Update runc usage for new specs changes

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2016-03-10 14:18:39 -08:00
parent 9047912c35
commit 47eaa08f5a
8 changed files with 103 additions and 103 deletions

View File

@ -10,7 +10,7 @@ import (
"strings"
"github.com/codegangsta/cli"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
var execCommand = cli.Command{

View File

@ -6,7 +6,7 @@ import (
"github.com/Sirupsen/logrus"
"github.com/codegangsta/cli"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
const (
@ -59,7 +59,7 @@ func main() {
},
cli.StringFlag{
Name: "root",
Value: specs.LinuxStateDirectory,
Value: "/run/runc",
Usage: "root directory for storage of container state (this should be located in tmpfs)",
},
cli.StringFlag{

View File

@ -10,7 +10,7 @@ import (
"github.com/codegangsta/cli"
"github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
var restoreCommand = cli.Command{
@ -100,7 +100,7 @@ using the runc checkpoint command.`,
},
}
func restoreContainer(context *cli.Context, spec *specs.LinuxSpec, config *configs.Config, imagePath string) (code int, err error) {
func restoreContainer(context *cli.Context, spec *specs.Spec, config *configs.Config, imagePath string) (code int, err error) {
var (
rootuid = 0
id = context.Args().First()

178
spec.go
View File

@ -18,7 +18,7 @@ import (
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libcontainer/seccomp"
libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
var specCommand = cli.Command{
@ -34,79 +34,84 @@ var specCommand = cli.Command{
},
},
Action: func(context *cli.Context) {
spec := specs.LinuxSpec{
Spec: specs.Spec{
Version: specs.Version,
Platform: specs.Platform{
OS: runtime.GOOS,
Arch: runtime.GOARCH,
spec := specs.Spec{
Version: specs.Version,
Platform: specs.Platform{
OS: runtime.GOOS,
Arch: runtime.GOARCH,
},
Root: specs.Root{
Path: "rootfs",
Readonly: true,
},
Process: specs.Process{
Terminal: true,
User: specs.User{},
Args: []string{
"sh",
},
Root: specs.Root{
Path: "rootfs",
Readonly: true,
Env: []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
},
Process: specs.Process{
Terminal: true,
User: specs.User{},
Args: []string{
"sh",
},
Env: []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
},
Cwd: "/",
NoNewPrivileges: true,
Capabilities: []string{
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
Cwd: "/",
NoNewPrivileges: true,
Capabilities: []string{
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
},
Rlimits: []specs.Rlimit{
{
Type: "RLIMIT_NOFILE",
Hard: uint64(1024),
Soft: uint64(1024),
},
},
Hostname: "shell",
Mounts: []specs.Mount{
{
Destination: "/proc",
Type: "proc",
Source: "proc",
Options: nil,
},
{
Destination: "/dev",
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
},
{
Destination: "/dev/pts",
Type: "devpts",
Source: "devpts",
Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
},
{
Destination: "/dev/shm",
Type: "tmpfs",
Source: "shm",
Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
},
{
Destination: "/dev/mqueue",
Type: "mqueue",
Source: "mqueue",
Options: []string{"nosuid", "noexec", "nodev"},
},
{
Destination: "/sys",
Type: "sysfs",
Source: "sysfs",
Options: []string{"nosuid", "noexec", "nodev", "ro"},
},
{
Destination: "/sys/fs/cgroup",
Type: "cgroup",
Source: "cgroup",
Options: []string{"nosuid", "noexec", "nodev", "relatime", "ro"},
},
},
Hostname: "runc",
Mounts: []specs.Mount{
{
Destination: "/proc",
Type: "proc",
Source: "proc",
Options: nil,
},
{
Destination: "/dev",
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
},
{
Destination: "/dev/pts",
Type: "devpts",
Source: "devpts",
Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
},
{
Destination: "/dev/shm",
Type: "tmpfs",
Source: "shm",
Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
},
{
Destination: "/dev/mqueue",
Type: "mqueue",
Source: "mqueue",
Options: []string{"nosuid", "noexec", "nodev"},
},
{
Destination: "/sys",
Type: "sysfs",
Source: "sysfs",
Options: []string{"nosuid", "noexec", "nodev", "ro"},
},
{
Destination: "/sys/fs/cgroup",
Type: "cgroup",
Source: "cgroup",
Options: []string{"nosuid", "noexec", "nodev", "relatime", "ro"},
},
},
Linux: specs.Linux{
@ -135,13 +140,6 @@ var specCommand = cli.Command{
Type: "mount",
},
},
Rlimits: []specs.Rlimit{
{
Type: "RLIMIT_NOFILE",
Hard: uint64(1024),
Soft: uint64(1024),
},
},
},
}
@ -201,7 +199,7 @@ var mountPropagationMapping = map[string]int{
// validateSpec validates the fields in the spec
// TODO: Add validation for other fields where applicable
func validateSpec(spec *specs.LinuxSpec) error {
func validateSpec(spec *specs.Spec) error {
if spec.Process.Cwd == "" {
return fmt.Errorf("Cwd property must not be empty")
}
@ -213,7 +211,7 @@ func validateSpec(spec *specs.LinuxSpec) error {
// loadSpec loads the specification from the provided path.
// If the path is empty then the default path will be "config.json"
func loadSpec(cPath string) (spec *specs.LinuxSpec, err error) {
func loadSpec(cPath string) (spec *specs.Spec, err error) {
cf, err := os.Open(cPath)
if err != nil {
if os.IsNotExist(err) {
@ -229,7 +227,7 @@ func loadSpec(cPath string) (spec *specs.LinuxSpec, err error) {
return spec, validateSpec(spec)
}
func createLibcontainerConfig(cgroupName string, spec *specs.LinuxSpec) (*configs.Config, error) {
func createLibcontainerConfig(cgroupName string, spec *specs.Spec) (*configs.Config, error) {
// runc's cwd will always be the bundle path
rcwd, err := os.Getwd()
if err != nil {
@ -280,7 +278,7 @@ func createLibcontainerConfig(cgroupName string, spec *specs.LinuxSpec) (*config
if err := setupUserNamespace(spec, config); err != nil {
return nil, err
}
for _, rlimit := range spec.Linux.Rlimits {
for _, rlimit := range spec.Process.Rlimits {
rl, err := createLibContainerRlimit(rlimit)
if err != nil {
return nil, err
@ -295,11 +293,13 @@ func createLibcontainerConfig(cgroupName string, spec *specs.LinuxSpec) (*config
// set extra path masking for libcontainer for the various unsafe places in proc
config.MaskPaths = maskedPaths
config.ReadonlyPaths = readonlyPaths
seccomp, err := setupSeccomp(&spec.Linux.Seccomp)
if err != nil {
return nil, err
if spec.Linux.Seccomp != nil {
seccomp, err := setupSeccomp(spec.Linux.Seccomp)
if err != nil {
return nil, err
}
config.Seccomp = seccomp
}
config.Seccomp = seccomp
config.Sysctl = spec.Linux.Sysctl
if oomScoreAdj := spec.Linux.Resources.OOMScoreAdj; oomScoreAdj != nil {
config.OomScoreAdj = *oomScoreAdj
@ -330,7 +330,7 @@ func createLibcontainerMount(cwd string, m specs.Mount) *configs.Mount {
}
}
func createCgroupConfig(name string, spec *specs.LinuxSpec) (*configs.Cgroup, error) {
func createCgroupConfig(name string, spec *specs.Spec) (*configs.Cgroup, error) {
var (
err error
myCgroupPath string
@ -506,7 +506,7 @@ func stringToDeviceRune(s string) (rune, error) {
}
}
func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
func createDevices(spec *specs.Spec, config *configs.Config) error {
// add whitelisted devices
config.Devices = []*configs.Device{
{
@ -591,7 +591,7 @@ func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
return nil
}
func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
func setupUserNamespace(spec *specs.Spec, config *configs.Config) error {
if len(spec.Linux.UIDMappings) == 0 {
return nil
}
@ -776,7 +776,7 @@ func setupSeccomp(config *specs.Seccomp) (*configs.Seccomp, error) {
return newConfig, nil
}
func createHooks(rspec *specs.LinuxSpec, config *configs.Config) {
func createHooks(rspec *specs.Spec, config *configs.Config) {
config.Hooks = &configs.Hooks{}
for _, h := range rspec.Hooks.Prestart {
cmd := configs.Command{

View File

@ -6,13 +6,13 @@ import (
"strings"
"testing"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
func TestLinuxCgroupsPathSpecified(t *testing.T) {
cgroupsPath := "/user/cgroups/path/id"
spec := &specs.LinuxSpec{}
spec := &specs.Spec{}
spec.Linux.CgroupsPath = &cgroupsPath
cgroup, err := createCgroupConfig("ContainerID", spec)
@ -26,7 +26,7 @@ func TestLinuxCgroupsPathSpecified(t *testing.T) {
}
func TestLinuxCgroupsPathNotSpecified(t *testing.T) {
spec := &specs.LinuxSpec{}
spec := &specs.Spec{}
cgroup, err := createCgroupConfig("ContainerID", spec)
if err != nil {

View File

@ -9,7 +9,7 @@ import (
"github.com/codegangsta/cli"
"github.com/coreos/go-systemd/activation"
"github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
// default action is to start a container
@ -91,7 +91,7 @@ var initCommand = cli.Command{
},
}
func startContainer(context *cli.Context, spec *specs.LinuxSpec) (int, error) {
func startContainer(context *cli.Context, spec *specs.Spec) (int, error) {
id := context.Args().First()
if id == "" {
return -1, errEmptyID

View File

@ -12,7 +12,7 @@ import (
// cState represents the platform agnostic pieces relating to a running
// container's status and state. Note: The fields in this structure adhere to
// the opencontainers/specs requirement for json fields that must be returned
// the opencontainers/specs/specs-go requirement for json fields that must be returned
// in a state command.
type cState struct {
// Version is the OCI version for the container

View File

@ -15,7 +15,7 @@ import (
"github.com/codegangsta/cli"
"github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/specs"
"github.com/opencontainers/specs/specs-go"
)
const wildcard = -1
@ -264,7 +264,7 @@ func dupStdio(process *libcontainer.Process, rootuid int) error {
// If systemd is supporting sd_notify protocol, this function will add support
// for sd_notify protocol from within the container.
func setupSdNotify(spec *specs.LinuxSpec, notifySocket string) {
func setupSdNotify(spec *specs.Spec, notifySocket string) {
spec.Mounts = append(spec.Mounts, specs.Mount{Destination: notifySocket, Type: "bind", Source: notifySocket, Options: []string{"bind"}})
spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notifySocket))
}
@ -309,7 +309,7 @@ func createPidFile(path string, process *libcontainer.Process) error {
return err
}
func createContainer(context *cli.Context, id string, spec *specs.LinuxSpec) (libcontainer.Container, error) {
func createContainer(context *cli.Context, id string, spec *specs.Spec) (libcontainer.Container, error) {
config, err := createLibcontainerConfig(id, spec)
if err != nil {
return nil, err