Merge pull request #370 from crosbymichael/state

Ensure state is persisted

configs/cgroup.go

@@ -9,46 +9,46 @@ const (
 )
 
 type Cgroup struct {
-	Name string `json:"name,omitempty"`
+	Name string `json:"name"`
 
 	// name of parent cgroup or slice
-	Parent string `json:"parent,omitempty"`
+	Parent string `json:"parent"`
 
 	// If this is true allow access to any kind of device within the container.  If false, allow access only to devices explicitly listed in the allowed_devices list.
-	AllowAllDevices bool `json:"allow_all_devices,omitempty"`
+	AllowAllDevices bool `json:"allow_all_devices"`
 
-	AllowedDevices []*Device `json:"allowed_devices,omitempty"`
+	AllowedDevices []*Device `json:"allowed_devices"`
 
 	// Memory limit (in bytes)
-	Memory int64 `json:"memory,omitempty"`
+	Memory int64 `json:"memory"`
 
 	// Memory reservation or soft_limit (in bytes)
-	MemoryReservation int64 `json:"memory_reservation,omitempty"`
+	MemoryReservation int64 `json:"memory_reservation"`
 
 	// Total memory usage (memory + swap); set `-1' to disable swap
-	MemorySwap int64 `json:"memory_swap,omitempty"`
+	MemorySwap int64 `json:"memory_swap"`
 
 	// CPU shares (relative weight vs. other containers)
-	CpuShares int64 `json:"cpu_shares,omitempty"`
+	CpuShares int64 `json:"cpu_shares"`
 
 	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
-	CpuQuota int64 `json:"cpu_quota,omitempty"`
+	CpuQuota int64 `json:"cpu_quota"`
 
 	// CPU period to be used for hardcapping (in usecs). 0 to use system default.
-	CpuPeriod int64 `json:"cpu_period,omitempty"`
+	CpuPeriod int64 `json:"cpu_period"`
 
 	// CPU to use
-	CpusetCpus string `json:"cpuset_cpus,omitempty"`
+	CpusetCpus string `json:"cpuset_cpus"`
 
 	// MEM to use
-	CpusetMems string `json:"cpuset_mems,omitempty"`
+	CpusetMems string `json:"cpuset_mems"`
 
 	// Specifies per cgroup weight, range is from 10 to 1000.
-	BlkioWeight int64 `json:"blkio_weight,omitempty"`
+	BlkioWeight int64 `json:"blkio_weight"`
 
 	// set the freeze value for the process
-	Freezer FreezerState `json:"freezer,omitempty"`
+	Freezer FreezerState `json:"freezer"`
 
 	// Parent slice to use for systemd TODO: remove in favor or parent
-	Slice string `json:"slice,omitempty"`
+	Slice string `json:"slice"`
 }

configs/config.go

@@ -3,98 +3,98 @@ package configs
 import "fmt"
 
 type Rlimit struct {
-	Type int    `json:"type,omitempty"`
-	Hard uint64 `json:"hard,omitempty"`
-	Soft uint64 `json:"soft,omitempty"`
+	Type int    `json:"type"`
+	Hard uint64 `json:"hard"`
+	Soft uint64 `json:"soft"`
 }
 
 // IDMap represents UID/GID Mappings for User Namespaces.
 type IDMap struct {
-	ContainerID int `json:"container_id,omitempty"`
-	HostID      int `json:"host_id,omitempty"`
-	Size        int `json:"size,omitempty"`
+	ContainerID int `json:"container_id"`
+	HostID      int `json:"host_id"`
+	Size        int `json:"size"`
 }
 
 // Config defines configuration options for executing a process inside a contained environment.
 type Config struct {
 	// NoPivotRoot will use MS_MOVE and a chroot to jail the process into the container's rootfs
 	// This is a common option when the container is running in ramdisk
-	NoPivotRoot bool `json:"no_pivot_root,omitempty"`
+	NoPivotRoot bool `json:"no_pivot_root"`
 
 	// ParentDeathSignal specifies the signal that is sent to the container's process in the case
 	// that the parent process dies.
-	ParentDeathSignal int `json:"parent_death_signal,omitempty"`
+	ParentDeathSignal int `json:"parent_death_signal"`
 
 	// PivotDir allows a custom directory inside the container's root filesystem to be used as pivot, when NoPivotRoot is not set.
 	// When a custom PivotDir not set, a temporary dir inside the root filesystem will be used. The pivot dir needs to be writeable.
 	// This is required when using read only root filesystems. In these cases, a read/writeable path can be (bind) mounted somewhere inside the root filesystem to act as pivot.
-	PivotDir string `json:"pivot_dir,omitempty"`
+	PivotDir string `json:"pivot_dir"`
 
 	// Path to a directory containing the container's root filesystem.
-	Rootfs string `json:"rootfs,omitempty"`
+	Rootfs string `json:"rootfs"`
 
 	// Readonlyfs will remount the container's rootfs as readonly where only externally mounted
 	// bind mounts are writtable.
-	Readonlyfs bool `json:"readonlyfs,omitempty"`
+	Readonlyfs bool `json:"readonlyfs"`
 
 	// Mounts specify additional source and destination paths that will be mounted inside the container's
 	// rootfs and mount namespace if specified
-	Mounts []*Mount `json:"mounts,omitempty"`
+	Mounts []*Mount `json:"mounts"`
 
 	// The device nodes that should be automatically created within the container upon container start.  Note, make sure that the node is marked as allowed in the cgroup as well!
-	Devices []*Device `json:"devices,omitempty"`
+	Devices []*Device `json:"devices"`
 
-	MountLabel string `json:"mount_label,omitempty"`
+	MountLabel string `json:"mount_label"`
 
 	// Hostname optionally sets the container's hostname if provided
-	Hostname string `json:"hostname,omitempty"`
+	Hostname string `json:"hostname"`
 
 	// Console is the path to the console allocated to the container.
-	Console string `json:"console,omitempty"`
+	Console string `json:"console"`
 
 	// Namespaces specifies the container's namespaces that it should setup when cloning the init process
 	// If a namespace is not provided that namespace is shared from the container's parent process
-	Namespaces Namespaces `json:"namespaces,omitempty"`
+	Namespaces Namespaces `json:"namespaces"`
 
 	// Capabilities specify the capabilities to keep when executing the process inside the container
 	// All capbilities not specified will be dropped from the processes capability mask
-	Capabilities []string `json:"capabilities,omitempty"`
+	Capabilities []string `json:"capabilities"`
 
 	// Networks specifies the container's network setup to be created
-	Networks []*Network `json:"networks,omitempty"`
+	Networks []*Network `json:"networks"`
 
 	// Routes can be specified to create entries in the route table as the container is started
-	Routes []*Route `json:"routes,omitempty"`
+	Routes []*Route `json:"routes"`
 
 	// Cgroups specifies specific cgroup settings for the various subsystems that the container is
 	// placed into to limit the resources the container has available
-	Cgroups *Cgroup `json:"cgroups,omitempty"`
+	Cgroups *Cgroup `json:"cgroups"`
 
 	// AppArmorProfile specifies the profile to apply to the process running in the container and is
 	// change at the time the process is execed
-	AppArmorProfile string `json:"apparmor_profile,omitempty"`
+	AppArmorProfile string `json:"apparmor_profile"`
 
 	// ProcessLabel specifies the label to apply to the process running in the container.  It is
 	// commonly used by selinux
-	ProcessLabel string `json:"process_label,omitempty"`
+	ProcessLabel string `json:"process_label"`
 
 	// RestrictSys will remount /proc/sys, /sys, and mask over sysrq-trigger as well as /proc/irq and
 	// /proc/bus
-	RestrictSys bool `json:"restrict_sys,omitempty"`
+	RestrictSys bool `json:"restrict_sys"`
 
 	// Rlimits specifies the resource limits, such as max open files, to set in the container
 	// If Rlimits are not set, the container will inherit rlimits from the parent process
-	Rlimits []Rlimit `json:"rlimits,omitempty"`
+	Rlimits []Rlimit `json:"rlimits"`
 
 	// AdditionalGroups specifies the gids that should be added to supplementary groups
 	// in addition to those that the user belongs to.
-	AdditionalGroups []int `json:"additional_groups,omitempty"`
+	AdditionalGroups []int `json:"additional_groups"`
 
 	// UidMappings is an array of User ID mappings for User Namespaces
-	UidMappings []IDMap `json:"uid_mappings,omitempty"`
+	UidMappings []IDMap `json:"uid_mappings"`
 
 	// GidMappings is an array of Group ID mappings for User Namespaces
-	GidMappings []IDMap `json:"gid_mappings,omitempty"`
+	GidMappings []IDMap `json:"gid_mappings"`
 }
 
 // Gets the root uid for the process on host which could be non-zero

configs/device.go

@@ -11,28 +11,28 @@ const (
 
 type Device struct {
 	// Device type, block, char, etc.
-	Type rune `json:"type,omitempty"`
+	Type rune `json:"type"`
 
 	// Path to the device.
-	Path string `json:"path,omitempty"`
+	Path string `json:"path"`
 
 	// Major is the device's major number.
-	Major int64 `json:"major,omitempty"`
+	Major int64 `json:"major"`
 
 	// Minor is the device's minor number.
-	Minor int64 `json:"minor,omitempty"`
+	Minor int64 `json:"minor"`
 
 	// Cgroup permissions format, rwm.
-	Permissions string `json:"permissions,omitempty"`
+	Permissions string `json:"permissions"`
 
 	// FileMode permission bits for the device.
-	FileMode os.FileMode `json:"file_mode,omitempty"`
+	FileMode os.FileMode `json:"file_mode"`
 
 	// Uid of the device.
-	Uid uint32 `json:"uid,omitempty"`
+	Uid uint32 `json:"uid"`
 
 	// Gid of the device.
-	Gid uint32 `json:"gid,omitempty"`
+	Gid uint32 `json:"gid"`
 }
 
 func (d *Device) CgroupString() string {

configs/mount.go

@@ -1,11 +1,11 @@
 package configs
 
 type Mount struct {
-	Type        string `json:"type,omitempty"`
-	Source      string `json:"source,omitempty"`      // Source path, in the host namespace
-	Destination string `json:"destination,omitempty"` // Destination path, in the container
-	Writable    bool   `json:"writable,omitempty"`
-	Relabel     string `json:"relabel,omitempty"` // Relabel source if set, "z" indicates shared, "Z" indicates unshared
-	Private     bool   `json:"private,omitempty"`
-	Slave       bool   `json:"slave,omitempty"`
+	Type        string `json:"type"`
+	Source      string `json:"source"`      // Source path, in the host namespace
+	Destination string `json:"destination"` // Destination path, in the container
+	Writable    bool   `json:"writable"`
+	Relabel     string `json:"relabel"` // Relabel source if set, "z" indicates shared, "Z" indicates unshared
+	Private     bool   `json:"private"`
+	Slave       bool   `json:"slave"`
 }

configs/namespaces.go

@@ -1,6 +1,7 @@
 package configs
 
 import (
+	"fmt"
 	"syscall"
 )
 
@@ -19,13 +20,39 @@ const (
 // alternate path that is able to be joined via setns.
 type Namespace struct {
 	Type NamespaceType `json:"type"`
-	Path string        `json:"path,omitempty"`
+	Path string        `json:"path"`
 }
 
 func (n *Namespace) Syscall() int {
 	return namespaceInfo[n.Type]
 }
 
+func (n *Namespace) GetPath(pid int) string {
+	if n.Path != "" {
+		return n.Path
+	}
+	return fmt.Sprintf("/proc/%d/ns/%s", pid, n.file())
+}
+
+func (n *Namespace) file() string {
+	file := ""
+	switch n.Type {
+	case NEWNET:
+		file = "net"
+	case NEWNS:
+		file = "mnt"
+	case NEWPID:
+		file = "pid"
+	case NEWIPC:
+		file = "ipc"
+	case NEWUSER:
+		file = "user"
+	case NEWUTS:
+		file = "uts"
+	}
+	return file
+}
+
 type Namespaces []Namespace
 
 func (n *Namespaces) Remove(t NamespaceType) bool {

configs/network.go

@@ -6,42 +6,42 @@ package configs
 // container to be setup with the host's networking stack
 type Network struct {
 	// Type sets the networks type, commonly veth and loopback
-	Type string `json:"type,omitempty"`
+	Type string `json:"type"`
 
 	// Name of the network interface
-	Name string `json:"name,omitempty"`
+	Name string `json:"name"`
 
 	// The bridge to use.
-	Bridge string `json:"bridge,omitempty"`
+	Bridge string `json:"bridge"`
 
 	// MacAddress contains the MAC address to set on the network interface
-	MacAddress string `json:"mac_address,omitempty"`
+	MacAddress string `json:"mac_address"`
 
 	// Address contains the IPv4 and mask to set on the network interface
-	Address string `json:"address,omitempty"`
+	Address string `json:"address"`
 
 	// Gateway sets the gateway address that is used as the default for the interface
-	Gateway string `json:"gateway,omitempty"`
+	Gateway string `json:"gateway"`
 
 	// IPv6Address contains the IPv6 and mask to set on the network interface
-	IPv6Address string `json:"ipv6_address,omitempty"`
+	IPv6Address string `json:"ipv6_address"`
 
 	// IPv6Gateway sets the ipv6 gateway address that is used as the default for the interface
-	IPv6Gateway string `json:"ipv6_gateway,omitempty"`
+	IPv6Gateway string `json:"ipv6_gateway"`
 
 	// Mtu sets the mtu value for the interface and will be mirrored on both the host and
 	// container's interfaces if a pair is created, specifically in the case of type veth
 	// Note: This does not apply to loopback interfaces.
-	Mtu int `json:"mtu,omitempty"`
+	Mtu int `json:"mtu"`
 
 	// TxQueueLen sets the tx_queuelen value for the interface and will be mirrored on both the host and
 	// container's interfaces if a pair is created, specifically in the case of type veth
 	// Note: This does not apply to loopback interfaces.
-	TxQueueLen int `json:"txqueuelen,omitempty"`
+	TxQueueLen int `json:"txqueuelen"`
 
 	// HostInterfaceName is a unique name of a veth pair that resides on in the host interface of the
 	// container.
-	HostInterfaceName string `json:"host_interface_name,omitempty"`
+	HostInterfaceName string `json:"host_interface_name"`
 }
 
 // Routes can be specified to create entries in the route table as the container is started
@@ -53,14 +53,14 @@ type Network struct {
 // destination of 0.0.0.0(or *) when viewed in the route table.
 type Route struct {
 	// Sets the destination and mask, should be a CIDR.  Accepts IPv4 and IPv6
-	Destination string `json:"destination,omitempty"`
+	Destination string `json:"destination"`
 
 	// Sets the source and mask, should be a CIDR.  Accepts IPv4 and IPv6
-	Source string `json:"source,omitempty"`
+	Source string `json:"source"`
 
 	// Sets the gateway.  Accepts IPv4 and IPv6
-	Gateway string `json:"gateway,omitempty"`
+	Gateway string `json:"gateway"`
 
 	// The device to set this route up for, for example: eth0
-	InterfaceName string `json:"interface_name,omitempty"`
+	InterfaceName string `json:"interface_name"`
 }