runc/libcontainer/configs/config.go中定义了container对应的Namespaces。另外对于User Namespaces,还定义了UidMappings和GidMappings for user map。
// Config defines configuration options for executing a process inside a contained environment.
type Config struct {
...
// Namespaces specifies the container's namespaces that it should setup when cloning the init process
// If a namespace is not provided that namespace is shared from the container's parent process
Namespaces Namespaces `json:"namespaces"`
// UidMappings is an array of User ID mappings for User Namespaces
UidMappings []IDMap `json:"uid_mappings"`
// GidMappings is an array of Group ID mappings for User Namespaces
GidMappings []IDMap `json:"gid_mappings"`
...
}runC中namespace的源码主要在: runc/libcontainer/configs/namespaces_unix.go
runC支持的namespce type包括($nsName) “net”、”mnt”、”pid”、”ipc”、”user”、”uts”:
const (
NEWNET NamespaceType = "NEWNET"
NEWPID NamespaceType = "NEWPID"
NEWNS NamespaceType = "NEWNS"
NEWUTS NamespaceType = "NEWUTS"
NEWIPC NamespaceType = "NEWIPC"
NEWUSER NamespaceType = "NEWUSER"
)除了验证 Namespce Type是否在以上常量中,还要去验证 /proc/self/ns/$nsName是否存在并且可以read,都通过时,才认为该Namespace是在当前系统中是被支持的。
// IsNamespaceSupported returns whether a namespace is available or
// not
func IsNamespaceSupported(ns NamespaceType) bool {
...
supported, ok := supportedNamespaces[ns]
if ok {
return supported
}
...
// 除了验证 Namespce Type是都在指定列表中,还要去验证 /proc/self/ns/$nsName是否存在并且可以read
_, err := os.Stat(fmt.Sprintf("/proc/self/ns/%s", nsFile))
supported = err == nil
...
return supported
}如下是NameSpace的完整定义,很简单,只包括NamespaceType 和对应的Path。
// Namespace defines configuration for each namespace. It specifies an
// alternate path that is able to be joined via setns.
type Namespace struct {
Type NamespaceType `json:"type"`
Path string `json:"path"`
}从Namespace的GetPath方法中可见,一个pid对应的namespace path为 /proc/ pid/ns/ nsName。
func (n *Namespace) GetPath(pid int) string {
if n.Path != &
最低0.47元/天 解锁文章
扫一扫
2093
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
