Containers (#100344): fd-passing-based creation
Submitted by Simon McVittie
Assigned to Simon McVittie
Link to original bug (#101898)
Description
+++ This bug was initially created as a clone of Bug #100344 +++
Following on from Bug #101354, Allison wants to be able to arrange for container instances' servers to appear inside containers in a more elegant way than creating them outside and bind-mounting them in. I already intended to do this, but it is not part of the minimum viable product (Bug #101354).
Design sketch:
The named_parameters a{sv} argument may contain:
ServerSocket: h
A socket (fstat() must indicate format S_IFSOCK)
with SO_DOMAIN = AF_UNIX and SO_TYPE = SOCK_STREAM. The
container manager will arrange for bind() and listen() to be called
on this socket so that it is made available inside the container.
If ServerSocketReadyNotifier is not provided, the container manager
must already have called bind() and listen() (the SO_ACCEPTCONN socket
option is 1 and getsockname() returns an address), such that this
socket is already ready for the message bus to call accept() on it.
In this case the AddServer() method will return the socket's path
and D-Bus address as usual.
If ServerSocketReadyNotifier is provided, then the container manager
may delay calling bind() and listen() until just before it makes the
ServerSocketNotifierReadyNotifier poll readable. In this case the
AddServer() method cannot determine the socket's address, so it
will return an empty byte-array instead of the socket's absolute
path, and an empty string instead of its D-Bus address.
ServerSocketReadyNotifier: h
The reading end of a pipe or FIFO (format S_IFIFO). The container
manager will wait for this pipe to poll readable, then close it
and begin to accept() on the ServerSocket.
(The container manager should keep the write end of this socket open
until it has called bind() and listen() on the ServerSocket,
then close the write end, resulting in the read end polling readable.)Version: git master