github.com/docker/containerd@v0.2.9-0.20170509230648-8ef7df579710/api/grpc/server/server_linux.go (about) 1 package server 2 3 import ( 4 "fmt" 5 6 "github.com/containerd/containerd/api/grpc/types" 7 "github.com/containerd/containerd/specs" 8 "github.com/containerd/containerd/supervisor" 9 "github.com/opencontainers/runc/libcontainer/system" 10 ocs "github.com/opencontainers/runtime-spec/specs-go" 11 "golang.org/x/net/context" 12 ) 13 14 var clockTicksPerSecond = uint64(system.GetClockTicks()) 15 16 func (s *apiServer) AddProcess(ctx context.Context, r *types.AddProcessRequest) (*types.AddProcessResponse, error) { 17 process := &specs.ProcessSpec{ 18 Terminal: r.Terminal, 19 Args: r.Args, 20 Env: r.Env, 21 Cwd: r.Cwd, 22 } 23 process.User = ocs.User{ 24 UID: r.User.Uid, 25 GID: r.User.Gid, 26 AdditionalGids: r.User.AdditionalGids, 27 } 28 // for backwards compat in the API set eibp 29 process.Capabilities = &ocs.LinuxCapabilities{ 30 Bounding: r.Capabilities, 31 Effective: r.Capabilities, 32 Inheritable: r.Capabilities, 33 Permitted: r.Capabilities, 34 } 35 process.ApparmorProfile = r.ApparmorProfile 36 process.SelinuxLabel = r.SelinuxLabel 37 process.NoNewPrivileges = r.NoNewPrivileges 38 for _, rl := range r.Rlimits { 39 process.Rlimits = append(process.Rlimits, ocs.LinuxRlimit{ 40 Type: rl.Type, 41 Soft: rl.Soft, 42 Hard: rl.Hard, 43 }) 44 } 45 if r.Id == "" { 46 return nil, fmt.Errorf("container id cannot be empty") 47 } 48 if r.Pid == "" { 49 return nil, fmt.Errorf("process id cannot be empty") 50 } 51 e := &supervisor.AddProcessTask{} 52 e.ID = r.Id 53 e.PID = r.Pid 54 e.ProcessSpec = process 55 e.Stdin = r.Stdin 56 e.Stdout = r.Stdout 57 e.Stderr = r.Stderr 58 e.StartResponse = make(chan supervisor.StartResponse, 1) 59 e.Ctx = ctx 60 s.sv.SendTask(e) 61 if err := <-e.ErrorCh(); err != nil { 62 return nil, err 63 } 64 sr := <-e.StartResponse 65 return &types.AddProcessResponse{SystemPid: uint32(sr.ExecPid)}, nil 66 }