Code review updates
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
parent
f8262b5748
commit
34301be200
3 changed files with 10 additions and 10 deletions
|
@ -9,9 +9,9 @@ for using linux namespaces with no external dependencies. libcontainer provides
|
|||
#### container
|
||||
A container is a self contained directory that is able to run one or more processes inside without
|
||||
affecting the host system. The directory is usually a full system tree. Inside the directory
|
||||
a `container.json` file just be placed with the runtime configuration for how the process
|
||||
should be contained and run. Environment, networking, and different capabilities for the
|
||||
process are specified in this file.
|
||||
a `container.json` file is placed with the runtime configuration for how the processes
|
||||
should be contained and ran. Environment, networking, and different capabilities for the
|
||||
process are specified in this file. The configuration is used for each process executed inside the container.
|
||||
|
||||
Sample `container.json` file:
|
||||
```json
|
||||
|
@ -67,10 +67,12 @@ Sample `container.json` file:
|
|||
}
|
||||
```
|
||||
|
||||
Using this configuration and the current directory holding the rootfs for a process to live, one can se libcontainer to exec the container. Running the life of the namespace a `.nspid` file
|
||||
is written to the current directory with the pid of the namespace'd process to the external word. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run an new process inside an existing container with a live namespace with namespace will be joined by the new process.
|
||||
Using this configuration and the current directory holding the rootfs for a process to live, one can use libcontainer to exec the container. Running the life of the namespace a `pid` file
|
||||
is written to the current directory with the pid of the namespace'd process to the external world. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run an new process inside an existing container with a live namespace with namespace will be joined by the new process.
|
||||
|
||||
|
||||
You may also specify an alternate root to to place the `container.json` file is read and where the `pid` file will be saved.
|
||||
|
||||
#### nsinit
|
||||
|
||||
`nsinit` is a cli application used as the reference implementation of libcontainer. It is able to
|
||||
|
|
|
@ -13,8 +13,8 @@ var strategies = map[string]NetworkStrategy{
|
|||
"veth": &Veth{},
|
||||
}
|
||||
|
||||
// NetworkStrategy represends a specific network configuration for
|
||||
// a containers networking stack
|
||||
// NetworkStrategy represents a specific network configuration for
|
||||
// a container's networking stack
|
||||
type NetworkStrategy interface {
|
||||
Create(*libcontainer.Network, int, libcontainer.Context) error
|
||||
Initialize(*libcontainer.Network, libcontainer.Context) error
|
||||
|
|
|
@ -48,9 +48,7 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
|
|||
command.Process.Kill()
|
||||
return -1, err
|
||||
}
|
||||
defer func() {
|
||||
ns.stateWriter.DeletePid()
|
||||
}()
|
||||
defer ns.stateWriter.DeletePid()
|
||||
|
||||
// Do this before syncing with child so that no children
|
||||
// can escape the cgroup
|
||||
|
|
Loading…
Reference in a new issue