libcontainer: use OwnedFd as console_socket in ContainerBuilder

[abel-von]

We found we will get a residual fd in the process to call libcontainer, after we called exec of a container and exit.
and after some investigation, I found it is because the opened console_socket is not closed after exec build.

[jprendes]

Thanks for working on this @abel-von .
Two of the tests in tty.rs are failing due to these changes.
Would you mind fixing them?

[jprendes]

This test is failing as setup_console is closing the RawFd it receives.

[abel-von]

done, changed to into_raw_fd

[jprendes]

The logic of this branch (and checked by the test_setup_console_socket_empty test) is lost here.

[abel-von]

Yes, I don't quite get why is this error handled independently, Could you mind explain why do we have to return -1 when ENOENT?

[jprendes]

This avoids failing in the case where the file is not present. I'm not sure if this is part of the spec requirements, or just copying what runc does, or just happens to be an implementation detail of youki.

[abel-von]

Well, How about returning error when the file is not present? I don't think it will succeed if the init process send the tty fd through a socket of fd -1.
It is difficult to modify it if this function return OwnedFd, I think we can't new an OwnedFd from a rawfd of -1, because it may panic if the drop of OwnedFd is called, and we will call close of an fd of -1.

[abel-von]

Can we get the background of why does it return fd of -1 here? It is a little wierd because I don't find any similar logic in runc.

[YJDoc2]

Hey so I went around in the git blame and tried to find out why this is specifically -1 , but from what I see, the -1 comes directly from the first commit (!) , and is kept as-is for no specific reason. Checking the code there, I think the intention was maybe to conform to the standard error policy (returning -1 on error) , but not sure. What I can see is that in that commit, this will just push error to a later time, when calling sendmsg with socket_fd of -1. Apart from that atleast I cannot find any reason in that or today's code why we specifically set it to -1 rather than return an error, because the code will error when it tries to use this raw fd for sendmsg. I think the correct way to proceed would be another analysis by someone else to check what I'm saying is right or not, and if it is, then replacing the -1 by the general error case.

@utam0k , correct me if I'm wrong here.

[utam0k]

I believe that it came from railcar. -1 doesn't have a special reason. I'm afraid I've confused you... I'll note the person who first committed (that's me) 🫠
https://github.com/oracle/railcar/blob/ef5918e21e7ad9ffd25c1a507df96458ec4e0c24/src/main.rs#L539-L549

[abel-von]

So, Can we say that it is ok to return error rather than -1?

[YJDoc2]

@abel-von , yes I think we can just merge that into the error case.

[YJDoc2]

Hey @abel-von , a separate question - how does this relate to your other PR (#2961) ? Or are these two independent?

[abel-von]

Hi @YJDoc2, I think they are independent, we found these issues because we are trying to use libcontainer instead of calling runc binary to manage containers. In our senarios, we have one process in a machine to manage all the containers running on it, so when we call libcontainer to manage containers, we have to make sure no resource residual in this process when a container is removed.

[abel-von]

Two of the tests in tty.rs are failing due to these changes.

Fixed the test if we agree that setup_console_socket return error if the file does not exist. PTAL @jprendes

[YJDoc2]

just comment: I haven't seen this pattern before, seems a good way to manage this kind of thing locally!

[abel-von]

I think there is a crate called scopeguard, which contains a defer! macro, can handle this more elegantly. I just don't want to introduce the dependency.