def contain(command, image_name, image_dir, container_id, container_dir,
cpu_shares):
# TODO: insert the container to a new cpu cgroup named:
# 'rubber_docker/container_id'
_setup_cpu_cgroup(container_id, cpu_shares)
# TODO: if (cpu_shares != 0) => set the 'cpu.shares' in our cpu cgroup
linux.sethostname(container_id) # change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id,
container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir):
linux.unshare(linux.CLONE_NEWNS) # create a new mount namespace
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None) # TODO: we added MS_REC here. wanna guess why?
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
# Create mounts (/proc, /sys, /dev) under new_root
linux.mount('proc', os.path.join(new_root, 'proc'), 'proc', 0, '')
linux.mount('sysfs', os.path.join(new_root, 'sys'), 'sysfs', 0, '')
linux.mount('tmpfs', os.path.join(new_root, 'dev'), 'tmpfs',
linux.MS_NOSUID | linux.MS_STRICTATIME, 'mode=755')
# Add some basic devices
devpts_path = os.path.join(new_root, 'dev', 'pts')
if not os.path.exists(devpts_path):
os.makedirs(devpts_path)
linux.mount('devpts', devpts_path, 'devpts', 0, '')
makedev(os.path.join(new_root, 'dev'))
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root) # TODO: replace with pivot_root
os.chdir('/')
# TODO: umount2 old root (HINT: see MNT_DETACH in man mount)
linux.umount2('/old_root', linux.MNT_DETACH)
os.rmdir('/old_root')
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir,
cpu_shares, memory, memory_swap, user):
_setup_cpu_cgroup(container_id, cpu_shares)
_setup_memory_cgroup(container_id, memory, memory_swap)
linux.sethostname(container_id) # change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(
image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
# TODO: if user is set, drop privileges using os.setuid()
# (and optionally os.setgid()).
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir,
cpu_shares, memory, memory_swap):
_setup_cpu_cgroup(container_id, cpu_shares)
_setup_memory_cgroup(container_id, memory, memory_swap)
# TODO: similarly to the CPU cgorup, add Memory cgroup support here
# setup memory -> memory.limit_in_bytes,
# memory_swap -> memory.memsw.limit_in_bytes if they are not None
linux.sethostname(container_id) # Change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id,
container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir,
cpu_shares, memory, memory_swap, user):
_setup_cpu_cgroup(container_id, cpu_shares)
_setup_memory_cgroup(container_id, memory, memory_swap)
linux.sethostname(container_id) # change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id,
container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
# TODO: if user is set, drop privileges using os.setuid()
# (and optionally os.setgid()).
os.execvp(command[0], command)
def contain(command, image, image_dir, container_id, containers_dir):
linux.unshare(linux.CLONE_NEWNS)
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None) # TODO: we added MS_REC here. wanna guess why?
new_root = create_container_root(image, image_dir, container_id, containers_dir)
print('Created a new root fs for our container: {}'.format(new_root))
# Create mounts (/proc, /sys, /dev) under new_root
linux.mount('proc', os.path.join(new_root, 'proc'), 'proc', 0, '')
linux.mount('sysfs', os.path.join(new_root, 'sys'), 'sysfs', 0, '')
linux.mount('tmpfs', os.path.join(new_root, 'dev'), 'tmpfs',
linux.MS_NOSUID | linux.MS_STRICTATIME, 'mode=755')
# Add some basic devices
devpts_path = os.path.join(new_root, 'dev', 'pts')
if not os.path.exists(devpts_path):
os.makedirs(devpts_path)
linux.mount('devpts', devpts_path, 'devpts', 0, '')
makedev(os.path.join(new_root, 'dev'))
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH)
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir,
cpu_shares):
# TODO: insert the container to a new cpu cgroup named:
# 'rubber_docker/container_id'
# TODO: if (cpu_shares != 0) => set the 'cpu.shares' in our cpu cgroup
linux.sethostname(container_id) # change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(
image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir,
cpu_shares, memory, memory_swap):
_setup_cpu_cgroup(container_id, cpu_shares)
# TODO: similarly to the CPU cgorup, add Memory cgroup support here
# setup memory -> memory.limit_in_bytes,
# memory_swap -> memory.memsw.limit_in_bytes if they are not None
linux.sethostname(container_id) # Change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(
image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir):
linux.unshare(linux.CLONE_NEWNS) # create a new mount namespace
# TODO: switch to a new UTS namespace, change hostname to container_id
# HINT: use linux.sethostname()
linux.unshare(linux.CLONE_NEWUTS)
linux.sethostname(container_id)
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id,
container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
os.execvp(command[0], command)
def _change_root_dir(self, container_root_dir: str):
"""
コンテナ内のルートディレクトリを変更する
:param container_root_dir:
:return:
"""
old_root = os.path.join(container_root_dir, 'old_root')
os.makedirs(old_root)
linux.pivot_root(container_root_dir, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH)
os.rmdir('/old_root')
def contain(command, image_name, image_dir, container_id, container_dir):
try:
linux.unshare(linux.CLONE_NEWNS) # create a new mount namespace
except RuntimeError as e:
if getattr(e, 'args', '') == (1, 'Operation not permitted'):
print('Error: Use of CLONE_NEWNS with unshare(2) requires the '
'CAP_SYS_ADMIN capability (i.e. you probably want to retry '
'this with sudo)')
raise e
# TODO: we added MS_REC here. wanna guess why?
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id,
container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
def _create_mounts(
new_root): # Create mounts (/proc, /sys, /dev) under new_root
linux.mount('proc', os.path.join(new_root, 'proc'), 'proc', 0, '')
linux.mount('sysfs', os.path.join(new_root, 'sys'), 'sysfs', 0, '')
linux.mount('tmpfs', os.path.join(new_root, 'dev'), 'tmpfs',
linux.MS_NOSUID | linux.MS_STRICTATIME, 'mode=755')
# Add some basic devices
devpts_path = os.path.join(new_root, 'dev', 'pts')
if not os.path.exists(devpts_path):
os.makedirs(devpts_path)
linux.mount('devpts', devpts_path, 'devpts', 0, '')
makedev(os.path.join(new_root, 'dev'))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.mkdirs(new_root)
os.pivot_root(new_root, 'old_root') # TODO: replace with pivot_root
os.chdir('/')
linux.umount2("/old_root", linux.MNT_DETACH)
linux.rm("/old_root")
# TODO: umount2 old root (HINT: see MNT_DETACH in man 2 umount)
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir):
linux.sethostname(container_id) # change hostname to container_id
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir):
linux.unshare(linux.CLONE_NEWNS) # create a new mount namespace
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, 'old_root')
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir('/')
linux.umount2('/old_root', linux.MNT_DETACH) # umount old root
os.rmdir('/old_root') # rmdir the old_root dir
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir):
linux.sethostname(container_id) # change hostname to container_id
linux.mount(None, "/", None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print("Created a new root fs for our container: {}".format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, "old_root")
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir("/")
linux.umount2("/old_root", linux.MNT_DETACH) # umount old root
os.rmdir("/old_root") # rmdir the old_root dir
os.execvp(command[0], command)
def contain(command, image_name, image_dir, container_id, container_dir):
linux.unshare(linux.CLONE_NEWNS) # create a new mount namespace
# TODO: switch to a new UTS namespace, change hostname to container_id
# HINT: use linux.sethostname()
linux.mount(None, "/", None, linux.MS_PRIVATE | linux.MS_REC, None)
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print("Created a new root fs for our container: {}".format(new_root))
_create_mounts(new_root)
old_root = os.path.join(new_root, "old_root")
os.makedirs(old_root)
linux.pivot_root(new_root, old_root)
os.chdir("/")
linux.umount2("/old_root", linux.MNT_DETACH) # umount old root
os.rmdir("/old_root") # rmdir the old_root dir
os.execvp(command[0], command)
