Improve chroot driver by mounting proc

Add -driver flag to dockerinit

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-01-13 11:13:49 -08:00
Родитель 8e0741f5e4
Коммит 92e6db7beb
5 изменённых файлов: 41 добавлений и 10 удалений

Просмотреть файл

@ -1,11 +1,8 @@
package chroot
import (
"fmt"
"github.com/dotcloud/docker/execdriver"
"io/ioutil"
"os/exec"
"path"
"time"
)
@ -16,15 +13,18 @@ func NewDriver() (execdriver.Driver, error) {
return &driver{}, nil
}
func (d *driver) String() string {
return "chroot"
}
func (d *driver) Start(c *execdriver.Process) error {
data, _ := ioutil.ReadFile(c.SysInitPath)
ioutil.WriteFile(path.Join(c.Rootfs, ".dockerinit"), data, 0644)
params := []string{
"chroot",
c.Rootfs,
"/.dockerinit",
"-driver",
d.String(),
}
// need to mount proc
params = append(params, c.Entrypoint)
params = append(params, c.Arguments...)

Просмотреть файл

@ -11,6 +11,7 @@ type Driver interface {
Kill(c *Process, sig int) error
Wait(id string, duration time.Duration) error // Wait on an out of process option - lxc ghosts
Version() string
String() string
}
// Network settings of the container

Просмотреть файл

@ -41,6 +41,10 @@ func NewDriver(root string, apparmor bool) (execdriver.Driver, error) {
}, nil
}
func (d *driver) String() string {
return "lxc"
}
func (d *driver) Start(c *execdriver.Process) error {
params := []string{
startPath,
@ -48,6 +52,8 @@ func (d *driver) Start(c *execdriver.Process) error {
"-f", c.ConfigPath,
"--",
c.InitPath,
"-driver",
d.String(),
}
if c.Network != nil {

Просмотреть файл

@ -25,27 +25,37 @@ func Mounted(mountpoint string) (bool, error) {
return false, nil
}
// Mount the specified options at the target path
// Mount the specified options at the target path only if
// the target is not mounted
// Options must be specified as fstab style
func Mount(device, target, mType, options string) error {
if mounted, err := Mounted(target); err != nil || mounted {
return err
}
return ForceMount(device, target, mType, options)
}
// Mount the specified options at the target path
// reguardless if the target is mounted or not
// Options must be specified as fstab style
func ForceMount(device, target, mType, options string) error {
flag, data := parseOptions(options)
if err := mount(device, target, mType, uintptr(flag), data); err != nil {
return err
}
return nil
}
// Unmount the target only if it is mounted
func Unmount(target string) (err error) {
func Unmount(target string) error {
if mounted, err := Mounted(target); err != nil || !mounted {
return err
}
return ForceUnmount(target)
}
// Unmount the target reguardless if it is mounted or not
func ForceUnmount(target string) (err error) {
// Simple retry logic for unmount
for i := 0; i < 10; i++ {
if err = unmount(target, 0); err == nil {

Просмотреть файл

@ -4,6 +4,7 @@ import (
"encoding/json"
"flag"
"fmt"
"github.com/dotcloud/docker/mount"
"github.com/dotcloud/docker/pkg/netlink"
"github.com/dotcloud/docker/utils"
"github.com/syndtr/gocapability/capability"
@ -26,6 +27,7 @@ type DockerInitArgs struct {
env []string
args []string
mtu int
driver string
}
func setupHostname(args *DockerInitArgs) error {
@ -92,6 +94,10 @@ func setupWorkingDirectory(args *DockerInitArgs) error {
return nil
}
func setupMounts(args *DockerInitArgs) error {
return mount.ForceMount("proc", "proc", "proc", "")
}
// Takes care of dropping privileges to the desired user
func changeUser(args *DockerInitArgs) error {
if args.user == "" {
@ -182,7 +188,7 @@ func getEnv(args *DockerInitArgs, key string) string {
func executeProgram(args *DockerInitArgs) error {
setupEnv(args)
if false {
if args.driver == "lxc" {
if err := setupHostname(args); err != nil {
return err
}
@ -201,6 +207,12 @@ func executeProgram(args *DockerInitArgs) error {
if err := changeUser(args); err != nil {
return err
}
} else if args.driver == "chroot" {
// TODO: @crosbymichael @creack how do we unmount this after the
// process exists?
if err := setupMounts(args); err != nil {
return err
}
}
path, err := exec.LookPath(args.args[0])
@ -233,6 +245,7 @@ func SysInit() {
workDir := flag.String("w", "", "workdir")
privileged := flag.Bool("privileged", false, "privileged mode")
mtu := flag.Int("mtu", 1500, "interface mtu")
driver := flag.String("driver", "", "exec driver")
flag.Parse()
// Get env
@ -257,6 +270,7 @@ func SysInit() {
env: env,
args: flag.Args(),
mtu: *mtu,
driver: *driver,
}
if err := executeProgram(args); err != nil {