docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5058 from crosbymichael/remove-opts 

Remove -o cli flag and DriverConfig from HostConfig
This commit is contained in:
Victor Vieux 2014-04-07 16:45:54 -07:00
parent d8fc3eecf5 028d44d126
commit 8c3eb900de
10 changed files with 52 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daemonconfig/config.go
View File

@ -28,6 +28,7 @@ type Config struct {
ExecDriver string
Mtu int
DisableNetwork bool
EnableSelinuxSupport bool
}
// ConfigFromJob creates and returns a new DaemonConfig object
@ -45,6 +46,7 @@ func ConfigFromJob(job *engine.Job) *Config {
InterContainerCommunication: job.GetenvBool("InterContainerCommunication"),
GraphDriver: job.Getenv("GraphDriver"),
ExecDriver: job.Getenv("ExecDriver"),
EnableSelinuxSupport: false, // FIXME: hardcoded default to disable selinux for .10 release
}
if dns := job.GetenvList("Dns"); dns != nil {
config.Dns = dns

36
pkg/label/label_selinux.go
View File

@ -9,30 +9,31 @@ import (
)
func GenLabels(options string) (string, string, error) {
processLabel, mountLabel := selinux.GetLxcContexts()
if processLabel == "" { // SELinux is disabled
if !selinux.SelinuxEnabled() {
return "", "", nil
}
var (
err error
s = strings.Fields(options)
l = len(s)
)
if l > 0 {
pcon := selinux.NewContext(processLabel)
for i := 0; i < l; i++ {
o := strings.Split(s[i], "=")
pcon[o[0]] = o[1]
var err error
processLabel, mountLabel := selinux.GetLxcContexts()
if processLabel != "" {
var (
s = strings.Fields(options)
l = len(s)
)
if l > 0 {
pcon := selinux.NewContext(processLabel)
for i := 0; i < l; i++ {
o := strings.Split(s[i], "=")
pcon[o[0]] = o[1]
}
processLabel = pcon.Get()
mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
}
processLabel = pcon.Get()
mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
}
return processLabel, mountLabel, err
}
func FormatMountLabel(src string, mountLabel string) string {
if mountLabel != "" {
if selinux.SelinuxEnabled() && mountLabel != "" {
switch src {
case "":
src = fmt.Sprintf("%s,context=%s", src, mountLabel)
@ -65,6 +66,9 @@ func SetFileLabel(path string, fileLabel string) error {
}
func GetPidCon(pid int) (string, error) {
if !selinux.SelinuxEnabled() {
return "", nil
}
return selinux.Getpidcon(pid)
}

41
pkg/selinux/selinux.go
View File

@ -39,7 +39,12 @@ var (
type SELinuxContext map[string]string
func GetSelinuxMountPoint() string {
// SetDisabled disables selinux support for the package
func SetDisabled() {
selinuxEnabled, selinuxEnabledChecked = false, true
}
func getSelinuxMountPoint() string {
if selinuxfs != "unknown" {
return selinuxfs
}
@ -70,15 +75,15 @@ func SelinuxEnabled() bool {
return selinuxEnabled
}
selinuxEnabledChecked = true
if fs := GetSelinuxMountPoint(); fs != "" {
if con, _ := Getcon(); con != "kernel" {
if fs := getSelinuxMountPoint(); fs != "" {
if con, _ := getcon(); con != "kernel" {
selinuxEnabled = true
}
}
return selinuxEnabled
}
func ReadConfig(target string) (value string) {
func readConfig(target string) (value string) {
var (
val, key string
bufin *bufio.Reader
@ -119,8 +124,8 @@ func ReadConfig(target string) (value string) {
return ""
}
func GetSELinuxPolicyRoot() string {
return selinuxDir + ReadConfig(selinuxTypeTag)
func getSELinuxPolicyRoot() string {
return selinuxDir + readConfig(selinuxTypeTag)
}
func readCon(name string) (string, error) {
@ -140,15 +145,6 @@ func Setfilecon(path string, scon string) error {
return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
}
func Getfilecon(path string) (string, error) {
var scon []byte
cnt, err := syscall.Getxattr(path, xattrNameSelinux, scon)
scon = make([]byte, cnt)
cnt, err = syscall.Getxattr(path, xattrNameSelinux, scon)
return string(scon), err
}
func Setfscreatecon(scon string) error {
return writeCon("/proc/self/attr/fscreate", scon)
}
@ -157,7 +153,7 @@ func Getfscreatecon() (string, error) {
return readCon("/proc/self/attr/fscreate")
}
func Getcon() (string, error) {
func getcon() (string, error) {
return readCon("/proc/self/attr/current")
}
@ -188,7 +184,7 @@ func writeCon(name string, val string) error {
}
func Setexeccon(scon string) error {
return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon)
return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", system.Gettid()), scon)
}
func (c SELinuxContext) Get() string {
@ -224,7 +220,7 @@ func SelinuxGetEnforce() int {
}
func SelinuxGetEnforceMode() int {
switch ReadConfig(selinuxTag) {
switch readConfig(selinuxTag) {
case "enforcing":
return Enforcing
case "permissive":
@ -296,13 +292,6 @@ func uniqMcs(catRange uint32) string {
return mcs
}
func FreeContext(con string) {
if con != "" {
scon := NewContext(con)
mcsDelete(scon["level"])
}
}
func GetLxcContexts() (processLabel string, fileLabel string) {
var (
val, key string
@ -312,7 +301,7 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
if !SelinuxEnabled() {
return "", ""
}
lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot())
lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", getSELinuxPolicyRoot())
in, err := os.Open(lxcPath)
if err != nil {
return "", ""

7
pkg/selinux/selinux_test.go
View File

@ -12,9 +12,7 @@ func testSetfilecon(t *testing.T) {
out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
out.Close()
err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
if err == nil {
t.Log(selinux.Getfilecon(tmp))
} else {
if err != nil {
t.Log("Setfilecon failed")
t.Fatal(err)
}
@ -40,8 +38,6 @@ func TestSELinux(t *testing.T) {
t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode())
pid := os.Getpid()
t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
t.Log(selinux.Getcon())
t.Log(selinux.Getfilecon("/etc/passwd"))
err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
if err == nil {
t.Log(selinux.Getfscreatecon())
@ -57,7 +53,6 @@ func TestSELinux(t *testing.T) {
t.Fatal(err)
}
t.Log(selinux.Getpidcon(1))
t.Log(selinux.GetSelinuxMountPoint())
} else {
t.Log("Disabled")
}

4
pkg/system/calls_linux.go
View File

@ -143,3 +143,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
}
cmd.SysProcAttr.Cloneflags = flag
}
func Gettid() int {
return syscall.Gettid()
}

4
pkg/system/unsupported.go
View File

@ -13,3 +13,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
func UsetCloseOnExec(fd uintptr) error {
return ErrNotSupportedPlatform
}
func Gettid() int {
return 0
}

2
runconfig/hostconfig.go
View File

@ -14,7 +14,6 @@ type HostConfig struct {
PortBindings nat.PortMap
Links []string
PublishAllPorts bool
DriverOptions map[string][]string
}
func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@ -25,7 +24,6 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
}
job.GetenvJson("LxcConf", &hostConfig.LxcConf)
job.GetenvJson("PortBindings", &hostConfig.PortBindings)
job.GetenvJson("DriverOptions", &hostConfig.DriverOptions)
if Binds := job.GetenvList("Binds"); Binds != nil {
hostConfig.Binds = Binds
}

10
runconfig/parse.go
View File

@ -45,7 +45,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
flDnsSearch = opts.NewListOpts(opts.ValidateDomain)
flVolumesFrom opts.ListOpts
flLxcOpts opts.ListOpts
flDriverOpts opts.ListOpts
flEnvFile opts.ListOpts
flAutoRemove = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
@ -79,8 +78,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
cmd.Var(&flLxcOpts, []string{"#lxc-conf", "#-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
cmd.Var(&flDriverOpts, []string{"o", "-opt"}, "Add custom driver options")
cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
if err := cmd.Parse(args); err != nil {
return nil, nil, cmd, err
@ -224,11 +222,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
WorkingDir: *flWorkingDir,
}
driverOptions, err := parseDriverOpts(flDriverOpts)
if err != nil {
return nil, nil, cmd, err
}
hostConfig := &HostConfig{
Binds: binds,
ContainerIDFile: *flContainerIDFile,
@ -237,7 +230,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
PortBindings: portBindings,
Links: flLinks.GetAll(),
PublishAllPorts: *flPublishAll,
DriverOptions: driverOptions,
}
if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {

6
runtime/container.go
View File

@ -361,12 +361,8 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
func populateCommand(c *Container) {
var (
en *execdriver.Network
driverConfig = c.hostConfig.DriverOptions
)
if driverConfig == nil {
driverConfig = make(map[string][]string)
}
)
en = &execdriver.Network{
Mtu: c.runtime.config.Mtu,

4
runtime/runtime.go
View File

@ -11,6 +11,7 @@ import (
"github.com/dotcloud/docker/image"
"github.com/dotcloud/docker/pkg/graphdb"
"github.com/dotcloud/docker/pkg/mount"
"github.com/dotcloud/docker/pkg/selinux"
"github.com/dotcloud/docker/pkg/sysinfo"
"github.com/dotcloud/docker/runconfig"
"github.com/dotcloud/docker/runtime/execdriver"
@ -723,6 +724,9 @@ func NewRuntime(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, erro
}
func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, error) {
if !config.EnableSelinuxSupport {
selinux.SetDisabled()
}
// Set the default driver
graphdriver.DefaultDriver = config.GraphDriver