1. docker
  2. Commit be2f53ece8a57907ec9a1855f4d0c06a086c206b
Browse code

Windows: Fix native exec template

Signed-off-by: John Howard <jhoward@microsoft.com>

John Howard authored on 2015/11/01 03:39:19
Showing 3 changed files
daemon/execdriver/native/template/default_template.go
History View file @ be2f53e
1 1 
deleted file mode 100644
... ... 
@@ -1,98 +0,0 @@
1 
-package template
2 
-
3 
-import (
4 
-	"syscall"
5 
-
6 
-	"github.com/opencontainers/runc/libcontainer/apparmor"
7 
-	"github.com/opencontainers/runc/libcontainer/configs"
8 
-)
9 
-
10 
-const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
11 
-
12 
-// New returns the docker default configuration for libcontainer
13 
-func New() *configs.Config {
14 
-	container := &configs.Config{
15 
-		Capabilities: []string{
16 
-			"CHOWN",
17 
-			"DAC_OVERRIDE",
18 
-			"FSETID",
19 
-			"FOWNER",
20 
-			"MKNOD",
21 
-			"NET_RAW",
22 
-			"SETGID",
23 
-			"SETUID",
24 
-			"SETFCAP",
25 
-			"SETPCAP",
26 
-			"NET_BIND_SERVICE",
27 
-			"SYS_CHROOT",
28 
-			"KILL",
29 
-			"AUDIT_WRITE",
30 
-		},
31 
-		Namespaces: configs.Namespaces([]configs.Namespace{
32 
-			{Type: "NEWNS"},
33 
-			{Type: "NEWUTS"},
34 
-			{Type: "NEWIPC"},
35 
-			{Type: "NEWPID"},
36 
-			{Type: "NEWNET"},
37 
-			{Type: "NEWUSER"},
38 
-		}),
39 
-		Cgroups: &configs.Cgroup{
40 
-			Parent:           "docker",
41 
-			AllowAllDevices:  false,
42 
-			MemorySwappiness: -1,
43 
-		},
44 
-		Mounts: []*configs.Mount{
45 
-			{
46 
-				Source:      "proc",
47 
-				Destination: "/proc",
48 
-				Device:      "proc",
49 
-				Flags:       defaultMountFlags,
50 
-			},
51 
-			{
52 
-				Source:      "tmpfs",
53 
-				Destination: "/dev",
54 
-				Device:      "tmpfs",
55 
-				Flags:       syscall.MS_NOSUID | syscall.MS_STRICTATIME,
56 
-				Data:        "mode=755",
57 
-			},
58 
-			{
59 
-				Source:      "devpts",
60 
-				Destination: "/dev/pts",
61 
-				Device:      "devpts",
62 
-				Flags:       syscall.MS_NOSUID | syscall.MS_NOEXEC,
63 
-				Data:        "newinstance,ptmxmode=0666,mode=0620,gid=5",
64 
-			},
65 
-			{
66 
-				Source:      "sysfs",
67 
-				Destination: "/sys",
68 
-				Device:      "sysfs",
69 
-				Flags:       defaultMountFlags | syscall.MS_RDONLY,
70 
-			},
71 
-			{
72 
-				Source:      "cgroup",
73 
-				Destination: "/sys/fs/cgroup",
74 
-				Device:      "cgroup",
75 
-				Flags:       defaultMountFlags | syscall.MS_RDONLY,
76 
-			},
77 
-		},
78 
-		MaskPaths: []string{
79 
-			"/proc/kcore",
80 
-			"/proc/latency_stats",
81 
-			"/proc/timer_stats",
82 
-		},
83 
-		ReadonlyPaths: []string{
84 
-			"/proc/asound",
85 
-			"/proc/bus",
86 
-			"/proc/fs",
87 
-			"/proc/irq",
88 
-			"/proc/sys",
89 
-			"/proc/sysrq-trigger",
90 
-		},
91 
-	}
92 
-
93 
-	if apparmor.IsEnabled() {
94 
-		container.AppArmorProfile = "docker-default"
95 
-	}
96 
-
97 
-	return container
98 
-}
daemon/execdriver/native/template/default_template_linux.go
History View file @ be2f53e
99 1 
new file mode 100644
... ... 
@@ -0,0 +1,98 @@
0 
+package template
1 
+
2 
+import (
3 
+	"syscall"
4 
+
5 
+	"github.com/opencontainers/runc/libcontainer/apparmor"
6 
+	"github.com/opencontainers/runc/libcontainer/configs"
7 
+)
8 
+
9 
+const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
10 
+
11 
+// New returns the docker default configuration for libcontainer
12 
+func New() *configs.Config {
13 
+	container := &configs.Config{
14 
+		Capabilities: []string{
15 
+			"CHOWN",
16 
+			"DAC_OVERRIDE",
17 
+			"FSETID",
18 
+			"FOWNER",
19 
+			"MKNOD",
20 
+			"NET_RAW",
21 
+			"SETGID",
22 
+			"SETUID",
23 
+			"SETFCAP",
24 
+			"SETPCAP",
25 
+			"NET_BIND_SERVICE",
26 
+			"SYS_CHROOT",
27 
+			"KILL",
28 
+			"AUDIT_WRITE",
29 
+		},
30 
+		Namespaces: configs.Namespaces([]configs.Namespace{
31 
+			{Type: "NEWNS"},
32 
+			{Type: "NEWUTS"},
33 
+			{Type: "NEWIPC"},
34 
+			{Type: "NEWPID"},
35 
+			{Type: "NEWNET"},
36 
+			{Type: "NEWUSER"},
37 
+		}),
38 
+		Cgroups: &configs.Cgroup{
39 
+			Parent:           "docker",
40 
+			AllowAllDevices:  false,
41 
+			MemorySwappiness: -1,
42 
+		},
43 
+		Mounts: []*configs.Mount{
44 
+			{
45 
+				Source:      "proc",
46 
+				Destination: "/proc",
47 
+				Device:      "proc",
48 
+				Flags:       defaultMountFlags,
49 
+			},
50 
+			{
51 
+				Source:      "tmpfs",
52 
+				Destination: "/dev",
53 
+				Device:      "tmpfs",
54 
+				Flags:       syscall.MS_NOSUID | syscall.MS_STRICTATIME,
55 
+				Data:        "mode=755",
56 
+			},
57 
+			{
58 
+				Source:      "devpts",
59 
+				Destination: "/dev/pts",
60 
+				Device:      "devpts",
61 
+				Flags:       syscall.MS_NOSUID | syscall.MS_NOEXEC,
62 
+				Data:        "newinstance,ptmxmode=0666,mode=0620,gid=5",
63 
+			},
64 
+			{
65 
+				Source:      "sysfs",
66 
+				Destination: "/sys",
67 
+				Device:      "sysfs",
68 
+				Flags:       defaultMountFlags | syscall.MS_RDONLY,
69 
+			},
70 
+			{
71 
+				Source:      "cgroup",
72 
+				Destination: "/sys/fs/cgroup",
73 
+				Device:      "cgroup",
74 
+				Flags:       defaultMountFlags | syscall.MS_RDONLY,
75 
+			},
76 
+		},
77 
+		MaskPaths: []string{
78 
+			"/proc/kcore",
79 
+			"/proc/latency_stats",
80 
+			"/proc/timer_stats",
81 
+		},
82 
+		ReadonlyPaths: []string{
83 
+			"/proc/asound",
84 
+			"/proc/bus",
85 
+			"/proc/fs",
86 
+			"/proc/irq",
87 
+			"/proc/sys",
88 
+			"/proc/sysrq-trigger",
89 
+		},
90 
+	}
91 
+
92 
+	if apparmor.IsEnabled() {
93 
+		container.AppArmorProfile = "docker-default"
94 
+	}
95 
+
96 
+	return container
97 
+}
daemon/execdriver/native/template/default_template_unsupported.go
History View file @ be2f53e
0 98 
new file mode 100644
... ... 
@@ -0,0 +1,3 @@
0 
+// +build !linux
1 
+
2 
+package template