mirror of https://github.com/docker/docs.git
Update process labels to be set at create not start
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
ae00649305
commit
46e05ed2d9
|
|
@ -4,6 +4,16 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"syscall"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/dotcloud/docker/archive"
|
"github.com/dotcloud/docker/archive"
|
||||||
"github.com/dotcloud/docker/daemon/execdriver"
|
"github.com/dotcloud/docker/daemon/execdriver"
|
||||||
"github.com/dotcloud/docker/daemon/graphdriver"
|
"github.com/dotcloud/docker/daemon/graphdriver"
|
||||||
|
|
@ -14,15 +24,6 @@ import (
|
||||||
"github.com/dotcloud/docker/pkg/label"
|
"github.com/dotcloud/docker/pkg/label"
|
||||||
"github.com/dotcloud/docker/runconfig"
|
"github.com/dotcloud/docker/runconfig"
|
||||||
"github.com/dotcloud/docker/utils"
|
"github.com/dotcloud/docker/utils"
|
||||||
"io"
|
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
|
||||||
"os"
|
|
||||||
"path"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
"syscall"
|
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
@ -124,7 +125,10 @@ func (container *Container) FromDisk() error {
|
||||||
if err := json.Unmarshal(data, container); err != nil && !strings.Contains(err.Error(), "docker.PortMapping") {
|
if err := json.Unmarshal(data, container); err != nil && !strings.Contains(err.Error(), "docker.PortMapping") {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
label.ReserveLabel(container.ProcessLabel)
|
|
||||||
|
if err := label.ReserveLabel(container.ProcessLabel); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
return container.readHostConfig()
|
return container.readHostConfig()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -389,14 +393,6 @@ func (container *Container) Start() (err error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
process, mount, err := label.GenLabels("")
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
container.MountLabel = mount
|
|
||||||
container.ProcessLabel = process
|
|
||||||
|
|
||||||
if err := container.Mount(); err != nil {
|
if err := container.Mount(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,16 @@ package daemon
|
||||||
import (
|
import (
|
||||||
"container/list"
|
"container/list"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
|
"regexp"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/dotcloud/docker/archive"
|
"github.com/dotcloud/docker/archive"
|
||||||
"github.com/dotcloud/docker/daemon/execdriver"
|
"github.com/dotcloud/docker/daemon/execdriver"
|
||||||
"github.com/dotcloud/docker/daemon/execdriver/execdrivers"
|
"github.com/dotcloud/docker/daemon/execdriver/execdrivers"
|
||||||
|
|
@ -17,20 +27,12 @@ import (
|
||||||
"github.com/dotcloud/docker/graph"
|
"github.com/dotcloud/docker/graph"
|
||||||
"github.com/dotcloud/docker/image"
|
"github.com/dotcloud/docker/image"
|
||||||
"github.com/dotcloud/docker/pkg/graphdb"
|
"github.com/dotcloud/docker/pkg/graphdb"
|
||||||
|
"github.com/dotcloud/docker/pkg/label"
|
||||||
"github.com/dotcloud/docker/pkg/mount"
|
"github.com/dotcloud/docker/pkg/mount"
|
||||||
"github.com/dotcloud/docker/pkg/selinux"
|
"github.com/dotcloud/docker/pkg/selinux"
|
||||||
"github.com/dotcloud/docker/pkg/sysinfo"
|
"github.com/dotcloud/docker/pkg/sysinfo"
|
||||||
"github.com/dotcloud/docker/runconfig"
|
"github.com/dotcloud/docker/runconfig"
|
||||||
"github.com/dotcloud/docker/utils"
|
"github.com/dotcloud/docker/utils"
|
||||||
"io"
|
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
|
||||||
"os"
|
|
||||||
"path"
|
|
||||||
"regexp"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Set the max depth to the aufs default that most
|
// Set the max depth to the aufs default that most
|
||||||
|
|
@ -535,6 +537,11 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
|
||||||
ExecDriver: daemon.execDriver.Name(),
|
ExecDriver: daemon.execDriver.Name(),
|
||||||
}
|
}
|
||||||
container.root = daemon.containerRoot(container.ID)
|
container.root = daemon.containerRoot(container.ID)
|
||||||
|
|
||||||
|
if container.MountLabel, container.ProcessLabel, err = label.GenLabels(""); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
return container, nil
|
return container, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,6 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/dotcloud/docker/pkg/label"
|
|
||||||
"github.com/dotcloud/docker/utils"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"path"
|
"path"
|
||||||
|
|
@ -17,6 +15,9 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/dotcloud/docker/pkg/label"
|
||||||
|
"github.com/dotcloud/docker/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -858,7 +859,6 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
|
||||||
defer devices.Unlock()
|
defer devices.Unlock()
|
||||||
|
|
||||||
if info.mountCount > 0 {
|
if info.mountCount > 0 {
|
||||||
fmt.Printf("---> already mounted\n")
|
|
||||||
if path != info.mountPath {
|
if path != info.mountPath {
|
||||||
return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path)
|
return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path)
|
||||||
}
|
}
|
||||||
|
|
@ -874,12 +874,9 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error {
|
||||||
var flags uintptr = sysMsMgcVal
|
var flags uintptr = sysMsMgcVal
|
||||||
|
|
||||||
mountOptions := label.FormatMountLabel("discard", mountLabel)
|
mountOptions := label.FormatMountLabel("discard", mountLabel)
|
||||||
fmt.Printf("-----> setting mount label %s\n", mountOptions)
|
|
||||||
|
|
||||||
err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
|
err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
|
||||||
if err != nil && err == sysEInval {
|
if err != nil && err == sysEInval {
|
||||||
mountOptions = label.FormatMountLabel("", mountLabel)
|
mountOptions = label.FormatMountLabel("", mountLabel)
|
||||||
fmt.Printf("-----> setting mount label after error %s\n", mountOptions)
|
|
||||||
err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
|
err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,9 @@ package label
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/dotcloud/docker/pkg/selinux"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/dotcloud/docker/pkg/selinux"
|
||||||
)
|
)
|
||||||
|
|
||||||
func GenLabels(options string) (string, string, error) {
|
func GenLabels(options string) (string, string, error) {
|
||||||
|
|
@ -76,6 +77,7 @@ func Init() {
|
||||||
selinux.SelinuxEnabled()
|
selinux.SelinuxEnabled()
|
||||||
}
|
}
|
||||||
|
|
||||||
func ReserveLabel(label string) {
|
func ReserveLabel(label string) error {
|
||||||
selinux.ReserveLabel(label)
|
selinux.ReserveLabel(label)
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue