Code review updates
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
parent
f8262b5748
commit
34301be200
3 changed files with 10 additions and 10 deletions
|
@ -9,9 +9,9 @@ for using linux namespaces with no external dependencies. libcontainer provides
|
||||||
#### container
|
#### container
|
||||||
A container is a self contained directory that is able to run one or more processes inside without
|
A container is a self contained directory that is able to run one or more processes inside without
|
||||||
affecting the host system. The directory is usually a full system tree. Inside the directory
|
affecting the host system. The directory is usually a full system tree. Inside the directory
|
||||||
a `container.json` file just be placed with the runtime configuration for how the process
|
a `container.json` file is placed with the runtime configuration for how the processes
|
||||||
should be contained and run. Environment, networking, and different capabilities for the
|
should be contained and ran. Environment, networking, and different capabilities for the
|
||||||
process are specified in this file.
|
process are specified in this file. The configuration is used for each process executed inside the container.
|
||||||
|
|
||||||
Sample `container.json` file:
|
Sample `container.json` file:
|
||||||
```json
|
```json
|
||||||
|
@ -67,10 +67,12 @@ Sample `container.json` file:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Using this configuration and the current directory holding the rootfs for a process to live, one can se libcontainer to exec the container. Running the life of the namespace a `.nspid` file
|
Using this configuration and the current directory holding the rootfs for a process to live, one can use libcontainer to exec the container. Running the life of the namespace a `pid` file
|
||||||
is written to the current directory with the pid of the namespace'd process to the external word. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run an new process inside an existing container with a live namespace with namespace will be joined by the new process.
|
is written to the current directory with the pid of the namespace'd process to the external world. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run an new process inside an existing container with a live namespace with namespace will be joined by the new process.
|
||||||
|
|
||||||
|
|
||||||
|
You may also specify an alternate root to to place the `container.json` file is read and where the `pid` file will be saved.
|
||||||
|
|
||||||
#### nsinit
|
#### nsinit
|
||||||
|
|
||||||
`nsinit` is a cli application used as the reference implementation of libcontainer. It is able to
|
`nsinit` is a cli application used as the reference implementation of libcontainer. It is able to
|
||||||
|
|
|
@ -13,8 +13,8 @@ var strategies = map[string]NetworkStrategy{
|
||||||
"veth": &Veth{},
|
"veth": &Veth{},
|
||||||
}
|
}
|
||||||
|
|
||||||
// NetworkStrategy represends a specific network configuration for
|
// NetworkStrategy represents a specific network configuration for
|
||||||
// a containers networking stack
|
// a container's networking stack
|
||||||
type NetworkStrategy interface {
|
type NetworkStrategy interface {
|
||||||
Create(*libcontainer.Network, int, libcontainer.Context) error
|
Create(*libcontainer.Network, int, libcontainer.Context) error
|
||||||
Initialize(*libcontainer.Network, libcontainer.Context) error
|
Initialize(*libcontainer.Network, libcontainer.Context) error
|
||||||
|
|
|
@ -48,9 +48,7 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
|
||||||
command.Process.Kill()
|
command.Process.Kill()
|
||||||
return -1, err
|
return -1, err
|
||||||
}
|
}
|
||||||
defer func() {
|
defer ns.stateWriter.DeletePid()
|
||||||
ns.stateWriter.DeletePid()
|
|
||||||
}()
|
|
||||||
|
|
||||||
// Do this before syncing with child so that no children
|
// Do this before syncing with child so that no children
|
||||||
// can escape the cgroup
|
// can escape the cgroup
|
||||||
|
|
Loading…
Reference in a new issue