What happens after the invocation of /proc/self/exe init #3855
-
When the container is about to be started and in the init phase, can anybody help me understand where does the code logic go after /proc/self/exe init gets executed? Is there a function called init() somewhere that gets invoked (which maybe invokes the "sh" command in a container)? The command declaration happens In container_linux.go: and execution happens in process_linux.go: I have been cracking my head behind this and unable to trace the steps. Any ideas/help appreciated!! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
I think https://github.com/opencontainers/runc/blob/5a9266b068b86f37c66330c37067250a32c4076a/init.go is probably what you're looking for 👀 |
Beta Was this translation helpful? Give feedback.
-
Some documentation is available in libcontainer/README.md. The process is somewhat complicated. First of all, all the stuff from |
Beta Was this translation helpful? Give feedback.
Due to the way consoles are set up for containers, just printing to stdout won't work. We have since rewritten the logging for nsexec, so if you use write_log() you will get the messages.
As for why we re-exec
runc init
, this is done to defend against CVE-2019-5736. There is a pull request to improve this a fair bit by moving that code out of the C portion, which will mean we only execrunc init
once.