prepareProcess sets up anything that needs to be done after the container process is created, but before it runs for example networking
(pid int, runtime Runtime)
| 243 | // prepareProcess sets up anything that needs to be done after the container process is created, but before it runs |
| 244 | // for example networking |
| 245 | func prepareProcess(pid int, runtime Runtime) error { |
| 246 | for _, iface := range runtime.Interfaces { |
| 247 | if iface.Name == "" { |
| 248 | return fmt.Errorf("Interface requires a name") |
| 249 | } |
| 250 | |
| 251 | var link netlink.Link |
| 252 | var ns interface{} = netlink.NsPid(pid) |
| 253 | var move bool |
| 254 | var err error |
| 255 | |
| 256 | if iface.Peer != "" && iface.Add == "" { |
| 257 | // must be a veth if specify peer |
| 258 | iface.Add = "veth" |
| 259 | } |
| 260 | |
| 261 | // if create in root is set, create in root namespace first, then move |
| 262 | // also do the same for a veth pair |
| 263 | if iface.CreateInRoot || iface.Add == "veth" { |
| 264 | ns = nil |
| 265 | move = true |
| 266 | } |
| 267 | |
| 268 | if iface.Add != "" { |
| 269 | switch iface.Add { |
| 270 | case "veth": |
| 271 | if iface.Peer == "" { |
| 272 | return fmt.Errorf("Creating a veth pair %s requires a peer to be set", iface.Name) |
| 273 | } |
| 274 | la := netlink.LinkAttrs{Name: iface.Name, Namespace: ns} |
| 275 | link = &netlink.Veth{LinkAttrs: la, PeerName: iface.Peer} |
| 276 | default: |
| 277 | // no special creation options needed |
| 278 | la := netlink.LinkAttrs{Name: iface.Name, Namespace: ns} |
| 279 | link = &netlink.GenericLink{LinkAttrs: la, LinkType: iface.Add} |
| 280 | } |
| 281 | if err := netlink.LinkAdd(link); err != nil { |
| 282 | return fmt.Errorf("Link add %s of type %s failed: %v", iface.Name, iface.Add, err) |
| 283 | } |
| 284 | fmt.Fprintf(os.Stderr, "Created interface %s type %s\n", iface.Name, iface.Add) |
| 285 | } else { |
| 286 | // find existing interface |
| 287 | link, err = netlink.LinkByName(iface.Name) |
| 288 | if err != nil { |
| 289 | return fmt.Errorf("Cannot find interface %s: %v", iface.Name, err) |
| 290 | } |
| 291 | // then move into namespace |
| 292 | move = true |
| 293 | } |
| 294 | if move { |
| 295 | if err := netlink.LinkSetNsPid(link, pid); err != nil { |
| 296 | return fmt.Errorf("Cannot move interface %s into namespace: %v", iface.Name, err) |
| 297 | } |
| 298 | fmt.Fprintf(os.Stderr, "Moved interface %s to pid %d\n", iface.Name, pid) |
| 299 | } |
| 300 | } |
| 301 | |
| 302 | binds := []struct { |