jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1 from crosbymichael/refactor-fixes 

This fixes mount and networking
This commit is contained in:
Vish Kannan 2014-06-23 15:55:08 -07:00
parent 952b884882 0023305afc
commit 626420b6c4
7 changed files with 162 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
container.go
View File

@ -13,7 +13,7 @@ type Network network.Network
// Container defines configuration options for executing a process inside a contained environment
type Container struct {
// Mount specific options.
MountConfig MountConfig `json:"mount_config,omitempty"`
MountConfig *MountConfig `json:"mount_config,omitempty"`
// Hostname optionally sets the container's hostname if provided
Hostname string `json:"hostname,omitempty"`

54
container_test.go
View File

@ -4,6 +4,8 @@ import (
"encoding/json"
"os"
"testing"
"github.com/docker/libcontainer/devices"
)
// Checks whether the expected capability is specified in the capabilities.
@ -16,6 +18,20 @@ func contains(expected string, values []string) bool {
return false
}
func containsDevice(expected *devices.Device, values []*devices.Device) bool {
for _, d := range values {
if d.Path == expected.Path &&
d.CgroupPermissions == expected.CgroupPermissions &&
d.FileMode == expected.FileMode &&
d.MajorNumber == expected.MajorNumber &&
d.MinorNumber == expected.MinorNumber &&
d.Type == expected.Type {
return true
}
}
return false
}
func TestContainerJsonFormat(t *testing.T) {
f, err := os.Open("sample_configs/attach_to_bridge.json")
if err != nil {
@ -61,4 +77,42 @@ func TestContainerJsonFormat(t *testing.T) {
t.Log("capabilities mask should contain SYS_CHROOT")
t.Fail()
}
for _, n := range container.Networks {
if n.Type == "veth" {
if n.Bridge != "docker0" {
t.Logf("veth bridge should be docker0 but received %q", n.Bridge)
t.Fail()
}
if n.Address != "172.17.0.101/16" {
t.Logf("veth address should be 172.17.0.101/61 but received %q", n.Address)
t.Fail()
}
if n.VethPrefix != "veth" {
t.Logf("veth prefix should be veth but received %q", n.VethPrefix)
t.Fail()
}
if n.Gateway != "172.17.42.1" {
t.Logf("veth gateway should be 172.17.42.1 but received %q", n.Gateway)
t.Fail()
}
if n.Mtu != 1500 {
t.Logf("veth mtu should be 1500 but received %d", n.Mtu)
t.Fail()
}
break
}
}
for _, d := range devices.DefaultSimpleDevices {
if !containsDevice(d, container.MountConfig.DeviceNodes) {
t.Logf("expected defice configuration for %s", d.Path)
t.Fail()
}
}
}

2
namespaces/init.go
View File

@ -71,7 +71,7 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string,
if err := mount.InitializeMountNamespace(rootfs,
consolePath,
(*mount.MountConfig)(&container.MountConfig)); err != nil {
(*mount.MountConfig)(container.MountConfig)); err != nil {
return fmt.Errorf("setup mount namespace %s", err)
}
if container.Hostname != "" {

2
network/types.go
View File

@ -15,7 +15,7 @@ type Network struct {
Bridge string `json:"bridge,omitempty"`
// Prefix for the veth interfaces.
VethPrefix string `json:"type,omitempty"`
VethPrefix string `json:"veth_prefix,omitempty"`
// Address contains the IP and mask to set on the network interface
Address string `json:"address,omitempty"`

115
sample_configs/attach_to_bridge.json
View File

@ -121,66 +121,61 @@
"process_label": "",
"restrictions": "true"
},
"device_nodes": [
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 229,
"path": "/dev/fuse",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"path": "/dev/random",
"type": 99
}
],
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"path": "/dev/random",
"type": 99
}
]
},
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HOSTNAME=2d388ea3bd92",
"HOSTNAME=koye",
"TERM=xterm"
],
"hostname": "koye",
@ -200,10 +195,8 @@
},
{
"address": "172.17.0.101/16",
"context": {
"bridge": "docker0",
"prefix": "veth"
},
"bridge": "docker0",
"veth_prefix": "veth",
"gateway": "172.17.42.1",
"mtu": 1500,
"type": "veth"

100
sample_configs/minimal.json
View File

@ -121,55 +121,57 @@
"process_label": "",
"restrictions": "true"
},
"device_nodes": [
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"path": "/dev/random",
"type": 99
}
],
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"path": "/dev/random",
"type": 99
}
]
},
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

17
utils.go
View File

@ -1,17 +0,0 @@
package libcontainer
import (
"github.com/docker/libcontainer/security/capabilities"
)
func GetAllCapabilities() []string {
return capabilities.GetAllCapabilities()
}
func DropBoundingSet(container *Container) error {
return capabilities.DropBoundingSet(container.Capabilities)
}
func DropCapabilities(container *Container) error {
return capabilities.DropCapabilities(container.Capabilities)
}