execdriver

package
v1.10.1-selinux Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2016 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNotRunning              = errors.New("Container is not running")
	ErrWaitTimeoutReached      = errors.New("Wait timeout reached")
	ErrDriverAlreadyRegistered = errors.New("A driver already registered this docker init function")
	ErrDriverNotFound          = errors.New("The requested docker init has not been found")
)

Define error messages

Functions

func GetAllCapabilities

func GetAllCapabilities() []string

GetAllCapabilities returns all of the capabilities

func InitContainer

func InitContainer(c *Command) *configs.Config

InitContainer is the initialization of a container config. It returns the initial configs for a container. It's mostly defined by the default template.

func SetRootPropagation

func SetRootPropagation(config *configs.Config, propagation int)

SetRootPropagation sets the root mount propagation mode.

func SetupCgroups

func SetupCgroups(container *configs.Config, c *Command) error

SetupCgroups setups cgroup resources for a container.

func TweakCapabilities

func TweakCapabilities(basics, adds, drops []string) ([]string, error)

TweakCapabilities can tweak capabilities by adding or dropping capabilities based on the basics capabilities.

Types

type Capabilities

type Capabilities []*CapabilityMapping

Capabilities contains all CapabilityMapping

type CapabilityMapping

type CapabilityMapping struct {
	Key   string         `json:"key,omitempty"`
	Value capability.Cap `json:"value,omitempty"`
}

CapabilityMapping maps linux capability name to its value of capability.Cap type Capabilities is one of the security systems in Linux Security Module (LSM) framework provided by the kernel. For more details on capabilities, see http://man7.org/linux/man-pages/man7/capabilities.7.html

func GetCapability

func GetCapability(key string) *CapabilityMapping

GetCapability returns CapabilityMapping which contains specific key

func (*CapabilityMapping) String

func (c *CapabilityMapping) String() string

String returns <key> of CapabilityMapping

type Command

type Command struct {
	CommonCommand

	AllowedDevices     []*configs.Device `json:"allowed_devices"`
	AppArmorProfile    string            `json:"apparmor_profile"`
	AutoCreatedDevices []*configs.Device `json:"autocreated_devices"`
	CapAdd             []string          `json:"cap_add"`
	CapDrop            []string          `json:"cap_drop"`
	CgroupParent       string            `json:"cgroup_parent"` // The parent cgroup for this command.
	GIDMapping         []idtools.IDMap   `json:"gidmapping"`
	GroupAdd           []string          `json:"group_add"`
	Ipc                *Ipc              `json:"ipc"`
	OomScoreAdj        int               `json:"oom_score_adj"`
	Pid                *Pid              `json:"pid"`
	ReadonlyRootfs     bool              `json:"readonly_rootfs"`
	RemappedRoot       *User             `json:"remap_root"`
	SeccompProfile     string            `json:"seccomp_profile"`
	UIDMapping         []idtools.IDMap   `json:"uidmapping"`
	UTS                *UTS              `json:"uts"`
}

Command wraps an os/exec.Cmd to add more metadata

type CommonCommand

type CommonCommand struct {
	ContainerPid  int           `json:"container_pid"` // the pid for the process inside a container
	ID            string        `json:"id"`
	InitPath      string        `json:"initpath"`    // dockerinit
	MountLabel    string        `json:"mount_label"` // TODO Windows. More involved, but can be factored out
	Mounts        []Mount       `json:"mounts"`
	Network       *Network      `json:"network"`
	ProcessConfig ProcessConfig `json:"process_config"` // Describes the init process of the container.
	ProcessLabel  string        `json:"process_label"`  // TODO Windows. More involved, but can be factored out
	Resources     *Resources    `json:"resources"`
	Rootfs        string        `json:"rootfs"` // root fs of the container
	WorkingDir    string        `json:"working_dir"`
	TmpDir        string        `json:"tmpdir"` // Directory used to store docker tmpdirs.
}

CommonCommand is the common platform agnostic part of the Command structure which wraps an os/exec.Cmd to add more metadata

type CommonProcessConfig

type CommonProcessConfig struct {
	exec.Cmd `json:"-"`

	Tty        bool     `json:"tty"`
	Entrypoint string   `json:"entrypoint"`
	Arguments  []string `json:"arguments"`
	Terminal   Terminal `json:"-"` // standard or tty terminal
}

CommonProcessConfig is the common platform agnostic part of the ProcessConfig structure that describes a process that will be run inside a container.

type CommonResources

type CommonResources struct {
	Memory            int64  `json:"memory"`
	MemoryReservation int64  `json:"memory_reservation"`
	CPUShares         int64  `json:"cpu_shares"`
	BlkioWeight       uint16 `json:"blkio_weight"`
}

CommonResources contains the resource configs for a driver that are common across platforms.

type Context

type Context map[string]string

Context is a generic key value pair that allows arbitrary data to be sent

type Driver

type Driver interface {
	// Run executes the process, blocks until the process exits and returns
	// the exit code. It's the last stage on Docker side for running a container.
	Run(c *Command, pipes *Pipes, hooks Hooks) (ExitStatus, error)

	// Exec executes the process in an existing container, blocks until the
	// process exits and returns the exit code.
	Exec(c *Command, processConfig *ProcessConfig, pipes *Pipes, hooks Hooks) (int, error)

	// Kill sends signals to process in container.
	Kill(c *Command, sig int) error

	// Pause pauses a container.
	Pause(c *Command) error

	// Unpause unpauses a container.
	Unpause(c *Command) error

	// Name returns the name of the driver.
	Name() string

	// Info returns the configuration stored in the driver struct,
	// "temporary" hack (until we move state from core to plugins).
	Info(id string) Info

	// GetPidsForContainer returns a list of pid for the processes running in a container.
	GetPidsForContainer(id string) ([]int, error)

	// Terminate kills a container by sending signal SIGKILL.
	Terminate(c *Command) error

	// Clean removes all traces of container exec.
	Clean(id string) error

	// Stats returns resource stats for a running container
	Stats(id string) (*ResourceStats, error)

	// Update updates resource configs for a container
	Update(c *Command) error

	// SupportsHooks refers to the driver capability to exploit pre/post hook functionality
	SupportsHooks() bool
}

Driver is an interface for drivers to implement including all basic functions a driver should have

type DriverCallback

type DriverCallback func(processConfig *ProcessConfig, pid int, chOOM <-chan struct{}) error

DriverCallback defines a callback function which is used in "Run" and "Exec". This allows work to be done in the parent process when the child is passing through PreStart, Start and PostStop events. Callbacks are provided a processConfig pointer and the pid of the child. The channel will be used to notify the OOM events.

type ExitStatus

type ExitStatus struct {
	// The exit code with which the container exited.
	ExitCode int

	// Whether the container encountered an OOM.
	OOMKilled bool
}

ExitStatus provides exit reasons for a container.

type Hooks

type Hooks struct {
	// PreStart is called before container's CMD/ENTRYPOINT is executed
	PreStart []DriverCallback
	// Start is called after the container's process is full started
	Start DriverCallback
	// PostStop is called after the container process exits
	PostStop []DriverCallback
}

Hooks is a struct containing function pointers to callbacks used by any execdriver implementation exploiting hooks capabilities

type Info

type Info interface {
	IsRunning() bool
}

Info is driver specific information based on processes registered with the driver

type Ipc

type Ipc struct {
	ContainerID string `json:"container_id"` // id of the container to join ipc.
	HostIpc     bool   `json:"host_ipc"`
}

Ipc settings of the container It is for IPC namespace setting. Usually different containers have their own IPC namespace, however this specifies to use an existing IPC namespace. You can join the host's or a container's IPC namespace.

type Mount

type Mount struct {
	Source      string `json:"source"`
	Destination string `json:"destination"`
	Writable    bool   `json:"writable"`
	Data        string `json:"data"`
	Propagation string `json:"mountpropagation"`
}

Mount contains information for a mount operation.

type Network

type Network struct {
	Mtu            int    `json:"mtu"`
	ContainerID    string `json:"container_id"` // id of the container to join network.
	NamespacePath  string `json:"namespace_path"`
	HostNetworking bool   `json:"host_networking"`
}

Network settings of the container

type Pid

type Pid struct {
	HostPid bool `json:"host_pid"`
}

Pid settings of the container It is for PID namespace setting. Usually different containers have their own PID namespace, however this specifies to use an existing PID namespace. Joining the host's PID namespace is currently the only supported option.

type Pipes

type Pipes struct {
	Stdin          io.ReadCloser
	Stdout, Stderr io.Writer
}

Pipes is a wrapper around a container's output for stdin, stdout, stderr

func NewPipes

func NewPipes(stdin io.ReadCloser, stdout, stderr io.Writer, useStdin bool) *Pipes

NewPipes returns a wrapper around a container's output

type ProcessConfig

type ProcessConfig struct {
	CommonProcessConfig

	// Fields below here are platform specific
	Privileged bool   `json:"privileged"`
	User       string `json:"user"`
	Console    string `json:"-"` // dev/console path
}

ProcessConfig is the platform specific structure that describes a process that will be run inside a container.

type ResourceStats

type ResourceStats struct {
	*libcontainer.Stats
	Read        time.Time `json:"read"`
	MemoryLimit int64     `json:"memory_limit"`
	SystemUsage uint64    `json:"system_usage"`
}

ResourceStats contains information about resource usage by a container.

func Stats

func Stats(containerDir string, containerMemoryLimit int64, machineMemory int64) (*ResourceStats, error)

Stats collects all the resource usage information from a container.

type Resources

type Resources struct {
	CommonResources

	BlkioWeightDevice            []*blkiodev.WeightDevice   `json:"blkio_weight_device"`
	BlkioThrottleReadBpsDevice   []*blkiodev.ThrottleDevice `json:"blkio_throttle_read_bps_device"`
	BlkioThrottleWriteBpsDevice  []*blkiodev.ThrottleDevice `json:"blkio_throttle_write_bps_device"`
	BlkioThrottleReadIOpsDevice  []*blkiodev.ThrottleDevice `json:"blkio_throttle_read_iops_device"`
	BlkioThrottleWriteIOpsDevice []*blkiodev.ThrottleDevice `json:"blkio_throttle_write_iops_device"`
	MemorySwap                   int64                      `json:"memory_swap"`
	KernelMemory                 int64                      `json:"kernel_memory"`
	CPUQuota                     int64                      `json:"cpu_quota"`
	CpusetCpus                   string                     `json:"cpuset_cpus"`
	CpusetMems                   string                     `json:"cpuset_mems"`
	CPUPeriod                    int64                      `json:"cpu_period"`
	Rlimits                      []*units.Rlimit            `json:"rlimits"`
	OomKillDisable               bool                       `json:"oom_kill_disable"`
	MemorySwappiness             int64                      `json:"memory_swappiness"`
}

Resources contains all resource configs for a driver. Currently these are all for cgroup configs.

type StdConsole

type StdConsole struct {
	// Closers holds io.Closer references for closing at terminal close time
	Closers []io.Closer
}

StdConsole defines standard console operations for execdriver

func NewStdConsole

func NewStdConsole(processConfig *ProcessConfig, pipes *Pipes) (*StdConsole, error)

NewStdConsole returns a new StdConsole struct

func (*StdConsole) AttachPipes

func (s *StdConsole) AttachPipes(command *exec.Cmd, pipes *Pipes) error

AttachPipes attaches given pipes to exec.Cmd

func (*StdConsole) Close

func (s *StdConsole) Close() error

Close implements Close method of Terminal interface

func (*StdConsole) Resize

func (s *StdConsole) Resize(h, w int) error

Resize implements Resize method of Terminal interface

type Terminal

type Terminal interface {
	io.Closer
	Resize(height, width int) error
}

Terminal represents a pseudo TTY, it is for when using a container interactively.

type UTS

type UTS struct {
	HostUTS bool `json:"host_uts"`
}

UTS settings of the container It is for UTS namespace setting. Usually different containers have their own UTS namespace, however this specifies to use an existing UTS namespace. Joining the host's UTS namespace is currently the only supported option.

type User

type User struct {
	UID int `json:"root_uid"`
	GID int `json:"root_gid"`
}

User contains the uid and gid representing a Unix user

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL