mirror of
https://github.com/opencontainers/runc.git
synced 2025-11-02 11:54:04 +08:00
339edce03e
This updates the console handling to chown the console on creation to the root user within the container. This also moves the setup mounts from the userns sidecar process into the main init processes by trying to mknod devices, if it fails on an EPERM then bind mount the device from the host into the container for use. This prevents access issues when the sidecar process mknods the device for the usernamespace returning an EPERM when writting to dev/null. This also adds some error handling for init processes and nsinit updates with added flags for testing and other functions. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
29 lines
603 B
Go
29 lines
603 B
Go
package main
|
|
|
|
import (
|
|
"runtime"
|
|
|
|
log "github.com/Sirupsen/logrus"
|
|
"github.com/codegangsta/cli"
|
|
"github.com/docker/libcontainer"
|
|
_ "github.com/docker/libcontainer/nsenter"
|
|
)
|
|
|
|
var initCommand = cli.Command{
|
|
Name: "init",
|
|
Usage: "runs the init process inside the namespace",
|
|
Action: func(context *cli.Context) {
|
|
log.SetLevel(log.DebugLevel)
|
|
runtime.GOMAXPROCS(1)
|
|
runtime.LockOSThread()
|
|
factory, err := libcontainer.New("")
|
|
if err != nil {
|
|
fatal(err)
|
|
}
|
|
if err := factory.StartInitialization(3); err != nil {
|
|
fatal(err)
|
|
}
|
|
panic("This line should never been executed")
|
|
},
|
|
}
|