top

*

* This file is a bit funny. The goal here is to use setns() to manipulate
* files inside the container, so we don't have to reason about the paths to
* make sure they don't escape (we can simply rely on the kernel for
* correctness). Unfortunately, you can't setns() to a mount namespace with a
* multi-threaded program, which every golang binary is. However, by declaring
* our init as an initializer, we can capture process control before it is
* transferred to the golang runtime, so we can then setns() as we'd like
* before golang has a chance to set up any threads. So, we implement two new
* lxd fork* commands which are captured here, and take a file on the host fs
* and copy it into the container ns.
*
* An alternative to this would be to move this code into a separate binary,
* which of course has problems of its own when it comes to packaging (how do
* we find the binary, what do we do if someone does file push and it is
* missing, etc.). After some discussion, even though the embedded method is
* somewhat convoluted, it was preferred.

Imports 16 package(s)

  1. gopkg.in/tomb.v2
  2. github.com/gorilla/websocket
  3. gopkg.in/inconshreveable/log15.v2
  4. golang.org/x/crypto/scrypt
  5. github.com/lxc/lxd/shared/gnuflag
  6. github.com/mattn/go-sqlite3
  7. github.com/stgraber/lxd-go-systemd/activation
  8. github.com/lxc/lxd/lxd/migration
  9. gopkg.in/flosch/pongo2.v3
  10. github.com/gorilla/mux
  11. gopkg.in/yaml.v2
  12. gopkg.in/lxc/go-lxc.v2
  13. github.com/satori/go.uuid
  14. github.com/dustinkirkland/golang-petname
  15. github.com/lxc/lxd
  16. github.com/lxc/lxd/shared

Test imports 2 package(s)

  1. github.com/stretchr/testify/require
  2. github.com/stretchr/testify/suite