From 6e0db62edc974363cf15d1c3c962872a411179dc Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 17 Oct 2023 14:34:38 +0200 Subject: [PATCH] pkg/config: lookup InitPath in HelperBinariesDir Forcing a single upstream default for the init path is bad as some distro use different install locations for various reasons. To fix this use the existing helper_binaries_dir field to lookup in all directories. To keep backwards compatibility we keep using the old default and both Containers.InitPath and Engine.InitPath. Yes that is right, somehow we ended up with the same config field under the containers and engine section and they are both used in podman! Thus we need to keep supporting both, only the field under the container section was documented and now recommends the use of helper_binaries_dir. To make the docs more clear also document what binaries are currently looked up in helper_binaries_dir. Note this needs further integration in podman. Fixes #1110 Signed-off-by: Paul Holzinger --- docs/containers.conf.5.md | 15 +++++++++++++++ pkg/config/config.go | 21 +++++++++++++++++++++ pkg/config/containers.conf | 3 +++ pkg/config/containers.conf-freebsd | 3 +++ pkg/config/default.go | 9 +++------ 5 files changed, 45 insertions(+), 6 deletions(-) diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md index 984334124..dfbc27a20 100644 --- a/docs/containers.conf.5.md +++ b/docs/containers.conf.5.md @@ -205,6 +205,10 @@ Run an init inside the container that forwards signals and reaps processes. **init_path**="/usr/libexec/podman/catatonit" +If this option is not set catatonit is searched in the directories listed under +the **helper_binaries_dir** option. It is recommended to just install catatonit +there instead of configuring this option here. + Path to the container-init binary, which forwards signals and reaps processes within containers. Note that the container-init binary will only be used when the `--init` for podman-create and podman-run is set. @@ -574,6 +578,17 @@ with detailed information about the container. Set to false by default. **helper_binaries_dir**=["/usr/libexec/podman", ...] A is a list of directories which are used to search for helper binaries. +The following binaries are searched in these directories: + - aardvark-dns + - catatonit + - netavark + - pasta + - slirp4netns + +Podman machine uses it for these binaries: + - gvproxy + - qemu + - vfkit The default paths on Linux are: diff --git a/pkg/config/config.go b/pkg/config/config.go index 2be4e6326..087f9de4a 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -149,6 +149,8 @@ type ContainersConfig struct { Init bool `toml:"init,omitempty"` // InitPath is the path for init to run if the Init bool is enabled + // + // Deprecated: Do not use this field directly use conf.FindInitBinary() instead. InitPath string `toml:"init_path,omitempty"` // IPCNS way to create a ipc namespace for the container @@ -351,6 +353,8 @@ type EngineConfig struct { InfraImage string `toml:"infra_image,omitempty"` // InitPath is the path to the container-init binary. + // + // Deprecated: Do not use this field directly use conf.FindInitBinary() instead. InitPath string `toml:"init_path,omitempty"` // KubeGenerateType sets the Kubernetes kind/specification to generate by default @@ -1223,3 +1227,20 @@ func ValidateImageVolumeMode(mode string) error { return fmt.Errorf("invalid image volume mode %q required value: %s", mode, strings.Join(validImageVolumeModes, ", ")) } + +// FindInitBinary will return the path to the init binary (catatonit) +func (c *Config) FindInitBinary() (string, error) { + // Sigh, for some reason we ended up with two InitPath field in containers.conf and + // both are used in podman so we have to keep supporting both to prevent regressions. + if c.Containers.InitPath != "" { + return c.Containers.InitPath, nil + } + if c.Engine.InitPath != "" { + return c.Engine.InitPath, nil + } + // keep old default working to guarantee backwards comapt + if _, err := os.Stat(DefaultInitPath); err == nil { + return DefaultInitPath, nil + } + return c.FindHelperBinary(defaultInitName, true) +} diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf index 37b17071d..8c532f079 100644 --- a/pkg/config/containers.conf +++ b/pkg/config/containers.conf @@ -149,6 +149,9 @@ default_sysctls = [ #init = false # Container init binary, if init=true, this is the init binary to be used for containers. +# If this option is not set catatonit is searched in the directories listed under +# the helper_binaries_dir option. It is recommended to just install catatonit +# there instead of configuring this option here. # #init_path = "/usr/libexec/podman/catatonit" diff --git a/pkg/config/containers.conf-freebsd b/pkg/config/containers.conf-freebsd index de2bf682e..f471e3079 100644 --- a/pkg/config/containers.conf-freebsd +++ b/pkg/config/containers.conf-freebsd @@ -133,6 +133,9 @@ default_sysctls = [ #init = false # Container init binary, if init=true, this is the init binary to be used for containers. +# If this option is not set catatonit is searched in the directories listed under +# the helper_binaries_dir option. It is recommended to just install catatonit +# there instead of configuring this option here. # #init_path = "/usr/local/libexec/podman/catatonit" diff --git a/pkg/config/default.go b/pkg/config/default.go index b7167ed1b..e6bac2317 100644 --- a/pkg/config/default.go +++ b/pkg/config/default.go @@ -30,6 +30,9 @@ const ( // _defaultImageVolumeMode is a mode to handle built-in image volumes. _defaultImageVolumeMode = _typeBind + + // defaultInitName is the default name of the init binary + defaultInitName = "catatonit" ) var ( @@ -432,7 +435,6 @@ func defaultEngineConfig() (*EngineConfig, error) { } c.RuntimeSupportsNoCgroups = []string{"crun", "krun"} c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc", "krun"} - c.InitPath = DefaultInitPath c.NoPivotRoot = false c.InfraImage = DefaultInfraImage @@ -540,11 +542,6 @@ func (c *Config) Env() []string { return c.Containers.Env } -// InitPath returns location where init program added to containers when users specify the --init flag. -func (c *Config) InitPath() string { - return c.Containers.InitPath -} - // IPCNS returns the default IPC Namespace configuration to run containers with. func (c *Config) IPCNS() string { return c.Containers.IPCNS