MCPcopy
hub / github.com/opencontainers/runc / newProcess

Function newProcess

utils_linux.go:49–96  ·  view source on GitHub ↗

newProcess converts [specs.Process] to [libcontainer.Process].

(p *specs.Process)

Source from the content-addressed store, hash-verified

47
48// newProcess converts [specs.Process] to [libcontainer.Process].
49func newProcess(p *specs.Process) (*libcontainer.Process, error) {
50 lp := &libcontainer.Process{
51 Args: p.Args,
52 Env: p.Env,
53 UID: int(p.User.UID),
54 GID: int(p.User.GID),
55 Cwd: p.Cwd,
56 Label: p.SelinuxLabel,
57 NoNewPrivileges: &p.NoNewPrivileges,
58 AppArmorProfile: p.ApparmorProfile,
59 Scheduler: p.Scheduler,
60 IOPriority: p.IOPriority,
61 }
62
63 if p.ConsoleSize != nil {
64 lp.ConsoleWidth = uint16(p.ConsoleSize.Width)
65 lp.ConsoleHeight = uint16(p.ConsoleSize.Height)
66 }
67
68 if p.Capabilities != nil {
69 lp.Capabilities = &configs.Capabilities{}
70 lp.Capabilities.Bounding = p.Capabilities.Bounding
71 lp.Capabilities.Effective = p.Capabilities.Effective
72 lp.Capabilities.Inheritable = p.Capabilities.Inheritable
73 lp.Capabilities.Permitted = p.Capabilities.Permitted
74 lp.Capabilities.Ambient = p.Capabilities.Ambient
75 }
76 if l := len(p.User.AdditionalGids); l > 0 {
77 lp.AdditionalGroups = make([]int, l)
78 for i, g := range p.User.AdditionalGids {
79 lp.AdditionalGroups[i] = int(g)
80 }
81 }
82 for _, rlimit := range p.Rlimits {
83 rl, err := createLibContainerRlimit(rlimit)
84 if err != nil {
85 return nil, err
86 }
87 lp.Rlimits = append(lp.Rlimits, rl)
88 }
89 aff, err := configs.ConvertCPUAffinity(p.ExecCPUAffinity)
90 if err != nil {
91 return nil, err
92 }
93 lp.CPUAffinity = aff
94
95 return lp, nil
96}
97
98// setupIO modifies the given process config according to the options.
99func setupIO(process *libcontainer.Process, container *libcontainer.Container, createTTY, detach bool, sockpath string) (_ *tty, Err error) {

Callers 1

runMethod · 0.85

Calls 2

ConvertCPUAffinityFunction · 0.92
createLibContainerRlimitFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…