Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containers: detect systemd-nspawn and add a fallback module #302

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Containers: detect systemd-nspawn and add a fallback module #302

wants to merge 12 commits into from

Conversation

intelfx
Copy link

@intelfx intelfx commented Apr 25, 2024

This is on top of #301.

This PR does two things:

  • updates CONT::machined module to also check for systemd-nspawn containers (which is slightly dirty, but I opted to keep it in the same module for now because the restart call is the same);
  • adds a special CONT::other module that runs after all others to detect any containers of unknown type by pidns.

intelfx added 10 commits April 19, 2024 04:09
@intelfx
needrestart: fix indentation
6ac320a
@intelfx
needrestart, Utils: factor out nr_get_cgroup()
db10985
@intelfx
needrestart: recognize systemd --user instances
388c1b3
@intelfx
needrestart: drop seemingly bogus !$uid condition
24524f7
@intelfx
needrestart: do not consider systemd --user a parent process
802a5af 
Ignore $ppid if it is an instance of the systemd manager.
This prevents `systemd --user` from being treated as a parent process
of all non-double-forked `systemd --user` services.
@intelfx
needrestart: hack: recognize services under systemd --user as units
470397c 
Ideally, we'd do something more reasonable, like treating them similarly
to system services and maybe even offering to restart some of them or
at the very least printing them in a format suitable for copy-pasting,
but for now just replace the process name with the service name and
save them under a separate key to hopefully distinguish them from
other processes under `systemd --user`.
@intelfx
CONT: use nr_get_cgroup() throughout
9d0e57f
@intelfx
CONT: move get_nspid() into Utils, rename to nr_get_pid_ns()
ca6c1d6 
There is no need for get_pidns() to be a method of the CONT class.
Additionally, rename the function to nr_get_pid_ns() because it's the
"PID namespace", not "namespace PID" we are getting, and the old name
is confusing.
@intelfx
CONT: rename other "nspid" to "pidns" and cleanup usage
f759590 
Same reason as 46d40fa ("CONT, Utils: move get_pidns() into utils,
rename to nr_get_pid_ns()"). Additionally, cleanup usage of pidns and
move repeated checks into the base class.
@intelfx
CONT: add and use ->in_pidns()
0e52e99
@intelfx intelfx force-pushed the work/systemd-other branch from c2c8e20 to 6b6bf5c Compare April 25, 2024 11:41
intelfx added 2 commits April 25, 2024 13:47
@intelfx
CONT::machined: also catch systemd-nspawn cgroups
fffe4a0 
Ideally, this should be served by a separate module, but the restart
interface is the same, so it lives here for now.

Also, tighten up cgroup matching to avoid capturing any subcgroups as
part of the container name.
@intelfx
CONT::other: add fallback module for pidns-based detection
c3909d8 
Add a special container detection module that runs after all other
modules and checks if the process is in a different PID namespace.
This module only implements check() and does not offer any restart
actions. It only serves to detect processes that are likely to belong
to containers, which are then omitted from regular output and are not
acted upon any further.
@intelfx intelfx force-pushed the work/systemd-other branch from 6b6bf5c to c3909d8 Compare April 25, 2024 11:48
@liske liske modified the milestones: v3.9, v3.10 Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v3.10
Development

Successfully merging this pull request may close these issues.
2 participants
@intelfx @liske