Golang Container.SecretMountPath Exemples

Langage de programmation: Golang

Espace de nommage/Pack: github.com/docker/docker/container

Class/Type: Container

Méthode/Fonction: SecretMountPath

Exemples au hotexamples.com: 1

Golang Container.SecretMountPath - 1 exemples trouvés. Ce sont les exemples réels les mieux notés de github.com/docker/docker/container.Container.SecretMountPath extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

Lock(26)

Unlock(26)

ToDiskLocking(19)

IsRunning(12)

SetupWorkingDirectory(11)

ToDisk(11)

GetEndpointInNetwork(10)

CreateDaemonEnvironment(8)

WriteHostConfig(7)

GetResourcePath(7)

GetMountLabel(7)

FullHostname(7)

HostConfig(7)

WaitStop(7)

TmpfsMounts(6)

NetworkSettings(6)

UpdateSandboxNetworkSettings(6)

BuildCreateEndpointOptions(6)

GetProcessLabel(6)

UpdateJoinInfo(6)

ExitCode(6)

UnmountVolumes(6)

BuildJoinOptions(5)

IpcMounts(5)

ResolvConfPath(4)

RWLayer(4)

UnmountIpcMounts(4)

SeccompProfile(4)

HostnamePath(4)

HostsPath(4)

SetError(4)

AddMountPointWithVolume(4)

DetachAndUnmount(4)

CopyImagePathContent(3)

NewInputPipes(3)

StartLogger(3)

ShmResourcePath(3)

SetExitCode(3)

Command(3)

TrySetNetworkMount(3)

ExitOnNext(3)

RestartManager(3)

GetExecIDs(3)

GetLogConfig(3)

Paused(3)

NewNopInputPipe(3)

Reset(3)

GetPID(3)

GetRootResourcePath(3)

IsDestinationMounted(3)

Méthodes fréquemment utilisées

Lock (26)

Unlock (26)

ToDiskLocking (19)

IsRunning (12)

SetupWorkingDirectory (11)

ToDisk (11)

GetEndpointInNetwork (10)

CreateDaemonEnvironment (8)

WriteHostConfig (7)

GetResourcePath (7)

Méthodes fréquemment utilisées

GetMountLabel (7)

FullHostname (7)

HostConfig (7)

WaitStop (7)

TmpfsMounts (6)

NetworkSettings (6)

UpdateSandboxNetworkSettings (6)

BuildCreateEndpointOptions (6)

GetProcessLabel (6)

UpdateJoinInfo (6)

ExitCode (6)

UnmountVolumes (6)

BuildJoinOptions (5)

IpcMounts (5)

ResolvConfPath (4)

RWLayer (4)

UnmountIpcMounts (4)

SeccompProfile (4)

HostnamePath (4)

HostsPath (4)

Méthodes fréquemment utilisées

ExitCode (6)

UnmountVolumes (6)

BuildJoinOptions (5)

IpcMounts (5)

ResolvConfPath (4)

RWLayer (4)

UnmountIpcMounts (4)

SeccompProfile (4)

HostnamePath (4)

HostsPath (4)

SetError (4)

AddMountPointWithVolume (4)

DetachAndUnmount (4)

CopyImagePathContent (3)

NewInputPipes (3)

StartLogger (3)

ShmResourcePath (3)

SetExitCode (3)

Command (3)

TrySetNetworkMount (3)

ExitOnNext (3)

RestartManager (3)

GetExecIDs (3)

GetLogConfig (3)

Paused (3)

NewNopInputPipe (3)

Reset (3)

GetPID (3)

GetRootResourcePath (3)

IsDestinationMounted (3)

Méthodes fréquemment utilisées

SetError (4)

AddMountPointWithVolume (4)

DetachAndUnmount (4)

CopyImagePathContent (3)

NewInputPipes (3)

StartLogger (3)

ShmResourcePath (3)

SetExitCode (3)

Command (3)

TrySetNetworkMount (3)

ExitOnNext (3)

RestartManager (3)

GetExecIDs (3)

GetLogConfig (3)

Paused (3)

NewNopInputPipe (3)

Reset (3)

GetPID (3)

GetRootResourcePath (3)

IsDestinationMounted (3)

MountPoints (3)

BuildHostnameFile (3)

NetworkMounts (3)

StderrPipe (2)

ConfigPath (2)

StatPath (2)

StartMonitor (2)

Attach (2)

ShmPath (2)

BaseFS (2)

SetStoppedLocking (2)

HasBeenManuallyStopped (2)

HasMountFor (2)

SetDead (2)

ResolvePath (2)

CheckpointDir (2)

StopSignal (2)

CancelAttachContext (2)

AppArmorProfile (2)

NoNewPrivileges (2)

Exemple #1

0

Afficher le fichier

Fichier : container_operations_unix.go Projet : harche/docker

func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { if len(c.SecretReferences) == 0 { return nil } localMountPath := c.SecretMountPath() logrus.Debugf("secrets: setting up secret dir: %s", localMountPath) defer func() { if setupErr != nil { // cleanup _ = detachMounted(localMountPath) if err := os.RemoveAll(localMountPath); err != nil { log.Errorf("error cleaning up secret mount: %s", err) } } }() // retrieve possible remapped range start for root UID, GID rootUID, rootGID := daemon.GetRemappedUIDGID() // create tmpfs if err := idtools.MkdirAllAs(localMountPath, 0700, rootUID, rootGID); err != nil { return errors.Wrap(err, "error creating secret local mount path") } tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootUID, rootGID) if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "nodev,nosuid,noexec,"+tmpfsOwnership); err != nil { return errors.Wrap(err, "unable to setup secret mount") } for _, s := range c.SecretReferences { if c.SecretStore == nil { return fmt.Errorf("secret store is not initialized") } // TODO (ehazlett): use type switch when more are supported if s.File == nil { return fmt.Errorf("secret target type is not a file target") } targetPath := filepath.Clean(s.File.Name) // ensure that the target is a filename only; no paths allowed if targetPath != filepath.Base(targetPath) { return fmt.Errorf("error creating secret: secret must not be a path") } fPath := filepath.Join(localMountPath, targetPath) if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil { return errors.Wrap(err, "error creating secret mount path") } logrus.WithFields(logrus.Fields{ "name": s.File.Name, "path": fPath, }).Debug("injecting secret") secret := c.SecretStore.Get(s.SecretID) if secret == nil { return fmt.Errorf("unable to get secret from secret store") } if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil { return errors.Wrap(err, "error injecting secret") } uid, err := strconv.Atoi(s.File.UID) if err != nil { return err } gid, err := strconv.Atoi(s.File.GID) if err != nil { return err } if err := os.Chown(fPath, rootUID+uid, rootGID+gid); err != nil { return errors.Wrap(err, "error setting ownership for secret") } } // remount secrets ro if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil { return errors.Wrap(err, "unable to remount secret dir as readonly") } return nil }