1// +build linux 2 3package main 4 5import ( 6 "os" 7 "runtime" 8 9 "github.com/codegangsta/cli" 10 "github.com/coreos/go-systemd/activation" 11 "github.com/opencontainers/runc/libcontainer" 12 "github.com/opencontainers/runtime-spec/specs-go" 13) 14 15// default action is to start a container 16var startCommand = cli.Command{ 17 Name: "start", 18 Usage: "create and run a container", 19 ArgsUsage: `<container-id> 20 21Where "<container-id>" is your name for the instance of the container that you 22are starting. The name you provide for the container instance must be unique on 23your host.`, 24 Description: `The start command creates an instance of a container for a bundle. The bundle 25is a directory with a specification file named "` + specConfig + `" and a root 26filesystem. 27 28The specification file includes an args parameter. The args parameter is used 29to specify command(s) that get run when the container is started. To change the 30command(s) that get executed on start, edit the args parameter of the spec. See 31"runc spec --help" for more explanation.`, 32 Flags: []cli.Flag{ 33 cli.StringFlag{ 34 Name: "bundle, b", 35 Value: "", 36 Usage: `path to the root of the bundle directory, defaults to the current directory`, 37 }, 38 cli.StringFlag{ 39 Name: "console", 40 Value: "", 41 Usage: "specify the pty slave path for use with the container", 42 }, 43 cli.BoolFlag{ 44 Name: "detach,d", 45 Usage: "detach from the container's process", 46 }, 47 cli.StringFlag{ 48 Name: "pid-file", 49 Value: "", 50 Usage: "specify the file to write the process id to", 51 }, 52 cli.BoolFlag{ 53 Name: "no-subreaper", 54 Usage: "disable the use of the subreaper used to reap reparented processes", 55 }, 56 cli.BoolFlag{ 57 Name: "no-pivot", 58 Usage: "do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk", 59 }, 60 }, 61 Action: func(context *cli.Context) { 62 bundle := context.String("bundle") 63 if bundle != "" { 64 if err := os.Chdir(bundle); err != nil { 65 fatal(err) 66 } 67 } 68 spec, err := loadSpec(specConfig) 69 if err != nil { 70 fatal(err) 71 } 72 73 notifySocket := os.Getenv("NOTIFY_SOCKET") 74 if notifySocket != "" { 75 setupSdNotify(spec, notifySocket) 76 } 77 78 if os.Geteuid() != 0 { 79 fatalf("runc should be run as root") 80 } 81 82 status, err := startContainer(context, spec) 83 if err != nil { 84 fatal(err) 85 } 86 // exit with the container's exit status so any external supervisor is 87 // notified of the exit with the correct exit status. 88 os.Exit(status) 89 }, 90} 91 92func init() { 93 if len(os.Args) > 1 && os.Args[1] == "init" { 94 runtime.GOMAXPROCS(1) 95 runtime.LockOSThread() 96 } 97} 98 99var initCommand = cli.Command{ 100 Name: "init", 101 Usage: `initialize the namespaces and launch the process (do not call it outside of runc)`, 102 Action: func(context *cli.Context) { 103 factory, _ := libcontainer.New("") 104 if err := factory.StartInitialization(); err != nil { 105 // as the error is sent back to the parent there is no need to log 106 // or write it to stderr because the parent process will handle this 107 os.Exit(1) 108 } 109 panic("libcontainer: container init failed to exec") 110 }, 111} 112 113func startContainer(context *cli.Context, spec *specs.Spec) (int, error) { 114 id := context.Args().First() 115 if id == "" { 116 return -1, errEmptyID 117 } 118 container, err := createContainer(context, id, spec) 119 if err != nil { 120 return -1, err 121 } 122 detach := context.Bool("detach") 123 // Support on-demand socket activation by passing file descriptors into the container init process. 124 listenFDs := []*os.File{} 125 if os.Getenv("LISTEN_FDS") != "" { 126 listenFDs = activation.Files(false) 127 } 128 r := &runner{ 129 enableSubreaper: !context.Bool("no-subreaper"), 130 shouldDestroy: true, 131 container: container, 132 listenFDs: listenFDs, 133 console: context.String("console"), 134 detach: detach, 135 pidFile: context.String("pid-file"), 136 } 137 return r.run(&spec.Process) 138} 139