Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] do not open stdin fifo when exec #10082

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[WIP] do not open stdin fifo when exec #10082

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 0 additions & 5 deletions cmd/containerd-shim-runc-v2/process/exec.go
View file
Open in desktop
Expand Up @@ -208,11 +208,6 @@
close(e.waitBlock)
return e.parent.runtimeError(err, "OCI runtime exec failed")
}
if e.stdio.Stdin != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's correct. containerd supports exec operation with input. Please add your motivation. Thanks

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

containerd/cmd/containerd-shim-runc-v2/process/exec.go

Line 240 in 6e0dc9f

sc, err := fifo.OpenFifo(context.Background(), path, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
openStdin opens fifo with O_WRONLY,which is only used to hold fifo write endpoint. For init process,it is important to prevent init process sigpipe when restart containerd, but for exec process, when restart containerd, exec process quit is what we want. Stdin copy for exec process parent.Platform.CopyConsole and pio.Copy will open stdin fifo with O_RDONLY in their own logic.

Copy link
Author

@yuqitao yuqitao Apr 19, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to use this patch to solve pty device leak in CopyConsole. When restart containerd, there is no fifo write endpoint, copy stdin goroutine in CopyConsole will read EOF, and shutdown epollConsole.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Synced with @yuqitao offline. I think the right approach is to implement exec operation's GC in CRI level or high-level plugin. The cleanup should be handled async. Since pod exec probe can go crazy, shim could have a lot of running exec processes. It could take time to cleanup. To avoid slow starting, we should handle it async.

if err := e.openStdin(e.stdio.Stdin); err != nil {
return err
}
}
ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
defer cancel()
if socket != nil {
Expand All @@ -236,7 +231,7 @@
return nil
}

func (e *execProcess) openStdin(path string) error {

Check failure on line 234 in cmd/containerd-shim-runc-v2/process/exec.go

View workflow job for this annotation

GitHub Actions / Linters (ubuntu-22.04) 

func `(*execProcess).openStdin` is unused (unused)
sc, err := fifo.OpenFifo(context.Background(), path, syscall.O_WRONLY|syscall.O_NONBLOCK, 0)
if err != nil {
return fmt.Errorf("failed to open stdin fifo %s: %w", path, err)
Expand Down