package daemon import ( "syscall" containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" "github.com/docker/docker/oci" "github.com/docker/docker/pkg/sysinfo" "github.com/opencontainers/runtime-spec/specs-go" ) func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { s := oci.DefaultSpec() linkedEnv, err := daemon.setupLinkedContainers(c) if err != nil { return nil, err } // TODO Windows - this can be removed. Not used (UID/GID) rootUID, rootGID := daemon.GetRemappedUIDGID() if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil { return nil, err } // In base spec s.Hostname = c.FullHostname() // In s.Mounts mounts, err := daemon.setupMounts(c) if err != nil { return nil, err } for _, mount := range mounts { m := specs.Mount{ Source: mount.Source, Destination: mount.Destination, } if !mount.Writable { m.Options = append(m.Options, "ro") } s.Mounts = append(s.Mounts, m) } // In s.Process s.Process.Args = append([]string{c.Path}, c.Args...) if !c.Config.ArgsEscaped { s.Process.Args = escapeArgs(s.Process.Args) } s.Process.Cwd = c.Config.WorkingDir if len(s.Process.Cwd) == 0 { // We default to C:\ to workaround the oddity of the case that the // default directory for cmd running as LocalSystem (or // ContainerAdministrator) is c:\windows\system32. Hence docker run // cmd will by default end in c:\windows\system32, rather // than 'root' (/) on Linux. The oddity is that if you have a dockerfile // which has no WORKDIR and has a COPY file ., . will be interpreted // as c:\. Hence, setting it to default of c:\ makes for consistency. s.Process.Cwd = `C:\` } s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv) s.Process.ConsoleSize.Height = c.HostConfig.ConsoleSize[0] s.Process.ConsoleSize.Width = c.HostConfig.ConsoleSize[1] s.Process.Terminal = c.Config.Tty s.Process.User.Username = c.Config.User // In spec.Root. This is not set for Hyper-V containers isHyperV := false if c.HostConfig.Isolation.IsDefault() { // Container using default isolation, so take the default from the daemon configuration isHyperV = daemon.defaultIsolation.IsHyperV() } else { // Container may be requesting an explicit isolation mode. isHyperV = c.HostConfig.Isolation.IsHyperV() } if !isHyperV { s.Root.Path = c.BaseFS } s.Root.Readonly = false // Windows does not support a read-only root filesystem // In s.Windows.Resources // @darrenstahlmsft implement these resources cpuShares := uint16(c.HostConfig.CPUShares) cpuPercent := uint8(c.HostConfig.CPUPercent) if c.HostConfig.NanoCPUs > 0 { cpuPercent = uint8(c.HostConfig.NanoCPUs * 100 / int64(sysinfo.NumCPU()) / 1e9) } cpuCount := uint64(c.HostConfig.CPUCount) memoryLimit := uint64(c.HostConfig.Memory) s.Windows.Resources = &specs.WindowsResources{ CPU: &specs.WindowsCPUResources{ Percent: &cpuPercent, Shares: &cpuShares, Count: &cpuCount, }, Memory: &specs.WindowsMemoryResources{ Limit: &memoryLimit, //TODO Reservation: ..., }, Network: &specs.WindowsNetworkResources{ //TODO Bandwidth: ..., }, Storage: &specs.WindowsStorageResources{ Bps: &c.HostConfig.IOMaximumBandwidth, Iops: &c.HostConfig.IOMaximumIOps, }, } return (*specs.Spec)(&s), nil } func escapeArgs(args []string) []string { escapedArgs := make([]string, len(args)) for i, a := range args { escapedArgs[i] = syscall.EscapeArg(a) } return escapedArgs } // mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig // It will do nothing on non-Linux platform func (daemon *Daemon) mergeUlimits(c *containertypes.HostConfig) { return }