kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Update code post codereview

Browse source 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-05-21 00:36:50 +00:00
parent ed5892ed4e
commit f042c3c157
6 changed files with 25 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
daemon/execdriver/native/create.go
View file

@ -101,9 +101,9 @@ func (d *driver) setPrivileged(container *libcontainer.Container) (err error) {
container.Cgroups.DeviceAccess = true container.Cgroups.DeviceAccess = true
delete(container.Context, "restrictions") delete(container.Context, "restrictions")
delete(container.DeviceNodes, "additional")
if container.DeviceNodes["required"], err = nodes.GetHostDeviceNodes(); err != nil { container.OptionalDeviceNodes = nil
if container.RequiredDeviceNodes, err = nodes.GetHostDeviceNodes(); err != nil {
return err return err
} }

8
daemon/execdriver/native/template/default_template.go
View file

@ -33,11 +33,9 @@ func New() *libcontainer.Container {
Parent: "docker", Parent: "docker",
DeviceAccess: false, DeviceAccess: false,
}, },
Context: libcontainer.Context{}, Context: libcontainer.Context{},
DeviceNodes: map[string][]string{ RequiredDeviceNodes: nodes.DefaultNodes,
"required": nodes.DefaultNodes, OptionalDeviceNodes: []string{"fuse"},
"additional": {"fuse"},
},
} }
if apparmor.IsEnabled() { if apparmor.IsEnabled() {
container.Context["apparmor_profile"] = "docker-default" container.Context["apparmor_profile"] = "docker-default"

17
pkg/libcontainer/container.go
View file

@ -43,7 +43,7 @@ type Container struct {
// All capbilities not specified will be dropped from the processes capability mask // All capbilities not specified will be dropped from the processes capability mask
Capabilities []string `json:"capabilities,omitempty"` Capabilities []string `json:"capabilities,omitempty"`
// Networks specifies the container's network stop to be created // Networks specifies the container's network setup to be created
Networks []*Network `json:"networks,omitempty"` Networks []*Network `json:"networks,omitempty"`
// Cgroups specifies specific cgroup settings for the various subsystems that the container is // Cgroups specifies specific cgroup settings for the various subsystems that the container is
@ -60,14 +60,13 @@ type Container struct {
// rootfs and mount namespace if specified // rootfs and mount namespace if specified
Mounts Mounts `json:"mounts,omitempty"` Mounts Mounts `json:"mounts,omitempty"`
// DeviceNodes are a list of 'required' and 'additional' nodes that will be mknod into the container's // RequiredDeviceNodes are a list of device nodes that will be mknod into the container's rootfs at /dev
// rootfs at /dev // If the host system does not support the device that the container requests an error is returned
// RequiredDeviceNodes []string `json:"required_device_nodes,omitempty"`
// Required device nodes will return an error if the host system does not have this device available
// // OptionalDeviceNodes are a list of device nodes that will be mknod into the container's rootfs at /dev
// Additional device nodes are created but no error is returned if the host system does not have the // If the host system does not support the device that the container requests the error is ignored
// device avaliable for use by the container OptionalDeviceNodes []string `json:"optional_device_nodes,omitempty"`
DeviceNodes map[string][]string `json:"device_nodes,omitempty"`
} }
// Network defines configuration for a container's networking stack // Network defines configuration for a container's networking stack

18
pkg/libcontainer/container.json
View file

@ -44,14 +44,12 @@
"type": "devtmpfs" "type": "devtmpfs"
} }
], ],
"device_nodes": { "required_device_nodes": [
"required": [ "null",
"null", "zero",
"zero", "full",
"full", "random",
"random", "urandom",
"urandom", "tty"
"tty" ]
]
}
} }

2
pkg/libcontainer/container_test.go
View file

@ -65,7 +65,7 @@ func TestContainerJsonFormat(t *testing.T) {
} }
for _, n := range nodes.DefaultNodes { for _, n := range nodes.DefaultNodes {
if !contains(n, container.DeviceNodes["required"]) { if !contains(n, container.RequiredDeviceNodes) {
t.Logf("devices should contain %s", n) t.Logf("devices should contain %s", n)
t.Fail() t.Fail()
} }

6
pkg/libcontainer/mount/init.go
View file

@ -48,11 +48,11 @@ func InitializeMountNamespace(rootfs, console string, container *libcontainer.Co
if err := setupBindmounts(rootfs, container.Mounts); err != nil { if err := setupBindmounts(rootfs, container.Mounts); err != nil {
return fmt.Errorf("bind mounts %s", err) return fmt.Errorf("bind mounts %s", err)
} }
if err := nodes.CopyN(rootfs, container.DeviceNodes["required"], true); err != nil { if err := nodes.CopyN(rootfs, container.RequiredDeviceNodes, true); err != nil {
return fmt.Errorf("copy required dev nodes %s", err) return fmt.Errorf("copy required dev nodes %s", err)
} }
if err := nodes.CopyN(rootfs, container.DeviceNodes["additional"], false); err != nil { if err := nodes.CopyN(rootfs, container.OptionalDeviceNodes, false); err != nil {
return fmt.Errorf("copy additional dev nodes %s", err) return fmt.Errorf("copy optional dev nodes %s", err)
} }
if err := SetupPtmx(rootfs, console, container.Context["mount_label"]); err != nil { if err := SetupPtmx(rootfs, console, container.Context["mount_label"]); err != nil {
return err return err