1package libcontainer 2 3import ( 4 "fmt" 5 "io" 6 "math" 7 "os" 8 9 "github.com/opencontainers/runc/libcontainer/configs" 10) 11 12type processOperations interface { 13 wait() (*os.ProcessState, error) 14 signal(sig os.Signal) error 15 pid() int 16} 17 18// Process specifies the configuration and IO for a process inside 19// a container. 20type Process struct { 21 // The command to be run followed by any arguments. 22 Args []string 23 24 // Env specifies the environment variables for the process. 25 Env []string 26 27 // User will set the uid and gid of the executing process running inside the container 28 // local to the container's user and group configuration. 29 User string 30 31 // AdditionalGroups specifies the gids that should be added to supplementary groups 32 // in addition to those that the user belongs to. 33 AdditionalGroups []string 34 35 // Cwd will change the processes current working directory inside the container's rootfs. 36 Cwd string 37 38 // Stdin is a pointer to a reader which provides the standard input stream. 39 Stdin io.Reader 40 41 // Stdout is a pointer to a writer which receives the standard output stream. 42 Stdout io.Writer 43 44 // Stderr is a pointer to a writer which receives the standard error stream. 45 Stderr io.Writer 46 47 // ExtraFiles specifies additional open files to be inherited by the container 48 ExtraFiles []*os.File 49 50 // Initial sizings for the console 51 ConsoleWidth uint16 52 ConsoleHeight uint16 53 54 // Capabilities specify the capabilities to keep when executing the process inside the container 55 // All capabilities not specified will be dropped from the processes capability mask 56 Capabilities *configs.Capabilities 57 58 // AppArmorProfile specifies the profile to apply to the process and is 59 // changed at the time the process is execed 60 AppArmorProfile string 61 62 // Label specifies the label to apply to the process. It is commonly used by selinux 63 Label string 64 65 // NoNewPrivileges controls whether processes can gain additional privileges. 66 NoNewPrivileges *bool 67 68 // Rlimits specifies the resource limits, such as max open files, to set in the container 69 // If Rlimits are not set, the container will inherit rlimits from the parent process 70 Rlimits []configs.Rlimit 71 72 // ConsoleSocket provides the masterfd console. 73 ConsoleSocket *os.File 74 75 // Init specifies whether the process is the first process in the container. 76 Init bool 77 78 ops processOperations 79 80 LogLevel string 81} 82 83// Wait waits for the process to exit. 84// Wait releases any resources associated with the Process 85func (p Process) Wait() (*os.ProcessState, error) { 86 if p.ops == nil { 87 return nil, newGenericError(fmt.Errorf("invalid process"), NoProcessOps) 88 } 89 return p.ops.wait() 90} 91 92// Pid returns the process ID 93func (p Process) Pid() (int, error) { 94 // math.MinInt32 is returned here, because it's invalid value 95 // for the kill() system call. 96 if p.ops == nil { 97 return math.MinInt32, newGenericError(fmt.Errorf("invalid process"), NoProcessOps) 98 } 99 return p.ops.pid(), nil 100} 101 102// Signal sends a signal to the Process. 103func (p Process) Signal(sig os.Signal) error { 104 if p.ops == nil { 105 return newGenericError(fmt.Errorf("invalid process"), NoProcessOps) 106 } 107 return p.ops.signal(sig) 108} 109 110// IO holds the process's STDIO 111type IO struct { 112 Stdin io.WriteCloser 113 Stdout io.ReadCloser 114 Stderr io.ReadCloser 115} 116