kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Implemented a self-injecting process wrapper that runs inside the container

Browse source 
- Before starting the container, docker injects itself inside the container by mount binding the dockerd binary into /sbin/init
- Instead of running the user process directly inside the container, we run /sbin/init targetprocess [args...]
- When docker is run as /sbin/init (e.g. argv[0] == "/sbin/init"), then its own sys init code kicks in
- The sys init code will be responsible for setting up the process environment prior to its execution (setuid, networking, ...).
- Finally, docker's sys init will exec() the container's process, thus replacing itself with the target binary (which will be running as pid 1)
This commit is contained in:
Andrea Luzzardi 2013-02-13 14:01:44 -08:00
parent 0d46006269
commit 58a2294260
5 changed files with 53 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lxc_template.go
View file

@ -74,6 +74,9 @@ lxc.mount.entry = devpts {{$ROOTFS}}/dev/pts devpts newinstance,ptmxmode=0666,no
#lxc.mount.entry = varlock {{$ROOTFS}}/var/lock tmpfs size=1024k,nosuid,nodev,noexec 0 0
#lxc.mount.entry = shm {{$ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0
# Inject docker-init
lxc.mount.entry = {{.SysInitPath}} {{$ROOTFS}}/sbin/init none bind,ro 0 0
# In order to get a working DNS environment, mount bind (ro) the host's /etc/resolv.conf into the container
lxc.mount.entry = /etc/resolv.conf {{$ROOTFS}}/etc/resolv.conf none bind,ro 0 0