go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gvisor/runsc/cmd
History
Fabricio Voznika f3ffa4db52 Resolve mount paths while setting up root fs mount 
It's hard to resolve symlinks inside the sandbox because rootfs and mounts
may be read-only, forcing us to create mount points inside lower layer of an
overlay, **before** the volumes are mounted.

Since the destination must already be resolved outside the sandbox when creating
mounts, take this opportunity to rewrite the spec with paths resolved.
"runsc boot" will use the "resolved" spec to load mounts. In addition, symlink
traversals were disabled while mounting containers inside the sandbox.

It haven't been able to write a good test for it. So I'm relying on manual tests
for now.

PiperOrigin-RevId: 217749904
Change-Id: I7ac434d5befd230db1488446cda03300cc0751a9
 		2018-10-18 12:42:24 -07:00
..
BUILD Added spec command to create OCI spec config.json 2018-10-12 12:59:49 -07:00
boot.go Add bare bones unsupported syscall logging 2018-10-11 11:56:54 -07:00
capability.go Switch to root in userns when CAP_SYS_CHROOT is also missing 2018-09-28 09:44:13 -07:00
capability_test.go Add bare bones unsupported syscall logging 2018-10-11 11:56:54 -07:00
checkpoint.go Add bare bones unsupported syscall logging 2018-10-11 11:56:54 -07:00
cmd.go Switch to root in userns when CAP_SYS_CHROOT is also missing 2018-09-28 09:44:13 -07:00
create.go Resolve mount paths while setting up root fs mount 2018-10-18 12:42:24 -07:00
debug.go Add tests to verify gofer is chroot'ed 2018-10-09 21:07:14 -07:00
delete.go runsc: do not delete in paused state. 2018-09-06 11:06:19 -07:00
delete_test.go runsc: Support abbreviated container IDs. 2018-06-06 16:13:53 -07:00
events.go runsc: Enable container creation within existing sandboxes. 2018-06-19 21:44:33 -07:00
exec.go runsc: Support job control signals in "exec -it". 2018-10-01 22:06:56 -07:00
exec_test.go Check in gVisor. 2018-04-28 01:44:26 -04:00
gofer.go Fix sandbox and gofer capabilities 2018-09-19 17:15:14 -07:00
kill.go runsc: Add --pid flag to runsc kill. 2018-10-17 10:51:39 -07:00
list.go Add tests to verify gofer is chroot'ed 2018-10-09 21:07:14 -07:00
path.go runsc: fix container rootfs path. 2018-09-04 13:37:40 -07:00
pause.go Added code for a pause command for a container process. 2018-06-15 16:09:09 -07:00
ps.go runsc: Enable container creation within existing sandboxes. 2018-06-19 21:44:33 -07:00
restore.go Moved restore code out of create and made to be called after create. 2018-07-18 16:58:30 -07:00
resume.go Added a resume command to unpause a paused container. 2018-06-19 15:23:36 -07:00
run.go Resolve mount paths while setting up root fs mount 2018-10-18 12:42:24 -07:00
spec.go Added spec command to create OCI spec config.json 2018-10-12 12:59:49 -07:00
start.go Refactor the Sandbox package into Sandbox + Container. 2018-05-15 10:18:03 -07:00
state.go Put fsgofer inside chroot 2018-08-27 11:10:14 -07:00
wait.go runsc: Enable waiting on exited processes. 2018-09-17 16:25:24 -07:00