Esempio n. 1
0
func exec(container *libcontainer.Container, name string) error {
	f, err := os.Open("/root/nsroot/test")
	if err != nil {
		return err
	}
	container.NetNsFd = f.Fd()

	pid, err := namespaces.Exec(container)
	if err != nil {
		return fmt.Errorf("error exec container %s", err)
	}

	container.NsPid = pid
	if displayPid {
		fmt.Println(pid)
	}

	body, err := json.Marshal(container)
	if err != nil {
		return err
	}
	buf := bytes.NewBuffer(nil)
	if err := json.Indent(buf, body, "", "    "); err != nil {
		return err
	}

	f, err = os.OpenFile(name, os.O_RDWR, 0755)
	if err != nil {
		return err
	}
	if _, err := buf.WriteTo(f); err != nil {
		f.Close()
		return err
	}
	f.Close()

	exitcode, err := utils.WaitOnPid(pid)
	if err != nil {
		return fmt.Errorf("error waiting on child %s", err)
	}
	if err := network.DeleteNetworkNamespace("/root/nsroot/test"); err != nil {
		return err
	}
	os.Exit(exitcode)
	return nil
}
Esempio n. 2
0
func execIn(container *libcontainer.Container) error {
	f, err := os.Open("/root/nsroot/test")
	if err != nil {
		return err
	}
	container.NetNsFd = f.Fd()
	pid, err := namespaces.ExecIn(container, &libcontainer.Command{
		Env: container.Command.Env,
		Args: []string{
			newCommand,
		},
	})
	if err != nil {
		return fmt.Errorf("error exexin container %s", err)
	}
	exitcode, err := utils.WaitOnPid(pid)
	if err != nil {
		return fmt.Errorf("error waiting on child %s", err)
	}
	os.Exit(exitcode)
	return nil
}
Esempio n. 3
0
func CreateContainer(containerName string, nsPid int, args []string, env []string) (*libcontainer.Container, error) {
	container := new(libcontainer.Container)
	container.ID = containerName
	container.NsPid = nsPid
	container.Command = &libcontainer.Command{args, env}
	container.Namespaces = []libcontainer.Namespace{
		libcontainer.CLONE_NEWNS,
		libcontainer.CLONE_NEWUTS,
		libcontainer.CLONE_NEWIPC,
		libcontainer.CLONE_NEWPID,
		libcontainer.CLONE_NEWNET,
	}
	container.Capabilities = []libcontainer.Capability{
		libcontainer.CAP_SETPCAP,
		libcontainer.CAP_SYS_MODULE,
		libcontainer.CAP_SYS_RAWIO,
		libcontainer.CAP_SYS_PACCT,
		libcontainer.CAP_SYS_ADMIN,
		libcontainer.CAP_SYS_NICE,
		libcontainer.CAP_SYS_RESOURCE,
		libcontainer.CAP_SYS_TIME,
		libcontainer.CAP_SYS_TTY_CONFIG,
		libcontainer.CAP_MKNOD,
		libcontainer.CAP_AUDIT_WRITE,
		libcontainer.CAP_AUDIT_CONTROL,
		libcontainer.CAP_MAC_OVERRIDE,
		libcontainer.CAP_MAC_ADMIN,
	}
	netns_path := path.Join("/proc", strconv.Itoa(nsPid), "ns", "net")
	f, err := os.Open(netns_path)
	if err != nil {
		return nil, err
	}
	container.NetNsFd = f.Fd()

	return container, nil
}