diff options
Diffstat (limited to 'vendor/src/github.com/docker/libcontainer/namespaces/init.go')
-rw-r--r-- | vendor/src/github.com/docker/libcontainer/namespaces/init.go | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/vendor/src/github.com/docker/libcontainer/namespaces/init.go b/vendor/src/github.com/docker/libcontainer/namespaces/init.go index e89afdb47e..53d2611b89 100644 --- a/vendor/src/github.com/docker/libcontainer/namespaces/init.go +++ b/vendor/src/github.com/docker/libcontainer/namespaces/init.go @@ -23,9 +23,17 @@ import ( "github.com/dotcloud/docker/pkg/user" ) +// TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work. +// Move this to libcontainer package. // Init is the init process that first runs inside a new namespace to setup mounts, users, networking, // and other options required for the new container. -func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) error { +func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) (err error) { + defer func() { + if err != nil { + syncPipe.ReportChildError(err) + } + }() + rootfs, err := utils.ResolveRootfs(uncleanRootfs) if err != nil { return err @@ -38,12 +46,10 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, } // We always read this as it is a way to sync with the parent as well - context, err := syncPipe.ReadFromParent() + networkState, err := syncPipe.ReadFromParent() if err != nil { - syncPipe.Close() return err } - syncPipe.Close() if consolePath != "" { if err := console.OpenAndDup(consolePath); err != nil { @@ -58,7 +64,7 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, return fmt.Errorf("setctty %s", err) } } - if err := setupNetwork(container, context); err != nil { + if err := setupNetwork(container, networkState); err != nil { return fmt.Errorf("setup networking %s", err) } if err := setupRoute(container); err != nil { @@ -67,9 +73,12 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, label.Init() - if err := mount.InitializeMountNamespace(rootfs, consolePath, container); err != nil { + if err := mount.InitializeMountNamespace(rootfs, + consolePath, + (*mount.MountConfig)(container.MountConfig)); err != nil { return fmt.Errorf("setup mount namespace %s", err) } + if container.Hostname != "" { if err := system.Sethostname(container.Hostname); err != nil { return fmt.Errorf("sethostname %s", err) @@ -78,13 +87,16 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, runtime.LockOSThread() - if err := apparmor.ApplyProfile(container.Context["apparmor_profile"]); err != nil { - return fmt.Errorf("set apparmor profile %s: %s", container.Context["apparmor_profile"], err) + if err := apparmor.ApplyProfile(container.AppArmorProfile); err != nil { + return fmt.Errorf("set apparmor profile %s: %s", container.AppArmorProfile, err) } - if err := label.SetProcessLabel(container.Context["process_label"]); err != nil { + + if err := label.SetProcessLabel(container.ProcessLabel); err != nil { return fmt.Errorf("set process label %s", err) } - if container.Context["restrictions"] != "" { + + // TODO: (crosbymichael) make this configurable at the Config level + if container.RestrictSys { if err := restrict.Restrict("proc/sys", "proc/sysrq-trigger", "proc/irq", "proc/bus", "sys"); err != nil { return err } @@ -157,14 +169,14 @@ func SetupUser(u string) error { // setupVethNetwork uses the Network config if it is not nil to initialize // the new veth interface inside the container for use by changing the name to eth0 // setting the MTU and IP address along with the default gateway -func setupNetwork(container *libcontainer.Container, context libcontainer.Context) error { +func setupNetwork(container *libcontainer.Config, networkState *network.NetworkState) error { for _, config := range container.Networks { strategy, err := network.GetStrategy(config.Type) if err != nil { return err } - err1 := strategy.Initialize(config, context) + err1 := strategy.Initialize((*network.Network)(config), networkState) if err1 != nil { return err1 } @@ -172,7 +184,7 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex return nil } -func setupRoute(container *libcontainer.Container) error { +func setupRoute(container *libcontainer.Config) error { for _, config := range container.Routes { if err := netlink.AddRoute(config.Destination, config.Source, config.Gateway, config.InterfaceName); err != nil { return err @@ -184,7 +196,7 @@ func setupRoute(container *libcontainer.Container) error { // FinalizeNamespace drops the caps, sets the correct user // and working dir, and closes any leaky file descriptors // before execing the command inside the namespace -func FinalizeNamespace(container *libcontainer.Container) error { +func FinalizeNamespace(container *libcontainer.Config) error { // Ensure that all non-standard fds we may have accidentally // inherited are marked close-on-exec so they stay out of the // container @@ -193,7 +205,7 @@ func FinalizeNamespace(container *libcontainer.Container) error { } // drop capabilities in bounding set before changing user - if err := capabilities.DropBoundingSet(container); err != nil { + if err := capabilities.DropBoundingSet(container.Capabilities); err != nil { return fmt.Errorf("drop bounding set %s", err) } @@ -211,7 +223,7 @@ func FinalizeNamespace(container *libcontainer.Container) error { } // drop all other capabilities - if err := capabilities.DropCapabilities(container); err != nil { + if err := capabilities.DropCapabilities(container.Capabilities); err != nil { return fmt.Errorf("drop capabilities %s", err) } @@ -224,7 +236,7 @@ func FinalizeNamespace(container *libcontainer.Container) error { return nil } -func LoadContainerEnvironment(container *libcontainer.Container) error { +func LoadContainerEnvironment(container *libcontainer.Config) error { os.Clearenv() for _, pair := range container.Env { p := strings.SplitN(pair, "=", 2) |