kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Shorten controller ID in exec-root to not hit UNIX_PATH_MAX 

Signed-off-by: Grant Millar <rid@cylo.io>
This commit is contained in:
Grant Millar 2019-08-28 18:59:49 +01:00
parent b8f02469bc
commit 049966bdc2
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libnetwork/sandbox_externalkey_unix.go
View File

@ -12,6 +12,7 @@ import (
"os"
"path/filepath"
"github.com/docker/docker/pkg/stringid"
"github.com/docker/libnetwork/types"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
@ -24,7 +25,7 @@ const (
)
// processSetKeyReexec is a private function that must be called only on an reexec path
// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <controller-id> }
// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <short-controller-id> }
// It also expects specs.State as a json string in <stdin>
// Refer to https://github.com/opencontainers/runc/pull/160/ for more information
// The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker".
@ -41,14 +42,14 @@ func processSetKeyReexec() {
execRoot := flag.String("exec-root", defaultExecRoot, "docker exec root")
flag.Parse()
// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }
// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<short-controller-id> }
// (i.e. expecting 2 flag.Args())
args := flag.Args()
if len(args) < 2 {
err = fmt.Errorf("Re-exec expects 2 args (after parsing flags), received : %d", len(args))
return
}
containerID, controllerID := args[0], args[1]
containerID, shortCtlrID := args[0], args[1]
// We expect specs.State as a json string in <stdin>
stateBuf, err := ioutil.ReadAll(os.Stdin)
@ -60,16 +61,16 @@ func processSetKeyReexec() {
return
}
err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
err = SetExternalKey(shortCtlrID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
}
// SetExternalKey provides a convenient way to set an External key to a sandbox
func SetExternalKey(controllerID string, containerID string, key string, execRoot string) error {
func SetExternalKey(shortCtlrID string, containerID string, key string, execRoot string) error {
keyData := setKeyData{
ContainerID: containerID,
Key: key}
uds := filepath.Join(execRoot, execSubdir, controllerID+".sock")
uds := filepath.Join(execRoot, execSubdir, shortCtlrID+".sock")
c, err := net.Dial("unix", uds)
if err != nil {
return err
@ -120,7 +121,8 @@ func (c *controller) startExternalKeyListener() error {
if err := os.MkdirAll(udsBase, 0600); err != nil {
return err
}
uds := filepath.Join(udsBase, c.id+".sock")
shortCtlrID := stringid.TruncateID(c.id)
uds := filepath.Join(udsBase, shortCtlrID+".sock")
l, err := net.Listen("unix", uds)
if err != nil {
return err