github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

containerd-shim: Use abstract namespace for the unix socket

Browse Source 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This commit is contained in:
Kenfe-Mickael Laventure 2017-06-12 14:43:28 -07:00
parent 8644a08c96
commit 95afeb7831
No known key found for this signature in database
GPG Key ID: 40CF16616B361216
4 changed files with 63 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/containerd-shim/main_unix.go
View File

@ -45,6 +45,10 @@ func main() {
Name: "namespace,n", Name: "namespace,n",
Usage: "namespace that owns the task", Usage: "namespace that owns the task",
}, },
cli.StringFlag{
Name: "socket,s",
Usage: "abstract socket path to server on",
},
} }
app.Before = func(context *cli.Context) error { app.Before = func(context *cli.Context) error {
if context.GlobalBool("debug") { if context.GlobalBool("debug") {
@ -73,7 +77,8 @@ func main() {
} }
logrus.Debug("registering grpc server") logrus.Debug("registering grpc server")
shimapi.RegisterShimServer(server, sv) shimapi.RegisterShimServer(server, sv)
if err := serve(server, "shim.sock"); err != nil { socket := context.GlobalString("socket")
if err := serve(server, socket); err != nil {
return err return err
} }
return handleSignals(signals, server) return handleSignals(signals, server)
@ -87,7 +92,16 @@ func main() {
// serve serves the grpc API over a unix socket at the provided path // serve serves the grpc API over a unix socket at the provided path
// this function does not block // this function does not block
func serve(server *grpc.Server, path string) error { func serve(server *grpc.Server, path string) error {
l, err := net.FileListener(os.NewFile(3, "socket")) var (
l net.Listener
err error
)
if path == "" {
l, err = net.FileListener(os.NewFile(3, "socket"))
path = "[inherited from parent]"
} else {
l, err = net.Listen("unix", "\x00"+path)
}
if err != nil { if err != nil {
return err return err
} }

27
cmd/ctr/shim.go
View File

@ -51,6 +51,12 @@ var fifoFlags = []cli.Flag{
var shimCommand = cli.Command{ var shimCommand = cli.Command{
Name: "shim", Name: "shim",
Usage: "interact with a shim directly", Usage: "interact with a shim directly",
Flags: []cli.Flag{
cli.StringFlag{
Name: "socket",
Usage: "socket on which to connect to the shim",
},
},
Subcommands: []cli.Command{ Subcommands: []cli.Command{
shimCreateCommand, shimCreateCommand,
shimStartCommand, shimStartCommand,
@ -88,7 +94,7 @@ var shimCreateCommand = cli.Command{
if id == "" { if id == "" {
return errors.New("container id must be provided") return errors.New("container id must be provided")
} }
service, err := getShimService() service, err := getShimService(context)
if err != nil { if err != nil {
return err return err
} }
@ -139,7 +145,7 @@ var shimStartCommand = cli.Command{
Name: "start", Name: "start",
Usage: "start a container with a shim", Usage: "start a container with a shim",
Action: func(context *cli.Context) error { Action: func(context *cli.Context) error {
service, err := getShimService() service, err := getShimService(context)
if err != nil { if err != nil {
return err return err
} }
@ -152,7 +158,7 @@ var shimDeleteCommand = cli.Command{
Name: "delete", Name: "delete",
Usage: "delete a container with a shim", Usage: "delete a container with a shim",
Action: func(context *cli.Context) error { Action: func(context *cli.Context) error {
service, err := getShimService() service, err := getShimService(context)
if err != nil { if err != nil {
return err return err
} }
@ -169,7 +175,7 @@ var shimStateCommand = cli.Command{
Name: "state", Name: "state",
Usage: "get the state of all the processes of the shim", Usage: "get the state of all the processes of the shim",
Action: func(context *cli.Context) error { Action: func(context *cli.Context) error {
service, err := getShimService() service, err := getShimService(context)
if err != nil { if err != nil {
return err return err
} }
@ -213,7 +219,7 @@ var shimExecCommand = cli.Command{
}, },
), ),
Action: func(context *cli.Context) error { Action: func(context *cli.Context) error {
service, err := getShimService() service, err := getShimService(context)
ctx := gocontext.Background() ctx := gocontext.Background()
if err != nil { if err != nil {
return err return err
@ -275,7 +281,7 @@ var shimEventsCommand = cli.Command{
Name: "events", Name: "events",
Usage: "get events for a shim", Usage: "get events for a shim",
Action: func(context *cli.Context) error { Action: func(context *cli.Context) error {
service, err := getShimService() service, err := getShimService(context)
if err != nil { if err != nil {
return err return err
} }
@ -293,15 +299,18 @@ var shimEventsCommand = cli.Command{
}, },
} }
func getShimService() (shim.ShimClient, error) { func getShimService(context *cli.Context) (shim.ShimClient, error) {
bindSocket := "shim.sock" bindSocket := context.GlobalString("socket")
if bindSocket == "" {
return nil, errors.New("socket path must be specified")
}
// reset the logger for grpc to log to dev/null so that it does not mess with our stdio // reset the logger for grpc to log to dev/null so that it does not mess with our stdio
grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags)) grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithTimeout(100 * time.Second)} dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithTimeout(100 * time.Second)}
dialOpts = append(dialOpts, dialOpts = append(dialOpts,
grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) { grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
return net.DialTimeout("unix", bindSocket, timeout) return net.DialTimeout("unix", "\x00"+bindSocket, timeout)
}, },
)) ))
conn, err := grpc.Dial(fmt.Sprintf("unix://%s", bindSocket), dialOpts...) conn, err := grpc.Dial(fmt.Sprintf("unix://%s", bindSocket), dialOpts...)

11
linux/bundle.go
View File

@ -44,12 +44,14 @@ func newBundle(path, namespace, id string, spec []byte) (b *bundle, err error) {
defer f.Close() defer f.Close()
_, err = io.Copy(f, bytes.NewReader(spec)) _, err = io.Copy(f, bytes.NewReader(spec))
return &bundle{ return &bundle{
id: id,
path: path, path: path,
namespace: namespace, namespace: namespace,
}, err }, err
} }
type bundle struct { type bundle struct {
id string
path string path string
namespace string namespace string
} }
@ -61,7 +63,7 @@ func (b *bundle) NewShim(ctx context.Context, binary string, remote bool) (*clie
opt = client.WithLocal opt = client.WithLocal
} }
return client.New(ctx, client.Config{ return client.New(ctx, client.Config{
Address: filepath.Join(b.path, "shim.sock"), Address: b.shimAddress(),
Path: b.path, Path: b.path,
Namespace: b.namespace, Namespace: b.namespace,
}, opt) }, opt)
@ -74,7 +76,7 @@ func (b *bundle) Connect(ctx context.Context, remote bool) (*client.Client, erro
opt = client.WithLocal opt = client.WithLocal
} }
return client.New(ctx, client.Config{ return client.New(ctx, client.Config{
Address: filepath.Join(b.path, "shim.sock"), Address: b.shimAddress(),
Path: b.path, Path: b.path,
Namespace: b.namespace, Namespace: b.namespace,
}, opt) }, opt)
@ -89,3 +91,8 @@ func (b *bundle) Spec() ([]byte, error) {
func (b *bundle) Delete() error { func (b *bundle) Delete() error {
return os.RemoveAll(b.path) return os.RemoveAll(b.path)
} }
func (b *bundle) shimAddress() string {
return filepath.Join(string(filepath.Separator), "containerd-shim", b.namespace, b.id, "shim.sock")
}

25
linux/shim/client.go
View File

@ -34,11 +34,14 @@ func WithStart(binary string) ClientOpt {
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
// close our side of the socket, do not close the listener as it will
// remove the socket from disk
defer socket.Close() defer socket.Close()
f, err := socket.File()
if err != nil {
return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", config.Address)
}
defer f.Close()
cmd := newCommand(binary, config, socket) cmd := newCommand(binary, config, f)
if err := reaper.Default.Start(cmd); err != nil { if err := reaper.Default.Start(cmd); err != nil {
return nil, nil, errors.Wrapf(err, "failed to start shim") return nil, nil, errors.Wrapf(err, "failed to start shim")
} }
@ -73,12 +76,16 @@ func newCommand(binary string, config Config, socket *os.File) *exec.Cmd {
return cmd return cmd
} }
func newSocket(config Config) (*os.File, error) { func newSocket(config Config) (*net.UnixListener, error) {
l, err := sys.CreateUnixSocket(config.Address) if len(config.Address) > 106 {
if err != nil { return nil, errors.Errorf("%q: unix socket path too long (limit 106)", config.Address)
return nil, err
} }
return l.(*net.UnixListener).File() l, err := net.Listen("unix", "\x00"+config.Address)
if err != nil {
return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", config.Address)
}
return l.(*net.UnixListener), nil
} }
func connect(address string) (*grpc.ClientConn, error) { func connect(address string) (*grpc.ClientConn, error) {
@ -98,7 +105,7 @@ func connect(address string) (*grpc.ClientConn, error) {
func dialer(address string, timeout time.Duration) (net.Conn, error) { func dialer(address string, timeout time.Duration) (net.Conn, error) {
address = strings.TrimPrefix(address, "unix://") address = strings.TrimPrefix(address, "unix://")
return net.DialTimeout("unix", address, timeout) return net.DialTimeout("unix", "\x00"+address, timeout)
} }
func dialAddress(address string) string { func dialAddress(address string) string {