-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsyscall.go
83 lines (77 loc) · 2.12 KB
/
syscall.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package lctn
import (
"os"
"path/filepath"
"syscall"
"github.com/golang/glog"
)
func Chroot(root string) error {
if err := syscall.Mount("", "/", "", uintptr(syscall.MS_PRIVATE|syscall.MS_REC), ""); err != nil {
return err
}
if err := syscall.Chdir(root); err != nil {
return err
}
if err := syscall.Chroot(root); err != nil {
return err
}
return nil
}
func Mountfs(cgInfo *CgroupInfo) error {
if err := os.MkdirAll("/proc", 0755); err != nil {
return err
}
if err := os.MkdirAll("/sys", 0755); err != nil {
return err
}
defaultMountFlags := uintptr(syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV)
if err := syscall.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil {
return err
}
if err := syscall.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil {
return err
}
if err := syscall.Mount("cgroup", "/sys/fs/cgroup", "tmpfs", uintptr(defaultMountFlags), ""); err != nil {
return err
}
for _, sub := range cgInfo.CgroupSubSystems {
subsystemPath := filepath.Join(cgInfo.CgroupRoot, sub)
if _, err := os.Stat(subsystemPath); err != nil {
if err := os.MkdirAll(subsystemPath, 0755); err != nil {
glog.Warning(err)
continue
}
}
if err := syscall.Mount("cgroup", subsystemPath, "cgroup", 0, sub); err != nil {
glog.Warningf("failed to mount cgroup subsystem %s: %v", sub, err)
}
}
return nil
}
func PrepareDevice(root string, bind bool) error {
devPath := filepath.Join(root, "/dev")
if err := os.MkdirAll(devPath, 0755); err != nil {
return err
}
if !bind {
if err := syscall.Mount("devtmpfs", devPath, "devtmpfs", 0, "rw,nosuid,relatime,size=6031164k,mode=755"); err != nil {
return err
}
} else {
nullPath := filepath.Join(root, "/dev/null")
if _, err := os.Stat(nullPath); err != nil {
if _, err := os.Create(nullPath); err != nil {
glog.Error(err)
return err
}
}
if err := syscall.Mount("/dev/null", nullPath, "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) {
glog.Error(err)
return err
}
}
return nil
}
func RemoveDevice(root string) {
os.RemoveAll(filepath.Join(root, "/dev"))
}