From d4e58593704e9dd07408e8d884e5723d56e86ddf Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <ruediger.pluem@vodafone.com>
Date: Fri, 7 Feb 2025 12:18:14 +0100
Subject: [PATCH] Do not close file descriptors when executing podman

Do not close file descriptors when executing podman. This allows
externally created file descriptors to be passed to containers.
These file descriptors might have been created through systemd
socket activation. See also
https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md#socket-activation-of-containers

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>
---
 newsfragments/do_not_close_fds.feature | 4 ++++
 podman_compose.py                      | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 newsfragments/do_not_close_fds.feature

diff --git a/newsfragments/do_not_close_fds.feature b/newsfragments/do_not_close_fds.feature
new file mode 100644
index 0000000..d9ae574
--- /dev/null
+++ b/newsfragments/do_not_close_fds.feature
@@ -0,0 +1,4 @@
+- Do not close file descriptors when executing podman. This allows
+  externally created file descriptors to be passed to containers.
+  These file descriptors might have been created through
+  [systemd socket activation](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md#socket-activation-of-containers).
diff --git a/podman_compose.py b/podman_compose.py
index 3d1500d..ea4bb9f 100755
--- a/podman_compose.py
+++ b/podman_compose.py
@@ -1506,7 +1506,10 @@ class Podman:
 
             if log_formatter is not None:
                 p = await asyncio.create_subprocess_exec(
-                    *cmd_ls, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
+                    *cmd_ls,
+                    stdout=asyncio.subprocess.PIPE,
+                    stderr=asyncio.subprocess.PIPE,
+                    close_fds=False,
                 )  # pylint: disable=consider-using-with
 
                 # This is hacky to make the tasks not get garbage collected
@@ -1524,7 +1527,7 @@ class Podman:
                 err_t.add_done_callback(task_reference.discard)
 
             else:
-                p = await asyncio.create_subprocess_exec(*cmd_ls)  # pylint: disable=consider-using-with
+                p = await asyncio.create_subprocess_exec(*cmd_ls, close_fds=False)  # pylint: disable=consider-using-with
 
             try:
                 exit_code = await p.wait()