-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for file descriptor passing #1553
Add support for file descriptor passing #1553
Conversation
85854d2
to
1f49ad0
Compare
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #1553 +/- ##
==========================================
+ Coverage 34.30% 34.44% +0.13%
==========================================
Files 13 13
Lines 1134 1144 +10
Branches 389 392 +3
==========================================
+ Hits 389 394 +5
Misses 493 493
- Partials 252 257 +5 |
a couple of notes, otherwise LGTM |
@saschagrunert PTAL |
1f49ad0
to
3e22234
Compare
We probably should exclude the capnp file from the typos test: https://github.com/containers/conmon-rs/actions/runs/5815034612/job/15765845509?pr=1553 |
@saschagrunert Which option to exclude capnp file from the typos test do you prefer? I don't think the typos tool is used outside of CI, therefore I would lean towards option 3. |
Yeah I'm happy with the config file (option 3), too! |
option 3 works for me! |
Signed-off-by: Martin Michaelis <[email protected]>
34b8864
to
74b45ad
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
74b45ad
to
450eb80
Compare
Signed-off-by: Martin Michaelis <[email protected]>
450eb80
to
bfc3a05
Compare
@saschagrunert the integration test finally succeeds. I needed to increase the MAX_RSS and the max allowed diff in the memory leak test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, let's get that change in.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mgjm, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR adds support for file descriptors:
StartFdSocket
RPC commandadditionalFds
passed to the OCI runtimeleakFds
kept open by conmon as long as the container is runningI haven't found a good way to pass file descriptors via
SCM_RIGHTS
on the existing RPC connection. Therefore an additional socket is created for file descriptor passing. The protocol is documented inconmon-rs/server/src/fd_socket.rs
.RPC level workflow:
StartFdSocket
to start the fd socket server (if not already running) and gets the socket pathSCM_RIGHTS
and gets slot numbers in returnCreateContainer
withadditionalFds
orleakFds
GO client workflow:
RemoteFDs
instance via theclient.RemoteFDs
methodremoteFDs.Send
method and gets slot numbers in returnclient.CreateContainer
withAdditionalFDs
orLeakFDs
remoteFDs.Close
to close the connectionWhich issue(s) this PR fixes:
None
Special notes for your reviewer:
An alternative approach would be to hide the file descriptor logic from the public go client interface and just accept an file descriptor array in
CreateContainerConfig
and send the file descriptors in theclient.CreateContainer
method.This would result in a cleaner API but the current design is simpler and allows reusing the
RemoteFDs
instance. But we create a new connection for each RPC request anyways, so does that performance improvement even matter?Does this PR introduce a user-facing change?