pkg/chrootarchive: use containerd/sys to detect UserNamespaces
The implementation in libcontainer/system is quite complicated, and we only use it to detect if user-namespaces are enabled. In addition, the implementation in containerd uses a sync.Once, so that detection (and reading/parsing `/proc/self/uid_map`) is only performed once. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
f7d5d70e44
commit
9ff990a2b9
2 changed files with 5 additions and 5 deletions
|
@ -6,9 +6,9 @@ import (
|
|||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/moby/sys/mount"
|
||||
"github.com/moby/sys/mountinfo"
|
||||
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
|
@ -20,7 +20,7 @@ import (
|
|||
// This is similar to how libcontainer sets up a container's rootfs
|
||||
func chroot(path string) (err error) {
|
||||
// if the engine is running in a user namespace we need to use actual chroot
|
||||
if rsystem.RunningInUserNS() {
|
||||
if sys.RunningInUserNS() {
|
||||
return realChroot(path)
|
||||
}
|
||||
if err := unix.Unshare(unix.CLONE_NEWNS); err != nil {
|
||||
|
|
|
@ -13,10 +13,10 @@ import (
|
|||
"path/filepath"
|
||||
"runtime"
|
||||
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/docker/docker/pkg/archive"
|
||||
"github.com/docker/docker/pkg/reexec"
|
||||
"github.com/docker/docker/pkg/system"
|
||||
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
||||
)
|
||||
|
||||
type applyLayerResponse struct {
|
||||
|
@ -36,7 +36,7 @@ func applyLayer() {
|
|||
runtime.LockOSThread()
|
||||
flag.Parse()
|
||||
|
||||
inUserns := rsystem.RunningInUserNS()
|
||||
inUserns := sys.RunningInUserNS()
|
||||
if err := chroot(flag.Arg(0)); err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
|
@ -95,7 +95,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
|
|||
}
|
||||
if options == nil {
|
||||
options = &archive.TarOptions{}
|
||||
if rsystem.RunningInUserNS() {
|
||||
if sys.RunningInUserNS() {
|
||||
options.InUserNS = true
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue