func main() {
cf_lager.AddFlags(flag.CommandLine)
flag.Parse()
logger, _ := cf_lager.New("hook")
oldWd, err := os.Getwd()
if err != nil {
panic(err)
}
cwd := path.Dir(os.Args[0])
os.Chdir(cwd)
defer os.Chdir(oldWd)
config, err := process.EnvFromFile("../etc/config")
if err != nil {
panic(fmt.Sprintf("error reading config file in hook: %s", err))
}
runner := &logging.Runner{linux_command_runner.New(), logger}
configurer := network.NewConfigurer(logger.Session("linux_backend: hook.CHILD_AFTER_PIVOT"))
linux_backend.RegisterHooks(hook.DefaultHookSet, runner, config, configurer)
hook.Main(os.Args[1:])
}
}
merged := old.Merge(extra)
Expect(merged.Array()).To(ConsistOf(
"USER=alice",
))
})
})
})
Describe("reading from file", func() {
It("constructs the Env from a file", func() {
cwd, err := os.Getwd()
Expect(err).ToNot(HaveOccurred())
pathToTestFile := filepath.Join(cwd, "test-assets", "sample")
result, err := process.EnvFromFile(pathToTestFile)
Expect(err).ToNot(HaveOccurred())
Expect(result).To(Equal(process.Env{
"key1": "value1",
"key2": "value2",
"key3": "value=3",
}))
})
Context("when reading a bad file path", func() {
It("returns an error", func() {
_, err := process.EnvFromFile("/nosuch")
Expect(err).To(MatchError(MatchRegexp("process: EnvFromFile: .* no such file .*")))
})
})
// initc initializes a newly created container and then execs to become
// the init process
func main() {
if reexec.Init() {
return
}
defer func() {
if r := recover(); r != nil {
fmt.Fprintf(os.Stderr, "initc: panicked: %s\n", r)
os.Exit(4)
}
}()
rootFsPath := flag.String("root", "", "Path for the root file system directory")
configFilePath := flag.String("config", "./etc/config", "Path for the configuration file")
title := flag.String("title", "", "")
cf_lager.AddFlags(flag.CommandLine)
flag.Parse()
if *rootFsPath == "" {
missing("--root")
}
syncReader := os.NewFile(uintptr(3), "/dev/a")
defer syncReader.Close()
syncWriter := os.NewFile(uintptr(4), "/dev/d")
defer syncWriter.Close()
sync := &containerizer.PipeSynchronizer{
Reader: syncReader,
Writer: syncWriter,
}
if err := sync.Wait(2 * time.Minute); err != nil {
fail(fmt.Sprintf("initc: wait for host: %s", err), 8)
}
env, err := process.EnvFromFile(*configFilePath)
if err != nil {
fmt.Fprintf(os.Stderr, "initc: failed to get env from config file: %s\n", err)
os.Exit(3)
}
dropCapabilities := env["root_uid"] != "0"
procMountFlags := syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC
sysMountFlags := syscall.MS_NOSUID | syscall.MS_NODEV | syscall.MS_NOEXEC | syscall.MS_RDONLY
if dropCapabilities {
procMountFlags = procMountFlags | syscall.MS_RDONLY
}
initializer := &system.Initializer{
Steps: []system.StepRunner{
&containerizer.FuncStep{system.Mount{
Type: system.Tmpfs,
Flags: syscall.MS_NODEV,
TargetPath: "/dev/shm",
}.Mount},
&containerizer.FuncStep{system.Mount{
Type: system.Proc,
Flags: procMountFlags,
TargetPath: "/proc",
}.Mount},
&containerizer.FuncStep{system.Mount{
Type: system.Sys,
Flags: sysMountFlags,
TargetPath: "/sys",
}.Mount},
&containerizer.FuncStep{system.Mount{
Type: system.Devpts,
TargetPath: "/dev/pts",
Data: "newinstance,ptmxmode=0666",
}.Mount},
&containerizer.FuncStep{system.Unmount{
Dir: "/tmp/garden-host",
}.Unmount},
&containerizer.FuncStep{func() error {
return setupNetwork(env)
}},
&containerizer.CapabilitiesStep{
Drop: dropCapabilities,
Capabilities: &sys.ProcessCapabilities{Pid: os.Getpid()},
},
},
}
containerizer := containerizer.Containerizer{
RootfsPath: *rootFsPath,
ContainerInitializer: initializer,
Waiter: sync,
Signaller: sync,
}
if err := containerizer.Init(); err != nil {
fail(fmt.Sprintf("failed to init containerizer: %s", err), 2)
}
syscall.RawSyscall(syscall.SYS_FCNTL, uintptr(4), syscall.F_SETFD, 0)
syscall.RawSyscall(syscall.SYS_FCNTL, uintptr(5), syscall.F_SETFD, 0)
if err := syscall.Exec("/proc/self/exe", []string{"initd", fmt.Sprintf("-dropCapabilities=%t", dropCapabilities), fmt.Sprintf("-title=\"%s\"", *title)}, os.Environ()); err != nil {
fail(fmt.Sprintf("failed to reexec: %s", err), 3)
}
}