CreateContainer is called from master process to prepare container environment, e.g. perform mount operations, setup network, etc. Additional privileges required for setup may be gained when running in suid flow. However, when a user namespace is requested and it is not a hybrid workflow (e.g. fake
(context.Context, int, net.Conn)
| 62 | // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid |
| 63 | // and thus no additional privileges can be gained. |
| 64 | CreateContainer(context.Context, int, net.Conn) error |
| 65 | // StartProcess is called during stage2 after RPC server finished |
| 66 | // environment preparation. This is the container process itself. |
| 67 | // |
no outgoing calls
no test coverage detected