MCPcopy
hub / github.com/opencontainers/runc / bootstrapData

Method bootstrapData

libcontainer/container_linux.go:1043–1159  ·  view source on GitHub ↗

bootstrapData encodes the necessary data in netlink binary format as a io.Reader. Consumer can write the data to a bootstrap program such as one that uses nsenter package to bootstrap the container's init process correctly, i.e. with correct namespaces, uid/gid mapping etc.

(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string)

Source from the content-addressed store, hash-verified

1041// init process correctly, i.e. with correct namespaces, uid/gid
1042// mapping etc.
1043func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string) (_ io.Reader, Err error) {
1044 // create the netlink message
1045 r := nl.NewNetlinkRequest(int(InitMsg), 0)
1046
1047 // Our custom messages cannot bubble up an error using returns, instead
1048 // they will panic with the specific error type, netlinkError. In that
1049 // case, recover from the panic and return that as an error.
1050 defer func() {
1051 if r := recover(); r != nil {
1052 if e, ok := r.(netlinkError); ok {
1053 Err = e.error
1054 } else {
1055 panic(r)
1056 }
1057 }
1058 }()
1059
1060 // write cloneFlags
1061 r.AddData(&Int32msg{
1062 Type: CloneFlagsAttr,
1063 Value: uint32(cloneFlags),
1064 })
1065
1066 // write custom namespace paths
1067 if len(nsMaps) > 0 {
1068 nsPaths, err := c.orderNamespacePaths(nsMaps)
1069 if err != nil {
1070 return nil, err
1071 }
1072 r.AddData(&Bytemsg{
1073 Type: NsPathsAttr,
1074 Value: []byte(strings.Join(nsPaths, ",")),
1075 })
1076 }
1077
1078 // write namespace paths only when we are not joining an existing user ns
1079 _, joinExistingUser := nsMaps[configs.NEWUSER]
1080 if !joinExistingUser {
1081 // write uid mappings
1082 if len(c.config.UIDMappings) > 0 {
1083 if c.config.RootlessEUID {
1084 // We resolve the paths for new{u,g}idmap from
1085 // the context of runc to avoid doing a path
1086 // lookup in the nsexec context.
1087 if path, err := exec.LookPath("newuidmap"); err == nil {
1088 r.AddData(&Bytemsg{
1089 Type: UidmapPathAttr,
1090 Value: []byte(path),
1091 })
1092 }
1093 }
1094 b, err := encodeIDMapping(c.config.UIDMappings)
1095 if err != nil {
1096 return nil, err
1097 }
1098 r.AddData(&Bytemsg{
1099 Type: UidmapAttr,
1100 Value: b,

Callers 2

newInitProcessMethod · 0.95
newSetnsProcessMethod · 0.95

Calls 4

orderNamespacePathsMethod · 0.95
encodeIDMappingFunction · 0.85
SerializeMethod · 0.45

Tested by

no test coverage detected