From 7dc071dca54e9c939f8b2376406cc5b2a4d824f8 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 3 Mar 2014 12:15:47 -0800
Subject: [PATCH] Factor out finalize namespace Docker-DCO-1.1-Signed-off-by:
 Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

---
 libcontainer/nsinit/execin.go |  5 ++---
 libcontainer/nsinit/init.go   | 29 +++++++++++++++++++----------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/libcontainer/nsinit/execin.go b/libcontainer/nsinit/execin.go
index 55f7b96..488fe0e 100644
--- a/libcontainer/nsinit/execin.go
+++ b/libcontainer/nsinit/execin.go
@@ -5,7 +5,6 @@ package nsinit
 import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/capabilities"
 	"github.com/dotcloud/docker/pkg/system"
 	"os"
 	"path/filepath"
@@ -73,8 +72,8 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s
 		os.Exit(state.Sys().(syscall.WaitStatus).ExitStatus())
 	}
 dropAndExec:
-	if err := capabilities.DropCapabilities(container); err != nil {
-		return -1, fmt.Errorf("drop capabilities %s", err)
+	if err := finalizeNamespace(container); err != nil {
+		return -1, err
 	}
 	if err := system.Execv(args[0], args[0:], container.Env); err != nil {
 		return -1, err
diff --git a/libcontainer/nsinit/init.go b/libcontainer/nsinit/init.go
index cc481e2..565030f 100644
--- a/libcontainer/nsinit/init.go
+++ b/libcontainer/nsinit/init.go
@@ -64,16 +64,8 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.Sethostname(container.Hostname); err != nil {
 		return fmt.Errorf("sethostname %s", err)
 	}
-	if err := capabilities.DropCapabilities(container); err != nil {
-		return fmt.Errorf("drop capabilities %s", err)
-	}
-	if err := setupUser(container); err != nil {
-		return fmt.Errorf("setup user %s", err)
-	}
-	if container.WorkingDir != "" {
-		if err := system.Chdir(container.WorkingDir); err != nil {
-			return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
-		}
+	if err := finalizeNamespace(container); err != nil {
+		return fmt.Errorf("finalize namespace %s", err)
 	}
 	return system.Execv(args[0], args[0:], container.Env)
 }
@@ -142,3 +134,20 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex
 	}
 	return nil
 }
+
+// finalizeNamespace drops the caps and sets the correct user
+// and working dir before execing the command inside the namespace
+func finalizeNamespace(container *libcontainer.Container) error {
+	if err := capabilities.DropCapabilities(container); err != nil {
+		return fmt.Errorf("drop capabilities %s", err)
+	}
+	if err := setupUser(container); err != nil {
+		return fmt.Errorf("setup user %s", err)
+	}
+	if container.WorkingDir != "" {
+		if err := system.Chdir(container.WorkingDir); err != nil {
+			return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
+		}
+	}
+	return nil
+}