runsc: Pass log and config files to sandbox process by FD.

This is a prereq for running the sandbox process as user "nobody", when it may not have permissions to open these files. Instead, we must open then before starting the sandbox process, and pass them by FD. PiperOrigin-RevId: 210995199 Change-Id: I715875a9553290b4a49394a8fcd93be78b1933dd
author: Nicolas Lacasse <nlacasse@google.com> 2018-08-30 15:46:12 -0700
committer: Shentubot <shentubot@google.com> 2018-08-30 15:47:18 -0700
commit: 5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (patch)
tree: 9e74ab5057b89e08a453de427ce359199014d925 /runsc/cmd/create.go
parent: 8bfb5fa91977a4b10d7ad87fe4627c236f841137 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/runsc/cmd/create.go b/runsc/cmd/create.go
index 94a889077..38ae03e7a 100644
--- a/runsc/cmd/create.go
+++ b/runsc/cmd/create.go
@@ -15,6 +15,8 @@
 package cmd
 
 import (
+	"path/filepath"
+
 	"context"
 	"flag"
 	"github.com/google/subcommands"
@@ -83,6 +85,7 @@ func (c *Create) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}
 		Fatalf("error reading spec: %v", err)
 	}
 	specutils.LogSpec(spec)
+	conf.SpecFile = filepath.Join(bundleDir, "config.json")
 
 	// Create the container. A new sandbox will be created for the
 	// container unless the metadata specifies that it should be run in an
author	Nicolas Lacasse <nlacasse@google.com>	2018-08-30 15:46:12 -0700
committer	Shentubot <shentubot@google.com>	2018-08-30 15:47:18 -0700
commit	5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (patch)
tree	9e74ab5057b89e08a453de427ce359199014d925 /runsc/cmd/create.go
parent	8bfb5fa91977a4b10d7ad87fe4627c236f841137 (diff)