|
|
|
@ -3,7 +3,6 @@ package docker
|
|
|
|
import (
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"bytes"
|
|
|
|
"context"
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"io"
|
|
|
|
"io"
|
|
|
|
"net"
|
|
|
|
"net"
|
|
|
|
"os"
|
|
|
|
"os"
|
|
|
|
@ -140,26 +139,21 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
|
|
|
|
return err
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, f := range secOpts {
|
|
|
|
for _, f := range secOpts {
|
|
|
|
fmt.Println("range of opts ", f)
|
|
|
|
|
|
|
|
if f.Name == "userns" {
|
|
|
|
if f.Name == "userns" {
|
|
|
|
hc.UsernsMode = "host"
|
|
|
|
hc.UsernsMode = "host"
|
|
|
|
break
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//hc.SecurityOpt=["seccomp:unconfined" "apparmor:unconfined" "systempaths:unconfined"]
|
|
|
|
|
|
|
|
hc.SecurityOpt = append(hc.SecurityOpt, "seccomp=unconfined")
|
|
|
|
hc.SecurityOpt = append(hc.SecurityOpt, "seccomp=unconfined")
|
|
|
|
hc.SecurityOpt = append(hc.SecurityOpt, "apparmor=unconfined")
|
|
|
|
hc.SecurityOpt = append(hc.SecurityOpt, "apparmor=unconfined")
|
|
|
|
//hc.SecurityOpt = append(hc.SecurityOpt, "systempaths=unconfined")
|
|
|
|
|
|
|
|
hc.Privileged = false
|
|
|
|
hc.Privileged = false
|
|
|
|
|
|
|
|
//hc.SecurityOpt = append(hc.SecurityOpt, "systempaths=unconfined")
|
|
|
|
|
|
|
|
hc.MaskedPaths = []string{}
|
|
|
|
|
|
|
|
hc.ReadonlyPaths = []string{}
|
|
|
|
|
|
|
|
//cfg.Env= append(cfg.Env,"systempaths=unconfined")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
fmt.Println("cfg: ", cfg)
|
|
|
|
|
|
|
|
fmt.Println("hc privileged:", hc.Privileged)
|
|
|
|
|
|
|
|
fmt.Println("hc: ", hc.SecurityOpt)
|
|
|
|
|
|
|
|
fmt.Println("hc: ", hc.SecurityOpt)
|
|
|
|
|
|
|
|
fmt.Println(hc.SecurityOpt)
|
|
|
|
|
|
|
|
_, err := d.DockerAPI.ContainerCreate(ctx, cfg, hc, &network.NetworkingConfig{}, nil, d.Name)
|
|
|
|
_, err := d.DockerAPI.ContainerCreate(ctx, cfg, hc, &network.NetworkingConfig{}, nil, d.Name)
|
|
|
|
if err != nil && !errdefs.IsConflict(err) {
|
|
|
|
if err != nil && !errdefs.IsConflict(err) {
|
|
|
|
l.Wrap("fucking dumb", func() error { fmt.Println(err.Error()); return nil })
|
|
|
|
|
|
|
|
return err
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err == nil {
|
|
|
|
if err == nil {
|
|
|
|
@ -283,7 +277,6 @@ func (d *Driver) run(ctx context.Context, cmd []string, stdout, stderr io.Writer
|
|
|
|
if resp.ExitCode != 0 {
|
|
|
|
if resp.ExitCode != 0 {
|
|
|
|
return errors.Errorf("exit code %d", resp.ExitCode)
|
|
|
|
return errors.Errorf("exit code %d", resp.ExitCode)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
fmt.Println("did I get in here")
|
|
|
|
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
nathan wagner
1 year ago