当前位置: 首页>>代码示例>>Golang>>正文

Golang utils.CloseExecFrom函数代码示例

本文整理汇总了Golang中github.com/docker/libcontainer/utils.CloseExecFrom函数的典型用法代码示例。如果您正苦于以下问题:Golang CloseExecFrom函数的具体用法?Golang CloseExecFrom怎么用?Golang CloseExecFrom使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了CloseExecFrom函数的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: finalizeNamespace

func finalizeNamespace(args *InitArgs) error {
	if err := utils.CloseExecFrom(3); err != nil {
		return err
	}

	// We use the native drivers default template so that things like caps are consistent
	// across both drivers
	container := template.New()

	if !args.Privileged {
		// drop capabilities in bounding set before changing user
		if err := capabilities.DropBoundingSet(container.Capabilities); err != nil {
			return fmt.Errorf("drop bounding set %s", err)
		}

		// preserve existing capabilities while we change users
		if err := system.SetKeepCaps(); err != nil {
			return fmt.Errorf("set keep caps %s", err)
		}
	}

	if err := namespaces.SetupUser(args.User); err != nil {
		return fmt.Errorf("setup user %s", err)
	}

	if !args.Privileged {
		if err := system.ClearKeepCaps(); err != nil {
			return fmt.Errorf("clear keep caps %s", err)
		}

		var (
			adds  []string
			drops []string
		)

		if args.CapAdd != "" {
			adds = strings.Split(args.CapAdd, ":")
		}
		if args.CapDrop != "" {
			drops = strings.Split(args.CapDrop, ":")
		}

		caps, err := execdriver.TweakCapabilities(container.Capabilities, adds, drops)
		if err != nil {
			return err
		}

		// drop all other capabilities
		if err := capabilities.DropCapabilities(caps); err != nil {
			return fmt.Errorf("drop capabilities %s", err)
		}
	}

	if err := setupWorkingDirectory(args); err != nil {
		return err
	}

	return nil
}
开发者ID:BreezeWu,项目名称:docker,代码行数:59,代码来源:lxc_init_linux.go

示例2: finalizeNamespace

func finalizeNamespace(args *InitArgs) error {
	if err := utils.CloseExecFrom(3); err != nil {
		return err
	}
	if err := setupUser(args.User); err != nil {
		return fmt.Errorf("setup user %s", err)
	}
	if err := setupWorkingDirectory(args); err != nil {
		return err
	}
	return nil
}
开发者ID:colebrumley,项目名称:docker,代码行数:12,代码来源:lxc_init_linux.go

示例3: finalizeNamespace

func finalizeNamespace(args *InitArgs) error {
	if err := utils.CloseExecFrom(3); err != nil {
		return err
	}
	if err := namespaces.SetupUser(&libcontainer.Config{
		User: args.User,
	}); err != nil {
		return fmt.Errorf("setup user %s", err)
	}
	if err := setupWorkingDirectory(args); err != nil {
		return err
	}
	return nil
}
开发者ID:TonyDoen,项目名称:docker,代码行数:14,代码来源:lxc_init_linux.go

示例4: finalizeNamespace

// finalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaked file descriptors
// before executing the command inside the namespace
func finalizeNamespace(config *initConfig) error {
	// Ensure that all unwanted fds we may have accidentally
	// inherited are marked close-on-exec so they stay out of the
	// container
	if err := utils.CloseExecFrom(config.PassedFilesCount + 3); err != nil {
		return err
	}

	capabilities := config.Config.Capabilities
	if config.Capabilities != nil {
		capabilities = config.Capabilities
	}
	w, err := newCapWhitelist(capabilities)
	if err != nil {
		return err
	}
	// drop capabilities in bounding set before changing user
	if err := w.dropBoundingSet(); err != nil {
		return err
	}
	// preserve existing capabilities while we change users
	if err := system.SetKeepCaps(); err != nil {
		return err
	}
	if err := setupUser(config); err != nil {
		return err
	}
	if err := system.ClearKeepCaps(); err != nil {
		return err
	}
	// drop all other capabilities
	if err := w.drop(); err != nil {
		return err
	}
	if config.Cwd != "" {
		if err := syscall.Chdir(config.Cwd); err != nil {
			return err
		}
	}
	return nil
}
开发者ID:schen59,项目名称:origin,代码行数:44,代码来源:init_linux.go

示例5: FinalizeNamespace

// FinalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaky file descriptors
// before execing the command inside the namespace
func FinalizeNamespace(container *libcontainer.Config) error {
	// Ensure that all non-standard fds we may have accidentally
	// inherited are marked close-on-exec so they stay out of the
	// container
	if err := utils.CloseExecFrom(3); err != nil {
		return fmt.Errorf("close open file descriptors %s", err)
	}

	// drop capabilities in bounding set before changing user
	if err := capabilities.DropBoundingSet(container.Capabilities); err != nil {
		return fmt.Errorf("drop bounding set %s", err)
	}

	// preserve existing capabilities while we change users
	if err := system.SetKeepCaps(); err != nil {
		return fmt.Errorf("set keep caps %s", err)
	}

	if err := SetupUser(container.User); err != nil {
		return fmt.Errorf("setup user %s", err)
	}

	if err := system.ClearKeepCaps(); err != nil {
		return fmt.Errorf("clear keep caps %s", err)
	}

	// drop all other capabilities
	if err := capabilities.DropCapabilities(container.Capabilities); err != nil {
		return fmt.Errorf("drop capabilities %s", err)
	}

	if container.WorkingDir != "" {
		if err := system.Chdir(container.WorkingDir); err != nil {
			return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
		}
	}

	return nil
}
开发者ID:hwpaas,项目名称:docker,代码行数:42,代码来源:init.go


注:本文中的github.com/docker/libcontainer/utils.CloseExecFrom函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。