Specify a memory file in platform.New().

PiperOrigin-RevId: 307941984
author: Andrei Vagin <avagin@google.com> 2020-04-22 17:48:59 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-04-22 17:50:10 -0700
commit: 0c586946ea26610b87c4ff7bda783a5a9ca11ec0 (patch)
tree: 224308d37aa7a9d146c8cfb851d8b081fb5f8442 /runsc/sandbox
parent: 37f863f62813f76b05979494c1bc2fe102629321 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index e82bcef6f..e4ec16e2f 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -446,9 +446,13 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF
 		nextFD++
 	}
 
-	// If the platform needs a device FD we must pass it in.
-	if deviceFile, err := deviceFileForPlatform(conf.Platform); err != nil {
+	gPlatform, err := platform.Lookup(conf.Platform)
+	if err != nil {
 		return err
+	}
+
+	if deviceFile, err := gPlatform.OpenDevice(); err != nil {
+		return fmt.Errorf("opening device file for platform %q: %v", gPlatform, err)
 	} else if deviceFile != nil {
 		defer deviceFile.Close()
 		cmd.ExtraFiles = append(cmd.ExtraFiles, deviceFile)
@@ -539,7 +543,7 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF
 		{Type: specs.UTSNamespace},
 	}
 
-	if conf.Platform == platforms.Ptrace {
+	if gPlatform.Requirements().RequiresCurrentPIDNS {
 		// TODO(b/75837838): Also set a new PID namespace so that we limit
 		// access to other host processes.
 		log.Infof("Sandbox will be started in the current PID namespace")
author	Andrei Vagin <avagin@google.com>	2020-04-22 17:48:59 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-04-22 17:50:10 -0700
commit	0c586946ea26610b87c4ff7bda783a5a9ca11ec0 (patch)
tree	224308d37aa7a9d146c8cfb851d8b081fb5f8442 /runsc/sandbox
parent	37f863f62813f76b05979494c1bc2fe102629321 (diff)