rune: runelet does not use logpipe if rune create in detach mode

Signed-off-by: N jack.wxz <wangxiaozhe@linux.alibaba.com>

rune: runelet does not use logpipe if rune create in detach mode
Signed-off-by: N jack.wxz <wangxiaozhe@linux.alibaba.com>
003ec8c8 · jack.wxz · jia zhang · d2e29fc8 · 003ec8c8 · 003ec8c8
9 changed file
--- a/rune/libcontainer/container_linux.go
+++ b/rune/libcontainer/container_linux.go
@@ -478,7 +478,7 @@ func (c *linuxContainer) newParentProcess(p *Process) (parentProcess, error) {
 	}
 	logFilePair := filePair{parentLogPipe, childLogPipe}

-	cmd := c.commandTemplate(p, childInitPipe, childLogPipe, p.AgentPipe)
+	cmd := c.commandTemplate(p, childInitPipe, childLogPipe, p.AgentPipe, p.Detached)
 	if !p.Init {
 		return c.newSetnsProcess(p, cmd, messageSockPair, logFilePair)
 	}
@@ -494,7 +494,7 @@ func (c *linuxContainer) newParentProcess(p *Process) (parentProcess, error) {
 	return c.newInitProcess(p, cmd, messageSockPair, logFilePair)
 }

-func (c *linuxContainer) commandTemplate(p *Process, childInitPipe *os.File, childLogPipe *os.File, agentPipe *os.File) *exec.Cmd {
+func (c *linuxContainer) commandTemplate(p *Process, childInitPipe *os.File, childLogPipe *os.File, agentPipe *os.File, detached int) *exec.Cmd {
 	cmd := exec.Command(c.initPath, c.initArgs[1:]...)
 	cmd.Args[0] = c.initArgs[0]
 	cmd.Stdin = p.Stdin
@@ -537,6 +537,9 @@ func (c *linuxContainer) commandTemplate(p *Process, childInitPipe *os.File, chi
 		if c.config.Enclave.Signer != "server" {
 			cmd.Env = append(cmd.Env, "_LIBCONTAINER_PAL_ROOTFS=" + string(c.config.Rootfs))
 		}
+
+		cmd.Env = append(cmd.Env,
+				fmt.Sprintf("_LIBCONTAINER_DETACHED=%d", detached))
 	}

 	// NOTE: when running a container with no PID namespace and the parent process spawning the container is

--- a/rune/libcontainer/factory_linux.go
+++ b/rune/libcontainer/factory_linux.go
@@ -346,6 +346,7 @@ func (l *LinuxFactory) StartInitialization() (err error) {
 		envLogPipe     = os.Getenv("_LIBCONTAINER_LOGPIPE")
 		envLogLevel    = os.Getenv("_LIBCONTAINER_LOGLEVEL")
 		envAgentPipe   = os.Getenv("_LIBCONTAINER_AGENTPIPE")
+		envDetached    = os.Getenv("_LIBCONTAINER_DETACHED")
 	)

 	// Get the INITPIPE.
@@ -417,7 +418,7 @@ func (l *LinuxFactory) StartInitialization() (err error) {
 		}
 	}()

-	i, err := newContainerInit(it, pipe, consoleSocket, fifofd, logPipe, envLogLevel, agentPipe)
+	i, err := newContainerInit(it, pipe, consoleSocket, fifofd, logPipe, envLogLevel, agentPipe, envDetached)
 	if err != nil {
 		return err
 	}

--- a/rune/libcontainer/init_linux.go
+++ b/rune/libcontainer/init_linux.go
@@ -73,7 +73,7 @@ type initer interface {
 	Init() error
 }

-func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd int, logPipe *os.File, logLevel string, agentPipe *os.File) (initer, error) {
+func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd int, logPipe *os.File, logLevel string, agentPipe *os.File, detached string) (initer, error) {
 	var config *initConfig
 	if err := json.NewDecoder(pipe).Decode(&config); err != nil {
 		return nil, err
@@ -90,6 +90,7 @@ func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd
 			logPipe:       logPipe,
 			logLevel:      logLevel,
 			agentPipe:     agentPipe,
+			detached:      detached,
 		}, nil
 	case initStandard:
 		return &linuxStandardInit{
@@ -101,6 +102,7 @@ func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd
 			logPipe:       logPipe,
 			logLevel:      logLevel,
 			agentPipe:     agentPipe,
+			detached:      detached,
 		}, nil
 	}
 	return nil, fmt.Errorf("unknown init type %q", t)

--- a/rune/libcontainer/process.go
+++ b/rune/libcontainer/process.go
@@ -81,6 +81,8 @@ type Process struct {

 	// Provide agent service hosted by main runelet for child runelet.
 	AgentPipe *os.File
+
+	Detached int
 }

 // Wait waits for the process to exit.

--- a/rune/libcontainer/setns_init_linux.go
+++ b/rune/libcontainer/setns_init_linux.go
@@ -28,6 +28,7 @@ type linuxSetnsInit struct {
 	logPipe       *os.File
 	logLevel      string
 	agentPipe     *os.File
+	detached      string
 }

 func (l *linuxSetnsInit) getSessionRingName() string {
@@ -94,7 +95,7 @@ func (l *linuxSetnsInit) Init() error {
 		}
 	}
 	if l.config.Config.Enclave != nil {
-		err := libenclave.StartBootstrap(l.pipe, l.logPipe, l.logLevel, -1, l.agentPipe)
+		err := libenclave.StartBootstrap(l.pipe, l.logPipe, l.logLevel, -1, l.agentPipe, l.detached)
 		if err != nil {
 			return newSystemErrorWithCause(err, "libenclave bootstrap")
 		}

--- a/rune/libcontainer/standard_init_linux.go
+++ b/rune/libcontainer/standard_init_linux.go
@@ -31,6 +31,7 @@ type linuxStandardInit struct {
 	logPipe       *os.File
 	logLevel      string
 	agentPipe     *os.File
+	detached      string
 }

 func (l *linuxStandardInit) getSessionRingParams() (string, uint32, uint32) {
@@ -179,7 +180,7 @@ func (l *linuxStandardInit) Init() error {
 		return unix.Kill(unix.Getpid(), unix.SIGKILL)
 	}
 	if l.config.Config.Enclave != nil {
-		err := libenclave.StartBootstrap(l.pipe, l.logPipe, l.logLevel, l.fifoFd, l.agentPipe)
+		err := libenclave.StartBootstrap(l.pipe, l.logPipe, l.logLevel, l.fifoFd, l.agentPipe, l.detached)
 		if err != nil {
 			return err
 		}

--- a/rune/libenclave/bootstrap.go
+++ b/rune/libenclave/bootstrap.go
@@ -10,7 +10,7 @@ import (
 // environment variable must be staged and then recovered after re-exec. This
 // process is so called as libenclave bootstrapping, and the resulting process
 // is so called as runelet.
-func StartBootstrap(initPipe *os.File, logPipe *os.File, logLevel string, fifoFd int, agentPipe *os.File) (err error) {
+func StartBootstrap(initPipe *os.File, logPipe *os.File, logLevel string, fifoFd int, agentPipe *os.File, detached string) (err error) {
 	logrus.Debug("bootstrapping libenclave ...")

 	if err = stageFd("_LIBENCLAVE_INITPIPE", initPipe); err != nil {
@@ -60,5 +60,7 @@ func StartBootstrap(initPipe *os.File, logPipe *os.File, logLevel string, fifoFd
 		}
 	}()

+	os.Setenv("_LIBENCLAVE_DETACHED", detached)
+	
 	return nil
 }
--- a/rune/libenclave/runelet.go
+++ b/rune/libenclave/runelet.go
@@ -10,6 +10,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 	"io"
+	"io/ioutil"
 	"os"
 	"os/signal"
 	"strconv"
@@ -96,6 +97,14 @@ func StartInitialization() (exitCode int32, err error) {
 		}
 	}

+	// If runelet run as detach mode, close logrus before initpipe closed.
+	envDetach := os.Getenv("_LIBENCLAVE_DETACHED")
+	detach, err := strconv.Atoi(envDetach)
+	if detach != 0 {
+		logrus.SetOutput(ioutil.Discard)
+	}
+	os.Unsetenv("_LIBENCLAVE_DETACHED")
+
 	// Close the init pipe to signal that we have completed our init.
 	// So `rune create` or the upper half part of `rune run` can return.
 	initPipe.Close()

--- a/rune/utils_linux.go
+++ b/rune/utils_linux.go
@@ -305,6 +305,11 @@ func (r *runner) run(config *specs.Process) (int, error) {
 	var (
 		detach = r.detach || (r.action == CT_ACT_CREATE)
 	)
+
+	if detach {
+		process.Detached = 1
+	}
+
 	// Setting up IO is a two stage process. We need to modify process to deal
 	// with detaching containers, and then we get a tty after the container has
 	// started.