YARN-8284. get_docker_command refactoring. Contributed by Eric Badger
This commit is contained in:
parent
0a22860336
commit
d47c09dcb1
@ -388,6 +388,18 @@ int get_docker_command(const char *command_file, const struct configuration *con
|
|||||||
}
|
}
|
||||||
free(value);
|
free(value);
|
||||||
|
|
||||||
|
char *docker = get_docker_binary(conf);
|
||||||
|
ret = add_to_args(args, docker);
|
||||||
|
free(docker);
|
||||||
|
if (ret != 0) {
|
||||||
|
return BUFFER_TOO_SMALL;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = add_docker_config_param(&command_config, args);
|
||||||
|
if (ret != 0) {
|
||||||
|
return BUFFER_TOO_SMALL;
|
||||||
|
}
|
||||||
|
|
||||||
char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
|
char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
|
||||||
if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) {
|
if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) {
|
||||||
return get_docker_inspect_command(command_file, conf, args);
|
return get_docker_inspect_command(command_file, conf, args);
|
||||||
@ -440,7 +452,7 @@ static int value_permitted(const struct configuration* executor_cfg,
|
|||||||
|
|
||||||
int get_docker_volume_command(const char *command_file, const struct configuration *conf, args *args) {
|
int get_docker_volume_command(const char *command_file, const struct configuration *conf, args *args) {
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
char *driver = NULL, *volume_name = NULL, *sub_command = NULL, *format = NULL, *docker = NULL;
|
char *driver = NULL, *volume_name = NULL, *sub_command = NULL, *format = NULL;
|
||||||
struct configuration command_config = {0, NULL};
|
struct configuration command_config = {0, NULL};
|
||||||
ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config);
|
ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
@ -456,19 +468,6 @@ int get_docker_volume_command(const char *command_file, const struct configurati
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
ret = BUFFER_TOO_SMALL;
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
ret = BUFFER_TOO_SMALL;
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_VOLUME_COMMAND);
|
ret = add_to_args(args, DOCKER_VOLUME_COMMAND);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -538,7 +537,6 @@ cleanup:
|
|||||||
free(volume_name);
|
free(volume_name);
|
||||||
free(sub_command);
|
free(sub_command);
|
||||||
free(format);
|
free(format);
|
||||||
free(docker);
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -576,19 +574,6 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
|
|||||||
return INVALID_DOCKER_INSPECT_FORMAT;
|
return INVALID_DOCKER_INSPECT_FORMAT;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto free_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
free(container_name);
|
|
||||||
free(format);
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_INSPECT_COMMAND);
|
ret = add_to_args(args, DOCKER_INSPECT_COMMAND);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
goto free_and_exit;
|
goto free_and_exit;
|
||||||
@ -610,7 +595,6 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
|
|||||||
free_and_exit:
|
free_and_exit:
|
||||||
free(format);
|
free(format);
|
||||||
free(container_name);
|
free(container_name);
|
||||||
free(docker);
|
|
||||||
return BUFFER_TOO_SMALL;
|
return BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -628,19 +612,6 @@ int get_docker_load_command(const char *command_file, const struct configuration
|
|||||||
return INVALID_DOCKER_IMAGE_NAME;
|
return INVALID_DOCKER_IMAGE_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
free(docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
free(image_name);
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_LOAD_COMMAND);
|
ret = add_to_args(args, DOCKER_LOAD_COMMAND);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
char *tmp_buffer = make_string("--i=%s", image_name);
|
char *tmp_buffer = make_string("--i=%s", image_name);
|
||||||
@ -675,17 +646,6 @@ int get_docker_pull_command(const char *command_file, const struct configuration
|
|||||||
return INVALID_DOCKER_IMAGE_NAME;
|
return INVALID_DOCKER_IMAGE_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto free_pull;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto free_pull;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_PULL_COMMAND);
|
ret = add_to_args(args, DOCKER_PULL_COMMAND);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = add_to_args(args, image_name);
|
ret = add_to_args(args, image_name);
|
||||||
@ -697,7 +657,6 @@ int get_docker_pull_command(const char *command_file, const struct configuration
|
|||||||
}
|
}
|
||||||
free_pull:
|
free_pull:
|
||||||
free(image_name);
|
free(image_name);
|
||||||
free(docker);
|
|
||||||
return BUFFER_TOO_SMALL;
|
return BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -715,18 +674,6 @@ int get_docker_rm_command(const char *command_file, const struct configuration *
|
|||||||
return INVALID_DOCKER_CONTAINER_NAME;
|
return INVALID_DOCKER_CONTAINER_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
free(docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_RM_COMMAND);
|
ret = add_to_args(args, DOCKER_RM_COMMAND);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = add_to_args(args, container_name);
|
ret = add_to_args(args, container_name);
|
||||||
@ -757,18 +704,6 @@ int get_docker_stop_command(const char *command_file, const struct configuration
|
|||||||
return INVALID_DOCKER_CONTAINER_NAME;
|
return INVALID_DOCKER_CONTAINER_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
free(docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto free_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
goto free_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_STOP_COMMAND);
|
ret = add_to_args(args, DOCKER_STOP_COMMAND);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
value = get_configuration_value("time", DOCKER_COMMAND_FILE_SECTION, &command_config);
|
value = get_configuration_value("time", DOCKER_COMMAND_FILE_SECTION, &command_config);
|
||||||
@ -812,18 +747,6 @@ int get_docker_kill_command(const char *command_file, const struct configuration
|
|||||||
return INVALID_DOCKER_CONTAINER_NAME;
|
return INVALID_DOCKER_CONTAINER_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
free(docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_KILL_COMMAND);
|
ret = add_to_args(args, DOCKER_KILL_COMMAND);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
value = get_configuration_value("signal", DOCKER_COMMAND_FILE_SECTION, &command_config);
|
value = get_configuration_value("signal", DOCKER_COMMAND_FILE_SECTION, &command_config);
|
||||||
@ -853,7 +776,6 @@ free_and_exit:
|
|||||||
|
|
||||||
int get_docker_start_command(const char *command_file, const struct configuration *conf, args *args) {
|
int get_docker_start_command(const char *command_file, const struct configuration *conf, args *args) {
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
char *docker = NULL;
|
|
||||||
char *container_name = NULL;
|
char *container_name = NULL;
|
||||||
struct configuration command_config = {0, NULL};
|
struct configuration command_config = {0, NULL};
|
||||||
ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config);
|
ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config);
|
||||||
@ -866,20 +788,6 @@ int get_docker_start_command(const char *command_file, const struct configuratio
|
|||||||
return INVALID_DOCKER_CONTAINER_NAME;
|
return INVALID_DOCKER_CONTAINER_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
free(docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
ret = BUFFER_TOO_SMALL;
|
|
||||||
goto free_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
ret = BUFFER_TOO_SMALL;
|
|
||||||
goto free_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_START_COMMAND);
|
ret = add_to_args(args, DOCKER_START_COMMAND);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
goto free_and_exit;
|
goto free_and_exit;
|
||||||
@ -1443,20 +1351,6 @@ int get_docker_run_command(const char *command_file, const struct configuration
|
|||||||
return INVALID_DOCKER_IMAGE_NAME;
|
return INVALID_DOCKER_IMAGE_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *docker = get_docker_binary(conf);
|
|
||||||
ret = add_to_args(args, docker);
|
|
||||||
free(docker);
|
|
||||||
if (ret != 0) {
|
|
||||||
reset_args(args);
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_docker_config_param(&command_config, args);
|
|
||||||
if (ret != 0) {
|
|
||||||
reset_args(args);
|
|
||||||
return BUFFER_TOO_SMALL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = add_to_args(args, DOCKER_RUN_COMMAND);
|
ret = add_to_args(args, DOCKER_RUN_COMMAND);
|
||||||
if(ret != 0) {
|
if(ret != 0) {
|
||||||
reset_args(args);
|
reset_args(args);
|
||||||
|
@ -165,12 +165,12 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=inspect\n format={{.State.Status}}\n name=container_e1_12312_11111_02_000001",
|
"[docker-command-execution]\n docker-command=inspect\n format={{.State.Status}}\n name=container_e1_12312_11111_02_000001",
|
||||||
"/usr/bin/docker inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
|
"inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=inspect\n"
|
"[docker-command-execution]\n docker-command=inspect\n"
|
||||||
" format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}}\n"
|
" format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}}\n"
|
||||||
" name=container_e1_12312_11111_02_000001",
|
" name=container_e1_12312_11111_02_000001",
|
||||||
"/usr/bin/docker inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001"));
|
"inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -202,7 +202,7 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=load\n image=image-id",
|
"[docker-command-execution]\n docker-command=load\n image=image-id",
|
||||||
"/usr/bin/docker load --i=image-id"));
|
"load --i=image-id"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -272,7 +272,7 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=pull\n image=image-id",
|
"[docker-command-execution]\n docker-command=pull\n image=image-id",
|
||||||
"/usr/bin/docker pull image-id"));
|
"pull image-id"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -292,7 +292,7 @@ namespace ContainerExecutor {
|
|||||||
file_cmd_vec.push_back(
|
file_cmd_vec.push_back(
|
||||||
std::make_pair<std::string, std::string>(
|
std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=rm\n name=container_e1_12312_11111_02_000001",
|
"[docker-command-execution]\n docker-command=rm\n name=container_e1_12312_11111_02_000001",
|
||||||
"/usr/bin/docker rm container_e1_12312_11111_02_000001"));
|
"rm container_e1_12312_11111_02_000001"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -312,10 +312,10 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001",
|
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001",
|
||||||
"/usr/bin/docker stop container_e1_12312_11111_02_000001"));
|
"stop container_e1_12312_11111_02_000001"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001\ntime=25",
|
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001\ntime=25",
|
||||||
"/usr/bin/docker stop --time=25 container_e1_12312_11111_02_000001"));
|
"stop --time=25 container_e1_12312_11111_02_000001"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -339,10 +339,10 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001",
|
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001",
|
||||||
"/usr/bin/docker kill container_e1_12312_11111_02_000001"));
|
"kill container_e1_12312_11111_02_000001"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001\nsignal=SIGQUIT",
|
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001\nsignal=SIGQUIT",
|
||||||
"/usr/bin/docker kill --signal=SIGQUIT container_e1_12312_11111_02_000001"));
|
"kill --signal=SIGQUIT container_e1_12312_11111_02_000001"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -365,7 +365,7 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=start\n name=container_e1_12312_11111_02_000001",
|
"[docker-command-execution]\n docker-command=start\n name=container_e1_12312_11111_02_000001",
|
||||||
"/usr/bin/docker start container_e1_12312_11111_02_000001"));
|
"start container_e1_12312_11111_02_000001"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
|
||||||
@ -1151,14 +1151,14 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody",
|
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image"));
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody",
|
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL nothadoop/docker-image"));
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL nothadoop/docker-image"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody\n"
|
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image bash test_script.sh arg1 arg2"));
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image bash test_script.sh arg1 arg2"));
|
||||||
|
|
||||||
// Test non-privileged conatiner with launch command
|
// Test non-privileged conatiner with launch command
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
@ -1168,7 +1168,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n devices=/dev/test:/dev/test\n"
|
" network=bridge\n devices=/dev/test:/dev/test\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
||||||
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
|
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
|
||||||
" --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
|
" --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
|
||||||
"test_script.sh arg1 arg2"));
|
"test_script.sh arg1 arg2"));
|
||||||
@ -1179,7 +1179,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n"
|
" network=bridge\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
|
||||||
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
||||||
|
|
||||||
// Test non-privileged container and drop all privileges
|
// Test non-privileged container and drop all privileges
|
||||||
@ -1190,7 +1190,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
|
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
||||||
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
|
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
|
||||||
"--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
|
"--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
|
||||||
" test_script.sh arg1 arg2"));
|
" test_script.sh arg1 arg2"));
|
||||||
@ -1201,7 +1201,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n net=bridge\n"
|
" network=bridge\n net=bridge\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
|
||||||
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
||||||
|
|
||||||
// Test privileged container
|
// Test privileged container
|
||||||
@ -1212,7 +1212,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
|
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
"run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
||||||
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
|
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
|
||||||
"--cap-add=CHOWN --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image "
|
"--cap-add=CHOWN --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image "
|
||||||
"bash test_script.sh arg1 arg2"));
|
"bash test_script.sh arg1 arg2"));
|
||||||
@ -1224,7 +1224,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
|
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n group-add=1000,1001\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n group-add=1000,1001\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
"run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
||||||
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
|
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
|
||||||
"--cap-add=CHOWN --cap-add=SETUID --hostname=host-id "
|
"--cap-add=CHOWN --cap-add=SETUID --hostname=host-id "
|
||||||
"--device=/dev/test:/dev/test hadoop/docker-image bash test_script.sh arg1 arg2"));
|
"--device=/dev/test:/dev/test hadoop/docker-image bash test_script.sh arg1 arg2"));
|
||||||
@ -1235,7 +1235,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n net=bridge\n"
|
" network=bridge\n net=bridge\n"
|
||||||
" detach=true\n rm=true\n group-add=1000,1001\n"
|
" detach=true\n rm=true\n group-add=1000,1001\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge --cap-drop=ALL "
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge --cap-drop=ALL "
|
||||||
"--hostname=host-id --group-add 1000 --group-add 1001 "
|
"--hostname=host-id --group-add 1000 --group-add 1001 "
|
||||||
"docker-image"));
|
"docker-image"));
|
||||||
|
|
||||||
@ -1339,7 +1339,7 @@ namespace ContainerExecutor {
|
|||||||
" user=nobody\n"
|
" user=nobody\n"
|
||||||
" use-entry-point=true\n"
|
" use-entry-point=true\n"
|
||||||
" environ=/tmp/test.env\n",
|
" environ=/tmp/test.env\n",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL "
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL "
|
||||||
"--env-file /tmp/test.env hadoop/docker-image"));
|
"--env-file /tmp/test.env hadoop/docker-image"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
@ -1382,11 +1382,11 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n user=nobody",
|
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n user=nobody",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n"
|
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n"
|
||||||
" user=nobody\n launch-command=bash,test_script.sh,arg1,arg2",
|
" user=nobody\n launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
|
||||||
|
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n"
|
"[docker-command-execution]\n"
|
||||||
@ -1395,7 +1395,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n devices=/dev/test:/dev/test\n"
|
" network=bridge\n devices=/dev/test:/dev/test\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
||||||
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
|
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
|
||||||
" --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
|
" --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
|
||||||
"test_script.sh arg1 arg2"));
|
"test_script.sh arg1 arg2"));
|
||||||
@ -1406,7 +1406,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n"
|
" network=bridge\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
|
||||||
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
||||||
|
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
@ -1416,7 +1416,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
|
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
|
||||||
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
|
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
|
||||||
"--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
|
"--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
|
||||||
" test_script.sh arg1 arg2"));
|
" test_script.sh arg1 arg2"));
|
||||||
@ -1427,7 +1427,7 @@ namespace ContainerExecutor {
|
|||||||
" network=bridge\n net=bridge\n"
|
" network=bridge\n net=bridge\n"
|
||||||
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
|
||||||
" launch-command=bash,test_script.sh,arg1,arg2",
|
" launch-command=bash,test_script.sh,arg1,arg2",
|
||||||
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
|
"run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
|
||||||
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
@ -1511,10 +1511,10 @@ namespace ContainerExecutor {
|
|||||||
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=volume\n sub-command=create\n volume=volume1 \n driver=driver1",
|
"[docker-command-execution]\n docker-command=volume\n sub-command=create\n volume=volume1 \n driver=driver1",
|
||||||
"/usr/bin/docker volume create --name=volume1 --driver=driver1"));
|
"volume create --name=volume1 --driver=driver1"));
|
||||||
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
|
||||||
"[docker-command-execution]\n docker-command=volume\n format={{.Name}},{{.Driver}}\n sub-command=ls",
|
"[docker-command-execution]\n docker-command=volume\n format={{.Name}},{{.Driver}}\n sub-command=ls",
|
||||||
"/usr/bin/docker volume ls --format={{.Name}},{{.Driver}}"));
|
"volume ls --format={{.Name}},{{.Driver}}"));
|
||||||
|
|
||||||
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user