From bf3165a7069fc6dcf9ae3a28be3af07fe8b4e1c2 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Mon, 28 Nov 2022 17:15:12 +0100 Subject: Vendor executor module so that we can patch it --- executor/libcontainer_nsenter_linux.go | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 executor/libcontainer_nsenter_linux.go (limited to 'executor/libcontainer_nsenter_linux.go') diff --git a/executor/libcontainer_nsenter_linux.go b/executor/libcontainer_nsenter_linux.go new file mode 100644 index 0000000..9ecada4 --- /dev/null +++ b/executor/libcontainer_nsenter_linux.go @@ -0,0 +1,29 @@ +package executor + +import ( + "os" + "runtime" + + hclog "github.com/hashicorp/go-hclog" + "github.com/opencontainers/runc/libcontainer" + _ "github.com/opencontainers/runc/libcontainer/nsenter" +) + +// init is only run on linux and is used when the LibcontainerExecutor starts +// a new process. The libcontainer shim takes over the process, setting up the +// configured isolation and limitions before execve into the user process +// +// This subcommand handler is implemented as an `init`, libcontainer shim is handled anywhere +// this package is used (including tests) without needing to write special command handler. +func init() { + if len(os.Args) > 1 && os.Args[1] == "libcontainer-shim" { + runtime.GOMAXPROCS(1) + runtime.LockOSThread() + factory, _ := libcontainer.New("") + if err := factory.StartInitialization(); err != nil { + hclog.L().Error("failed to initialize libcontainer-shim", "error", err) + os.Exit(1) + } + panic("--this line should have never been executed, congratulations--") + } +} -- cgit v1.2.3