11 роки тому · 41d405fa53
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -61,4 +61,4 @@ mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
 
				 
			
 
				 clone git github.com/godbus/dbus v1
			
 
				 clone git github.com/coreos/go-systemd v2
			
 
				-clone git github.com/docker/libcontainer 77ffd49dfedbc78a7cd4cb7a50c7446cf118725f
			
 
				+clone git github.com/docker/libcontainer v1.0.1
			
--- a/vendor/src/github.com/docker/libcontainer/.travis.yml
+++ b/vendor/src/github.com/docker/libcontainer/.travis.yml
@@ -9,3 +9,4 @@ install:
 
				 script:
			
 
				     - bash "$DOCKER_PATH/hack/make/validate-dco"
			
 
				     - bash "$DOCKER_PATH/hack/make/validate-gofmt"
			
 
				+    - go test
			
--- a/vendor/src/github.com/docker/libcontainer/CONTRIBUTORS_GUIDE.md
+++ b/vendor/src/github.com/docker/libcontainer/CONTRIBUTORS_GUIDE.md
@@ -36,7 +36,7 @@ that feature *on top of* libcontainer.
 
				 ### Discuss your design on the mailing list
			
 
				 
			
 
				 We recommend discussing your plans [on the mailing
			
 
				-list](https://groups.google.com/forum/?fromgroups#!forum/docker-dev)
			
 
				+list](https://groups.google.com/forum/?fromgroups#!forum/libcontainer)
			
 
				 before starting to code - especially for more ambitious contributions.
			
 
				 This gives other contributors a chance to point you in the right
			
 
				 direction, give feedback on your design, and maybe point out if someone
			
@@ -112,12 +112,12 @@ and that all the tests pass.
 
				 libcontainer maintainers use LGTM (looks good to me) in comments on the code review
			
 
				 to indicate acceptance.
			
 
				 
			
 
				-A change requires LGTMs from at lease one maintainer of each
			
 
				-component affected. For example, if a change affects `netlink/` and `security/`, it
			
 
				-needs at least one LGTM from the maintainers of `netlink/` AND, separately, at
			
 
				-least one LGTM from the maintainers of `security/`.
			
 
				+A change requires LGTMs from at lease two maintainers. One of those must come from
			
 
				+a maintainer of the component affected. For example, if a change affects `netlink/`
			
 
				+and `security`, it needs at least one LGTM from a maintainer of each. Maintainers
			
 
				+only need one LGTM as presumably they LGTM their own change.
			
 
				 
			
 
				-For more details see [MAINTAINERS.md](hack/MAINTAINERS.md)
			
 
				+For more details see [MAINTAINERS.md](MAINTAINERS.md)
			
 
				 
			
 
				 ### Sign your work
			
 
				 
			
--- a/vendor/src/github.com/docker/libcontainer/MAINTAINERS_GUIDE.md
+++ b/vendor/src/github.com/docker/libcontainer/MAINTAINERS_GUIDE.md
@@ -63,7 +63,7 @@ All decisions are pull requests, and the relevant maintainers make
 
				 decisions by accepting or refusing the pull request. Review and acceptance
			
 
				 by anyone is denoted by adding a comment in the pull request: `LGTM`. 
			
 
				 However, only currently listed `MAINTAINERS` are counted towards the required
			
 
				-majority.
			
 
				+two LGTMs.
			
 
				 
			
 
				 libcontainer follows the timeless, highly efficient and totally unfair system
			
 
				 known as [Benevolent dictator for life](http://en.wikipedia.org/wiki/Benevolent_Dictator_for_Life), with Michael Crosby in the role of BDFL.
			
--- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
+++ b/vendor/src/github.com/docker/libcontainer/cgroups/fs/cpuacct.go
@@ -84,6 +84,7 @@ func (s *cpuacctGroup) GetStats(d *data, stats *cgroups.Stats) error {
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				+	stats.CpuStats.CpuUsage.TotalUsage = lastUsage
			
 
				 	stats.CpuStats.CpuUsage.PercpuUsage = percpuUsage
			
 
				 	stats.CpuStats.CpuUsage.UsageInKernelmode = (kernelModeUsage * nanosecondsInSecond) / clockTicks
			
 
				 	stats.CpuStats.CpuUsage.UsageInUsermode = (userModeUsage * nanosecondsInSecond) / clockTicks
			
--- a/vendor/src/github.com/docker/libcontainer/cgroups/stats.go
+++ b/vendor/src/github.com/docker/libcontainer/cgroups/stats.go
@@ -13,8 +13,10 @@ type CpuUsage struct {
 
				 	// percentage of available CPUs currently being used.
			
 
				 	PercentUsage uint64 `json:"percent_usage,omitempty"`
			
 
				 	// nanoseconds of cpu time consumed over the last 100 ms.
			
 
				-	CurrentUsage uint64   `json:"current_usage,omitempty"`
			
 
				-	PercpuUsage  []uint64 `json:"percpu_usage,omitempty"`
			
 
				+	CurrentUsage uint64 `json:"current_usage,omitempty"`
			
 
				+	// total nanoseconds of cpu time consumed
			
 
				+	TotalUsage  uint64   `json:"total_usage,omitempty"`
			
 
				+	PercpuUsage []uint64 `json:"percpu_usage,omitempty"`
			
 
				 	// Time spent by tasks of the cgroup in kernel mode. Units: nanoseconds.
			
 
				 	UsageInKernelmode uint64 `json:"usage_in_kernelmode"`
			
 
				 	// Time spent by tasks of the cgroup in user mode. Units: nanoseconds.
			
--- a/vendor/src/github.com/docker/libcontainer/container.json
+++ b/vendor/src/github.com/docker/libcontainer/container.json
@@ -1,107 +1,213 @@
 
				 {
			
 
				-  "namespaces": {
			
 
				-    "NEWNET": true,
			
 
				-    "NEWPID": true,
			
 
				-    "NEWIPC": true,
			
 
				-    "NEWUTS": true,
			
 
				-    "NEWNS": true
			
 
				-  },
			
 
				-  "networks": [
			
 
				-    {
			
 
				-      "gateway": "localhost",
			
 
				-      "type": "loopback",
			
 
				-      "address": "127.0.0.1/0",
			
 
				-      "mtu": 1500
			
 
				+    "capabilities": [
			
 
				+        "CHOWN",
			
 
				+        "DAC_OVERRIDE",
			
 
				+        "FOWNER",
			
 
				+        "MKNOD",
			
 
				+        "NET_RAW",
			
 
				+        "SETGID",
			
 
				+        "SETUID",
			
 
				+        "SETFCAP",
			
 
				+        "SETPCAP",
			
 
				+        "NET_BIND_SERVICE",
			
 
				+        "SYS_CHROOT",
			
 
				+        "KILL"
			
 
				+    ],
			
 
				+    "cgroups": {
			
 
				+        "allowed_devices": [
			
 
				+            {
			
 
				+                "cgroup_permissions": "m",
			
 
				+                "major_number": -1,
			
 
				+                "minor_number": -1,
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "m",
			
 
				+                "major_number": -1,
			
 
				+                "minor_number": -1,
			
 
				+                "type": 98
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "major_number": 5,
			
 
				+                "minor_number": 1,
			
 
				+                "path": "/dev/console",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "major_number": 4,
			
 
				+                "path": "/dev/tty0",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "major_number": 4,
			
 
				+                "minor_number": 1,
			
 
				+                "path": "/dev/tty1",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "major_number": 136,
			
 
				+                "minor_number": -1,
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "major_number": 5,
			
 
				+                "minor_number": 2,
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "major_number": 10,
			
 
				+                "minor_number": 200,
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "file_mode": 438,
			
 
				+                "major_number": 1,
			
 
				+                "minor_number": 3,
			
 
				+                "path": "/dev/null",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "file_mode": 438,
			
 
				+                "major_number": 1,
			
 
				+                "minor_number": 5,
			
 
				+                "path": "/dev/zero",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "file_mode": 438,
			
 
				+                "major_number": 1,
			
 
				+                "minor_number": 7,
			
 
				+                "path": "/dev/full",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "file_mode": 438,
			
 
				+                "major_number": 5,
			
 
				+                "path": "/dev/tty",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "file_mode": 438,
			
 
				+                "major_number": 1,
			
 
				+                "minor_number": 9,
			
 
				+                "path": "/dev/urandom",
			
 
				+                "type": 99
			
 
				+            },
			
 
				+            {
			
 
				+                "cgroup_permissions": "rwm",
			
 
				+                "file_mode": 438,
			
 
				+                "major_number": 1,
			
 
				+                "minor_number": 8,
			
 
				+                "path": "/dev/random",
			
 
				+                "type": 99
			
 
				+            }
			
 
				+        ],
			
 
				+        "name": "docker-koye",
			
 
				+        "parent": "docker"
			
 
				     },
			
 
				-    {
			
 
				-      "gateway": "172.17.42.1",
			
 
				-      "context": {
			
 
				-        "prefix": "veth",
			
 
				-        "bridge": "docker0"
			
 
				-      },
			
 
				-      "type": "veth",
			
 
				-      "address": "172.17.42.2/16",
			
 
				-      "mtu": 1500
			
 
				-    }
			
 
				-  ],
			
 
				-  "routes": [
			
 
				-    {
			
 
				-      "gateway": "172.17.42.1",
			
 
				-      "interface_name": "eth0"
			
 
				+    "context": {
			
 
				+        "mount_label": "",
			
 
				+        "process_label": "",
			
 
				+        "restrictions": "true"
			
 
				     },
			
 
				-    {
			
 
				-      "destination": "192.168.0.0/24",
			
 
				-      "interface_name": "eth0"
			
 
				-    }
			
 
				-  ],
			
 
				-  "capabilities": [
			
 
				-    "MKNOD"
			
 
				-  ],
			
 
				-  "cgroups": {
			
 
				-    "name": "docker-koye",
			
 
				-    "parent": "docker"
			
 
				-  },
			
 
				-  "hostname": "koye",
			
 
				-  "environment": [
			
 
				-    "HOME=/",
			
 
				-    "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin",
			
 
				-    "container=docker",
			
 
				-    "TERM=xterm-256color"
			
 
				-  ],
			
 
				-  "tty": true,
			
 
				-  "mounts": [
			
 
				-    {
			
 
				-      "type": "devtmpfs"
			
 
				-    }
			
 
				-  ],
			
 
				-  "device_nodes": [
			
 
				-		{
			
 
				-			"path":  "/dev/null",
			
 
				-			"type":        99,
			
 
				-			"major_number": 1,
			
 
				-			"minor_number": 3,
			
 
				-			"cgroup_permissions": "rwm",
			
 
				-			"file_mode": 438
			
 
				-		},
			
 
				-		{
			
 
				-			"path":  "/dev/zero",
			
 
				-			"type":        99,
			
 
				-			"major_number": 1,
			
 
				-			"minor_number": 5,
			
 
				-			"cgroup_permissions": "rwm",
			
 
				-			"file_mode": 438
			
 
				-		},
			
 
				-		{
			
 
				-			"path":  "/dev/full",
			
 
				-			"type":        99,
			
 
				-			"major_number": 1,
			
 
				-			"minor_number": 7,
			
 
				-			"cgroup_permissions": "rwm",
			
 
				-			"file_mode": 438
			
 
				-		},
			
 
				-		{
			
 
				-			"path":  "/dev/tty",
			
 
				-			"type":        99,
			
 
				-			"major_number": 5,
			
 
				-			"minor_number": 0,
			
 
				-			"cgroup_permissions": "rwm",
			
 
				-			"file_mode": 438
			
 
				-		},
			
 
				-		{
			
 
				-			"path":  "/dev/urandom",
			
 
				-			"type":        99,
			
 
				-			"major_number": 1,
			
 
				-			"minor_number": 9,
			
 
				-			"cgroup_permissions": "rwm",
			
 
				-			"file_mode": 438
			
 
				-		},
			
 
				-		{
			
 
				-			"path":  "/dev/random",
			
 
				-			"type":        99,
			
 
				-			"major_number": 1,
			
 
				-			"minor_number": 8,
			
 
				-			"cgroup_permissions": "rwm",
			
 
				-			"file_mode": 438
			
 
				-		}
			
 
				-  ]
			
 
				+    "device_nodes": [
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "major_number": 10,
			
 
				+            "minor_number": 229,
			
 
				+            "path": "/dev/fuse",
			
 
				+            "type": 99
			
 
				+        },
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "file_mode": 438,
			
 
				+            "major_number": 1,
			
 
				+            "minor_number": 3,
			
 
				+            "path": "/dev/null",
			
 
				+            "type": 99
			
 
				+        },
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "file_mode": 438,
			
 
				+            "major_number": 1,
			
 
				+            "minor_number": 5,
			
 
				+            "path": "/dev/zero",
			
 
				+            "type": 99
			
 
				+        },
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "file_mode": 438,
			
 
				+            "major_number": 1,
			
 
				+            "minor_number": 7,
			
 
				+            "path": "/dev/full",
			
 
				+            "type": 99
			
 
				+        },
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "file_mode": 438,
			
 
				+            "major_number": 5,
			
 
				+            "path": "/dev/tty",
			
 
				+            "type": 99
			
 
				+        },
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "file_mode": 438,
			
 
				+            "major_number": 1,
			
 
				+            "minor_number": 9,
			
 
				+            "path": "/dev/urandom",
			
 
				+            "type": 99
			
 
				+        },
			
 
				+        {
			
 
				+            "cgroup_permissions": "rwm",
			
 
				+            "file_mode": 438,
			
 
				+            "major_number": 1,
			
 
				+            "minor_number": 8,
			
 
				+            "path": "/dev/random",
			
 
				+            "type": 99
			
 
				+        }
			
 
				+    ],
			
 
				+    "environment": [
			
 
				+        "HOME=/",
			
 
				+        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
			
 
				+        "HOSTNAME=2d388ea3bd92",
			
 
				+        "TERM=xterm"
			
 
				+    ],
			
 
				+    "hostname": "koye",
			
 
				+    "namespaces": {
			
 
				+        "NEWIPC": true,
			
 
				+        "NEWNET": true,
			
 
				+        "NEWNS": true,
			
 
				+        "NEWPID": true,
			
 
				+        "NEWUTS": true
			
 
				+    },
			
 
				+    "networks": [
			
 
				+        {
			
 
				+            "address": "127.0.0.1/0",
			
 
				+            "gateway": "localhost",
			
 
				+            "mtu": 1500,
			
 
				+            "type": "loopback"
			
 
				+        },
			
 
				+        {
			
 
				+            "address": "172.17.0.101/16",
			
 
				+            "context": {
			
 
				+                "bridge": "docker0",
			
 
				+                "prefix": "veth"
			
 
				+            },
			
 
				+            "gateway": "172.17.42.1",
			
 
				+            "mtu": 1500,
			
 
				+            "type": "veth"
			
 
				+        }
			
 
				+    ],
			
 
				+    "tty": true
			
 
				 }
			
--- a/vendor/src/github.com/docker/libcontainer/container_test.go
+++ b/vendor/src/github.com/docker/libcontainer/container_test.go
@@ -37,11 +37,6 @@ func TestContainerJsonFormat(t *testing.T) {
 
				 		t.Fail()
			
 
				 	}
			
 
				 
			
 
				-	if len(container.Routes) != 2 {
			
 
				-		t.Log("should have found 2 routes")
			
 
				-		t.Fail()
			
 
				-	}
			
 
				-
			
 
				 	if !container.Namespaces["NEWNET"] {
			
 
				 		t.Log("namespaces should contain NEWNET")
			
 
				 		t.Fail()
			
@@ -62,8 +57,8 @@ func TestContainerJsonFormat(t *testing.T) {
 
				 		t.Fail()
			
 
				 	}
			
 
				 
			
 
				-	if contains("SYS_CHROOT", container.Capabilities) {
			
 
				-		t.Log("capabilities mask should not contain SYS_CHROOT")
			
 
				+	if !contains("SYS_CHROOT", container.Capabilities) {
			
 
				+		t.Log("capabilities mask should contain SYS_CHROOT")
			
 
				 		t.Fail()
			
 
				 	}
			
 
				 }
			
--- a/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
+++ b/vendor/src/github.com/docker/libcontainer/namespaces/execin.go
@@ -21,14 +21,8 @@ func ExecIn(container *libcontainer.Container, nspid int, args []string) error {
 
				 		return err
			
 
				 	}
			
 
				 
			
 
				-	// TODO(vmarmol): Move this to the container JSON.
			
 
				-	processLabel, err := label.GetPidCon(nspid)
			
 
				-	if err != nil {
			
 
				-		return err
			
 
				-	}
			
 
				-
			
 
				 	// Enter the namespace and then finish setup
			
 
				-	finalArgs := []string{os.Args[0], "nsenter", strconv.Itoa(nspid), processLabel, string(containerJson)}
			
 
				+	finalArgs := []string{os.Args[0], "nsenter", "--nspid", strconv.Itoa(nspid), "--containerjson", string(containerJson), "--"}
			
 
				 	finalArgs = append(finalArgs, args...)
			
 
				 	if err := system.Execv(finalArgs[0], finalArgs[0:], os.Environ()); err != nil {
			
 
				 		return err
			
@@ -37,7 +31,7 @@ func ExecIn(container *libcontainer.Container, nspid int, args []string) error {
 
				 }
			
 
				 
			
 
				 // NsEnter is run after entering the namespace.
			
 
				-func NsEnter(container *libcontainer.Container, processLabel string, nspid int, args []string) error {
			
 
				+func NsEnter(container *libcontainer.Container, nspid int, args []string) error {
			
 
				 	// clear the current processes env and replace it with the environment
			
 
				 	// defined on the container
			
 
				 	if err := LoadContainerEnvironment(container); err != nil {
			
@@ -46,9 +40,13 @@ func NsEnter(container *libcontainer.Container, processLabel string, nspid int,
 
				 	if err := FinalizeNamespace(container); err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				-	if err := label.SetProcessLabel(processLabel); err != nil {
			
 
				-		return err
			
 
				+
			
 
				+	if process_label, ok := container.Context["process_label"]; ok {
			
 
				+		if err := label.SetProcessLabel(process_label); err != nil {
			
 
				+			return err
			
 
				+		}
			
 
				 	}
			
 
				+
			
 
				 	if err := system.Execv(args[0], args[0:], container.Env); err != nil {
			
 
				 		return err
			
 
				 	}
			
--- a/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
+++ b/vendor/src/github.com/docker/libcontainer/namespaces/nsenter.go
@@ -15,6 +15,7 @@ package namespaces
 
				 #include <sys/stat.h>
			
 
				 #include <sys/types.h>
			
 
				 #include <unistd.h>
			
 
				+#include <getopt.h>
			
 
				 
			
 
				 static const kBufSize = 256;
			
 
				 
			
@@ -64,6 +65,10 @@ int setns(int fd, int nstype) {
 
				 #endif
			
 
				 #endif
			
 
				 
			
 
				+void print_usage() {
			
 
				+	fprintf(stderr, "<binary> nsenter --nspid <pid> --containerjson <container_json> -- cmd1 arg1 arg2...\n");
			
 
				+}
			
 
				+
			
 
				 void nsenter() {
			
 
				 	int argc;
			
 
				 	char **argv;
			
@@ -79,11 +84,40 @@ void nsenter() {
 
				 		fprintf(stderr, "nsenter: Incorrect usage, not enough arguments\n");
			
 
				 		exit(1);
			
 
				 	}
			
 
				-	pid_t init_pid = strtol(argv[2], NULL, 10);
			
 
				+
			
 
				+	static const struct option longopts[] = {
			
 
				+		{ "nspid",         required_argument, NULL, 'n' },
			
 
				+		{ "containerjson", required_argument, NULL, 'c' },
			
 
				+		{ NULL,            0,                 NULL,  0  }
			
 
				+	};
			
 
				+
			
 
				+	int c;
			
 
				+	pid_t init_pid = -1;
			
 
				+	char *init_pid_str = NULL;
			
 
				+	char *container_json = NULL;
			
 
				+	while ((c = getopt_long_only(argc, argv, "n:s:c:", longopts, NULL)) != -1) {
			
 
				+		switch (c) {
			
 
				+		case 'n':
			
 
				+			init_pid_str = optarg;
			
 
				+			break;
			
 
				+		case 'c':
			
 
				+			container_json = optarg;
			
 
				+			break;
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				+	if (container_json == NULL || init_pid_str == NULL) {
			
 
				+		print_usage();
			
 
				+		exit(1);
			
 
				+	}
			
 
				+
			
 
				+	init_pid = strtol(init_pid_str, NULL, 10);
			
 
				 	if (errno != 0 || init_pid <= 0) {
			
 
				-		fprintf(stderr, "nsenter: Failed to parse PID from \"%s\" with error: \"%s\"\n", argv[2], strerror(errno));
			
 
				+		fprintf(stderr, "nsenter: Failed to parse PID from \"%s\" with error: \"%s\"\n", init_pid_str, strerror(errno));
			
 
				+		print_usage();
			
 
				 		exit(1);
			
 
				 	}
			
 
				+
			
 
				 	argc -= 3;
			
 
				 	argv += 3;
			
 
				 
			
--- a/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
+++ b/vendor/src/github.com/docker/libcontainer/nsinit/nsenter.go
@@ -2,7 +2,6 @@ package main
 
				 
			
 
				 import (
			
 
				 	"log"
			
 
				-	"strconv"
			
 
				 
			
 
				 	"github.com/codegangsta/cli"
			
 
				 	"github.com/docker/libcontainer/namespaces"
			
@@ -12,29 +11,30 @@ var nsenterCommand = cli.Command{
 
				 	Name:   "nsenter",
			
 
				 	Usage:  "init process for entering an existing namespace",
			
 
				 	Action: nsenterAction,
			
 
				+	Flags: []cli.Flag{
			
 
				+		cli.IntFlag{Name: "nspid"},
			
 
				+		cli.StringFlag{Name: "containerjson"},
			
 
				+	},
			
 
				 }
			
 
				 
			
 
				 func nsenterAction(context *cli.Context) {
			
 
				 	args := context.Args()
			
 
				-	if len(args) < 4 {
			
 
				-		log.Fatalf("incorrect usage: <pid> <process label> <container JSON> <cmd>...")
			
 
				-	}
			
 
				 
			
 
				-	container, err := loadContainerFromJson(args.Get(2))
			
 
				-	if err != nil {
			
 
				-		log.Fatalf("unable to load container: %s", err)
			
 
				+	if len(args) == 0 {
			
 
				+		args = []string{"/bin/bash"}
			
 
				 	}
			
 
				 
			
 
				-	nspid, err := strconv.Atoi(args.Get(0))
			
 
				+	container, err := loadContainerFromJson(context.String("containerjson"))
			
 
				 	if err != nil {
			
 
				-		log.Fatalf("unable to read pid: %s from %q", err, args.Get(0))
			
 
				+		log.Fatalf("unable to load container: %s", err)
			
 
				 	}
			
 
				 
			
 
				+	nspid := context.Int("nspid")
			
 
				 	if nspid <= 0 {
			
 
				 		log.Fatalf("cannot enter into namespaces without valid pid: %q", nspid)
			
 
				 	}
			
 
				 
			
 
				-	if err := namespaces.NsEnter(container, args.Get(1), nspid, args[3:]); err != nil {
			
 
				+	if err := namespaces.NsEnter(container, nspid, args); err != nil {
			
 
				 		log.Fatalf("failed to nsenter: %s", err)
			
 
				 	}
			
 
				 }