2018-02-05 16:05:59 -05:00
package v2 // import "github.com/docker/docker/plugin/v2"
2016-12-12 18:05:53 -05:00
import (
"os"
"path/filepath"
2017-05-26 19:14:18 -04:00
"runtime"
2016-12-12 18:05:53 -05:00
"strings"
"github.com/docker/docker/api/types"
"github.com/docker/docker/oci"
"github.com/docker/docker/pkg/system"
2018-05-19 07:38:54 -04:00
"github.com/opencontainers/runtime-spec/specs-go"
2017-01-17 13:27:01 -05:00
"github.com/pkg/errors"
2016-12-12 18:05:53 -05:00
)
// InitSpec creates an OCI spec from the plugin's config.
func ( p * Plugin ) InitSpec ( execRoot string ) ( * specs . Spec , error ) {
s := oci . DefaultSpec ( )
2017-12-13 15:24:51 -05:00
2017-08-01 11:51:24 -04:00
s . Root = & specs . Root {
2016-12-12 18:05:53 -05:00
Path : p . Rootfs ,
Readonly : false , // TODO: all plugins should be readonly? settable in config?
}
userMounts := make ( map [ string ] struct { } , len ( p . PluginObj . Settings . Mounts ) )
for _ , m := range p . PluginObj . Settings . Mounts {
userMounts [ m . Destination ] = struct { } { }
}
execRoot = filepath . Join ( execRoot , p . PluginObj . ID )
if err := os . MkdirAll ( execRoot , 0700 ) ; err != nil {
2017-01-17 13:27:01 -05:00
return nil , errors . WithStack ( err )
2016-12-12 18:05:53 -05:00
}
2017-12-14 09:29:11 -05:00
if p . PluginObj . Config . PropagatedMount != "" {
pRoot := filepath . Join ( filepath . Dir ( p . Rootfs ) , "propagated-mount" )
s . Mounts = append ( s . Mounts , specs . Mount {
Source : pRoot ,
Destination : p . PluginObj . Config . PropagatedMount ,
Type : "bind" ,
Options : [ ] string { "rbind" , "rw" , "rshared" } ,
} )
s . Linux . RootfsPropagation = "rshared"
}
2016-12-12 18:05:53 -05:00
mounts := append ( p . PluginObj . Config . Mounts , types . PluginMount {
Source : & execRoot ,
Destination : defaultPluginRuntimeDestination ,
Type : "bind" ,
Options : [ ] string { "rbind" , "rshared" } ,
} )
if p . PluginObj . Config . Network . Type != "" {
// TODO: if net == bridge, use libnetwork controller to create a new plugin-specific bridge, bind mount /etc/hosts and /etc/resolv.conf look at the docker code (allocateNetwork, initialize)
if p . PluginObj . Config . Network . Type == "host" {
2017-04-27 17:52:47 -04:00
oci . RemoveNamespace ( & s , specs . LinuxNamespaceType ( "network" ) )
2016-12-12 18:05:53 -05:00
}
etcHosts := "/etc/hosts"
resolvConf := "/etc/resolv.conf"
mounts = append ( mounts ,
types . PluginMount {
Source : & etcHosts ,
Destination : etcHosts ,
Type : "bind" ,
Options : [ ] string { "rbind" , "ro" } ,
} ,
types . PluginMount {
Source : & resolvConf ,
Destination : resolvConf ,
Type : "bind" ,
Options : [ ] string { "rbind" , "ro" } ,
} )
}
2017-03-10 17:17:24 -05:00
if p . PluginObj . Config . PidHost {
2017-04-27 17:52:47 -04:00
oci . RemoveNamespace ( & s , specs . LinuxNamespaceType ( "pid" ) )
2017-03-10 17:17:24 -05:00
}
2016-12-12 18:05:53 -05:00
2017-03-07 21:26:09 -05:00
if p . PluginObj . Config . IpcHost {
2017-04-27 17:52:47 -04:00
oci . RemoveNamespace ( & s , specs . LinuxNamespaceType ( "ipc" ) )
2017-03-07 21:26:09 -05:00
}
2016-12-12 18:05:53 -05:00
for _ , mnt := range mounts {
m := specs . Mount {
Destination : mnt . Destination ,
Type : mnt . Type ,
Options : mnt . Options ,
}
if mnt . Source == nil {
return nil , errors . New ( "mount source is not specified" )
}
m . Source = * mnt . Source
s . Mounts = append ( s . Mounts , m )
}
for i , m := range s . Mounts {
if strings . HasPrefix ( m . Destination , "/dev/" ) {
if _ , ok := userMounts [ m . Destination ] ; ok {
s . Mounts = append ( s . Mounts [ : i ] , s . Mounts [ i + 1 : ] ... )
}
}
}
2017-01-10 14:00:57 -05:00
if p . PluginObj . Config . Linux . AllowAllDevices {
2017-04-27 17:52:47 -04:00
s . Linux . Resources . Devices = [ ] specs . LinuxDeviceCgroup { { Allow : true , Access : "rwm" } }
2016-12-12 18:05:53 -05:00
}
for _ , dev := range p . PluginObj . Settings . Devices {
path := * dev . Path
d , dPermissions , err := oci . DevicesFromPath ( path , path , "rwm" )
if err != nil {
2017-01-17 13:27:01 -05:00
return nil , errors . WithStack ( err )
2016-12-12 18:05:53 -05:00
}
s . Linux . Devices = append ( s . Linux . Devices , d ... )
s . Linux . Resources . Devices = append ( s . Linux . Resources . Devices , dPermissions ... )
}
envs := make ( [ ] string , 1 , len ( p . PluginObj . Settings . Env ) + 1 )
2017-05-26 19:14:18 -04:00
envs [ 0 ] = "PATH=" + system . DefaultPathEnv ( runtime . GOOS )
2016-12-12 18:05:53 -05:00
envs = append ( envs , p . PluginObj . Settings . Env ... )
args := append ( p . PluginObj . Config . Entrypoint , p . PluginObj . Settings . Args ... )
cwd := p . PluginObj . Config . WorkDir
if len ( cwd ) == 0 {
cwd = "/"
}
s . Process . Terminal = false
s . Process . Args = args
s . Process . Cwd = cwd
s . Process . Env = envs
2017-04-27 17:52:47 -04:00
caps := s . Process . Capabilities
caps . Bounding = append ( caps . Bounding , p . PluginObj . Config . Linux . Capabilities ... )
caps . Permitted = append ( caps . Permitted , p . PluginObj . Config . Linux . Capabilities ... )
caps . Inheritable = append ( caps . Inheritable , p . PluginObj . Config . Linux . Capabilities ... )
caps . Effective = append ( caps . Effective , p . PluginObj . Config . Linux . Capabilities ... )
2016-12-12 18:05:53 -05:00
2017-12-13 15:24:51 -05:00
if p . modifyRuntimeSpec != nil {
p . modifyRuntimeSpec ( & s )
}
2016-12-12 18:05:53 -05:00
return & s , nil
}