diff --git a/daemon/execdriver/lxc/lxc_init_linux.go b/daemon/execdriver/lxc/lxc_init_linux.go index a11b0f056c..92c96cc30e 100644 --- a/daemon/execdriver/lxc/lxc_init_linux.go +++ b/daemon/execdriver/lxc/lxc_init_linux.go @@ -9,9 +9,9 @@ import ( "github.com/docker/docker/daemon/execdriver" "github.com/docker/docker/daemon/execdriver/native/template" - "github.com/docker/docker/pkg/system" "github.com/docker/libcontainer/namespaces" "github.com/docker/libcontainer/security/capabilities" + "github.com/docker/libcontainer/system" "github.com/docker/libcontainer/utils" ) diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go index 51767a99d6..22c6606c0d 100644 --- a/daemon/execdriver/native/driver.go +++ b/daemon/execdriver/native/driver.go @@ -15,14 +15,15 @@ import ( "syscall" "github.com/docker/docker/daemon/execdriver" - "github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/term" "github.com/docker/libcontainer" "github.com/docker/libcontainer/apparmor" "github.com/docker/libcontainer/cgroups/fs" "github.com/docker/libcontainer/cgroups/systemd" + consolepkg "github.com/docker/libcontainer/console" "github.com/docker/libcontainer/namespaces" "github.com/docker/libcontainer/syncpipe" + "github.com/docker/libcontainer/system" ) const ( @@ -143,8 +144,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba }, args...) // set this to nil so that when we set the clone flags anything else is reset - c.SysProcAttr = nil - system.SetCloneFlags(&c.Cmd, uintptr(namespaces.GetNamespaceFlags(container.Namespaces))) + c.SysProcAttr = &syscall.SysProcAttr{ + Cloneflags: uintptr(namespaces.GetNamespaceFlags(container.Namespaces)), + } c.ExtraFiles = []*os.File{child} c.Env = container.Env @@ -285,7 +287,7 @@ type TtyConsole struct { } func NewTtyConsole(command *execdriver.Command, pipes *execdriver.Pipes) (*TtyConsole, error) { - ptyMaster, console, err := system.CreateMasterAndConsole() + ptyMaster, console, err := consolepkg.CreateMasterAndConsole() if err != nil { return nil, err } diff --git a/pkg/system/calls_linux.go b/pkg/system/calls_linux.go deleted file mode 100644 index 125fd25956..0000000000 --- a/pkg/system/calls_linux.go +++ /dev/null @@ -1,185 +0,0 @@ -package system - -import ( - "os/exec" - "syscall" - "unsafe" -) - -func Chroot(dir string) error { - return syscall.Chroot(dir) -} - -func Chdir(dir string) error { - return syscall.Chdir(dir) -} - -func Exec(cmd string, args []string, env []string) error { - return syscall.Exec(cmd, args, env) -} - -func Execv(cmd string, args []string, env []string) error { - name, err := exec.LookPath(cmd) - if err != nil { - return err - } - return Exec(name, args, env) -} - -func Fork() (int, error) { - syscall.ForkLock.Lock() - pid, _, err := syscall.Syscall(syscall.SYS_FORK, 0, 0, 0) - syscall.ForkLock.Unlock() - if err != 0 { - return -1, err - } - return int(pid), nil -} - -func Mount(source, target, fstype string, flags uintptr, data string) error { - return syscall.Mount(source, target, fstype, flags, data) -} - -func Unmount(target string, flags int) error { - return syscall.Unmount(target, flags) -} - -func Pivotroot(newroot, putold string) error { - return syscall.PivotRoot(newroot, putold) -} - -func Unshare(flags int) error { - return syscall.Unshare(flags) -} - -func Clone(flags uintptr) (int, error) { - syscall.ForkLock.Lock() - pid, _, err := syscall.RawSyscall(syscall.SYS_CLONE, flags, 0, 0) - syscall.ForkLock.Unlock() - if err != 0 { - return -1, err - } - return int(pid), nil -} - -func UsetCloseOnExec(fd uintptr) error { - if _, _, err := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_SETFD, 0); err != 0 { - return err - } - return nil -} - -func Setgroups(gids []int) error { - return syscall.Setgroups(gids) -} - -func Setresgid(rgid, egid, sgid int) error { - return syscall.Setresgid(rgid, egid, sgid) -} - -func Setresuid(ruid, euid, suid int) error { - return syscall.Setresuid(ruid, euid, suid) -} - -func Setgid(gid int) error { - return syscall.Setgid(gid) -} - -func Setuid(uid int) error { - return syscall.Setuid(uid) -} - -func Sethostname(name string) error { - return syscall.Sethostname([]byte(name)) -} - -func Setsid() (int, error) { - return syscall.Setsid() -} - -func Ioctl(fd uintptr, flag, data uintptr) error { - if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, flag, data); err != 0 { - return err - } - return nil -} - -func Closefd(fd uintptr) error { - return syscall.Close(int(fd)) -} - -func Dup2(fd1, fd2 uintptr) error { - return syscall.Dup2(int(fd1), int(fd2)) -} - -func Mknod(path string, mode uint32, dev int) error { - return syscall.Mknod(path, mode, dev) -} - -func Prctl(option int, arg2, arg3, arg4, arg5 uintptr) error { - if _, _, err := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0); err != 0 { - return err - } - return nil -} - -func ParentDeathSignal(sig uintptr) error { - if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, sig, 0); err != 0 { - return err - } - return nil -} - -func GetParentDeathSignal() (int, error) { - var sig int - - _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0) - - if err != 0 { - return -1, err - } - - return sig, nil -} - -func SetKeepCaps() error { - if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 1, 0); err != 0 { - return err - } - - return nil -} - -func ClearKeepCaps() error { - if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 0, 0); err != 0 { - return err - } - - return nil -} - -func Setctty() error { - if _, _, err := syscall.RawSyscall(syscall.SYS_IOCTL, 0, uintptr(syscall.TIOCSCTTY), 0); err != 0 { - return err - } - return nil -} - -func Mkfifo(name string, mode uint32) error { - return syscall.Mkfifo(name, mode) -} - -func Umask(mask int) int { - return syscall.Umask(mask) -} - -func SetCloneFlags(cmd *exec.Cmd, flag uintptr) { - if cmd.SysProcAttr == nil { - cmd.SysProcAttr = &syscall.SysProcAttr{} - } - cmd.SysProcAttr.Cloneflags = flag -} - -func Gettid() int { - return syscall.Gettid() -} diff --git a/pkg/system/fds_linux.go b/pkg/system/fds_linux.go deleted file mode 100644 index 53d2299d3e..0000000000 --- a/pkg/system/fds_linux.go +++ /dev/null @@ -1,38 +0,0 @@ -package system - -import ( - "io/ioutil" - "strconv" - "syscall" -) - -// Works similarly to OpenBSD's "closefrom(2)": -// The closefrom() call deletes all descriptors numbered fd and higher from -// the per-process file descriptor table. It is effectively the same as -// calling close(2) on each descriptor. -// http://www.openbsd.org/cgi-bin/man.cgi?query=closefrom&sektion=2 -// -// See also http://stackoverflow.com/a/918469/433558 -func CloseFdsFrom(minFd int) error { - fdList, err := ioutil.ReadDir("/proc/self/fd") - if err != nil { - return err - } - for _, fi := range fdList { - fd, err := strconv.Atoi(fi.Name()) - if err != nil { - // ignore non-numeric file names - continue - } - - if fd < minFd { - // ignore descriptors lower than our specified minimum - continue - } - - // intentionally ignore errors from syscall.Close - syscall.Close(fd) - // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) - } - return nil -} diff --git a/pkg/system/fds_unsupported.go b/pkg/system/fds_unsupported.go deleted file mode 100644 index c1e08e82d3..0000000000 --- a/pkg/system/fds_unsupported.go +++ /dev/null @@ -1,12 +0,0 @@ -// +build !linux - -package system - -import ( - "fmt" - "runtime" -) - -func CloseFdsFrom(minFd int) error { - return fmt.Errorf("CloseFdsFrom is unsupported on this platform (%s/%s)", runtime.GOOS, runtime.GOARCH) -} diff --git a/pkg/system/proc.go b/pkg/system/proc.go deleted file mode 100644 index a492346c7f..0000000000 --- a/pkg/system/proc.go +++ /dev/null @@ -1,26 +0,0 @@ -package system - -import ( - "io/ioutil" - "path/filepath" - "strconv" - "strings" -) - -// look in /proc to find the process start time so that we can verify -// that this pid has started after ourself -func GetProcessStartTime(pid int) (string, error) { - data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat")) - if err != nil { - return "", err - } - parts := strings.Split(string(data), " ") - // the starttime is located at pos 22 - // from the man page - // - // starttime %llu (was %lu before Linux 2.6) - // (22) The time the process started after system boot. In kernels before Linux 2.6, this - // value was expressed in jiffies. Since Linux 2.6, the value is expressed in clock ticks - // (divide by sysconf(_SC_CLK_TCK)). - return parts[22-1], nil // starts at 1 -} diff --git a/pkg/system/pty_linux.go b/pkg/system/pty_linux.go deleted file mode 100644 index ca588d8ce9..0000000000 --- a/pkg/system/pty_linux.go +++ /dev/null @@ -1,58 +0,0 @@ -package system - -import ( - "fmt" - "os" - "syscall" - "unsafe" -) - -// Unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. -// Unlockpt should be called before opening the slave side of a pseudoterminal. -func Unlockpt(f *os.File) error { - var u int - return Ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u))) -} - -// Ptsname retrieves the name of the first available pts for the given master. -func Ptsname(f *os.File) (string, error) { - var n int - - if err := Ioctl(f.Fd(), syscall.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil { - return "", err - } - return fmt.Sprintf("/dev/pts/%d", n), nil -} - -// CreateMasterAndConsole will open /dev/ptmx on the host and retreive the -// pts name for use as the pty slave inside the container -func CreateMasterAndConsole() (*os.File, string, error) { - master, err := os.OpenFile("/dev/ptmx", syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0) - if err != nil { - return nil, "", err - } - console, err := Ptsname(master) - if err != nil { - return nil, "", err - } - if err := Unlockpt(master); err != nil { - return nil, "", err - } - return master, console, nil -} - -// OpenPtmx opens /dev/ptmx, i.e. the PTY master. -func OpenPtmx() (*os.File, error) { - // O_NOCTTY and O_CLOEXEC are not present in os package so we use the syscall's one for all. - return os.OpenFile("/dev/ptmx", syscall.O_RDONLY|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0) -} - -// OpenTerminal is a clone of os.OpenFile without the O_CLOEXEC -// used to open the pty slave inside the container namespace -func OpenTerminal(name string, flag int) (*os.File, error) { - r, e := syscall.Open(name, flag, 0) - if e != nil { - return nil, &os.PathError{"open", name, e} - } - return os.NewFile(uintptr(r), name), nil -} diff --git a/pkg/system/setns_linux.go b/pkg/system/setns_linux.go deleted file mode 100644 index 2b6f9e77ec..0000000000 --- a/pkg/system/setns_linux.go +++ /dev/null @@ -1,27 +0,0 @@ -package system - -import ( - "fmt" - "runtime" - "syscall" -) - -// Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092 -// -// We need different setns values for the different platforms and arch -// We are declaring the macro here because the SETNS syscall does not exist in th stdlib -var setNsMap = map[string]uintptr{ - "linux/amd64": 308, -} - -func Setns(fd uintptr, flags uintptr) error { - ns, exists := setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)] - if !exists { - return ErrNotSupportedPlatform - } - _, _, err := syscall.RawSyscall(ns, fd, flags, 0) - if err != 0 { - return err - } - return nil -} diff --git a/pkg/system/sysconfig_nocgo.go b/pkg/system/sysconfig_nocgo.go deleted file mode 100644 index 7ca3488154..0000000000 --- a/pkg/system/sysconfig_nocgo.go +++ /dev/null @@ -1,9 +0,0 @@ -// +build linux,!cgo - -package system - -func GetClockTicks() int { - // when we cannot call out to C to get the sysconf it is fairly safe to - // just return 100 - return 100 -} diff --git a/pkg/system/unsupported.go b/pkg/system/unsupported.go deleted file mode 100644 index aea4b69f97..0000000000 --- a/pkg/system/unsupported.go +++ /dev/null @@ -1,38 +0,0 @@ -// +build !linux - -package system - -import ( - "os" - "os/exec" -) - -func SetCloneFlags(cmd *exec.Cmd, flag uintptr) { - -} - -func UsetCloseOnExec(fd uintptr) error { - return ErrNotSupportedPlatform -} - -func Gettid() int { - return 0 -} - -func GetClockTicks() int { - // when we cannot call out to C to get the sysconf it is fairly safe to - // just return 100 - return 100 -} - -func CreateMasterAndConsole() (*os.File, string, error) { - return nil, "", ErrNotSupportedPlatform -} - -func SetKeepCaps() error { - return ErrNotSupportedPlatform -} - -func ClearKeepCaps() error { - return ErrNotSupportedPlatform -}