// this expects that we already have our namespaces setup by the C initializer // we are expected to finalize the namespace and exec the user's application func nsenter() { syncPipe, err := syncpipe.NewSyncPipeFromFd(0, 3) if err != nil { log.Fatalf("unable to create sync pipe: %s", err) } var config *libcontainer.Config if err := syncPipe.ReadFromParent(&config); err != nil { log.Fatalf("reading container config from parent: %s", err) } if err := namespaces.FinalizeSetns(config, findUserArgs()); err != nil { log.Fatalf("failed to nsenter: %s", err) } }
func nsenterExec() { runtime.LockOSThread() // User args are passed after '--' in the command line. userArgs := findUserArgs() config, err := loadConfigFromFd() if err != nil { log.Fatalf("docker-exec: unable to receive config from sync pipe: %s", err) } if err := namespaces.FinalizeSetns(config, userArgs); err != nil { log.Fatalf("docker-exec: failed to exec: %s", err) } }
// init runs the libcontainer initialization code because of the busybox style needs // to work around the go runtime and the issues with forking func init() { if len(os.Args) < 2 { return } // handle init if len(os.Args) >= 2 && os.Args[1] == "init" { runtime.LockOSThread() container, err := loadConfig() if err != nil { log.Fatal(err) } rootfs, err := os.Getwd() if err != nil { log.Fatal(err) } if err := namespaces.Init(container, rootfs, "", os.NewFile(3, "pipe"), os.Args[3:]); err != nil { log.Fatalf("unable to initialize for container: %s", err) } os.Exit(1) } // handle execin if len(os.Args) >= 2 && os.Args[0] == "nsenter-exec" { runtime.LockOSThread() // User args are passed after '--' in the command line. userArgs := findUserArgs() config, err := loadConfigFromFd() if err != nil { log.Fatalf("docker-exec: unable to receive config from sync pipe: %s", err) } if err := namespaces.FinalizeSetns(config, userArgs); err != nil { log.Fatalf("docker-exec: failed to exec: %s", err) } os.Exit(1) } }
// nsenterExec exec's a process inside an existing container func nsenterExec(config *libcontainer.Config, args []string) { if err := namespaces.FinalizeSetns(config, args); err != nil { log.Fatalf("failed to nsenter: %s", err) } }