From c8ad8184ec75d3abfcb9654e62827a60cc3fd79f Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 24 Feb 2014 15:47:23 -0800 Subject: [PATCH] Cgroups allow devices for privileged containers Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- libcontainer/nsinit/init.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/libcontainer/nsinit/init.go b/libcontainer/nsinit/init.go index 23303cd..d6d7dc3 100644 --- a/libcontainer/nsinit/init.go +++ b/libcontainer/nsinit/init.go @@ -9,7 +9,6 @@ import ( "github.com/dotcloud/docker/pkg/libcontainer/network" "github.com/dotcloud/docker/pkg/system" "github.com/dotcloud/docker/pkg/user" - "log" "os" "os/exec" "path/filepath" @@ -23,7 +22,6 @@ func Init(container *libcontainer.Container, uncleanRootfs, console string, sync if err != nil { return err } - log.Printf("initializing namespace at %s", rootfs) // We always read this as it is a way to sync with the parent as well context, err := syncPipe.ReadFromParent() @@ -32,10 +30,8 @@ func Init(container *libcontainer.Container, uncleanRootfs, console string, sync return err } syncPipe.Close() - log.Printf("received context from parent %v", context) if console != "" { - log.Printf("setting up console for %s", console) // close pipes so that we can replace it with the pty closeStdPipes() slave, err := openTerminal(console, syscall.O_RDWR) @@ -66,11 +62,9 @@ func Init(container *libcontainer.Container, uncleanRootfs, console string, sync if err := system.Sethostname(container.Hostname); err != nil { return fmt.Errorf("sethostname %s", err) } - log.Printf("dropping capabilities") if err := capabilities.DropCapabilities(container); err != nil { return fmt.Errorf("drop capabilities %s", err) } - log.Printf("setting user in namespace") if err := setupUser(container); err != nil { return fmt.Errorf("setup user %s", err) } @@ -87,7 +81,6 @@ func execArgs(args []string, env []string) error { if err != nil { return err } - log.Printf("execing %s goodbye", name) if err := system.Exec(name, args[0:], env); err != nil { return fmt.Errorf("exec %s", err) } @@ -111,7 +104,7 @@ func resolveRootfs(uncleanRootfs string) (string, error) { } func setupUser(container *libcontainer.Container) error { - if container.User != "" { + if container.User != "" && container.User != "root" { uid, gid, suppGids, err := user.GetUserGroupSupplementary(container.User, syscall.Getuid(), syscall.Getgid()) if err != nil { return err