Put fsgofer inside chroot

Now each container gets its own dedicated gofer that is chroot'd to the
rootfs path. This is done to add an extra layer of security in case the
gofer gets compromised.

PiperOrigin-RevId: 210396476
Change-Id: Iba21360a59dfe90875d61000db103f8609157ca0

1 files changed, 3 insertions, 3 deletions

diff --git a/runsc/test/testutil/docker.go b/runsc/test/testutil/docker.go
index b7d60e712..fc67c174a 100644
--- a/runsc/test/testutil/docker.go
+++ b/runsc/test/testutil/docker.go
@@ -32,7 +32,7 @@ func init() {
 	rand.Seed(time.Now().UnixNano())
 }
 
-func runtime() string {
+func getRuntime() string {
 	r := os.Getenv("RUNSC_RUNTIME")
 	if r == "" {
 		return "runsc-test"
@@ -43,7 +43,7 @@ func runtime() string {
 // IsPauseResumeSupported returns true if Pause/Resume is supported by runtime.
 func IsPauseResumeSupported() bool {
 	// Native host network stack can't be saved.
-	return !strings.Contains(runtime(), "hostnet")
+	return !strings.Contains(getRuntime(), "hostnet")
 }
 
 // EnsureSupportedDockerVersion checks if correct docker is installed.
@@ -128,7 +128,7 @@ type Docker struct {
 // Names of containers will be unique.
 func MakeDocker(namePrefix string) Docker {
 	suffix := fmt.Sprintf("-%06d", rand.Int())[:7]
-	return Docker{Name: namePrefix + suffix, Runtime: runtime()}
+	return Docker{Name: namePrefix + suffix, Runtime: getRuntime()}
 }
 
 // Create calls 'docker create' with the arguments provided.