Browse code
Update libcontainer Context changes Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Michael Crosby authored on 2014/06/27 04:23:53Showing 4 changed files
- daemon/execdriver/native/configuration/parse.go
- daemon/execdriver/native/configuration/parse_test.go
- daemon/execdriver/native/create.go
- daemon/execdriver/native/template/default_template.go
| ... | ... |
@@ -54,7 +54,7 @@ func systemdSlice(container *libcontainer.Config, context interface{}, value str
|
| 54 | 54 |
} |
| 55 | 55 |
|
| 56 | 56 |
func apparmorProfile(container *libcontainer.Config, context interface{}, value string) error {
|
| 57 |
- container.Context["apparmor_profile"] = value |
|
| 57 |
+ container.AppArmorProfile = value |
|
| 58 | 58 |
return nil |
| 59 | 59 |
} |
| 60 | 60 |
|
| ... | ... |
@@ -84,8 +84,9 @@ func TestAppArmorProfile(t *testing.T) {
|
| 84 | 84 |
if err := ParseConfiguration(container, nil, opts); err != nil {
|
| 85 | 85 |
t.Fatal(err) |
| 86 | 86 |
} |
| 87 |
- if expected := "koye-the-protector"; container.Context["apparmor_profile"] != expected {
|
|
| 88 |
- t.Fatalf("expected profile %s got %s", expected, container.Context["apparmor_profile"])
|
|
| 87 |
+ |
|
| 88 |
+ if expected := "koye-the-protector"; container.AppArmorProfile != expected {
|
|
| 89 |
+ t.Fatalf("expected profile %s got %s", expected, container.AppArmorProfile)
|
|
| 89 | 90 |
} |
| 90 | 91 |
} |
| 91 | 92 |
|
| ... | ... |
@@ -32,7 +32,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e |
| 32 | 32 |
|
| 33 | 33 |
// check to see if we are running in ramdisk to disable pivot root |
| 34 | 34 |
container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
|
| 35 |
- container.Context["restrictions"] = "true" |
|
| 35 |
+ container.RestrictSys = true |
|
| 36 | 36 |
|
| 37 | 37 |
if err := d.createNetwork(container, c); err != nil {
|
| 38 | 38 |
return nil, err |
| ... | ... |
@@ -127,10 +127,10 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
|
| 127 | 127 |
} |
| 128 | 128 |
container.MountConfig.DeviceNodes = hostDeviceNodes |
| 129 | 129 |
|
| 130 |
- delete(container.Context, "restrictions") |
|
| 130 |
+ container.RestrictSys = false |
|
| 131 | 131 |
|
| 132 | 132 |
if apparmor.IsEnabled() {
|
| 133 |
- container.Context["apparmor_profile"] = "unconfined" |
|
| 133 |
+ container.AppArmorProfile = "unconfined" |
|
| 134 | 134 |
} |
| 135 | 135 |
|
| 136 | 136 |
return nil |
| ... | ... |
@@ -163,8 +163,8 @@ func (d *driver) setupMounts(container *libcontainer.Config, c *execdriver.Comma |
| 163 | 163 |
} |
| 164 | 164 |
|
| 165 | 165 |
func (d *driver) setupLabels(container *libcontainer.Config, c *execdriver.Command) error {
|
| 166 |
- container.Context["process_label"] = c.Config["process_label"][0] |
|
| 167 |
- container.Context["mount_label"] = c.Config["mount_label"][0] |
|
| 166 |
+ container.ProcessLabel = c.Config["process_label"][0] |
|
| 167 |
+ container.MountConfig.MountLabel = c.Config["mount_label"][0] |
|
| 168 | 168 |
|
| 169 | 169 |
return nil |
| 170 | 170 |
} |
| ... | ... |
@@ -35,11 +35,10 @@ func New() *libcontainer.Config {
|
| 35 | 35 |
AllowAllDevices: false, |
| 36 | 36 |
}, |
| 37 | 37 |
MountConfig: &libcontainer.MountConfig{},
|
| 38 |
- Context: make(map[string]string), |
|
| 39 | 38 |
} |
| 40 | 39 |
|
| 41 | 40 |
if apparmor.IsEnabled() {
|
| 42 |
- container.Context["apparmor_profile"] = "docker-default" |
|
| 41 |
+ container.AppArmorProfile = "docker-default" |
|
| 43 | 42 |
} |
| 44 | 43 |
|
| 45 | 44 |
return container |