2015-02-07 04:48:57 +08:00
|
|
|
// +build linux
|
|
|
|
|
|
|
|
package libcontainer
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/docker/libcontainer/apparmor"
|
|
|
|
"github.com/docker/libcontainer/configs"
|
|
|
|
"github.com/docker/libcontainer/label"
|
|
|
|
"github.com/docker/libcontainer/system"
|
|
|
|
)
|
|
|
|
|
|
|
|
// linuxSetnsInit performs the container's initialization for running a new process
|
|
|
|
// inside an existing container.
|
|
|
|
type linuxSetnsInit struct {
|
|
|
|
args []string
|
2015-02-07 11:16:11 +08:00
|
|
|
env []string
|
2015-02-07 04:48:57 +08:00
|
|
|
config *configs.Config
|
|
|
|
}
|
|
|
|
|
|
|
|
func (l *linuxSetnsInit) Init() error {
|
|
|
|
if err := setupRlimits(l.config); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := finalizeNamespace(l.config); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if l.config.ProcessLabel != "" {
|
|
|
|
if err := label.SetProcessLabel(l.config.ProcessLabel); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2015-02-07 11:16:11 +08:00
|
|
|
return system.Execv(l.args[0], l.args[0:], l.env)
|
2015-02-07 04:48:57 +08:00
|
|
|
}
|