jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libcontainer: move Config in a separate package 

We are going to import the namespaces package into libcontainer,
so libcontainer should not be imported into namespaces.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
This commit is contained in:
Andrey Vagin 2014-12-17 12:12:23 +03:00
parent 44024d0c47
commit 7038ddbc8c
19 changed files with 76 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.go → configs/config.go
View File

@ -1,4 +1,4 @@
package libcontainer
package configs
import (
"github.com/docker/libcontainer/cgroups"

4
config_test.go → configs/config_test.go
View File

@ -1,4 +1,4 @@
package libcontainer
package configs
import (
"encoding/json"
@ -34,7 +34,7 @@ func containsDevice(expected *devices.Device, values []*devices.Device) bool {
}
func loadConfig(name string) (*Config, error) {
f, err := os.Open(filepath.Join("sample_configs", name))
f, err := os.Open(filepath.Join("../sample_configs", name))
if err != nil {
return nil, err
}

6
container.go
View File

@ -3,6 +3,10 @@ NOTE: The API is in flux and mainly not implemented. Proceed with caution until
*/
package libcontainer
import (
"github.com/docker/libcontainer/configs"
)
// A libcontainer container object.
//
// Each container is thread-safe within the same process. Since a container can
@ -20,7 +24,7 @@ type Container interface {
RunState() (RunState, error)
// Returns the current config of the container.
Config() *Config
Config() *configs.Config
// Returns the PIDs inside this container. The PIDs are in the namespace of the calling process.
//

6
factory.go
View File

@ -1,5 +1,9 @@
package libcontainer
import (
"github.com/docker/libcontainer/configs"
)
type Factory interface {
// Creates a new container with the given id and starts the initial process inside it.
// id must be a string containing only letters, digits and underscores and must contain
@ -17,7 +21,7 @@ type Factory interface {
// Systemerror - System error
//
// On error, any partially created container parts are cleaned up (the operation is atomic).
Create(id string, config *Config) (Container, error)
Create(id string, config *configs.Config) (Container, error)
// Load takes an ID for an existing container and returns the container information
// from the state. This presents a read only view of the container.

4
integration/exec_test.go
View File

@ -5,7 +5,7 @@ import (
"strings"
"testing"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
func TestExecPS(t *testing.T) {
@ -180,7 +180,7 @@ func TestRlimit(t *testing.T) {
}
}
func getNamespaceIndex(config *libcontainer.Config, name string) int {
func getNamespaceIndex(config *configs.Config, name string) int {
for i, v := range config.Namespaces {
if v.Name == name {
return i

14
integration/template_test.go
View File

@ -3,8 +3,8 @@ package integration
import (
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/devices"
)
@ -12,8 +12,8 @@ import (
//
// it uses a network strategy of just setting a loopback interface
// and the default setup for devices
func newTemplateConfig(rootfs string) *libcontainer.Config {
return &libcontainer.Config{
func newTemplateConfig(rootfs string) *configs.Config {
return &configs.Config{
RootFs: rootfs,
Tty: false,
Capabilities: []string{
@ -32,7 +32,7 @@ func newTemplateConfig(rootfs string) *libcontainer.Config {
"KILL",
"AUDIT_WRITE",
},
Namespaces: []libcontainer.Namespace{
Namespaces: []configs.Namespace{
{Name: "NEWNS"},
{Name: "NEWUTS"},
{Name: "NEWIPC"},
@ -45,7 +45,7 @@ func newTemplateConfig(rootfs string) *libcontainer.Config {
AllowedDevices: devices.DefaultAllowedDevices,
},
MountConfig: &libcontainer.MountConfig{
MountConfig: &configs.MountConfig{
DeviceNodes: devices.DefaultAutoCreatedDevices,
},
Hostname: "integration",
@ -55,14 +55,14 @@ func newTemplateConfig(rootfs string) *libcontainer.Config {
"HOSTNAME=integration",
"TERM=xterm",
},
Networks: []*libcontainer.Network{
Networks: []*configs.Network{
{
Type: "loopback",
Address: "127.0.0.1/0",
Gateway: "localhost",
},
},
Rlimits: []libcontainer.Rlimit{
Rlimits: []configs.Rlimit{
{
Type: syscall.RLIMIT_NOFILE,
Hard: uint64(1024),

10
integration/utils_test.go
View File

@ -9,7 +9,7 @@ import (
"os/exec"
"path/filepath"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/namespaces"
)
@ -27,7 +27,7 @@ type stdBuffers struct {
Stderr *bytes.Buffer
}
func writeConfig(config *libcontainer.Config) error {
func writeConfig(config *configs.Config) error {
f, err := os.OpenFile(filepath.Join(config.RootFs, "container.json"), os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0700)
if err != nil {
return err
@ -36,14 +36,14 @@ func writeConfig(config *libcontainer.Config) error {
return json.NewEncoder(f).Encode(config)
}
func loadConfig() (*libcontainer.Config, error) {
func loadConfig() (*configs.Config, error) {
f, err := os.Open(filepath.Join(os.Getenv("data_path"), "container.json"))
if err != nil {
return nil, err
}
defer f.Close()
var container *libcontainer.Config
var container *configs.Config
if err := json.NewDecoder(f).Decode(&container); err != nil {
return nil, err
}
@ -83,7 +83,7 @@ func copyBusybox(dest string) error {
//
// buffers are returned containing the STDOUT and STDERR output for the run
// along with the exit code and any go error
func runContainer(config *libcontainer.Config, console string, args ...string) (buffers *stdBuffers, exitCode int, err error) {
func runContainer(config *configs.Config, console string, args ...string) (buffers *stdBuffers, exitCode int, err error) {
if err := writeConfig(config); err != nil {
return nil, -1, err
}

5
linux_container.go
View File

@ -10,6 +10,7 @@ import (
"path/filepath"
"syscall"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/network"
"github.com/golang/glog"
)
@ -17,7 +18,7 @@ import (
type linuxContainer struct {
id string
root string
config *Config
config *configs.Config
state *State
cgroupManager CgroupManager
initArgs []string
@ -27,7 +28,7 @@ func (c *linuxContainer) ID() string {
return c.id
}
func (c *linuxContainer) Config() *Config {
func (c *linuxContainer) Config() *configs.Config {
return c.config
}

5
linux_container_test.go
View File

@ -6,6 +6,7 @@ import (
"testing"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
)
type mockCgroupManager struct {
@ -24,7 +25,7 @@ func (m *mockCgroupManager) GetStats() (*cgroups.Stats, error) {
func TestGetContainerPids(t *testing.T) {
container := &linuxContainer{
id: "myid",
config: &Config{},
config: &configs.Config{},
cgroupManager: &mockCgroupManager{pids: []int{1, 2, 3}},
}
@ -43,7 +44,7 @@ func TestGetContainerPids(t *testing.T) {
func TestGetContainerStats(t *testing.T) {
container := &linuxContainer{
id: "myid",
config: &Config{},
config: &configs.Config{},
cgroupManager: &mockCgroupManager{
pids: []int{1, 2, 3},
stats: &cgroups.Stats{

8
linux_factory.go
View File

@ -10,6 +10,8 @@ import (
"regexp"
"github.com/golang/glog"
"github.com/docker/libcontainer/configs"
)
const (
@ -43,7 +45,7 @@ type linuxFactory struct {
initArgs []string
}
func (l *linuxFactory) Create(id string, config *Config) (Container, error) {
func (l *linuxFactory) Create(id string, config *configs.Config) (Container, error) {
if l.root == "" {
return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
}
@ -125,7 +127,7 @@ func (l *linuxFactory) Load(id string) (Container, error) {
}, nil
}
func (l *linuxFactory) loadContainerConfig(root string) (*Config, error) {
func (l *linuxFactory) loadContainerConfig(root string) (*configs.Config, error) {
f, err := os.Open(filepath.Join(root, configFilename))
if err != nil {
if os.IsNotExist(err) {
@ -135,7 +137,7 @@ func (l *linuxFactory) loadContainerConfig(root string) (*Config, error) {
}
defer f.Close()
var config *Config
var config *configs.Config
if err := json.NewDecoder(f).Decode(&config); err != nil {
return nil, newGenericError(err, ConfigInvalid)
}

4
linux_factory_test.go
View File

@ -8,6 +8,8 @@ import (
"os"
"path/filepath"
"testing"
"github.com/docker/libcontainer/configs"
)
func newTestRoot() (string, error) {
@ -83,7 +85,7 @@ func TestFactoryLoadContainer(t *testing.T) {
// setup default container config and state for mocking
var (
id = "1"
expectedConfig = &Config{
expectedConfig = &configs.Config{
RootFs: "/mycontainer/root",
}
expectedState = &State{

4
namespaces/create.go
View File

@ -4,7 +4,7 @@ import (
"os"
"os/exec"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
type CreateCommand func(container *libcontainer.Config, console, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd
type CreateCommand func(container *configs.Config, console, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd

9
namespaces/exec.go
View File

@ -13,6 +13,7 @@ import (
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/cgroups/fs"
"github.com/docker/libcontainer/cgroups/systemd"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/network"
"github.com/docker/libcontainer/system"
)
@ -21,7 +22,7 @@ import (
// Move this to libcontainer package.
// Exec performs setup outside of a namespace so that a container can be
// executed. Exec is a high level function for working with container namespaces.
func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Writer, console, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) {
func Exec(container *configs.Config, stdin io.Reader, stdout, stderr io.Writer, console, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) {
var err error
// create a pipe so that we can syncronize with the namespaced process and
@ -122,7 +123,7 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
// root: the path to the container json file and information
// pipe: sync pipe to synchronize the parent and child processes
// args: the arguments to pass to the container to run as the user's program
func DefaultCreateCommand(container *libcontainer.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
func DefaultCreateCommand(container *configs.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
// get our binary name from arg0 so we can always reexec ourself
env := []string{
"console=" + console,
@ -148,7 +149,7 @@ func DefaultCreateCommand(container *libcontainer.Config, console, dataPath, ini
// SetupCgroups applies the cgroup restrictions to the process running in the container based
// on the container's configuration
func SetupCgroups(container *libcontainer.Config, nspid int) (map[string]string, error) {
func SetupCgroups(container *configs.Config, nspid int) (map[string]string, error) {
if container.Cgroups != nil {
c := container.Cgroups
if systemd.UseSystemd() {
@ -161,7 +162,7 @@ func SetupCgroups(container *libcontainer.Config, nspid int) (map[string]string,
// InitializeNetworking creates the container's network stack outside of the namespace and moves
// interfaces into the container's net namespaces if necessary
func InitializeNetworking(container *libcontainer.Config, nspid int, networkState *network.NetworkState) error {
func InitializeNetworking(container *configs.Config, nspid int, networkState *network.NetworkState) error {
for _, config := range container.Networks {
strategy, err := network.GetStrategy(config.Type)
if err != nil {

5
namespaces/execin.go
View File

@ -15,13 +15,14 @@ import (
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/apparmor"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/label"
"github.com/docker/libcontainer/system"
)
// ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the
// setns code in a single threaded environment joining the existing containers' namespaces.
func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath, action string,
func ExecIn(container *configs.Config, state *libcontainer.State, userArgs []string, initPath, action string,
stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
args := []string{fmt.Sprintf("nsenter-%s", action), "--nspid", strconv.Itoa(state.InitPid)}
@ -91,7 +92,7 @@ func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs
// Finalize expects that the setns calls have been setup and that is has joined an
// existing namespace
func FinalizeSetns(container *libcontainer.Config, args []string) error {
func FinalizeSetns(container *configs.Config, args []string) error {
// clear the current processes env and replace it with the environment defined on the container
if err := LoadContainerEnvironment(container); err != nil {
return err

16
namespaces/init.go
View File

@ -10,8 +10,8 @@ import (
"strings"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/apparmor"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/console"
"github.com/docker/libcontainer/label"
"github.com/docker/libcontainer/mount"
@ -30,7 +30,7 @@ import (
// and other options required for the new container.
// The caller of Init function has to ensure that the go runtime is locked to an OS thread
// (using runtime.LockOSThread) else system calls like setns called within Init may not work as intended.
func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, pipe *os.File, args []string) (err error) {
func Init(container *configs.Config, uncleanRootfs, consolePath string, pipe *os.File, args []string) (err error) {
defer func() {
// if we have an error during the initialization of the container's init then send it back to the
// parent process in the form of an initError.
@ -218,7 +218,7 @@ func SetupUser(u string) error {
// setupVethNetwork uses the Network config if it is not nil to initialize
// the new veth interface inside the container for use by changing the name to eth0
// setting the MTU and IP address along with the default gateway
func setupNetwork(container *libcontainer.Config, networkState *network.NetworkState) error {
func setupNetwork(container *configs.Config, networkState *network.NetworkState) error {
for _, config := range container.Networks {
strategy, err := network.GetStrategy(config.Type)
if err != nil {
@ -233,7 +233,7 @@ func setupNetwork(container *libcontainer.Config, networkState *network.NetworkS
return nil
}
func setupRoute(container *libcontainer.Config) error {
func setupRoute(container *configs.Config) error {
for _, config := range container.Routes {
if err := netlink.AddRoute(config.Destination, config.Source, config.Gateway, config.InterfaceName); err != nil {
return err
@ -242,7 +242,7 @@ func setupRoute(container *libcontainer.Config) error {
return nil
}
func setupRlimits(container *libcontainer.Config) error {
func setupRlimits(container *configs.Config) error {
for _, rlimit := range container.Rlimits {
l := &syscall.Rlimit{Max: rlimit.Hard, Cur: rlimit.Soft}
if err := syscall.Setrlimit(rlimit.Type, l); err != nil {
@ -255,7 +255,7 @@ func setupRlimits(container *libcontainer.Config) error {
// FinalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaky file descriptors
// before execing the command inside the namespace
func FinalizeNamespace(container *libcontainer.Config) error {
func FinalizeNamespace(container *configs.Config) error {
// Ensure that all non-standard fds we may have accidentally
// inherited are marked close-on-exec so they stay out of the
// container
@ -295,7 +295,7 @@ func FinalizeNamespace(container *libcontainer.Config) error {
return nil
}
func LoadContainerEnvironment(container *libcontainer.Config) error {
func LoadContainerEnvironment(container *configs.Config) error {
os.Clearenv()
for _, pair := range container.Env {
p := strings.SplitN(pair, "=", 2)
@ -311,7 +311,7 @@ func LoadContainerEnvironment(container *libcontainer.Config) error {
// joinExistingNamespaces gets all the namespace paths specified for the container and
// does a setns on the namespace fd so that the current process joins the namespace.
func joinExistingNamespaces(namespaces []libcontainer.Namespace) error {
func joinExistingNamespaces(namespaces []configs.Namespace) error {
for _, ns := range namespaces {
if ns.Path != "" {
f, err := os.OpenFile(ns.Path, os.O_RDONLY, 0)

4
namespaces/utils.go
View File

@ -6,7 +6,7 @@ import (
"os"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
type initError struct {
@ -37,7 +37,7 @@ func newInitPipe() (parent *os.File, child *os.File, err error) {
// GetNamespaceFlags parses the container's Namespaces options to set the correct
// flags on clone, unshare, and setns
func GetNamespaceFlags(namespaces []libcontainer.Namespace) (flag int) {
func GetNamespaceFlags(namespaces []configs.Namespace) (flag int) {
for _, v := range namespaces {
flag |= namespaceInfo[v.Name]
}

9
nsinit/exec.go
View File

@ -14,6 +14,7 @@ import (
"github.com/codegangsta/cli"
"github.com/docker/docker/pkg/term"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
consolepkg "github.com/docker/libcontainer/console"
"github.com/docker/libcontainer/namespaces"
)
@ -66,7 +67,7 @@ func execAction(context *cli.Context) {
id := fmt.Sprintf("%x", md5.Sum([]byte(dataPath)))
container, err := factory.Load(id)
if err != nil && !os.IsNotExist(err) {
var config *libcontainer.Config
var config *configs.Config
config, err = loadConfig()
if err != nil {
@ -110,7 +111,7 @@ func execAction(context *cli.Context) {
// with the nsenter argument so that the C code can setns an the namespaces that we require. Then that
// code path will drop us into the path that we can do the final setup of the namespace and exec the users
// application.
func startInExistingContainer(config *libcontainer.Config, state *libcontainer.State, action string, context *cli.Context) (int, error) {
func startInExistingContainer(config *configs.Config, state *libcontainer.State, action string, context *cli.Context) (int, error) {
var (
master *os.File
console string
@ -167,7 +168,7 @@ func startInExistingContainer(config *libcontainer.Config, state *libcontainer.S
// error.
//
// Signals sent to the current process will be forwarded to container.
func startContainer(container *libcontainer.Config, dataPath string, args []string) (int, error) {
func startContainer(container *configs.Config, dataPath string, args []string) (int, error) {
var (
cmd *exec.Cmd
sigc = make(chan os.Signal, 10)
@ -175,7 +176,7 @@ func startContainer(container *libcontainer.Config, dataPath string, args []stri
signal.Notify(sigc)
createCommand := func(container *libcontainer.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
createCommand := func(container *configs.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
cmd = namespaces.DefaultCreateCommand(container, console, dataPath, init, pipe, args)
if logPath != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("log=%s", logPath))

8
nsinit/nsenter.go
View File

@ -9,7 +9,7 @@ import (
"strings"
"text/tabwriter"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/devices"
"github.com/docker/libcontainer/mount/nodes"
"github.com/docker/libcontainer/namespaces"
@ -17,7 +17,7 @@ import (
)
// nsenterExec exec's a process inside an existing container
func nsenterExec(config *libcontainer.Config, args []string) {
func nsenterExec(config *configs.Config, args []string) {
if err := namespaces.FinalizeSetns(config, args); err != nil {
log.Fatalf("failed to nsenter: %s", err)
}
@ -26,7 +26,7 @@ func nsenterExec(config *libcontainer.Config, args []string) {
// nsenterMknod runs mknod inside an existing container
//
// mknod <path> <type> <major> <minor>
func nsenterMknod(config *libcontainer.Config, args []string) {
func nsenterMknod(config *configs.Config, args []string) {
if len(args) != 4 {
log.Fatalf("expected mknod to have 4 arguments not %d", len(args))
}
@ -56,7 +56,7 @@ func nsenterMknod(config *libcontainer.Config, args []string) {
}
// nsenterIp displays the network interfaces inside a container's net namespace
func nsenterIp(config *libcontainer.Config, args []string) {
func nsenterIp(config *configs.Config, args []string) {
interfaces, err := net.Interfaces()
if err != nil {
log.Fatal(err)

12
nsinit/utils.go
View File

@ -7,23 +7,23 @@ import (
"path/filepath"
"github.com/codegangsta/cli"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
// rFunc is a function registration for calling after an execin
type rFunc struct {
Usage string
Action func(*libcontainer.Config, []string)
Action func(*configs.Config, []string)
}
func loadConfig() (*libcontainer.Config, error) {
func loadConfig() (*configs.Config, error) {
f, err := os.Open(filepath.Join(dataPath, "container.json"))
if err != nil {
return nil, err
}
defer f.Close()
var container *libcontainer.Config
var container *configs.Config
if err := json.NewDecoder(f).Decode(&container); err != nil {
return nil, err
}
@ -57,11 +57,11 @@ func findUserArgs() []string {
// loadConfigFromFd loads a container's config from the sync pipe that is provided by
// fd 3 when running a process
func loadConfigFromFd() (*libcontainer.Config, error) {
func loadConfigFromFd() (*configs.Config, error) {
pipe := os.NewFile(3, "pipe")
defer pipe.Close()
var config *libcontainer.Config
var config *configs.Config
if err := json.NewDecoder(pipe).Decode(&config); err != nil {
return nil, err
}