately to systemd) we can safely skip entries that don't
|
|
+ // have a corresponding path.
|
|
+ if _, err := os.Stat(entry.Path); err != nil {
|
|
+ logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err)
|
|
+ continue
|
|
+ }
|
|
}
|
|
- // systemd will issue a warning if the path we give here doesn't exist.
|
|
- // Since all of this logic is best-effort anyway (we manually set these
|
|
- // rules separately to systemd) we can safely skip entries that don't
|
|
- // have a corresponding path.
|
|
- if _, err := os.Stat(entry.Path); err == nil {
|
|
- deviceAllowList = append(deviceAllowList, entry)
|
|
- }
|
|
+ deviceAllowList = append(deviceAllowList, entry)
|
|
}
|
|
|
|
properties = append(properties, newProp("DeviceAllow", deviceAllowList))
|
|
diff --git a/tests/integration/dev.bats b/tests/integration/dev.bats
|
|
index 01f6778..2433157 100644
|
|
--- a/tests/integration/dev.bats
|
|
+++ b/tests/integration/dev.bats
|
|
@@ -128,3 +128,19 @@ function teardown() {
|
|
runc exec test_allow_block sh -c 'fdisk -l '"$device"''
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
+
|
|
+# https://github.com/opencontainers/runc/issues/3551
|
|
+@test "runc exec vs systemctl daemon-reload" {
|
|
+ requires systemd root
|
|
+
|
|
+ runc run -d --console-socket "$CONSOLE_SOCKET" test_exec
|
|
+ [ "$status" -eq 0 ]
|
|
+
|
|
+ runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123"
|
|
+ [ "$status" -eq 0 ]
|
|
+
|
|
+ systemctl daemon-reload
|
|
+
|
|
+ runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123"
|
|
+ [ "$status" -eq 0 ]
|
|
+}
|
|
--
|
|
2.33.0
|