github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/process.go (about) 1 package libcontainer 2 3 import ( 4 "fmt" 5 "io" 6 "math" 7 "os" 8 9 "github.com/opencontainers/runc/libcontainer/configs" 10 ) 11 12 type processOperations interface { 13 wait() (*os.ProcessState, error) 14 signal(sig os.Signal) error 15 pid() int 16 } 17 18 // Process specifies the configuration and IO for a process inside 19 // a container. 20 type Process struct { 21 // The command to be run followed by any arguments. 22 Args []string 23 24 // Env specifies the environment variables for the process. 25 Env []string 26 27 // User will set the uid and gid of the executing process running inside the container 28 // local to the container's user and group configuration. 29 User string 30 31 // AdditionalGroups specifies the gids that should be added to supplementary groups 32 // in addition to those that the user belongs to. 33 AdditionalGroups []string 34 35 // Cwd will change the processes current working directory inside the container's rootfs. 36 Cwd string 37 38 // Stdin is a pointer to a reader which provides the standard input stream. 39 Stdin io.Reader 40 41 // Stdout is a pointer to a writer which receives the standard output stream. 42 Stdout io.Writer 43 44 // Stderr is a pointer to a writer which receives the standard error stream. 45 Stderr io.Writer 46 47 // ExtraFiles specifies additional open files to be inherited by the container 48 ExtraFiles []*os.File 49 50 // consolePath is the path to the console allocated to the container. 51 consolePath string 52 53 // Capabilities specify the capabilities to keep when executing the process inside the container 54 // All capabilities not specified will be dropped from the processes capability mask 55 Capabilities []string 56 57 // AppArmorProfile specifies the profile to apply to the process and is 58 // changed at the time the process is execed 59 AppArmorProfile string 60 61 // Label specifies the label to apply to the process. It is commonly used by selinux 62 Label string 63 64 // NoNewPrivileges controls whether processes can gain additional privileges. 65 NoNewPrivileges *bool 66 67 // Rlimits specifies the resource limits, such as max open files, to set in the container 68 // If Rlimits are not set, the container will inherit rlimits from the parent process 69 Rlimits []configs.Rlimit 70 71 ops processOperations 72 } 73 74 // Wait waits for the process to exit. 75 // Wait releases any resources associated with the Process 76 func (p Process) Wait() (*os.ProcessState, error) { 77 if p.ops == nil { 78 return nil, newGenericError(fmt.Errorf("invalid process"), NoProcessOps) 79 } 80 return p.ops.wait() 81 } 82 83 // Pid returns the process ID 84 func (p Process) Pid() (int, error) { 85 // math.MinInt32 is returned here, because it's invalid value 86 // for the kill() system call. 87 if p.ops == nil { 88 return math.MinInt32, newGenericError(fmt.Errorf("invalid process"), NoProcessOps) 89 } 90 return p.ops.pid(), nil 91 } 92 93 // Signal sends a signal to the Process. 94 func (p Process) Signal(sig os.Signal) error { 95 if p.ops == nil { 96 return newGenericError(fmt.Errorf("invalid process"), NoProcessOps) 97 } 98 return p.ops.signal(sig) 99 } 100 101 // IO holds the process's STDIO 102 type IO struct { 103 Stdin io.WriteCloser 104 Stdout io.ReadCloser 105 Stderr io.ReadCloser 106 } 107 108 // NewConsole creates new console for process and returns it 109 func (p *Process) NewConsole(rootuid, rootgid int) (Console, error) { 110 console, err := NewConsole(rootuid, rootgid) 111 if err != nil { 112 return nil, err 113 } 114 p.consolePath = console.Path() 115 return console, nil 116 } 117 118 // ConsoleFromPath sets the process's console with the path provided 119 func (p *Process) ConsoleFromPath(path string) error { 120 if p.consolePath != "" { 121 return newGenericError(fmt.Errorf("console path already exists for process"), ConsoleExists) 122 } 123 p.consolePath = path 124 return nil 125 }