MCPcopy
hub / github.com/apptainer/apptainer / Exec

Method Exec

internal/pkg/runtime/launch/launcher_linux.go:105–452  ·  view source on GitHub ↗

Exec prepares an EngineConfig defining how a container should be launched, then calls the starter binary to execute it. This includes interactive containers, instances, and joining an existing instance. nolint:maintidx

(ctx context.Context, image string, args []string, instanceName string)

Source from the content-addressed store, hash-verified

103//
104//nolint:maintidx
105func (l *Launcher) Exec(ctx context.Context, image string, args []string, instanceName string) error {
106 var err error
107
108 var fakerootPath string
109 if l.cfg.Fakeroot {
110 if (l.uid == 0) && namespaces.IsUnprivileged() {
111 // Already running root-mapped unprivileged
112 l.cfg.Fakeroot = false
113 // Setting the following line with `false` value
114 // will prevent Apptainer from allocating an additional user namespace.
115 // Here, Apptainer is already running inside a root-mapped namespace,
116 // i.e., similar to running with `unshare -r`, setting the following
117 // line with `true` value will make Apptainer run inside a nested
118 // root-mapped namespace, similar to `unshare -r unshare -r`
119 l.cfg.Namespaces.User = false
120 sylog.Debugf("running root-mapped unprivileged")
121 var err error
122 if l.cfg.IgnoreFakerootCmd {
123 err = errors.New("fakeroot command is ignored because of --ignore-fakeroot-command")
124 } else {
125 fakerootPath, err = fakeroot.FindFake()
126 }
127 if err != nil {
128 sylog.Infof("fakeroot command not found, using only root-mapped namespace")
129 } else {
130 sylog.Infof("Using fakeroot command combined with root-mapped namespace")
131 }
132 } else if (l.uid != 0) && (!fakeroot.IsUIDMapped(l.uid) || l.cfg.IgnoreSubuid) {
133 sylog.Infof("User not listed in %v, trying root-mapped namespace", fakeroot.SubUIDFile)
134 l.cfg.Fakeroot = false
135 var err error
136 if l.cfg.IgnoreUserns {
137 err = errors.New("could not start root-mapped namespace because --ignore-userns is set")
138 } else {
139 err = fakeroot.UnshareRootMapped(os.Args, false)
140 }
141 if err == nil {
142 // All good
143 os.Exit(0)
144 }
145 sylog.Debugf("UnshareRootMapped failed: %v", err)
146 if l.cfg.IgnoreFakerootCmd {
147 err = errors.New("fakeroot command is ignored because of --ignore-fakeroot-command")
148 } else {
149 fakerootPath, err = fakeroot.FindFake()
150 }
151 if err != nil {
152 sylog.Fatalf("--fakeroot requires either being in %v, unprivileged user namespaces, or the fakeroot command", fakeroot.SubUIDFile)
153 }
154 notSandbox := false
155 if strings.Contains(image, "://") {
156 notSandbox = true
157 } else {
158 info, err := os.Stat(image)
159 if err == nil && !info.Mode().IsDir() {
160 notSandbox = true
161 }
162 }

Callers 5

launchContainerFunction · 0.95
StartProcessMethod · 0.80
StartProcessMethod · 0.80
execProcessMethod · 0.80
ExecFunction · 0.80

Calls 15

setUmaskMethod · 0.95
useSuidMethod · 0.95
setTargetIDsMethod · 0.95
setImageOrInstanceMethod · 0.95
checkEncryptionKeyMethod · 0.95
setBindsMethod · 0.95
setFuseMountsMethod · 0.95
setHomeMethod · 0.95
setNoMountFlagsMethod · 0.95
SetGPUConfigMethod · 0.95
SetCheckpointConfigMethod · 0.95
setCgroupsMethod · 0.95

Tested by

no test coverage detected