func exec(container *libcontainer.Container, name string) error {
f, err := os.Open("/root/nsroot/test")
if err != nil {
return err
}
container.NetNsFd = f.Fd()
pid, err := namespaces.Exec(container)
if err != nil {
return fmt.Errorf("error exec container %s", err)
}
container.NsPid = pid
if displayPid {
fmt.Println(pid)
}
body, err := json.Marshal(container)
if err != nil {
return err
}
buf := bytes.NewBuffer(nil)
if err := json.Indent(buf, body, "", " "); err != nil {
return err
}
f, err = os.OpenFile(name, os.O_RDWR, 0755)
if err != nil {
return err
}
if _, err := buf.WriteTo(f); err != nil {
f.Close()
return err
}
f.Close()
exitcode, err := utils.WaitOnPid(pid)
if err != nil {
return fmt.Errorf("error waiting on child %s", err)
}
if err := network.DeleteNetworkNamespace("/root/nsroot/test"); err != nil {
return err
}
os.Exit(exitcode)
return nil
}
func execIn(container *libcontainer.Container) error {
f, err := os.Open("/root/nsroot/test")
if err != nil {
return err
}
container.NetNsFd = f.Fd()
pid, err := namespaces.ExecIn(container, &libcontainer.Command{
Env: container.Command.Env,
Args: []string{
newCommand,
},
})
if err != nil {
return fmt.Errorf("error exexin container %s", err)
}
exitcode, err := utils.WaitOnPid(pid)
if err != nil {
return fmt.Errorf("error waiting on child %s", err)
}
os.Exit(exitcode)
return nil
}
func CreateContainer(containerName string, nsPid int, args []string, env []string) (*libcontainer.Container, error) {
container := new(libcontainer.Container)
container.ID = containerName
container.NsPid = nsPid
container.Command = &libcontainer.Command{args, env}
container.Namespaces = []libcontainer.Namespace{
libcontainer.CLONE_NEWNS,
libcontainer.CLONE_NEWUTS,
libcontainer.CLONE_NEWIPC,
libcontainer.CLONE_NEWPID,
libcontainer.CLONE_NEWNET,
}
container.Capabilities = []libcontainer.Capability{
libcontainer.CAP_SETPCAP,
libcontainer.CAP_SYS_MODULE,
libcontainer.CAP_SYS_RAWIO,
libcontainer.CAP_SYS_PACCT,
libcontainer.CAP_SYS_ADMIN,
libcontainer.CAP_SYS_NICE,
libcontainer.CAP_SYS_RESOURCE,
libcontainer.CAP_SYS_TIME,
libcontainer.CAP_SYS_TTY_CONFIG,
libcontainer.CAP_MKNOD,
libcontainer.CAP_AUDIT_WRITE,
libcontainer.CAP_AUDIT_CONTROL,
libcontainer.CAP_MAC_OVERRIDE,
libcontainer.CAP_MAC_ADMIN,
}
netns_path := path.Join("/proc", strconv.Itoa(nsPid), "ns", "net")
f, err := os.Open(netns_path)
if err != nil {
return nil, err
}
container.NetNsFd = f.Fd()
return container, nil
}