mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-03 23:40:03 +00:00
4711bccd05
This fixes a race condition in runc/systemd at container creation time opencontainers/runc#1683 Signed-off-by: vikaschoudhary16 <vichoudh@redhat.com>
111 lines
3.1 KiB
Go
111 lines
3.1 KiB
Go
package libcontainer
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"math"
|
|
"os"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
|
)
|
|
|
|
type processOperations interface {
|
|
wait() (*os.ProcessState, error)
|
|
signal(sig os.Signal) error
|
|
pid() int
|
|
}
|
|
|
|
// Process specifies the configuration and IO for a process inside
|
|
// a container.
|
|
type Process struct {
|
|
// The command to be run followed by any arguments.
|
|
Args []string
|
|
|
|
// Env specifies the environment variables for the process.
|
|
Env []string
|
|
|
|
// User will set the uid and gid of the executing process running inside the container
|
|
// local to the container's user and group configuration.
|
|
User string
|
|
|
|
// AdditionalGroups specifies the gids that should be added to supplementary groups
|
|
// in addition to those that the user belongs to.
|
|
AdditionalGroups []string
|
|
|
|
// Cwd will change the processes current working directory inside the container's rootfs.
|
|
Cwd string
|
|
|
|
// Stdin is a pointer to a reader which provides the standard input stream.
|
|
Stdin io.Reader
|
|
|
|
// Stdout is a pointer to a writer which receives the standard output stream.
|
|
Stdout io.Writer
|
|
|
|
// Stderr is a pointer to a writer which receives the standard error stream.
|
|
Stderr io.Writer
|
|
|
|
// ExtraFiles specifies additional open files to be inherited by the container
|
|
ExtraFiles []*os.File
|
|
|
|
// Initial sizings for the console
|
|
ConsoleWidth uint16
|
|
ConsoleHeight uint16
|
|
|
|
// Capabilities specify the capabilities to keep when executing the process inside the container
|
|
// All capabilities not specified will be dropped from the processes capability mask
|
|
Capabilities *configs.Capabilities
|
|
|
|
// AppArmorProfile specifies the profile to apply to the process and is
|
|
// changed at the time the process is execed
|
|
AppArmorProfile string
|
|
|
|
// Label specifies the label to apply to the process. It is commonly used by selinux
|
|
Label string
|
|
|
|
// NoNewPrivileges controls whether processes can gain additional privileges.
|
|
NoNewPrivileges *bool
|
|
|
|
// Rlimits specifies the resource limits, such as max open files, to set in the container
|
|
// If Rlimits are not set, the container will inherit rlimits from the parent process
|
|
Rlimits []configs.Rlimit
|
|
|
|
// ConsoleSocket provides the masterfd console.
|
|
ConsoleSocket *os.File
|
|
|
|
ops processOperations
|
|
}
|
|
|
|
// Wait waits for the process to exit.
|
|
// Wait releases any resources associated with the Process
|
|
func (p Process) Wait() (*os.ProcessState, error) {
|
|
if p.ops == nil {
|
|
return nil, newGenericError(fmt.Errorf("invalid process"), NoProcessOps)
|
|
}
|
|
return p.ops.wait()
|
|
}
|
|
|
|
// Pid returns the process ID
|
|
func (p Process) Pid() (int, error) {
|
|
// math.MinInt32 is returned here, because it's invalid value
|
|
// for the kill() system call.
|
|
if p.ops == nil {
|
|
return math.MinInt32, newGenericError(fmt.Errorf("invalid process"), NoProcessOps)
|
|
}
|
|
return p.ops.pid(), nil
|
|
}
|
|
|
|
// Signal sends a signal to the Process.
|
|
func (p Process) Signal(sig os.Signal) error {
|
|
if p.ops == nil {
|
|
return newGenericError(fmt.Errorf("invalid process"), NoProcessOps)
|
|
}
|
|
return p.ops.signal(sig)
|
|
}
|
|
|
|
// IO holds the process's STDIO
|
|
type IO struct {
|
|
Stdin io.WriteCloser
|
|
Stdout io.ReadCloser
|
|
Stderr io.ReadCloser
|
|
}
|