MCPcopy
hub / github.com/google/gvisor / run

Method run

runsc/boot/loader.go:1064–1173  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

1062}
1063
1064func (l *Loader) run() error {
1065 if l.root.conf.Network == config.NetworkHost {
1066 // Delay host network configuration to this point because network namespace
1067 // is configured after the loader is created and before Run() is called.
1068 log.Debugf("Configuring host network")
1069 s := l.k.RootNetworkNamespace().Stack().(*hostinet.Stack)
1070 if err := s.Configure(l.root.conf.EnableRaw); err != nil {
1071 return err
1072 }
1073 }
1074
1075 l.mu.Lock()
1076 defer l.mu.Unlock()
1077
1078 eid := execID{cid: l.sandboxID}
1079 ep, ok := l.processes[eid]
1080 if !ok {
1081 return fmt.Errorf("trying to start deleted container %q", l.sandboxID)
1082 }
1083
1084 switch l.state {
1085 case created:
1086 if l.root.conf.ProfileEnable {
1087 pprof.Initialize()
1088 }
1089
1090 // Finally done with all configuration. Setup filters before user code
1091 // is loaded.
1092 if err := l.installSeccompFilters(); err != nil {
1093 return err
1094 }
1095
1096 // Create the root container init task. It will begin running
1097 // when the kernel is started.
1098 var (
1099 tg *kernel.ThreadGroup
1100 err error
1101 )
1102 tg, ep.tty, err = l.createContainerProcess(&l.root)
1103 if err != nil {
1104 return err
1105 }
1106
1107 if seccheck.Global.Enabled(seccheck.PointContainerStart) {
1108 evt := pb.Start{
1109 Id: l.sandboxID,
1110 Cwd: l.root.spec.Process.Cwd,
1111 Args: l.root.spec.Process.Args,
1112 Terminal: l.root.spec.Process.Terminal,
1113 }
1114 fields := seccheck.Global.GetFieldSet(seccheck.PointContainerStart)
1115 if fields.Local.Contains(seccheck.FieldContainerStartEnv) {
1116 evt.Env = l.root.spec.Process.Env
1117 }
1118 if !fields.Context.Empty() {
1119 evt.ContextData = &pb.ContextData{}
1120 kernel.LoadSeccheckData(tg.Leader(), fields.Context, evt.ContextData)
1121 }

Callers 1

RunMethod · 0.95

Calls 15

installSeccompFiltersMethod · 0.95
signalMethod · 0.95
DebugfFunction · 0.92
InitializeFunction · 0.92
LoadSeccheckDataFunction · 0.92
BackgroundFunction · 0.92
GetNSFunction · 0.92
StartSignalForwardingFunction · 0.92
SignalTypeAlias · 0.92
InfofFunction · 0.92
WarningfFunction · 0.92

Tested by

no test coverage detected