bootstrapData encodes the necessary data in netlink binary format as a io.Reader. Consumer can write the data to a bootstrap program such as one that uses nsenter package to bootstrap the container's init process correctly, i.e. with correct namespaces, uid/gid mapping etc.
(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string)
| 1041 | // init process correctly, i.e. with correct namespaces, uid/gid |
| 1042 | // mapping etc. |
| 1043 | func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string) (_ io.Reader, Err error) { |
| 1044 | // create the netlink message |
| 1045 | r := nl.NewNetlinkRequest(int(InitMsg), 0) |
| 1046 | |
| 1047 | // Our custom messages cannot bubble up an error using returns, instead |
| 1048 | // they will panic with the specific error type, netlinkError. In that |
| 1049 | // case, recover from the panic and return that as an error. |
| 1050 | defer func() { |
| 1051 | if r := recover(); r != nil { |
| 1052 | if e, ok := r.(netlinkError); ok { |
| 1053 | Err = e.error |
| 1054 | } else { |
| 1055 | panic(r) |
| 1056 | } |
| 1057 | } |
| 1058 | }() |
| 1059 | |
| 1060 | // write cloneFlags |
| 1061 | r.AddData(&Int32msg{ |
| 1062 | Type: CloneFlagsAttr, |
| 1063 | Value: uint32(cloneFlags), |
| 1064 | }) |
| 1065 | |
| 1066 | // write custom namespace paths |
| 1067 | if len(nsMaps) > 0 { |
| 1068 | nsPaths, err := c.orderNamespacePaths(nsMaps) |
| 1069 | if err != nil { |
| 1070 | return nil, err |
| 1071 | } |
| 1072 | r.AddData(&Bytemsg{ |
| 1073 | Type: NsPathsAttr, |
| 1074 | Value: []byte(strings.Join(nsPaths, ",")), |
| 1075 | }) |
| 1076 | } |
| 1077 | |
| 1078 | // write namespace paths only when we are not joining an existing user ns |
| 1079 | _, joinExistingUser := nsMaps[configs.NEWUSER] |
| 1080 | if !joinExistingUser { |
| 1081 | // write uid mappings |
| 1082 | if len(c.config.UIDMappings) > 0 { |
| 1083 | if c.config.RootlessEUID { |
| 1084 | // We resolve the paths for new{u,g}idmap from |
| 1085 | // the context of runc to avoid doing a path |
| 1086 | // lookup in the nsexec context. |
| 1087 | if path, err := exec.LookPath("newuidmap"); err == nil { |
| 1088 | r.AddData(&Bytemsg{ |
| 1089 | Type: UidmapPathAttr, |
| 1090 | Value: []byte(path), |
| 1091 | }) |
| 1092 | } |
| 1093 | } |
| 1094 | b, err := encodeIDMapping(c.config.UIDMappings) |
| 1095 | if err != nil { |
| 1096 | return nil, err |
| 1097 | } |
| 1098 | r.AddData(&Bytemsg{ |
| 1099 | Type: UidmapAttr, |
| 1100 | Value: b, |
no test coverage detected