libcontainer: create Cwd when it does not exist
The benefit for doing this within runc is that it works well with userns. Actually, runc already does the same thing for mount points. Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This commit is contained in:
parent
0351df1c5a
commit
2edd36fdff
|
@ -40,7 +40,8 @@ func needsSetupDev(config *configs.Config) bool {
|
||||||
// prepareRootfs sets up the devices, mount points, and filesystems for use
|
// prepareRootfs sets up the devices, mount points, and filesystems for use
|
||||||
// inside a new mount namespace. It doesn't set anything as ro. You must call
|
// inside a new mount namespace. It doesn't set anything as ro. You must call
|
||||||
// finalizeRootfs after this function to finish setting up the rootfs.
|
// finalizeRootfs after this function to finish setting up the rootfs.
|
||||||
func prepareRootfs(pipe io.ReadWriter, config *configs.Config) (err error) {
|
func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) {
|
||||||
|
config := iConfig.Config
|
||||||
if err := prepareRoot(config); err != nil {
|
if err := prepareRoot(config); err != nil {
|
||||||
return newSystemErrorWithCause(err, "preparing rootfs")
|
return newSystemErrorWithCause(err, "preparing rootfs")
|
||||||
}
|
}
|
||||||
|
@ -80,6 +81,7 @@ func prepareRootfs(pipe io.ReadWriter, config *configs.Config) (err error) {
|
||||||
// The hooks are run after the mounts are setup, but before we switch to the new
|
// The hooks are run after the mounts are setup, but before we switch to the new
|
||||||
// root, so that the old root is still available in the hooks for any mount
|
// root, so that the old root is still available in the hooks for any mount
|
||||||
// manipulations.
|
// manipulations.
|
||||||
|
// Note that iConfig.Cwd is not guaranteed to exist here.
|
||||||
if err := syncParentHooks(pipe); err != nil {
|
if err := syncParentHooks(pipe); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -111,6 +113,14 @@ func prepareRootfs(pipe io.ReadWriter, config *configs.Config) (err error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cwd := iConfig.Cwd; cwd != "" {
|
||||||
|
// Note that spec.Process.Cwd can contain unclean value like "../../../../foo/bar...".
|
||||||
|
// However, we are safe to call MkDirAll directly because we are in the jail here.
|
||||||
|
if err := os.MkdirAll(cwd, 0755); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -68,7 +68,7 @@ func (l *linuxStandardInit) Init() error {
|
||||||
|
|
||||||
// prepareRootfs() can be executed only for a new mount namespace.
|
// prepareRootfs() can be executed only for a new mount namespace.
|
||||||
if l.config.Config.Namespaces.Contains(configs.NEWNS) {
|
if l.config.Config.Namespaces.Contains(configs.NEWNS) {
|
||||||
if err := prepareRootfs(l.pipe, l.config.Config); err != nil {
|
if err := prepareRootfs(l.pipe, l.config); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue