1 files changed, 41 insertions, 29 deletions

diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go
index b19620514e..f28507b046 100644
--- a/daemon/execdriver/native/create.go
+++ b/daemon/execdriver/native/create.go
@@ -9,6 +9,8 @@ import (
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/devices"
+	"github.com/docker/libcontainer/mount"
+	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/configuration"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
@@ -16,7 +18,7 @@ import (
 
 // createContainer populates and configures the container type with the
 // data provided by the execdriver.Command
-func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container, error) {
+func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, error) {
 	container := template.New()
 
 	container.Hostname = getEnv("HOSTNAME", c.Env)
@@ -26,65 +28,71 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container
 	container.Env = c.Env
 	container.Cgroups.Name = c.ID
 	container.Cgroups.AllowedDevices = c.AllowedDevices
-	container.DeviceNodes = c.AutoCreatedDevices
+	container.MountConfig.DeviceNodes = c.AutoCreatedDevices
+
 	// check to see if we are running in ramdisk to disable pivot root
-	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
-	container.Context["restrictions"] = "true"
+	container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
+	container.RestrictSys = true
 
 	if err := d.createNetwork(container, c); err != nil {
 		return nil, err
 	}
+
 	if c.Privileged {
 		if err := d.setPrivileged(container); err != nil {
 			return nil, err
 		}
 	}
+
 	if err := d.setupCgroups(container, c); err != nil {
 		return nil, err
 	}
+
 	if err := d.setupMounts(container, c); err != nil {
 		return nil, err
 	}
+
 	if err := d.setupLabels(container, c); err != nil {
 		return nil, err
 	}
+
 	cmds := make(map[string]*exec.Cmd)
 	d.Lock()
 	for k, v := range d.activeContainers {
 		cmds[k] = v.cmd
 	}
 	d.Unlock()
+
 	if err := configuration.ParseConfiguration(container, cmds, c.Config["native"]); err != nil {
 		return nil, err
 	}
+
 	return container, nil
 }
 
-func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.Command) error {
+func (d *driver) createNetwork(container *libcontainer.Config, c *execdriver.Command) error {
 	if c.Network.HostNetworking {
 		container.Namespaces["NEWNET"] = false
 		return nil
 	}
+
 	container.Networks = []*libcontainer.Network{
 		{
 			Mtu:     c.Network.Mtu,
 			Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
 			Gateway: "localhost",
 			Type:    "loopback",
-			Context: libcontainer.Context{},
 		},
 	}
 
 	if c.Network.Interface != nil {
 		vethNetwork := libcontainer.Network{
-			Mtu:     c.Network.Mtu,
-			Address: fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
-			Gateway: c.Network.Interface.Gateway,
-			Type:    "veth",
-			Context: libcontainer.Context{
-				"prefix": "veth",
-				"bridge": c.Network.Interface.Bridge,
-			},
+			Mtu:        c.Network.Mtu,
+			Address:    fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
+			Gateway:    c.Network.Interface.Gateway,
+			Type:       "veth",
+			Bridge:     c.Network.Interface.Bridge,
+			VethPrefix: "veth",
 		}
 		container.Networks = append(container.Networks, &vethNetwork)
 	}
@@ -93,6 +101,7 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.
 		d.Lock()
 		active := d.activeContainers[c.Network.ContainerID]
 		d.Unlock()
+
 		if active == nil || active.cmd.Process == nil {
 			return fmt.Errorf("%s is not a valid running container to join", c.Network.ContainerID)
 		}
@@ -100,34 +109,34 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.
 
 		nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
 		container.Networks = append(container.Networks, &libcontainer.Network{
-			Type: "netns",
-			Context: libcontainer.Context{
-				"nspath": nspath,
-			},
+			Type:   "netns",
+			NsPath: nspath,
 		})
 	}
+
 	return nil
 }
 
-func (d *driver) setPrivileged(container *libcontainer.Container) (err error) {
-	container.Capabilities = libcontainer.GetAllCapabilities()
+func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
+	container.Capabilities = capabilities.GetAllCapabilities()
 	container.Cgroups.AllowAllDevices = true
 
 	hostDeviceNodes, err := devices.GetHostDeviceNodes()
 	if err != nil {
 		return err
 	}
-	container.DeviceNodes = hostDeviceNodes
+	container.MountConfig.DeviceNodes = hostDeviceNodes
 
-	delete(container.Context, "restrictions")
+	container.RestrictSys = false
 
 	if apparmor.IsEnabled() {
-		container.Context["apparmor_profile"] = "unconfined"
+		container.AppArmorProfile = "unconfined"
 	}
+
 	return nil
 }
 
-func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.Command) error {
+func (d *driver) setupCgroups(container *libcontainer.Config, c *execdriver.Command) error {
 	if c.Resources != nil {
 		container.Cgroups.CpuShares = c.Resources.CpuShares
 		container.Cgroups.Memory = c.Resources.Memory
@@ -135,12 +144,13 @@ func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.C
 		container.Cgroups.MemorySwap = c.Resources.MemorySwap
 		container.Cgroups.CpusetCpus = c.Resources.Cpuset
 	}
+
 	return nil
 }
 
-func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Command) error {
+func (d *driver) setupMounts(container *libcontainer.Config, c *execdriver.Command) error {
 	for _, m := range c.Mounts {
-		container.Mounts = append(container.Mounts, libcontainer.Mount{
+		container.MountConfig.Mounts = append(container.MountConfig.Mounts, mount.Mount{
 			Type:        "bind",
 			Source:      m.Source,
 			Destination: m.Destination,
@@ -148,11 +158,13 @@ func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Co
 			Private:     m.Private,
 		})
 	}
+
 	return nil
 }
 
-func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error {
-	container.Context["process_label"] = c.Config["process_label"][0]
-	container.Context["mount_label"] = c.Config["mount_label"][0]
+func (d *driver) setupLabels(container *libcontainer.Config, c *execdriver.Command) error {
+	container.ProcessLabel = c.Config["process_label"][0]
+	container.MountConfig.MountLabel = c.Config["mount_label"][0]
+
 	return nil
 }