9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# File 'lib/haconiwa/runners/linux.rb', line 9
def self.run(base, init_command=[])
container = fork {
if init_command.empty?
init_command = Array(base.init_command)
end
base.namespace.apply!
base.cgroup.register_all!(to: base.name)
base.filesystem.mount_all!
Dir.chroot base.filesystem.chroot
Dir.chdir "/"
wrapper = Tempfile.open("haconiwa-wrapper-#{$$}-#{Time.now.to_i}.sh")
wrapper.puts "#!/bin/bash"
wrapper.puts "/bin/bash -c '"
if base.filesystem.mount_independent_procfs
wrapper.puts "mount -t proc proc /proc;"
end
wrapper.puts "exec $@;"
wrapper.puts "' -- \"$@\""
wrapper.close
FileUtils.chmod 0700, wrapper.path
Haconiwa::Base.sethostname(base.name)
base.capabilities.apply!
if base.namespace.use_pid_ns
Bundler.with_clean_env {
exec "unshare", "--pid", "--", wrapper.path, *init_command
}
else
Bundler.with_clean_env { exec wrapper.path, *init_command }
end
}
Haconiwa::SmallCgroup.register_at_exit(pid: container, name: base.name, dirs: base.cgroup.to_dirs)
puts "New container: PID = #{container}"
res = Process.waitpid2 container
if res[1].success?
puts "Successfully exit container."
else
puts "Container exited with status code <#{res[1].to_i}>."
end
end
|