mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
58a2294260
- Before starting the container, docker injects itself inside the container by mount binding the dockerd binary into /sbin/init - Instead of running the user process directly inside the container, we run /sbin/init targetprocess [args...] - When docker is run as /sbin/init (e.g. argv[0] == "/sbin/init"), then its own sys init code kicks in - The sys init code will be responsible for setting up the process environment prior to its execution (setuid, networking, ...). - Finally, docker's sys init will exec() the container's process, thus replacing itself with the target binary (which will be running as pid 1)
29 lines
546 B
Go
29 lines
546 B
Go
package docker
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"os"
|
|
"os/exec"
|
|
"syscall"
|
|
)
|
|
|
|
// Sys Init code
|
|
// This code is run INSIDE the container and is responsible for setting
|
|
// up the environment before running the actual process
|
|
func SysInit() {
|
|
if len(os.Args) <= 1 {
|
|
fmt.Println("You should not invoke docker-init manually")
|
|
os.Exit(1)
|
|
}
|
|
|
|
path, err := exec.LookPath(os.Args[1])
|
|
if err != nil {
|
|
log.Printf("Unable to locate %v", os.Args[1])
|
|
os.Exit(127)
|
|
}
|
|
|
|
if err := syscall.Exec(path, os.Args[1:], os.Environ()); err != nil {
|
|
panic(err)
|
|
}
|
|
}
|