Skip to content

Commit 341401c

Browse files
authored
Merge pull request #12785 from dmcgowan/pass-socket-address
Make shim socket directory use configured directory
2 parents d7ed3bf + e07a1aa commit 341401c

23 files changed

Lines changed: 515 additions & 364 deletions

File tree

api/next.txtpb

Lines changed: 125 additions & 63 deletions
Large diffs are not rendered by default.

api/runtime/bootstrap/v1/bootstrap.pb.go

Lines changed: 61 additions & 44 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/runtime/bootstrap/v1/bootstrap.proto

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,13 @@ message BootstrapParams {
6969
// Each section can contain arbitrary structured data identified by type URL
7070
// Examples: CRI config, NRI config, sandbox config, etc.
7171
repeated Extension extensions = 8;
72+
73+
// Optional directory for the shim to place its unix socket.
74+
// If empty, the shim defaults to a short, well-known path
75+
// (e.g., /run/containerd/s). The path must be kept short because
76+
// the socket filename is a 64-character SHA256 hash and unix
77+
// socket paths are limited to 104-108 bytes depending on platform.
78+
optional string socket_dir = 9;
7279
}
7380

7481
// Extension provides extensibility for new configuration types

cmd/containerd-shim-runc-v2/manager/manager_linux.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ import (
4040
"github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2/process"
4141
"github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2/runc"
4242
"github.com/containerd/containerd/v2/core/mount"
43+
"github.com/containerd/containerd/v2/defaults"
4344
"github.com/containerd/containerd/v2/pkg/namespaces"
4445
"github.com/containerd/containerd/v2/pkg/schedcore"
4546
"github.com/containerd/containerd/v2/pkg/shim"
@@ -105,6 +106,7 @@ func newCommand(ctx context.Context, id, containerdAddress, containerdTTRPCAddre
105106
cmd.Dir = cwd
106107
cmd.Env = append(os.Environ(), "GOMAXPROCS=4")
107108
cmd.Env = append(cmd.Env, "OTEL_SERVICE_NAME=containerd-shim-"+id)
109+
108110
cmd.SysProcAttr = &syscall.SysProcAttr{
109111
Setpgid: true,
110112
}
@@ -145,8 +147,8 @@ func (s *shimSocket) Close() {
145147
_ = shim.RemoveSocket(s.addr)
146148
}
147149

148-
func newShimSocket(ctx context.Context, path, id string, debug bool) (*shimSocket, error) {
149-
address, err := shim.SocketAddress(ctx, path, id, debug)
150+
func newShimSocket(ctx context.Context, root, path, id string, debug bool) (*shimSocket, error) {
151+
address, err := shim.CreateSocketAddress(ctx, root, path, id, debug)
150152
if err != nil {
151153
return nil, err
152154
}
@@ -217,7 +219,11 @@ func (manager) Start(ctx context.Context, opts *bootapi.BootstrapParams) (_ *boo
217219
}
218220
}()
219221

220-
s, err := newShimSocket(ctx, opts.GetContainerdGrpcAddress(), grouping, false)
222+
socketDir := opts.GetSocketDir()
223+
if socketDir == "" {
224+
socketDir = filepath.Join(defaults.DefaultStateDir, "s")
225+
}
226+
s, err := newShimSocket(ctx, socketDir, opts.GetContainerdGrpcAddress(), grouping, false)
221227
if err != nil {
222228
if errdefs.IsAlreadyExists(err) {
223229
params.Address = s.addr
@@ -229,7 +235,7 @@ func (manager) Start(ctx context.Context, opts *bootapi.BootstrapParams) (_ *boo
229235
cmd.ExtraFiles = append(cmd.ExtraFiles, s.f)
230236

231237
if debugLog {
232-
s, err = newShimSocket(ctx, opts.GetContainerdGrpcAddress(), grouping, true)
238+
s, err = newShimSocket(ctx, socketDir, opts.GetContainerdGrpcAddress(), grouping, true)
233239
if err != nil {
234240
return nil, err
235241
}

cmd/containerd/server/server.go

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -93,15 +93,6 @@ func CreateTopLevelDirectories(config *srvconfig.Config) error {
9393
if err := sys.MkdirAllWithACL(config.State, 0o711); err != nil {
9494
return err
9595
}
96-
if config.State != defaults.DefaultStateDir {
97-
// XXX: socketRoot in pkg/shim is hard-coded to the default state directory.
98-
// See https://github.com/containerd/containerd/issues/10502#issuecomment-2249268582 for why it's set up that way.
99-
// The default fifo directory in pkg/cio is also configured separately and defaults to the default state directory instead of the configured state directory.
100-
// Make sure the default state directory is created with the correct permissions.
101-
if err := sys.MkdirAllWithACL(defaults.DefaultStateDir, 0o711); err != nil {
102-
return err
103-
}
104-
}
10596

10697
if config.TempDir != "" {
10798
if err := sys.MkdirAllWithACL(config.TempDir, 0o700); err != nil {

core/runtime/v2/binary.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ type shimBinaryConfig struct {
3939
runtime string
4040
address string
4141
ttrpcAddress string
42+
socketDir string
4243
env []string
4344
}
4445

@@ -48,6 +49,7 @@ func shimBinary(bundle *Bundle, config shimBinaryConfig) *binary {
4849
runtime: config.runtime,
4950
containerdAddress: config.address,
5051
containerdTTRPCAddress: config.ttrpcAddress,
52+
socketDir: config.socketDir,
5153
env: config.env,
5254
}
5355
}
@@ -56,6 +58,7 @@ type binary struct {
5658
runtime string
5759
containerdAddress string
5860
containerdTTRPCAddress string
61+
socketDir string
5962
bundle *Bundle
6063
env []string
6164
}
@@ -73,6 +76,7 @@ func (b *binary) Start(ctx context.Context, opts *types.Any, onClose func()) (_
7376
Env: b.env,
7477
LogLevel: log.GetLevel(),
7578
Action: "start",
79+
SocketDir: b.socketDir,
7680
})
7781
if err != nil {
7882
return nil, err

core/runtime/v2/shim_load.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -162,6 +162,7 @@ func (m *ShimManager) loadShim(ctx context.Context, bundle *Bundle) error {
162162
runtime: runtime,
163163
address: m.containerdAddress,
164164
ttrpcAddress: m.containerdTTRPCAddress,
165+
socketDir: m.socketDir,
165166
env: m.env,
166167
})
167168
// TODO: It seems we can only call loadShim here if it is a sandbox shim?

core/runtime/v2/shim_manager.go

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,13 @@ import (
5050
type ShimConfig struct {
5151
// Env is environment variables added to shim processes
5252
Env []string `toml:"env"`
53+
54+
// SocketDir is the directory to place shim sockets. The path must be
55+
// short enough to fit within the platform's unix socket path limit.
56+
// Defaults:
57+
// Linux (UID 0): /run/containerd/s
58+
// Linux (UID >0): /run/$UID/containerd/s or /tmp/containerd-s-$(UID)
59+
SocketDir string `toml:"socket_dir"`
5360
}
5461

5562
func init() {
@@ -78,9 +85,27 @@ func init() {
7885
events := ep.(*exchange.Exchange)
7986
cs := metadata.NewContainerStore(m.(*metadata.DB))
8087
ss := metadata.NewSandboxStore(m.(*metadata.DB))
88+
89+
// Allow configurable directory
90+
if config.SocketDir != "" {
91+
if !filepath.IsAbs(config.SocketDir) {
92+
return nil, fmt.Errorf("socket_dir must be an absolute path: %q", config.SocketDir)
93+
}
94+
config.SocketDir = filepath.Clean(config.SocketDir)
95+
if len(config.SocketDir) > maxSocketDirLen {
96+
return nil, fmt.Errorf("socket_dir length must be no longer than %d characters", maxSocketDirLen)
97+
}
98+
} else {
99+
config.SocketDir = defaultSocketDir()
100+
if config.SocketDir == "" {
101+
return nil, fmt.Errorf("failed to find a suitable socket directory for shim, please configure one")
102+
}
103+
}
104+
81105
return NewShimManager(&ManagerConfig{
82106
Address: ic.Properties[plugins.PropertyGRPCAddress],
83107
TTRPCAddress: ic.Properties[plugins.PropertyTTRPCAddress],
108+
SocketDir: config.SocketDir,
84109
Events: events,
85110
Store: cs,
86111
ShimEnv: config.Env,
@@ -124,6 +149,7 @@ type ManagerConfig struct {
124149
Events *exchange.Exchange
125150
Address string
126151
TTRPCAddress string
152+
SocketDir string
127153
SandboxStore sandbox.Store
128154
ShimEnv []string
129155
}
@@ -133,6 +159,7 @@ func NewShimManager(config *ManagerConfig) (*ShimManager, error) {
133159
m := &ShimManager{
134160
containerdAddress: config.Address,
135161
containerdTTRPCAddress: config.TTRPCAddress,
162+
socketDir: config.SocketDir,
136163
shims: runtime.NewNSMap[ShimInstance](),
137164
events: config.Events,
138165
containers: config.Store,
@@ -154,6 +181,7 @@ type ShimManager struct {
154181
shims *runtime.NSMap[ShimInstance]
155182
events *exchange.Exchange
156183
containers containers.Store
184+
socketDir string
157185
// runtimePaths is a cache of `runtime names` -> `resolved fs path`
158186
runtimePaths sync.Map
159187
sandboxStore sandbox.Store
@@ -289,6 +317,7 @@ func (m *ShimManager) startShim(ctx context.Context, bundle *Bundle, id string,
289317
runtime: runtimePath,
290318
address: m.containerdAddress,
291319
ttrpcAddress: m.containerdTTRPCAddress,
320+
socketDir: m.socketDir,
292321
env: m.env,
293322
})
294323
shim, err := b.Start(ctx, typeurl.MarshalProto(topts), func() {

0 commit comments

Comments
 (0)