pkg/libcontainer/namespaces/namespaces.go

/*
   TODO
   pivot root
   cgroups
   more mount stuff that I probably am forgetting
   apparmor
*/

package namespaces

import (
	"fmt"
	"github.com/dotcloud/docker/pkg/libcontainer"
	"github.com/dotcloud/docker/pkg/libcontainer/utils"
	"os"
	"path/filepath"
	"syscall"
)

// CreateNewNamespace creates a new namespace and binds it's fd to the specified path
func CreateNewNamespace(namespace libcontainer.Namespace, bindTo string) error {
	var (
		flag   = namespaceMap[namespace]
		name   = namespaceFileMap[namespace]
		nspath = filepath.Join("/proc/self/ns", name)
	)
	// TODO: perform validation on name and flag

	pid, err := fork()
	if err != nil {
		return err
	}

	if pid == 0 {
		if err := unshare(flag); err != nil {
			writeError("unshare %s", err)
		}
		if err := mount(nspath, bindTo, "none", syscall.MS_BIND, ""); err != nil {
			writeError("bind mount %s", err)
		}
		os.Exit(0)
	}
	exit, err := utils.WaitOnPid(pid)
	if err != nil {
		return err
	}
	if exit != 0 {
		return fmt.Errorf("exit status %d", exit)
	}
	return err
}

// JoinExistingNamespace uses the fd of an existing linux namespace and
// has the current process join that namespace or the spacespace specified by ns
func JoinExistingNamespace(fd uintptr, ns libcontainer.Namespace) error {
	flag := namespaceMap[ns]
	if err := setns(fd, uintptr(flag)); err != nil {
		return err
	}
	return nil
}

// getNamespaceFlags parses the container's Namespaces options to set the correct
// flags on clone, unshare, and setns
func getNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
	for _, ns := range namespaces {
		flag |= namespaceMap[ns]
	}
	return
}
Initial commit of libcontainer Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) 2014-02-19 00:56:11 +00:00			`/*`
			`TODO`
			`pivot root`
			`cgroups`
			`more mount stuff that I probably am forgetting`
			`apparmor`
			`*/`

			`package namespaces`

			`import (`
			`"fmt"`
			`"github.com/dotcloud/docker/pkg/libcontainer"`
			`"github.com/dotcloud/docker/pkg/libcontainer/utils"`
			`"os"`
			`"path/filepath"`
			`"syscall"`
			`)`

			`// CreateNewNamespace creates a new namespace and binds it's fd to the specified path`
			`func CreateNewNamespace(namespace libcontainer.Namespace, bindTo string) error {`
			`var (`
			`flag = namespaceMap[namespace]`
			`name = namespaceFileMap[namespace]`
			`nspath = filepath.Join("/proc/self/ns", name)`
			`)`
			`// TODO: perform validation on name and flag`

			`pid, err := fork()`
			`if err != nil {`
			`return err`
			`}`

			`if pid == 0 {`
			`if err := unshare(flag); err != nil {`
			`writeError("unshare %s", err)`
			`}`
			`if err := mount(nspath, bindTo, "none", syscall.MS_BIND, ""); err != nil {`
			`writeError("bind mount %s", err)`
			`}`
			`os.Exit(0)`
			`}`
			`exit, err := utils.WaitOnPid(pid)`
			`if err != nil {`
			`return err`
			`}`
			`if exit != 0 {`
			`return fmt.Errorf("exit status %d", exit)`
			`}`
			`return err`
			`}`

			`// JoinExistingNamespace uses the fd of an existing linux namespace and`
			`// has the current process join that namespace or the spacespace specified by ns`
			`func JoinExistingNamespace(fd uintptr, ns libcontainer.Namespace) error {`
			`flag := namespaceMap[ns]`
			`if err := setns(fd, uintptr(flag)); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`

			`// getNamespaceFlags parses the container's Namespaces options to set the correct`
			`// flags on clone, unshare, and setns`
			`func getNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {`
			`for _, ns := range namespaces {`
			`flag \|= namespaceMap[ns]`
			`}`
			`return`
			`}`