| skipped 130 lines |
| 131 | 131 | | return fmt.Errorf("cannot initialize Docker client: %w", err) |
| 132 | 132 | | } |
| 133 | 133 | | |
| | 134 | + | target, err := client.ContainerInspect(ctx, opts.target) |
| | 135 | + | if err != nil { |
| | 136 | + | return fmt.Errorf("cannot inspect target container: %w", err) |
| | 137 | + | } |
| | 138 | + | |
| | 139 | + | if target.State == nil || !target.State.Running { |
| | 140 | + | return fmt.Errorf("target container found but it's not running") |
| | 141 | + | } |
| | 142 | + | |
| 134 | 143 | | if err := pullImage(ctx, cli, client, opts.image); err != nil { |
| 135 | 144 | | return err |
| 136 | 145 | | } |
| 137 | 146 | | |
| 138 | 147 | | runID := shortID() |
| 139 | | - | target := "container:" + opts.target |
| | 148 | + | nsMode := "container:" + target.ID |
| 140 | 149 | | resp, err := client.ContainerCreate( |
| 141 | 150 | | ctx, |
| 142 | 151 | | &container.Config{ |
| skipped 25 lines |
| 168 | 177 | | Privileged: opts.privileged, |
| 169 | 178 | | AutoRemove: opts.autoRemove, |
| 170 | 179 | | |
| 171 | | - | NetworkMode: container.NetworkMode(target), |
| 172 | | - | PidMode: container.PidMode(target), |
| 173 | | - | UTSMode: container.UTSMode(target), |
| 174 | | - | // TODO: IpcMode: container.IpcMode("container:my-distroless"), |
| | 180 | + | NetworkMode: container.NetworkMode(nsMode), |
| | 181 | + | PidMode: container.PidMode(nsMode), |
| | 182 | + | UTSMode: container.UTSMode(nsMode), |
| | 183 | + | // TODO: CgroupnsMode: container.CgroupnsMode(nsMode), |
| | 184 | + | // TODO: IpcMode: container.IpcMode(nsMode) |
| | 185 | + | // TODO: UsernsMode: container.UsernsMode(target) |
| 175 | 186 | | }, |
| 176 | 187 | | nil, |
| 177 | 188 | | nil, |
| skipped 185 lines |
Ivan Velichko
committed
2 years ago
1 parent a6a9c564