diff options
| author | Michael Crosby <michael@crosbymichael.com> | 2014-03-21 00:10:24 +0000 |
|---|---|---|
| committer | Michael Crosby <michael@crosbymichael.com> | 2014-03-21 00:10:24 +0000 |
| commit | 443a75d5f66e986e9d7740d3f2aaef080aef8ea0 (patch) | |
| tree | b6319abf3702a002c4fa20f8a3f13ae49794a3bb /runtime/execdriver/native | |
| parent | c5f9c4bd6933c806490e4f7cb52557cee154dbed (diff) | |
| download | docker-443a75d5f66e986e9d7740d3f2aaef080aef8ea0.tar.gz | |
Allow caps to be toggled in native driver with plugin flag
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Diffstat (limited to 'runtime/execdriver/native')
| -rw-r--r-- | runtime/execdriver/native/default_template.go | 31 | ||||
| -rw-r--r-- | runtime/execdriver/native/driver.go | 12 |
2 files changed, 31 insertions, 12 deletions
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go index d744ab382f..d47a5eb8cd 100644 --- a/runtime/execdriver/native/default_template.go +++ b/runtime/execdriver/native/default_template.go @@ -6,6 +6,7 @@ import ( "github.com/dotcloud/docker/pkg/libcontainer" "github.com/dotcloud/docker/runtime/execdriver" "os" + "strings" ) // createContainer populates and configures the container type with the @@ -63,9 +64,39 @@ func createContainer(c *execdriver.Command) *libcontainer.Container { container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private}) } + configureCustomOptions(container, c.Config["native"]) + return container } +// configureCustomOptions takes string commands from the user and allows modification of the +// container's default configuration. +// +// format: <key> <value> +// i.e: cap +MKNOD cap -NET_ADMIN +// i.e: cgroup devices.allow *:* +func configureCustomOptions(container *libcontainer.Container, opts []string) { + for _, opt := range opts { + parts := strings.Split(strings.TrimSpace(opt), " ") + switch parts[0] { + case "cap": + value := strings.TrimSpace(parts[1]) + c := container.CapabilitiesMask.Get(value[1:]) + if c == nil { + continue + } + switch value[0] { + case '-': + c.Enabled = false + case '+': + c.Enabled = true + default: + // do error here + } + } + } +} + // getDefaultTemplate returns the docker default for // the libcontainer configuration file func getDefaultTemplate() *libcontainer.Container { diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go index 0a09d324db..0d9297191c 100644 --- a/runtime/execdriver/native/driver.go +++ b/runtime/execdriver/native/driver.go @@ -75,9 +75,6 @@ func NewDriver(root, initPath string) (*driver, error) { } func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) { - if err := d.validateCommand(c); err != nil { - return -1, err - } var ( term nsinit.Terminal container = createContainer(c) @@ -181,15 +178,6 @@ func (d *driver) removeContainerRoot(id string) error { return os.RemoveAll(filepath.Join(d.root, id)) } -func (d *driver) validateCommand(c *execdriver.Command) error { - // we need to check the Config of the command to make sure that we - // do not have any of the lxc-conf variables - for _, conf := range c.Config["native"] { - log.Println(conf) - } - return nil -} - func getEnv(key string, env []string) string { for _, pair := range env { parts := strings.Split(pair, "=") |