func main() { logger := lager.NewLogger("initd") socketPath := flag.String("socket", "/run/initd.sock", "path to listen for spawn requests on") //unmountPath := flag.String("unmountAfterListening", "/run", "directory to unmount after succesfully listening on -socketPath") flag.String("unmountAfterListening", "/run", "directory to unmount after succesfully listening on -socketPath") flag.Parse() reaper := system.StartReaper(logger) defer reaper.Stop() listener, err := unix_socket.NewListenerFromPath(*socketPath) if err != nil { fmt.Printf("open %s: %s", *socketPath, err) os.Exit(1) } daemon := &container_daemon.ContainerDaemon{ CmdPreparer: &container_daemon.ProcessSpecPreparer{ Users: container_daemon.LibContainerUser{}, AlwaysDropCapabilities: false, }, Spawner: &container_daemon.Spawn{ Runner: reaper, PTY: system.KrPty, }, } // unmount the bind-mounted socket volume now we've started listening // if err := syscall.Unmount(*unmountPath, syscall.MNT_DETACH); err != nil { // fmt.Printf("unmount %s: %s", *unmountPath, err) // os.Exit(2) // } if err := daemon.Run(listener); err != nil { fmt.Sprintf("run daemon: %s", err) os.Exit(1) } }
connectionHandler = &fake_connection_handler.FakeConnectionHandler{} }) JustBeforeEach(func() { connector = &unix_socket.Connector{ SocketPath: socketPath, } }) Describe("Listener creation", func() { Context("when listener is created by socket path", func() { Context("when file does not exist", func() { Context("when there is no permission to create the file", func() { It("returns an error", func() { socketPath := "/proc/a_socket.sock" _, err := unix_socket.NewListenerFromPath(socketPath) Expect(err).To(HaveOccurred()) }) }) Context("when there is permission to create the file", func() { It("creates the listener", func() { socketPath := fmt.Sprintf("/tmp/a_socket-%d.sock", GinkgoParallelNode()) listener, err := unix_socket.NewListenerFromPath(socketPath) Expect(err).ToNot(HaveOccurred()) Expect(listener.Close()).To(Succeed()) }) }) })
var _ = Describe("wsh and daemon integration", func() { var daemon *container_daemon.ContainerDaemon var tempDir string var socketPath string var wsh string BeforeEach(func() { var err error wsh, err = gexec.Build("github.com/cloudfoundry-incubator/garden-linux/container_daemon/wsh") Expect(err).ToNot(HaveOccurred()) tempDir, err = ioutil.TempDir("", "") Expect(err).ToNot(HaveOccurred()) socketPath = path.Join(tempDir, "test.sock") listener, err := unix_socket.NewListenerFromPath(socketPath) Expect(err).ToNot(HaveOccurred()) daemon = &container_daemon.ContainerDaemon{ CmdPreparer: &container_daemon.ProcessSpecPreparer{ Users: container_daemon.LibContainerUser{}, Reexec: container_daemon.CommandFunc(reexec.Command), Rlimits: &container_daemon.RlimitsManager{}, }, Spawner: &container_daemon.Spawn{ Runner: &FakeCommandRunner{}, }, Signaller: &FakeProcessSignaller{}, } go func(listener container_daemon.Listener, daemon *container_daemon.ContainerDaemon) {
func main() { libPath := flag.String("lib", "./lib", "Directory containing hooks") rootFsPath := flag.String("root", "", "Directory that will become root in the new mount namespace") runPath := flag.String("run", "./run", "Directory where server socket is placed") userNsFlag := flag.String("userns", "enabled", "If specified, use user namespacing") title := flag.String("title", "", "") flag.Parse() if *rootFsPath == "" { missing("--root") } binPath, err := filepath.Abs(filepath.Dir(os.Args[0])) if err != nil { fmt.Fprintf(os.Stderr, "wshd: obtain absolute path: %s", err) os.Exit(6) } socketPath := path.Join(*runPath, "wshd.sock") privileged := false if *userNsFlag == "" || *userNsFlag == "disabled" { privileged = true } containerReader, hostWriter, err := os.Pipe() if err != nil { fmt.Fprintf(os.Stderr, "wshd: create pipe: %s", err) os.Exit(5) } hostReader, containerWriter, err := os.Pipe() if err != nil { fmt.Fprintf(os.Stderr, "wshd: create pipe: %s", err) os.Exit(4) } sync := &containerizer.PipeSynchronizer{ Reader: hostReader, Writer: hostWriter, } listener, err := unix_socket.NewListenerFromPath(socketPath) if err != nil { fmt.Fprintf(os.Stderr, "wshd: create listener: %s", err) os.Exit(8) } socketFile, err := listener.File() if err != nil { fmt.Fprintf(os.Stderr, "wshd: obtain listener file: %s", err) os.Exit(9) } beforeCloneInitializer := &system.Initializer{Steps: []system.StepRunner{ &containerizer.FuncStep{ (&container_daemon.RlimitsManager{}).Init, }, }} maxUID := sysinfo.Min(sysinfo.MustGetMaxValidUID(), sysinfo.MustGetMaxValidGID()) cz := containerizer.Containerizer{ BeforeCloneInitializer: beforeCloneInitializer, InitBinPath: path.Join(binPath, "initc"), InitArgs: []string{ "--root", *rootFsPath, "--config", path.Join(*libPath, "../etc/config"), "--title", *title, }, Execer: &system.NamespacingExecer{ CommandRunner: linux_command_runner.New(), ExtraFiles: []*os.File{containerReader, containerWriter, socketFile}, Privileged: privileged, MaxUID: maxUID, }, Signaller: sync, Waiter: sync, // Temporary until we merge the hook scripts functionality in Golang CommandRunner: linux_command_runner.New(), LibPath: *libPath, RootfsPath: *rootFsPath, } err = cz.Create() if err != nil { fmt.Fprintf(os.Stderr, "Failed to create container: %s", err) os.Exit(2) } }