Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect whether we are running in containers and act responsively. #2063

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Detect whether we are running in containers and act responsively. #2063

wants to merge 9 commits into from
+409 −51

Conversation

arbuztw
Copy link
Contributor

@arbuztw arbuztw commented Sep 3, 2015

Detect whether we are running in containers by inspecting the environment
variable $container. If we are in container, we are not able to remount
or change the config in /proc/sys/*, so just skip them. We also have
to patch debootstrap since we are not able to mknod and we don't want
to start services in containers.

@arbuztw
Use a daemon to find nacl_helper
d41f484 
Run a daemon that handles all the requests of finding nacl_helper,
and then pass the share memory fd to client using unix socket.
@arbuztw
Fixes for review comments
1ca79e8
@arbuztw arbuztw mentioned this pull request Sep 3, 2015
Closed
drinkcat
drinkcat reviewed Sep 10, 2015
View reviewed changes
host-bin/unmount-chroot
# unmount, then use lazy unmount.
# FIXME: This is a hack for running in containers, since we cannot
# unmount recursive bindmount in it.
arg='-l'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is a kernel bug. I'll try to reproduce on recent kernels and ask on LKML...

@arbuztw
Fixes for review comments
520c7f7
@arbuztw
Detect whether we are running in containers and act responsively.
5810a19 
Detect whether we are running in containers by inspecting the environment
variable $container. If we are in container, we are not able to remount
or change the config in /proc/sys/*, so just skip them. We also have
to patch debootstrap since we are not able to mknod and we don't want
to start services in containers.
@arbuztw
Remove environment variable $container
f9cc651 
Instead of inspecting the environment variable $container, check whether we are
able to do some operations and act responsively.
@arbuztw
Check whether /sys, /media is a mount point.
08a766d 
It is possible that /sys, /media is not mounted in a container,
so check it before we bind-mount it into chroot.
@arbuztw
Fixes for review comments
06ebe2f
drinkcat
drinkcat reviewed Sep 22, 2015
View reviewed changes
installer/functions Outdated
echo 0 > /proc/sys/kernel/hung_task_panic
# Don't fail since we do not have permission to write /proc/sys/* if we are
# in container.
echo 0 > /proc/sys/kernel/hung_task_panic || true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2>/dev/null

@drinkcat
Copy link
Collaborator

vboot_is_safe is also noisy, because of mount --bind / "$tmp"

drinkcat
drinkcat reviewed Sep 23, 2015
View reviewed changes
host-bin/enter-chroot Outdated
@@ -355,6 +390,10 @@ tmpfsmount /var/run/lock 'noexec,nosuid,nodev,size=5120k'
bindmount /var/run/dbus /var/host/dbus
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2>/dev/null || true. We probably won't bind mount /var/run/dbus in verified mode.

@dnschneid dnschneid mentioned this pull request Mar 29, 2016
Open
@dnschneid dnschneid force-pushed the master branch 2 times, most recently from 455c029 to cebf84f Compare December 31, 2024 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arbuztw @drinkcat @dnschneid