diff options
| author | Nicolas Lacasse <nlacasse@google.com> | 2018-08-30 15:46:12 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-08-30 15:47:18 -0700 |
| commit | 5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (patch) | |
| tree | 9e74ab5057b89e08a453de427ce359199014d925 /runsc/specutils | |
| parent | 8bfb5fa91977a4b10d7ad87fe4627c236f841137 (diff) | |
runsc: Pass log and config files to sandbox process by FD.
This is a prereq for running the sandbox process as user "nobody", when it may
not have permissions to open these files.
Instead, we must open then before starting the sandbox process, and pass them
by FD.
PiperOrigin-RevId: 210995199
Change-Id: I715875a9553290b4a49394a8fcd93be78b1933dd
Diffstat (limited to 'runsc/specutils')
| -rw-r--r-- | runsc/specutils/specutils.go | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index 5fb53edb2..477409112 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -108,14 +108,24 @@ func ValidateSpec(spec *specs.Spec) error { // ReadSpec reads an OCI runtime spec from the given bundle directory. func ReadSpec(bundleDir string) (*specs.Spec, error) { // The spec file must be in "config.json" inside the bundle directory. - specFile := filepath.Join(bundleDir, "config.json") - specBytes, err := ioutil.ReadFile(specFile) + specPath := filepath.Join(bundleDir, "config.json") + specFile, err := os.Open(specPath) if err != nil { - return nil, fmt.Errorf("error reading spec from file %q: %v", specFile, err) + return nil, fmt.Errorf("error opening spec file %q: %v", specPath, err) + } + defer specFile.Close() + return ReadSpecFromFile(specFile) +} + +// ReadSpecFromFile reads an OCI runtime spec from the given File. +func ReadSpecFromFile(specFile *os.File) (*specs.Spec, error) { + specBytes, err := ioutil.ReadAll(specFile) + if err != nil { + return nil, fmt.Errorf("error reading spec from file %q: %v", specFile.Name(), err) } var spec specs.Spec if err := json.Unmarshal(specBytes, &spec); err != nil { - return nil, fmt.Errorf("error unmarshaling spec from file %q: %v\n %s", specFile, err, string(specBytes)) + return nil, fmt.Errorf("error unmarshaling spec from file %q: %v\n %s", specFile.Name(), err, string(specBytes)) } if err := ValidateSpec(&spec); err != nil { return nil, err @@ -346,3 +356,11 @@ func WaitForReady(pid int, timeout time.Duration, ready func() (bool, error)) er } return backoff.Retry(op, b) } + +// DebugLogFile opens a file in logDir based on the timestamp and subcommand +// for writing. +func DebugLogFile(logDir, subcommand string) (*os.File, error) { + // Format: <debug-log-dir>/runsc.log.<yyyymmdd-hhmmss.uuuuuu>.<command> + filename := fmt.Sprintf("runsc.log.%s.%s", time.Now().Format("20060102-150405.000000"), subcommand) + return os.OpenFile(filepath.Join(logDir, filename), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0664) +} |