0ct0pu5
/
moby


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
							package configuration

import (
	"fmt"
	"github.com/dotcloud/docker/pkg/libcontainer"
	"os/exec"
	"path/filepath"
	"strings"
)

type Action func(*libcontainer.Container, interface{}, string) error

var actions = map[string]Action{
	"cap.add":     addCap,
	"cap.drop":    dropCap,
	"fs.readonly": readonlyFs,
	"ns.add":      addNamespace,
	"ns.drop":     dropNamespace,
	"net.join":    joinNetNamespace,
}

func addCap(container *libcontainer.Container, context interface{}, value string) error {
	c := container.CapabilitiesMask.Get(value)
	if c == nil {
		return fmt.Errorf("%s is not a valid capability", value)
	}
	c.Enabled = true
	return nil
}

func dropCap(container *libcontainer.Container, context interface{}, value string) error {
	c := container.CapabilitiesMask.Get(value)
	if c == nil {
		return fmt.Errorf("%s is not a valid capability", value)
	}
	c.Enabled = false
	return nil
}

func addNamespace(container *libcontainer.Container, context interface{}, value string) error {
	ns := container.Namespaces.Get(value)
	if ns == nil {
		return fmt.Errorf("%s is not a valid namespace", value[1:])
	}
	ns.Enabled = true
	return nil
}

func dropNamespace(container *libcontainer.Container, context interface{}, value string) error {
	ns := container.Namespaces.Get(value)
	if ns == nil {
		return fmt.Errorf("%s is not a valid namespace", value[1:])
	}
	ns.Enabled = false
	return nil
}

func readonlyFs(container *libcontainer.Container, context interface{}, value string) error {
	switch value {
	case "1", "true":
		container.ReadonlyFs = true
	default:
		container.ReadonlyFs = false
	}
	return nil
}

func joinNetNamespace(container *libcontainer.Container, context interface{}, value string) error {
	var (
		running = context.(map[string]*exec.Cmd)
		cmd     = running[value]
	)

	if cmd == nil || cmd.Process == nil {
		return fmt.Errorf("%s is not a valid running container to join", value)
	}
	nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
	container.Networks = append(container.Networks, &libcontainer.Network{
		Type: "netns",
		Context: libcontainer.Context{
			"nspath": nspath,
		},
	})
	return nil
}

// configureCustomOptions takes string commands from the user and allows modification of the
// container's default configuration.
//
// format: <key> <...value>
// i.e: cgroup devices.allow *:*
func ParseConfiguration(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
	for _, opt := range opts {
		kv := strings.SplitN(opt, "=", 2)
		if len(kv) < 2 {
			return fmt.Errorf("invalid format for %s", opt)
		}

		action, exists := actions[kv[0]]
		if !exists {
			return fmt.Errorf("%s is not a valid option for the native driver", kv[0])
		}

		if err := action(container, running, kv[1]); err != nil {
			return err
		}
	}
	return nil
}