kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Update libcontainer Context changes

Browse source 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-06-26 12:23:53 -07:00
parent 41e7523291
commit c9fdb08bda
4 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/execdriver/native/configuration/parse.go
View file

@ -54,7 +54,7 @@ func systemdSlice(container *libcontainer.Config, context interface{}, value str
} }
func apparmorProfile(container *libcontainer.Config, context interface{}, value string) error { func apparmorProfile(container *libcontainer.Config, context interface{}, value string) error {
container.Context["apparmor_profile"] = value container.AppArmorProfile = value
return nil return nil
} }

5
daemon/execdriver/native/configuration/parse_test.go
View file

@ -84,8 +84,9 @@ func TestAppArmorProfile(t *testing.T) {
if err := ParseConfiguration(container, nil, opts); err != nil { if err := ParseConfiguration(container, nil, opts); err != nil {
t.Fatal(err) t.Fatal(err)
} }
if expected := "koye-the-protector"; container.Context["apparmor_profile"] != expected {
t.Fatalf("expected profile %s got %s", expected, container.Context["apparmor_profile"]) if expected := "koye-the-protector"; container.AppArmorProfile != expected {
t.Fatalf("expected profile %s got %s", expected, container.AppArmorProfile)
} }
} }

10
daemon/execdriver/native/create.go
View file

@ -32,7 +32,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
// check to see if we are running in ramdisk to disable pivot root // check to see if we are running in ramdisk to disable pivot root
container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != "" container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
container.Context["restrictions"] = "true" container.RestrictSys = true
if err := d.createNetwork(container, c); err != nil { if err := d.createNetwork(container, c); err != nil {
return nil, err return nil, err
@ -127,10 +127,10 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) {
} }
container.MountConfig.DeviceNodes = hostDeviceNodes container.MountConfig.DeviceNodes = hostDeviceNodes
delete(container.Context, "restrictions") container.RestrictSys = false
if apparmor.IsEnabled() { if apparmor.IsEnabled() {
container.Context["apparmor_profile"] = "unconfined" container.AppArmorProfile = "unconfined"
} }
return nil return nil
@ -163,8 +163,8 @@ func (d *driver) setupMounts(container *libcontainer.Config, c *execdriver.Comma
} }
func (d *driver) setupLabels(container *libcontainer.Config, c *execdriver.Command) error { func (d *driver) setupLabels(container *libcontainer.Config, c *execdriver.Command) error {
container.Context["process_label"] = c.Config["process_label"][0] container.ProcessLabel = c.Config["process_label"][0]
container.Context["mount_label"] = c.Config["mount_label"][0] container.MountConfig.MountLabel = c.Config["mount_label"][0]
return nil return nil
} }

3
daemon/execdriver/native/template/default_template.go
View file

@ -35,11 +35,10 @@ func New() *libcontainer.Config {
AllowAllDevices: false, AllowAllDevices: false,
}, },
MountConfig: &libcontainer.MountConfig{}, MountConfig: &libcontainer.MountConfig{},
Context: make(map[string]string),
} }
if apparmor.IsEnabled() { if apparmor.IsEnabled() {
container.Context["apparmor_profile"] = "docker-default" container.AppArmorProfile = "docker-default"
} }
return container return container