kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Update libcontainer Context changes

Browse source 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-06-26 12:23:53 -07:00
parent 41e7523291
commit c9fdb08bda
4 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/execdriver/native/configuration/parse.go
View file

@ -54,7 +54,7 @@ func systemdSlice(container *libcontainer.Config, context interface{}, value str
}
func apparmorProfile(container *libcontainer.Config, context interface{}, value string) error {
container.Context["apparmor_profile"] = value
container.AppArmorProfile = value
return nil
}

5
daemon/execdriver/native/configuration/parse_test.go
View file

@ -84,8 +84,9 @@ func TestAppArmorProfile(t *testing.T) {
if err := ParseConfiguration(container, nil, opts); err != nil {
t.Fatal(err)
}
if expected := "koye-the-protector"; container.Context["apparmor_profile"] != expected {
t.Fatalf("expected profile %s got %s", expected, container.Context["apparmor_profile"])
if expected := "koye-the-protector"; container.AppArmorProfile != expected {
t.Fatalf("expected profile %s got %s", expected, container.AppArmorProfile)
}
}

10
daemon/execdriver/native/create.go
View file

@ -32,7 +32,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
// check to see if we are running in ramdisk to disable pivot root
container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
container.Context["restrictions"] = "true"
container.RestrictSys = true
if err := d.createNetwork(container, c); err != nil {
return nil, err
@ -127,10 +127,10 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
}
container.MountConfig.DeviceNodes = hostDeviceNodes
delete(container.Context, "restrictions")
container.RestrictSys = false
if apparmor.IsEnabled() {
container.Context["apparmor_profile"] = "unconfined"
container.AppArmorProfile = "unconfined"
}
return nil
@ -163,8 +163,8 @@ func (d *driver) setupMounts(container *libcontainer.Config, c *execdriver.Comma
}
func (d *driver) setupLabels(container *libcontainer.Config, c *execdriver.Command) error {
container.Context["process_label"] = c.Config["process_label"][0]
container.Context["mount_label"] = c.Config["mount_label"][0]
container.ProcessLabel = c.Config["process_label"][0]
container.MountConfig.MountLabel = c.Config["mount_label"][0]
return nil
}

3
daemon/execdriver/native/template/default_template.go
View file

@ -35,11 +35,10 @@ func New() *libcontainer.Config {
AllowAllDevices: false,
},
MountConfig: &libcontainer.MountConfig{},
Context: make(map[string]string),
}
if apparmor.IsEnabled() {
container.Context["apparmor_profile"] = "docker-default"
container.AppArmorProfile = "docker-default"
}
return container