本文整理匯總了Golang中github.com/docker/docker/daemon/execdriver.GetAllCapabilities函數的典型用法代碼示例。如果您正苦於以下問題:Golang GetAllCapabilities函數的具體用法?Golang GetAllCapabilities怎麽用?Golang GetAllCapabilities使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了GetAllCapabilities函數的8個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: Exec
// Exec implements the exec driver Driver interface,
// it calls libcontainer APIs to execute a container.
func (d *Driver) Exec(c *execdriver.Command, processConfig *execdriver.ProcessConfig, pipes *execdriver.Pipes, hooks execdriver.Hooks) (int, error) {
active := d.activeContainers[c.ID]
if active == nil {
return -1, fmt.Errorf("No active container exists with ID %s", c.ID)
}
p := &libcontainer.Process{
Args: append([]string{processConfig.Entrypoint}, processConfig.Arguments...),
Env: c.ProcessConfig.Env,
Cwd: c.WorkingDir,
User: processConfig.User,
}
if processConfig.Privileged {
p.Capabilities = execdriver.GetAllCapabilities()
}
// add CAP_ prefix to all caps for new libcontainer update to match
// the spec format.
for i, s := range p.Capabilities {
if !strings.HasPrefix(s, "CAP_") {
p.Capabilities[i] = fmt.Sprintf("CAP_%s", s)
}
}
config := active.Config()
if err := setupPipes(&config, processConfig, p, pipes); err != nil {
return -1, err
}
if err := active.Start(p); err != nil {
return -1, err
}
if hooks.Start != nil {
pid, err := p.Pid()
if err != nil {
p.Signal(os.Kill)
p.Wait()
return -1, err
}
// A closed channel for OOM is returned here as it will be
// non-blocking and return the correct result when read.
chOOM := make(chan struct{})
close(chOOM)
hooks.Start(&c.ProcessConfig, pid, chOOM)
}
ps, err := p.Wait()
if err != nil {
exitErr, ok := err.(*exec.ExitError)
if !ok {
return -1, err
}
ps = exitErr.ProcessState
}
return utils.ExitStatus(ps.Sys().(syscall.WaitStatus)), nil
}
示例2: dropList
func dropList(drops []string) ([]string, error) {
if stringutils.InSlice(drops, "all") {
var newCaps []string
for _, capName := range execdriver.GetAllCapabilities() {
cap := execdriver.GetCapability(capName)
logrus.Debugf("drop cap %s\n", cap.Key)
numCap := fmt.Sprintf("%d", cap.Value)
newCaps = append(newCaps, numCap)
}
return newCaps, nil
}
return []string{}, nil
}
示例3: setPrivileged
func (d *Driver) setPrivileged(container *configs.Config) (err error) {
container.Capabilities = execdriver.GetAllCapabilities()
container.Cgroups.AllowAllDevices = true
hostDevices, err := devices.HostDevices()
if err != nil {
return err
}
container.Devices = hostDevices
if apparmor.IsEnabled() {
container.AppArmorProfile = "unconfined"
}
return nil
}
示例4: Exec
func (d *driver) Exec(c *execdriver.Command, processConfig *execdriver.ProcessConfig, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) {
active := d.activeContainers[c.ID]
if active == nil {
return -1, fmt.Errorf("No active container exists with ID %s", c.ID)
}
p := &libcontainer.Process{
Args: append([]string{processConfig.Entrypoint}, processConfig.Arguments...),
Env: c.ProcessConfig.Env,
Cwd: c.WorkingDir,
User: processConfig.User,
}
if processConfig.Privileged {
p.Capabilities = execdriver.GetAllCapabilities()
}
config := active.Config()
if err := setupPipes(&config, processConfig, p, pipes); err != nil {
return -1, err
}
if err := active.Start(p); err != nil {
return -1, err
}
if startCallback != nil {
pid, err := p.Pid()
if err != nil {
p.Signal(os.Kill)
p.Wait()
return -1, err
}
startCallback(&c.ProcessConfig, pid)
}
ps, err := p.Wait()
if err != nil {
exitErr, ok := err.(*exec.ExitError)
if !ok {
return -1, err
}
ps = exitErr.ProcessState
}
return utils.ExitStatus(ps.Sys().(syscall.WaitStatus)), nil
}
示例5: Config
// Config takes ContainerJSON and Daemon Info and converts it into the opencontainers spec.
func Config(c types.ContainerJSON, info types.Info, capabilities []string) (config *specs.LinuxSpec, err error) {
config = &specs.LinuxSpec{
Spec: specs.Spec{
Version: SpecVersion,
Platform: specs.Platform{
OS: info.OSType,
Arch: info.Architecture,
},
Process: specs.Process{
Terminal: c.Config.Tty,
User: specs.User{
// TODO: user stuffs
},
Args: append([]string{c.Path}, c.Args...),
Env: c.Config.Env,
Cwd: c.Config.WorkingDir,
},
Root: specs.Root{
Path: "rootfs",
Readonly: c.HostConfig.ReadonlyRootfs,
},
Mounts: []specs.MountPoint{},
},
}
// make sure the current working directory is not blank
if config.Process.Cwd == "" {
config.Process.Cwd = DefaultCurrentWorkingDirectory
}
// get the user
if c.Config.User != "" {
u, err := user.LookupUser(c.Config.User)
if err != nil {
config.Spec.Process.User = specs.User{
UID: uint32(u.Uid),
GID: uint32(u.Gid),
}
} else {
//return nil, fmt.Errorf("Looking up user (%s) failed: %v", c.Config.User, err)
logrus.Warnf("Looking up user (%s) failed: %v", c.Config.User, err)
}
}
// add the additional groups
for _, group := range c.HostConfig.GroupAdd {
g, err := user.LookupGroup(group)
if err != nil {
return nil, fmt.Errorf("Looking up group (%s) failed: %v", group, err)
}
config.Spec.Process.User.AdditionalGids = append(config.Spec.Process.User.AdditionalGids, uint32(g.Gid))
}
// get the hostname, if the hostname is the name as the first 12 characters of the id,
// then set the hostname as the container name
if c.ID[:12] == c.Config.Hostname {
config.Hostname = strings.TrimPrefix(c.Name, "/")
}
// get mounts
mounts := map[string]bool{}
for _, mount := range c.Mounts {
mounts[mount.Destination] = true
config.Mounts = append(config.Mounts, specs.MountPoint{
Name: mount.Destination,
Path: mount.Destination,
})
}
// add /etc/hosts and /etc/resolv.conf if we should have networking
if c.HostConfig.NetworkMode != "none" && c.HostConfig.NetworkMode != "host" {
DefaultMounts = append(DefaultMounts, NetworkMounts...)
}
// if we aren't doing something crazy like mounting a default mount ourselves,
// the we can mount it the default way
for _, mount := range DefaultMounts {
if _, ok := mounts[mount.Path]; !ok {
config.Mounts = append(config.Mounts, mount)
}
}
// set privileged
if c.HostConfig.Privileged {
// allow all caps
capabilities = execdriver.GetAllCapabilities()
}
// get the capabilities
config.Linux.Capabilities, err = execdriver.TweakCapabilities(capabilities, c.HostConfig.CapAdd.Slice(), c.HostConfig.CapDrop.Slice())
if err != nil {
return nil, fmt.Errorf("setting capabilities failed: %v", err)
}
// add CAP_ prefix
// TODO: this is awful
for i, cap := range config.Linux.Capabilities {
if !strings.HasPrefix(cap, "CAP_") {
config.Linux.Capabilities[i] = fmt.Sprintf("CAP_%s", cap)
}
//.........這裏部分代碼省略.........
示例6: Exec
func (d *driver) Exec(c *execdriver.Command, processConfig *execdriver.ProcessConfig, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) {
active := d.activeContainers[c.ID]
if active == nil {
return -1, fmt.Errorf("No active container exists with ID %s", c.ID)
}
var term execdriver.Terminal
var err error
p := &libcontainer.Process{
Args: append([]string{processConfig.Entrypoint}, processConfig.Arguments...),
Env: c.ProcessConfig.Env,
Cwd: c.WorkingDir,
User: processConfig.User,
}
if processConfig.Privileged {
p.Capabilities = execdriver.GetAllCapabilities()
}
if processConfig.Tty {
config := active.Config()
rootuid, err := config.HostUID()
if err != nil {
return -1, err
}
cons, err := p.NewConsole(rootuid)
if err != nil {
return -1, err
}
term, err = NewTtyConsole(cons, pipes, rootuid)
} else {
p.Stdout = pipes.Stdout
p.Stderr = pipes.Stderr
p.Stdin = pipes.Stdin
term = &execdriver.StdConsole{}
}
if err != nil {
return -1, err
}
processConfig.Terminal = term
if err := active.Start(p); err != nil {
return -1, err
}
if startCallback != nil {
pid, err := p.Pid()
if err != nil {
p.Signal(os.Kill)
p.Wait()
return -1, err
}
startCallback(&c.ProcessConfig, pid)
}
ps, err := p.Wait()
if err != nil {
exitErr, ok := err.(*exec.ExitError)
if !ok {
return -1, err
}
ps = exitErr.ProcessState
}
return utils.ExitStatus(ps.Sys().(syscall.WaitStatus)), nil
}
示例7: Exec
// Exec implements the exec driver Driver interface,
// it calls libcontainer APIs to execute a container.
func (d *Driver) Exec(c *execdriver.Command, processConfig *execdriver.ProcessConfig, pipes *execdriver.Pipes, hooks execdriver.Hooks) (int, error) {
active := d.activeContainers[c.ID]
if active == nil {
return -1, fmt.Errorf("No active container exists with ID %s", c.ID)
}
user := processConfig.User
if c.RemappedRoot.UID != 0 && user == "" {
//if user namespaces are enabled, set user explicitly so uid/gid is set to 0
//otherwise we end up with the overflow id and no permissions (65534)
user = "0"
}
p := &libcontainer.Process{
Args: append([]string{processConfig.Entrypoint}, processConfig.Arguments...),
Env: c.ProcessConfig.Env,
Cwd: c.WorkingDir,
User: user,
}
if processConfig.Privileged {
p.Capabilities = execdriver.GetAllCapabilities()
}
// add CAP_ prefix to all caps for new libcontainer update to match
// the spec format.
for i, s := range p.Capabilities {
if !strings.HasPrefix(s, "CAP_") {
p.Capabilities[i] = fmt.Sprintf("CAP_%s", s)
}
}
config := active.Config()
wg := sync.WaitGroup{}
writers, err := setupPipes(&config, processConfig, p, pipes, &wg)
if err != nil {
return -1, err
}
if err := active.Start(p); err != nil {
return -1, err
}
//close the write end of any opened pipes now that they are dup'ed into the container
for _, writer := range writers {
writer.Close()
}
if hooks.Start != nil {
pid, err := p.Pid()
if err != nil {
p.Signal(os.Kill)
p.Wait()
return -1, err
}
// A closed channel for OOM is returned here as it will be
// non-blocking and return the correct result when read.
chOOM := make(chan struct{})
close(chOOM)
hooks.Start(&c.ProcessConfig, pid, chOOM)
}
ps, err := p.Wait()
if err != nil {
exitErr, ok := err.(*exec.ExitError)
if !ok {
return -1, err
}
ps = exitErr.ProcessState
}
// wait for all IO goroutine copiers to finish
wg.Wait()
return utils.ExitStatus(ps.Sys().(syscall.WaitStatus)), nil
}
示例8: Config
//.........這裏部分代碼省略.........
}
// get the user
if c.Config.User != "" {
u, err := user.LookupUser(c.Config.User)
if err != nil {
config.Process.User = specs.User{
UID: uint32(u.Uid),
GID: uint32(u.Gid),
}
} else {
//return nil, fmt.Errorf("Looking up user (%s) failed: %v", c.Config.User, err)
logrus.Warnf("Looking up user (%s) failed: %v", c.Config.User, err)
}
}
// add the additional groups
for _, group := range c.HostConfig.GroupAdd {
g, err := user.LookupGroup(group)
if err != nil {
return nil, fmt.Errorf("Looking up group (%s) failed: %v", group, err)
}
config.Process.User.AdditionalGids = append(config.Process.User.AdditionalGids, uint32(g.Gid))
}
// get the hostname, if the hostname is the name as the first 12 characters of the id,
// then set the hostname as the container name
if c.ID[:12] == c.Config.Hostname {
config.Hostname = strings.TrimPrefix(c.Name, "/")
}
// set privileged
if c.HostConfig.Privileged {
// allow all caps
capabilities = execdriver.GetAllCapabilities()
}
// get the capabilities
config.Process.Capabilities, err = execdriver.TweakCapabilities(capabilities, c.HostConfig.CapAdd, c.HostConfig.CapDrop)
if err != nil {
return nil, fmt.Errorf("setting capabilities failed: %v", err)
}
// add CAP_ prefix
// TODO: this is awful
for i, cap := range config.Process.Capabilities {
if !strings.HasPrefix(cap, "CAP_") {
config.Process.Capabilities[i] = fmt.Sprintf("CAP_%s", cap)
}
}
// if we have a container that needs a terminal but no env vars, then set
// default env vars for the terminal to function
if config.Process.Terminal && len(config.Process.Env) <= 0 {
config.Process.Env = DefaultTerminalEnv
}
if config.Process.Terminal {
// make sure we have TERM set
var termSet bool
for _, env := range config.Process.Env {
if strings.HasPrefix(env, "TERM=") {
termSet = true
break
}
}
if !termSet {
// set the term variable