本文整理汇总了Golang中github.com/appc/spec/schema/types.App.SupplementaryGIDs方法的典型用法代码示例。如果您正苦于以下问题:Golang App.SupplementaryGIDs方法的具体用法?Golang App.SupplementaryGIDs怎么用?Golang App.SupplementaryGIDs使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/appc/spec/schema/types.App
的用法示例。
在下文中一共展示了App.SupplementaryGIDs方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: setSupplementaryGIDs
func setSupplementaryGIDs(app *appctypes.App, podCtx *api.PodSecurityContext) {
if podCtx != nil {
app.SupplementaryGIDs = app.SupplementaryGIDs[:0]
for _, v := range podCtx.SupplementalGroups {
app.SupplementaryGIDs = append(app.SupplementaryGIDs, int(v))
}
if podCtx.FSGroup != nil {
app.SupplementaryGIDs = append(app.SupplementaryGIDs, int(*podCtx.FSGroup))
}
}
}
示例2: patchManifest
func patchManifest(im *schema.ImageManifest) error {
if patchName != "" {
name, err := types.NewACIdentifier(patchName)
if err != nil {
return err
}
im.Name = *name
}
var app *types.App = im.App
if patchExec != "" {
if app == nil {
// if the original manifest was missing an app and
// patchExec is set let's assume the user is trying to
// inject one...
im.App = &types.App{}
app = im.App
}
app.Exec = strings.Split(patchExec, " ")
}
if patchUser != "" ||
patchGroup != "" ||
patchSupplementaryGIDs != "" ||
patchCaps != "" ||
patchRevokeCaps != "" ||
patchMounts != "" ||
patchPorts != "" ||
patchIsolators != "" {
// ...but if we still don't have an app and the user is trying
// to patch one of its other parameters, it's an error
if app == nil {
return fmt.Errorf("no app in the supplied manifest and no exec command provided")
}
}
if patchUser != "" {
app.User = patchUser
}
if patchGroup != "" {
app.Group = patchGroup
}
if patchSupplementaryGIDs != "" {
app.SupplementaryGIDs = []int{}
gids := strings.Split(patchSupplementaryGIDs, ",")
for _, g := range gids {
gid, err := strconv.Atoi(g)
if err != nil {
return fmt.Errorf("invalid supplementary group %q: %v", g, err)
}
app.SupplementaryGIDs = append(app.SupplementaryGIDs, gid)
}
}
if patchCaps != "" {
isolator := app.Isolators.GetByName(types.LinuxCapabilitiesRetainSetName)
if isolator != nil {
return fmt.Errorf("isolator already exists (os/linux/capabilities-retain-set)")
}
// Instantiate a Isolator with the content specified by the --capability
// parameter.
caps, err := types.NewLinuxCapabilitiesRetainSet(strings.Split(patchCaps, ",")...)
if err != nil {
return fmt.Errorf("cannot parse capability %q: %v", patchCaps, err)
}
app.Isolators = append(app.Isolators, caps.AsIsolator())
}
if patchRevokeCaps != "" {
isolator := app.Isolators.GetByName(types.LinuxCapabilitiesRevokeSetName)
if isolator != nil {
return fmt.Errorf("isolator already exists (os/linux/capabilities-remove-set)")
}
// Instantiate a Isolator with the content specified by the --revoke-capability
// parameter.
caps, err := types.NewLinuxCapabilitiesRevokeSet(strings.Split(patchRevokeCaps, ",")...)
if err != nil {
return fmt.Errorf("cannot parse capability %q: %v", patchRevokeCaps, err)
}
app.Isolators = append(app.Isolators, caps.AsIsolator())
}
if patchMounts != "" {
mounts := strings.Split(patchMounts, ":")
for _, m := range mounts {
mountPoint, err := types.MountPointFromString(m)
if err != nil {
return fmt.Errorf("cannot parse mount point %q: %v", m, err)
}
app.MountPoints = append(app.MountPoints, *mountPoint)
}
}
if patchPorts != "" {
ports := strings.Split(patchPorts, ":")
for _, p := range ports {
//.........这里部分代码省略.........
示例3: patchManifest
func patchManifest(im *schema.ImageManifest) error {
if patchName != "" {
name, err := types.NewACIdentifier(patchName)
if err != nil {
return err
}
im.Name = *name
}
var app *types.App = im.App
if patchExec != "" {
if app == nil {
// if the original manifest was missing an app and
// patchExec is set let's assume the user is trying to
// inject one...
im.App = &types.App{}
app = im.App
}
app.Exec = strings.Split(patchExec, " ")
}
if patchUser != "" || patchGroup != "" || patchSupplementaryGIDs != "" || patchCaps != "" || patchMounts != "" || patchPorts != "" || patchIsolators != "" {
// ...but if we still don't have an app and the user is trying
// to patch one of its other parameters, it's an error
if app == nil {
return fmt.Errorf("no app in the supplied manifest and no exec command provided")
}
}
if patchUser != "" {
app.User = patchUser
}
if patchGroup != "" {
app.Group = patchGroup
}
if patchSupplementaryGIDs != "" {
app.SupplementaryGIDs = []int{}
gids := strings.Split(patchSupplementaryGIDs, ",")
for _, g := range gids {
gid, err := strconv.Atoi(g)
if err != nil {
return fmt.Errorf("invalid supplementary group %q: %v", g, err)
}
app.SupplementaryGIDs = append(app.SupplementaryGIDs, gid)
}
}
if patchCaps != "" {
isolator := app.Isolators.GetByName(types.LinuxCapabilitiesRetainSetName)
if isolator != nil {
return fmt.Errorf("isolator already exists")
}
// Instantiate a Isolator with the content specified by the --capability
// parameter.
// TODO: Instead of creating a JSON and then unmarshalling it, the isolator
// should be instantiated directory. But it requires a constructor, see:
// https://github.com/appc/spec/issues/268
capsList := strings.Split(patchCaps, ",")
caps := fmt.Sprintf(`"set": ["%s"]`, strings.Join(capsList, `", "`))
isolatorStr := getIsolatorStr(types.LinuxCapabilitiesRetainSetName, caps)
isolator = &types.Isolator{}
err := isolator.UnmarshalJSON([]byte(isolatorStr))
if err != nil {
return fmt.Errorf("cannot parse capability %q: %v", patchCaps, err)
}
app.Isolators = append(app.Isolators, *isolator)
}
if patchMounts != "" {
mounts := strings.Split(patchMounts, ":")
for _, m := range mounts {
mountPoint, err := types.MountPointFromString(m)
if err != nil {
return fmt.Errorf("cannot parse mount point %q: %v", m, err)
}
app.MountPoints = append(app.MountPoints, *mountPoint)
}
}
if patchPorts != "" {
ports := strings.Split(patchPorts, ":")
for _, p := range ports {
port, err := types.PortFromString(p)
if err != nil {
return fmt.Errorf("cannot parse port %q: %v", p, err)
}
app.Ports = append(app.Ports, *port)
}
}
if patchIsolators != "" {
isolators := strings.Split(patchIsolators, ":")
for _, is := range isolators {
name, isolatorStr, err := isolatorStrFromString(is)
if err != nil {
//.........这里部分代码省略.........
示例4: genManifest
func genManifest(path string) *schema.ImageManifest {
// Get runtime.json and config.json
runtimePath := path + "/runtime.json"
configPath := path + "/config.json"
runtime, err := ioutil.ReadFile(runtimePath)
if err != nil {
logrus.Debugf("Open file runtime.json failed: %v", err)
return nil
}
config, err := ioutil.ReadFile(configPath)
if err != nil {
logrus.Debugf("Open file config.json failed: %v", err)
return nil
}
var spec specs.LinuxSpec
err = json.Unmarshal(config, &spec)
if err != nil {
logrus.Debugf("Unmarshal config.json failed: %v", err)
return nil
}
var runSpec specs.LinuxRuntimeSpec
err = json.Unmarshal(runtime, &runSpec)
if err != nil {
logrus.Debugf("Unmarshal runtime.json failed: %v", err)
return nil
}
// Begin to convert runtime.json/config.json to manifest
m := new(schema.ImageManifest)
// 1. Assemble "acKind" field
m.ACKind = schema.ImageManifestKind
// 2. Assemble "acVersion" field
m.ACVersion = schema.AppContainerVersion
// 3. Assemble "name" field
m.Name = types.ACIdentifier(manifestName)
// 4. Assemble "labels" field
// 4.1 "version"
label := new(types.Label)
label.Name = types.ACIdentifier("version")
label.Value = spec.Version
m.Labels = append(m.Labels, *label)
// 4.2 "os"
label = new(types.Label)
label.Name = types.ACIdentifier("os")
label.Value = spec.Platform.OS
m.Labels = append(m.Labels, *label)
// 4.3 "arch"
label = new(types.Label)
label.Name = types.ACIdentifier("arch")
label.Value = spec.Platform.Arch
m.Labels = append(m.Labels, *label)
// 5. Assemble "app" field
app := new(types.App)
// 5.1 "exec"
app.Exec = spec.Process.Args
prefixDir := ""
//var exeStr string
if app.Exec == nil {
app.Exec = append(app.Exec, "/bin/sh")
} else {
if !filepath.IsAbs(app.Exec[0]) {
if spec.Process.Cwd == "" {
prefixDir = "/"
} else {
prefixDir = spec.Process.Cwd
}
}
app.Exec[0] = prefixDir + app.Exec[0]
// If exec is /xx, it must be wrong, /bin will be prefixed it.
var res []string
res = strings.SplitAfter(app.Exec[0], "/")
if len(res) <= 2 {
app.Exec[0] = "/bin" + app.Exec[0]
}
}
// 5.2 "user"
app.User = fmt.Sprintf("%d", spec.Process.User.UID)
// 5.3 "group"
app.Group = fmt.Sprintf("%d", spec.Process.User.GID)
for index := range spec.Process.User.AdditionalGids {
app.SupplementaryGIDs = append(app.SupplementaryGIDs, int(spec.Process.User.AdditionalGids[index]))
}
// 5.4 "eventHandlers"
event := new(types.EventHandler)
event.Name = "pre-start"
for index := range runSpec.Hooks.Prestart {
event.Exec = append(event.Exec, runSpec.Hooks.Prestart[index].Path)
event.Exec = append(event.Exec, runSpec.Hooks.Prestart[index].Args...)
event.Exec = append(event.Exec, runSpec.Hooks.Prestart[index].Env...)
}
//.........这里部分代码省略.........
示例5: patchManifest
func patchManifest(im *schema.ImageManifest) error {
if patchName != "" {
name, err := types.NewACIdentifier(patchName)
if err != nil {
return err
}
im.Name = *name
}
var app *types.App = im.App
if patchExec != "" {
if app == nil {
// if the original manifest was missing an app and
// patchExec is set let's assume the user is trying to
// inject one...
im.App = &types.App{}
app = im.App
}
app.Exec = strings.Split(patchExec, " ")
}
if patchUser != "" ||
patchGroup != "" ||
patchSupplementaryGIDs != "" ||
patchCaps != "" ||
patchRevokeCaps != "" ||
patchMounts != "" ||
patchPorts != "" ||
patchIsolators != "" {
// ...but if we still don't have an app and the user is trying
// to patch one of its other parameters, it's an error
if app == nil {
return fmt.Errorf("no app in the supplied manifest and no exec command provided")
}
}
if patchUser != "" {
app.User = patchUser
}
if patchGroup != "" {
app.Group = patchGroup
}
if patchSupplementaryGIDs != "" {
app.SupplementaryGIDs = []int{}
gids := strings.Split(patchSupplementaryGIDs, ",")
for _, g := range gids {
gid, err := strconv.Atoi(g)
if err != nil {
return fmt.Errorf("invalid supplementary group %q: %v", g, err)
}
app.SupplementaryGIDs = append(app.SupplementaryGIDs, gid)
}
}
if patchCaps != "" {
isolator := app.Isolators.GetByName(types.LinuxCapabilitiesRetainSetName)
if isolator != nil {
return fmt.Errorf("isolator already exists (os/linux/capabilities-retain-set)")
}
// Instantiate a Isolator with the content specified by the --capability
// parameter.
caps, err := types.NewLinuxCapabilitiesRetainSet(strings.Split(patchCaps, ",")...)
if err != nil {
return fmt.Errorf("cannot parse capability %q: %v", patchCaps, err)
}
isolator, err = caps.AsIsolator()
if err != nil {
return err
}
app.Isolators = append(app.Isolators, *isolator)
}
if patchRevokeCaps != "" {
isolator := app.Isolators.GetByName(types.LinuxCapabilitiesRevokeSetName)
if isolator != nil {
return fmt.Errorf("isolator already exists (os/linux/capabilities-remove-set)")
}
// Instantiate a Isolator with the content specified by the --revoke-capability
// parameter.
caps, err := types.NewLinuxCapabilitiesRevokeSet(strings.Split(patchRevokeCaps, ",")...)
if err != nil {
return fmt.Errorf("cannot parse capability %q: %v", patchRevokeCaps, err)
}
isolator, err = caps.AsIsolator()
if err != nil {
return err
}
app.Isolators = append(app.Isolators, *isolator)
}
if patchMounts != "" {
mounts := strings.Split(patchMounts, ":")
for _, m := range mounts {
mountPoint, err := types.MountPointFromString(m)
if err != nil {
return fmt.Errorf("cannot parse mount point %q: %v", m, err)
//.........这里部分代码省略.........