Documentation
¶
Index ¶
- Variables
- func DefaultCreateCommand(container *libcontainer.Config, console, rootfs, dataPath, init string, ...) *exec.Cmd
- func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Writer, ...) (int, error)
- func ExecIn(container *libcontainer.Config, state *libcontainer.State, args []string) error
- func FinalizeNamespace(container *libcontainer.Config) error
- func GetNamespaceFlags(namespaces map[string]bool) (flag int)
- func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, ...) (err error)
- func InitializeNetworking(container *libcontainer.Config, nspid int, pipe *syncpipe.SyncPipe, ...) error
- func LoadContainerEnvironment(container *libcontainer.Config) error
- func NsEnter(container *libcontainer.Config, args []string) error
- func RestoreParentDeathSignal(old int) error
- func RunIn(container *libcontainer.Config, state *libcontainer.State, args []string, ...) (int, error)
- func SetupCgroups(container *libcontainer.Config, nspid int) (cgroups.ActiveCgroup, error)
- func SetupUser(u string) error
- type CreateCommand
- type Namespace
- type Namespaces
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnkownNamespace = errors.New("Unknown namespace") ErrUnsupported = errors.New("Unsupported method") )
namespaceList is used to convert the libcontainer types into the names of the files located in /proc/<pid>/ns/* for each namespace
Functions ¶
func DefaultCreateCommand ¶
func DefaultCreateCommand(container *libcontainer.Config, console, rootfs, dataPath, init string, pipe *os.File, args []string) *exec.Cmd
DefaultCreateCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces defined on the container's configuration and use the current binary as the init with the args provided
console: the /dev/console to setup inside the container init: the program executed inside the namespaces root: the path to the container json file and information pipe: sync pipe to synchronize the parent and child processes args: the arguments to pass to the container to run as the user's program
func Exec ¶
func Exec(container *libcontainer.Config, stdin io.Reader, stdout, stderr io.Writer, console string, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error)
TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work. Move this to libcontainer package. Exec performs setup outside of a namespace so that a container can be executed. Exec is a high level function for working with container namespaces.
func ExecIn ¶
func ExecIn(container *libcontainer.Config, state *libcontainer.State, args []string) error
ExecIn uses an existing pid and joins the pid's namespaces with the new command.
func FinalizeNamespace ¶
func FinalizeNamespace(container *libcontainer.Config) error
FinalizeNamespace drops the caps, sets the correct user and working dir, and closes any leaky file descriptors before execing the command inside the namespace
func GetNamespaceFlags ¶
GetNamespaceFlags parses the container's Namespaces options to set the correct flags on clone, unshare, and setns
func Init ¶
func Init(container *libcontainer.Config, uncleanRootfs, consolePath string, syncPipe *syncpipe.SyncPipe, args []string) (err error)
TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work. Move this to libcontainer package. Init is the init process that first runs inside a new namespace to setup mounts, users, networking, and other options required for the new container. The caller of Init function has to ensure that the go runtime is locked to an OS thread (using runtime.LockOSThread) else system calls like setns called within Init may not work as intended.
func InitializeNetworking ¶
func InitializeNetworking(container *libcontainer.Config, nspid int, pipe *syncpipe.SyncPipe, networkState *network.NetworkState) error
InitializeNetworking creates the container's network stack outside of the namespace and moves interfaces into the container's net namespaces if necessary
func LoadContainerEnvironment ¶
func LoadContainerEnvironment(container *libcontainer.Config) error
func NsEnter ¶
func NsEnter(container *libcontainer.Config, args []string) error
Run a command in a container after entering the namespace.
func RestoreParentDeathSignal ¶
RestoreParentDeathSignal sets the parent death signal to old.
func RunIn ¶
func RunIn(container *libcontainer.Config, state *libcontainer.State, args []string, nsinitPath string, stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error)
Runs the command under 'args' inside an existing container referred to by 'container'. Returns the exitcode of the command upon success and appropriate error on failure.
func SetupCgroups ¶
func SetupCgroups(container *libcontainer.Config, nspid int) (cgroups.ActiveCgroup, error)
SetupCgroups applies the cgroup restrictions to the process running in the container based on the container's configuration
Types ¶
type CreateCommand ¶
type Namespace ¶
type Namespace struct {
Key string `json:"key,omitempty"`
Value int `json:"value,omitempty"`
File string `json:"file,omitempty"`
}
func GetNamespace ¶
type Namespaces ¶
type Namespaces []*Namespace
func (Namespaces) Contains ¶
func (n Namespaces) Contains(ns string) bool
Contains returns true if the specified Namespace is in the slice
func (Namespaces) Get ¶
func (n Namespaces) Get(ns string) *Namespace
Source Files