Merge pull request #306 from avagin/api-linux-2

Use namespace.Exec() and namespace.Init() to execute processes in CT
This commit is contained in:
Victor Marmol 2014-12-19 07:44:16 -08:00
commit e1b4ec3363
23 changed files with 205 additions and 297 deletions

View File

@ -1,4 +1,4 @@
package libcontainer
package configs
import (
"github.com/docker/libcontainer/cgroups"

View File

@ -1,4 +1,4 @@
package libcontainer
package configs
import (
"encoding/json"
@ -34,7 +34,7 @@ func containsDevice(expected *devices.Device, values []*devices.Device) bool {
}
func loadConfig(name string) (*Config, error) {
f, err := os.Open(filepath.Join("sample_configs", name))
f, err := os.Open(filepath.Join("../sample_configs", name))
if err != nil {
return nil, err
}

View File

@ -1,4 +1,4 @@
package libcontainer
package configs
import (
"encoding/json"

View File

@ -3,6 +3,10 @@ NOTE: The API is in flux and mainly not implemented. Proceed with caution until
*/
package libcontainer
import (
"github.com/docker/libcontainer/configs"
)
// A libcontainer container object.
//
// Each container is thread-safe within the same process. Since a container can
@ -17,10 +21,10 @@ type Container interface {
// errors:
// ContainerDestroyed - Container no longer exists,
// Systemerror - System error.
RunState() (RunState, error)
RunState() (configs.RunState, error)
// Returns the current config of the container.
Config() *Config
Config() *configs.Config
// Returns the PIDs inside this container. The PIDs are in the namespace of the calling process.
//

View File

@ -1,5 +1,9 @@
package libcontainer
import (
"github.com/docker/libcontainer/configs"
)
type Factory interface {
// Creates a new container with the given id and starts the initial process inside it.
// id must be a string containing only letters, digits and underscores and must contain
@ -17,7 +21,7 @@ type Factory interface {
// Systemerror - System error
//
// On error, any partially created container parts are cleaned up (the operation is atomic).
Create(id string, config *Config) (Container, error)
Create(id string, config *configs.Config) (Container, error)
// Load takes an ID for an existing container and returns the container information
// from the state. This presents a read only view of the container.

View File

@ -5,7 +5,7 @@ import (
"strings"
"testing"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
func TestExecPS(t *testing.T) {
@ -180,7 +180,7 @@ func TestRlimit(t *testing.T) {
}
}
func getNamespaceIndex(config *libcontainer.Config, name string) int {
func getNamespaceIndex(config *configs.Config, name string) int {
for i, v := range config.Namespaces {
if v.Name == name {
return i

View File

@ -16,17 +16,7 @@ func init() {
}
runtime.LockOSThread()
container, err := loadConfig()
if err != nil {
log.Fatal(err)
}
rootfs, err := os.Getwd()
if err != nil {
log.Fatal(err)
}
if err := namespaces.Init(container, rootfs, "", os.NewFile(3, "pipe"), os.Args[3:]); err != nil {
if err := namespaces.Init(os.NewFile(3, "pipe")); err != nil {
log.Fatalf("unable to initialize for container: %s", err)
}
os.Exit(1)

View File

@ -3,8 +3,8 @@ package integration
import (
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/devices"
)
@ -12,8 +12,8 @@ import (
//
// it uses a network strategy of just setting a loopback interface
// and the default setup for devices
func newTemplateConfig(rootfs string) *libcontainer.Config {
return &libcontainer.Config{
func newTemplateConfig(rootfs string) *configs.Config {
return &configs.Config{
RootFs: rootfs,
Tty: false,
Capabilities: []string{
@ -32,7 +32,7 @@ func newTemplateConfig(rootfs string) *libcontainer.Config {
"KILL",
"AUDIT_WRITE",
},
Namespaces: []libcontainer.Namespace{
Namespaces: []configs.Namespace{
{Name: "NEWNS"},
{Name: "NEWUTS"},
{Name: "NEWIPC"},
@ -45,7 +45,7 @@ func newTemplateConfig(rootfs string) *libcontainer.Config {
AllowedDevices: devices.DefaultAllowedDevices,
},
MountConfig: &libcontainer.MountConfig{
MountConfig: &configs.MountConfig{
DeviceNodes: devices.DefaultAutoCreatedDevices,
},
Hostname: "integration",
@ -55,14 +55,14 @@ func newTemplateConfig(rootfs string) *libcontainer.Config {
"HOSTNAME=integration",
"TERM=xterm",
},
Networks: []*libcontainer.Network{
Networks: []*configs.Network{
{
Type: "loopback",
Address: "127.0.0.1/0",
Gateway: "localhost",
},
},
Rlimits: []libcontainer.Rlimit{
Rlimits: []configs.Rlimit{
{
Type: syscall.RLIMIT_NOFILE,
Hard: uint64(1024),

View File

@ -8,9 +8,10 @@ import (
"os"
"os/exec"
"path/filepath"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/namespaces"
"github.com/docker/libcontainer/configs"
)
func newStdBuffers() *stdBuffers {
@ -27,7 +28,7 @@ type stdBuffers struct {
Stderr *bytes.Buffer
}
func writeConfig(config *libcontainer.Config) error {
func writeConfig(config *configs.Config) error {
f, err := os.OpenFile(filepath.Join(config.RootFs, "container.json"), os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0700)
if err != nil {
return err
@ -36,14 +37,14 @@ func writeConfig(config *libcontainer.Config) error {
return json.NewEncoder(f).Encode(config)
}
func loadConfig() (*libcontainer.Config, error) {
func loadConfig() (*configs.Config, error) {
f, err := os.Open(filepath.Join(os.Getenv("data_path"), "container.json"))
if err != nil {
return nil, err
}
defer f.Close()
var container *libcontainer.Config
var container *configs.Config
if err := json.NewDecoder(f).Decode(&container); err != nil {
return nil, err
}
@ -83,13 +84,55 @@ func copyBusybox(dest string) error {
//
// buffers are returned containing the STDOUT and STDERR output for the run
// along with the exit code and any go error
func runContainer(config *libcontainer.Config, console string, args ...string) (buffers *stdBuffers, exitCode int, err error) {
func runContainer(config *configs.Config, console string, args ...string) (buffers *stdBuffers, exitCode int, err error) {
if err := writeConfig(config); err != nil {
return nil, -1, err
}
buffers = newStdBuffers()
exitCode, err = namespaces.Exec(config, buffers.Stdin, buffers.Stdout, buffers.Stderr,
console, config.RootFs, args, namespaces.DefaultCreateCommand, nil)
process := &libcontainer.ProcessConfig{
Args: args,
Env: make([]string, 0),
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
Stderr: buffers.Stderr,
}
factory, err := libcontainer.New(".", []string{os.Args[0], "init", "--"})
if err != nil {
return nil, -1, err
}
container, err := factory.Create("testCT", config)
if err != nil {
return nil, -1, err
}
defer container.Destroy()
pid, err := container.StartProcess(process)
if err != nil {
return nil, -1, err
}
p, err := os.FindProcess(pid)
if err != nil {
return nil, -1, err
}
ps, err := p.Wait()
if err != nil {
return nil, -1, err
}
status := ps.Sys().(syscall.WaitStatus)
if status.Exited() {
exitCode = status.ExitStatus()
} else if status.Signaled() {
exitCode = -int(status.Signal())
} else {
return nil, -1, err
}
return
}

View File

@ -10,6 +10,8 @@ import (
"path/filepath"
"syscall"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/namespaces"
"github.com/docker/libcontainer/network"
"github.com/golang/glog"
)
@ -17,8 +19,8 @@ import (
type linuxContainer struct {
id string
root string
config *Config
state *State
config *configs.Config
state *configs.State
cgroupManager CgroupManager
initArgs []string
}
@ -27,12 +29,12 @@ func (c *linuxContainer) ID() string {
return c.id
}
func (c *linuxContainer) Config() *Config {
func (c *linuxContainer) Config() *configs.Config {
return c.config
}
func (c *linuxContainer) RunState() (RunState, error) {
return Destroyed, nil // FIXME return a real state
func (c *linuxContainer) RunState() (configs.RunState, error) {
return configs.Destroyed, nil // FIXME return a real state
}
func (c *linuxContainer) Processes() ([]int, error) {
@ -60,18 +62,18 @@ func (c *linuxContainer) Stats() (*ContainerStats, error) {
return stats, nil
}
func (c *linuxContainer) StartProcess(config *ProcessConfig) (int, error) {
func (c *linuxContainer) StartProcess(pconfig *ProcessConfig) (int, error) {
state, err := c.RunState()
if err != nil {
return -1, err
}
if state != Destroyed {
if state != configs.Destroyed {
glog.Info("start new container process")
panic("not implemented")
}
if err := c.startInitProcess(config); err != nil {
if err := c.startInitProcess(pconfig); err != nil {
return -1, err
}
@ -79,20 +81,16 @@ func (c *linuxContainer) StartProcess(config *ProcessConfig) (int, error) {
}
func (c *linuxContainer) updateStateFile() error {
data, err := json.MarshalIndent(c.state, "", "\t")
if err != nil {
return newGenericError(err, SystemError)
}
fnew := filepath.Join(c.root, fmt.Sprintf("%s.new", stateFilename))
f, err := os.Create(fnew)
if err != nil {
return newGenericError(err, SystemError)
}
_, err = f.Write(data)
err = json.NewEncoder(f).Encode(c.state)
if err != nil {
f.Close()
os.Remove(fnew)
return newGenericError(err, SystemError)
}
f.Close()
@ -118,16 +116,17 @@ func (c *linuxContainer) startInitProcess(config *ProcessConfig) error {
cmd.SysProcAttr = &syscall.SysProcAttr{}
}
cmd.SysProcAttr.Cloneflags = uintptr(namespaces.GetNamespaceFlags(c.config.Namespaces))
cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
//FIXME call namespaces.Exec()
if err := cmd.Start(); err != nil {
err := namespaces.Exec(config.Args, config.Env, cmd, c.config, c.state)
if err != nil {
return err
}
c.state.InitPid = cmd.Process.Pid
err := c.updateStateFile()
err = c.updateStateFile()
if err != nil {
// FIXME c.Kill()
return err
}
@ -140,7 +139,7 @@ func (c *linuxContainer) Destroy() error {
return err
}
if state != Destroyed {
if state != configs.Destroyed {
return newGenericError(nil, ContainerNotStopped)
}

View File

@ -6,6 +6,7 @@ import (
"testing"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
)
type mockCgroupManager struct {
@ -24,7 +25,7 @@ func (m *mockCgroupManager) GetStats() (*cgroups.Stats, error) {
func TestGetContainerPids(t *testing.T) {
container := &linuxContainer{
id: "myid",
config: &Config{},
config: &configs.Config{},
cgroupManager: &mockCgroupManager{pids: []int{1, 2, 3}},
}
@ -43,7 +44,7 @@ func TestGetContainerPids(t *testing.T) {
func TestGetContainerStats(t *testing.T) {
container := &linuxContainer{
id: "myid",
config: &Config{},
config: &configs.Config{},
cgroupManager: &mockCgroupManager{
pids: []int{1, 2, 3},
stats: &cgroups.Stats{
@ -52,7 +53,7 @@ func TestGetContainerStats(t *testing.T) {
},
},
},
state: &State{},
state: &configs.State{},
}
stats, err := container.Stats()

View File

@ -10,6 +10,9 @@ import (
"regexp"
"github.com/golang/glog"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/namespaces"
)
const (
@ -43,7 +46,7 @@ type linuxFactory struct {
initArgs []string
}
func (l *linuxFactory) Create(id string, config *Config) (Container, error) {
func (l *linuxFactory) Create(id string, config *configs.Config) (Container, error) {
if l.root == "" {
return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
}
@ -91,7 +94,7 @@ func (l *linuxFactory) Create(id string, config *Config) (Container, error) {
root: containerRoot,
config: config,
initArgs: l.initArgs,
state: &State{},
state: &configs.State{},
cgroupManager: cgroupManager,
}, nil
}
@ -125,7 +128,7 @@ func (l *linuxFactory) Load(id string) (Container, error) {
}, nil
}
func (l *linuxFactory) loadContainerConfig(root string) (*Config, error) {
func (l *linuxFactory) loadContainerConfig(root string) (*configs.Config, error) {
f, err := os.Open(filepath.Join(root, configFilename))
if err != nil {
if os.IsNotExist(err) {
@ -135,14 +138,14 @@ func (l *linuxFactory) loadContainerConfig(root string) (*Config, error) {
}
defer f.Close()
var config *Config
var config *configs.Config
if err := json.NewDecoder(f).Decode(&config); err != nil {
return nil, newGenericError(err, ConfigInvalid)
}
return config, nil
}
func (l *linuxFactory) loadContainerState(root string) (*State, error) {
func (l *linuxFactory) loadContainerState(root string) (*configs.State, error) {
f, err := os.Open(filepath.Join(root, stateFilename))
if err != nil {
if os.IsNotExist(err) {
@ -152,7 +155,7 @@ func (l *linuxFactory) loadContainerState(root string) (*State, error) {
}
defer f.Close()
var state *State
var state *configs.State
if err := json.NewDecoder(f).Decode(&state); err != nil {
return nil, newGenericError(err, SystemError)
}
@ -162,7 +165,7 @@ func (l *linuxFactory) loadContainerState(root string) (*State, error) {
// StartInitialization loads a container by opening the pipe fd from the parent to read the configuration and state
// This is a low level implementation detail of the reexec and should not be consumed externally
func (f *linuxFactory) StartInitialization(pipefd uintptr) (err error) {
pipe := os.NewFile(uintptr(pipefd), "pipe")
/* FIXME call namespaces.Init() */
return nil
return namespaces.Init(pipe)
}

View File

@ -8,6 +8,8 @@ import (
"os"
"path/filepath"
"testing"
"github.com/docker/libcontainer/configs"
)
func newTestRoot() (string, error) {
@ -83,10 +85,10 @@ func TestFactoryLoadContainer(t *testing.T) {
// setup default container config and state for mocking
var (
id = "1"
expectedConfig = &Config{
expectedConfig = &configs.Config{
RootFs: "/mycontainer/root",
}
expectedState = &State{
expectedState = &configs.State{
InitPid: 1024,
}
)

View File

@ -4,7 +4,7 @@ import (
"os"
"os/exec"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
type CreateCommand func(container *libcontainer.Config, console, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd
type CreateCommand func(container *configs.Config, console, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd

View File

@ -9,10 +9,10 @@ import (
"os/exec"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/cgroups/fs"
"github.com/docker/libcontainer/cgroups/systemd"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/network"
"github.com/docker/libcontainer/system"
)
@ -21,36 +21,45 @@ import (
// Move this to libcontainer package.
// Exec performs setup outside of a namespace so that a container can be
// executed. Exec is a high level function for working with container namespaces.
func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Writer, console, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) {
func Exec(args []string, env []string, command *exec.Cmd, container *configs.Config, state *configs.State) error {
var err error
// create a pipe so that we can syncronize with the namespaced process and
// pass the state and configuration to the child process
parent, child, err := newInitPipe()
if err != nil {
return -1, err
return err
}
defer parent.Close()
command := createCommand(container, console, dataPath, os.Args[0], child, args)
// Note: these are only used in non-tty mode
// if there is a tty for the container it will be opened within the namespace and the
// fds will be duped to stdin, stdiout, and stderr
command.Stdin = stdin
command.Stdout = stdout
command.Stderr = stderr
command.ExtraFiles = []*os.File{child}
command.Dir = container.RootFs
if err := command.Start(); err != nil {
child.Close()
return -1, err
return err
}
child.Close()
terminate := func(terr error) (int, error) {
terminate := func(terr error) error {
// TODO: log the errors for kill and wait
command.Process.Kill()
command.Wait()
return -1, terr
return terr
}
encoder := json.NewEncoder(parent)
if err := encoder.Encode(container); err != nil {
return terminate(err)
}
process := processArgs{
Env: append(env[0:], container.Env...),
Args: args,
}
if err := encoder.Encode(process); err != nil {
return terminate(err)
}
started, err := system.GetProcessStartTime(command.Process.Pid)
@ -71,7 +80,7 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
return terminate(err)
}
// send the state to the container's init process then shutdown writes for the parent
if err := json.NewEncoder(parent).Encode(networkState); err != nil {
if err := encoder.Encode(networkState); err != nil {
return terminate(err)
}
// shutdown writes for the parent side of the pipe
@ -79,18 +88,6 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
return terminate(err)
}
state := &libcontainer.State{
InitPid: command.Process.Pid,
InitStartTime: started,
NetworkState: networkState,
CgroupPaths: cgroupPaths,
}
if err := libcontainer.SaveState(dataPath, state); err != nil {
return terminate(err)
}
defer libcontainer.DeleteState(dataPath)
// wait for the child process to fully complete and receive an error message
// if one was encoutered
var ierr *initError
@ -101,16 +98,12 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
return terminate(ierr)
}
if startCallback != nil {
startCallback()
}
state.InitPid = command.Process.Pid
state.InitStartTime = started
state.NetworkState = networkState
state.CgroupPaths = cgroupPaths
if err := command.Wait(); err != nil {
if _, ok := err.(*exec.ExitError); !ok {
return -1, err
}
}
return command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil
return nil
}
// DefaultCreateCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces
@ -122,7 +115,7 @@ func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Wri
// root: the path to the container json file and information
// pipe: sync pipe to synchronize the parent and child processes
// args: the arguments to pass to the container to run as the user's program
func DefaultCreateCommand(container *libcontainer.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
func DefaultCreateCommand(container *configs.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
// get our binary name from arg0 so we can always reexec ourself
env := []string{
"console=" + console,
@ -148,7 +141,7 @@ func DefaultCreateCommand(container *libcontainer.Config, console, dataPath, ini
// SetupCgroups applies the cgroup restrictions to the process running in the container based
// on the container's configuration
func SetupCgroups(container *libcontainer.Config, nspid int) (map[string]string, error) {
func SetupCgroups(container *configs.Config, nspid int) (map[string]string, error) {
if container.Cgroups != nil {
c := container.Cgroups
if systemd.UseSystemd() {
@ -161,7 +154,7 @@ func SetupCgroups(container *libcontainer.Config, nspid int) (map[string]string,
// InitializeNetworking creates the container's network stack outside of the namespace and moves
// interfaces into the container's net namespaces if necessary
func InitializeNetworking(container *libcontainer.Config, nspid int, networkState *network.NetworkState) error {
func InitializeNetworking(container *configs.Config, nspid int, networkState *network.NetworkState) error {
for _, config := range container.Networks {
strategy, err := network.GetStrategy(config.Type)
if err != nil {

View File

@ -12,16 +12,16 @@ import (
"strconv"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/apparmor"
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/label"
"github.com/docker/libcontainer/system"
)
// ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the
// setns code in a single threaded environment joining the existing containers' namespaces.
func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath, action string,
func ExecIn(container *configs.Config, state *configs.State, userArgs []string, initPath, action string,
stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
args := []string{fmt.Sprintf("nsenter-%s", action), "--nspid", strconv.Itoa(state.InitPid)}
@ -91,7 +91,7 @@ func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs
// Finalize expects that the setns calls have been setup and that is has joined an
// existing namespace
func FinalizeSetns(container *libcontainer.Config, args []string) error {
func FinalizeSetns(container *configs.Config, args []string) error {
// clear the current processes env and replace it with the environment defined on the container
if err := LoadContainerEnvironment(container); err != nil {
return err
@ -118,6 +118,6 @@ func FinalizeSetns(container *libcontainer.Config, args []string) error {
panic("unreachable")
}
func EnterCgroups(state *libcontainer.State, pid int) error {
func EnterCgroups(state *configs.State, pid int) error {
return cgroups.EnterPid(state.CgroupPaths, pid)
}

View File

@ -10,8 +10,8 @@ import (
"strings"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/apparmor"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/console"
"github.com/docker/libcontainer/label"
"github.com/docker/libcontainer/mount"
@ -24,13 +24,20 @@ import (
"github.com/docker/libcontainer/utils"
)
// Process is used for transferring parameters from Exec() to Init()
type processArgs struct {
Args []string `json:"args,omitempty"`
Env []string `json:"environment,omitempty"`
ConsolePath string `json:"console_path,omitempty"`
}
// TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work.
// Move this to libcontainer package.
// Init is the init process that first runs inside a new namespace to setup mounts, users, networking,
// and other options required for the new container.
// The caller of Init function has to ensure that the go runtime is locked to an OS thread
// (using runtime.LockOSThread) else system calls like setns called within Init may not work as intended.
func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, pipe *os.File, args []string) (err error) {
func Init(pipe *os.File) (err error) {
defer func() {
// if we have an error during the initialization of the container's init then send it back to the
// parent process in the form of an initError.
@ -48,6 +55,23 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, pip
pipe.Close()
}()
decoder := json.NewDecoder(pipe)
var container *configs.Config
if err := decoder.Decode(&container); err != nil {
return err
}
var process *processArgs
if err := decoder.Decode(&process); err != nil {
return err
}
uncleanRootfs, err := os.Getwd()
if err != nil {
return err
}
rootfs, err := utils.ResolveRootfs(uncleanRootfs)
if err != nil {
return err
@ -61,22 +85,22 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, pip
// We always read this as it is a way to sync with the parent as well
var networkState *network.NetworkState
if err := json.NewDecoder(pipe).Decode(&networkState); err != nil {
if err := decoder.Decode(&networkState); err != nil {
return err
}
// join any namespaces via a path to the namespace fd if provided
if err := joinExistingNamespaces(container.Namespaces); err != nil {
return err
}
if consolePath != "" {
if err := console.OpenAndDup(consolePath); err != nil {
if process.ConsolePath != "" {
if err := console.OpenAndDup(process.ConsolePath); err != nil {
return err
}
}
if _, err := syscall.Setsid(); err != nil {
return fmt.Errorf("setsid %s", err)
}
if consolePath != "" {
if process.ConsolePath != "" {
if err := system.Setctty(); err != nil {
return fmt.Errorf("setctty %s", err)
}
@ -96,7 +120,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, pip
label.Init()
if err := mount.InitializeMountNamespace(rootfs,
consolePath,
process.ConsolePath,
container.RestrictSys,
(*mount.MountConfig)(container.MountConfig)); err != nil {
return fmt.Errorf("setup mount namespace %s", err)
@ -138,7 +162,7 @@ func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, pip
return fmt.Errorf("restore parent death signal %s", err)
}
return system.Execv(args[0], args[0:], os.Environ())
return system.Execv(process.Args[0], process.Args[0:], process.Env)
}
// RestoreParentDeathSignal sets the parent death signal to old.
@ -218,7 +242,7 @@ func SetupUser(u string) error {
// setupVethNetwork uses the Network config if it is not nil to initialize
// the new veth interface inside the container for use by changing the name to eth0
// setting the MTU and IP address along with the default gateway
func setupNetwork(container *libcontainer.Config, networkState *network.NetworkState) error {
func setupNetwork(container *configs.Config, networkState *network.NetworkState) error {
for _, config := range container.Networks {
strategy, err := network.GetStrategy(config.Type)
if err != nil {
@ -233,7 +257,7 @@ func setupNetwork(container *libcontainer.Config, networkState *network.NetworkS
return nil
}
func setupRoute(container *libcontainer.Config) error {
func setupRoute(container *configs.Config) error {
for _, config := range container.Routes {
if err := netlink.AddRoute(config.Destination, config.Source, config.Gateway, config.InterfaceName); err != nil {
return err
@ -242,7 +266,7 @@ func setupRoute(container *libcontainer.Config) error {
return nil
}
func setupRlimits(container *libcontainer.Config) error {
func setupRlimits(container *configs.Config) error {
for _, rlimit := range container.Rlimits {
l := &syscall.Rlimit{Max: rlimit.Hard, Cur: rlimit.Soft}
if err := syscall.Setrlimit(rlimit.Type, l); err != nil {
@ -255,7 +279,7 @@ func setupRlimits(container *libcontainer.Config) error {
// FinalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaky file descriptors
// before execing the command inside the namespace
func FinalizeNamespace(container *libcontainer.Config) error {
func FinalizeNamespace(container *configs.Config) error {
// Ensure that all non-standard fds we may have accidentally
// inherited are marked close-on-exec so they stay out of the
// container
@ -295,7 +319,7 @@ func FinalizeNamespace(container *libcontainer.Config) error {
return nil
}
func LoadContainerEnvironment(container *libcontainer.Config) error {
func LoadContainerEnvironment(container *configs.Config) error {
os.Clearenv()
for _, pair := range container.Env {
p := strings.SplitN(pair, "=", 2)
@ -311,7 +335,7 @@ func LoadContainerEnvironment(container *libcontainer.Config) error {
// joinExistingNamespaces gets all the namespace paths specified for the container and
// does a setns on the namespace fd so that the current process joins the namespace.
func joinExistingNamespaces(namespaces []libcontainer.Namespace) error {
func joinExistingNamespaces(namespaces []configs.Namespace) error {
for _, ns := range namespaces {
if ns.Path != "" {
f, err := os.OpenFile(ns.Path, os.O_RDONLY, 0)

View File

@ -6,7 +6,7 @@ import (
"os"
"syscall"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
type initError struct {
@ -37,7 +37,7 @@ func newInitPipe() (parent *os.File, child *os.File, err error) {
// GetNamespaceFlags parses the container's Namespaces options to set the correct
// flags on clone, unshare, and setns
func GetNamespaceFlags(namespaces []libcontainer.Namespace) (flag int) {
func GetNamespaceFlags(namespaces []configs.Namespace) (flag int) {
for _, v := range namespaces {
flag |= namespaceInfo[v.Name]
}

View File

@ -3,19 +3,14 @@ package main
import (
"crypto/md5"
"fmt"
"io"
"log"
"os"
"os/exec"
"os/signal"
"syscall"
"text/tabwriter"
"github.com/codegangsta/cli"
"github.com/docker/docker/pkg/term"
"github.com/docker/libcontainer"
consolepkg "github.com/docker/libcontainer/console"
"github.com/docker/libcontainer/namespaces"
"github.com/docker/libcontainer/configs"
)
var (
@ -66,7 +61,7 @@ func execAction(context *cli.Context) {
id := fmt.Sprintf("%x", md5.Sum([]byte(dataPath)))
container, err := factory.Load(id)
if err != nil && !os.IsNotExist(err) {
var config *libcontainer.Config
var config *configs.Config
config, err = loadConfig()
if err != nil {
@ -105,144 +100,3 @@ func execAction(context *cli.Context) {
os.Exit(exitCode)
}
// the process for execing a new process inside an existing container is that we have to exec ourself
// with the nsenter argument so that the C code can setns an the namespaces that we require. Then that
// code path will drop us into the path that we can do the final setup of the namespace and exec the users
// application.
func startInExistingContainer(config *libcontainer.Config, state *libcontainer.State, action string, context *cli.Context) (int, error) {
var (
master *os.File
console string
err error
sigc = make(chan os.Signal, 10)
stdin = os.Stdin
stdout = os.Stdout
stderr = os.Stderr
)
signal.Notify(sigc)
if config.Tty {
stdin = nil
stdout = nil
stderr = nil
master, console, err = consolepkg.CreateMasterAndConsole()
if err != nil {
return -1, err
}
go io.Copy(master, os.Stdin)
go io.Copy(os.Stdout, master)
state, err := term.SetRawTerminal(os.Stdin.Fd())
if err != nil {
return -1, err
}
defer term.RestoreTerminal(os.Stdin.Fd(), state)
}
startCallback := func(cmd *exec.Cmd) {
go func() {
resizeTty(master)
for sig := range sigc {
switch sig {
case syscall.SIGWINCH:
resizeTty(master)
default:
cmd.Process.Signal(sig)
}
}
}()
}
return namespaces.ExecIn(config, state, context.Args(), os.Args[0], action, stdin, stdout, stderr, console, startCallback)
}
// startContainer starts the container. Returns the exit status or -1 and an
// error.
//
// Signals sent to the current process will be forwarded to container.
func startContainer(container *libcontainer.Config, dataPath string, args []string) (int, error) {
var (
cmd *exec.Cmd
sigc = make(chan os.Signal, 10)
)
signal.Notify(sigc)
createCommand := func(container *libcontainer.Config, console, dataPath, init string, pipe *os.File, args []string) *exec.Cmd {
cmd = namespaces.DefaultCreateCommand(container, console, dataPath, init, pipe, args)
if logPath != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("log=%s", logPath))
}
return cmd
}
var (
master *os.File
console string
err error
stdin = os.Stdin
stdout = os.Stdout
stderr = os.Stderr
)
if container.Tty {
stdin = nil
stdout = nil
stderr = nil
master, console, err = consolepkg.CreateMasterAndConsole()
if err != nil {
return -1, err
}
go io.Copy(master, os.Stdin)
go io.Copy(os.Stdout, master)
state, err := term.SetRawTerminal(os.Stdin.Fd())
if err != nil {
return -1, err
}
defer term.RestoreTerminal(os.Stdin.Fd(), state)
}
startCallback := func() {
go func() {
resizeTty(master)
for sig := range sigc {
switch sig {
case syscall.SIGWINCH:
resizeTty(master)
default:
cmd.Process.Signal(sig)
}
}
}()
}
return namespaces.Exec(container, stdin, stdout, stderr, console, dataPath, args, createCommand, startCallback)
}
func resizeTty(master *os.File) {
if master == nil {
return
}
ws, err := term.GetWinsize(os.Stdin.Fd())
if err != nil {
return
}
if err := term.SetWinsize(master.Fd(), ws); err != nil {
return
}
}

View File

@ -1,9 +1,7 @@
package main
import (
"github.com/docker/libcontainer/system"
"log"
"os"
"github.com/codegangsta/cli"
"github.com/docker/libcontainer"
@ -36,9 +34,5 @@ func initAction(context *cli.Context) {
log.Fatal(err)
}
args := []string(context.Args())
if err := system.Execv(args[0], args[0:], os.Environ()); err != nil {
log.Fatal(err)
}
panic("This line should never been executed")
}

View File

@ -9,7 +9,7 @@ import (
"strings"
"text/tabwriter"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/devices"
"github.com/docker/libcontainer/mount/nodes"
"github.com/docker/libcontainer/namespaces"
@ -17,7 +17,7 @@ import (
)
// nsenterExec exec's a process inside an existing container
func nsenterExec(config *libcontainer.Config, args []string) {
func nsenterExec(config *configs.Config, args []string) {
if err := namespaces.FinalizeSetns(config, args); err != nil {
log.Fatalf("failed to nsenter: %s", err)
}
@ -26,7 +26,7 @@ func nsenterExec(config *libcontainer.Config, args []string) {
// nsenterMknod runs mknod inside an existing container
//
// mknod <path> <type> <major> <minor>
func nsenterMknod(config *libcontainer.Config, args []string) {
func nsenterMknod(config *configs.Config, args []string) {
if len(args) != 4 {
log.Fatalf("expected mknod to have 4 arguments not %d", len(args))
}
@ -56,7 +56,7 @@ func nsenterMknod(config *libcontainer.Config, args []string) {
}
// nsenterIp displays the network interfaces inside a container's net namespace
func nsenterIp(config *libcontainer.Config, args []string) {
func nsenterIp(config *configs.Config, args []string) {
interfaces, err := net.Interfaces()
if err != nil {
log.Fatal(err)

View File

@ -7,23 +7,23 @@ import (
"path/filepath"
"github.com/codegangsta/cli"
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/configs"
)
// rFunc is a function registration for calling after an execin
type rFunc struct {
Usage string
Action func(*libcontainer.Config, []string)
Action func(*configs.Config, []string)
}
func loadConfig() (*libcontainer.Config, error) {
func loadConfig() (*configs.Config, error) {
f, err := os.Open(filepath.Join(dataPath, "container.json"))
if err != nil {
return nil, err
}
defer f.Close()
var container *libcontainer.Config
var container *configs.Config
if err := json.NewDecoder(f).Decode(&container); err != nil {
return nil, err
}
@ -57,11 +57,11 @@ func findUserArgs() []string {
// loadConfigFromFd loads a container's config from the sync pipe that is provided by
// fd 3 when running a process
func loadConfigFromFd() (*libcontainer.Config, error) {
func loadConfigFromFd() (*configs.Config, error) {
pipe := os.NewFile(3, "pipe")
defer pipe.Close()
var config *libcontainer.Config
var config *configs.Config
if err := json.NewDecoder(pipe).Decode(&config); err != nil {
return nil, err
}

View File

@ -17,11 +17,8 @@ type ProcessConfig struct {
// If a reader or writer is nil, the input stream is assumed to be empty and the output is
// discarded.
//
// The readers and writers, if supplied, are closed when the process terminates. Their Close
// methods should be idempotent.
//
// Stdout and Stderr may refer to the same writer in which case the output is interspersed.
Stdin io.ReadCloser
Stdout io.WriteCloser
Stderr io.WriteCloser
Stdin io.Reader
Stdout io.Writer
Stderr io.Writer
}