starter

Documentation

Index

• func CleanupHost(cleanupSocket int, e *engine.Engine)
• func Master(...)
• func PostStartHost(postStartSocket int, e *engine.Engine)
• func RPCServer(socket int, e *engine.Engine)
• func StageOne(sconfig *starterConfig.Config, e *engine.Engine)
• func StageTwo(masterSocket int, e *engine.Engine)

Functions

func CleanupHost

func CleanupHost(cleanupSocket int, e *engine.Engine)

func Master

func Master(rpcSocket, masterSocket, postStartSocket, cleanupSocket, containerPid, imageFd int, e *engine.Engine)

Master initializes a runtime engine and runs it.

Saved uid 0 is preserved when run with suid flow, so that the master is capable to escalate its privileges to setup container environment properly.

func PostStartHost

func PostStartHost(postStartSocket int, e *engine.Engine)

func RPCServer

func RPCServer(socket int, e *engine.Engine)

RPCServer serves runtime engine requests.

The RPC server process is already in correct namespaces required by container, so any operations performed will affect final container environment. When run with suid flow, i.e. no user namespace for container is created and no hybrid workflow is requested, the server is run with escalated privileges (as euid 0).

func StageOne

func StageOne(sconfig *starterConfig.Config, e *engine.Engine)

StageOne validates and prepares container configuration which is used during container creation. Updated (possibly) engine configuration is wrote back into a shared sconfig so that new values will appear in next stages of engine execution and in master process.

Any privileges gained from SUID flow or capabilities in extended attributes are already dropped by this moment.

func StageTwo

func StageTwo(masterSocket int, e *engine.Engine)

StageTwo performs container execution.