--init to podman run does absolutely nothing

[goochjj]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

--init does not appear to do anything.

Steps to reproduce the issue:

podman run --rm -it alpine ps awwux PID USER TIME COMMAND 1 root 0:00 ps awwux

podman run --rm -it --init alpine ps awwux PID USER TIME COMMAND 1 root 0:00 ps awwux

(note, no init. /proc/1/exe is ps)

podman run --rm -it -v /opt/podman/libexec/podman/catatonit:/dev/init --entrypoint /dev/init alpine ps awwux PID USER TIME COMMAND 1 root 0:00 /dev/init ps awwux 6 root 0:00 ps awwux

Done manually obvi works.

Other evidence: podman run --rm -it --init alpine -h Error: container_linux.go:353: starting container process caused: exec: "-h": executable file not found in $PATH: OCI runtime command not found error

docker run --rm -it --init alpine -h [FATAL tini (7)] exec -h failed: No such file or directory

If cataonit were executed it would look like this: /opt/podman/libexec/podman/catatonit -- -h ERROR (catatonit:26818): failed to exec pid1: No such file or directory

Additional information you deem important (e.g. issue happens only occasionally):

Looking at the code, Init: and InitPath: are never used in ./cmd/podman/shared/create.go (v1.9.3) or ./cmd/podman/common/create.go (master)

I see bits in pkg/specgen/generate/oci.go... but the config.json shows io.podman.annotations.init FALSE

In addition, the unit tests verify that podman runs with --init and --init --init-path, but never actually verifies that a bind mount takes place, or the init process was actually spawned. (i.e. use podman inspect to find the bind mount, use podman top to verify there's a pid 1 w/ init in it and another pid with the command)

Output of podman version:

Version:      2.0.0-dev
API Version:  1
Go Version:   go1.13.3
Git Commit:   723e8234393fba230961bc1214a73ba5d01bbfe1-dirty
Built:        Fri Jun  5 15:10:47 2020
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.15.0-dev
  cgroupVersion: v1
  conmon:
    package: Unknown
    path: /opt/podman/libexec/podman/conmon
    version: 'conmon version 2.0.18-dev, commit: 50aeae43a034d3f5e0bc5a0e1f8642bdd1e33c41-dirty'
  cpus: 2
  distribution:
    distribution: flatcar
    version: 2512.2.0
  eventLogger: file
  hostname: NetFlyTrap.tkp.k12system.net
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 4.19.124-flatcar
  linkmode: dynamic
  memFree: 1842950144
  memTotal: 4135882752
  ociRuntime:
    name: runc
    package: Unknown
    path: /opt/podman/bin/runc
    version: |-
      runc version 1.0.0-rc10+dev
      commit: 2a0466958d9af23af2ad12bd79d06ed0af4091e2
      spec: 1.0.2-dev
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  rootless: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 10737414144
  swapTotal: 10737414144
  uptime: 88h 45m 15.82s (Approximately 3.67 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 6
    paused: 0
    running: 4
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 4
  runRoot: /var/run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 1
  Built: 1591384247
  BuiltTime: Fri Jun  5 15:10:47 2020
  GitCommit: 723e8234393fba230961bc1214a73ba5d01bbfe1-dirty
  GoVersion: go1.13.3
  OsArch: linux/amd64
  Version: 2.0.0-dev

Package info (e.g. output of rpm -q podman or apt list podman):

None - compiled from source.

[rhatdan]

Yes the --init flag should be substituting for the entrypoint, I believe.

[goochjj]

Maybe relevant lines: https://github.com/containers/libpod/blob/1f05606fac7e5835cd76ef407a64597df3251aae/cmd/podman/common/specgen.go#L569-L572

Note there appears to be proper implementation in pkg/specgen/generate/. Two parts, storage (bind mount) and the command modification.

https://github.com/containers/libpod/blob/1f05606fac7e5835cd76ef407a64597df3251aae/pkg/specgen/generate/storage.go#L73-L87

https://github.com/containers/libpod/blob/1f05606fac7e5835cd76ef407a64597df3251aae/pkg/specgen/generate/oci.go#L107-L116

I'm unclear of the relation between pkg/specgen and cmd/podman/common/specgen so I'm not sure how these interact, if at all.

[mheon]

I'll take this next.

[goochjj]

@mheon PTAL #6622

Notes 1) I'm not sure why the TODO is in the specgen area - re: not in the spec, seems someone at some point wasn't sure this was as straightforward as it seemed. 2) It'd be nice to have an --init-arg option (repeatable) i.e. catatonit can accept a -g option, and tini has options too... 3) Using init seems to require an explicit --systemd false - which is different from Docker (but docker doesn't do systemd-specific behavior on start, sooo)... I did comment out the check and it runs fine with both options specified, based on my very limited anecdotal evidence. I'm guessing it's just overkill to mount the cgroups and tmpfs sockets and journal tmpfs etc etc etc... In which case I'm not sure if the right option might be that --init turns off the systemd default of true, or if it just needs to be documented that if you're using --init you need to do --systemd false too... For further discussion

[mheon]

On the systemd thing - I think we should change init to work with systemd=true as well as --systemd=false... We still want always to error (that has to be explicitly set) but systemd=true is not necessarily a conflict.

[goochjj]

AYW done

[rhatdan]

AYW? As You Will?

[goochjj]

As You Wish

Princess Bride :-P

[TomSweeneyRedHat]

Inconceivable!

[mheon]

Fixed landed, thanks @goochjj