YARN-8284. get_docker_command refactoring. Contributed by Eric Badger

(cherry picked from commit d47c09dcb1)
This commit is contained in:
Jason Lowe 2018-05-16 09:23:49 -05:00
parent 051d9cff9c
commit 79b2a508e0
2 changed files with 42 additions and 148 deletions

View File

@ -388,6 +388,18 @@ int get_docker_command(const char *command_file, const struct configuration *con
} }
free(value); free(value);
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config); char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) { if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) {
return get_docker_inspect_command(command_file, conf, args); return get_docker_inspect_command(command_file, conf, args);
@ -440,7 +452,7 @@ static int value_permitted(const struct configuration* executor_cfg,
int get_docker_volume_command(const char *command_file, const struct configuration *conf, args *args) { int get_docker_volume_command(const char *command_file, const struct configuration *conf, args *args) {
int ret = 0; int ret = 0;
char *driver = NULL, *volume_name = NULL, *sub_command = NULL, *format = NULL, *docker = NULL; char *driver = NULL, *volume_name = NULL, *sub_command = NULL, *format = NULL;
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
@ -456,19 +468,6 @@ int get_docker_volume_command(const char *command_file, const struct configurati
goto cleanup; goto cleanup;
} }
docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
if (ret != 0) {
ret = BUFFER_TOO_SMALL;
goto cleanup;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
ret = BUFFER_TOO_SMALL;
goto cleanup;
}
ret = add_to_args(args, DOCKER_VOLUME_COMMAND); ret = add_to_args(args, DOCKER_VOLUME_COMMAND);
if (ret != 0) { if (ret != 0) {
goto cleanup; goto cleanup;
@ -538,7 +537,6 @@ cleanup:
free(volume_name); free(volume_name);
free(sub_command); free(sub_command);
free(format); free(format);
free(docker);
return ret; return ret;
} }
@ -576,19 +574,6 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
return INVALID_DOCKER_INSPECT_FORMAT; return INVALID_DOCKER_INSPECT_FORMAT;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
if (ret != 0) {
goto free_and_exit;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
free(container_name);
free(format);
return BUFFER_TOO_SMALL;
}
ret = add_to_args(args, DOCKER_INSPECT_COMMAND); ret = add_to_args(args, DOCKER_INSPECT_COMMAND);
if (ret != 0) { if (ret != 0) {
goto free_and_exit; goto free_and_exit;
@ -610,7 +595,6 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
free_and_exit: free_and_exit:
free(format); free(format);
free(container_name); free(container_name);
free(docker);
return BUFFER_TOO_SMALL; return BUFFER_TOO_SMALL;
} }
@ -628,19 +612,6 @@ int get_docker_load_command(const char *command_file, const struct configuration
return INVALID_DOCKER_IMAGE_NAME; return INVALID_DOCKER_IMAGE_NAME;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
free(image_name);
return BUFFER_TOO_SMALL;
}
ret = add_to_args(args, DOCKER_LOAD_COMMAND); ret = add_to_args(args, DOCKER_LOAD_COMMAND);
if (ret == 0) { if (ret == 0) {
char *tmp_buffer = make_string("--i=%s", image_name); char *tmp_buffer = make_string("--i=%s", image_name);
@ -675,17 +646,6 @@ int get_docker_pull_command(const char *command_file, const struct configuration
return INVALID_DOCKER_IMAGE_NAME; return INVALID_DOCKER_IMAGE_NAME;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
if (ret != 0) {
goto free_pull;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
goto free_pull;
}
ret = add_to_args(args, DOCKER_PULL_COMMAND); ret = add_to_args(args, DOCKER_PULL_COMMAND);
if (ret == 0) { if (ret == 0) {
ret = add_to_args(args, image_name); ret = add_to_args(args, image_name);
@ -697,7 +657,6 @@ int get_docker_pull_command(const char *command_file, const struct configuration
} }
free_pull: free_pull:
free(image_name); free(image_name);
free(docker);
return BUFFER_TOO_SMALL; return BUFFER_TOO_SMALL;
} }
@ -715,18 +674,6 @@ int get_docker_rm_command(const char *command_file, const struct configuration *
return INVALID_DOCKER_CONTAINER_NAME; return INVALID_DOCKER_CONTAINER_NAME;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
ret = add_to_args(args, DOCKER_RM_COMMAND); ret = add_to_args(args, DOCKER_RM_COMMAND);
if (ret == 0) { if (ret == 0) {
ret = add_to_args(args, container_name); ret = add_to_args(args, container_name);
@ -757,18 +704,6 @@ int get_docker_stop_command(const char *command_file, const struct configuration
return INVALID_DOCKER_CONTAINER_NAME; return INVALID_DOCKER_CONTAINER_NAME;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
goto free_and_exit;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
goto free_and_exit;
}
ret = add_to_args(args, DOCKER_STOP_COMMAND); ret = add_to_args(args, DOCKER_STOP_COMMAND);
if (ret == 0) { if (ret == 0) {
value = get_configuration_value("time", DOCKER_COMMAND_FILE_SECTION, &command_config); value = get_configuration_value("time", DOCKER_COMMAND_FILE_SECTION, &command_config);
@ -812,18 +747,6 @@ int get_docker_kill_command(const char *command_file, const struct configuration
return INVALID_DOCKER_CONTAINER_NAME; return INVALID_DOCKER_CONTAINER_NAME;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
return BUFFER_TOO_SMALL;
}
ret = add_to_args(args, DOCKER_KILL_COMMAND); ret = add_to_args(args, DOCKER_KILL_COMMAND);
if (ret == 0) { if (ret == 0) {
value = get_configuration_value("signal", DOCKER_COMMAND_FILE_SECTION, &command_config); value = get_configuration_value("signal", DOCKER_COMMAND_FILE_SECTION, &command_config);
@ -853,7 +776,6 @@ free_and_exit:
int get_docker_start_command(const char *command_file, const struct configuration *conf, args *args) { int get_docker_start_command(const char *command_file, const struct configuration *conf, args *args) {
int ret = 0; int ret = 0;
char *docker = NULL;
char *container_name = NULL; char *container_name = NULL;
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config);
@ -866,20 +788,6 @@ int get_docker_start_command(const char *command_file, const struct configuratio
return INVALID_DOCKER_CONTAINER_NAME; return INVALID_DOCKER_CONTAINER_NAME;
} }
docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
ret = BUFFER_TOO_SMALL;
goto free_and_exit;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
ret = BUFFER_TOO_SMALL;
goto free_and_exit;
}
ret = add_to_args(args, DOCKER_START_COMMAND); ret = add_to_args(args, DOCKER_START_COMMAND);
if (ret != 0) { if (ret != 0) {
goto free_and_exit; goto free_and_exit;
@ -1443,20 +1351,6 @@ int get_docker_run_command(const char *command_file, const struct configuration
return INVALID_DOCKER_IMAGE_NAME; return INVALID_DOCKER_IMAGE_NAME;
} }
char *docker = get_docker_binary(conf);
ret = add_to_args(args, docker);
free(docker);
if (ret != 0) {
reset_args(args);
return BUFFER_TOO_SMALL;
}
ret = add_docker_config_param(&command_config, args);
if (ret != 0) {
reset_args(args);
return BUFFER_TOO_SMALL;
}
ret = add_to_args(args, DOCKER_RUN_COMMAND); ret = add_to_args(args, DOCKER_RUN_COMMAND);
if(ret != 0) { if(ret != 0) {
reset_args(args); reset_args(args);

View File

@ -165,12 +165,12 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=inspect\n format={{.State.Status}}\n name=container_e1_12312_11111_02_000001", "[docker-command-execution]\n docker-command=inspect\n format={{.State.Status}}\n name=container_e1_12312_11111_02_000001",
"/usr/bin/docker inspect --format={{.State.Status}} container_e1_12312_11111_02_000001")); "inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=inspect\n" "[docker-command-execution]\n docker-command=inspect\n"
" format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}}\n" " format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}}\n"
" name=container_e1_12312_11111_02_000001", " name=container_e1_12312_11111_02_000001",
"/usr/bin/docker inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001")); "inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -202,7 +202,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=load\n image=image-id", "[docker-command-execution]\n docker-command=load\n image=image-id",
"/usr/bin/docker load --i=image-id")); "load --i=image-id"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -272,7 +272,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=pull\n image=image-id", "[docker-command-execution]\n docker-command=pull\n image=image-id",
"/usr/bin/docker pull image-id")); "pull image-id"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -292,7 +292,7 @@ namespace ContainerExecutor {
file_cmd_vec.push_back( file_cmd_vec.push_back(
std::make_pair<std::string, std::string>( std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=rm\n name=container_e1_12312_11111_02_000001", "[docker-command-execution]\n docker-command=rm\n name=container_e1_12312_11111_02_000001",
"/usr/bin/docker rm container_e1_12312_11111_02_000001")); "rm container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -312,10 +312,10 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001", "[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001",
"/usr/bin/docker stop container_e1_12312_11111_02_000001")); "stop container_e1_12312_11111_02_000001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001\ntime=25", "[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001\ntime=25",
"/usr/bin/docker stop --time=25 container_e1_12312_11111_02_000001")); "stop --time=25 container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -339,10 +339,10 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001", "[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001",
"/usr/bin/docker kill container_e1_12312_11111_02_000001")); "kill container_e1_12312_11111_02_000001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001\nsignal=SIGQUIT", "[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001\nsignal=SIGQUIT",
"/usr/bin/docker kill --signal=SIGQUIT container_e1_12312_11111_02_000001")); "kill --signal=SIGQUIT container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -365,7 +365,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=start\n name=container_e1_12312_11111_02_000001", "[docker-command-execution]\n docker-command=start\n name=container_e1_12312_11111_02_000001",
"/usr/bin/docker start container_e1_12312_11111_02_000001")); "start container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -1151,14 +1151,14 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody", "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image")); "run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody", "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL nothadoop/docker-image")); "run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL nothadoop/docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody\n" "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image bash test_script.sh arg1 arg2")); "run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image bash test_script.sh arg1 arg2"));
// Test non-privileged conatiner with launch command // Test non-privileged conatiner with launch command
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
@ -1168,7 +1168,7 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n" " network=bridge\n devices=/dev/test:/dev/test\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN" " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
" --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash " " --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
"test_script.sh arg1 arg2")); "test_script.sh arg1 arg2"));
@ -1179,7 +1179,7 @@ namespace ContainerExecutor {
" network=bridge\n" " network=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
// Test non-privileged container and drop all privileges // Test non-privileged container and drop all privileges
@ -1190,7 +1190,7 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n" " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN " " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
"--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash" "--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
" test_script.sh arg1 arg2")); " test_script.sh arg1 arg2"));
@ -1201,7 +1201,7 @@ namespace ContainerExecutor {
" network=bridge\n net=bridge\n" " network=bridge\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
// Test privileged container // Test privileged container
@ -1212,7 +1212,7 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n" " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" "run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL " " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
"--cap-add=CHOWN --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image " "--cap-add=CHOWN --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image "
"bash test_script.sh arg1 arg2")); "bash test_script.sh arg1 arg2"));
@ -1224,7 +1224,7 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n" " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n group-add=1000,1001\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n group-add=1000,1001\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" "run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL " " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
"--cap-add=CHOWN --cap-add=SETUID --hostname=host-id " "--cap-add=CHOWN --cap-add=SETUID --hostname=host-id "
"--device=/dev/test:/dev/test hadoop/docker-image bash test_script.sh arg1 arg2")); "--device=/dev/test:/dev/test hadoop/docker-image bash test_script.sh arg1 arg2"));
@ -1235,7 +1235,7 @@ namespace ContainerExecutor {
" network=bridge\n net=bridge\n" " network=bridge\n net=bridge\n"
" detach=true\n rm=true\n group-add=1000,1001\n" " detach=true\n rm=true\n group-add=1000,1001\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge --cap-drop=ALL " "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge --cap-drop=ALL "
"--hostname=host-id --group-add 1000 --group-add 1001 " "--hostname=host-id --group-add 1000 --group-add 1001 "
"docker-image")); "docker-image"));
@ -1339,7 +1339,7 @@ namespace ContainerExecutor {
" user=nobody\n" " user=nobody\n"
" use-entry-point=true\n" " use-entry-point=true\n"
" environ=/tmp/test.env\n", " environ=/tmp/test.env\n",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL " "run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL "
"--env-file /tmp/test.env hadoop/docker-image")); "--env-file /tmp/test.env hadoop/docker-image"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
@ -1382,11 +1382,11 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n user=nobody", "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n user=nobody",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image")); "run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n" "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n"
" user=nobody\n launch-command=bash,test_script.sh,arg1,arg2", " user=nobody\n launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image")); "run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n" "[docker-command-execution]\n"
@ -1395,7 +1395,7 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n" " network=bridge\n devices=/dev/test:/dev/test\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN" " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
" --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash " " --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
"test_script.sh arg1 arg2")); "test_script.sh arg1 arg2"));
@ -1406,7 +1406,7 @@ namespace ContainerExecutor {
" network=bridge\n" " network=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
@ -1416,7 +1416,7 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n" " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
" -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN " " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
"--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash" "--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
" test_script.sh arg1 arg2")); " test_script.sh arg1 arg2"));
@ -1427,7 +1427,7 @@ namespace ContainerExecutor {
" network=bridge\n net=bridge\n" " network=bridge\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2", " launch-command=bash,test_script.sh,arg1,arg2",
"/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge" "run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
" --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
@ -1511,10 +1511,10 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=volume\n sub-command=create\n volume=volume1 \n driver=driver1", "[docker-command-execution]\n docker-command=volume\n sub-command=create\n volume=volume1 \n driver=driver1",
"/usr/bin/docker volume create --name=volume1 --driver=driver1")); "volume create --name=volume1 --driver=driver1"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=volume\n format={{.Name}},{{.Driver}}\n sub-command=ls", "[docker-command-execution]\n docker-command=volume\n format={{.Name}},{{.Driver}}\n sub-command=ls",
"/usr/bin/docker volume ls --format={{.Name}},{{.Driver}}")); "volume ls --format={{.Name}},{{.Driver}}"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;