> I am trying to understand the runc / libcontainer code and am currently
> trying to understand the role of the exec.fifo pipe.
The "execFifo" doesn't have anything to do with "runc exec" (the
similar names are unfortunate and I never realised that it would be
confusing in this way).
The purpose of the FIFO is for the `runc create` and `runc start`
split. `runc create` creates the containers and init process,
preparing everything needed in order for the user's init process to
start. Before it does the final execve(...) into the user's code, it
blocks on the "execFifo" (by attempting to write to it). This will
block until someone opens the FIFO for reading (which is what `runc
start` does).
`runc exec` works the same way no matter what the state of the
container's init is, it is /basically/ nsenter with a couple of extra
features (like being able to allocate a PTY for you and also running
programs through exec in a detached mode so there's no runc process
staying around).
> Also any clarification on how "start" and "exec" differ would also be
> appreciated (looks like start simply run the command in config.json ?)
`runc create` and `runc start` are what you want to use (in general,
there are special usecases for using `runc exec`) to create the
container and then start the init process you specified in
config.json. This is all defined by the runtime-spec's lifecycle
description. `runc exec` is an additional feature which allows you to
run additional processes in the container (without forking those
processes from the init process). It's basically the same as nsenter.
"start" and "exec" are completely different commands that do
completely different things.
--
Aleksa Sarai (cyphar)
www.cyphar.com