-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libcontainer: support set stdios for container #2961
base: main
Are you sure you want to change the base?
Conversation
d59b321
to
4b9f469
Compare
May I ask you to take a look at discussion done in #2749 , as it was opened with similar intentions. |
@YJDoc2 Sorry, I also noticed that there is already a related PR after I submit this PR, but it seems it is a breaking change there, but in this PR, we just add three |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -24,6 +25,12 @@ pub struct ContainerBuilder { | |||
/// The function that actually runs on the container init process. Default | |||
/// is to execute the specified command in the oci spec. | |||
pub(super) executor: Box<dyn Executor>, | |||
// RawFd set to stdin of the container init process. | |||
pub stdin: Option<RawFd>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better for this to be OwnedFd
.
With the current design as used in the doc example, this is leaking FDs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also hesitated between OwnedFd and RawFd, At last I think maybe RawFd is better because with RawFd
the caller has its control over when to close them, otherwise the fd is closed when the it go out of some scope, maybe it is not our expected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With RawFd
there's a risk the caller closes the file before we use it.
If they dont want their file closed, and want to retain ownership, the caller can always call try_clone()
to obtain a new OwnedFd
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you are right, OwnedFd is good, Now The stdin/stdout/stderr in ContainerBuilder
is OwnedFd
, but in ContainerArgs
it is still RawFd because it should implement Clone
but OwnedFd
does not implement Clone
. So I changed it to RawFd
with as_raw_fd()
when new ContainerArgs
, I'm not sure if that is appropriate, please take a look. Thanks
Hey @abel-von , before checking further, couple of comments -
|
539c48f
to
3608a4d
Compare
Hi @YJDoc2, The CI failure is fixed, could you please trigger the CI again. Thank you. |
3608a4d
to
f710590
Compare
Hey, I think the tests are passing, but the lint and fmt CI is failing again. We use the Also I'm wondering, would it be possible to have e2e or unit tests for this feature? |
f710590
to
0a2c5b7
Compare
Hi @YJDoc2, |
0a2c5b7
to
a375222
Compare
Ok, I'll think on this. Btw, I have run the CI again, but there are conflicts with main branch due to another PR that was merged. Can you take a look and resolve them? Thanks. |
currently the container can only inherit stdios from it's parent process, the one who create container with libcontainer can not set stdios to a different file. Signed-off-by: Abel Feng <fshb1988@gmail.com>
a375222
to
7da767b
Compare
@YJDoc2 confliction is resolved. some of my |
currently the container can only inherit stdios from it's parent process, the one who create container with libcontainer can not set stdios to a different file. this restrict the use of the libcontainer that a process can only create one container by itself, because we can't imagine that every container this process creates share the same stdin/stdout/stderr.