Export more functions from libcontainer

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

pkg/libcontainer/nsinit/command.go

@@ -1,10 +1,11 @@
 package nsinit
 
 import (
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/system"
 	"os"
 	"os/exec"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/system"
 )
 
 // CommandFactory takes the container's configuration and options passed by the
@@ -34,14 +35,3 @@ func (c *DefaultCommandFactory) Create(container *libcontainer.Container, consol
 	command.ExtraFiles = []*os.File{pipe}
 	return command
 }
-
-// GetNamespaceFlags parses the container's Namespaces options to set the correct
-// flags on clone, unshare, and setns
-func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
-	for _, ns := range namespaces {
-		if ns.Enabled {
-			flag |= ns.Value
-		}
-	}
-	return flag
-}

pkg/libcontainer/nsinit/exec.go

@@ -142,3 +142,14 @@ func DeletePid(path string) error {
 	}
 	return err
 }
+
+// GetNamespaceFlags parses the container's Namespaces options to set the correct
+// flags on clone, unshare, and setns
+func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
+	for _, ns := range namespaces {
+		if ns.Enabled {
+			flag |= ns.Value
+		}
+	}
+	return flag
+}

pkg/libcontainer/nsinit/execin.go

@@ -82,7 +82,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s
 		os.Exit(state.Sys().(syscall.WaitStatus).ExitStatus())
 	}
 dropAndExec:
-	if err := finalizeNamespace(container); err != nil {
+	if err := FinalizeNamespace(container); err != nil {
 		return -1, err
 	}
 	err = label.SetProcessLabel(processLabel)

pkg/libcontainer/nsinit/init.go

@@ -54,23 +54,22 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	}
 
 	label.Init()
+
 	if err := mount.InitializeMountNamespace(rootfs, consolePath, container); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
 	if err := system.Sethostname(container.Hostname); err != nil {
 		return fmt.Errorf("sethostname %s", err)
 	}
-	if err := finalizeNamespace(container); err != nil {
+	if err := FinalizeNamespace(container); err != nil {
 		return fmt.Errorf("finalize namespace %s", err)
 	}
 
-	if profile := container.Context["apparmor_profile"]; profile != "" {
-		if err := apparmor.ApplyProfile(os.Getpid(), profile); err != nil {
-			return err
-		}
-	}
 	runtime.LockOSThread()
 
+	if err := apparmor.ApplyProfile(os.Getpid(), container.Context["apparmor_profile"]); err != nil {
+		return err
+	}
 	if err := label.SetProcessLabel(container.Context["process_label"]); err != nil {
 		return fmt.Errorf("set process label %s", err)
 	}
@@ -113,10 +112,10 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex
 	return nil
 }
 
-// finalizeNamespace drops the caps, sets the correct user
+// FinalizeNamespace drops the caps, sets the correct user
 // and working dir, and closes any leaky file descriptors
 // before execing the command inside the namespace
-func finalizeNamespace(container *libcontainer.Container) error {
+func FinalizeNamespace(container *libcontainer.Container) error {
 	if err := capabilities.DropCapabilities(container); err != nil {
 		return fmt.Errorf("drop capabilities %s", err)
 	}

pkg/libcontainer/nsinit/unsupported.go

@@ -17,3 +17,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s
 func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error {
 	return libcontainer.ErrUnsupported
 }
+
+func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
+	return 0
+}