Browse code
Factor out finalize namespace Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Michael Crosby authored on 2014/03/04 05:15:47Showing 2 changed files
| ... | ... |
@@ -5,7 +5,6 @@ package nsinit |
| 5 | 5 |
import ( |
| 6 | 6 |
"fmt" |
| 7 | 7 |
"github.com/dotcloud/docker/pkg/libcontainer" |
| 8 |
- "github.com/dotcloud/docker/pkg/libcontainer/capabilities" |
|
| 9 | 8 |
"github.com/dotcloud/docker/pkg/system" |
| 10 | 9 |
"os" |
| 11 | 10 |
"path/filepath" |
| ... | ... |
@@ -73,8 +72,8 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s |
| 73 | 73 |
os.Exit(state.Sys().(syscall.WaitStatus).ExitStatus()) |
| 74 | 74 |
} |
| 75 | 75 |
dropAndExec: |
| 76 |
- if err := capabilities.DropCapabilities(container); err != nil {
|
|
| 77 |
- return -1, fmt.Errorf("drop capabilities %s", err)
|
|
| 76 |
+ if err := finalizeNamespace(container); err != nil {
|
|
| 77 |
+ return -1, err |
|
| 78 | 78 |
} |
| 79 | 79 |
if err := system.Execv(args[0], args[0:], container.Env); err != nil {
|
| 80 | 80 |
return -1, err |
| ... | ... |
@@ -64,16 +64,8 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol |
| 64 | 64 |
if err := system.Sethostname(container.Hostname); err != nil {
|
| 65 | 65 |
return fmt.Errorf("sethostname %s", err)
|
| 66 | 66 |
} |
| 67 |
- if err := capabilities.DropCapabilities(container); err != nil {
|
|
| 68 |
- return fmt.Errorf("drop capabilities %s", err)
|
|
| 69 |
- } |
|
| 70 |
- if err := setupUser(container); err != nil {
|
|
| 71 |
- return fmt.Errorf("setup user %s", err)
|
|
| 72 |
- } |
|
| 73 |
- if container.WorkingDir != "" {
|
|
| 74 |
- if err := system.Chdir(container.WorkingDir); err != nil {
|
|
| 75 |
- return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
|
|
| 76 |
- } |
|
| 67 |
+ if err := finalizeNamespace(container); err != nil {
|
|
| 68 |
+ return fmt.Errorf("finalize namespace %s", err)
|
|
| 77 | 69 |
} |
| 78 | 70 |
return system.Execv(args[0], args[0:], container.Env) |
| 79 | 71 |
} |
| ... | ... |
@@ -142,3 +134,20 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex |
| 142 | 142 |
} |
| 143 | 143 |
return nil |
| 144 | 144 |
} |
| 145 |
+ |
|
| 146 |
+// finalizeNamespace drops the caps and sets the correct user |
|
| 147 |
+// and working dir before execing the command inside the namespace |
|
| 148 |
+func finalizeNamespace(container *libcontainer.Container) error {
|
|
| 149 |
+ if err := capabilities.DropCapabilities(container); err != nil {
|
|
| 150 |
+ return fmt.Errorf("drop capabilities %s", err)
|
|
| 151 |
+ } |
|
| 152 |
+ if err := setupUser(container); err != nil {
|
|
| 153 |
+ return fmt.Errorf("setup user %s", err)
|
|
| 154 |
+ } |
|
| 155 |
+ if container.WorkingDir != "" {
|
|
| 156 |
+ if err := system.Chdir(container.WorkingDir); err != nil {
|
|
| 157 |
+ return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
|
|
| 158 |
+ } |
|
| 159 |
+ } |
|
| 160 |
+ return nil |
|
| 161 |
+} |