contrib/init: unshare mount namespace for inits
* openrc * sysvinit-debian * upstart Signed-off-by: Vincent Batts <vbatts@redhat.com>
This commit is contained in:
parent
975e668722
commit
b6569b6b82
|
@ -7,6 +7,7 @@ DOCKER_LOGFILE=${DOCKER_LOGFILE:-/var/log/${SVCNAME}.log}
|
||||||
DOCKER_PIDFILE=${DOCKER_PIDFILE:-/run/${SVCNAME}.pid}
|
DOCKER_PIDFILE=${DOCKER_PIDFILE:-/run/${SVCNAME}.pid}
|
||||||
DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker}
|
DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker}
|
||||||
DOCKER_OPTS=${DOCKER_OPTS:-}
|
DOCKER_OPTS=${DOCKER_OPTS:-}
|
||||||
|
UNSHARE_BINARY=${UNSHARE_BINARY:-/usr/bin/unshare}
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
|
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
|
||||||
|
@ -16,11 +17,12 @@ start() {
|
||||||
|
|
||||||
ebegin "Starting docker daemon"
|
ebegin "Starting docker daemon"
|
||||||
start-stop-daemon --start --background \
|
start-stop-daemon --start --background \
|
||||||
--exec "$DOCKER_BINARY" \
|
--exec "$UNSHARE_BINARY" \
|
||||||
--pidfile "$DOCKER_PIDFILE" \
|
--pidfile "$DOCKER_PIDFILE" \
|
||||||
--stdout "$DOCKER_LOGFILE" \
|
--stdout "$DOCKER_LOGFILE" \
|
||||||
--stderr "$DOCKER_LOGFILE" \
|
--stderr "$DOCKER_LOGFILE" \
|
||||||
-- -d -p "$DOCKER_PIDFILE" \
|
-- --mount \
|
||||||
|
-- "$DOCKER_BINARY" -d -p "$DOCKER_PIDFILE" \
|
||||||
$DOCKER_OPTS
|
$DOCKER_OPTS
|
||||||
eend $?
|
eend $?
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,6 +30,7 @@ DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
|
||||||
DOCKER_LOGFILE=/var/log/$BASE.log
|
DOCKER_LOGFILE=/var/log/$BASE.log
|
||||||
DOCKER_OPTS=
|
DOCKER_OPTS=
|
||||||
DOCKER_DESC="Docker"
|
DOCKER_DESC="Docker"
|
||||||
|
UNSHARE=${UNSHARE:-/usr/bin/unshare}
|
||||||
|
|
||||||
# Get lsb functions
|
# Get lsb functions
|
||||||
. /lib/lsb/init-functions
|
. /lib/lsb/init-functions
|
||||||
|
@ -99,11 +100,11 @@ case "$1" in
|
||||||
log_begin_msg "Starting $DOCKER_DESC: $BASE"
|
log_begin_msg "Starting $DOCKER_DESC: $BASE"
|
||||||
start-stop-daemon --start --background \
|
start-stop-daemon --start --background \
|
||||||
--no-close \
|
--no-close \
|
||||||
--exec "$DOCKER" \
|
--exec "$UNSHARE" \
|
||||||
--pidfile "$DOCKER_SSD_PIDFILE" \
|
--pidfile "$DOCKER_SSD_PIDFILE" \
|
||||||
--make-pidfile \
|
--make-pidfile \
|
||||||
-- \
|
-- --mount \
|
||||||
-d -p "$DOCKER_PIDFILE" \
|
-- "$DOCKER" -d -p "$DOCKER_PIDFILE" \
|
||||||
$DOCKER_OPTS \
|
$DOCKER_OPTS \
|
||||||
>> "$DOCKER_LOGFILE" 2>&1
|
>> "$DOCKER_LOGFILE" 2>&1
|
||||||
log_end_msg $?
|
log_end_msg $?
|
||||||
|
|
|
@ -37,7 +37,7 @@ script
|
||||||
if [ -f /etc/default/$UPSTART_JOB ]; then
|
if [ -f /etc/default/$UPSTART_JOB ]; then
|
||||||
. /etc/default/$UPSTART_JOB
|
. /etc/default/$UPSTART_JOB
|
||||||
fi
|
fi
|
||||||
exec "$DOCKER" -d $DOCKER_OPTS
|
exec unshare -m -- "$DOCKER" -d $DOCKER_OPTS
|
||||||
end script
|
end script
|
||||||
|
|
||||||
# Don't emit "started" event until docker.sock is ready.
|
# Don't emit "started" event until docker.sock is ready.
|
||||||
|
|
Loading…
Reference in New Issue