runsc: Pass log and config files to sandbox process by FD.

This is a prereq for running the sandbox process as user "nobody", when it may not have permissions to open these files. Instead, we must open then before starting the sandbox process, and pass them by FD. PiperOrigin-RevId: 210995199 Change-Id: I715875a9553290b4a49394a8fcd93be78b1933dd
author: Nicolas Lacasse <nlacasse@google.com> 2018-08-30 15:46:12 -0700
committer: Shentubot <shentubot@google.com> 2018-08-30 15:47:18 -0700
commit: 5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (patch)
tree: 9e74ab5057b89e08a453de427ce359199014d925 /runsc/cmd/run.go
parent: 8bfb5fa91977a4b10d7ad87fe4627c236f841137 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/runsc/cmd/run.go b/runsc/cmd/run.go
index 681112f30..92aa6bc40 100644
--- a/runsc/cmd/run.go
+++ b/runsc/cmd/run.go
@@ -15,6 +15,7 @@
 package cmd
 
 import (
+	"path/filepath"
 	"syscall"
 
 	"context"
@@ -71,6 +72,8 @@ func (r *Run) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) s
 	if err != nil {
 		Fatalf("error reading spec: %v", err)
 	}
+	specutils.LogSpec(spec)
+	conf.SpecFile = filepath.Join(bundleDir, "config.json")
 
 	ws, err := container.Run(id, spec, conf, bundleDir, r.consoleSocket, r.pidFile)
 	if err != nil {
author	Nicolas Lacasse <nlacasse@google.com>	2018-08-30 15:46:12 -0700
committer	Shentubot <shentubot@google.com>	2018-08-30 15:47:18 -0700
commit	5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (patch)
tree	9e74ab5057b89e08a453de427ce359199014d925 /runsc/cmd/run.go
parent	8bfb5fa91977a4b10d7ad87fe4627c236f841137 (diff)