diff --git a/CHANGELOG.md b/CHANGELOG.md index 75dd094bd4..bdd91eaddc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,8 @@ #### Notable features since 0.6.0 -* Storage drivers: choose from aufs, device mapper, vfs or btrfs. -* Standard Linux support: docker now runs on unmodified linux kernels and all major distributions. +* Storage drivers: choose from aufs, device-mapper, or vfs. +* Standard Linux support: docker now runs on unmodified Linux kernels and all major distributions. * Links: compose complex software stacks by connecting containers to each other. * Container naming: organize your containers by giving them memorable names. * Advanced port redirects: specify port redirects per interface, or keep sensitive ports private. diff --git a/api.go b/api.go index 2880d0e8bc..aadd79e3c8 100644 --- a/api.go +++ b/api.go @@ -15,6 +15,7 @@ import ( "mime" "net" "net/http" + "net/http/pprof" "os" "os/exec" "regexp" @@ -1037,9 +1038,21 @@ func makeHttpHandler(srv *Server, logging bool, localMethod string, localRoute s } } +func AttachProfiler(router *mux.Router) { + router.HandleFunc("/debug/pprof/", pprof.Index) + router.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) + router.HandleFunc("/debug/pprof/profile", pprof.Profile) + router.HandleFunc("/debug/pprof/symbol", pprof.Symbol) + router.HandleFunc("/debug/pprof/heap", pprof.Handler("heap").ServeHTTP) + router.HandleFunc("/debug/pprof/goroutine", pprof.Handler("goroutine").ServeHTTP) + router.HandleFunc("/debug/pprof/threadcreate", pprof.Handler("threadcreate").ServeHTTP) +} + func createRouter(srv *Server, logging bool) (*mux.Router, error) { r := mux.NewRouter() - + if os.Getenv("DEBUG") != "" { + AttachProfiler(r) + } m := map[string]map[string]HttpApiFunc{ "GET": { "/events": getEvents, diff --git a/buildfile.go b/buildfile.go index 4ac8e75bd4..3075812436 100644 --- a/buildfile.go +++ b/buildfile.go @@ -288,7 +288,7 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error { destPath = destPath + "/" } if !strings.HasPrefix(origPath, b.context) { - return fmt.Errorf("Forbidden path: %s", origPath) + return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath) } fi, err := os.Stat(origPath) if err != nil { diff --git a/commands.go b/commands.go index dbf295cf13..846a66c7a4 100644 --- a/commands.go +++ b/commands.go @@ -2199,7 +2199,7 @@ func (cli *DockerCli) CmdCp(args ...string) error { } func (cli *DockerCli) CmdSave(args ...string) error { - cmd := cli.Subcmd("save", "IMAGE DESTINATION", "Save an image to a tar archive") + cmd := cli.Subcmd("save", "IMAGE", "Save an image to a tar archive (streamed to stdout)") if err := cmd.Parse(args); err != nil { return err } diff --git a/contrib/vagrant-docker/README.md b/contrib/vagrant-docker/README.md index fa28e448eb..836f503059 100644 --- a/contrib/vagrant-docker/README.md +++ b/contrib/vagrant-docker/README.md @@ -17,3 +17,34 @@ meaning you can use Vagrant to control Docker containers. * [docker-provider](https://github.com/fgrehm/docker-provider) * [vagrant-shell](https://github.com/destructuring/vagrant-shell) + +## Setting up Vagrant-docker with the Remote API + +The initial Docker upstart script will not work because it runs on `127.0.0.1`, which is not accessible to the host machine. Instead, we need to change the script to connect to `0.0.0.0`. To do this, modify `/etc/init/docker.conf` to look like this: + +``` +description "Docker daemon" + +start on filesystem and started lxc-net +stop on runlevel [!2345] + +respawn + +script + /usr/bin/docker -d -H=tcp://0.0.0.0:4243/ +end script +``` + +Once that's done, you need to set up a SSH tunnel between your host machine and the vagrant machine that's running Docker. This can be done by running the following command in a host terminal: + +``` +ssh -L 4243:localhost:4243 -p 2222 vagrant@localhost +``` + +(The first 4243 is what your host can connect to, the second 4243 is what port Docker is running on in the vagrant machine, and the 2222 is the port Vagrant is providing for SSH. If VirtualBox is the VM you're using, you can see what value "2222" should be by going to: Network > Adapter 1 > Advanced > Port Forwarding in the VirtualBox GUI.) + +Note that because the port has been changed, to run docker commands from within the command line you must run them like this: + +``` +sudo docker -H 0.0.0.0:4243 < commands for docker > +``` diff --git a/docs/sources/commandline/cli.rst b/docs/sources/commandline/cli.rst index 9635675a77..e35475ae96 100644 --- a/docs/sources/commandline/cli.rst +++ b/docs/sources/commandline/cli.rst @@ -797,7 +797,7 @@ Known Issues (kill) -link="": Remove the link instead of the actual container Known Issues (rm) -~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~ * :issue:`197` indicates that ``docker kill`` may leave directories behind and make it difficult to remove the container. @@ -881,8 +881,15 @@ containers will not be deleted. -name="": Assign the specified name to the container. If no name is specific docker will generate a random name -P=false: Publish all exposed ports to the host interfaces -Examples --------- +Known Issues (run -volumes-from) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* :issue:`2702`: "lxc-start: Permission denied - failed to mount" + could indicate a permissions problem with AppArmor. Please see the + issue for a workaround. + +Examples: +~~~~~~~~~ .. code-block:: bash @@ -974,16 +981,10 @@ id may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (rw or ro) as the reference container. -Known Issues (run -volumes-from) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. - .. _cli_save: ``save`` +--------- :: diff --git a/docs/sources/examples/hello_world.rst b/docs/sources/examples/hello_world.rst index 99eaa2c483..c25070fcd8 100644 --- a/docs/sources/examples/hello_world.rst +++ b/docs/sources/examples/hello_world.rst @@ -131,8 +131,6 @@ Attach to the container to see the results in real-time. - **"docker attach**" This will allow us to attach to a background process to see what is going on. -- **"-sig-proxy=true"** Proxify all received signal to the process - (even in non-tty mode) - **$CONTAINER_ID** The Id of the container we want to attach too. Exit from the container attachment by pressing Control-C. diff --git a/docs/sources/examples/postgresql_service.rst b/docs/sources/examples/postgresql_service.rst index 3649775485..82ca8b59ca 100644 --- a/docs/sources/examples/postgresql_service.rst +++ b/docs/sources/examples/postgresql_service.rst @@ -45,19 +45,21 @@ Install ``python-software-properties``. apt-get -y install python-software-properties apt-get -y install software-properties-common -Add Pitti's PostgreSQL repository. It contains the most recent stable release -of PostgreSQL i.e. ``9.2``. +Add PostgreSQL's repository. It contains the most recent stable release +of PostgreSQL i.e. ``9.3``. .. code-block:: bash - add-apt-repository ppa:pitti/postgresql + apt-get -y install wget + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - + echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list apt-get update -Finally, install PostgreSQL 9.2 +Finally, install PostgreSQL 9.3 .. code-block:: bash - apt-get -y install postgresql-9.2 postgresql-client-9.2 postgresql-contrib-9.2 + apt-get -y install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3 Now, create a PostgreSQL superuser role that can create databases and other roles. Following Vagrant's convention the role will be named @@ -76,14 +78,14 @@ role. Adjust PostgreSQL configuration so that remote connections to the database are possible. Make sure that inside -``/etc/postgresql/9.2/main/pg_hba.conf`` you have following line (you will need +``/etc/postgresql/9.3/main/pg_hba.conf`` you have following line (you will need to install an editor, e.g. ``apt-get install vim``): .. code-block:: bash host all all 0.0.0.0/0 md5 -Additionaly, inside ``/etc/postgresql/9.2/main/postgresql.conf`` +Additionaly, inside ``/etc/postgresql/9.3/main/postgresql.conf`` uncomment ``listen_addresses`` so it is as follows: .. code-block:: bash @@ -115,9 +117,9 @@ Finally, run PostgreSQL server via ``docker``. CONTAINER=$(sudo docker run -d -p 5432 \ -t /postgresql \ - /bin/su postgres -c '/usr/lib/postgresql/9.2/bin/postgres \ - -D /var/lib/postgresql/9.2/main \ - -c config_file=/etc/postgresql/9.2/main/postgresql.conf') + /bin/su postgres -c '/usr/lib/postgresql/9.3/bin/postgres \ + -D /var/lib/postgresql/9.3/main \ + -c config_file=/etc/postgresql/9.3/main/postgresql.conf') Connect the PostgreSQL server using ``psql`` (You will need postgres installed on the machine. For ubuntu, use something like @@ -132,7 +134,7 @@ As before, create roles or databases if needed. .. code-block:: bash - psql (9.2.4) + psql (9.3.1) Type "help" for help. docker=# CREATE DATABASE foo OWNER=docker; @@ -160,9 +162,9 @@ container starts. .. code-block:: bash sudo docker commit -run='{"Cmd": \ - ["/bin/su", "postgres", "-c", "/usr/lib/postgresql/9.2/bin/postgres -D \ - /var/lib/postgresql/9.2/main -c \ - config_file=/etc/postgresql/9.2/main/postgresql.conf"], "PortSpecs": ["5432"]}' \ + ["/bin/su", "postgres", "-c", "/usr/lib/postgresql/9.3/bin/postgres -D \ + /var/lib/postgresql/9.3/main -c \ + config_file=/etc/postgresql/9.3/main/postgresql.conf"], "PortSpecs": ["5432"]}' \ /postgresql From now on, just type ``docker run /postgresql`` and diff --git a/docs/sources/installation/archlinux.rst b/docs/sources/installation/archlinux.rst index d6dc239253..ae56badf4c 100644 --- a/docs/sources/installation/archlinux.rst +++ b/docs/sources/installation/archlinux.rst @@ -12,27 +12,28 @@ Arch Linux .. include:: install_unofficial.inc Installing on Arch Linux is not officially supported but can be handled via -either of the following AUR packages: +one of the following AUR packages: * `lxc-docker `_ * `lxc-docker-git `_ +* `lxc-docker-nightly `_ The lxc-docker package will install the latest tagged version of docker. The lxc-docker-git package will build from the current master branch. +The lxc-docker-nightly package will install the latest build. Dependencies ------------ Docker depends on several packages which are specified as dependencies in -either AUR package. +the AUR packages. The core dependencies are: -* aufs3 * bridge-utils -* go +* device-mapper * iproute2 -* linux-aufs_friendly * lxc + Installation ------------ @@ -41,20 +42,14 @@ The instructions here assume **yaourt** is installed. See for information on building and installing packages from the AUR if you have not done so before. -Keep in mind that if **linux-aufs_friendly** is not already installed that a -new kernel will be compiled and this can take quite a while. - :: - yaourt -S lxc-docker-git + yaourt -S lxc-docker Starting Docker --------------- -Prior to starting docker modify your bootloader to use the -**linux-aufs_friendly** kernel and reboot your system. - There is a systemd service unit created for docker. To start the docker service: :: diff --git a/graphdriver/devmapper/attach_loopback.go b/graphdriver/devmapper/attach_loopback.go new file mode 100644 index 0000000000..f91bd20165 --- /dev/null +++ b/graphdriver/devmapper/attach_loopback.go @@ -0,0 +1,124 @@ +package devmapper + +import ( + "fmt" + "github.com/dotcloud/docker/utils" +) + +func stringToLoopName(src string) [LoNameSize]uint8 { + var dst [LoNameSize]uint8 + copy(dst[:], src[:]) + return dst +} + +func getNextFreeLoopbackIndex() (int, error) { + f, err := osOpenFile("/dev/loop-control", osORdOnly, 0644) + if err != nil { + return 0, err + } + defer f.Close() + + index, err := ioctlLoopCtlGetFree(f.Fd()) + if index < 0 { + index = 0 + } + return index, err +} + +func openNextAvailableLoopback(index int, sparseFile *osFile) (loopFile *osFile, err error) { + // Start looking for a free /dev/loop + for { + target := fmt.Sprintf("/dev/loop%d", index) + index++ + + fi, err := osStat(target) + if err != nil { + if osIsNotExist(err) { + utils.Errorf("There are no more loopback device available.") + } + return nil, ErrAttachLoopbackDevice + } + + if fi.Mode()&osModeDevice != osModeDevice { + utils.Errorf("Loopback device %s is not a block device.", target) + continue + } + + // OpenFile adds O_CLOEXEC + loopFile, err = osOpenFile(target, osORdWr, 0644) + if err != nil { + utils.Errorf("Error openning loopback device: %s", err) + return nil, ErrAttachLoopbackDevice + } + + // Try to attach to the loop file + if err := ioctlLoopSetFd(loopFile.Fd(), sparseFile.Fd()); err != nil { + loopFile.Close() + + // If the error is EBUSY, then try the next loopback + if err != sysEBusy { + utils.Errorf("Cannot set up loopback device %s: %s", target, err) + return nil, ErrAttachLoopbackDevice + } + + // Otherwise, we keep going with the loop + continue + } + // In case of success, we finished. Break the loop. + break + } + + // This can't happen, but let's be sure + if loopFile == nil { + utils.Errorf("Unreachable code reached! Error attaching %s to a loopback device.", sparseFile.Name()) + return nil, ErrAttachLoopbackDevice + } + + return loopFile, nil +} + +// attachLoopDevice attaches the given sparse file to the next +// available loopback device. It returns an opened *osFile. +func attachLoopDevice(sparseName string) (loop *osFile, err error) { + + // Try to retrieve the next available loopback device via syscall. + // If it fails, we discard error and start loopking for a + // loopback from index 0. + startIndex, err := getNextFreeLoopbackIndex() + if err != nil { + utils.Debugf("Error retrieving the next available loopback: %s", err) + } + + // OpenFile adds O_CLOEXEC + sparseFile, err := osOpenFile(sparseName, osORdWr, 0644) + if err != nil { + utils.Errorf("Error openning sparse file %s: %s", sparseName, err) + return nil, ErrAttachLoopbackDevice + } + defer sparseFile.Close() + + loopFile, err := openNextAvailableLoopback(startIndex, sparseFile) + if err != nil { + return nil, err + } + + // Set the status of the loopback device + loopInfo := &LoopInfo64{ + loFileName: stringToLoopName(loopFile.Name()), + loOffset: 0, + loFlags: LoFlagsAutoClear, + } + + if err := ioctlLoopSetStatus64(loopFile.Fd(), loopInfo); err != nil { + utils.Errorf("Cannot set up loopback device info: %s", err) + + // If the call failed, then free the loopback device + if err := ioctlLoopClrFd(loopFile.Fd()); err != nil { + utils.Errorf("Error while cleaning up the loopback device") + } + loopFile.Close() + return nil, ErrAttachLoopbackDevice + } + + return loopFile, nil +} diff --git a/graphdriver/devmapper/deviceset.go b/graphdriver/devmapper/deviceset.go index 8c2556104d..77d865ad99 100644 --- a/graphdriver/devmapper/deviceset.go +++ b/graphdriver/devmapper/deviceset.go @@ -383,7 +383,7 @@ func (devices *DeviceSet) ResizePool(size int64) error { return fmt.Errorf("Can't shrink file") } - dataloopback := FindLoopDeviceFor(&osFile{File: datafile}) + dataloopback := FindLoopDeviceFor(datafile) if dataloopback == nil { return fmt.Errorf("Unable to find loopback mount for: %s", datafilename) } @@ -395,7 +395,7 @@ func (devices *DeviceSet) ResizePool(size int64) error { } defer metadatafile.Close() - metadataloopback := FindLoopDeviceFor(&osFile{File: metadatafile}) + metadataloopback := FindLoopDeviceFor(metadatafile) if metadataloopback == nil { return fmt.Errorf("Unable to find loopback mount for: %s", metadatafilename) } @@ -491,14 +491,14 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error { if info.Exists == 0 { utils.Debugf("Pool doesn't exist. Creating it.") - dataFile, err := AttachLoopDevice(data) + dataFile, err := attachLoopDevice(data) if err != nil { utils.Debugf("\n--->Err: %s\n", err) return err } defer dataFile.Close() - metadataFile, err := AttachLoopDevice(metadata) + metadataFile, err := attachLoopDevice(metadata) if err != nil { utils.Debugf("\n--->Err: %s\n", err) return err @@ -637,7 +637,7 @@ func (devices *DeviceSet) deactivateDevice(hash string) error { // or b) the 1 second timeout expires. func (devices *DeviceSet) waitRemove(hash string) error { utils.Debugf("[deviceset %s] waitRemove(%s)", devices.devicePrefix, hash) - defer utils.Debugf("[deviceset %s] waitRemove END", devices.devicePrefix, hash) + defer utils.Debugf("[deviceset %s] waitRemove(%) END", devices.devicePrefix, hash) devname, err := devices.byHash(hash) if err != nil { return err diff --git a/graphdriver/devmapper/devmapper.go b/graphdriver/devmapper/devmapper.go index 89c36d45ad..db41ed6c25 100644 --- a/graphdriver/devmapper/devmapper.go +++ b/graphdriver/devmapper/devmapper.go @@ -177,25 +177,18 @@ func (t *Task) GetNextTarget(next uintptr) (nextPtr uintptr, start uint64, start, length, targetType, params } -func AttachLoopDevice(filename string) (*osFile, error) { - var fd int - res := DmAttachLoopDevice(filename, &fd) - if res == "" { - return nil, ErrAttachLoopbackDevice - } - return &osFile{File: osNewFile(uintptr(fd), res)}, nil -} - func getLoopbackBackingFile(file *osFile) (uint64, uint64, error) { - dev, inode, err := DmGetLoopbackBackingFile(file.Fd()) - if err != 0 { + loopInfo, err := ioctlLoopGetStatus64(file.Fd()) + if err != nil { + utils.Errorf("Error get loopback backing file: %s\n", err) return 0, 0, ErrGetLoopbackBackingFile } - return dev, inode, nil + return loopInfo.loDevice, loopInfo.loInode, nil } func LoopbackSetCapacity(file *osFile) error { - if err := DmLoopbackSetCapacity(file.Fd()); err != 0 { + if err := ioctlLoopSetCapacity(file.Fd(), 0); err != nil { + utils.Errorf("Error loopbackSetCapacity: %s", err) return ErrLoopbackSetCapacity } return nil @@ -223,11 +216,10 @@ func FindLoopDeviceFor(file *osFile) *osFile { continue } - dev, inode, err := getLoopbackBackingFile(&osFile{File: file}) + dev, inode, err := getLoopbackBackingFile(file) if err == nil && dev == targetDevice && inode == targetInode { - return &osFile{File: file} + return file } - file.Close() } @@ -286,8 +278,9 @@ func RemoveDevice(name string) error { } func GetBlockDeviceSize(file *osFile) (uint64, error) { - size, errno := DmGetBlockSize(file.Fd()) - if size == -1 || errno != 0 { + size, err := ioctlBlkGetSize64(file.Fd()) + if err != nil { + utils.Errorf("Error getblockdevicesize: %s", err) return 0, ErrGetBlockSize } return uint64(size), nil @@ -420,7 +413,7 @@ func suspendDevice(name string) error { return err } if err := task.Run(); err != nil { - return fmt.Errorf("Error running DeviceSuspend") + return fmt.Errorf("Error running DeviceSuspend: %s", err) } return nil } @@ -437,7 +430,7 @@ func resumeDevice(name string) error { } if err := task.Run(); err != nil { - return fmt.Errorf("Error running DeviceSuspend") + return fmt.Errorf("Error running DeviceResume") } UdevWait(cookie) diff --git a/graphdriver/devmapper/devmapper_wrapper.go b/graphdriver/devmapper/devmapper_wrapper.go index 818c968bbf..3c195f72ea 100644 --- a/graphdriver/devmapper/devmapper_wrapper.go +++ b/graphdriver/devmapper/devmapper_wrapper.go @@ -2,124 +2,14 @@ package devmapper /* #cgo LDFLAGS: -L. -ldevmapper -#include -#include -#include #include -#include -#include -#include -#include -#include -#include -#include - -#ifndef LOOP_CTL_GET_FREE -#define LOOP_CTL_GET_FREE 0x4C82 -#endif - -// FIXME: this could easily be rewritten in go -char* attach_loop_device(const char *filename, int *loop_fd_out) -{ - struct loop_info64 loopinfo = {0}; - struct stat st; - char buf[64]; - int i, loop_fd, fd, start_index; - char* loopname; - - - *loop_fd_out = -1; - - start_index = 0; - fd = open("/dev/loop-control", O_RDONLY); - if (fd >= 0) { - start_index = ioctl(fd, LOOP_CTL_GET_FREE); - close(fd); - - if (start_index < 0) - start_index = 0; - } - - fd = open(filename, O_RDWR); - if (fd < 0) { - perror("open"); - return NULL; - } - - loop_fd = -1; - for (i = start_index ; loop_fd < 0 ; i++ ) { - if (sprintf(buf, "/dev/loop%d", i) < 0) { - close(fd); - return NULL; - } - - if (stat(buf, &st)) { - if (!S_ISBLK(st.st_mode)) { - fprintf(stderr, "[error] Loopback device %s is not a block device.\n", buf); - } else if (errno == ENOENT) { - fprintf(stderr, "[error] There are no more loopback device available.\n"); - } else { - fprintf(stderr, "[error] Unkown error trying to stat the loopback device %s (errno: %d).\n", buf, errno); - } - close(fd); - return NULL; - } - - loop_fd = open(buf, O_RDWR); - if (loop_fd < 0 && errno == ENOENT) { - fprintf(stderr, "[error] The loopback device %s does not exists.\n", buf); - close(fd); - return NULL; - } else if (loop_fd < 0) { - fprintf(stderr, "[error] Unkown error openning the loopback device %s. (errno: %d)\n", buf, errno); - continue; - } - - if (ioctl(loop_fd, LOOP_SET_FD, (void *)(size_t)fd) < 0) { - int errsv = errno; - close(loop_fd); - loop_fd = -1; - if (errsv != EBUSY) { - close(fd); - fprintf(stderr, "cannot set up loopback device %s: %s", buf, strerror(errsv)); - return NULL; - } - continue; - } - - close(fd); - - strncpy((char*)loopinfo.lo_file_name, buf, LO_NAME_SIZE); - loopinfo.lo_offset = 0; - loopinfo.lo_flags = LO_FLAGS_AUTOCLEAR; - - if (ioctl(loop_fd, LOOP_SET_STATUS64, &loopinfo) < 0) { - perror("ioctl LOOP_SET_STATUS64"); - if (ioctl(loop_fd, LOOP_CLR_FD, 0) < 0) { - perror("ioctl LOOP_CLR_FD"); - } - close(loop_fd); - fprintf (stderr, "cannot set up loopback device info"); - return (NULL); - } - - loopname = strdup(buf); - if (loopname == NULL) { - close(loop_fd); - return (NULL); - } - - *loop_fd_out = loop_fd; - return (loopname); - } - - return (NULL); -} +#include // FIXME: present only for defines, maybe we can remove it? +#include // FIXME: present only for BLKGETSIZE64, maybe we can remove it? +// FIXME: Can't we find a way to do the logging in pure Go? extern void DevmapperLogCallback(int level, char *file, int line, int dm_errno_or_class, char *str); -static void log_cb(int level, const char *file, int line, - int dm_errno_or_class, const char *f, ...) +static void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...) { char buffer[256]; va_list ap; @@ -135,7 +25,6 @@ static void log_with_errno_init() { dm_log_with_errno_init(log_cb); } - */ import "C" @@ -145,31 +34,64 @@ import ( type ( CDmTask C.struct_dm_task + + CLoopInfo64 C.struct_loop_info64 + LoopInfo64 struct { + loDevice uint64 /* ioctl r/o */ + loInode uint64 /* ioctl r/o */ + loRdevice uint64 /* ioctl r/o */ + loOffset uint64 + loSizelimit uint64 /* bytes, 0 == max available */ + loNumber uint32 /* ioctl r/o */ + loEncrypt_type uint32 + loEncrypt_key_size uint32 /* ioctl w/o */ + loFlags uint32 /* ioctl r/o */ + loFileName [LoNameSize]uint8 + loCryptName [LoNameSize]uint8 + loEncryptKey [LoKeySize]uint8 /* ioctl w/o */ + loInit [2]uint64 + } +) + +// FIXME: Make sure the values are defined in C +// IOCTL consts +const ( + BlkGetSize64 = C.BLKGETSIZE64 + + LoopSetFd = C.LOOP_SET_FD + LoopCtlGetFree = C.LOOP_CTL_GET_FREE + LoopGetStatus64 = C.LOOP_GET_STATUS64 + LoopSetStatus64 = C.LOOP_SET_STATUS64 + LoopClrFd = C.LOOP_CLR_FD + LoopSetCapacity = C.LOOP_SET_CAPACITY +) + +const ( + LoFlagsAutoClear = C.LO_FLAGS_AUTOCLEAR + LoFlagsReadOnly = C.LO_FLAGS_READ_ONLY + LoFlagsPartScan = C.LO_FLAGS_PARTSCAN + LoKeySize = C.LO_KEY_SIZE + LoNameSize = C.LO_NAME_SIZE ) var ( - DmAttachLoopDevice = dmAttachLoopDeviceFct - DmGetBlockSize = dmGetBlockSizeFct - DmGetLibraryVersion = dmGetLibraryVersionFct - DmGetNextTarget = dmGetNextTargetFct - DmLogInitVerbose = dmLogInitVerboseFct - DmSetDevDir = dmSetDevDirFct - DmTaskAddTarget = dmTaskAddTargetFct - DmTaskCreate = dmTaskCreateFct - DmTaskDestroy = dmTaskDestroyFct - DmTaskGetInfo = dmTaskGetInfoFct - DmTaskRun = dmTaskRunFct - DmTaskSetAddNode = dmTaskSetAddNodeFct - DmTaskSetCookie = dmTaskSetCookieFct - DmTaskSetMessage = dmTaskSetMessageFct - DmTaskSetName = dmTaskSetNameFct - DmTaskSetRo = dmTaskSetRoFct - DmTaskSetSector = dmTaskSetSectorFct - DmUdevWait = dmUdevWaitFct - GetBlockSize = getBlockSizeFct - LogWithErrnoInit = logWithErrnoInitFct - DmGetLoopbackBackingFile = dmGetLoopbackBackingFileFct - DmLoopbackSetCapacity = dmLoopbackSetCapacityFct + DmGetLibraryVersion = dmGetLibraryVersionFct + DmGetNextTarget = dmGetNextTargetFct + DmLogInitVerbose = dmLogInitVerboseFct + DmSetDevDir = dmSetDevDirFct + DmTaskAddTarget = dmTaskAddTargetFct + DmTaskCreate = dmTaskCreateFct + DmTaskDestroy = dmTaskDestroyFct + DmTaskGetInfo = dmTaskGetInfoFct + DmTaskRun = dmTaskRunFct + DmTaskSetAddNode = dmTaskSetAddNodeFct + DmTaskSetCookie = dmTaskSetCookieFct + DmTaskSetMessage = dmTaskSetMessageFct + DmTaskSetName = dmTaskSetNameFct + DmTaskSetRo = dmTaskSetRoFct + DmTaskSetSector = dmTaskSetSectorFct + DmUdevWait = dmUdevWaitFct + LogWithErrnoInit = logWithErrnoInitFct ) func free(p *C.char) { @@ -185,28 +107,26 @@ func dmTaskCreateFct(taskType int) *CDmTask { } func dmTaskRunFct(task *CDmTask) int { - return int(C.dm_task_run((*C.struct_dm_task)(task))) + ret, _ := C.dm_task_run((*C.struct_dm_task)(task)) + return int(ret) } func dmTaskSetNameFct(task *CDmTask, name string) int { Cname := C.CString(name) defer free(Cname) - return int(C.dm_task_set_name((*C.struct_dm_task)(task), - Cname)) + return int(C.dm_task_set_name((*C.struct_dm_task)(task), Cname)) } func dmTaskSetMessageFct(task *CDmTask, message string) int { Cmessage := C.CString(message) defer free(Cmessage) - return int(C.dm_task_set_message((*C.struct_dm_task)(task), - Cmessage)) + return int(C.dm_task_set_message((*C.struct_dm_task)(task), Cmessage)) } func dmTaskSetSectorFct(task *CDmTask, sector uint64) int { - return int(C.dm_task_set_sector((*C.struct_dm_task)(task), - C.uint64_t(sector))) + return int(C.dm_task_set_sector((*C.struct_dm_task)(task), C.uint64_t(sector))) } func dmTaskSetCookieFct(task *CDmTask, cookie *uint, flags uint16) int { @@ -214,13 +134,11 @@ func dmTaskSetCookieFct(task *CDmTask, cookie *uint, flags uint16) int { defer func() { *cookie = uint(cCookie) }() - return int(C.dm_task_set_cookie((*C.struct_dm_task)(task), &cCookie, - C.uint16_t(flags))) + return int(C.dm_task_set_cookie((*C.struct_dm_task)(task), &cCookie, C.uint16_t(flags))) } func dmTaskSetAddNodeFct(task *CDmTask, addNode AddNodeType) int { - return int(C.dm_task_set_add_node((*C.struct_dm_task)(task), - C.dm_add_node_t(addNode))) + return int(C.dm_task_set_add_node((*C.struct_dm_task)(task), C.dm_add_node_t(addNode))) } func dmTaskSetRoFct(task *CDmTask) int { @@ -236,26 +154,7 @@ func dmTaskAddTargetFct(task *CDmTask, Cparams := C.CString(params) defer free(Cparams) - return int(C.dm_task_add_target((*C.struct_dm_task)(task), - C.uint64_t(start), C.uint64_t(size), Cttype, Cparams)) -} - -func dmGetLoopbackBackingFileFct(fd uintptr) (uint64, uint64, sysErrno) { - var lo64 C.struct_loop_info64 - _, _, err := sysSyscall(sysSysIoctl, fd, C.LOOP_GET_STATUS64, - uintptr(unsafe.Pointer(&lo64))) - return uint64(lo64.lo_device), uint64(lo64.lo_inode), sysErrno(err) -} - -func dmLoopbackSetCapacityFct(fd uintptr) sysErrno { - _, _, err := sysSyscall(sysSysIoctl, fd, C.LOOP_SET_CAPACITY, 0) - return sysErrno(err) -} - -func dmGetBlockSizeFct(fd uintptr) (int64, sysErrno) { - var size int64 - _, _, err := sysSyscall(sysSysIoctl, fd, C.BLKGETSIZE64, uintptr(unsafe.Pointer(&size))) - return size, sysErrno(err) + return int(C.dm_task_add_target((*C.struct_dm_task)(task), C.uint64_t(start), C.uint64_t(size), Cttype, Cparams)) } func dmTaskGetInfoFct(task *CDmTask, info *Info) int { @@ -287,30 +186,10 @@ func dmGetNextTargetFct(task *CDmTask, next uintptr, start, length *uint64, targ *params = C.GoString(Cparams) }() - nextp := C.dm_get_next_target((*C.struct_dm_task)(task), - unsafe.Pointer(next), &Cstart, &Clength, &CtargetType, &Cparams) + nextp := C.dm_get_next_target((*C.struct_dm_task)(task), unsafe.Pointer(next), &Cstart, &Clength, &CtargetType, &Cparams) return uintptr(nextp) } -func dmAttachLoopDeviceFct(filename string, fd *int) string { - cFilename := C.CString(filename) - defer free(cFilename) - - var cFd C.int - defer func() { - *fd = int(cFd) - }() - - ret := C.attach_loop_device(cFilename, &cFd) - defer free(ret) - return C.GoString(ret) -} - -func getBlockSizeFct(fd uintptr, size *uint64) sysErrno { - _, _, err := sysSyscall(sysSysIoctl, fd, C.BLKGETSIZE64, uintptr(unsafe.Pointer(&size))) - return sysErrno(err) -} - func dmUdevWaitFct(cookie uint) int { return int(C.dm_udev_wait(C.uint32_t(cookie))) } diff --git a/graphdriver/devmapper/driver_test.go b/graphdriver/devmapper/driver_test.go index 3204575dd9..3950152fb7 100644 --- a/graphdriver/devmapper/driver_test.go +++ b/graphdriver/devmapper/driver_test.go @@ -55,12 +55,6 @@ func denyAllDevmapper() { DmGetNextTarget = func(task *CDmTask, next uintptr, start, length *uint64, target, params *string) uintptr { panic("DmGetNextTarget: this method should not be called here") } - DmAttachLoopDevice = func(filename string, fd *int) string { - panic("DmAttachLoopDevice: this method should not be called here") - } - DmGetBlockSize = func(fd uintptr) (int64, sysErrno) { - panic("DmGetBlockSize: this method should not be called here") - } DmUdevWait = func(cookie uint) int { panic("DmUdevWait: this method should not be called here") } @@ -76,9 +70,6 @@ func denyAllDevmapper() { DmTaskDestroy = func(task *CDmTask) { panic("DmTaskDestroy: this method should not be called here") } - GetBlockSize = func(fd uintptr, size *uint64) sysErrno { - panic("GetBlockSize: this method should not be called here") - } LogWithErrnoInit = func() { panic("LogWithErrnoInit: this method should not be called here") } @@ -155,11 +146,10 @@ func (r Set) Assert(t *testing.T, names ...string) { func TestInit(t *testing.T) { var ( - calls = make(Set) - devicesAttached = make(Set) - taskMessages = make(Set) - taskTypes = make(Set) - home = mkTestDirectory(t) + calls = make(Set) + taskMessages = make(Set) + taskTypes = make(Set) + home = mkTestDirectory(t) ) defer osRemoveAll(home) @@ -233,29 +223,6 @@ func TestInit(t *testing.T) { taskMessages[message] = true return 1 } - var ( - fakeDataLoop = "/dev/loop42" - fakeMetadataLoop = "/dev/loop43" - fakeDataLoopFd = 42 - fakeMetadataLoopFd = 43 - ) - var attachCount int - DmAttachLoopDevice = func(filename string, fd *int) string { - calls["DmAttachLoopDevice"] = true - if _, exists := devicesAttached[filename]; exists { - t.Fatalf("Already attached %s", filename) - } - devicesAttached[filename] = true - // This will crash if fd is not dereferenceable - if attachCount == 0 { - attachCount++ - *fd = fakeDataLoopFd - return fakeDataLoop - } else { - *fd = fakeMetadataLoopFd - return fakeMetadataLoop - } - } DmTaskDestroy = func(task *CDmTask) { calls["DmTaskDestroy"] = true expectedTask := &task1 @@ -263,14 +230,6 @@ func TestInit(t *testing.T) { t.Fatalf("Wrong libdevmapper call\nExpected: DmTaskDestroy(%v)\nReceived: DmTaskDestroy(%v)\n", expectedTask, task) } } - fakeBlockSize := int64(4242 * 512) - DmGetBlockSize = func(fd uintptr) (int64, sysErrno) { - calls["DmGetBlockSize"] = true - if expectedFd := uintptr(42); fd != expectedFd { - t.Fatalf("Wrong libdevmapper call\nExpected: DmGetBlockSize(%v)\nReceived: DmGetBlockSize(%v)\n", expectedFd, fd) - } - return fakeBlockSize, 0 - } DmTaskAddTarget = func(task *CDmTask, start, size uint64, ttype, params string) int { calls["DmTaskSetTarget"] = true expectedTask := &task1 @@ -345,11 +304,9 @@ func TestInit(t *testing.T) { "DmTaskSetName", "DmTaskRun", "DmTaskGetInfo", - "DmAttachLoopDevice", "DmTaskDestroy", "execRun", "DmTaskCreate", - "DmGetBlockSize", "DmTaskSetTarget", "DmTaskSetCookie", "DmUdevWait", @@ -357,7 +314,6 @@ func TestInit(t *testing.T) { "DmTaskSetMessage", "DmTaskSetAddNode", ) - devicesAttached.Assert(t, path.Join(home, "devicemapper", "data"), path.Join(home, "devicemapper", "metadata")) taskTypes.Assert(t, "0", "6", "17") taskMessages.Assert(t, "create_thin 0", "set_transaction_id 0 1") } @@ -408,17 +364,9 @@ func mockAllDevmapper(calls Set) { calls["DmTaskSetMessage"] = true return 1 } - DmAttachLoopDevice = func(filename string, fd *int) string { - calls["DmAttachLoopDevice"] = true - return "/dev/loop42" - } DmTaskDestroy = func(task *CDmTask) { calls["DmTaskDestroy"] = true } - DmGetBlockSize = func(fd uintptr) (int64, sysErrno) { - calls["DmGetBlockSize"] = true - return int64(4242 * 512), 0 - } DmTaskAddTarget = func(task *CDmTask, start, size uint64, ttype, params string) int { calls["DmTaskSetTarget"] = true return 1 @@ -489,6 +437,32 @@ func TestDriverCreate(t *testing.T) { return false, nil } + sysSyscall = func(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { + calls["sysSyscall"] = true + if trap != sysSysIoctl { + t.Fatalf("Unexpected syscall. Expecting SYS_IOCTL, received: %d", trap) + } + switch a2 { + case LoopSetFd: + calls["ioctl.loopsetfd"] = true + case LoopCtlGetFree: + calls["ioctl.loopctlgetfree"] = true + case LoopGetStatus64: + calls["ioctl.loopgetstatus"] = true + case LoopSetStatus64: + calls["ioctl.loopsetstatus"] = true + case LoopClrFd: + calls["ioctl.loopclrfd"] = true + case LoopSetCapacity: + calls["ioctl.loopsetcapacity"] = true + case BlkGetSize64: + calls["ioctl.blkgetsize"] = true + default: + t.Fatalf("Unexpected IOCTL. Received %d", a2) + } + return 0, 0, 0 + } + func() { d := newDriver(t) @@ -498,16 +472,18 @@ func TestDriverCreate(t *testing.T) { "DmTaskSetName", "DmTaskRun", "DmTaskGetInfo", - "DmAttachLoopDevice", "execRun", "DmTaskCreate", - "DmGetBlockSize", "DmTaskSetTarget", "DmTaskSetCookie", "DmUdevWait", "DmTaskSetSector", "DmTaskSetMessage", "DmTaskSetAddNode", + "sysSyscall", + "ioctl.blkgetsize", + "ioctl.loopsetfd", + "ioctl.loopsetstatus", ) if err := d.Create("1", ""); err != nil { @@ -579,6 +555,32 @@ func TestDriverRemove(t *testing.T) { return false, nil } + sysSyscall = func(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { + calls["sysSyscall"] = true + if trap != sysSysIoctl { + t.Fatalf("Unexpected syscall. Expecting SYS_IOCTL, received: %d", trap) + } + switch a2 { + case LoopSetFd: + calls["ioctl.loopsetfd"] = true + case LoopCtlGetFree: + calls["ioctl.loopctlgetfree"] = true + case LoopGetStatus64: + calls["ioctl.loopgetstatus"] = true + case LoopSetStatus64: + calls["ioctl.loopsetstatus"] = true + case LoopClrFd: + calls["ioctl.loopclrfd"] = true + case LoopSetCapacity: + calls["ioctl.loopsetcapacity"] = true + case BlkGetSize64: + calls["ioctl.blkgetsize"] = true + default: + t.Fatalf("Unexpected IOCTL. Received %d", a2) + } + return 0, 0, 0 + } + func() { d := newDriver(t) @@ -588,16 +590,18 @@ func TestDriverRemove(t *testing.T) { "DmTaskSetName", "DmTaskRun", "DmTaskGetInfo", - "DmAttachLoopDevice", "execRun", "DmTaskCreate", - "DmGetBlockSize", "DmTaskSetTarget", "DmTaskSetCookie", "DmUdevWait", "DmTaskSetSector", "DmTaskSetMessage", "DmTaskSetAddNode", + "sysSyscall", + "ioctl.blkgetsize", + "ioctl.loopsetfd", + "ioctl.loopsetstatus", ) if err := d.Create("1", ""); err != nil { diff --git a/graphdriver/devmapper/ioctl.go b/graphdriver/devmapper/ioctl.go new file mode 100644 index 0000000000..65c6c1a512 --- /dev/null +++ b/graphdriver/devmapper/ioctl.go @@ -0,0 +1,58 @@ +package devmapper + +import ( + "unsafe" +) + +func ioctlLoopCtlGetFree(fd uintptr) (int, error) { + index, _, err := sysSyscall(sysSysIoctl, fd, LoopCtlGetFree, 0) + if err != 0 { + return 0, err + } + return int(index), nil +} + +func ioctlLoopSetFd(loopFd, sparseFd uintptr) error { + if _, _, err := sysSyscall(sysSysIoctl, loopFd, LoopSetFd, sparseFd); err != 0 { + return err + } + return nil +} + +func ioctlLoopSetStatus64(loopFd uintptr, loopInfo *LoopInfo64) error { + if _, _, err := sysSyscall(sysSysIoctl, loopFd, LoopSetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 { + return err + } + return nil +} + +func ioctlLoopClrFd(loopFd uintptr) error { + if _, _, err := sysSyscall(sysSysIoctl, loopFd, LoopClrFd, 0); err != 0 { + return err + } + return nil +} + +func ioctlLoopGetStatus64(loopFd uintptr) (*LoopInfo64, error) { + loopInfo := &LoopInfo64{} + + if _, _, err := sysSyscall(sysSysIoctl, loopFd, LoopGetStatus64, uintptr(unsafe.Pointer(loopInfo))); err != 0 { + return nil, err + } + return loopInfo, nil +} + +func ioctlLoopSetCapacity(loopFd uintptr, value int) error { + if _, _, err := sysSyscall(sysSysIoctl, loopFd, LoopSetCapacity, uintptr(value)); err != 0 { + return err + } + return nil +} + +func ioctlBlkGetSize64(fd uintptr) (int64, error) { + var size int64 + if _, _, err := sysSyscall(sysSysIoctl, fd, BlkGetSize64, uintptr(unsafe.Pointer(&size))); err != 0 { + return 0, err + } + return size, nil +} diff --git a/graphdriver/devmapper/sys.go b/graphdriver/devmapper/sys.go index 60bafb5f6d..e06165c824 100644 --- a/graphdriver/devmapper/sys.go +++ b/graphdriver/devmapper/sys.go @@ -19,7 +19,11 @@ var ( sysCloseOnExec = syscall.CloseOnExec sysSyscall = syscall.Syscall - osOpenFile = os.OpenFile + osOpenFile = func(name string, flag int, perm os.FileMode) (*osFile, error) { + f, err := os.OpenFile(name, flag, perm) + return &osFile{File: f}, err + } + osOpen = func(name string) (*osFile, error) { f, err := os.Open(name); return &osFile{File: f}, err } osNewFile = os.NewFile osCreate = os.Create osStat = os.Stat @@ -30,9 +34,7 @@ var ( osRename = os.Rename osReadlink = os.Readlink - execRun = func(name string, args ...string) error { - return exec.Command(name, args...).Run() - } + execRun = func(name string, args ...string) error { return exec.Command(name, args...).Run() } ) const ( @@ -40,9 +42,12 @@ const ( sysMsRdOnly = syscall.MS_RDONLY sysEInval = syscall.EINVAL sysSysIoctl = syscall.SYS_IOCTL + sysEBusy = syscall.EBUSY - osORdWr = os.O_RDWR - osOCreate = os.O_CREATE + osORdOnly = os.O_RDONLY + osORdWr = os.O_RDWR + osOCreate = os.O_CREATE + osModeDevice = os.ModeDevice ) func toSysStatT(i interface{}) *sysStatT { diff --git a/hack/make/dyntest b/hack/make/dyntest index ff607d3910..756b038207 100644 --- a/hack/make/dyntest +++ b/hack/make/dyntest @@ -19,18 +19,35 @@ fi bundle_test() { { date - for test_dir in $(find_test_dirs); do ( - set -x - cd $test_dir + + TESTS_FAILED=() + for test_dir in $(find_test_dirs); do + echo - # Install packages that are dependencies of the tests. - # Note: Does not run the tests. - go test -i -ldflags "$LDFLAGS" $BUILDFLAGS - - # Run the tests with the optional $TESTFLAGS. - export TEST_DOCKERINIT_PATH=$DEST/../dynbinary/dockerinit-$VERSION - go test -v -ldflags "$LDFLAGS -X github.com/dotcloud/docker/utils.INITSHA1 \"$DOCKER_INITSHA1\"" $BUILDFLAGS $TESTFLAGS - ) done + if ! ( + set -x + cd $test_dir + + # Install packages that are dependencies of the tests. + # Note: Does not run the tests. + go test -i -ldflags "$LDFLAGS" $BUILDFLAGS + + # Run the tests with the optional $TESTFLAGS. + export TEST_DOCKERINIT_PATH=$DEST/../dynbinary/dockerinit-$VERSION + go test -v -ldflags "$LDFLAGS -X github.com/dotcloud/docker/utils.INITSHA1 \"$DOCKER_INITSHA1\"" $BUILDFLAGS $TESTFLAGS + ); then + TESTS_FAILED+=("$test_dir") + sleep 1 # give it a second, so observers watching can take note + fi + done + + # if some tests fail, we want the bundlescript to fail, but we want to + # try running ALL the tests first, hence TESTS_FAILED + if [ "${#TESTS_FAILED[@]}" -gt 0 ]; then + echo + echo "Test failures in: ${TESTS_FAILED[@]}" + false + fi } 2>&1 | tee $DEST/test.log } diff --git a/hack/make/test b/hack/make/test index 45ffe87fbd..361f731d70 100644 --- a/hack/make/test +++ b/hack/make/test @@ -13,17 +13,34 @@ set -e bundle_test() { { date - for test_dir in $(find_test_dirs); do ( - set -x - cd $test_dir + + TESTS_FAILED=() + for test_dir in $(find_test_dirs); do + echo - # Install packages that are dependencies of the tests. - # Note: Does not run the tests. - go test -i -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS - - # Run the tests with the optional $TESTFLAGS. - go test -v -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS $TESTFLAGS - ) done + if ! ( + set -x + cd $test_dir + + # Install packages that are dependencies of the tests. + # Note: Does not run the tests. + go test -i -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS + + # Run the tests with the optional $TESTFLAGS. + go test -v -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS $TESTFLAGS + ); then + TESTS_FAILED+=("$test_dir") + sleep 1 # give it a second, so observers watching can take note + fi + done + + # if some tests fail, we want the bundlescript to fail, but we want to + # try running ALL the tests first, hence TESTS_FAILED + if [ "${#TESTS_FAILED[@]}" -gt 0 ]; then + echo + echo "Test failures in: ${TESTS_FAILED[@]}" + false + fi } 2>&1 | tee $DEST/test.log } diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go index 964b58403b..20d0450a7c 100644 --- a/integration/buildfile_test.go +++ b/integration/buildfile_test.go @@ -483,7 +483,7 @@ func TestForbiddenContextPath(t *testing.T) { t.Fail() } - if err.Error() != "Forbidden path: /" { + if err.Error() != "Forbidden path outside the build context: ../../ (/)" { t.Logf("Error message is not expected: %s", err.Error()) t.Fail() } diff --git a/lxc_template.go b/lxc_template.go index 2ba2867428..2d95a2971d 100644 --- a/lxc_template.go +++ b/lxc_template.go @@ -1,6 +1,7 @@ package docker import ( + "strings" "text/template" ) @@ -31,8 +32,8 @@ lxc.rootfs = {{$ROOTFS}} {{if and .HostnamePath .HostsPath}} # enable domain name support -lxc.mount.entry = {{.HostnamePath}} {{$ROOTFS}}/etc/hostname none bind,ro 0 0 -lxc.mount.entry = {{.HostsPath}} {{$ROOTFS}}/etc/hosts none bind,ro 0 0 +lxc.mount.entry = {{escapeFstabSpaces .HostnamePath}} {{escapeFstabSpaces $ROOTFS}}/etc/hostname none bind,ro 0 0 +lxc.mount.entry = {{escapeFstabSpaces .HostsPath}} {{escapeFstabSpaces $ROOTFS}}/etc/hosts none bind,ro 0 0 {{end}} # use a dedicated pts for the container (and limit the number of pseudo terminal @@ -84,27 +85,27 @@ lxc.cgroup.devices.allow = c 10:200 rwm lxc.pivotdir = lxc_putold # WARNING: procfs is a known attack vector and should probably be disabled # if your userspace allows it. eg. see http://blog.zx2c4.com/749 -lxc.mount.entry = proc {{$ROOTFS}}/proc proc nosuid,nodev,noexec 0 0 +lxc.mount.entry = proc {{escapeFstabSpaces $ROOTFS}}/proc proc nosuid,nodev,noexec 0 0 # WARNING: sysfs is a known attack vector and should probably be disabled # if your userspace allows it. eg. see http://bit.ly/T9CkqJ -lxc.mount.entry = sysfs {{$ROOTFS}}/sys sysfs nosuid,nodev,noexec 0 0 -lxc.mount.entry = devpts {{$ROOTFS}}/dev/pts devpts newinstance,ptmxmode=0666,nosuid,noexec 0 0 -#lxc.mount.entry = varrun {{$ROOTFS}}/var/run tmpfs mode=755,size=4096k,nosuid,nodev,noexec 0 0 -#lxc.mount.entry = varlock {{$ROOTFS}}/var/lock tmpfs size=1024k,nosuid,nodev,noexec 0 0 -lxc.mount.entry = shm {{$ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0 +lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noexec 0 0 +lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts newinstance,ptmxmode=0666,nosuid,noexec 0 0 +#lxc.mount.entry = varrun {{escapeFstabSpaces $ROOTFS}}/var/run tmpfs mode=755,size=4096k,nosuid,nodev,noexec 0 0 +#lxc.mount.entry = varlock {{escapeFstabSpaces $ROOTFS}}/var/lock tmpfs size=1024k,nosuid,nodev,noexec 0 0 +lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0 # Inject dockerinit -lxc.mount.entry = {{.SysInitPath}} {{$ROOTFS}}/.dockerinit none bind,ro 0 0 +lxc.mount.entry = {{escapeFstabSpaces .SysInitPath}} {{escapeFstabSpaces $ROOTFS}}/.dockerinit none bind,ro 0 0 # Inject env -lxc.mount.entry = {{.EnvConfigPath}} {{$ROOTFS}}/.dockerenv none bind,ro 0 0 +lxc.mount.entry = {{escapeFstabSpaces .EnvConfigPath}} {{escapeFstabSpaces $ROOTFS}}/.dockerenv none bind,ro 0 0 # In order to get a working DNS environment, mount bind (ro) the host's /etc/resolv.conf into the container -lxc.mount.entry = {{.ResolvConfPath}} {{$ROOTFS}}/etc/resolv.conf none bind,ro 0 0 +lxc.mount.entry = {{escapeFstabSpaces .ResolvConfPath}} {{escapeFstabSpaces $ROOTFS}}/etc/resolv.conf none bind,ro 0 0 {{if .Volumes}} {{ $rw := .VolumesRW }} {{range $virtualPath, $realPath := .Volumes}} -lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,{{ if index $rw $virtualPath }}rw{{else}}ro{{end}} 0 0 +lxc.mount.entry = {{escapeFstabSpaces $realPath}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $virtualPath}} none bind,{{ if index $rw $virtualPath }}rw{{else}}ro{{end}} 0 0 {{end}} {{end}} @@ -144,6 +145,12 @@ lxc.cgroup.cpu.shares = {{.Config.CpuShares}} var LxcTemplateCompiled *template.Template +// Escape spaces in strings according to the fstab documentation, which is the +// format for "lxc.mount.entry" lines in lxc.conf. See also "man 5 fstab". +func escapeFstabSpaces(field string) string { + return strings.Replace(field, " ", "\\040", -1) +} + func getMemorySwap(config *Config) int64 { // By default, MemorySwap is set to twice the size of RAM. // If you want to omit MemorySwap, set it to `-1'. @@ -164,9 +171,10 @@ func getCapabilities(container *Container) *Capabilities { func init() { var err error funcMap := template.FuncMap{ - "getMemorySwap": getMemorySwap, - "getHostConfig": getHostConfig, - "getCapabilities": getCapabilities, + "getMemorySwap": getMemorySwap, + "getHostConfig": getHostConfig, + "getCapabilities": getCapabilities, + "escapeFstabSpaces": escapeFstabSpaces, } LxcTemplateCompiled, err = template.New("lxc").Funcs(funcMap).Parse(LxcTemplate) if err != nil { diff --git a/lxc_template_unit_test.go b/lxc_template_unit_test.go index ce5af1d321..ccdfec8890 100644 --- a/lxc_template_unit_test.go +++ b/lxc_template_unit_test.go @@ -100,3 +100,21 @@ func grepFile(t *testing.T, path string, pattern string) { } t.Fatalf("grepFile: pattern \"%s\" not found in \"%s\"", pattern, path) } + +func TestEscapeFstabSpaces(t *testing.T) { + var testInputs = map[string]string{ + " ": "\\040", + "": "", + "/double space": "/double\\040\\040space", + "/some long test string": "/some\\040long\\040test\\040string", + "/var/lib/docker": "/var/lib/docker", + " leading": "\\040leading", + "trailing ": "trailing\\040", + } + for in, exp := range testInputs { + if out := escapeFstabSpaces(in); exp != out { + t.Logf("Expected %s got %s", exp, out) + t.Fail() + } + } +} diff --git a/server.go b/server.go index 3783c7bded..5e42b0d458 100644 --- a/server.go +++ b/server.go @@ -1011,16 +1011,9 @@ func (srv *Server) ImagePull(localName string, tag string, out io.Writer, sf *ut localName = remoteName } - err = srv.pullRepository(r, out, localName, remoteName, tag, endpoint, sf, parallel) - if err == registry.ErrLoginRequired { + if err = srv.pullRepository(r, out, localName, remoteName, tag, endpoint, sf, parallel); err != nil { return err } - if err != nil { - if err := srv.pullImage(r, out, remoteName, endpoint, nil, sf); err != nil { - return err - } - return nil - } return nil } diff --git a/term/term.go b/term/term.go index f7d9930ad0..ea94b44ade 100644 --- a/term/term.go +++ b/term/term.go @@ -9,7 +9,7 @@ import ( ) var ( - ErrInvalidState = errors.New("Invlid terminal state") + ErrInvalidState = errors.New("Invalid terminal state") ) type State struct {