Exemplo n.º 1
0
func main() {
	logger := lager.NewLogger("initd")
	socketPath := flag.String("socket", "/run/initd.sock", "path to listen for spawn requests on")
	//unmountPath := flag.String("unmountAfterListening", "/run", "directory to unmount after succesfully listening on -socketPath")
	flag.String("unmountAfterListening", "/run", "directory to unmount after succesfully listening on -socketPath")
	flag.Parse()

	reaper := system.StartReaper(logger)
	defer reaper.Stop()

	listener, err := unix_socket.NewListenerFromPath(*socketPath)
	if err != nil {
		fmt.Printf("open %s: %s", *socketPath, err)
		os.Exit(1)
	}

	daemon := &container_daemon.ContainerDaemon{
		CmdPreparer: &container_daemon.ProcessSpecPreparer{
			Users: container_daemon.LibContainerUser{},
			AlwaysDropCapabilities: false,
		},
		Spawner: &container_daemon.Spawn{
			Runner: reaper,
			PTY:    system.KrPty,
		},
	}

	// unmount the bind-mounted socket volume now we've started listening
	// if err := syscall.Unmount(*unmountPath, syscall.MNT_DETACH); err != nil {
	// 	fmt.Printf("unmount %s: %s", *unmountPath, err)
	// 	os.Exit(2)
	// }

	if err := daemon.Run(listener); err != nil {
		fmt.Sprintf("run daemon: %s", err)
		os.Exit(1)
	}
}
		connectionHandler = &fake_connection_handler.FakeConnectionHandler{}
	})

	JustBeforeEach(func() {
		connector = &unix_socket.Connector{
			SocketPath: socketPath,
		}
	})

	Describe("Listener creation", func() {
		Context("when listener is created by socket path", func() {
			Context("when file does not exist", func() {
				Context("when there is no permission to create the file", func() {
					It("returns an error", func() {
						socketPath := "/proc/a_socket.sock"
						_, err := unix_socket.NewListenerFromPath(socketPath)
						Expect(err).To(HaveOccurred())
					})
				})

				Context("when there is permission to create the file", func() {
					It("creates the listener", func() {
						socketPath := fmt.Sprintf("/tmp/a_socket-%d.sock", GinkgoParallelNode())

						listener, err := unix_socket.NewListenerFromPath(socketPath)
						Expect(err).ToNot(HaveOccurred())

						Expect(listener.Close()).To(Succeed())
					})
				})
			})
var _ = Describe("wsh and daemon integration", func() {
	var daemon *container_daemon.ContainerDaemon
	var tempDir string
	var socketPath string
	var wsh string

	BeforeEach(func() {
		var err error
		wsh, err = gexec.Build("github.com/cloudfoundry-incubator/garden-linux/container_daemon/wsh")
		Expect(err).ToNot(HaveOccurred())

		tempDir, err = ioutil.TempDir("", "")
		Expect(err).ToNot(HaveOccurred())
		socketPath = path.Join(tempDir, "test.sock")
		listener, err := unix_socket.NewListenerFromPath(socketPath)
		Expect(err).ToNot(HaveOccurred())

		daemon = &container_daemon.ContainerDaemon{
			CmdPreparer: &container_daemon.ProcessSpecPreparer{
				Users:   container_daemon.LibContainerUser{},
				Reexec:  container_daemon.CommandFunc(reexec.Command),
				Rlimits: &container_daemon.RlimitsManager{},
			},
			Spawner: &container_daemon.Spawn{
				Runner: &FakeCommandRunner{},
			},
			Signaller: &FakeProcessSignaller{},
		}

		go func(listener container_daemon.Listener, daemon *container_daemon.ContainerDaemon) {
Exemplo n.º 4
0
func main() {
	libPath := flag.String("lib", "./lib", "Directory containing hooks")
	rootFsPath := flag.String("root", "", "Directory that will become root in the new mount namespace")
	runPath := flag.String("run", "./run", "Directory where server socket is placed")
	userNsFlag := flag.String("userns", "enabled", "If specified, use user namespacing")
	title := flag.String("title", "", "")
	flag.Parse()

	if *rootFsPath == "" {
		missing("--root")
	}

	binPath, err := filepath.Abs(filepath.Dir(os.Args[0]))
	if err != nil {
		fmt.Fprintf(os.Stderr, "wshd: obtain absolute path: %s", err)
		os.Exit(6)
	}

	socketPath := path.Join(*runPath, "wshd.sock")

	privileged := false
	if *userNsFlag == "" || *userNsFlag == "disabled" {
		privileged = true
	}

	containerReader, hostWriter, err := os.Pipe()
	if err != nil {
		fmt.Fprintf(os.Stderr, "wshd: create pipe: %s", err)
		os.Exit(5)
	}

	hostReader, containerWriter, err := os.Pipe()
	if err != nil {
		fmt.Fprintf(os.Stderr, "wshd: create pipe: %s", err)
		os.Exit(4)
	}

	sync := &containerizer.PipeSynchronizer{
		Reader: hostReader,
		Writer: hostWriter,
	}

	listener, err := unix_socket.NewListenerFromPath(socketPath)
	if err != nil {
		fmt.Fprintf(os.Stderr, "wshd: create listener: %s", err)
		os.Exit(8)
	}

	socketFile, err := listener.File()
	if err != nil {
		fmt.Fprintf(os.Stderr, "wshd: obtain listener file: %s", err)
		os.Exit(9)
	}

	beforeCloneInitializer := &system.Initializer{Steps: []system.StepRunner{
		&containerizer.FuncStep{
			(&container_daemon.RlimitsManager{}).Init,
		},
	}}

	maxUID := sysinfo.Min(sysinfo.MustGetMaxValidUID(), sysinfo.MustGetMaxValidGID())
	cz := containerizer.Containerizer{
		BeforeCloneInitializer: beforeCloneInitializer,
		InitBinPath:            path.Join(binPath, "initc"),
		InitArgs: []string{
			"--root", *rootFsPath,
			"--config", path.Join(*libPath, "../etc/config"),
			"--title", *title,
		},
		Execer: &system.NamespacingExecer{
			CommandRunner: linux_command_runner.New(),
			ExtraFiles:    []*os.File{containerReader, containerWriter, socketFile},
			Privileged:    privileged,
			MaxUID:        maxUID,
		},
		Signaller: sync,
		Waiter:    sync,
		// Temporary until we merge the hook scripts functionality in Golang
		CommandRunner: linux_command_runner.New(),
		LibPath:       *libPath,
		RootfsPath:    *rootFsPath,
	}

	err = cz.Create()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Failed to create container: %s", err)
		os.Exit(2)
	}
}