github.com/moby/docker@v26.1.3+incompatible/daemon/container_operations_windows.go (about)

     1  package daemon // import "github.com/docker/docker/daemon"
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"os"
     7  
     8  	"github.com/containerd/log"
     9  	"github.com/docker/docker/container"
    10  	"github.com/docker/docker/daemon/config"
    11  	"github.com/docker/docker/libnetwork"
    12  	"github.com/docker/docker/pkg/system"
    13  	"github.com/pkg/errors"
    14  )
    15  
    16  func (daemon *Daemon) setupLinkedContainers(container *container.Container) ([]string, error) {
    17  	return nil, nil
    18  }
    19  
    20  func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
    21  	if len(c.ConfigReferences) == 0 {
    22  		return nil
    23  	}
    24  
    25  	localPath := c.ConfigsDirPath()
    26  	log.G(context.TODO()).Debugf("configs: setting up config dir: %s", localPath)
    27  
    28  	// create local config root
    29  	if err := system.MkdirAllWithACL(localPath, 0, system.SddlAdministratorsLocalSystem); err != nil {
    30  		return errors.Wrap(err, "error creating config dir")
    31  	}
    32  
    33  	defer func() {
    34  		if setupErr != nil {
    35  			if err := os.RemoveAll(localPath); err != nil {
    36  				log.G(context.TODO()).Errorf("error cleaning up config dir: %s", err)
    37  			}
    38  		}
    39  	}()
    40  
    41  	if c.DependencyStore == nil {
    42  		return fmt.Errorf("config store is not initialized")
    43  	}
    44  
    45  	for _, configRef := range c.ConfigReferences {
    46  		// TODO (ehazlett): use type switch when more are supported
    47  		if configRef.File == nil {
    48  			// Runtime configs are not mounted into the container, but they're
    49  			// a valid type of config so we should not error when we encounter
    50  			// one.
    51  			if configRef.Runtime == nil {
    52  				log.G(context.TODO()).Error("config target type is not a file or runtime target")
    53  			}
    54  			// However, in any case, this isn't a file config, so we have no
    55  			// further work to do
    56  			continue
    57  		}
    58  
    59  		fPath, err := c.ConfigFilePath(*configRef)
    60  		if err != nil {
    61  			return errors.Wrap(err, "error getting config file path for container")
    62  		}
    63  		log := log.G(context.TODO()).WithFields(log.Fields{"name": configRef.File.Name, "path": fPath})
    64  
    65  		log.Debug("injecting config")
    66  		config, err := c.DependencyStore.Configs().Get(configRef.ConfigID)
    67  		if err != nil {
    68  			return errors.Wrap(err, "unable to get config from config store")
    69  		}
    70  		if err := os.WriteFile(fPath, config.Spec.Data, configRef.File.Mode); err != nil {
    71  			return errors.Wrap(err, "error injecting config")
    72  		}
    73  	}
    74  
    75  	return nil
    76  }
    77  
    78  func (daemon *Daemon) setupIpcDirs(container *container.Container) error {
    79  	return nil
    80  }
    81  
    82  // TODO Windows: Fix Post-TP5. This is a hack to allow docker cp to work
    83  // against containers which have volumes. You will still be able to cp
    84  // to somewhere on the container drive, but not to any mounted volumes
    85  // inside the container. Without this fix, docker cp is broken to any
    86  // container which has a volume, regardless of where the file is inside the
    87  // container.
    88  func (daemon *Daemon) mountVolumes(container *container.Container) error {
    89  	return nil
    90  }
    91  
    92  func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
    93  	if len(c.SecretReferences) == 0 {
    94  		return nil
    95  	}
    96  
    97  	localMountPath, err := c.SecretMountPath()
    98  	if err != nil {
    99  		return err
   100  	}
   101  	log.G(context.TODO()).Debugf("secrets: setting up secret dir: %s", localMountPath)
   102  
   103  	// create local secret root
   104  	if err := system.MkdirAllWithACL(localMountPath, 0, system.SddlAdministratorsLocalSystem); err != nil {
   105  		return errors.Wrap(err, "error creating secret local directory")
   106  	}
   107  
   108  	defer func() {
   109  		if setupErr != nil {
   110  			if err := os.RemoveAll(localMountPath); err != nil {
   111  				log.G(context.TODO()).Errorf("error cleaning up secret mount: %s", err)
   112  			}
   113  		}
   114  	}()
   115  
   116  	if c.DependencyStore == nil {
   117  		return fmt.Errorf("secret store is not initialized")
   118  	}
   119  
   120  	for _, s := range c.SecretReferences {
   121  		// TODO (ehazlett): use type switch when more are supported
   122  		if s.File == nil {
   123  			log.G(context.TODO()).Error("secret target type is not a file target")
   124  			continue
   125  		}
   126  
   127  		// secrets are created in the SecretMountPath on the host, at a
   128  		// single level
   129  		fPath, err := c.SecretFilePath(*s)
   130  		if err != nil {
   131  			return err
   132  		}
   133  		log.G(context.TODO()).WithFields(log.Fields{
   134  			"name": s.File.Name,
   135  			"path": fPath,
   136  		}).Debug("injecting secret")
   137  		secret, err := c.DependencyStore.Secrets().Get(s.SecretID)
   138  		if err != nil {
   139  			return errors.Wrap(err, "unable to get secret from secret store")
   140  		}
   141  		if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
   142  			return errors.Wrap(err, "error injecting secret")
   143  		}
   144  	}
   145  
   146  	return nil
   147  }
   148  
   149  func killProcessDirectly(container *container.Container) error {
   150  	return nil
   151  }
   152  
   153  func isLinkable(child *container.Container) bool {
   154  	return false
   155  }
   156  
   157  func enableIPOnPredefinedNetwork() bool {
   158  	return true
   159  }
   160  
   161  // serviceDiscoveryOnDefaultNetwork indicates if service discovery is supported on the default network
   162  func serviceDiscoveryOnDefaultNetwork() bool {
   163  	return true
   164  }
   165  
   166  func buildSandboxPlatformOptions(container *container.Container, cfg *config.Config, sboxOptions *[]libnetwork.SandboxOption) error {
   167  	// By default, the Windows internal resolver does not forward requests to
   168  	// external resolvers - but forwarding can be enabled using feature flag
   169  	// "windows-dns-proxy":true.
   170  	if doproxy, exists := cfg.Features["windows-dns-proxy"]; !exists || !doproxy {
   171  		*sboxOptions = append(*sboxOptions, libnetwork.OptionDNSNoProxy())
   172  	}
   173  	return nil
   174  }
   175  
   176  func (daemon *Daemon) initializeNetworkingPaths(container *container.Container, nc *container.Container) error {
   177  	if nc.HostConfig.Isolation.IsHyperV() {
   178  		return fmt.Errorf("sharing of hyperv containers network is not supported")
   179  	}
   180  
   181  	container.NetworkSharedContainerID = nc.ID
   182  
   183  	if nc.NetworkSettings != nil {
   184  		for n := range nc.NetworkSettings.Networks {
   185  			sn, err := daemon.FindNetwork(n)
   186  			if err != nil {
   187  				continue
   188  			}
   189  
   190  			ep, err := getEndpointInNetwork(nc.Name, sn)
   191  			if err != nil {
   192  				continue
   193  			}
   194  
   195  			data, err := ep.DriverInfo()
   196  			if err != nil {
   197  				continue
   198  			}
   199  
   200  			if data["GW_INFO"] != nil {
   201  				gwInfo := data["GW_INFO"].(map[string]interface{})
   202  				if gwInfo["hnsid"] != nil {
   203  					container.SharedEndpointList = append(container.SharedEndpointList, gwInfo["hnsid"].(string))
   204  				}
   205  			}
   206  
   207  			if data["hnsid"] != nil {
   208  				container.SharedEndpointList = append(container.SharedEndpointList, data["hnsid"].(string))
   209  			}
   210  		}
   211  	}
   212  
   213  	return nil
   214  }