Permalink
Browse files

Allow containers to use host's mount namespace by adding new CLI opti…

…on --hostns=true
  • Loading branch information...
rootfs committed Jun 1, 2015
1 parent 8eac7d0 commit 0ca94ce299faa7126668d24d5a5eadcbcc0d9a2b
@@ -41,6 +41,7 @@ type Config struct {
Labels []string
Ulimits map[string]*ulimit.Ulimit
LogConfig runconfig.LogConfig
HostMountNS bool
}

// InstallFlags adds command-line options to the top-level flag parser for
@@ -81,6 +82,7 @@ func (config *Config) InstallFlags() {
flag.StringVar(&config.LogConfig.Type, []string{"-log-driver"}, "json-file", "Default driver for container logs")
flag.BoolVar(&config.Bridge.EnableUserlandProxy, []string{"-userland-proxy"}, true, "Use userland proxy for loopback traffic")
opts.LogOptsVar(config.LogConfig.Config, []string{"-log-opt"}, "Set log driver options")
flag.BoolVar(&config.HostMountNS, []string{"#hostns", "-hostns"}, false, "Optionally use host mount namespace")

This comment has been minimized.

@timothysc

timothysc Jun 11, 2015

Does this apply to the whole daemon? *containers?

This comment has been minimized.

@rootfs

rootfs Jun 12, 2015

Owner

it is for a container

}

func getDefaultNetworkMtu() int {
@@ -407,6 +407,7 @@ func populateCommand(c *Container, env []string) error {
ID: c.ID,
Rootfs: c.RootfsPath(),
ReadonlyRootfs: c.hostConfig.ReadonlyRootfs,
HostMountNS: c.Config.HostMountNS,
InitPath: "/.dockerinit",
WorkingDir: c.Config.WorkingDir,
Network: en,
@@ -148,6 +148,7 @@ type ProcessConfig struct {
type Command struct {
ID string `json:"id"`
Rootfs string `json:"rootfs"` // root fs of the container
HostMountNS bool `json:"hostns"` // use host mount namespace
ReadonlyRootfs bool `json:"readonly_rootfs"`
InitPath string `json:"initpath"` // dockerinit
WorkingDir string `json:"working_dir"`
@@ -24,6 +24,7 @@ func InitContainer(c *Command) *configs.Config {
container.Devices = c.AutoCreatedDevices
container.Rootfs = c.Rootfs
container.Readonlyfs = c.ReadonlyRootfs
container.HostMountNS = c.HostMountNS

// check to see if we are running in ramdisk to disable pivot root
container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
@@ -128,6 +128,7 @@ type Config struct {
MacAddress string
OnBuild []string
Labels map[string]string
HostMountNS bool
}

type ContainerConfigWrapper struct {
@@ -76,6 +76,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe
flReadonlyRootfs = cmd.Bool([]string{"-read-only"}, false, "Mount the container's root filesystem as read only")
flLoggingDriver = cmd.String([]string{"-log-driver"}, "", "Logging driver for container")
flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
flHostNS = cmd.Bool([]string{"#hostns", "-hostns"}, false, "Optional use host mount namespace")
)

cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to STDIN, STDOUT or STDERR")
@@ -311,6 +312,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe
Entrypoint: entrypoint,
WorkingDir: *flWorkingDir,
Labels: convertKVStringsToMap(labels),
HostMountNS: *flHostNS,
}

hostConfig := &HostConfig{
@@ -103,6 +103,9 @@ type Config struct {
// SystemProperties is a map of properties and their values. It is the equivalent of using
// sysctl -w my.property.name value in Linux.
SystemProperties map[string]string `json:"system_properties"`

// HostMountNS will use host mount namespace
HostMountNS bool `json:"hostns"`
}

// Gets the root uid for the process on host which could be non-zero
@@ -55,10 +55,15 @@ func setupRootfs(config *configs.Config, console *linuxConsole) (err error) {
if err := syscall.Chdir(config.Rootfs); err != nil {
return newSystemError(err)
}
if config.NoPivotRoot {
err = msMoveRoot(config.Rootfs)

if !config.HostMountNS {
if config.NoPivotRoot {
err = msMoveRoot(config.Rootfs)
} else {
err = pivotRoot(config.Rootfs, config.PivotDir)
}
} else {
err = pivotRoot(config.Rootfs, config.PivotDir)
err = changeRoot(config.Rootfs)
}
if err != nil {
return newSystemError(err)
@@ -343,6 +348,9 @@ func prepareRoot(config *configs.Config) error {
if config.Privatefs {
flag = syscall.MS_PRIVATE | syscall.MS_REC
}
if config.HostMountNS {
flag = syscall.MS_SHARED | syscall.MS_REC
}
if err := syscall.Mount("", "/", "", uintptr(flag), ""); err != nil {
return err
}
@@ -403,6 +411,13 @@ func msMoveRoot(rootfs string) error {
return syscall.Chdir("/")
}

func changeRoot(rootfs string) error {
if err := syscall.Chroot(rootfs); err != nil {
return err
}
return syscall.Chdir("/")
}

// createIfNotExists creates a file or a directory only if it does not already exist.
func createIfNotExists(path string, isDir bool) error {
if _, err := os.Stat(path); err != nil {

0 comments on commit 0ca94ce

Please sign in to comment.