kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

builder-next: userns remap support 

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi 2019-06-10 16:28:01 -07:00
parent 238f8eaa31
commit 07b3aac902
6 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
builder/builder-next/adapters/snapshot/snapshot.go
View File

@ -29,6 +29,7 @@ type Opt struct {
GraphDriver graphdriver.Driver GraphDriver graphdriver.Driver
LayerStore layer.Store LayerStore layer.Store
Root string Root string
IdentityMapping *idtools.IdentityMapping
} }
type graphIDRegistrar interface { type graphIDRegistrar interface {
@ -79,7 +80,7 @@ func (s *snapshotter) Name() string {
} }
func (s *snapshotter) IdentityMapping() *idtools.IdentityMapping { func (s *snapshotter) IdentityMapping() *idtools.IdentityMapping {
return nil return s.opt.IdentityMapping
} }
func (s *snapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error { func (s *snapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error {
@ -253,6 +254,7 @@ func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountabl
id := identity.NewID() id := identity.NewID()
var rwlayer layer.RWLayer var rwlayer layer.RWLayer
return &mountable{ return &mountable{
idmap: s.opt.IdentityMapping,
acquire: func() ([]mount.Mount, error) { acquire: func() ([]mount.Mount, error) {
rwlayer, err = s.opt.LayerStore.CreateRWLayer(id, l.ChainID(), nil) rwlayer, err = s.opt.LayerStore.CreateRWLayer(id, l.ChainID(), nil)
if err != nil { if err != nil {
@ -278,6 +280,7 @@ func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountabl
id, _ := s.getGraphDriverID(key) id, _ := s.getGraphDriverID(key)
return &mountable{ return &mountable{
idmap: s.opt.IdentityMapping,
acquire: func() ([]mount.Mount, error) { acquire: func() ([]mount.Mount, error) {
rootfs, err := s.opt.GraphDriver.Get(id, "") rootfs, err := s.opt.GraphDriver.Get(id, "")
if err != nil { if err != nil {
@ -440,6 +443,7 @@ type mountable struct {
acquire func() ([]mount.Mount, error) acquire func() ([]mount.Mount, error)
release func() error release func() error
refCount int refCount int
idmap *idtools.IdentityMapping
} }
func (m *mountable) Mount() ([]mount.Mount, error) { func (m *mountable) Mount() ([]mount.Mount, error) {
@ -480,5 +484,5 @@ func (m *mountable) Release() error {
} }
func (m *mountable) IdentityMapping() *idtools.IdentityMapping { func (m *mountable) IdentityMapping() *idtools.IdentityMapping {
return nil return m.idmap
} }

2
builder/builder-next/builder.go
View File

@ -17,6 +17,7 @@ import (
"github.com/docker/docker/builder" "github.com/docker/docker/builder"
"github.com/docker/docker/daemon/config" "github.com/docker/docker/daemon/config"
"github.com/docker/docker/daemon/images" "github.com/docker/docker/daemon/images"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/streamformatter" "github.com/docker/docker/pkg/streamformatter"
"github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/system"
"github.com/docker/libnetwork" "github.com/docker/libnetwork"
@ -73,6 +74,7 @@ type Opt struct {
ResolverOpt resolver.ResolveOptionsFunc ResolverOpt resolver.ResolveOptionsFunc
BuilderConfig config.BuilderConfig BuilderConfig config.BuilderConfig
Rootless bool Rootless bool
IdentityMapping *idtools.IdentityMapping
} }
// Builder can build using BuildKit backend // Builder can build using BuildKit backend

5
builder/builder-next/controller.go
View File

@ -38,7 +38,7 @@ import (
) )
func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) { func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
if err := os.MkdirAll(opt.Root, 0700); err != nil { if err := os.MkdirAll(opt.Root, 0711); err != nil {
return nil, err return nil, err
} }
@ -58,6 +58,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
GraphDriver: driver, GraphDriver: driver,
LayerStore: dist.LayerStore, LayerStore: dist.LayerStore,
Root: root, Root: root,
IdentityMapping: opt.IdentityMapping,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -112,7 +113,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
return nil, err return nil, err
} }
exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless) exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless, opt.IdentityMapping)
if err != nil { if err != nil {
return nil, err return nil, err
} }

4
builder/builder-next/executor_unix.go
View File

@ -8,6 +8,7 @@ import (
"strconv" "strconv"
"sync" "sync"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/libnetwork" "github.com/docker/libnetwork"
"github.com/moby/buildkit/executor" "github.com/moby/buildkit/executor"
"github.com/moby/buildkit/executor/runcexecutor" "github.com/moby/buildkit/executor/runcexecutor"
@ -20,7 +21,7 @@ import (
const networkName = "bridge" const networkName = "bridge"
func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool) (executor.Executor, error) { func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool, idmap *idtools.IdentityMapping) (executor.Executor, error) {
networkProviders := map[pb.NetMode]network.Provider{ networkProviders := map[pb.NetMode]network.Provider{
pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: filepath.Join(root, "net")}, pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: filepath.Join(root, "net")},
pb.NetMode_HOST: network.NewHostProvider(), pb.NetMode_HOST: network.NewHostProvider(),
@ -32,6 +33,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
DefaultCgroupParent: cgroupParent, DefaultCgroupParent: cgroupParent,
Rootless: rootless, Rootless: rootless,
NoPivot: os.Getenv("DOCKER_RAMDISK") != "", NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
IdentityMapping: idmap,
}, networkProviders) }, networkProviders)
} }

3
builder/builder-next/executor_windows.go
View File

@ -5,12 +5,13 @@ import (
"errors" "errors"
"io" "io"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/libnetwork" "github.com/docker/libnetwork"
"github.com/moby/buildkit/cache" "github.com/moby/buildkit/cache"
"github.com/moby/buildkit/executor" "github.com/moby/buildkit/executor"
) )
func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool) (executor.Executor, error) { func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool, _ *idtools.IdentityMapping) (executor.Executor, error) {
return &winExecutor{}, nil return &winExecutor{}, nil
} }

1
cmd/dockerd/daemon.go
View File

@ -318,6 +318,7 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e
ResolverOpt: d.NewResolveOptionsFunc(), ResolverOpt: d.NewResolveOptionsFunc(),
BuilderConfig: config.Builder, BuilderConfig: config.Builder,
Rootless: d.Rootless(), Rootless: d.Rootless(),
IdentityMapping: d.IdentityMapping(),
}) })
if err != nil { if err != nil {
return opts, err return opts, err