Merge pull request #475 from mrunalp/set_cwd

Make cwd required
2016-01-15 13:54:35 -08:00 · 2016-01-15 13:54:35 -08:00 · 54b07da69e
parent 6c9532f063 269a717555
commit 54b07da69e
8 changed files with 53 additions and 5 deletions
--- a/libcontainer/init_linux.go
+++ b/libcontainer/init_linux.go
@ -134,10 +134,8 @@ func finalizeNamespace(config *initConfig) error {
 	if err := w.drop(); err != nil {
 		return err
 	}
-	if config.Cwd != "" {
-		if err := syscall.Chdir(config.Cwd); err != nil {
-			return err
-		}
+	if err := syscall.Chdir(config.Cwd); err != nil {
+		return err
 	}
 	return nil
 }
--- a/libcontainer/integration/checkpoint_test.go
+++ b/libcontainer/integration/checkpoint_test.go
@ -82,6 +82,7 @@ func TestCheckpoint(t *testing.T) {
 	var stdout bytes.Buffer

 	pconfig := libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"cat"},
 		Env:    standardEnvironment,
 		Stdin:  stdinR,
@ -150,6 +151,7 @@ func TestCheckpoint(t *testing.T) {
 	}

 	restoreProcessConfig := &libcontainer.Process{
+		Cwd:    "/",
 		Stdin:  restoreStdinR,
 		Stdout: &stdout,
 	}
--- a/libcontainer/integration/exec_test.go
+++ b/libcontainer/integration/exec_test.go
@ -208,6 +208,7 @@ func TestEnter(t *testing.T) {
 	var stdout, stdout2 bytes.Buffer

 	pconfig := libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"},
 		Env:    standardEnvironment,
 		Stdin:  stdinR,
@ -224,6 +225,7 @@ func TestEnter(t *testing.T) {
 	stdinR2, stdinW2, err := os.Pipe()
 	ok(t, err)
 	pconfig2 := libcontainer.Process{
+		Cwd: "/",
 		Env: standardEnvironment,
 	}
 	pconfig2.Args = []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"}
@ -290,6 +292,7 @@ func TestProcessEnv(t *testing.T) {

 	var stdout bytes.Buffer
 	pconfig := libcontainer.Process{
+		Cwd:  "/",
 		Args: []string{"sh", "-c", "env"},
 		Env: []string{
 			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@ -341,6 +344,7 @@ func TestProcessCaps(t *testing.T) {

 	var stdout bytes.Buffer
 	pconfig := libcontainer.Process{
+		Cwd:          "/",
 		Args:         []string{"sh", "-c", "cat /proc/self/status"},
 		Env:          standardEnvironment,
 		Capabilities: processCaps,
@ -411,6 +415,7 @@ func TestAdditionalGroups(t *testing.T) {

 	var stdout bytes.Buffer
 	pconfig := libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"sh", "-c", "id", "-Gn"},
 		Env:    standardEnvironment,
 		Stdin:  nil,
@ -471,6 +476,7 @@ func testFreeze(t *testing.T, systemd bool) {
 	ok(t, err)

 	pconfig := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -667,6 +673,7 @@ func TestContainerState(t *testing.T) {
 		t.Fatal(err)
 	}
 	p := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -717,6 +724,7 @@ func TestPassExtraFiles(t *testing.T) {
 	pipeout1, pipein1, err := os.Pipe()
 	pipeout2, pipein2, err := os.Pipe()
 	process := libcontainer.Process{
+		Cwd:        "/",
 		Args:       []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
 		Env:        []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
 		ExtraFiles: []*os.File{pipein1, pipein2},
@ -800,6 +808,7 @@ func TestMountCmds(t *testing.T) {
 	defer container.Destroy()

 	pconfig := libcontainer.Process{
+		Cwd:  "/",
 		Args: []string{"sh", "-c", "env"},
 		Env:  standardEnvironment,
 	}
@ -846,6 +855,7 @@ func TestSysctl(t *testing.T) {

 	var stdout bytes.Buffer
 	pconfig := libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"sh", "-c", "cat /proc/sys/kernel/shmmni"},
 		Env:    standardEnvironment,
 		Stdin:  nil,
@ -985,6 +995,7 @@ func TestOomScoreAdj(t *testing.T) {

 	var stdout bytes.Buffer
 	pconfig := libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"sh", "-c", "cat /proc/self/oom_score_adj"},
 		Env:    standardEnvironment,
 		Stdin:  nil,
@ -1037,6 +1048,7 @@ func TestHook(t *testing.T) {

 	var stdout bytes.Buffer
 	pconfig := libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"sh", "-c", "ls /test"},
 		Env:    standardEnvironment,
 		Stdin:  nil,
@ -1143,6 +1155,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
 	ok(t, err)

 	pconfig := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -1170,6 +1183,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
 	ok(t, err)

 	pconfig2 := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"cat", "/proc/self/mountinfo"},
 		Env:    standardEnvironment,
 		Stdin:  stdinR2,
@ -1259,6 +1273,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
 	ok(t, err)

 	pconfig := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -1288,6 +1303,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
 	processCaps := append(config.Capabilities, "CAP_SYS_ADMIN")

 	pconfig2 := &libcontainer.Process{
+		Cwd:          "/",
 		Args:         []string{"mount", "--bind", dir2cont, dir2cont},
 		Env:          standardEnvironment,
 		Stdin:        stdinR2,
--- a/libcontainer/integration/execin_test.go
+++ b/libcontainer/integration/execin_test.go
@ -28,6 +28,7 @@ func TestExecIn(t *testing.T) {
 	stdinR, stdinW, err := os.Pipe()
 	ok(t, err)
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -39,6 +40,7 @@ func TestExecIn(t *testing.T) {

 	buffers := newStdBuffers()
 	ps := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"ps"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
@ -73,6 +75,7 @@ func TestExecInRlimit(t *testing.T) {
 	stdinR, stdinW, err := os.Pipe()
 	ok(t, err)
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -84,6 +87,7 @@ func TestExecInRlimit(t *testing.T) {

 	buffers := newStdBuffers()
 	ps := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"/bin/sh", "-c", "ulimit -n"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
@ -119,6 +123,7 @@ func TestExecInError(t *testing.T) {
 	stdinR, stdinW, err := os.Pipe()
 	ok(t, err)
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -136,6 +141,7 @@ func TestExecInError(t *testing.T) {
 	for i := 0; i < 42; i++ {
 		var out bytes.Buffer
 		unexistent := &libcontainer.Process{
+			Cwd:    "/",
 			Args:   []string{"unexistent"},
 			Env:    standardEnvironment,
 			Stdout: &out,
@ -169,6 +175,7 @@ func TestExecInTTY(t *testing.T) {
 	stdinR, stdinW, err := os.Pipe()
 	ok(t, err)
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -180,6 +187,7 @@ func TestExecInTTY(t *testing.T) {

 	var stdout bytes.Buffer
 	ps := &libcontainer.Process{
+		Cwd:  "/",
 		Args: []string{"ps"},
 		Env:  standardEnvironment,
 	}
@ -224,6 +232,7 @@ func TestExecInEnvironment(t *testing.T) {
 	stdinR, stdinW, err := os.Pipe()
 	ok(t, err)
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -235,6 +244,7 @@ func TestExecInEnvironment(t *testing.T) {

 	buffers := newStdBuffers()
 	process2 := &libcontainer.Process{
+		Cwd:  "/",
 		Args: []string{"env"},
 		Env: []string{
 			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@ -286,6 +296,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
 		t.Fatal(err)
 	}
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -301,6 +312,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
 	pipeout1, pipein1, err := os.Pipe()
 	pipeout2, pipein2, err := os.Pipe()
 	inprocess := &libcontainer.Process{
+		Cwd:        "/",
 		Args:       []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
 		Env:        []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
 		ExtraFiles: []*os.File{pipein1, pipein2},
@ -357,6 +369,7 @@ func TestExecInOomScoreAdj(t *testing.T) {
 	stdinR, stdinW, err := os.Pipe()
 	ok(t, err)
 	process := &libcontainer.Process{
+		Cwd:   "/",
 		Args:  []string{"cat"},
 		Env:   standardEnvironment,
 		Stdin: stdinR,
@ -368,6 +381,7 @@ func TestExecInOomScoreAdj(t *testing.T) {

 	buffers := newStdBuffers()
 	ps := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"/bin/sh", "-c", "cat /proc/self/oom_score_adj"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
--- a/libcontainer/integration/seccomp_test.go
+++ b/libcontainer/integration/seccomp_test.go
@ -42,6 +42,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {

 	buffers := newStdBuffers()
 	pwd := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"pwd"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
@ -116,6 +117,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) {

 	buffers := newStdBuffers()
 	dmesg := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"busybox", "ls", "/"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
@ -176,6 +178,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) {

 	buffers := newStdBuffers()
 	dmesg := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   []string{"busybox", "ls", "does_not_exist"},
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
--- a/libcontainer/integration/utils_test.go
+++ b/libcontainer/integration/utils_test.go
@ -113,6 +113,7 @@ func runContainer(config *configs.Config, console string, args ...string) (buffe
 	defer container.Destroy()
 	buffers = newStdBuffers()
 	process := &libcontainer.Process{
+		Cwd:    "/",
 		Args:   args,
 		Env:    standardEnvironment,
 		Stdin:  buffers.Stdin,
--- a/spec.go
+++ b/spec.go
@ -53,6 +53,7 @@ var specCommand = cli.Command{
 						"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 						"TERM=xterm",
 					},
+					Cwd: "/",
 				},
 				Hostname: "shell",
 				Mounts: []specs.MountPoint{
@ -290,6 +291,15 @@ var mountPropagationMapping = map[string]int{
 	"":         syscall.MS_PRIVATE | syscall.MS_REC,
 }

+// validateSpec validates the fields in the spec
+// TODO: Add validation for other fields where applicable
+func validateSpec(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec) error {
+	if spec.Process.Cwd == "" {
+		return fmt.Errorf("Cwd property must not be empty")
+	}
+	return nil
+}
+
 // loadSpec loads the specification from the provided path.
 // If the path is empty then the default path will be "config.json"
 func loadSpec(cPath, rPath string) (spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, err error) {
@ -317,7 +327,10 @@ func loadSpec(cPath, rPath string) (spec *specs.LinuxSpec, rspec *specs.LinuxRun
 	if err = json.NewDecoder(rf).Decode(&rspec); err != nil {
 		return spec, rspec, err
 	}
-	return spec, rspec, checkSpecVersion(spec)
+	if err := checkSpecVersion(spec); err != nil {
+		return spec, rspec, err
+	}
+	return spec, rspec, validateSpec(spec, rspec)
 }

 // checkSpecVersion makes sure that the spec version matches runc's while we are in the initial
--- a/start.go
+++ b/start.go
@ -108,6 +108,7 @@ func startContainer(context *cli.Context, spec *specs.LinuxSpec, rspec *specs.Li
 	// ensure that the container is always removed if we were the process
 	// that created it.
 	defer destroy(container)
+
 	process := newProcess(spec.Process)

 	// Support on-demand socket activation by passing file descriptors into the container init process.