Use nsinit as app

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

pkg/libcontainer/container.go

@@ -2,18 +2,14 @@ package libcontainer
 
 type Container struct {
 	ID           string       `json:"id,omitempty"`
-	NsPid        int          `json:"namespace_pid,omitempty"`
 	Command      *Command     `json:"command,omitempty"`
-	RootFs       string       `json:"rootfs,omitempty"`
 	ReadonlyFs   bool         `json:"readonly_fs,omitempty"`
-	NetNsFd      uintptr      `json:"network_namespace_fd,omitempty"`
 	User         string       `json:"user,omitempty"`
 	WorkingDir   string       `json:"working_dir,omitempty"`
 	Namespaces   Namespaces   `json:"namespaces,omitempty"`
 	Capabilities Capabilities `json:"capabilities,omitempty"`
-	Master       uintptr      `json:"master"`
-	Console      string       `json:"console"`
-	LogFile      string       `json:"log_file"`
+	LogFile      string       `json:"log_file,omitempty"`
+	Network      *Network     `json:"network,omitempty"`
 }
 
 type Command struct {
@@ -22,9 +18,9 @@ type Command struct {
 }
 
 type Network struct {
-	TempVethName string `json:"temp_veth,omitempty"`
 	IP           string `json:"ip,omitempty"`
 	Gateway      string `json:"gateway,omitempty"`
 	Bridge       string `json:"bridge,omitempty"`
 	Mtu          int    `json:"mtu,omitempty"`
+	TempVethName string `json:"temp_veth,omitempty"`
 }

pkg/libcontainer/namespaces/exec.go

@@ -1,27 +1,17 @@
-/*
-   Higher level convience functions for setting up a container
-*/
-
 package namespaces
 
 import (
-	"errors"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/system"
+	"github.com/dotcloud/docker/pkg/term"
 	"io"
 	"log"
 	"os"
 	"os/exec"
-	"path/filepath"
-	"strconv"
 	"syscall"
 )
 
-var (
-	ErrExistingNetworkNamespace = errors.New("specified both CLONE_NEWNET and an existing network namespace")
-)
-
-// Exec will spawn new namespaces with the specified Container configuration
+// ExecContainer will spawn new namespaces with the specified Container configuration
 // in the RootFs path and return the pid of the new containerized process.
 //
 // If an existing network namespace is specified the container
@@ -30,30 +20,19 @@ var (
 // existing network namespace and the CLONE_NEWNET option in the container configuration will allow
 // the container to the the host's networking options and configuration.
 func ExecContainer(container *libcontainer.Container) (pid int, err error) {
-	// a user cannot pass CLONE_NEWNET and an existing net namespace fd to join
-	if container.NetNsFd > 0 && container.Namespaces.Contains(libcontainer.CLONE_NEWNET) {
-		return -1, ErrExistingNetworkNamespace
-	}
-
 	master, console, err := createMasterAndConsole()
 	if err != nil {
 		return -1, err
 	}
-	nsinit := filepath.Join(container.RootFs, ".nsinit")
 
 	// we need CLONE_VFORK so we can wait on the child
 	flag := uintptr(getNamespaceFlags(container.Namespaces) | CLONE_VFORK)
 
-	command := exec.Command(nsinit, "-master", strconv.Itoa(int(master.Fd())), "-console", console, "init", "container.json")
-	// command.Stdin = os.Stdin
-	// command.Stdout = os.Stdout
-	// command.Stderr = os.Stderr
-	command.SysProcAttr = &syscall.SysProcAttr{}
-	command.SysProcAttr.Cloneflags = flag
-
-	command.ExtraFiles = []*os.File{master}
+	command := exec.Command("nsinit", console)
+	command.SysProcAttr = &syscall.SysProcAttr{
+		Cloneflags: flag,
+	}
 
-	println("vvvvvvvvv")
 	if err := command.Start(); err != nil {
 		return -1, err
 	}
@@ -64,11 +43,18 @@ func ExecContainer(container *libcontainer.Container) (pid int, err error) {
 			log.Println(err)
 		}
 	}()
+
 	go func() {
 		if _, err := io.Copy(master, os.Stdin); err != nil {
 			log.Println(err)
 		}
 	}()
+
+	term.SetRawTerminal(os.Stdin.Fd())
+
+	if err := command.Wait(); err != nil {
+		return pid, err
+	}
 	return pid, nil
 }
 

pkg/libcontainer/namespaces/linux_x86_64.go

@@ -1,7 +0,0 @@
-// +build linux,x86_64
-package namespaces
-
-// Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092
-const (
-	SYS_SETNS = 308
-)

pkg/libcontainer/namespaces/ns_linux.go

@@ -40,5 +40,5 @@ func getNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
 	for _, ns := range namespaces {
 		flag |= namespaceMap[ns]
 	}
-	return
+	return flag
 }

pkg/libcontainer/namespaces/nsinit/init.go

@@ -1,6 +1,7 @@
-package nsinit
+package main
 
 import (
+	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/capabilities"
@@ -12,103 +13,112 @@ import (
 	"syscall"
 )
 
-// InitNamespace should be run inside an existing namespace to setup
-// common mounts, drop capabilities, and setup network interfaces
-func InitNamespace(container *libcontainer.Container) error {
-	println("|||||||||||||")
-	if err := setLogFile(container); err != nil {
-		return err
+func loadContainer() (*libcontainer.Container, error) {
+	f, err := os.Open("container.json")
+	if err != nil {
+		return nil, err
 	}
-	println(container.LogFile)
-	log.Printf("--------->")
-	rootfs, err := resolveRootfs(container)
+	defer f.Close()
+
+	var container *libcontainer.Container
+	if err := json.NewDecoder(f).Decode(&container); err != nil {
+		return nil, err
+	}
+	return container, nil
+}
+
+func main() {
+	container, err := loadContainer()
 	if err != nil {
-		return err
+		log.Fatal(err)
 	}
 
-	// any errors encoutered inside the namespace we should write
-	// out to a log or a pipe to our parent and exit(1)
-	// because writing to stderr will not work after we close
-	if err := closeMasterAndStd(os.NewFile(container.Master, "/dev/ptmx")); err != nil {
-		log.Fatalf("close master and std %s", err)
-		return err
+	if os.Args[1] == "exec" {
+		_, err := namespaces.ExecContainer(container)
+		if err != nil {
+			log.Fatal(err)
+		}
+		os.Exit(0)
+	}
+	console := os.Args[1]
+
+	if err := setLogFile(container); err != nil {
+		log.Fatal(err)
 	}
 
-	slave, err := openTerminal(container.Console, syscall.O_RDWR)
+	rootfs, err := resolveRootfs()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// close pipes so that we can replace it with the pty
+	os.Stdin.Close()
+	os.Stdout.Close()
+	os.Stderr.Close()
+
+	slave, err := openTerminal(console, syscall.O_RDWR)
 	if err != nil {
 		log.Fatalf("open terminal %s", err)
-		return err
+	}
+	if slave.Fd() != 0 {
+		log.Fatalf("slave fd should be 0")
 	}
 	if err := dupSlave(slave); err != nil {
 		log.Fatalf("dup2 slave %s", err)
-		return err
 	}
 
-	/*
-		if container.NetNsFd > 0 {
-			if err := joinExistingNamespace(container.NetNsFd, libcontainer.CLONE_NEWNET); err != nil {
-				log.Fatalf("join existing net namespace %s", err)
-			}
-		}
-	*/
-
 	if _, err := system.Setsid(); err != nil {
 		log.Fatalf("setsid %s", err)
-		return err
 	}
 	if err := system.Setctty(); err != nil {
 		log.Fatalf("setctty %s", err)
-		return err
 	}
 	if err := system.ParentDeathSignal(); err != nil {
 		log.Fatalf("parent deth signal %s", err)
-		return err
 	}
-	if err := namespaces.SetupNewMountNamespace(rootfs, container.Console, container.ReadonlyFs); err != nil {
+
+	if err := setupNewMountNamespace(rootfs, console, container.ReadonlyFs); err != nil {
 		log.Fatalf("setup mount namespace %s", err)
-		return err
 	}
+
+	if container.Network != nil {
+		if err := setupNetworking(container); err != nil {
+			log.Fatalf("setup networking %s", err)
+		}
+	}
+
 	if err := system.Sethostname(container.ID); err != nil {
 		log.Fatalf("sethostname %s", err)
-		return err
 	}
 	if err := capabilities.DropCapabilities(container); err != nil {
 		log.Fatalf("drop capabilities %s", err)
-		return err
 	}
 	if err := setupUser(container); err != nil {
 		log.Fatalf("setup user %s", err)
-		return err
 	}
 	if container.WorkingDir != "" {
 		if err := system.Chdir(container.WorkingDir); err != nil {
 			log.Fatalf("chdir to %s %s", container.WorkingDir, err)
-			return err
 		}
 	}
 	if err := system.Exec(container.Command.Args[0], container.Command.Args[0:], container.Command.Env); err != nil {
 		log.Fatalf("exec %s", err)
-		return err
 	}
 	panic("unreachable")
 }
 
-func resolveRootfs(container *libcontainer.Container) (string, error) {
-	rootfs, err := filepath.Abs(container.RootFs)
+func resolveRootfs() (string, error) {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return "", err
+	}
+	rootfs, err := filepath.Abs(cwd)
 	if err != nil {
 		return "", err
 	}
 	return filepath.EvalSymlinks(rootfs)
 }
 
-func closeMasterAndStd(master *os.File) error {
-	master.Close()
-	os.Stdin.Close()
-	os.Stdout.Close()
-	os.Stderr.Close()
-	return nil
-}
-
 func setupUser(container *libcontainer.Container) error {
 	// TODO: honor user passed on container
 	if err := system.Setgroups(nil); err != nil {
@@ -154,3 +164,7 @@ func setLogFile(container *libcontainer.Container) error {
 	log.SetOutput(f)
 	return nil
 }
+
+func setupNetworking(conatiner *libcontainer.Container) error {
+	return nil
+}

pkg/libcontainer/namespaces/mount.go → pkg/libcontainer/namespaces/nsinit/mount.go

@@ -1,4 +1,4 @@
-package namespaces
+package main
 
 import (
 	"fmt"
@@ -14,7 +14,7 @@ var (
 	defaults = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
 )
 
-func SetupNewMountNamespace(rootfs, console string, readonly bool) error {
+func setupNewMountNamespace(rootfs, console string, readonly bool) error {
 	if err := system.Mount("", "/", "", syscall.MS_SLAVE|syscall.MS_REC, ""); err != nil {
 		return fmt.Errorf("mounting / as slave %s", err)
 	}

pkg/libcontainer/namespaces/utils.go

@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
-	"syscall"
 )
 
 func addEnvIfNotSet(container *libcontainer.Container, key, value string) {
@@ -26,31 +25,6 @@ func addEnvIfNotSet(container *libcontainer.Container, key, value string) {
 	container.Command.Env = append(container.Command.Env, jv)
 }
 
-// getNsFds inspects the container's namespace configuration and opens the fds to
-// each of the namespaces.
-func getNsFds(container *libcontainer.Container) ([]uintptr, error) {
-	var (
-		namespaces = []string{}
-		fds        = []uintptr{}
-	)
-
-	for _, ns := range container.Namespaces {
-		namespaces = append(namespaces, namespaceFileMap[ns])
-	}
-
-	for _, ns := range namespaces {
-		fd, err := getNsFd(container.NsPid, ns)
-		if err != nil {
-			for _, fd = range fds {
-				syscall.Close(int(fd))
-			}
-			return nil, err
-		}
-		fds = append(fds, fd)
-	}
-	return fds, nil
-}
-
 // getNsFd returns the fd for a specific pid and namespace option
 func getNsFd(pid int, ns string) (uintptr, error) {
 	nspath := filepath.Join("/proc", strconv.Itoa(pid), "ns", ns)