feat(namespace): allow containers to associate with an existing namespace

bernardolins · bernardolins · commit 3ada451de7d7 · 2019-10-27T01:10:18.000-03:00
This closes #2.
diff --git a/src/lib.rs b/src/lib.rs
@@ -6,6 +6,7 @@ extern crate libc;
 extern crate tempfile;
 extern crate failure;
 extern crate exitcode;
+extern crate phf;
 
 pub mod bundle;
 pub mod spec;
diff --git a/src/platform/linux/namespace.rs b/src/platform/linux/namespace.rs
@@ -2,30 +2,53 @@ use crate::Error;
 use crate::spec::PosixSpec;
 use crate::spec::FromSpec;
 use failure::ResultExt;
-use std::path::PathBuf;
+use nix::sched;
+use nix::sched::CloneFlags;
+use phf::phf_map;
 use std::collections::HashMap;
+use std::fs::File;
+use std::os::unix::io::AsRawFd;
+use std::path::PathBuf;
 
-static TYPES: [&str; 7]  = [
-    "pid",
-    "uts",
-    "ipc",
-    "user",
-    "mount",
-    "cgroup",
-    "network",
-];
+static NS_TYPES: phf::Map<&'static str, CloneFlags> = phf_map! {
+    "pid" => CloneFlags::CLONE_NEWPID,
+    "uts" => CloneFlags::CLONE_NEWUTS,
+    "ipc" => CloneFlags::CLONE_NEWIPC,
+    "user" => CloneFlags::CLONE_NEWUSER,
+    "mount" => CloneFlags::CLONE_NEWNS,
+    "cgroup" => CloneFlags::CLONE_NEWCGROUP,
+    "network" => CloneFlags::CLONE_NEWNET,
+};
 
 pub struct Namespaces {
     namespaces: HashMap<String, Option<PathBuf>>,
 }
 
 impl Namespaces {
+    pub fn enter(&self) -> Result<(), Error> {
+        let mut flags = CloneFlags::empty();
+        for (kind, path) in &self.namespaces {
+            let flag = NS_TYPES[kind.as_str()];
+            if path.is_none() {
+                flags.insert(flag);
+            } else {
+                let file = File::open(path.as_ref().unwrap()).context(format!("{:?}", &path))?;
+                let fd = file.as_raw_fd();
+                sched::setns(fd, flag).context(format!("{:?}: {:?}", &kind, &path))?;
+            }
+        }
+        if !flags.is_empty() {
+            sched::unshare(flags).context(format!("{:?}", flags))?;
+        }
+        Ok(())
+    }
+
     fn empty() -> Namespaces {
         Namespaces{ namespaces: HashMap::new() }
     }
 
     fn insert(&mut self, ns_type: String, path: Option<PathBuf>) -> Result<(), Error> {
-        if !TYPES.contains(&ns_type.as_str()) {
+        if !NS_TYPES.contains_key(ns_type.as_str()) {
             Err(Error::from("invalid namespace type".to_string())).context(ns_type.clone())?;
         }
         if self.namespaces.contains_key(&ns_type) {
diff --git a/src/process/posix/mod.rs b/src/process/posix/mod.rs
@@ -42,8 +42,10 @@ impl Process for PosixProcess {
             Ok(())
         };
         unsafe { self.command.pre_exec(exec_fn); }
-        let child = self.command.spawn().context(format!("cannot exec container process"))?;
-        Ok(child)
+        match self.command.spawn() {
+            Ok(child) => Ok(child),
+            Err(_) => Err(Error::from("cannot create container process".to_string())),
+        }
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -42,8 +42,10 @@ impl Process for PosixProcess {`
`42`	`42`	`Ok(())`
`43`	`43`	`};`
`44`	`44`	`unsafe { self.command.pre_exec(exec_fn); }`
`45`		`- let child = self.command.spawn().context(format!("cannot exec container process"))?;`
`46`		`- Ok(child)`
	`45`	`+ match self.command.spawn() {`
	`46`	`+ Ok(child) => Ok(child),`
	`47`	`+ Err(_) => Err(Error::from("cannot create container process".to_string())),`
	`48`	`+ }`
`47`	`49`	`}`
`48`	`50`	`}`
`49`	`51`