Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix : fix gid duplication, additional_gids etc not getting used in exec #3018

Closed
wants to merge 2 commits into from
Closed

Fix : fix gid duplication, additional_gids etc not getting used in exec #3018

wants to merge 2 commits into from

Conversation

YJDoc2
Copy link
Collaborator

@YJDoc2 YJDoc2 commented Dec 10, 2024

This PR does following fixes:

  1. Fix gid duplication in additional_gids : if we provide duplicate gid, runc simply ignore it, whereas we used to retain duplicates and create two distinct groups with same gid. Now we filter the duplicates and only set unique gids
  2. Fix additional_gid, user, group not getting set in exec : exec command accepts these as args, but we did not use them in tenant container. Now we use them as well.
  3. Inject PATH from original container in case not provided to exec : exec allows supplying env vars, but by default it does not set any. This causes issue when running exec directly via youki, as it would error with PATH is not set . Given that we are exec-ing into an existing container, the expectation would be the same env would be applied, or atleast the path would be taken from it. I guess any higher runtime (docker/podman) automatically sets envs from original container, but I have injected path if missing.

I want to also add tests for these, but wanted to get a review on the changes before that.

@YJDoc2 YJDoc2 requested a review from a team December 10, 2024 14:58
YJDoc2
YJDoc2 commented Dec 10, 2024
View reviewed changes
crates/libcontainer/src/container/tenant_builder.rs
Comment on lines +455 to +475
let mut env_exists = false;
let mut env: Vec<String> = self
.env
.iter()
.map(|(k, v)| {
if k == "PATH" {
env_exists = true;
}
format!("{k}={v}")
})
.collect();
// It is not possible in normal flow that path is None. The original container
// creation would have failed if path was absent. However we use Option
// just as a caution, and if neither exec cmd not original spec has PATH,
// the container creation will fail later which is ok
if let Some(p) = path {
if !env_exists {
env.push(p);
}
}
env
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. If there is a more semantic way, let me know, these multiple checks are not particularly idiomatic.
  2. If there are no envs at all (self.env is empty) should we simply clone from the original container? I feel that is what the user would expect.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@YJDoc2 rename env_exists to path_exists

@YJDoc2
Copy link
Collaborator Author

YJDoc2 commented Dec 11, 2024

There are a couple of other fixes needed in exec impl as well, so probably split this PR into another one. duplicate gid is pretty small in scope, so not mixing it with exec changes.

@YJDoc2
Copy link
Collaborator Author

YJDoc2 commented Dec 11, 2024

Opening another PR to split this into two.

@YJDoc2 YJDoc2 closed this Dec 11, 2024
@YJDoc2 YJDoc2 deleted the fix/fix_multiple_gids branch December 11, 2024 13:18
@YJDoc2 YJDoc2 mentioned this pull request Dec 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@YJDoc2