Update libcontainer references

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)

daemon/execdriver/lxc/lxc_init_linux.go

@@ -29,7 +29,7 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 
 	if !args.Privileged {
 		// drop capabilities in bounding set before changing user
-		if err := capabilities.DropBoundingSet(container); err != nil {
+		if err := capabilities.DropBoundingSet(container.Capabilities); err != nil {
 			return fmt.Errorf("drop bounding set %s", err)
 		}
 
@@ -49,7 +49,7 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 		}
 
 		// drop all other capabilities
-		if err := capabilities.DropCapabilities(container); err != nil {
+		if err := capabilities.DropCapabilities(container.Capabilities); err != nil {
 			return fmt.Errorf("drop capabilities %s", err)
 		}
 	}

daemon/execdriver/native/configuration/parse.go

@@ -138,9 +138,9 @@ func dropNamespace(container *libcontainer.Container, context interface{}, value
 func readonlyFs(container *libcontainer.Container, context interface{}, value string) error {
 	switch value {
 	case "1", "true":
-		container.ReadonlyFs = true
+		container.MountConfig.ReadonlyFs = true
 	default:
-		container.ReadonlyFs = false
+		container.MountConfig.ReadonlyFs = false
 	}
 	return nil
 }
@@ -154,28 +154,13 @@ func joinNetNamespace(container *libcontainer.Container, context interface{}, va
 	if cmd == nil || cmd.Process == nil {
 		return fmt.Errorf("%s is not a valid running container to join", value)
 	}
+
 	nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
 	container.Networks = append(container.Networks, &libcontainer.Network{
-		Type: "netns",
+		Type:   "netns",
-		Context: libcontainer.Context{
+		NsPath: nspath,
-			"nspath": nspath,
-		},
 	})
-	return nil
-}
 
-func vethMacAddress(container *libcontainer.Container, context interface{}, value string) error {
-	var veth *libcontainer.Network
-	for _, network := range container.Networks {
-		if network.Type == "veth" {
-			veth = network
-			break
-		}
-	}
-	if veth == nil {
-		return fmt.Errorf("not veth configured for container")
-	}
-	veth.Context["mac"] = value
 	return nil
 }
 

daemon/execdriver/native/configuration/parse_test.go

@@ -3,7 +3,7 @@ package configuration
 import (
 	"testing"
 
-	"github.com/docker/libcontainer"
+	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
 )
 
@@ -25,14 +25,14 @@ func TestSetReadonlyRootFs(t *testing.T) {
 		}
 	)
 
-	if container.ReadonlyFs {
+	if container.MountConfig.ReadonlyFs {
 		t.Fatal("container should not have a readonly rootfs by default")
 	}
 	if err := ParseConfiguration(container, nil, opts); err != nil {
 		t.Fatal(err)
 	}
 
-	if !container.ReadonlyFs {
+	if !container.MountConfig.ReadonlyFs {
 		t.Fatal("container should have a readonly rootfs")
 	}
 }
@@ -165,7 +165,7 @@ func TestDropCap(t *testing.T) {
 		}
 	)
 	// enabled all caps like in privileged mode
-	container.Capabilities = libcontainer.GetAllCapabilities()
+	container.Capabilities = capabilities.GetAllCapabilities()
 	if err := ParseConfiguration(container, nil, opts); err != nil {
 		t.Fatal(err)
 	}

daemon/execdriver/native/create.go

@@ -9,6 +9,8 @@ import (
 	"github.com/docker/libcontainer"
 	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/devices"
+	"github.com/docker/libcontainer/mount"
+	"github.com/docker/libcontainer/security/capabilities"
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/configuration"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
@@ -26,37 +28,45 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container
 	container.Env = c.Env
 	container.Cgroups.Name = c.ID
 	container.Cgroups.AllowedDevices = c.AllowedDevices
-	container.DeviceNodes = c.AutoCreatedDevices
+	container.MountConfig.DeviceNodes = c.AutoCreatedDevices
+
 	// check to see if we are running in ramdisk to disable pivot root
-	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
+	container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
 	container.Context["restrictions"] = "true"
 
 	if err := d.createNetwork(container, c); err != nil {
 		return nil, err
 	}
+
 	if c.Privileged {
 		if err := d.setPrivileged(container); err != nil {
 			return nil, err
 		}
 	}
+
 	if err := d.setupCgroups(container, c); err != nil {
 		return nil, err
 	}
+
 	if err := d.setupMounts(container, c); err != nil {
 		return nil, err
 	}
+
 	if err := d.setupLabels(container, c); err != nil {
 		return nil, err
 	}
+
 	cmds := make(map[string]*exec.Cmd)
 	d.Lock()
 	for k, v := range d.activeContainers {
 		cmds[k] = v.cmd
 	}
 	d.Unlock()
+
 	if err := configuration.ParseConfiguration(container, cmds, c.Config["native"]); err != nil {
 		return nil, err
 	}
+
 	return container, nil
 }
 
@@ -65,26 +75,24 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.
 		container.Namespaces["NEWNET"] = false
 		return nil
 	}
+
 	container.Networks = []*libcontainer.Network{
 		{
 			Mtu:     c.Network.Mtu,
 			Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
 			Gateway: "localhost",
 			Type:    "loopback",
-			Context: libcontainer.Context{},
 		},
 	}
 
 	if c.Network.Interface != nil {
 		vethNetwork := libcontainer.Network{
-			Mtu:     c.Network.Mtu,
+			Mtu:        c.Network.Mtu,
-			Address: fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
+			Address:    fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
-			Gateway: c.Network.Interface.Gateway,
+			Gateway:    c.Network.Interface.Gateway,
-			Type:    "veth",
+			Type:       "veth",
-			Context: libcontainer.Context{
+			Bridge:     c.Network.Interface.Bridge,
-				"prefix": "veth",
+			VethPrefix: "veth",
-				"bridge": c.Network.Interface.Bridge,
-			},
 		}
 		container.Networks = append(container.Networks, &vethNetwork)
 	}
@@ -93,6 +101,7 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.
 		d.Lock()
 		active := d.activeContainers[c.Network.ContainerID]
 		d.Unlock()
+
 		if active == nil || active.cmd.Process == nil {
 			return fmt.Errorf("%s is not a valid running container to join", c.Network.ContainerID)
 		}
@@ -100,30 +109,30 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.
 
 		nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
 		container.Networks = append(container.Networks, &libcontainer.Network{
-			Type: "netns",
+			Type:   "netns",
-			Context: libcontainer.Context{
+			NsPath: nspath,
-				"nspath": nspath,
-			},
 		})
 	}
+
 	return nil
 }
 
 func (d *driver) setPrivileged(container *libcontainer.Container) (err error) {
-	container.Capabilities = libcontainer.GetAllCapabilities()
+	container.Capabilities = capabilities.GetAllCapabilities()
 	container.Cgroups.AllowAllDevices = true
 
 	hostDeviceNodes, err := devices.GetHostDeviceNodes()
 	if err != nil {
 		return err
 	}
-	container.DeviceNodes = hostDeviceNodes
+	container.MountConfig.DeviceNodes = hostDeviceNodes
 
 	delete(container.Context, "restrictions")
 
 	if apparmor.IsEnabled() {
 		container.Context["apparmor_profile"] = "unconfined"
 	}
+
 	return nil
 }
 
@@ -135,12 +144,13 @@ func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.C
 		container.Cgroups.MemorySwap = c.Resources.MemorySwap
 		container.Cgroups.CpusetCpus = c.Resources.Cpuset
 	}
+
 	return nil
 }
 
 func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Command) error {
 	for _, m := range c.Mounts {
-		container.Mounts = append(container.Mounts, libcontainer.Mount{
+		container.MountConfig.Mounts = append(container.MountConfig.Mounts, mount.Mount{
 			Type:        "bind",
 			Source:      m.Source,
 			Destination: m.Destination,
@@ -148,11 +158,13 @@ func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Co
 			Private:     m.Private,
 		})
 	}
+
 	return nil
 }
 
 func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error {
 	container.Context["process_label"] = c.Config["process_label"][0]
 	container.Context["mount_label"] = c.Config["mount_label"][0]
+
 	return nil
 }

daemon/execdriver/native/template/default_template.go

@@ -34,10 +34,13 @@ func New() *libcontainer.Container {
 			Parent:          "docker",
 			AllowAllDevices: false,
 		},
-		Context: libcontainer.Context{},
+		MountConfig: &libcontainer.MountConfig{},
+		Context:     make(map[string]string),
 	}
+
 	if apparmor.IsEnabled() {
 		container.Context["apparmor_profile"] = "docker-default"
 	}
+
 	return container
 }