rkt: fix enter

When using overlay, the stage1 filesystem is mounted in a separate mount namespace, rkt can't access the enter binary. We now get the enter binary from the tree cache, using the stage1 image the user specified when preparing/running the container.
2026-06-16 02:05:48 +00:00 · 2015-03-16 15:05:19 +01:00
parent a128256bb9
commit d12615f462
2 changed files with 22 additions and 24 deletions
@@ -19,12 +19,11 @@ package main
 import (
 	"fmt"
 	"io/ioutil"
-	"os"
-	"os/exec"
 	"path/filepath"

 	"github.com/coreos/rocket/Godeps/_workspace/src/github.com/appc/spec/schema"
 	"github.com/coreos/rocket/Godeps/_workspace/src/github.com/appc/spec/schema/types"
+	"github.com/coreos/rocket/cas"
 	"github.com/coreos/rocket/common"
 	"github.com/coreos/rocket/stage0"
 )
@@ -81,18 +80,28 @@ func runEnter(args []string) (exit int) {
 		return 1
 	}

-	if _, err = os.Stat(filepath.Join(common.AppRootfsPath(c.path(), *imageID))); err != nil {
-		stderr("Unable to access app rootfs: %v", err)
-		return 1
-	}
-
 	argv, err := getEnterArgv(c, imageID, args)
 	if err != nil {
 		stderr("Enter failed: %v", err)
 		return 1
 	}

-	if err = stage0.Enter(c.path(), imageID, argv); err != nil {
+	ds, err := cas.NewStore(globalFlags.Dir)
+	if err != nil {
+		stderr("Cannot open store: %v", err)
+		return 1
+	}
+
+	stage1ID, err := c.getStage1Hash()
+	if err != nil {
+		stderr("Error getting stage1 hash")
+		return 1
+	}
+
+	stage1RootFS := ds.GetTreeStoreRootFS(stage1ID.String())
+	enterPath := filepath.Join(stage1RootFS, cmdEnterName)
+
+	if err = stage0.Enter(c.path(), imageID, enterPath, argv); err != nil {
 		stderr("Enter failed: %v", err)
 		return 1
 	}
@@ -146,10 +155,5 @@ func getEnterArgv(c *container, imageID *types.Hash, cmdArgs []string) ([]string
 		argv = cmdArgs[1:]
 	}

-	// TODO(vc): LookPath() uses os.Stat() internally so symlinks can defeat this check
-	if _, err := exec.LookPath(filepath.Join(common.AppRootfsPath(c.path(), *imageID), argv[0])); err != nil {
-		return nil, fmt.Errorf("command %q missing, giving up: %v", argv[0], err)
-	}
-
 	return argv, nil
 }
@@ -19,29 +19,23 @@ package stage0
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 	"syscall"

 	"github.com/coreos/rocket/Godeps/_workspace/src/github.com/appc/spec/schema/types"
-	"github.com/coreos/rocket/common"
 )

 // Enter enters the container by exec()ing the stage1's /enter similar to /init
-// /enter can expect to have its CWD set to the container root
-// imageID and command are supplied to /enter on argv followed by any arguments
-func Enter(cdir string, imageID *types.Hash, cmdline []string) error {
+// /enter can expect to have its CWD set to the container root.
+// imageID and command are supplied to /enter on argv followed by any arguments.
+// enterPath is the path of the enter binary
+func Enter(cdir string, imageID *types.Hash, enterPath string, cmdline []string) error {
 	if err := os.Chdir(cdir); err != nil {
 		return fmt.Errorf("error changing to dir: %v", err)
 	}

 	id := types.ShortHash(imageID.String())

-	ep, err := getStage1Entrypoint(cdir, enterEntrypoint)
-	if err != nil {
-		return fmt.Errorf("error determining entrypoint: %v", err)
-	}
-
-	argv := []string{filepath.Join(common.Stage1RootfsPath(cdir), ep)}
+	argv := []string{enterPath}
 	argv = append(argv, id)
 	argv = append(argv, cmdline...)
 	if err := syscall.Exec(argv[0], argv, os.Environ()); err != nil {