MCPcopy
hub / github.com/google/gvisor / createProcessArgs

Function createProcessArgs

runsc/boot/loader.go:827–865  ·  view source on GitHub ↗

createProcessArgs creates args that can be used with kernel.CreateProcess.

(id string, spec *specs.Spec, conf *config.Config, creds *auth.Credentials, k *kernel.Kernel, pidns *kernel.PIDNamespace)

Source from the content-addressed store, hash-verified

825
826// createProcessArgs creates args that can be used with kernel.CreateProcess.
827func createProcessArgs(id string, spec *specs.Spec, conf *config.Config, creds *auth.Credentials, k *kernel.Kernel, pidns *kernel.PIDNamespace) (kernel.CreateProcessArgs, error) {
828 // Create initial limits.
829 ls, err := createLimitSet(spec, specutils.TPUProxyEnabled(spec, conf))
830 if err != nil {
831 return kernel.CreateProcessArgs{}, fmt.Errorf("creating limits: %w", err)
832 }
833 env, err := specutils.ResolveEnvs(spec.Process.Env)
834 if err != nil {
835 return kernel.CreateProcessArgs{}, fmt.Errorf("resolving env: %w", err)
836 }
837
838 wd := spec.Process.Cwd
839 if wd == "" {
840 wd = "/"
841 }
842
843 umask := uint(0022)
844 if spec.Process.User.Umask != nil {
845 umask = uint(*spec.Process.User.Umask) & 0777
846 }
847
848 // Create the process arguments.
849 procArgs := kernel.CreateProcessArgs{
850 Argv: spec.Process.Args,
851 Envv: env,
852 WorkingDirectory: wd,
853 Credentials: creds,
854 NoNewPrivs: spec.Process.NoNewPrivileges,
855 Umask: umask,
856 Limits: ls,
857 MaxSymlinkTraversals: linux.MaxSymlinkTraversals,
858 UTSNamespace: k.RootUTSNamespace(),
859 IPCNamespace: k.RootIPCNamespace(),
860 ContainerID: id,
861 PIDNamespace: pidns,
862 }
863
864 return procArgs, nil
865}
866
867// Destroy cleans up all resources used by the loader.
868//

Callers 2

NewFunction · 0.85
startSubcontainerMethod · 0.85

Calls 6

TPUProxyEnabledFunction · 0.92
ResolveEnvsFunction · 0.92
createLimitSetFunction · 0.85
RootUTSNamespaceMethod · 0.80
RootIPCNamespaceMethod · 0.80
ErrorfMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…