runc fails if run with _LIBCONTAINER_INITPIPE env var set

[ningmingxiao]

Description

runc can't run if use custom env

Steps to reproduce the issue

1.export _LIBCONTAINER_INITPIPE=1111a
2.root@LIN-FB738BFD367 runc]# runc list
FATAL: could not inform the parent we are past initial setup: Bad file descriptor
3.[root@LIN-FB738BFD367 runc]# ./runc -v
FATAL: could not inform the parent we are past initial setup: Bad file descriptor
[root@LIN-FB738BFD367 mycontainer]# ./runc run test001
FATAL: could not inform the parent we are past initial setup: Bad file descriptor

Describe the results you received and expected

runc can run well

What version of runc are you using?

1.1.12

Host OS information

ubuntu/centos linux

Host kernel information

any kernel

[ningmingxiao]

this pr may fix #4339

[kolyshkin]

@ningmingxiao just curious, how did you discovered this issue?

[ningmingxiao]

@ningmingxiao just curious, how did you discovered this issue?

I study runc code to solve our problem, find runc call nsexec every time. I find runc use some custom env like _LIBCONTAINER_INITPIPE.
I want runc doesn't call nsexec every time. but can't find some good way.

[kolyshkin]

From what I see, this is not a real issue, but rather an observation that comes from reading the source code.

I want runc doesn't call nsexec every time. but can't find some good way.

You can build your own runtime using libcontainer stuff, and have a separate init binary, too.

As pointed out by @cyphar in #4343, we want to keep runc as a single binary. Also, nsexec should be executed before Go runtime. With these requirements, it's impossible to not run nsexec.