From f216ad7b65d21df46203763ae03d92f9be4533bc Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Mon, 23 Jun 2014 21:11:01 +0000 Subject: [PATCH 1/3] Use internal types in the API instead of duplicating the types. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- utils.go | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 utils.go diff --git a/utils.go b/utils.go deleted file mode 100644 index ab770848bd4..00000000000 --- a/utils.go +++ /dev/null @@ -1,17 +0,0 @@ -package libcontainer - -import ( - "github.com/docker/libcontainer/security/capabilities" -) - -func GetAllCapabilities() []string { - return capabilities.GetAllCapabilities() -} - -func DropBoundingSet(container *Container) error { - return capabilities.DropBoundingSet(container.Capabilities) -} - -func DropCapabilities(container *Container) error { - return capabilities.DropCapabilities(container.Capabilities) -} From 1aff270a6c0174677958cd6b8f2339971b2a5939 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 23 Jun 2014 15:19:14 -0700 Subject: [PATCH 2/3] Fix veth json and tags Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- container_test.go | 31 ++++++++++++++++++++++++++++ network/types.go | 2 +- sample_configs/attach_to_bridge.json | 6 ++---- 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/container_test.go b/container_test.go index a0008f35f35..cfbbcca4ab0 100644 --- a/container_test.go +++ b/container_test.go @@ -61,4 +61,35 @@ func TestContainerJsonFormat(t *testing.T) { t.Log("capabilities mask should contain SYS_CHROOT") t.Fail() } + + for _, n := range container.Networks { + if n.Type == "veth" { + if n.Bridge != "docker0" { + t.Logf("veth bridge should be docker0 but received %q", n.Bridge) + t.Fail() + } + + if n.Address != "172.17.0.101/16" { + t.Logf("veth address should be 172.17.0.101/61 but received %q", n.Address) + t.Fail() + } + + if n.VethPrefix != "veth" { + t.Logf("veth prefix should be veth but received %q", n.VethPrefix) + t.Fail() + } + + if n.Gateway != "172.17.42.1" { + t.Logf("veth gateway should be 172.17.42.1 but received %q", n.Gateway) + t.Fail() + } + + if n.Mtu != 1500 { + t.Logf("veth mtu should be 1500 but received %d", n.Mtu) + t.Fail() + } + + break + } + } } diff --git a/network/types.go b/network/types.go index e4ebbb2b8c6..14463ab712d 100644 --- a/network/types.go +++ b/network/types.go @@ -15,7 +15,7 @@ type Network struct { Bridge string `json:"bridge,omitempty"` // Prefix for the veth interfaces. - VethPrefix string `json:"type,omitempty"` + VethPrefix string `json:"veth_prefix,omitempty"` // Address contains the IP and mask to set on the network interface Address string `json:"address,omitempty"` diff --git a/sample_configs/attach_to_bridge.json b/sample_configs/attach_to_bridge.json index da138d173fb..20547fe1304 100644 --- a/sample_configs/attach_to_bridge.json +++ b/sample_configs/attach_to_bridge.json @@ -200,10 +200,8 @@ }, { "address": "172.17.0.101/16", - "context": { - "bridge": "docker0", - "prefix": "veth" - }, + "bridge": "docker0", + "veth_prefix": "veth", "gateway": "172.17.42.1", "mtu": 1500, "type": "veth" From 0023305afcad012ea0e93dd8905fd42d3b098016 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 23 Jun 2014 15:28:43 -0700 Subject: [PATCH 3/3] Make MountConfig on container a pointer Also add unit test for container json files to ensure that the mount config is read and device nodes are validated. Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- container.go | 2 +- container_test.go | 23 ++++++ namespaces/init.go | 2 +- sample_configs/attach_to_bridge.json | 109 +++++++++++++-------------- sample_configs/minimal.json | 100 ++++++++++++------------ 5 files changed, 128 insertions(+), 108 deletions(-) diff --git a/container.go b/container.go index 952c93bde67..e3ade00b477 100644 --- a/container.go +++ b/container.go @@ -13,7 +13,7 @@ type Network network.Network // Container defines configuration options for executing a process inside a contained environment type Container struct { // Mount specific options. - MountConfig MountConfig `json:"mount_config,omitempty"` + MountConfig *MountConfig `json:"mount_config,omitempty"` // Hostname optionally sets the container's hostname if provided Hostname string `json:"hostname,omitempty"` diff --git a/container_test.go b/container_test.go index cfbbcca4ab0..c70405652b8 100644 --- a/container_test.go +++ b/container_test.go @@ -4,6 +4,8 @@ import ( "encoding/json" "os" "testing" + + "github.com/docker/libcontainer/devices" ) // Checks whether the expected capability is specified in the capabilities. @@ -16,6 +18,20 @@ func contains(expected string, values []string) bool { return false } +func containsDevice(expected *devices.Device, values []*devices.Device) bool { + for _, d := range values { + if d.Path == expected.Path && + d.CgroupPermissions == expected.CgroupPermissions && + d.FileMode == expected.FileMode && + d.MajorNumber == expected.MajorNumber && + d.MinorNumber == expected.MinorNumber && + d.Type == expected.Type { + return true + } + } + return false +} + func TestContainerJsonFormat(t *testing.T) { f, err := os.Open("sample_configs/attach_to_bridge.json") if err != nil { @@ -92,4 +108,11 @@ func TestContainerJsonFormat(t *testing.T) { break } } + + for _, d := range devices.DefaultSimpleDevices { + if !containsDevice(d, container.MountConfig.DeviceNodes) { + t.Logf("expected defice configuration for %s", d.Path) + t.Fail() + } + } } diff --git a/namespaces/init.go b/namespaces/init.go index a0ce7b7219d..905889ea349 100644 --- a/namespaces/init.go +++ b/namespaces/init.go @@ -71,7 +71,7 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, if err := mount.InitializeMountNamespace(rootfs, consolePath, - (*mount.MountConfig)(&container.MountConfig)); err != nil { + (*mount.MountConfig)(container.MountConfig)); err != nil { return fmt.Errorf("setup mount namespace %s", err) } if container.Hostname != "" { diff --git a/sample_configs/attach_to_bridge.json b/sample_configs/attach_to_bridge.json index 20547fe1304..9b1e627d94a 100644 --- a/sample_configs/attach_to_bridge.json +++ b/sample_configs/attach_to_bridge.json @@ -121,66 +121,61 @@ "process_label": "", "restrictions": "true" }, - "device_nodes": [ - { - "cgroup_permissions": "rwm", - "major_number": 10, - "minor_number": 229, - "path": "/dev/fuse", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 3, - "path": "/dev/null", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 5, - "path": "/dev/zero", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 7, - "path": "/dev/full", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 5, - "path": "/dev/tty", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 9, - "path": "/dev/urandom", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 8, - "path": "/dev/random", - "type": 99 - } - ], + "mount_config": { + "device_nodes": [ + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 3, + "path": "/dev/null", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 5, + "path": "/dev/zero", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 7, + "path": "/dev/full", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 5, + "path": "/dev/tty", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 9, + "path": "/dev/urandom", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 8, + "path": "/dev/random", + "type": 99 + } + ] + }, "environment": [ "HOME=/", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "HOSTNAME=2d388ea3bd92", + "HOSTNAME=koye", "TERM=xterm" ], "hostname": "koye", diff --git a/sample_configs/minimal.json b/sample_configs/minimal.json index b0f6ffc089b..3e1a01ad0e9 100644 --- a/sample_configs/minimal.json +++ b/sample_configs/minimal.json @@ -121,55 +121,57 @@ "process_label": "", "restrictions": "true" }, - "device_nodes": [ - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 3, - "path": "/dev/null", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 5, - "path": "/dev/zero", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 7, - "path": "/dev/full", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 5, - "path": "/dev/tty", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 9, - "path": "/dev/urandom", - "type": 99 - }, - { - "cgroup_permissions": "rwm", - "file_mode": 438, - "major_number": 1, - "minor_number": 8, - "path": "/dev/random", - "type": 99 - } - ], + "mount_config": { + "device_nodes": [ + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 3, + "path": "/dev/null", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 5, + "path": "/dev/zero", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 7, + "path": "/dev/full", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 5, + "path": "/dev/tty", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 9, + "path": "/dev/urandom", + "type": 99 + }, + { + "cgroup_permissions": "rwm", + "file_mode": 438, + "major_number": 1, + "minor_number": 8, + "path": "/dev/random", + "type": 99 + } + ] + }, "environment": [ "HOME=/", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",