diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-08-30 15:46:12 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-08-30 15:47:18 -0700 |
commit | 5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (patch) | |
tree | 9e74ab5057b89e08a453de427ce359199014d925 /runsc/main.go | |
parent | 8bfb5fa91977a4b10d7ad87fe4627c236f841137 (diff) |
runsc: Pass log and config files to sandbox process by FD.
This is a prereq for running the sandbox process as user "nobody", when it may
not have permissions to open these files.
Instead, we must open then before starting the sandbox process, and pass them
by FD.
PiperOrigin-RevId: 210995199
Change-Id: I715875a9553290b4a49394a8fcd93be78b1933dd
Diffstat (limited to 'runsc/main.go')
-rw-r--r-- | runsc/main.go | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/runsc/main.go b/runsc/main.go index 773ec6486..0c9b9af78 100644 --- a/runsc/main.go +++ b/runsc/main.go @@ -17,13 +17,11 @@ package main import ( - "fmt" "io" "os" "path/filepath" "strings" "syscall" - "time" "context" "flag" @@ -32,6 +30,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/log" "gvisor.googlesource.com/gvisor/runsc/boot" "gvisor.googlesource.com/gvisor/runsc/cmd" + "gvisor.googlesource.com/gvisor/runsc/specutils" ) var ( @@ -48,6 +47,8 @@ var ( // Debugging flags. debugLogDir = flag.String("debug-log-dir", "", "additional location for logs. It creates individual log files per command") logPackets = flag.Bool("log-packets", false, "enable network packet logging") + logFD = flag.Int("log-fd", -1, "file descriptor to log to. If set, the 'log' flag is ignored.") + debugLogFD = flag.Int("debug-log-fd", -1, "file descriptor to write debug logs to. If set, the 'debug-log-dir' flag is ignored.") // Debugging flags: strace related strace = flag.Bool("strace", false, "enable strace") @@ -64,6 +65,7 @@ var ( panicSignal = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.") ) +// gitRevision is set during linking. var gitRevision = "" func main() { @@ -152,7 +154,9 @@ func main() { } var logFile io.Writer = os.Stderr - if *logFilename != "" { + if *logFD > -1 { + logFile = os.NewFile(uintptr(*logFD), "log file") + } else if *logFilename != "" { // We must set O_APPEND and not O_TRUNC because Docker passes // the same log file for all commands (and also parses these // log files), so we can't destroy them on each command. @@ -173,18 +177,17 @@ func main() { cmd.Fatalf("invalid log format %q, must be 'json' or 'text'", *logFormat) } - if *debugLogDir != "" { + if *debugLogFD > -1 { + f := os.NewFile(uintptr(*debugLogFD), "debug log file") + e = log.MultiEmitter{e, log.GoogleEmitter{&log.Writer{Next: f}}} + } else if *debugLogDir != "" { if err := os.MkdirAll(*debugLogDir, 0775); err != nil { cmd.Fatalf("error creating dir %q: %v", *debugLogDir, err) } - - // Format: <debug-log-dir>/runsc.log.<yyymmdd-hhmmss.uuuuuu>.<command> - scmd := flag.CommandLine.Arg(0) - filename := fmt.Sprintf("runsc.log.%s.%s", time.Now().Format("20060102-150405.000000"), scmd) - path := filepath.Join(*debugLogDir, filename) - f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0664) + subcommand := flag.CommandLine.Arg(0) + f, err := specutils.DebugLogFile(*debugLogDir, subcommand) if err != nil { - cmd.Fatalf("error opening log file %q: %v", filename, err) + cmd.Fatalf("error opening debug log file in %q: %v", *debugLogDir, err) } e = log.MultiEmitter{e, log.GoogleEmitter{&log.Writer{Next: f}}} } |