github.com/cloudfoundry-attic/garden-linux@v0.333.2-candidate/containerizer/wshd/main.go (about) 1 package main 2 3 import ( 4 "flag" 5 "fmt" 6 "os" 7 "path" 8 "path/filepath" 9 "runtime" 10 11 "github.com/cloudfoundry-incubator/garden-linux/container_daemon" 12 "github.com/cloudfoundry-incubator/garden-linux/container_daemon/unix_socket" 13 "github.com/cloudfoundry-incubator/garden-linux/containerizer" 14 "github.com/cloudfoundry-incubator/garden-linux/containerizer/system" 15 "github.com/cloudfoundry-incubator/garden-linux/sysinfo" 16 "github.com/cloudfoundry/gunk/command_runner/linux_command_runner" 17 ) 18 19 func init() { 20 runtime.LockOSThread() 21 } 22 23 func main() { 24 libPath := flag.String("lib", "./lib", "Directory containing hooks") 25 rootFsPath := flag.String("root", "", "Directory that will become root in the new mount namespace") 26 runPath := flag.String("run", "./run", "Directory where server socket is placed") 27 userNsFlag := flag.String("userns", "enabled", "If specified, use user namespacing") 28 title := flag.String("title", "", "") 29 flag.Parse() 30 31 if *rootFsPath == "" { 32 missing("--root") 33 } 34 35 binPath, err := filepath.Abs(filepath.Dir(os.Args[0])) 36 if err != nil { 37 fmt.Fprintf(os.Stderr, "wshd: obtain absolute path: %s", err) 38 os.Exit(6) 39 } 40 41 socketPath := path.Join(*runPath, "wshd.sock") 42 43 privileged := false 44 if *userNsFlag == "" || *userNsFlag == "disabled" { 45 privileged = true 46 } 47 48 containerReader, hostWriter, err := os.Pipe() 49 if err != nil { 50 fmt.Fprintf(os.Stderr, "wshd: create pipe: %s", err) 51 os.Exit(5) 52 } 53 54 hostReader, containerWriter, err := os.Pipe() 55 if err != nil { 56 fmt.Fprintf(os.Stderr, "wshd: create pipe: %s", err) 57 os.Exit(4) 58 } 59 60 sync := &containerizer.PipeSynchronizer{ 61 Reader: hostReader, 62 Writer: hostWriter, 63 } 64 65 listener, err := unix_socket.NewListenerFromPath(socketPath) 66 if err != nil { 67 fmt.Fprintf(os.Stderr, "wshd: create listener: %s", err) 68 os.Exit(8) 69 } 70 71 socketFile, err := listener.File() 72 if err != nil { 73 fmt.Fprintf(os.Stderr, "wshd: obtain listener file: %s", err) 74 os.Exit(9) 75 } 76 77 beforeCloneInitializer := &system.Initializer{Steps: []system.StepRunner{ 78 &containerizer.FuncStep{ 79 (&container_daemon.RlimitsManager{}).Init, 80 }, 81 }} 82 83 maxUID := sysinfo.Min(sysinfo.MustGetMaxValidUID(), sysinfo.MustGetMaxValidGID()) 84 cz := containerizer.Containerizer{ 85 BeforeCloneInitializer: beforeCloneInitializer, 86 InitBinPath: path.Join(binPath, "initc"), 87 InitArgs: []string{ 88 "--root", *rootFsPath, 89 "--config", path.Join(*libPath, "../etc/config"), 90 "--title", *title, 91 }, 92 Execer: &system.NamespacingExecer{ 93 CommandRunner: linux_command_runner.New(), 94 ExtraFiles: []*os.File{containerReader, containerWriter, socketFile}, 95 Privileged: privileged, 96 MaxUID: maxUID, 97 }, 98 Signaller: sync, 99 Waiter: sync, 100 // Temporary until we merge the hook scripts functionality in Golang 101 CommandRunner: linux_command_runner.New(), 102 LibPath: *libPath, 103 RootfsPath: *rootFsPath, 104 } 105 106 err = cz.Create() 107 if err != nil { 108 fmt.Fprintf(os.Stderr, "Failed to create container: %s", err) 109 os.Exit(2) 110 } 111 } 112 113 func missing(flagName string) { 114 fmt.Fprintf(os.Stderr, "%s is required\n", flagName) 115 flag.Usage() 116 os.Exit(1) 117 }