moby · creack · May 1, 2014 · May 1, 2014 · May 1, 2014 · May 1, 2014
diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go
@@ -27,10 +27,7 @@ const (
 
 func init() {
 	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {
-		var (
-			container *libcontainer.Container
-			ns        = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{})
-		)
+		var container *libcontainer.Container
 		f, err := os.Open(filepath.Join(args.Root, "container.json"))
 		if err != nil {
 			return err
@@ -41,15 +38,15 @@ func init() {
 		}
 		f.Close()
 
-		cwd, err := os.Getwd()
+		rootfs, err := os.Getwd()
 		if err != nil {
 			return err
 		}
 		syncPipe, err := nsinit.NewSyncPipeFromFd(0, uintptr(args.Pipe))
 		if err != nil {
 			return err
 		}
-		if err := ns.Init(container, cwd, args.Console, syncPipe, args.Args); err != nil {
+		if err := nsinit.Init(container, rootfs, args.Console, syncPipe, args.Args); err != nil {
 			return err
 		}
 		return nil
@@ -93,31 +90,44 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	d.activeContainers[c.ID] = &c.Cmd
 
 	var (
-		term    nsinit.Terminal
-		factory = &dockerCommandFactory{c: c, driver: d}
-		pidRoot = filepath.Join(d.root, c.ID)
-		ns      = nsinit.NewNsInit(factory)
-		args    = append([]string{c.Entrypoint}, c.Arguments...)
+		dataPath = filepath.Join(d.root, c.ID)
+		args     = append([]string{c.Entrypoint}, c.Arguments...)
 	)
 	if err := d.createContainerRoot(c.ID); err != nil {
 		return -1, err
 	}
 	defer d.removeContainerRoot(c.ID)
 
-	if c.Tty {
-		term = &dockerTtyTerm{
-			pipes: pipes,
-		}
-	} else {
-		term = &dockerStdTerm{
-			pipes: pipes,
-		}
-	}
-	c.Terminal = term
 	if err := d.writeContainerFile(container, c.ID); err != nil {
 		return -1, err
 	}
-	return ns.Exec(container, term, pidRoot, args, func() {
+
+	term := getTerminal(c, pipes)
+
+	return nsinit.Exec(container, term, c.Rootfs, dataPath, args, func(container *libcontainer.Container, console, rootfs, dataPath, init string, child *os.File, args []string) *exec.Cmd {
+		// we need to join the rootfs because nsinit will setup the rootfs and chroot
+		initPath := filepath.Join(c.Rootfs, c.InitPath)
+
+		c.Path = d.initPath
+		c.Args = append([]string{
+			initPath,
+			"-driver", DriverName,
+			"-console", console,
+			"-pipe", "3",
+			"-root", filepath.Join(d.root, c.ID),
+			"--",
+		}, args...)
+
+		// set this to nil so that when we set the clone flags anything else is reset
+		c.SysProcAttr = nil
+		system.SetCloneFlags(&c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces)))
+		c.ExtraFiles = []*os.File{child}
+
+		c.Env = container.Env
+		c.Dir = c.Rootfs
+
+		return &c.Cmd
+	}, func() {
 		if startCallback != nil {
 			startCallback(c)
 		}
@@ -234,35 +244,17 @@ func getEnv(key string, env []string) string {
 	return ""
 }
 
-type dockerCommandFactory struct {
-	c      *execdriver.Command
-	driver *driver
-}
-
-// createCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces
-// defined on the container's configuration and use the current binary as the init with the
-// args provided
-func (d *dockerCommandFactory) Create(container *libcontainer.Container, console string, syncFile *os.File, args []string) *exec.Cmd {
-	// we need to join the rootfs because nsinit will setup the rootfs and chroot
-	initPath := filepath.Join(d.c.Rootfs, d.c.InitPath)
-
-	d.c.Path = d.driver.initPath
-	d.c.Args = append([]string{
-		initPath,
-		"-driver", DriverName,
-		"-console", console,
-		"-pipe", "3",
-		"-root", filepath.Join(d.driver.root, d.c.ID),
-		"--",
-	}, args...)
-
-	// set this to nil so that when we set the clone flags anything else is reset
-	d.c.SysProcAttr = nil
-	system.SetCloneFlags(&d.c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces)))
-	d.c.ExtraFiles = []*os.File{syncFile}
-
-	d.c.Env = container.Env
-	d.c.Dir = d.c.Rootfs
-
-	return &d.c.Cmd
+func getTerminal(c *execdriver.Command, pipes *execdriver.Pipes) nsinit.Terminal {
+	var term nsinit.Terminal
+	if c.Tty {
+		term = &dockerTtyTerm{
+			pipes: pipes,
+		}
+	} else {
+		term = &dockerStdTerm{
+			pipes: pipes,
+		}
+	}
+	c.Terminal = term
+	return term
 }
diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md
@@ -13,160 +13,11 @@ a `container.json` file is placed with the runtime configuration for how the pro
 should be contained and ran.  Environment, networking, and different capabilities for the 
 process are specified in this file.  The configuration is used for each process executed inside the container.
 
-Sample `container.json` file:
-```json
-{
-   "mounts" : [
-      {
-         "type" : "devtmpfs"
-      }
-   ],
-   "tty" : true,
-   "environment" : [
-      "HOME=/",
-      "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin",
-      "container=docker",
-      "TERM=xterm-256color"
-   ],
-   "hostname" : "koye",
-   "cgroups" : {
-      "parent" : "docker",
-      "name" : "docker-koye"
-   },
-   "capabilities_mask" : [
-      {
-         "value" : 8,
-         "key" : "SETPCAP",
-         "enabled" : false
-      },
-      {
-         "enabled" : false,
-         "value" : 16,
-         "key" : "SYS_MODULE"
-      },
-      {
-         "value" : 17,
-         "key" : "SYS_RAWIO",
-         "enabled" : false
-      },
-      {
-         "key" : "SYS_PACCT",
-         "value" : 20,
-         "enabled" : false
-      },
-      {
-         "value" : 21,
-         "key" : "SYS_ADMIN",
-         "enabled" : false
-      },
-      {
-         "value" : 23,
-         "key" : "SYS_NICE",
-         "enabled" : false
-      },
-      {
-         "value" : 24,
-         "key" : "SYS_RESOURCE",
-         "enabled" : false
-      },
-      {
-         "key" : "SYS_TIME",
-         "value" : 25,
-         "enabled" : false
-      },
-      {
-         "enabled" : false,
-         "value" : 26,
-         "key" : "SYS_TTY_CONFIG"
-      },
-      {
-         "key" : "AUDIT_WRITE",
-         "value" : 29,
-         "enabled" : false
-      },
-      {
-         "value" : 30,
-         "key" : "AUDIT_CONTROL",
-         "enabled" : false
-      },
-      {
-         "enabled" : false,
-         "key" : "MAC_OVERRIDE",
-         "value" : 32
-      },
-      {
-         "enabled" : false,
-         "key" : "MAC_ADMIN",
-         "value" : 33
-      },
-      {
-         "key" : "NET_ADMIN",
-         "value" : 12,
-         "enabled" : false
-      },
-      {
-         "value" : 27,
-         "key" : "MKNOD",
-         "enabled" : true
-      }
-   ],
-   "networks" : [
-      {
-         "mtu" : 1500,
-         "address" : "127.0.0.1/0",
-         "type" : "loopback",
-         "gateway" : "localhost"
-      },
-      {
-         "mtu" : 1500,
-         "address" : "172.17.42.2/16",
-         "type" : "veth",
-         "context" : {
-            "bridge" : "docker0",
-            "prefix" : "veth"
-         },
-         "gateway" : "172.17.42.1"
-      }
-   ],
-   "namespaces" : [
-      {
-         "key" : "NEWNS",
-         "value" : 131072,
-         "enabled" : true,
-         "file" : "mnt"
-      },
-      {
-         "key" : "NEWUTS",
-         "value" : 67108864,
-         "enabled" : true,
-         "file" : "uts"
-      },
-      {
-         "enabled" : true,
-         "file" : "ipc",
-         "key" : "NEWIPC",
-         "value" : 134217728
-      },
-      {
-         "file" : "pid",
-         "enabled" : true,
-         "value" : 536870912,
-         "key" : "NEWPID"
-      },
-      {
-         "enabled" : true,
-         "file" : "net",
-         "key" : "NEWNET",
-         "value" : 1073741824
-      }
-   ]
-}
-```
+See the `container.json` file for what the configuration should look like.
 
 Using this configuration and the current directory holding the rootfs for a process, one can use libcontainer to exec the container. Running the life of the namespace, a `pid` file 
 is written to the current directory with the pid of the namespaced process to the external world.  A client can use this pid to wait, kill, or perform other operation with the container.  If a user tries to run a new process inside an existing container with a live namespace, the namespace will be joined by the new process.
 
-
 You may also specify an alternate root place where the `container.json` file is read and where the `pid` file will be saved.
 
 #### nsinit

diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go
diff --git a/pkg/libcontainer/nsinit/create.go b/pkg/libcontainer/nsinit/create.go
@@ -0,0 +1,10 @@
+package nsinit
+
+import (
+	"os"
+	"os/exec"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+)
+
+type CreateCommand func(container *libcontainer.Container, console, rootfs, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd