Closed alopukhov closed 4 months ago
https://github.com/rootless-containers/rootlesskit/issues/428 adds handy ability to keep systemd socket activation sockets. Still there is room for improvement: as @charliemirabile mentioned fixing LISTEN_PID env variable would be nice.
As far as I can understand, the way rootlesskit works now
sequenceDiagram participant Parent participant Child participant Target Parent ->> Child: Spawns rootlesskit Child --> Child: (optionally) Reexec self for caps Child ->> Target: Spawns Target
I think it's possible to replace this flow with following one to correct LISTEN_PID:
sequenceDiagram participant Parent participant Child participant Activation helper Parent ->> Child: Spawns rootlesskit Child --> Child: (optionally) Reexec self for caps Child ->> Activation helper: Spawns rootlesskit Activation helper ->> Activation helper: Changes LISTEN_PID Note over Activation helper: Replaces self with Target using exec.
Implemented in:
AkihiroSuda
commented
4 months ago AkihiroSuda
commented
4 months ago
https://github.com/rootless-containers/rootlesskit/issues/428 adds handy ability to keep systemd socket activation sockets. Still there is room for improvement: as @charliemirabile mentioned fixing LISTEN_PID env variable would be nice.
As far as I can understand, the way rootlesskit works now
I think it's possible to replace this flow with following one to correct LISTEN_PID: