From 9c5918a3c491a25e525eb0a58632b1e270e9be26 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 12 2020 19:04:58 +0000 Subject: import podman-1.6.4-21.module+el8.3.0+7994+3dff63cb --- diff --git a/SOURCES/podman-1875289.patch b/SOURCES/podman-1875289.patch new file mode 100644 index 0000000..a6b013a --- /dev/null +++ b/SOURCES/podman-1875289.patch @@ -0,0 +1,74 @@ +From 868ee6db7057a63e09dc67b7448a6f13efcdddd3 Mon Sep 17 00:00:00 2001 +From: Valentin Rothberg +Date: Fri, 31 Jan 2020 14:59:49 +0100 +Subject: [PATCH] sigproxy: return after closing the channel + +When stopping signal handling (e.g., to properly handle ^C) we are also +closing the signal channel. We should really return from the go-routine +instead of continuing and risking double-closing the channel which leads +to a panic. + +Fixes: #5034 +Signed-off-by: Valentin Rothberg +--- + pkg/adapter/sigproxy_linux.go | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/pkg/adapter/sigproxy_linux.go b/pkg/adapter/sigproxy_linux.go +index ebfeab7253..35745a6aab 100644 +--- a/pkg/adapter/sigproxy_linux.go ++++ b/pkg/adapter/sigproxy_linux.go +@@ -25,11 +25,17 @@ func ProxySignals(ctr *libpod.Container) { + } + + if err := ctr.Kill(uint(s.(syscall.Signal))); err != nil { ++ // If the container dies, and we find out here, ++ // we need to forward that one signal to ++ // ourselves so that it is not lost, and then ++ // we terminate the proxy and let the defaults ++ // play out. + logrus.Errorf("Error forwarding signal %d to container %s: %v", s, ctr.ID(), err) + signal.StopCatch(sigBuffer) + if err := syscall.Kill(syscall.Getpid(), s.(syscall.Signal)); err != nil { + logrus.Errorf("failed to kill pid %d", syscall.Getpid()) + } ++ return + } + } + }() +From e6fba1e44898304a0c5560aaecdee53beda1034f Mon Sep 17 00:00:00 2001 +From: Brent Baude +Date: Fri, 13 Mar 2020 08:06:19 -0500 +Subject: [PATCH] eat signal 23 in signal proxy + +due to a change in golang-1.14 and it's changes to make go funcs with tight loops preemptive, signals are now getting "through" that never were before. + +From the golang-1.14 announce: + +Goroutines are now asynchronously preemptible. As a result, loops without function calls no longer potentially deadlock the scheduler or significantly delay garbage collection. This is supported on all platforms except windows/arm, darwin/arm, js/wasm, and plan9/*. + +A consequence of the implementation of preemption is that on Unix systems, including Linux and macOS systems, programs built with Go 1.14 will receive more signals than programs built with earlier releases. This means that programs that use packages like syscall or golang.org/x/sys/unix will see more slow system calls fail with EINTR errors. Those programs will have to handle those errors in some way, most likely looping to try the system call again. For more information about this see man 7 signal for Linux systems or similar documentation for other systems. + +Fixes #5483 + +Signed-off-by: Brent Baude +--- + pkg/adapter/sigproxy_linux.go | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/pkg/adapter/sigproxy_linux.go b/pkg/adapter/sigproxy_linux.go +index 8295e4250a..5695d0e429 100644 +--- a/pkg/adapter/sigproxy_linux.go ++++ b/pkg/adapter/sigproxy_linux.go +@@ -20,7 +20,10 @@ + for s := range sigBuffer { + // Ignore SIGCHLD and SIGPIPE - these are mostly likely + // intended for the podman command itself. +- if s == signal.SIGCHLD || s == signal.SIGPIPE { ++ // SIGURG was added because of golang 1.14 and its preemptive changes ++ // causing more signals to "show up". ++ // https://github.com/containers/libpod/issues/5483 ++ if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG { + continue + } + diff --git a/SPECS/podman.spec b/SPECS/podman.spec index b246ea9..86ef00c 100644 --- a/SPECS/podman.spec +++ b/SPECS/podman.spec @@ -29,7 +29,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl Name: podman Version: 1.6.4 -Release: 20%{?dist} +Release: 21%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 URL: https://%{name}.io/ @@ -59,6 +59,10 @@ Patch6: podman-CVE-2020-10696.patch # backported: https://github.com/containers/image/commit/81308749f70d6c40c6b0fea39ffe767bfe50da38.patch # patch: https://github.com/mheon/libpod/commit/b65de0f71c33ae1d3558132261f159e321c8edf1.patch Patch7: podman-1868603.patch +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1875289 +# patch: https://github.com/containers/podman/commit/868ee6db7057a63e09dc67b7448a6f13efcdddd3.patch +# patch: https://github.com/containers/podman/commit/e6fba1e44898304a0c5560aaecdee53beda1034f.patch +Patch8: podman-1875289.patch Provides: %{name}-manpages = %{version}-%{release} Obsoletes: %{name}-manpages < %{version}-%{release} BuildRequires: golang >= 1.12.12-4 @@ -358,6 +362,10 @@ exit 0 %{_datadir}/%{name}/test %changelog +* Thu Sep 10 2020 Jindrich Novy - 1.6.4-21 +- fix "podman run with --rm errors out/segfaults on rhel8.3" +- Resolves: #1875289 + * Thu Aug 20 2020 Jindrich Novy - 1.6.4-20 - bump release to preserve upgrade path - Related: #1868603