@@ -657,16 +657,16 @@ func postContainersCreate(srv *Server, version float64, w http.ResponseWriter, r

 	for scanner.Scan() {

 		out.Warnings = append(out.Warnings, scanner.Text())

 	}

-	if job.GetenvInt("Memory") > 0 && !srv.runtime.capabilities.MemoryLimit {

+	if job.GetenvInt("Memory") > 0 && !srv.runtime.sysInfo.MemoryLimit {

 		log.Println("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.")

 		out.Warnings = append(out.Warnings, "Your kernel does not support memory limit capabilities. Limitation discarded.")

 	}

-	if job.GetenvInt("Memory") > 0 && !srv.runtime.capabilities.SwapLimit {

+	if job.GetenvInt("Memory") > 0 && !srv.runtime.sysInfo.SwapLimit {

 		log.Println("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.")

 		out.Warnings = append(out.Warnings, "Your kernel does not support memory swap capabilities. Limitation discarded.")

 	}

-	if !job.GetenvBool("NetworkDisabled") && srv.runtime.capabilities.IPv4ForwardingDisabled {

+	if !job.GetenvBool("NetworkDisabled") && srv.runtime.sysInfo.IPv4ForwardingDisabled {

 		log.Println("Warning: IPv4 forwarding is disabled.")

 		out.Warnings = append(out.Warnings, "IPv4 forwarding is disabled.")

 	}

@@ -12,8 +12,13 @@ import (

 	"strings"

 )

-// https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt

+type Values struct {

+	Memory     int64 `json:"memory"`

+	MemorySwap int64 `json:"memory_swap"`

+	CpuShares  int64 `json:"cpu_shares"`

+}

+// https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt

 func FindCgroupMountpoint(subsystem string) (string, error) {

 	mounts, err := mount.GetMounts()

 	if err != nil {

@@ -12,6 +12,7 @@ import (

 	"github.com/dotcloud/docker/auth"

 	"github.com/dotcloud/docker/engine"

 	flag "github.com/dotcloud/docker/pkg/mflag"

+	"github.com/dotcloud/docker/pkg/sysinfo"

 	"github.com/dotcloud/docker/pkg/term"

 	"github.com/dotcloud/docker/registry"

 	"github.com/dotcloud/docker/utils"

@@ -470,7 +471,7 @@ func (cli *DockerCli) CmdInfo(args ...string) error {

 		fmt.Fprintf(cli.out, "Debug mode (client): %v\n", os.Getenv("DEBUG") != "")

 		fmt.Fprintf(cli.out, "Fds: %d\n", remoteInfo.GetInt("NFd"))

 		fmt.Fprintf(cli.out, "Goroutines: %d\n", remoteInfo.GetInt("NGoroutines"))

-		fmt.Fprintf(cli.out, "LXC Version: %s\n", remoteInfo.Get("LXCVersion"))

+		fmt.Fprintf(cli.out, "Execution Driver: %s\n", remoteInfo.Get("ExecutionDriver"))

 		fmt.Fprintf(cli.out, "EventsListeners: %d\n", remoteInfo.GetInt("NEventsListener"))

 		fmt.Fprintf(cli.out, "Kernel Version: %s\n", remoteInfo.Get("KernelVersion"))

@@ -1745,14 +1746,14 @@ func (cli *DockerCli) CmdTag(args ...string) error {

 }

 //FIXME Only used in tests

-func ParseRun(args []string, capabilities *Capabilities) (*Config, *HostConfig, *flag.FlagSet, error) {

+func ParseRun(args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) {

 	cmd := flag.NewFlagSet("run", flag.ContinueOnError)

 	cmd.SetOutput(ioutil.Discard)

 	cmd.Usage = nil

-	return parseRun(cmd, args, capabilities)

+	return parseRun(cmd, args, sysInfo)

 }

-func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Config, *HostConfig, *flag.FlagSet, error) {

+func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) {

 	var (

 		// FIXME: use utils.ListOpts for attach and volumes?

 		flAttach  = NewListOpts(ValidateAttach)

@@ -1802,7 +1803,7 @@ func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Co

 	}

 	// Check if the kernel supports memory limit cgroup.

-	if capabilities != nil && *flMemoryString != "" && !capabilities.MemoryLimit {

+	if sysInfo != nil && *flMemoryString != "" && !sysInfo.MemoryLimit {

 		*flMemoryString = ""

 	}

@@ -1934,7 +1935,7 @@ func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Co

 		PublishAllPorts: *flPublishAll,

 	}

-	if capabilities != nil && flMemory > 0 && !capabilities.SwapLimit {

+	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {

 		//fmt.Fprintf(stdout, "WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")

 		config.MemorySwap = -1

 	}

@@ -1,11 +1,12 @@

 package docker

 import (

-	"bytes"

 	"encoding/json"

 	"errors"

 	"fmt"

 	"github.com/dotcloud/docker/archive"

+	"github.com/dotcloud/docker/cgroups"

+	"github.com/dotcloud/docker/execdriver"

 	"github.com/dotcloud/docker/graphdriver"

 	"github.com/dotcloud/docker/mount"

 	"github.com/dotcloud/docker/pkg/term"

@@ -16,9 +17,7 @@ import (

 	"log"

 	"net"

 	"os"

-	"os/exec"

 	"path"

-	"strconv"

 	"strings"

 	"sync"

 	"syscall"

@@ -55,7 +54,7 @@ type Container struct {

 	Name           string

 	Driver         string

-	cmd       *exec.Cmd

+	process   *execdriver.Process

 	stdout    *utils.WriteBroadcaster

 	stderr    *utils.WriteBroadcaster

 	stdin     io.ReadCloser

@@ -235,10 +234,6 @@ func (container *Container) Inject(file io.Reader, pth string) error {

 	return nil

 }

-func (container *Container) Cmd() *exec.Cmd {

-	return container.cmd

-}

-

 func (container *Container) When() time.Time {

 	return container.Created

 }

@@ -305,23 +300,14 @@ func (container *Container) generateEnvConfig(env []string) error {

 	return nil

 }

-func (container *Container) generateLXCConfig() error {

-	fo, err := os.Create(container.lxcConfigPath())

-	if err != nil {

-		return err

-	}

-	defer fo.Close()

-	return LxcTemplateCompiled.Execute(fo, container)

-}

-

-func (container *Container) startPty() error {

+func (container *Container) setupPty() error {

 	ptyMaster, ptySlave, err := pty.Open()

 	if err != nil {

 		return err

 	}

 	container.ptyMaster = ptyMaster

-	container.cmd.Stdout = ptySlave

-	container.cmd.Stderr = ptySlave

+	container.process.Stdout = ptySlave

+	container.process.Stderr = ptySlave

 	// Copy the PTYs to our broadcasters

 	go func() {

@@ -333,8 +319,8 @@ func (container *Container) startPty() error {

 	// stdin

 	if container.Config.OpenStdin {

-		container.cmd.Stdin = ptySlave

-		container.cmd.SysProcAttr.Setctty = true

+		container.process.Stdin = ptySlave

+		container.process.SysProcAttr.Setctty = true

 		go func() {

 			defer container.stdin.Close()

 			utils.Debugf("startPty: begin of stdin pipe")

@@ -342,18 +328,14 @@ func (container *Container) startPty() error {

 			utils.Debugf("startPty: end of stdin pipe")

 		}()

 	}

-	if err := container.cmd.Start(); err != nil {

-		return err

-	}

-	ptySlave.Close()

 	return nil

 }

-func (container *Container) start() error {

-	container.cmd.Stdout = container.stdout

-	container.cmd.Stderr = container.stderr

+func (container *Container) setupStd() error {

+	container.process.Stdout = container.stdout

+	container.process.Stderr = container.stderr

 	if container.Config.OpenStdin {

-		stdin, err := container.cmd.StdinPipe()

+		stdin, err := container.process.StdinPipe()

 		if err != nil {

 			return err

 		}

@@ -364,7 +346,7 @@ func (container *Container) start() error {

 			utils.Debugf("start: end of stdin pipe")

 		}()

 	}

-	return container.cmd.Start()

+	return nil

 }

 func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error {

@@ -384,12 +366,14 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s

 				if container.Config.StdinOnce && !container.Config.Tty {

 					defer cStdin.Close()

 				} else {

-					if cStdout != nil {

-						defer cStdout.Close()

-					}

-					if cStderr != nil {

-						defer cStderr.Close()

-					}

+					defer func() {

+						if cStdout != nil {

+							cStdout.Close()

+						}

+						if cStderr != nil {

+							cStderr.Close()

+						}

+					}()

 				}

 				if container.Config.Tty {

 					_, err = utils.CopyEscapable(cStdin, stdin)

@@ -485,12 +469,15 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s

 	}

 	return utils.Go(func() error {

-		if cStdout != nil {

-			defer cStdout.Close()

-		}

-		if cStderr != nil {

-			defer cStderr.Close()

-		}

+		defer func() {

+			if cStdout != nil {

+				cStdout.Close()

+			}

+			if cStderr != nil {

+				cStderr.Close()

+			}

+		}()

+

 		// FIXME: how to clean up the stdin goroutine without the unwanted side effect

 		// of closing the passed stdin? Add an intermediary io.Pipe?

 		for i := 0; i < nJobs; i += 1 {

@@ -532,16 +519,16 @@ func (container *Container) Start() (err error) {

 	}

 	// Make sure the config is compatible with the current kernel

-	if container.Config.Memory > 0 && !container.runtime.capabilities.MemoryLimit {

+	if container.Config.Memory > 0 && !container.runtime.sysInfo.MemoryLimit {

 		log.Printf("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")

 		container.Config.Memory = 0

 	}

-	if container.Config.Memory > 0 && !container.runtime.capabilities.SwapLimit {

+	if container.Config.Memory > 0 && !container.runtime.sysInfo.SwapLimit {

 		log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")

 		container.Config.MemorySwap = -1

 	}

-	if container.runtime.capabilities.IPv4ForwardingDisabled {

+	if container.runtime.sysInfo.IPv4ForwardingDisabled {

 		log.Printf("WARNING: IPv4 forwarding is disabled. Networking will not work")

 	}

@@ -559,38 +546,6 @@ func (container *Container) Start() (err error) {

 		return err

 	}

-	if err := container.generateLXCConfig(); err != nil {

-		return err

-	}

-

-	var lxcStart string = "lxc-start"

-	if container.hostConfig.Privileged && container.runtime.capabilities.AppArmor {

-		lxcStart = path.Join(container.runtime.config.Root, "lxc-start-unconfined")

-	}

-

-	params := []string{

-		lxcStart,

-		"-n", container.ID,

-		"-f", container.lxcConfigPath(),

-		"--",

-		"/.dockerinit",

-	}

-

-	// Networking

-	if !container.Config.NetworkDisabled {

-		network := container.NetworkSettings

-		params = append(params,

-			"-g", network.Gateway,

-			"-i", fmt.Sprintf("%s/%d", network.IPAddress, network.IPPrefixLen),

-			"-mtu", strconv.Itoa(container.runtime.config.Mtu),

-		)

-	}

-

-	// User

-	if container.Config.User != "" {

-		params = append(params, "-u", container.Config.User)

-	}

-

 	// Setup environment

 	env := []string{

 		"HOME=/",

@@ -602,10 +557,6 @@ func (container *Container) Start() (err error) {

 		env = append(env, "TERM=xterm")

 	}

-	if container.hostConfig.Privileged {

-		params = append(params, "-privileged")

-	}

-

 	// Init any links between the parent and children

 	runtime := container.runtime

@@ -653,37 +604,12 @@ func (container *Container) Start() (err error) {

 		return err

 	}

+	var workingDir string

 	if container.Config.WorkingDir != "" {

-		workingDir := path.Clean(container.Config.WorkingDir)

-		utils.Debugf("[working dir] working dir is %s", workingDir)

-

+		workingDir = path.Clean(container.Config.WorkingDir)

 		if err := os.MkdirAll(path.Join(container.RootfsPath(), workingDir), 0755); err != nil {

 			return nil

 		}

-

-		params = append(params,

-			"-w", workingDir,

-		)

-	}

-

-	// Program

-	params = append(params, "--", container.Path)

-	params = append(params, container.Args...)

-

-	if RootIsShared() {

-		// lxc-start really needs / to be non-shared, or all kinds of stuff break

-		// when lxc-start unmount things and those unmounts propagate to the main

-		// mount namespace.

-		// What we really want is to clone into a new namespace and then

-		// mount / MS_REC|MS_SLAVE, but since we can't really clone or fork

-		// without exec in go we have to do this horrible shell hack...

-		shellString :=

-			"mount --make-rslave /; exec " +

-				utils.ShellQuoteArguments(params)

-

-		params = []string{

-			"unshare", "-m", "--", "/bin/sh", "-c", shellString,

-		}

 	}

 	root := container.RootfsPath()

@@ -713,7 +639,6 @@ func (container *Container) Start() (err error) {

 	}

 	// Mount user specified volumes

-

 	for r, v := range container.Volumes {

 		mountAs := "ro"

 		if container.VolumesRW[r] {

@@ -725,7 +650,48 @@ func (container *Container) Start() (err error) {

 		}

 	}

-	container.cmd = exec.Command(params[0], params[1:]...)

+	var (

+		en           *execdriver.Network

+		driverConfig []string

+	)

+

+	if !container.Config.NetworkDisabled {

+		network := container.NetworkSettings

+		en = &execdriver.Network{

+			Gateway:     network.Gateway,

+			Bridge:      network.Bridge,

+			IPAddress:   network.IPAddress,

+			IPPrefixLen: network.IPPrefixLen,

+			Mtu:         container.runtime.config.Mtu,

+		}

+	}

+

+	if lxcConf := container.hostConfig.LxcConf; lxcConf != nil {

+		for _, pair := range lxcConf {

+			driverConfig = append(driverConfig, fmt.Sprintf("%s = %s", pair.Key, pair.Value))

+		}

+	}

+	cgroupValues := &cgroups.Values{

+		Memory:     container.Config.Memory,

+		MemorySwap: container.Config.MemorySwap,

+		CpuShares:  container.Config.CpuShares,

+	}

+

+	container.process = &execdriver.Process{

+		ID:         container.ID,

+		Privileged: container.hostConfig.Privileged,

+		Rootfs:     root,

+		InitPath:   "/.dockerinit",

+		Entrypoint: container.Path,

+		Arguments:  container.Args,

+		WorkingDir: workingDir,

+		Network:    en,

+		Tty:        container.Config.Tty,

+		User:       container.Config.User,

+		Config:     driverConfig,

+		Cgroups:    cgroupValues,

+	}

+	container.process.SysProcAttr = &syscall.SysProcAttr{Setsid: true}

 	// Setup logging of stdout and stderr to disk

 	if err := container.runtime.LogToDisk(container.stdout, container.logPath("json"), "stdout"); err != nil {

@@ -734,59 +700,47 @@ func (container *Container) Start() (err error) {

 	if err := container.runtime.LogToDisk(container.stderr, container.logPath("json"), "stderr"); err != nil {

 		return err

 	}

+	container.waitLock = make(chan struct{})

-	container.cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}

-

+	// Setuping pipes and/or Pty

+	var setup func() error

 	if container.Config.Tty {

-		err = container.startPty()

+		setup = container.setupPty

 	} else {

-		err = container.start()

+		setup = container.setupStd

 	}

-	if err != nil {

+	if err := setup(); err != nil {

 		return err

 	}

-	// FIXME: save state on disk *first*, then converge

-	// this way disk state is used as a journal, eg. we can restore after crash etc.

-	container.State.SetRunning(container.cmd.Process.Pid)

-

-	// Init the lock

-	container.waitLock = make(chan struct{})

-	container.ToDisk()

-	go container.monitor()

-

-	defer utils.Debugf("Container running: %v", container.State.IsRunning())

-	// We wait for the container to be fully running.

-	// Timeout after 5 seconds. In case of broken pipe, just retry.

-	// Note: The container can run and finish correctly before

-	//       the end of this loop

-	for now := time.Now(); time.Since(now) < 5*time.Second; {

-		// If the container dies while waiting for it, just return

-		if !container.State.IsRunning() {

-			return nil

-		}

-		output, err := exec.Command("lxc-info", "-s", "-n", container.ID).CombinedOutput()

-		if err != nil {

-			utils.Debugf("Error with lxc-info: %s (%s)", err, output)

-

-			output, err = exec.Command("lxc-info", "-s", "-n", container.ID).CombinedOutput()

-			if err != nil {

-				utils.Debugf("Second Error with lxc-info: %s (%s)", err, output)

-				return err

+	callbackLock := make(chan struct{})

+	callback := func(process *execdriver.Process) {

+		container.State.SetRunning(process.Pid())

+		if process.Tty {

+			// The callback is called after the process Start()

+			// so we are in the parent process. In TTY mode, stdin/out/err is the PtySlace

+			// which we close here.

+			if c, ok := process.Stdout.(io.Closer); ok {

+				c.Close()

 			}

-

 		}

-		if strings.Contains(string(output), "RUNNING") {

-			return nil

+		if err := container.ToDisk(); err != nil {

+			utils.Debugf("%s", err)

 		}

-		utils.Debugf("Waiting for the container to start (running: %v): %s", container.State.IsRunning(), bytes.TrimSpace(output))

-		time.Sleep(50 * time.Millisecond)

+		close(callbackLock)

 	}

-	if container.State.IsRunning() {

-		return ErrContainerStartTimeout

+	// We use a callback here instead of a goroutine and an chan for

+	// syncronization purposes

+	cErr := utils.Go(func() error { return container.monitor(callback) })

+

+	// Start should not return until the process is actually running

+	select {

+	case <-callbackLock:

+	case err := <-cErr:

+		return err

 	}

-	return ErrContainerStart

+	return nil

 }

 func (container *Container) getBindMap() (map[string]BindMap, error) {

@@ -1159,47 +1113,23 @@ func (container *Container) releaseNetwork() {

 	container.NetworkSettings = &NetworkSettings{}

 }

-// FIXME: replace this with a control socket within dockerinit

-func (container *Container) waitLxc() error {

-	for {

-		output, err := exec.Command("lxc-info", "-n", container.ID).CombinedOutput()

-		if err != nil {

-			return err

-		}

-		if !strings.Contains(string(output), "RUNNING") {

-			return nil

-		}

-		time.Sleep(500 * time.Millisecond)

-	}

-}

-

-func (container *Container) monitor() {

-	// Wait for the program to exit

+func (container *Container) monitor(callback execdriver.StartCallback) error {

+	var (

+		err      error

+		exitCode int

+	)

-	// If the command does not exist, try to wait via lxc

-	// (This probably happens only for ghost containers, i.e. containers that were running when Docker started)

-	if container.cmd == nil {

-		utils.Debugf("monitor: waiting for container %s using waitLxc", container.ID)

-		if err := container.waitLxc(); err != nil {

-			utils.Errorf("monitor: while waiting for container %s, waitLxc had a problem: %s", container.ID, err)

-		}

+	if container.process == nil {

+		// This happends when you have a GHOST container with lxc

+		err = container.runtime.WaitGhost(container)

 	} else {

-		utils.Debugf("monitor: waiting for container %s using cmd.Wait", container.ID)

-		if err := container.cmd.Wait(); err != nil {

-			// Since non-zero exit status and signal terminations will cause err to be non-nil,

-			// we have to actually discard it. Still, log it anyway, just in case.

-			utils.Debugf("monitor: cmd.Wait reported exit status %s for container %s", err, container.ID)

-		}

-	}

-	utils.Debugf("monitor: container %s finished", container.ID)

-

-	exitCode := -1

-	if container.cmd != nil {

-		exitCode = container.cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()

+		exitCode, err = container.runtime.Run(container, callback)

 	}

-	if container.runtime != nil && container.runtime.srv != nil {

-		container.runtime.srv.LogEvent("die", container.ID, container.runtime.repositories.ImageName(container.Image))

+	if err != nil {

+		if container.runtime != nil && container.runtime.srv != nil {

+			container.runtime.srv.LogEvent("die", container.ID, container.runtime.repositories.ImageName(container.Image))

+		}

 	}

 	// Cleanup

@@ -1210,21 +1140,20 @@ func (container *Container) monitor() {

 		container.stdin, container.stdinPipe = io.Pipe()

 	}

-	// Report status back

 	container.State.SetStopped(exitCode)

-	// Release the lock

 	close(container.waitLock)

-	if err := container.ToDisk(); err != nil {

-		// FIXME: there is a race condition here which causes this to fail during the unit tests.

-		// If another goroutine was waiting for Wait() to return before removing the container's root

-		// from the filesystem... At this point it may already have done so.

-		// This is because State.setStopped() has already been called, and has caused Wait()

-		// to return.

-		// FIXME: why are we serializing running state to disk in the first place?

-		//log.Printf("%s: Failed to dump configuration to the disk: %s", container.ID, err)

-	}

+	// FIXME: there is a race condition here which causes this to fail during the unit tests.

+	// If another goroutine was waiting for Wait() to return before removing the container's root

+	// from the filesystem... At this point it may already have done so.

+	// This is because State.setStopped() has already been called, and has caused Wait()

+	// to return.

+	// FIXME: why are we serializing running state to disk in the first place?

+	//log.Printf("%s: Failed to dump configuration to the disk: %s", container.ID, err)

+	container.ToDisk()

+

+	return err

 }

 func (container *Container) cleanup() {

@@ -1267,13 +1196,7 @@ func (container *Container) kill(sig int) error {

 	if !container.State.IsRunning() {

 		return nil

 	}

-

-	if output, err := exec.Command("lxc-kill", "-n", container.ID, strconv.Itoa(sig)).CombinedOutput(); err != nil {

-		log.Printf("error killing container %s (%s, %s)", utils.TruncateID(container.ID), output, err)

-		return err

-	}

-

-	return nil

+	return container.runtime.Kill(container, sig)

 }

 func (container *Container) Kill() error {

@@ -1288,11 +1211,11 @@ func (container *Container) Kill() error {

 	// 2. Wait for the process to die, in last resort, try to kill the process directly

 	if err := container.WaitTimeout(10 * time.Second); err != nil {

-		if container.cmd == nil {

+		if container.process == nil {

 			return fmt.Errorf("lxc-kill failed, impossible to kill the container %s", utils.TruncateID(container.ID))

 		}

 		log.Printf("Container %s failed to exit within 10 seconds of lxc-kill %s - trying direct SIGKILL", "SIGKILL", utils.TruncateID(container.ID))

-		if err := container.cmd.Process.Kill(); err != nil {

+		if err := container.runtime.Kill(container, 9); err != nil {

 			return err

 		}

 	}

@@ -1463,10 +1386,6 @@ func (container *Container) EnvConfigPath() (string, error) {

 	return p, nil

 }

-func (container *Container) lxcConfigPath() string {

-	return path.Join(container.root, "config.lxc")

-}

-

 // This method must be exported to be used from the lxc template

 func (container *Container) RootfsPath() string {

 	return container.rootfs

new file mode 100644

@@ -0,0 +1,2 @@

+Michael Crosby <michael@crosbymichael.com> (@crosbymichael)

+Guillaume Charmes <guillaume@dotcloud.com> (@creack)

new file mode 100644

@@ -0,0 +1,87 @@

+package chroot

+

+import (

+	"fmt"

+	"github.com/dotcloud/docker/execdriver"

+	"github.com/dotcloud/docker/mount"

+	"os"

+	"os/exec"

+)

+

+const (

+	DriverName = "chroot"

+	Version    = "0.1"

+)

+

+func init() {

+	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {

+		if err := mount.ForceMount("proc", "proc", "proc", ""); err != nil {

+			return err

+		}

+		defer mount.ForceUnmount("proc")

+		cmd := exec.Command(args.Args[0], args.Args[1:]...)

+

+		cmd.Stderr = os.Stderr

+		cmd.Stdout = os.Stdout

+		cmd.Stdin = os.Stdin

+

+		return cmd.Run()

+	})

+}

+

+type driver struct {

+}

+

+func NewDriver() (*driver, error) {

+	return &driver{}, nil

+}

+

+func (d *driver) Run(c *execdriver.Process, startCallback execdriver.StartCallback) (int, error) {

+	params := []string{

+		"chroot",

+		c.Rootfs,

+		"/.dockerinit",

+		"-driver",

+		DriverName,

+	}

+	params = append(params, c.Entrypoint)

+	params = append(params, c.Arguments...)

+

+	var (

+		name = params[0]

+		arg  = params[1:]

+	)

+	aname, err := exec.LookPath(name)

+	if err != nil {

+		aname = name

+	}

+	c.Path = aname

+	c.Args = append([]string{name}, arg...)

+

+	if err := c.Start(); err != nil {

+		return -1, err

+	}

+

+	if startCallback != nil {

+		startCallback(c)

+	}

+

+	err = c.Wait()

+	return c.GetExitCode(), err

+}

+

+func (d *driver) Kill(p *execdriver.Process, sig int) error {

+	return p.Process.Kill()

+}

+

+func (d *driver) Wait(id string) error {

+	panic("Not Implemented")

+}

+

+func (d *driver) Info(id string) execdriver.Info {

+	panic("Not implemented")

+}

+

+func (d *driver) Name() string {

+	return fmt.Sprintf("%s-%s", DriverName, Version)

+}

new file mode 100644

@@ -0,0 +1,115 @@

+package execdriver

+

+import (

+	"errors"

+	"github.com/dotcloud/docker/cgroups"

+	"os/exec"

+	"syscall"

+)

+

+var (

+	ErrNotRunning              = errors.New("Process could not be started")

+	ErrWaitTimeoutReached      = errors.New("Wait timeout reached")

+	ErrDriverAlreadyRegistered = errors.New("A driver already registered this docker init function")

+	ErrDriverNotFound          = errors.New("The requested docker init has not been found")

+)

+

+var dockerInitFcts map[string]InitFunc

+

+type (

+	StartCallback func(*Process)

+	InitFunc      func(i *InitArgs) error

+)

+

+func RegisterInitFunc(name string, fct InitFunc) error {

+	if dockerInitFcts == nil {

+		dockerInitFcts = make(map[string]InitFunc)

+	}

+	if _, ok := dockerInitFcts[name]; ok {

+		return ErrDriverAlreadyRegistered

+	}

+	dockerInitFcts[name] = fct

+	return nil

+}

+

+func GetInitFunc(name string) (InitFunc, error) {

+	fct, ok := dockerInitFcts[name]

+	if !ok {

+		return nil, ErrDriverNotFound

+	}

+	return fct, nil

+}

+

+// Args provided to the init function for a driver

+type InitArgs struct {

+	User       string

+	Gateway    string

+	Ip         string

+	WorkDir    string

+	Privileged bool

+	Env        []string

+	Args       []string

+	Mtu        int

+	Driver     string

+}

+

+// Driver specific information based on

+// processes registered with the driver

+type Info interface {

+	IsRunning() bool

+}

+

+type Driver interface {

+	Run(c *Process, startCallback StartCallback) (int, error) // Run executes the process and blocks until the process exits and returns the exit code

+	Kill(c *Process, sig int) error

+	Wait(id string) error // Wait on an out of process...process - lxc ghosts TODO: Rename to reattach, reconnect

+	Name() string         // Driver name

+	Info(id string) Info  // "temporary" hack (until we move state from core to plugins)

+}

+

+// Network settings of the container

+type Network struct {

+	Gateway     string `json:"gateway"`

+	IPAddress   string `json:"ip"`

+	Bridge      string `json:"bridge"`

+	IPPrefixLen int    `json:"ip_prefix_len"`

+	Mtu         int    `json:"mtu"`

+}

+

+// Process wrapps an os/exec.Cmd to add more metadata

+// TODO: Rename to Command

+type Process struct {

+	exec.Cmd

+

+	ID         string          `json:"id"`

+	Privileged bool            `json:"privileged"`

+	User       string          `json:"user"`

+	Rootfs     string          `json:"rootfs"`   // root fs of the container

+	InitPath   string          `json:"initpath"` // dockerinit

+	Entrypoint string          `json:"entrypoint"`

+	Arguments  []string        `json:"arguments"`

+	WorkingDir string          `json:"working_dir"`

+	ConfigPath string          `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver

+	Tty        bool            `json:"tty"`

+	Network    *Network        `json:"network"` // if network is nil then networking is disabled

+	Config     []string        `json:"config"`  //  generic values that specific drivers can consume

+	Cgroups    *cgroups.Values `json:"cgroups"`

+}

+

+// Return the pid of the process

+// If the process is nil -1 will be returned

+func (c *Process) Pid() int {

+	if c.Process == nil {

+		return -1

+	}

+	return c.Process.Pid

+}

+

+// Return the exit code of the process

+// if the process has not exited -1 will be returned

+func (c *Process) GetExitCode() int {

+	if c.ProcessState == nil {

+		return -1

+	}

+	return c.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()

+}

new file mode 100644

@@ -0,0 +1,323 @@

+package lxc

+

+import (

+	"fmt"

+	"github.com/dotcloud/docker/execdriver"

+	"github.com/dotcloud/docker/utils"

+	"io/ioutil"

+	"log"

+	"os"

+	"os/exec"

+	"path"

+	"strconv"

+	"strings"

+	"syscall"

+	"time"

+)

+

+const DriverName = "lxc"

+

+func init() {

+	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {

+		if err := setupHostname(args); err != nil {

+			return err

+		}

+

+		if err := setupNetworking(args); err != nil {

+			return err

+		}

+

+		if err := setupCapabilities(args); err != nil {