Exemple #1
0
func populateCommand(c *Container, env []string) {
	var (
		en      *execdriver.Network
		context = make(map[string][]string)
	)
	context["process_label"] = []string{c.GetProcessLabel()}
	context["mount_label"] = []string{c.GetMountLabel()}

	en = &execdriver.Network{
		Mtu:       c.daemon.config.Mtu,
		Interface: nil,
	}

	if !c.Config.NetworkDisabled {
		network := c.NetworkSettings
		en.Interface = &execdriver.NetworkInterface{
			Gateway:     network.Gateway,
			Bridge:      network.Bridge,
			IPAddress:   network.IPAddress,
			IPPrefixLen: network.IPPrefixLen,
		}
	}

	// TODO: this can be removed after lxc-conf is fully deprecated
	mergeLxcConfIntoOptions(c.hostConfig, context)

	resources := &execdriver.Resources{
		Memory:     c.Config.Memory,
		MemorySwap: c.Config.MemorySwap,
		CpuShares:  c.Config.CpuShares,
	}
	c.command = &execdriver.Command{
		ID:         c.ID,
		Privileged: c.hostConfig.Privileged,
		Rootfs:     c.RootfsPath(),
		InitPath:   "/.dockerinit",
		Entrypoint: c.Path,
		Arguments:  c.Args,
		WorkingDir: c.Config.WorkingDir,
		Network:    en,
		Tty:        c.Config.Tty,
		User:       c.Config.User,
		Config:     context,
		Resources:  resources,
	}
	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
	c.command.Env = env
}
Exemple #2
0
func populateCommand(c *Container, env []string) error {
	var (
		en      *execdriver.Network
		context = make(map[string][]string)
	)
	context["process_label"] = []string{c.GetProcessLabel()}
	context["mount_label"] = []string{c.GetMountLabel()}

	en = &execdriver.Network{
		Mtu:       c.daemon.config.Mtu,
		Interface: nil,
	}

	parts := strings.SplitN(string(c.hostConfig.NetworkMode), ":", 2)
	switch parts[0] {
	case "none":
	case "host":
		en.HostNetworking = true
	case "bridge", "": // empty string to support existing containers
		if !c.Config.NetworkDisabled {
			network := c.NetworkSettings
			en.Interface = &execdriver.NetworkInterface{
				Gateway:     network.Gateway,
				Bridge:      network.Bridge,
				IPAddress:   network.IPAddress,
				IPPrefixLen: network.IPPrefixLen,
			}
		}
	case "container":
		nc, err := c.getNetworkedContainer()
		if err != nil {
			return err
		}
		en.ContainerID = nc.ID
	default:
		return fmt.Errorf("invalid network mode: %s", c.hostConfig.NetworkMode)
	}

	// Build lists of devices allowed and created within the container.
	userSpecifiedDevices := make([]*devices.Device, len(c.hostConfig.Devices))
	for i, deviceMapping := range c.hostConfig.Devices {
		device, err := devices.GetDevice(deviceMapping.PathOnHost, deviceMapping.CgroupPermissions)
		device.Path = deviceMapping.PathInContainer
		if err != nil {
			return fmt.Errorf("error gathering device information while adding custom device %s", err)
		}
		userSpecifiedDevices[i] = device
	}
	allowedDevices := append(devices.DefaultAllowedDevices, userSpecifiedDevices...)

	autoCreatedDevices := append(devices.DefaultAutoCreatedDevices, userSpecifiedDevices...)

	// TODO: this can be removed after lxc-conf is fully deprecated
	mergeLxcConfIntoOptions(c.hostConfig, context)

	resources := &execdriver.Resources{
		Memory:     c.Config.Memory,
		MemorySwap: c.Config.MemorySwap,
		CpuShares:  c.Config.CpuShares,
		Cpuset:     c.Config.Cpuset,
	}
	c.command = &execdriver.Command{
		ID:                 c.ID,
		Privileged:         c.hostConfig.Privileged,
		Rootfs:             c.RootfsPath(),
		InitPath:           "/.dockerinit",
		Entrypoint:         c.Path,
		Arguments:          c.Args,
		WorkingDir:         c.Config.WorkingDir,
		Network:            en,
		Tty:                c.Config.Tty,
		User:               c.Config.User,
		Config:             context,
		Resources:          resources,
		AllowedDevices:     allowedDevices,
		AutoCreatedDevices: autoCreatedDevices,
		CapAdd:             c.hostConfig.CapAdd,
		CapDrop:            c.hostConfig.CapDrop,
	}
	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
	c.command.Env = env
	return nil
}
Exemple #3
0
func populateCommand(c *Container, env []string) error {
	var (
		en      *execdriver.Network
		context = make(map[string][]string)
	)
	context["process_label"] = []string{c.GetProcessLabel()}
	context["mount_label"] = []string{c.GetMountLabel()}

	en = &execdriver.Network{
		Mtu:       c.daemon.config.Mtu,
		Interface: nil,
	}

	parts := strings.SplitN(string(c.hostConfig.NetworkMode), ":", 2)
	switch parts[0] {
	case "none":
	case "host":
		en.HostNetworking = true
	case "bridge", "": // empty string to support existing containers
		if !c.Config.NetworkDisabled {
			network := c.NetworkSettings
			en.Interface = &execdriver.NetworkInterface{
				Gateway:     network.Gateway,
				Bridge:      network.Bridge,
				IPAddress:   network.IPAddress,
				IPPrefixLen: network.IPPrefixLen,
			}
		}
	case "container":
		nc, err := c.getNetworkedContainer()
		if err != nil {
			return err
		}
		en.ContainerID = nc.ID
	default:
		return fmt.Errorf("invalid network mode: %s", c.hostConfig.NetworkMode)
	}

	// TODO: this can be removed after lxc-conf is fully deprecated
	mergeLxcConfIntoOptions(c.hostConfig, context)

	resources := &execdriver.Resources{
		Memory:     c.Config.Memory,
		MemorySwap: c.Config.MemorySwap,
		CpuShares:  c.Config.CpuShares,
	}
	c.command = &execdriver.Command{
		ID:         c.ID,
		Privileged: c.hostConfig.Privileged,
		Rootfs:     c.RootfsPath(),
		InitPath:   "/.dockerinit",
		Entrypoint: c.Path,
		Arguments:  c.Args,
		WorkingDir: c.Config.WorkingDir,
		Network:    en,
		Tty:        c.Config.Tty,
		User:       c.Config.User,
		Config:     context,
		Resources:  resources,
	}
	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
	c.command.Env = env
	return nil
}