summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
authorLantao Liu <lantaol@google.com>2018-06-25 12:07:50 -0700
committerShentubot <shentubot@google.com>2018-06-25 12:08:44 -0700
commite8ae2b85e90fc27e74de032698224e7972673cec (patch)
treee67bf03a17dc48b473a9ae9639d4aa35aefda3ab /runsc
parentcecc1e472cc893738a070be00d303dd888b9f325 (diff)
runsc: add a `multi-container` flag to enable multi-container support.
PiperOrigin-RevId: 201995800 Change-Id: I770190d135e14ec7da4b3155009fe10121b2a502
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/config.go5
-rw-r--r--runsc/container/container.go4
-rw-r--r--runsc/main.go34
-rw-r--r--runsc/test/testutil/testutil.go13
4 files changed, 32 insertions, 24 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 3fca16cce..24be82906 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -176,6 +176,10 @@ type Config struct {
// DisableSeccomp indicates whether seccomp syscall filters should be
// disabled. Pardon the double negation, but default to enabled is important.
DisableSeccomp bool
+
+ // MultiContainer enables multiple containers support inside one sandbox.
+ // TODO: Remove this when multiple container is fully supported.
+ MultiContainer bool
}
// ToFlags returns a slice of flags that correspond to the given Config.
@@ -188,6 +192,7 @@ func (c *Config) ToFlags() []string {
"--debug-log-dir=" + c.DebugLogDir,
"--file-access=" + c.FileAccess.String(),
"--overlay=" + strconv.FormatBool(c.Overlay),
+ "--multi-container=" + strconv.FormatBool(c.MultiContainer),
"--network=" + c.Network.String(),
"--log-packets=" + strconv.FormatBool(c.LogPackets),
"--platform=" + c.Platform.String(),
diff --git a/runsc/container/container.go b/runsc/container/container.go
index 9c0169ca8..428aa5c62 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -218,7 +218,7 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
// started in an existing sandbox, we must do so. The metadata will
// indicate the ID of the sandbox, which is the same as the ID of the
// init container in the sandbox.
- if specutils.ShouldCreateSandbox(spec) {
+ if specutils.ShouldCreateSandbox(spec) || !conf.MultiContainer {
log.Debugf("Creating new sandbox for container %q", id)
// Start a new sandbox for this container. Any errors after this point
// must destroy the container.
@@ -287,7 +287,7 @@ func (c *Container) Start(conf *boot.Config) error {
}
}
- if specutils.ShouldCreateSandbox(c.Spec) {
+ if specutils.ShouldCreateSandbox(c.Spec) || !conf.MultiContainer {
if err := c.Sandbox.StartRoot(c.Spec, conf); err != nil {
c.Destroy()
return err
diff --git a/runsc/main.go b/runsc/main.go
index cd906e191..aa5796d42 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -55,10 +55,11 @@ var (
straceLogSize = flag.Uint("strace-log-size", 1024, "default size (in bytes) to log data argument blobs")
// Flags that control sandbox runtime behavior.
- platform = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm")
- network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.")
- fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.")
- overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
+ platform = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm")
+ network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.")
+ fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.")
+ overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
+ multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.")
)
var gitRevision = ""
@@ -111,18 +112,19 @@ func main() {
// Create a new Config from the flags.
conf := &boot.Config{
- RootDir: *rootDir,
- Debug: *debug,
- LogFilename: *logFilename,
- LogFormat: *logFormat,
- DebugLogDir: *debugLogDir,
- FileAccess: fsAccess,
- Overlay: *overlay,
- Network: netType,
- LogPackets: *logPackets,
- Platform: platformType,
- Strace: *strace,
- StraceLogSize: *straceLogSize,
+ RootDir: *rootDir,
+ Debug: *debug,
+ LogFilename: *logFilename,
+ LogFormat: *logFormat,
+ DebugLogDir: *debugLogDir,
+ FileAccess: fsAccess,
+ Overlay: *overlay,
+ Network: netType,
+ LogPackets: *logPackets,
+ Platform: platformType,
+ Strace: *strace,
+ StraceLogSize: *straceLogSize,
+ MultiContainer: *multiContainer,
}
if len(*straceSyscalls) != 0 {
conf.StraceSyscalls = strings.Split(*straceSyscalls, ",")
diff --git a/runsc/test/testutil/testutil.go b/runsc/test/testutil/testutil.go
index 25535ea37..9d70d29f2 100644
--- a/runsc/test/testutil/testutil.go
+++ b/runsc/test/testutil/testutil.go
@@ -118,12 +118,13 @@ func SetupContainerInRoot(rootDir string, spec *specs.Spec) (bundleDir string, c
}
conf = &boot.Config{
- Debug: true,
- LogFormat: "text",
- LogPackets: true,
- Network: boot.NetworkNone,
- RootDir: rootDir,
- Strace: true,
+ Debug: true,
+ LogFormat: "text",
+ LogPackets: true,
+ Network: boot.NetworkNone,
+ RootDir: rootDir,
+ Strace: true,
+ MultiContainer: true,
}
return bundleDir, conf, nil