本文整理汇总了Golang中github.com/docker/libcontainer/utils.CloseExecFrom函数的典型用法代码示例。如果您正苦于以下问题:Golang CloseExecFrom函数的具体用法?Golang CloseExecFrom怎么用?Golang CloseExecFrom使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CloseExecFrom函数的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: finalizeNamespace
func finalizeNamespace(args *InitArgs) error {
if err := utils.CloseExecFrom(3); err != nil {
return err
}
// We use the native drivers default template so that things like caps are consistent
// across both drivers
container := template.New()
if !args.Privileged {
// drop capabilities in bounding set before changing user
if err := capabilities.DropBoundingSet(container.Capabilities); err != nil {
return fmt.Errorf("drop bounding set %s", err)
}
// preserve existing capabilities while we change users
if err := system.SetKeepCaps(); err != nil {
return fmt.Errorf("set keep caps %s", err)
}
}
if err := namespaces.SetupUser(args.User); err != nil {
return fmt.Errorf("setup user %s", err)
}
if !args.Privileged {
if err := system.ClearKeepCaps(); err != nil {
return fmt.Errorf("clear keep caps %s", err)
}
var (
adds []string
drops []string
)
if args.CapAdd != "" {
adds = strings.Split(args.CapAdd, ":")
}
if args.CapDrop != "" {
drops = strings.Split(args.CapDrop, ":")
}
caps, err := execdriver.TweakCapabilities(container.Capabilities, adds, drops)
if err != nil {
return err
}
// drop all other capabilities
if err := capabilities.DropCapabilities(caps); err != nil {
return fmt.Errorf("drop capabilities %s", err)
}
}
if err := setupWorkingDirectory(args); err != nil {
return err
}
return nil
}
开发者ID:BreezeWu,项目名称:docker,代码行数:59,代码来源:lxc_init_linux.go
示例2: finalizeNamespace
func finalizeNamespace(args *InitArgs) error {
if err := utils.CloseExecFrom(3); err != nil {
return err
}
if err := setupUser(args.User); err != nil {
return fmt.Errorf("setup user %s", err)
}
if err := setupWorkingDirectory(args); err != nil {
return err
}
return nil
}
开发者ID:colebrumley,项目名称:docker,代码行数:12,代码来源:lxc_init_linux.go
示例3: finalizeNamespace
func finalizeNamespace(args *InitArgs) error {
if err := utils.CloseExecFrom(3); err != nil {
return err
}
if err := namespaces.SetupUser(&libcontainer.Config{
User: args.User,
}); err != nil {
return fmt.Errorf("setup user %s", err)
}
if err := setupWorkingDirectory(args); err != nil {
return err
}
return nil
}
开发者ID:TonyDoen,项目名称:docker,代码行数:14,代码来源:lxc_init_linux.go
示例4: finalizeNamespace
// finalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaked file descriptors
// before executing the command inside the namespace
func finalizeNamespace(config *initConfig) error {
// Ensure that all unwanted fds we may have accidentally
// inherited are marked close-on-exec so they stay out of the
// container
if err := utils.CloseExecFrom(config.PassedFilesCount + 3); err != nil {
return err
}
capabilities := config.Config.Capabilities
if config.Capabilities != nil {
capabilities = config.Capabilities
}
w, err := newCapWhitelist(capabilities)
if err != nil {
return err
}
// drop capabilities in bounding set before changing user
if err := w.dropBoundingSet(); err != nil {
return err
}
// preserve existing capabilities while we change users
if err := system.SetKeepCaps(); err != nil {
return err
}
if err := setupUser(config); err != nil {
return err
}
if err := system.ClearKeepCaps(); err != nil {
return err
}
// drop all other capabilities
if err := w.drop(); err != nil {
return err
}
if config.Cwd != "" {
if err := syscall.Chdir(config.Cwd); err != nil {
return err
}
}
return nil
}
开发者ID:schen59,项目名称:origin,代码行数:44,代码来源:init_linux.go
示例5: FinalizeNamespace
// FinalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaky file descriptors
// before execing the command inside the namespace
func FinalizeNamespace(container *libcontainer.Config) error {
// Ensure that all non-standard fds we may have accidentally
// inherited are marked close-on-exec so they stay out of the
// container
if err := utils.CloseExecFrom(3); err != nil {
return fmt.Errorf("close open file descriptors %s", err)
}
// drop capabilities in bounding set before changing user
if err := capabilities.DropBoundingSet(container.Capabilities); err != nil {
return fmt.Errorf("drop bounding set %s", err)
}
// preserve existing capabilities while we change users
if err := system.SetKeepCaps(); err != nil {
return fmt.Errorf("set keep caps %s", err)
}
if err := SetupUser(container.User); err != nil {
return fmt.Errorf("setup user %s", err)
}
if err := system.ClearKeepCaps(); err != nil {
return fmt.Errorf("clear keep caps %s", err)
}
// drop all other capabilities
if err := capabilities.DropCapabilities(container.Capabilities); err != nil {
return fmt.Errorf("drop capabilities %s", err)
}
if container.WorkingDir != "" {
if err := system.Chdir(container.WorkingDir); err != nil {
return fmt.Errorf("chdir to %s %s", container.WorkingDir, err)
}
}
return nil
}
开发者ID:hwpaas,项目名称:docker,代码行数:42,代码来源:init.go
注:本文中的github.com/docker/libcontainer/utils.CloseExecFrom函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论