github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-25 18:53:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1499 from devimc/topic/virtcontainers/onlySupportedNs

Browse Source 
virtcontainers: Use only supported namespaces
This commit is contained in:
GabyCT
2019-04-09 13:26:10 -05:00
committed by GitHub
parent 11a9005aca 0b430dc71f
commit 4265509e9c
2 changed files with 36 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
virtcontainers/pkg/nsenter/nsenter.go
View File

@@ -49,13 +49,7 @@ const (
// CloneFlagsTable is exported so that consumers of this package don't need // CloneFlagsTable is exported so that consumers of this package don't need
// to define this same table again. // to define this same table again.
var CloneFlagsTable = map[NSType]int{ var CloneFlagsTable = make(map[NSType]int)
NSTypeCGroup: unix.CLONE_NEWCGROUP,
NSTypeIPC: unix.CLONE_NEWIPC,
NSTypeNet: unix.CLONE_NEWNET,
NSTypePID: unix.CLONE_NEWPID,
NSTypeUTS: unix.CLONE_NEWUTS,
}
// Namespace describes a namespace that will be entered. // Namespace describes a namespace that will be entered.
type Namespace struct { type Namespace struct {
@@ -69,6 +63,22 @@ type nsPair struct {
threadNS *os.File threadNS *os.File
} }
func init() {
var ns = map[NSType]int{
NSTypeCGroup: unix.CLONE_NEWCGROUP,
NSTypeIPC: unix.CLONE_NEWIPC,
NSTypeNet: unix.CLONE_NEWNET,
NSTypePID: unix.CLONE_NEWPID,
NSTypeUTS: unix.CLONE_NEWUTS,
}
for k, v := range ns {
if _, err := os.Stat(fmt.Sprint("/proc/self/ns/", string(k))); err == nil {
CloneFlagsTable[k] = v
}
}
}
func getNSPathFromPID(pid int, nsType NSType) string { func getNSPathFromPID(pid int, nsType NSType) string {
return filepath.Join(procRootPath, strconv.Itoa(pid), nsDirPath, string(nsType)) return filepath.Join(procRootPath, strconv.Itoa(pid), nsDirPath, string(nsType))
} }

37
virtcontainers/pkg/nsenter/nsenter_test.go
View File

@@ -138,22 +138,23 @@ func TestSetNSWrongFileFailure(t *testing.T) {
assert.NotNil(t, err, "Should fail because file is not a namespace") assert.NotNil(t, err, "Should fail because file is not a namespace")
} }
var testNamespaceList = []Namespace{ func supportedNamespaces() []Namespace {
{ var list []Namespace
Type: NSTypeCGroup, var ns = []Namespace{
}, {Type: NSTypeCGroup},
{ {Type: NSTypeIPC},
Type: NSTypeIPC, {Type: NSTypeNet},
}, {Type: NSTypePID},
{ {Type: NSTypeUTS},
Type: NSTypeNet, }
},
{ for _, n := range ns {
Type: NSTypePID, if _, err := os.Stat(fmt.Sprint("/proc/self/ns/", string(n.Type))); err == nil {
}, list = append(list, n)
{ }
Type: NSTypeUTS, }
},
return list
} }
func testToRunNil() error { func testToRunNil() error {
@@ -161,7 +162,7 @@ func testToRunNil() error {
} }
func TestNsEnterEmptyPathAndPIDFromNSListFailure(t *testing.T) { func TestNsEnterEmptyPathAndPIDFromNSListFailure(t *testing.T) {
err := NsEnter(testNamespaceList, testToRunNil) err := NsEnter(supportedNamespaces(), testToRunNil)
assert.NotNil(t, err, "Should fail because neither a path nor a PID"+ assert.NotNil(t, err, "Should fail because neither a path nor a PID"+
" has been provided by every namespace of the list") " has been provided by every namespace of the list")
} }
@@ -172,7 +173,7 @@ func TestNsEnterEmptyNamespaceListSuccess(t *testing.T) {
} }
func TestNsEnterSuccessful(t *testing.T) { func TestNsEnterSuccessful(t *testing.T) {
nsList := testNamespaceList nsList := supportedNamespaces()
sleepDuration := 60 sleepDuration := 60
cloneFlags := 0 cloneFlags := 0