Build up the full container config and do all the bookkeeping that can
be done before initializing the container's RWLayer, rootfs and mounts
so the comparatively expensive filesystem operations do not need to be
performed then reverted if the container creation fails due to a problem
with the container configuration.
Signed-off-by: Cory Snider <csnider@mirantis.com>
| ... | ... |
@@ -227,22 +227,6 @@ func (daemon *Daemon) create(ctx context.Context, daemonCfg *config.Config, opts |
| 227 | 227 |
|
| 228 | 228 |
ctr.ImageManifest = imgManifest |
| 229 | 229 |
|
| 230 |
- // Set RWLayer for container after mount labels have been set |
|
| 231 |
- rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping.RootPair())) |
|
| 232 |
- if err != nil {
|
|
| 233 |
- return nil, errdefs.System(err) |
|
| 234 |
- } |
|
| 235 |
- ctr.RWLayer = rwLayer |
|
| 236 |
- |
|
| 237 |
- cuid := os.Getuid() |
|
| 238 |
- _, gid := daemon.IdentityMapping().RootPair() |
|
| 239 |
- if err := user.MkdirAndChown(ctr.Root, 0o710, cuid, gid); err != nil {
|
|
| 240 |
- return nil, err |
|
| 241 |
- } |
|
| 242 |
- if err := user.MkdirAndChown(ctr.CheckpointDir(), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 243 |
- return nil, err |
|
| 244 |
- } |
|
| 245 |
- |
|
| 246 | 230 |
if err := daemon.registerLinks(ctr); err != nil {
|
| 247 | 231 |
return nil, err |
| 248 | 232 |
} |
| ... | ... |
@@ -268,6 +252,23 @@ func (daemon *Daemon) create(ctx context.Context, daemonCfg *config.Config, opts |
| 268 | 268 |
if err := daemon.registerMountPoints(ctr, opts.params.DefaultReadOnlyNonRecursive); err != nil {
|
| 269 | 269 |
return nil, err |
| 270 | 270 |
} |
| 271 |
+ |
|
| 272 |
+ // Set RWLayer for container after mount labels have been set |
|
| 273 |
+ rwLayer, err := daemon.imageService.CreateLayer(ctr, setupInitLayer(daemon.idMapping.RootPair())) |
|
| 274 |
+ if err != nil {
|
|
| 275 |
+ return nil, errdefs.System(err) |
|
| 276 |
+ } |
|
| 277 |
+ ctr.RWLayer = rwLayer |
|
| 278 |
+ |
|
| 279 |
+ cuid := os.Getuid() |
|
| 280 |
+ _, gid := daemon.IdentityMapping().RootPair() |
|
| 281 |
+ if err := user.MkdirAndChown(ctr.Root, 0o710, cuid, gid); err != nil {
|
|
| 282 |
+ return nil, err |
|
| 283 |
+ } |
|
| 284 |
+ if err := user.MkdirAndChown(ctr.CheckpointDir(), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 285 |
+ return nil, err |
|
| 286 |
+ } |
|
| 287 |
+ |
|
| 271 | 288 |
if err := daemon.createContainerVolumesOS(ctx, ctr, opts.params.Config); err != nil {
|
| 272 | 289 |
return nil, err |
| 273 | 290 |
} |