81d2c67492
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
70 lines
1.6 KiB
Go
70 lines
1.6 KiB
Go
/*
|
|
TODO
|
|
pivot root
|
|
cgroups
|
|
more mount stuff that I probably am forgetting
|
|
apparmor
|
|
*/
|
|
|
|
package namespaces
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/dotcloud/docker/pkg/libcontainer"
|
|
"github.com/dotcloud/docker/pkg/libcontainer/utils"
|
|
"os"
|
|
"path/filepath"
|
|
"syscall"
|
|
)
|
|
|
|
// CreateNewNamespace creates a new namespace and binds it's fd to the specified path
|
|
func CreateNewNamespace(namespace libcontainer.Namespace, bindTo string) error {
|
|
var (
|
|
flag = namespaceMap[namespace]
|
|
name = namespaceFileMap[namespace]
|
|
nspath = filepath.Join("/proc/self/ns", name)
|
|
)
|
|
// TODO: perform validation on name and flag
|
|
|
|
pid, err := fork()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if pid == 0 {
|
|
if err := unshare(flag); err != nil {
|
|
writeError("unshare %s", err)
|
|
}
|
|
if err := mount(nspath, bindTo, "none", syscall.MS_BIND, ""); err != nil {
|
|
writeError("bind mount %s", err)
|
|
}
|
|
os.Exit(0)
|
|
}
|
|
exit, err := utils.WaitOnPid(pid)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if exit != 0 {
|
|
return fmt.Errorf("exit status %d", exit)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// JoinExistingNamespace uses the fd of an existing linux namespace and
|
|
// has the current process join that namespace or the spacespace specified by ns
|
|
func JoinExistingNamespace(fd uintptr, ns libcontainer.Namespace) error {
|
|
flag := namespaceMap[ns]
|
|
if err := setns(fd, uintptr(flag)); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// getNamespaceFlags parses the container's Namespaces options to set the correct
|
|
// flags on clone, unshare, and setns
|
|
func getNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
|
|
for _, ns := range namespaces {
|
|
flag |= namespaceMap[ns]
|
|
}
|
|
return
|
|
}
|