diff --git a/libcontainer/README.md b/libcontainer/README.md index 4c8da8e..b81401c 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -9,9 +9,9 @@ for using linux namespaces with no external dependencies. libcontainer provides #### container A container is a self contained directory that is able to run one or more processes inside without affecting the host system. The directory is usually a full system tree. Inside the directory -a `container.json` file just be placed with the runtime configuration for how the process -should be contained and run. Environment, networking, and different capabilities for the -process are specified in this file. +a `container.json` file is placed with the runtime configuration for how the processes +should be contained and ran. Environment, networking, and different capabilities for the +process are specified in this file. The configuration is used for each process executed inside the container. Sample `container.json` file: ```json @@ -67,10 +67,12 @@ Sample `container.json` file: } ``` -Using this configuration and the current directory holding the rootfs for a process to live, one can se libcontainer to exec the container. Running the life of the namespace a `.nspid` file -is written to the current directory with the pid of the namespace'd process to the external word. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run an new process inside an existing container with a live namespace with namespace will be joined by the new process. +Using this configuration and the current directory holding the rootfs for a process to live, one can use libcontainer to exec the container. Running the life of the namespace a `pid` file +is written to the current directory with the pid of the namespace'd process to the external world. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run an new process inside an existing container with a live namespace with namespace will be joined by the new process. +You may also specify an alternate root to to place the `container.json` file is read and where the `pid` file will be saved. + #### nsinit `nsinit` is a cli application used as the reference implementation of libcontainer. It is able to diff --git a/libcontainer/network/strategy.go b/libcontainer/network/strategy.go index a2f4f8f..234fcc0 100644 --- a/libcontainer/network/strategy.go +++ b/libcontainer/network/strategy.go @@ -13,8 +13,8 @@ var strategies = map[string]NetworkStrategy{ "veth": &Veth{}, } -// NetworkStrategy represends a specific network configuration for -// a containers networking stack +// NetworkStrategy represents a specific network configuration for +// a container's networking stack type NetworkStrategy interface { Create(*libcontainer.Network, int, libcontainer.Context) error Initialize(*libcontainer.Network, libcontainer.Context) error diff --git a/libcontainer/nsinit/exec.go b/libcontainer/nsinit/exec.go index f7a9c17..f1a4e24 100644 --- a/libcontainer/nsinit/exec.go +++ b/libcontainer/nsinit/exec.go @@ -48,9 +48,7 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ command.Process.Kill() return -1, err } - defer func() { - ns.stateWriter.DeletePid() - }() + defer ns.stateWriter.DeletePid() // Do this before syncing with child so that no children // can escape the cgroup