@@ -9,9 +9,9 @@ import (

 	"github.com/docker/docker/daemon/execdriver"

 	"github.com/docker/docker/daemon/execdriver/native/template"

-	"github.com/docker/docker/pkg/system"

 	"github.com/docker/libcontainer/namespaces"

 	"github.com/docker/libcontainer/security/capabilities"

+	"github.com/docker/libcontainer/system"

 	"github.com/docker/libcontainer/utils"

 )

@@ -15,14 +15,15 @@ import (

 	"syscall"

 	"github.com/docker/docker/daemon/execdriver"

-	"github.com/docker/docker/pkg/system"

 	"github.com/docker/docker/pkg/term"

 	"github.com/docker/libcontainer"

 	"github.com/docker/libcontainer/apparmor"

 	"github.com/docker/libcontainer/cgroups/fs"

 	"github.com/docker/libcontainer/cgroups/systemd"

+	consolepkg "github.com/docker/libcontainer/console"

 	"github.com/docker/libcontainer/namespaces"

 	"github.com/docker/libcontainer/syncpipe"

+	"github.com/docker/libcontainer/system"

 )

 const (

@@ -143,8 +144,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba

 		}, args...)

 		// set this to nil so that when we set the clone flags anything else is reset

-		c.SysProcAttr = nil

-		system.SetCloneFlags(&c.Cmd, uintptr(namespaces.GetNamespaceFlags(container.Namespaces)))

+		c.SysProcAttr = &syscall.SysProcAttr{

+			Cloneflags: uintptr(namespaces.GetNamespaceFlags(container.Namespaces)),

+		}

 		c.ExtraFiles = []*os.File{child}

 		c.Env = container.Env

@@ -285,7 +287,7 @@ type TtyConsole struct {

 }

 func NewTtyConsole(command *execdriver.Command, pipes *execdriver.Pipes) (*TtyConsole, error) {

-	ptyMaster, console, err := system.CreateMasterAndConsole()

+	ptyMaster, console, err := consolepkg.CreateMasterAndConsole()

 	if err != nil {

 		return nil, err

 	}

deleted file mode 100644

@@ -1,185 +0,0 @@

-package system

-

-import (

-	"os/exec"

-	"syscall"

-	"unsafe"

-)

-

-func Chroot(dir string) error {

-	return syscall.Chroot(dir)

-}

-

-func Chdir(dir string) error {

-	return syscall.Chdir(dir)

-}

-

-func Exec(cmd string, args []string, env []string) error {

-	return syscall.Exec(cmd, args, env)

-}

-

-func Execv(cmd string, args []string, env []string) error {

-	name, err := exec.LookPath(cmd)

-	if err != nil {

-		return err

-	}

-	return Exec(name, args, env)

-}

-

-func Fork() (int, error) {

-	syscall.ForkLock.Lock()

-	pid, _, err := syscall.Syscall(syscall.SYS_FORK, 0, 0, 0)

-	syscall.ForkLock.Unlock()

-	if err != 0 {

-		return -1, err

-	}

-	return int(pid), nil

-}

-

-func Mount(source, target, fstype string, flags uintptr, data string) error {

-	return syscall.Mount(source, target, fstype, flags, data)

-}

-

-func Unmount(target string, flags int) error {

-	return syscall.Unmount(target, flags)

-}

-

-func Pivotroot(newroot, putold string) error {

-	return syscall.PivotRoot(newroot, putold)

-}

-

-func Unshare(flags int) error {

-	return syscall.Unshare(flags)

-}

-

-func Clone(flags uintptr) (int, error) {

-	syscall.ForkLock.Lock()

-	pid, _, err := syscall.RawSyscall(syscall.SYS_CLONE, flags, 0, 0)

-	syscall.ForkLock.Unlock()

-	if err != 0 {

-		return -1, err

-	}

-	return int(pid), nil

-}

-

-func UsetCloseOnExec(fd uintptr) error {

-	if _, _, err := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_SETFD, 0); err != 0 {

-		return err

-	}

-	return nil

-}

-

-func Setgroups(gids []int) error {

-	return syscall.Setgroups(gids)

-}

-

-func Setresgid(rgid, egid, sgid int) error {

-	return syscall.Setresgid(rgid, egid, sgid)

-}

-

-func Setresuid(ruid, euid, suid int) error {

-	return syscall.Setresuid(ruid, euid, suid)

-}

-

-func Setgid(gid int) error {

-	return syscall.Setgid(gid)

-}

-

-func Setuid(uid int) error {

-	return syscall.Setuid(uid)

-}

-

-func Sethostname(name string) error {

-	return syscall.Sethostname([]byte(name))

-}

-

-func Setsid() (int, error) {

-	return syscall.Setsid()

-}

-

-func Ioctl(fd uintptr, flag, data uintptr) error {

-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, flag, data); err != 0 {

-		return err

-	}

-	return nil

-}

-

-func Closefd(fd uintptr) error {

-	return syscall.Close(int(fd))

-}

-

-func Dup2(fd1, fd2 uintptr) error {

-	return syscall.Dup2(int(fd1), int(fd2))

-}

-

-func Mknod(path string, mode uint32, dev int) error {

-	return syscall.Mknod(path, mode, dev)

-}

-

-func Prctl(option int, arg2, arg3, arg4, arg5 uintptr) error {

-	if _, _, err := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0); err != 0 {

-		return err

-	}

-	return nil

-}

-

-func ParentDeathSignal(sig uintptr) error {

-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, sig, 0); err != 0 {

-		return err

-	}

-	return nil

-}

-

-func GetParentDeathSignal() (int, error) {

-	var sig int

-

-	_, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0)

-

-	if err != 0 {

-		return -1, err

-	}

-

-	return sig, nil

-}

-

-func SetKeepCaps() error {

-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 1, 0); err != 0 {

-		return err

-	}

-

-	return nil

-}

-

-func ClearKeepCaps() error {

-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 0, 0); err != 0 {

-		return err

-	}

-

-	return nil

-}

-

-func Setctty() error {

-	if _, _, err := syscall.RawSyscall(syscall.SYS_IOCTL, 0, uintptr(syscall.TIOCSCTTY), 0); err != 0 {

-		return err

-	}

-	return nil

-}

-

-func Mkfifo(name string, mode uint32) error {

-	return syscall.Mkfifo(name, mode)

-}

-

-func Umask(mask int) int {

-	return syscall.Umask(mask)

-}

-

-func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {

-	if cmd.SysProcAttr == nil {

-		cmd.SysProcAttr = &syscall.SysProcAttr{}

-	}

-	cmd.SysProcAttr.Cloneflags = flag

-}

-

-func Gettid() int {

-	return syscall.Gettid()

-}

deleted file mode 100644

@@ -1,38 +0,0 @@

-package system

-

-import (

-	"io/ioutil"

-	"strconv"

-	"syscall"

-)

-

-// Works similarly to OpenBSD's "closefrom(2)":

-//   The closefrom() call deletes all descriptors numbered fd and higher from

-//   the per-process file descriptor table.  It is effectively the same as

-//   calling close(2) on each descriptor.

-// http://www.openbsd.org/cgi-bin/man.cgi?query=closefrom&sektion=2

-//

-// See also http://stackoverflow.com/a/918469/433558

-func CloseFdsFrom(minFd int) error {

-	fdList, err := ioutil.ReadDir("/proc/self/fd")

-	if err != nil {

-		return err

-	}

-	for _, fi := range fdList {

-		fd, err := strconv.Atoi(fi.Name())

-		if err != nil {

-			// ignore non-numeric file names

-			continue

-		}

-

-		if fd < minFd {

-			// ignore descriptors lower than our specified minimum

-			continue

-		}

-

-		// intentionally ignore errors from syscall.Close

-		syscall.Close(fd)

-		// the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall)

-	}

-	return nil

-}

deleted file mode 100644

@@ -1,12 +0,0 @@

-// +build !linux

-

-package system

-

-import (

-	"fmt"

-	"runtime"

-)

-

-func CloseFdsFrom(minFd int) error {

-	return fmt.Errorf("CloseFdsFrom is unsupported on this platform (%s/%s)", runtime.GOOS, runtime.GOARCH)

-}

deleted file mode 100644

@@ -1,26 +0,0 @@

-package system

-

-import (

-	"io/ioutil"

-	"path/filepath"

-	"strconv"

-	"strings"

-)

-

-// look in /proc to find the process start time so that we can verify

-// that this pid has started after ourself

-func GetProcessStartTime(pid int) (string, error) {

-	data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))

-	if err != nil {

-		return "", err

-	}

-	parts := strings.Split(string(data), " ")

-	// the starttime is located at pos 22

-	// from the man page

-	//

-	// starttime %llu (was %lu before Linux 2.6)

-	// (22)  The  time the process started after system boot.  In kernels before Linux 2.6, this

-	// value was expressed in jiffies.  Since Linux 2.6, the value is expressed in  clock  ticks

-	// (divide by sysconf(_SC_CLK_TCK)).

-	return parts[22-1], nil // starts at 1

-}

deleted file mode 100644

@@ -1,58 +0,0 @@

-package system

-

-import (

-	"fmt"

-	"os"

-	"syscall"

-	"unsafe"

-)

-

-// Unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.

-// Unlockpt should be called before opening the slave side of a pseudoterminal.

-func Unlockpt(f *os.File) error {

-	var u int

-	return Ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))

-}

-

-// Ptsname retrieves the name of the first available pts for the given master.

-func Ptsname(f *os.File) (string, error) {

-	var n int

-

-	if err := Ioctl(f.Fd(), syscall.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil {

-		return "", err

-	}

-	return fmt.Sprintf("/dev/pts/%d", n), nil

-}

-

-// CreateMasterAndConsole will open /dev/ptmx on the host and retreive the

-// pts name for use as the pty slave inside the container

-func CreateMasterAndConsole() (*os.File, string, error) {

-	master, err := os.OpenFile("/dev/ptmx", syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)

-	if err != nil {

-		return nil, "", err

-	}

-	console, err := Ptsname(master)

-	if err != nil {

-		return nil, "", err

-	}

-	if err := Unlockpt(master); err != nil {

-		return nil, "", err

-	}

-	return master, console, nil

-}

-

-// OpenPtmx opens /dev/ptmx, i.e. the PTY master.

-func OpenPtmx() (*os.File, error) {

-	// O_NOCTTY and O_CLOEXEC are not present in os package so we use the syscall's one for all.

-	return os.OpenFile("/dev/ptmx", syscall.O_RDONLY|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)

-}

-

-// OpenTerminal is a clone of os.OpenFile without the O_CLOEXEC

-// used to open the pty slave inside the container namespace

-func OpenTerminal(name string, flag int) (*os.File, error) {

-	r, e := syscall.Open(name, flag, 0)

-	if e != nil {

-		return nil, &os.PathError{"open", name, e}

-	}

-	return os.NewFile(uintptr(r), name), nil

-}

deleted file mode 100644

@@ -1,27 +0,0 @@

-package system

-

-import (

-	"fmt"

-	"runtime"

-	"syscall"

-)

-

-// Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092

-//

-// We need different setns values for the different platforms and arch

-// We are declaring the macro here because the SETNS syscall does not exist in th stdlib

-var setNsMap = map[string]uintptr{

-	"linux/amd64": 308,

-}

-

-func Setns(fd uintptr, flags uintptr) error {

-	ns, exists := setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)]

-	if !exists {

-		return ErrNotSupportedPlatform

-	}

-	_, _, err := syscall.RawSyscall(ns, fd, flags, 0)

-	if err != 0 {

-		return err

-	}

-	return nil

-}

deleted file mode 100644

@@ -1,9 +0,0 @@

-// +build linux,!cgo

-

-package system

-

-func GetClockTicks() int {

-	// when we cannot call out to C to get the sysconf it is fairly safe to

-	// just return 100

-	return 100

-}

deleted file mode 100644

@@ -1,38 +0,0 @@

-// +build !linux

-

-package system

-

-import (

-	"os"

-	"os/exec"

-)

-

-func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {

-

-}

-

-func UsetCloseOnExec(fd uintptr) error {

-	return ErrNotSupportedPlatform

-}

-

-func Gettid() int {

-	return 0

-}

-

-func GetClockTicks() int {

-	// when we cannot call out to C to get the sysconf it is fairly safe to

-	// just return 100

-	return 100

-}

-

-func CreateMasterAndConsole() (*os.File, string, error) {

-	return nil, "", ErrNotSupportedPlatform

-}

-

-func SetKeepCaps() error {

-	return ErrNotSupportedPlatform

-}

-

-func ClearKeepCaps() error {

-	return ErrNotSupportedPlatform

-}