createProcessArgs creates args that can be used with kernel.CreateProcess.
(id string, spec *specs.Spec, conf *config.Config, creds *auth.Credentials, k *kernel.Kernel, pidns *kernel.PIDNamespace)
| 825 | |
| 826 | // createProcessArgs creates args that can be used with kernel.CreateProcess. |
| 827 | func createProcessArgs(id string, spec *specs.Spec, conf *config.Config, creds *auth.Credentials, k *kernel.Kernel, pidns *kernel.PIDNamespace) (kernel.CreateProcessArgs, error) { |
| 828 | // Create initial limits. |
| 829 | ls, err := createLimitSet(spec, specutils.TPUProxyEnabled(spec, conf)) |
| 830 | if err != nil { |
| 831 | return kernel.CreateProcessArgs{}, fmt.Errorf("creating limits: %w", err) |
| 832 | } |
| 833 | env, err := specutils.ResolveEnvs(spec.Process.Env) |
| 834 | if err != nil { |
| 835 | return kernel.CreateProcessArgs{}, fmt.Errorf("resolving env: %w", err) |
| 836 | } |
| 837 | |
| 838 | wd := spec.Process.Cwd |
| 839 | if wd == "" { |
| 840 | wd = "/" |
| 841 | } |
| 842 | |
| 843 | umask := uint(0022) |
| 844 | if spec.Process.User.Umask != nil { |
| 845 | umask = uint(*spec.Process.User.Umask) & 0777 |
| 846 | } |
| 847 | |
| 848 | // Create the process arguments. |
| 849 | procArgs := kernel.CreateProcessArgs{ |
| 850 | Argv: spec.Process.Args, |
| 851 | Envv: env, |
| 852 | WorkingDirectory: wd, |
| 853 | Credentials: creds, |
| 854 | NoNewPrivs: spec.Process.NoNewPrivileges, |
| 855 | Umask: umask, |
| 856 | Limits: ls, |
| 857 | MaxSymlinkTraversals: linux.MaxSymlinkTraversals, |
| 858 | UTSNamespace: k.RootUTSNamespace(), |
| 859 | IPCNamespace: k.RootIPCNamespace(), |
| 860 | ContainerID: id, |
| 861 | PIDNamespace: pidns, |
| 862 | } |
| 863 | |
| 864 | return procArgs, nil |
| 865 | } |
| 866 | |
| 867 | // Destroy cleans up all resources used by the loader. |
| 868 | // |
no test coverage detected
searching dependent graphs…