// ManifestExclusiveLock gets an exclusive lock on only the pod manifest. // This is used in the app sandbox - since the pod is already running, we // won't be able to get an exclusive lock on the pod itself. func (p *Pod) ExclusiveManifestLock() error { if p.manifestLock != nil { return p.manifestLock.ExclusiveLock() // This is idempotent } l, err := lock.ExclusiveLock(common.PodManifestLockPath(p.Path()), lock.RegFile) if err != nil { return err } p.manifestLock = l return nil }
// ExclusiveLockManifest gets an exclusive lock on only the pod manifest in the app sandbox. // Since the pod is already running, we won't be able to get an exclusive lock on the pod itself. func (p *Pod) ExclusiveLockManifest() error { if !p.isRunning() { return errors.New("pod is not running") } if p.manifestLock != nil { return p.manifestLock.ExclusiveLock() // This is idempotent } l, err := lock.ExclusiveLock(common.PodManifestLockPath(p.Path()), lock.RegFile) if err != nil { return err } p.manifestLock = l return nil }
// Prepare sets up a pod based on the given config. func Prepare(cfg PrepareConfig, dir string, uuid *types.UUID) error { if err := os.MkdirAll(common.AppsInfoPath(dir), common.DefaultRegularDirPerm); err != nil { return errwrap.Wrap(errors.New("error creating apps info directory"), err) } debug("Preparing stage1") if err := prepareStage1Image(cfg, dir); err != nil { return errwrap.Wrap(errors.New("error preparing stage1"), err) } var pmb []byte var err error if len(cfg.PodManifest) > 0 { pmb, err = validatePodManifest(cfg, dir) } else { pmb, err = generatePodManifest(cfg, dir) } if err != nil { return err } cfg.CommonConfig.ManifestData = string(pmb) // create pod lock file for app add/rm operations. f, err := os.OpenFile(common.PodManifestLockPath(dir), os.O_CREATE|os.O_RDWR, 0600) if err != nil { return err } f.Close() debug("Writing pod manifest") fn := common.PodManifestPath(dir) if err := ioutil.WriteFile(fn, pmb, common.DefaultRegularFilePerm); err != nil { return errwrap.Wrap(errors.New("error writing pod manifest"), err) } f, err = os.OpenFile(common.PodCreatedPath(dir), os.O_CREATE|os.O_RDWR, common.DefaultRegularFilePerm) if err != nil { return err } f.Close() if cfg.UseOverlay { // mark the pod as prepared with overlay f, err := os.Create(filepath.Join(dir, common.OverlayPreparedFilename)) if err != nil { return errwrap.Wrap(errors.New("error writing overlay marker file"), err) } defer f.Close() } if cfg.PrivateUsers.Shift > 0 { // mark the pod as prepared for user namespaces uidrangeBytes := cfg.PrivateUsers.Serialize() if err := ioutil.WriteFile(filepath.Join(dir, common.PrivateUsersPreparedFilename), uidrangeBytes, common.DefaultRegularFilePerm); err != nil { return errwrap.Wrap(errors.New("error writing userns marker file"), err) } } return nil }