Merge pull request #1117 from runcom/setup-cwd

container_create: setup cwd for containers
2017-11-04 05:21:26 -07:00 · 2017-11-04 05:21:26 -07:00 · 3f9e539bde
commit 3f9e539bde
parent 19d90e7c23 140f85df72
2 changed files with 51 additions and 0 deletions
--- a/server/container_create.go
+++ b/server/container_create.go
@ -1141,6 +1141,12 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 		containerCwd = runtimeCwd
 	}
 	specgen.SetProcessCwd(containerCwd)
+	if err := setupWorkingDirectory(mountPoint, mountLabel, containerCwd); err != nil {
+		if err1 := s.StorageRuntimeServer().StopContainer(containerID); err1 != nil {
+			return nil, fmt.Errorf("can't umount container after cwd error %v: %v", err, err1)
+		}
+		return nil, err
+	}

 	var secretMounts []rspec.Mount
 	if len(s.config.DefaultMounts) > 0 {
@ -1320,3 +1326,19 @@ func clearReadOnly(m *rspec.Mount) {
 	}
 	m.Options = opt
 }
+
+func setupWorkingDirectory(rootfs, mountLabel, containerCwd string) error {
+	fp, err := symlink.FollowSymlinkInScope(filepath.Join(rootfs, containerCwd), rootfs)
+	if err != nil {
+		return err
+	}
+	if err := os.MkdirAll(fp, 0755); err != nil {
+		return err
+	}
+	if mountLabel != "" {
+		if err1 := label.Relabel(fp, mountLabel, true); err1 != nil && err1 != unix.ENOTSUP {
+			return fmt.Errorf("relabel failed %s: %v", fp, err1)
+		}
+	}
+	return nil
+}