1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/daemon/start.go
Michael Crosby c9379eb3fb Move security opts to HostConfig
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.

We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct.  Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-10 21:04:01 +02:00

73 lines
1.9 KiB
Go

package daemon
import (
"fmt"
"os"
"strings"
"github.com/docker/docker/engine"
"github.com/docker/docker/runconfig"
)
func (daemon *Daemon) ContainerStart(job *engine.Job) engine.Status {
if len(job.Args) < 1 {
return job.Errorf("Usage: %s container_id", job.Name)
}
var (
name = job.Args[0]
container = daemon.Get(name)
)
if container == nil {
return job.Errorf("No such container: %s", name)
}
if container.IsRunning() {
return job.Errorf("Container already started")
}
// If no environment was set, then no hostconfig was passed.
// This is kept for backward compatibility - hostconfig should be passed when
// creating a container, not during start.
if len(job.Environ()) > 0 {
hostConfig := runconfig.ContainerHostConfigFromJob(job)
if err := daemon.setHostConfig(container, hostConfig); err != nil {
return job.Error(err)
}
}
if err := container.Start(); err != nil {
container.LogEvent("die")
return job.Errorf("Cannot start container %s: %s", name, err)
}
return engine.StatusOK
}
func (daemon *Daemon) setHostConfig(container *Container, hostConfig *runconfig.HostConfig) error {
if err := parseSecurityOpt(container, hostConfig); err != nil {
return err
}
// Validate the HostConfig binds. Make sure that:
// the source exists
for _, bind := range hostConfig.Binds {
splitBind := strings.Split(bind, ":")
source := splitBind[0]
// ensure the source exists on the host
_, err := os.Stat(source)
if err != nil && os.IsNotExist(err) {
err = os.MkdirAll(source, 0755)
if err != nil {
return fmt.Errorf("Could not create local directory '%s' for bind mount: %s!", source, err.Error())
}
}
}
// Register any links from the host config before starting the container
if err := daemon.RegisterLinks(container, hostConfig); err != nil {
return err
}
container.SetHostConfig(hostConfig)
container.ToDisk()
return nil
}