jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
runc/libcontainer/nsenter
History
Daniel, Dao Quang Minh 7d423cb7a1 setns: replace env with netlink for bootstrap data 
replace passing of pid and console path via environment variable with passing
them with netlink message via an established pipe.

this change requires us to set _LIBCONTAINER_INITTYPE and
_LIBCONTAINER_INITPIPE as the env environment of the bootstrap process as we
only send the bootstrap data for setns process right now. When init and setns
bootstrap process are unified (i.e., init use nsexec instead of Go to clone new
process), we can remove _LIBCONTAINER_INITTYPE.

Note:
- we read nlmsghdr first before reading the content so we can get the total
  length of the payload and allocate buffer properly instead of allocating
  one large buffer.

- check read bytes vs the wanted number. It's an error if we failed to read
  the desired number of bytes from the pipe into the buffer.

Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
 		2015-12-03 18:03:48 +00:00
..
README.md Move libcontainer into subdirectory 2015-06-21 19:29:15 -07:00
nsenter.go Move libcontainer into subdirectory 2015-06-21 19:29:15 -07:00
nsenter_gccgo.go Move libcontainer into subdirectory 2015-06-21 19:29:15 -07:00
nsenter_test.go setns: replace env with netlink for bootstrap data 2015-12-03 18:03:48 +00:00
nsenter_unsupported.go Move libcontainer into subdirectory 2015-06-21 19:29:15 -07:00
nsexec.c setns: replace env with netlink for bootstrap data 2015-12-03 18:03:48 +00:00

README.md

nsenter

The nsenter package registers a special init constructor that is called before the Go runtime has a chance to boot. This provides us the ability to setns on existing namespaces and avoid the issues that the Go runtime has with multiple threads. This constructor will be called if this package is registered, imported, in your go application.

The nsenter package will import "C" and it uses cgo package. In cgo, if the import of "C" is immediately preceded by a comment, that comment, called the preamble, is used as a header when compiling the C parts of the package. So every time we import package nsenter, the C code function nsexec() would be called. And package nsenter is now only imported in Docker execdriver, so every time before we call execdriver.Exec(), that C code would run.

nsexec() will first check the environment variable _LIBCONTAINER_INITPID which will give the process of the container that should be joined. Namespaces fd will be found from /proc/[pid]/ns and set by setns syscall.

And then get the pipe number from _LIBCONTAINER_INITPIPE, error message could be transfered through it. If tty is added, _LIBCONTAINER_CONSOLE_PATH will have value and start a console for output.

Finally, nsexec() will clone a child process , exit the parent process and let the Go runtime take over.