Use path based unix socket for shims#4343
Closed
crosbymichael wants to merge 1 commit intocontainerd:masterfrom
Closed
Use path based unix socket for shims#4343crosbymichael wants to merge 1 commit intocontainerd:masterfrom
crosbymichael wants to merge 1 commit intocontainerd:masterfrom
Conversation
|
Build succeeded.
|
91a9d95 to
af42ed3
Compare
|
Build succeeded.
|
dmcgowan
reviewed
Jun 24, 2020
AkihiroSuda
requested changes
Jun 25, 2020
runtime/v2/shim/util_unix.go
Outdated
Member
There was a problem hiding this comment.
This breaks running multiple daemons
Member
There was a problem hiding this comment.
Let's put runtime dir string into the hash
Member
Author
There was a problem hiding this comment.
ok, let me see if I can get that data easily.
Member
There was a problem hiding this comment.
Also could you:
- add a code comment to explain that
/run/containerd/sis hard coded for the sake of avoiding hitting the SUN_PATH length limit - add
MkdirAll("/run/containerd/s")
Member
There was a problem hiding this comment.
Let's put runtime dir string into the hash
We can also consider putting the daemon UUID into the hash, not sure which one is better.
AkihiroSuda
requested changes
Jun 25, 2020
fuweid
reviewed
Jun 25, 2020
AkihiroSuda
added a commit
to AkihiroSuda/docker
that referenced
this pull request
Jun 26, 2020
The new shim socket path convention hardcodes `/run/containerd`: containerd/containerd#4343 `dockerd-rootless.sh` is updated to hide the rootful `/run/containerd` from the mount namespace of the rootless dockerd. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
af42ed3 to
578337f
Compare
|
Build succeeded.
|
578337f to
1839f67
Compare
|
Build succeeded.
|
Member
Author
|
Ok, it looks like we have 1-2 test to fix. The handling and timeouts of using file based unix sockets seem to be different than an abstract socket. I'm guessing this has to be something about if there is someone listening on the other end or not. If anyone else has time to look into this go for it, I'll try to debug Monday. |
Member
|
How can we help moving this forward? |
fuweid
reviewed
Jul 8, 2020
1839f67 to
ab432f6
Compare
|
Build succeeded.
|
ab432f6 to
d286d0c
Compare
|
Build succeeded.
|
|
Build succeeded.
|
6c38d36 to
1a7f61d
Compare
|
Build succeeded.
|
1a7f61d to
1b4a94c
Compare
|
Build succeeded.
|
1b4a94c to
5fff748
Compare
|
Build succeeded.
|
5fff748 to
e35a351
Compare
|
Build succeeded.
|
e35a351 to
d7dab44
Compare
|
Build succeeded.
|
This allows filesystem based ACLs for configuring access to the socket of a shim. Signed-off-by: Michael Crosby <michael@thepasture.io>
cbandy
reviewed
Jul 21, 2020
d7dab44 to
68cd97e
Compare
|
Build succeeded.
|
68cd97e to
7ec135c
Compare
|
Build succeeded.
|
Member
|
Moved to v1.5 milestone. We can consider backporting to v1.4 after the PR gets stabilized. |
docker-jenkins
pushed a commit
to docker-archive/docker-ce
that referenced
this pull request
Oct 15, 2020
The new shim socket path convention hardcodes `/run/containerd`: containerd/containerd#4343 `dockerd-rootless.sh` is updated to hide the rootful `/run/containerd` from the mount namespace of the rootless dockerd. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> Upstream-commit: 794aa20983c9384726721e1c5d3a552ef7f8f4cf Component: engine
AkihiroSuda
added a commit
to AkihiroSuda/docker
that referenced
this pull request
Oct 16, 2020
The new shim socket path convention hardcodes `/run/containerd`: containerd/containerd#4343 `dockerd-rootless.sh` is updated to hide the rootful `/run/containerd` from the mount namespace of the rootless dockerd. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 794aa20) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
docker-jenkins
pushed a commit
to docker-archive/docker-ce
that referenced
this pull request
Oct 16, 2020
The new shim socket path convention hardcodes `/run/containerd`: containerd/containerd#4343 `dockerd-rootless.sh` is updated to hide the rootful `/run/containerd` from the mount namespace of the rootless dockerd. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 794aa20983c9384726721e1c5d3a552ef7f8f4cf) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> Upstream-commit: c7253a0e1ac88bd8eb0db409570a685a5f6258f3 Component: engine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This allows filesystem based ACLs for configuring access to the socket of a
shim.
Signed-off-by: Michael Crosby michael@thepasture.io