runc/libcontainer/configs/namespaces_syscall.go

// +build linux

package configs

import "golang.org/x/sys/unix"

func (n *Namespace) Syscall() int {
	return namespaceInfo[n.Type]
}

// This is not yet in the Go stdlib.
const syscall_CLONE_NEWCGROUP = (1 << 29)

var namespaceInfo = map[NamespaceType]int{
	NEWNET:    unix.CLONE_NEWNET,
	NEWNS:     unix.CLONE_NEWNS,
	NEWUSER:   unix.CLONE_NEWUSER,
	NEWIPC:    unix.CLONE_NEWIPC,
	NEWUTS:    unix.CLONE_NEWUTS,
	NEWPID:    unix.CLONE_NEWPID,
	NEWCGROUP: syscall_CLONE_NEWCGROUP,
}

// CloneFlags parses the container's Namespaces options to set the correct
// flags on clone, unshare. This function returns flags only for new namespaces.
func (n *Namespaces) CloneFlags() uintptr {
	var flag int
	for _, v := range *n {
		if v.Path != "" {
			continue
		}
		flag |= namespaceInfo[v.Type]
	}
	return uintptr(flag)
}
Spit namespace syscall content for building on non-Linux libcontainer/configs is used by the docker user namespace proposed patchset to use IDMap for uid/gid maps across the codebase. Given the client uses some of this code, it needs to build on non-Linux. This separates out the Linux-only syscalls using build tags. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp) 2015-04-25 06:09:56 +08:00			`// +build linux`

			`package configs`

Move libcontainer to x/sys/unix Since syscall is outdated and broken for some architectures, use x/sys/unix instead. There are still some dependencies on the syscall package that will remain in syscall for the forseeable future: Errno Signal SysProcAttr Additionally: - os still uses syscall, so it needs to be kept for anything returning *os.ProcessState, such as process.Wait. Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com> 2017-05-10 05:38:27 +08:00			`import "golang.org/x/sys/unix"`
Spit namespace syscall content for building on non-Linux libcontainer/configs is used by the docker user namespace proposed patchset to use IDMap for uid/gid maps across the codebase. Given the client uses some of this code, it needs to build on non-Linux. This separates out the Linux-only syscalls using build tags. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp) 2015-04-25 06:09:56 +08:00
			`func (n *Namespace) Syscall() int {`
			`return namespaceInfo[n.Type]`
			`}`

libcontainer: implement CLONE_NEWCGROUP This is a very simple implementation because it doesn't require any configuration unlike the other namespaces, and in its current state it only masks paths. This feature is available in Linux 4.6+ and is enabled by default for kernels compiled with CONFIG_CGROUP=y. Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-04-26 12:04:22 +08:00			`// This is not yet in the Go stdlib.`
			`const syscall_CLONE_NEWCGROUP = (1 << 29)`

Spit namespace syscall content for building on non-Linux libcontainer/configs is used by the docker user namespace proposed patchset to use IDMap for uid/gid maps across the codebase. Given the client uses some of this code, it needs to build on non-Linux. This separates out the Linux-only syscalls using build tags. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp) 2015-04-25 06:09:56 +08:00			`var namespaceInfo = map[NamespaceType]int{`
libcontainer: implement CLONE_NEWCGROUP This is a very simple implementation because it doesn't require any configuration unlike the other namespaces, and in its current state it only masks paths. This feature is available in Linux 4.6+ and is enabled by default for kernels compiled with CONFIG_CGROUP=y. Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-04-26 12:04:22 +08:00			`NEWNET: unix.CLONE_NEWNET,`
			`NEWNS: unix.CLONE_NEWNS,`
			`NEWUSER: unix.CLONE_NEWUSER,`
			`NEWIPC: unix.CLONE_NEWIPC,`
			`NEWUTS: unix.CLONE_NEWUTS,`
			`NEWPID: unix.CLONE_NEWPID,`
			`NEWCGROUP: syscall_CLONE_NEWCGROUP,`
Spit namespace syscall content for building on non-Linux libcontainer/configs is used by the docker user namespace proposed patchset to use IDMap for uid/gid maps across the codebase. Given the client uses some of this code, it needs to build on non-Linux. This separates out the Linux-only syscalls using build tags. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp) 2015-04-25 06:09:56 +08:00			`}`

			`// CloneFlags parses the container's Namespaces options to set the correct`
fix typos Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-03-25 11:11:48 +08:00			`// flags on clone, unshare. This function returns flags only for new namespaces.`
Spit namespace syscall content for building on non-Linux libcontainer/configs is used by the docker user namespace proposed patchset to use IDMap for uid/gid maps across the codebase. Given the client uses some of this code, it needs to build on non-Linux. This separates out the Linux-only syscalls using build tags. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp) 2015-04-25 06:09:56 +08:00			`func (n *Namespaces) CloneFlags() uintptr {`
			`var flag int`
			`for _, v := range *n {`
			`if v.Path != "" {`
			`continue`
			`}`
			`flag \|= namespaceInfo[v.Type]`
			`}`
			`return uintptr(flag)`
			`}`