Make cwd required

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel 2016-01-14 18:21:36 -05:00
parent 4c767d7046
commit 269a717555
8 changed files with 53 additions and 5 deletions

View File

@ -134,10 +134,8 @@ func finalizeNamespace(config *initConfig) error {
if err := w.drop(); err != nil {
return err
}
if config.Cwd != "" {
if err := syscall.Chdir(config.Cwd); err != nil {
return err
}
if err := syscall.Chdir(config.Cwd); err != nil {
return err
}
return nil
}

View File

@ -82,6 +82,7 @@ func TestCheckpoint(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -150,6 +151,7 @@ func TestCheckpoint(t *testing.T) {
}
restoreProcessConfig := &libcontainer.Process{
Cwd: "/",
Stdin: restoreStdinR,
Stdout: &stdout,
}

View File

@ -208,6 +208,7 @@ func TestEnter(t *testing.T) {
var stdout, stdout2 bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"},
Env: standardEnvironment,
Stdin: stdinR,
@ -224,6 +225,7 @@ func TestEnter(t *testing.T) {
stdinR2, stdinW2, err := os.Pipe()
ok(t, err)
pconfig2 := libcontainer.Process{
Cwd: "/",
Env: standardEnvironment,
}
pconfig2.Args = []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"}
@ -290,6 +292,7 @@ func TestProcessEnv(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "env"},
Env: []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@ -341,6 +344,7 @@ func TestProcessCaps(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "cat /proc/self/status"},
Env: standardEnvironment,
Capabilities: processCaps,
@ -411,6 +415,7 @@ func TestAdditionalGroups(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "id", "-Gn"},
Env: standardEnvironment,
Stdin: nil,
@ -471,6 +476,7 @@ func testFreeze(t *testing.T, systemd bool) {
ok(t, err)
pconfig := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -667,6 +673,7 @@ func TestContainerState(t *testing.T) {
t.Fatal(err)
}
p := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -717,6 +724,7 @@ func TestPassExtraFiles(t *testing.T) {
pipeout1, pipein1, err := os.Pipe()
pipeout2, pipein2, err := os.Pipe()
process := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
Env: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
ExtraFiles: []*os.File{pipein1, pipein2},
@ -800,6 +808,7 @@ func TestMountCmds(t *testing.T) {
defer container.Destroy()
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "env"},
Env: standardEnvironment,
}
@ -846,6 +855,7 @@ func TestSysctl(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "cat /proc/sys/kernel/shmmni"},
Env: standardEnvironment,
Stdin: nil,
@ -985,6 +995,7 @@ func TestOomScoreAdj(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "cat /proc/self/oom_score_adj"},
Env: standardEnvironment,
Stdin: nil,
@ -1037,6 +1048,7 @@ func TestHook(t *testing.T) {
var stdout bytes.Buffer
pconfig := libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "ls /test"},
Env: standardEnvironment,
Stdin: nil,
@ -1143,6 +1155,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
ok(t, err)
pconfig := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -1170,6 +1183,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
ok(t, err)
pconfig2 := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat", "/proc/self/mountinfo"},
Env: standardEnvironment,
Stdin: stdinR2,
@ -1259,6 +1273,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
ok(t, err)
pconfig := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -1288,6 +1303,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
processCaps := append(config.Capabilities, "CAP_SYS_ADMIN")
pconfig2 := &libcontainer.Process{
Cwd: "/",
Args: []string{"mount", "--bind", dir2cont, dir2cont},
Env: standardEnvironment,
Stdin: stdinR2,

View File

@ -28,6 +28,7 @@ func TestExecIn(t *testing.T) {
stdinR, stdinW, err := os.Pipe()
ok(t, err)
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -39,6 +40,7 @@ func TestExecIn(t *testing.T) {
buffers := newStdBuffers()
ps := &libcontainer.Process{
Cwd: "/",
Args: []string{"ps"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
@ -73,6 +75,7 @@ func TestExecInRlimit(t *testing.T) {
stdinR, stdinW, err := os.Pipe()
ok(t, err)
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -84,6 +87,7 @@ func TestExecInRlimit(t *testing.T) {
buffers := newStdBuffers()
ps := &libcontainer.Process{
Cwd: "/",
Args: []string{"/bin/sh", "-c", "ulimit -n"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
@ -119,6 +123,7 @@ func TestExecInError(t *testing.T) {
stdinR, stdinW, err := os.Pipe()
ok(t, err)
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -136,6 +141,7 @@ func TestExecInError(t *testing.T) {
for i := 0; i < 42; i++ {
var out bytes.Buffer
unexistent := &libcontainer.Process{
Cwd: "/",
Args: []string{"unexistent"},
Env: standardEnvironment,
Stdout: &out,
@ -169,6 +175,7 @@ func TestExecInTTY(t *testing.T) {
stdinR, stdinW, err := os.Pipe()
ok(t, err)
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -180,6 +187,7 @@ func TestExecInTTY(t *testing.T) {
var stdout bytes.Buffer
ps := &libcontainer.Process{
Cwd: "/",
Args: []string{"ps"},
Env: standardEnvironment,
}
@ -224,6 +232,7 @@ func TestExecInEnvironment(t *testing.T) {
stdinR, stdinW, err := os.Pipe()
ok(t, err)
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -235,6 +244,7 @@ func TestExecInEnvironment(t *testing.T) {
buffers := newStdBuffers()
process2 := &libcontainer.Process{
Cwd: "/",
Args: []string{"env"},
Env: []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@ -286,6 +296,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
t.Fatal(err)
}
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -301,6 +312,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
pipeout1, pipein1, err := os.Pipe()
pipeout2, pipein2, err := os.Pipe()
inprocess := &libcontainer.Process{
Cwd: "/",
Args: []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
Env: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
ExtraFiles: []*os.File{pipein1, pipein2},
@ -357,6 +369,7 @@ func TestExecInOomScoreAdj(t *testing.T) {
stdinR, stdinW, err := os.Pipe()
ok(t, err)
process := &libcontainer.Process{
Cwd: "/",
Args: []string{"cat"},
Env: standardEnvironment,
Stdin: stdinR,
@ -368,6 +381,7 @@ func TestExecInOomScoreAdj(t *testing.T) {
buffers := newStdBuffers()
ps := &libcontainer.Process{
Cwd: "/",
Args: []string{"/bin/sh", "-c", "cat /proc/self/oom_score_adj"},
Env: standardEnvironment,
Stdin: buffers.Stdin,

View File

@ -42,6 +42,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {
buffers := newStdBuffers()
pwd := &libcontainer.Process{
Cwd: "/",
Args: []string{"pwd"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
@ -116,6 +117,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) {
buffers := newStdBuffers()
dmesg := &libcontainer.Process{
Cwd: "/",
Args: []string{"busybox", "ls", "/"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
@ -176,6 +178,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) {
buffers := newStdBuffers()
dmesg := &libcontainer.Process{
Cwd: "/",
Args: []string{"busybox", "ls", "does_not_exist"},
Env: standardEnvironment,
Stdin: buffers.Stdin,

View File

@ -113,6 +113,7 @@ func runContainer(config *configs.Config, console string, args ...string) (buffe
defer container.Destroy()
buffers = newStdBuffers()
process := &libcontainer.Process{
Cwd: "/",
Args: args,
Env: standardEnvironment,
Stdin: buffers.Stdin,

15
spec.go
View File

@ -53,6 +53,7 @@ var specCommand = cli.Command{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
},
Cwd: "/",
},
Hostname: "shell",
Mounts: []specs.MountPoint{
@ -290,6 +291,15 @@ var mountPropagationMapping = map[string]int{
"": syscall.MS_PRIVATE | syscall.MS_REC,
}
// validateSpec validates the fields in the spec
// TODO: Add validation for other fields where applicable
func validateSpec(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec) error {
if spec.Process.Cwd == "" {
return fmt.Errorf("Cwd property must not be empty")
}
return nil
}
// loadSpec loads the specification from the provided path.
// If the path is empty then the default path will be "config.json"
func loadSpec(cPath, rPath string) (spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, err error) {
@ -317,7 +327,10 @@ func loadSpec(cPath, rPath string) (spec *specs.LinuxSpec, rspec *specs.LinuxRun
if err = json.NewDecoder(rf).Decode(&rspec); err != nil {
return spec, rspec, err
}
return spec, rspec, checkSpecVersion(spec)
if err := checkSpecVersion(spec); err != nil {
return spec, rspec, err
}
return spec, rspec, validateSpec(spec, rspec)
}
// checkSpecVersion makes sure that the spec version matches runc's while we are in the initial

View File

@ -108,6 +108,7 @@ func startContainer(context *cli.Context, spec *specs.LinuxSpec, rspec *specs.Li
// ensure that the container is always removed if we were the process
// that created it.
defer destroy(container)
process := newProcess(spec.Process)
// Support on-demand socket activation by passing file descriptors into the container init process.