Make nsenter in reboot command optional

[bh185140]

Following #814 which added signal based reboot we could reduce the privilege of the kured pods. With this we could also look into reducing the privileges for the reboot command method which currently is limited by the need to enter the host namespace.

If nsenter was made optional or configurable, this allows a lot more flexibility in setting up reboot methods that are more secure. We can imitate signal reboot by sending signals as a command through /bin/kill. This can also indirectly solve #868 as we could also make the reboot command touch a reboot file.

[ckotzbauer]

But this only would work, if you can use binaries which are already inside the kured-image right? So maybe you use a custom-image?

[bh185140]

But this only would work, if you can use binaries which are already inside the kured-image right? So maybe you use a custom-image?

Yes, for the use cases I've listed

• systemd shutdown through signal can be done with /bin/kill already in the image
• path-based reboot mechanism #868 can be done with /bin/touch also already in the image on a mounted volume

I think it should be fairly small change that won't break any thing. Mainly need it for the reduced privileges as I can't use the new reboot signal methods since I need to run a small shell script in the command before hand.

[bh185140]

Main driver for this is mostly I needed a mechanism to trigger shutdowns as well as reboot. I could open up a separate issue for it I suppose, not sure if there would be enough interest in supporting shutdown on a reboot daemon. Though this could be a smaller change to go in.

[ckotzbauer]

Thanks for the explanations. Yes, both binaries are already present. For the path-based method we could just create a file with go-code at a configurable, mounted location. Shutdowns are not directly in scope of kured, I think.

[bh185140]

Happy to open up a PR for this if you think this change could go into Kured.
I see currently nsenter is done with /usr/bin/nsenter", fmt.Sprintf("-m/proc/%d/ns/mnt", pid), "-- where the pid is a constant 1. Can possibly replace it with a default argument --reboot-command-prefix="/usr/bin/nsenter -m/proc/1/ns/mnt --". Alternatively just make it boolean parameter on where or not we add nsenter.
What do you think?

[bh185140]

Raised a PR here if interested https://github.com/kubereboot/kured/pull/899/files

// PID set to 1, until we have a better discovery mechanism.

Saw this comment while making this. Could be another use case to support changing the PID as a configuration for rancher.

[bh185140]

@ckotzbauer Gentle bump for this thread

[ckotzbauer]

Thanks for the hint, I did a review.

[github-actions]

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).