From 60ef4ae6fcb015546a646eb3b613344a9c4fc27b Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Thu, 19 Mar 2015 14:42:23 -0400 Subject: [PATCH] Update libcontainer to 4a72e540feb67091156b907c4700e580a99f5a9d Signed-off-by: Mrunal Patel --- .../native/template/default_template.go | 20 +++++++ hack/vendor.sh | 2 +- .../coreos/go-systemd/activation/listeners.go | 2 +- .../docker/libcontainer/container.go | 2 +- .../docker/libcontainer/container_linux.go | 3 +- .../docker/libcontainer/factory_linux.go | 16 ++++++ .../docker/libcontainer/factory_linux_test.go | 56 ++++++++++++++++++- .../libcontainer/integration/template_test.go | 20 +++++++ .../docker/libcontainer/nsinit/config.go | 20 +++++++ .../docker/libcontainer/rootfs_linux.go | 29 +--------- .../docker/libcontainer/user/user_test.go | 4 +- 11 files changed, 139 insertions(+), 35 deletions(-) diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go index cbf4203c92..76e3cea787 100644 --- a/daemon/execdriver/native/template/default_template.go +++ b/daemon/execdriver/native/template/default_template.go @@ -40,6 +40,26 @@ func New() *configs.Config { AllowAllDevices: false, }, Mounts: []*configs.Mount{ + { + Source: "proc", + Destination: "/proc", + Device: "proc", + Flags: defaultMountFlags, + }, + { + Source: "tmpfs", + Destination: "/dev", + Device: "tmpfs", + Flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, + Data: "mode=755", + }, + { + Source: "devpts", + Destination: "/dev/pts", + Device: "devpts", + Flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, + Data: "newinstance,ptmxmode=0666,mode=0620,gid=5", + }, { Device: "tmpfs", Source: "shm", diff --git a/hack/vendor.sh b/hack/vendor.sh index 442776132a..b3ba928a05 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -75,7 +75,7 @@ rm -rf src/github.com/docker/distribution mkdir -p src/github.com/docker/distribution mv tmp-digest src/github.com/docker/distribution/digest -clone git github.com/docker/libcontainer 52a8c004ca94cf98f6866536de828c71eb42d1ec +clone git github.com/docker/libcontainer 4a72e540feb67091156b907c4700e580a99f5a9d # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file) rm -rf src/github.com/docker/libcontainer/vendor eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli' | grep -v 'github.com/Sirupsen/logrus')" diff --git a/vendor/src/github.com/coreos/go-systemd/activation/listeners.go b/vendor/src/github.com/coreos/go-systemd/activation/listeners.go index 48584a9b5e..cdb2cf4bb4 100644 --- a/vendor/src/github.com/coreos/go-systemd/activation/listeners.go +++ b/vendor/src/github.com/coreos/go-systemd/activation/listeners.go @@ -30,7 +30,7 @@ func Listeners(unsetEnv bool) ([]net.Listener, error) { var err error listeners[i], err = net.FileListener(f) if err != nil { - return nil, fmt.Errorf("Error setting up FileListener for fd %d: %v", f.Fd(), err) + return nil, fmt.Errorf("Error setting up FileListener for fd %d: %s", f.Fd(), err.Error()) } } diff --git a/vendor/src/github.com/docker/libcontainer/container.go b/vendor/src/github.com/docker/libcontainer/container.go index cebe8273e9..35bdfd781f 100644 --- a/vendor/src/github.com/docker/libcontainer/container.go +++ b/vendor/src/github.com/docker/libcontainer/container.go @@ -96,7 +96,7 @@ type Container interface { // // errors: // Systemerror - System error. - Set() error + Set(config configs.Config) error // Start a process inside the container. Returns error if process fails to // start. You can track process lifecycle with passed Process structure. diff --git a/vendor/src/github.com/docker/libcontainer/container_linux.go b/vendor/src/github.com/docker/libcontainer/container_linux.go index bf729760e5..c44c8daccc 100644 --- a/vendor/src/github.com/docker/libcontainer/container_linux.go +++ b/vendor/src/github.com/docker/libcontainer/container_linux.go @@ -78,9 +78,10 @@ func (c *linuxContainer) Stats() (*Stats, error) { return stats, nil } -func (c *linuxContainer) Set() error { +func (c *linuxContainer) Set(config configs.Config) error { c.m.Lock() defer c.m.Unlock() + c.config = &config return c.cgroupManager.Set(c.config) } diff --git a/vendor/src/github.com/docker/libcontainer/factory_linux.go b/vendor/src/github.com/docker/libcontainer/factory_linux.go index ecd3dd5c97..a2d3bec780 100644 --- a/vendor/src/github.com/docker/libcontainer/factory_linux.go +++ b/vendor/src/github.com/docker/libcontainer/factory_linux.go @@ -10,7 +10,9 @@ import ( "os/exec" "path/filepath" "regexp" + "syscall" + "github.com/docker/docker/pkg/mount" "github.com/docker/libcontainer/cgroups" "github.com/docker/libcontainer/cgroups/fs" "github.com/docker/libcontainer/cgroups/systemd" @@ -78,6 +80,20 @@ func Cgroupfs(l *LinuxFactory) error { return nil } +// TmpfsRoot is an option func to mount LinuxFactory.Root to tmpfs. +func TmpfsRoot(l *LinuxFactory) error { + mounted, err := mount.Mounted(l.Root) + if err != nil { + return err + } + if !mounted { + if err := syscall.Mount("tmpfs", l.Root, "tmpfs", 0, ""); err != nil { + return err + } + } + return nil +} + // New returns a linux based container factory based in the root directory and // configures the factory with the provided option funcs. func New(root string, options ...func(*LinuxFactory) error) (Factory, error) { diff --git a/vendor/src/github.com/docker/libcontainer/factory_linux_test.go b/vendor/src/github.com/docker/libcontainer/factory_linux_test.go index 968f6a9657..00e3973943 100644 --- a/vendor/src/github.com/docker/libcontainer/factory_linux_test.go +++ b/vendor/src/github.com/docker/libcontainer/factory_linux_test.go @@ -9,6 +9,7 @@ import ( "path/filepath" "testing" + "github.com/docker/docker/pkg/mount" "github.com/docker/libcontainer/configs" ) @@ -17,9 +18,6 @@ func newTestRoot() (string, error) { if err != nil { return "", err } - if err := os.MkdirAll(dir, 0700); err != nil { - return "", err - } return dir, nil } @@ -49,6 +47,58 @@ func TestFactoryNew(t *testing.T) { } } +func TestFactoryNewTmpfs(t *testing.T) { + root, rerr := newTestRoot() + if rerr != nil { + t.Fatal(rerr) + } + defer os.RemoveAll(root) + factory, err := New(root, Cgroupfs, TmpfsRoot) + if err != nil { + t.Fatal(err) + } + if factory == nil { + t.Fatal("factory should not be nil") + } + lfactory, ok := factory.(*LinuxFactory) + if !ok { + t.Fatal("expected linux factory returned on linux based systems") + } + if lfactory.Root != root { + t.Fatalf("expected factory root to be %q but received %q", root, lfactory.Root) + } + + if factory.Type() != "libcontainer" { + t.Fatalf("unexpected factory type: %q, expected %q", factory.Type(), "libcontainer") + } + mounted, err := mount.Mounted(lfactory.Root) + if err != nil { + t.Fatal(err) + } + if !mounted { + t.Fatalf("Factory Root is not mounted") + } + mounts, err := mount.GetMounts() + if err != nil { + t.Fatal(err) + } + var found bool + for _, m := range mounts { + if m.Mountpoint == lfactory.Root { + if m.Fstype != "tmpfs" { + t.Fatalf("Fstype of root: %s, expected %s", m.Fstype, "tmpfs") + } + if m.Source != "tmpfs" { + t.Fatalf("Source of root: %s, expected %s", m.Source, "tmpfs") + } + found = true + } + } + if !found { + t.Fatalf("Factory Root is not listed in mounts list") + } +} + func TestFactoryLoadNotExists(t *testing.T) { root, rerr := newTestRoot() if rerr != nil { diff --git a/vendor/src/github.com/docker/libcontainer/integration/template_test.go b/vendor/src/github.com/docker/libcontainer/integration/template_test.go index 45acaf77c8..cb991b4170 100644 --- a/vendor/src/github.com/docker/libcontainer/integration/template_test.go +++ b/vendor/src/github.com/docker/libcontainer/integration/template_test.go @@ -60,6 +60,26 @@ func newTemplateConfig(rootfs string) *configs.Config { Devices: configs.DefaultAutoCreatedDevices, Hostname: "integration", Mounts: []*configs.Mount{ + { + Source: "proc", + Destination: "/proc", + Device: "proc", + Flags: defaultMountFlags, + }, + { + Source: "tmpfs", + Destination: "/dev", + Device: "tmpfs", + Flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, + Data: "mode=755", + }, + { + Source: "devpts", + Destination: "/dev/pts", + Device: "devpts", + Flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, + Data: "newinstance,ptmxmode=0666,mode=0620,gid=5", + }, { Device: "tmpfs", Source: "shm", diff --git a/vendor/src/github.com/docker/libcontainer/nsinit/config.go b/vendor/src/github.com/docker/libcontainer/nsinit/config.go index 2ef1aee52f..e50bb3c11d 100644 --- a/vendor/src/github.com/docker/libcontainer/nsinit/config.go +++ b/vendor/src/github.com/docker/libcontainer/nsinit/config.go @@ -234,6 +234,26 @@ func getTemplate() *configs.Config { "/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus", }, Mounts: []*configs.Mount{ + { + Source: "proc", + Destination: "/proc", + Device: "proc", + Flags: defaultMountFlags, + }, + { + Source: "tmpfs", + Destination: "/dev", + Device: "tmpfs", + Flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, + Data: "mode=755", + }, + { + Source: "devpts", + Destination: "/dev/pts", + Device: "devpts", + Flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, + Data: "newinstance,ptmxmode=0666,mode=0620,gid=5", + }, { Device: "tmpfs", Source: "shm", diff --git a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go index c0c470defa..6caa07a0c5 100644 --- a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go +++ b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go @@ -17,37 +17,14 @@ import ( const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV -var baseMounts = []*configs.Mount{ - { - Source: "proc", - Destination: "/proc", - Device: "proc", - Flags: defaultMountFlags, - }, - { - Source: "tmpfs", - Destination: "/dev", - Device: "tmpfs", - Flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, - Data: "mode=755", - }, - { - Source: "devpts", - Destination: "/dev/pts", - Device: "devpts", - Flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, - Data: "newinstance,ptmxmode=0666,mode=0620,gid=5", - }, -} - // setupRootfs sets up the devices, mount points, and filesystems for use inside a // new mount namespace. func setupRootfs(config *configs.Config, console *linuxConsole) (err error) { if err := prepareRoot(config); err != nil { return newSystemError(err) } - for _, m := range append(baseMounts, config.Mounts...) { - if err := mount(m, config.Rootfs, config.MountLabel); err != nil { + for _, m := range config.Mounts { + if err := mountToRootfs(m, config.Rootfs, config.MountLabel); err != nil { return newSystemError(err) } } @@ -85,7 +62,7 @@ func setupRootfs(config *configs.Config, console *linuxConsole) (err error) { return nil } -func mount(m *configs.Mount, rootfs, mountLabel string) error { +func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error { var ( dest = m.Destination data = label.FormatMountLabel(m.Data, mountLabel) diff --git a/vendor/src/github.com/docker/libcontainer/user/user_test.go b/vendor/src/github.com/docker/libcontainer/user/user_test.go index 1a7318e065..4fe008fb39 100644 --- a/vendor/src/github.com/docker/libcontainer/user/user_test.go +++ b/vendor/src/github.com/docker/libcontainer/user/user_test.go @@ -198,7 +198,7 @@ this is just some garbage data execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group) if err != nil { - t.Logf("got unexpected error when parsing '%s': %v", test.ref, err) + t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error()) t.Fail() continue } @@ -337,7 +337,7 @@ this is just some garbage data execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group) if err != nil { - t.Logf("got unexpected error when parsing '%s': %v", test.ref, err) + t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error()) t.Fail() continue }