From 298c19f6dfc9d57c02d14870a3d1746b0e1d0740 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 9 Oct 2024 11:46:51 -0700 Subject: [PATCH] libct: don't pass SpecState to init unless needed SpecState field of initConfig is only needed to run hooks that are executed inside a container -- namely CreateContainer and StartContainer. If these hooks are not configured, there is no need to fill, marshal and unmarshal SpecState. While at it, inline updateSpecState as it is trivial and only has one user. Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 21 +++++++++------------ libcontainer/rootfs_linux.go | 11 ++++++----- libcontainer/standard_init_linux.go | 11 ++++++----- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 9b34258dd5f..726cb6a55ed 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -625,9 +625,16 @@ func (p *initProcess) start() (retErr error) { if err := p.createNetworkInterfaces(); err != nil { return fmt.Errorf("error creating network interfaces: %w", err) } - if err := p.updateSpecState(); err != nil { - return fmt.Errorf("error updating spec state: %w", err) + + // initConfig.SpecState is only needed to run hooks that are executed + // inside a container, i.e. CreateContainer and StartContainer. + if p.config.Config.HasHook(configs.CreateContainer, configs.StartContainer) { + p.config.SpecState, err = p.container.currentOCIState() + if err != nil { + return fmt.Errorf("error getting current state: %w", err) + } } + if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil { return fmt.Errorf("error sending config to init process: %w", err) } @@ -810,16 +817,6 @@ func (p *initProcess) startTime() (uint64, error) { return stat.StartTime, err } -func (p *initProcess) updateSpecState() error { - s, err := p.container.currentOCIState() - if err != nil { - return err - } - - p.config.SpecState = s - return nil -} - func (p *initProcess) createNetworkInterfaces() error { for _, config := range p.config.Config.Networks { strategy, err := getStrategy(config.Type) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index f7cd95dd189..158e03c56d9 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -195,11 +195,12 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig) (err error) { return &os.PathError{Op: "chdir", Path: config.Rootfs, Err: err} } - s := iConfig.SpecState - s.Pid = unix.Getpid() - s.Status = specs.StateCreating - if err := iConfig.Config.Hooks.Run(configs.CreateContainer, s); err != nil { - return err + if s := iConfig.SpecState; s != nil { + s.Pid = unix.Getpid() + s.Status = specs.StateCreating + if err := iConfig.Config.Hooks.Run(configs.CreateContainer, s); err != nil { + return err + } } if config.NoPivotRoot { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 9f7fa45d533..ce6a896ce29 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -267,11 +267,12 @@ func (l *linuxStandardInit) Init() error { // https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 _ = l.fifoFile.Close() - s := l.config.SpecState - s.Pid = unix.Getpid() - s.Status = specs.StateCreated - if err := l.config.Config.Hooks.Run(configs.StartContainer, s); err != nil { - return err + if s := l.config.SpecState; s != nil { + s.Pid = unix.Getpid() + s.Status = specs.StateCreated + if err := l.config.Config.Hooks.Run(configs.StartContainer, s); err != nil { + return err + } } // Close all file descriptors we are not passing to the container. This is