From 0c84c322ae41d0b66ef3fc72a4f4aebc38aea32a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Jul 2021 12:12:11 +0200 Subject: [PATCH 1/5] daemon, oci: remove LCOW bits Signed-off-by: Sebastiaan van Stijn --- daemon/create.go | 9 +- daemon/create_windows.go | 15 +-- daemon/daemon_windows.go | 12 +- daemon/oci_windows.go | 65 +-------- oci/defaults.go | 277 +++++++++++++++++++-------------------- 5 files changed, 148 insertions(+), 230 deletions(-) diff --git a/daemon/create.go b/daemon/create.go index b71e183a64..d672688088 100644 --- a/daemon/create.go +++ b/daemon/create.go @@ -16,6 +16,7 @@ import ( "github.com/docker/docker/errdefs" "github.com/docker/docker/image" "github.com/docker/docker/pkg/idtools" + "github.com/docker/docker/pkg/system" "github.com/docker/docker/runconfig" v1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/selinux/go-selinux" @@ -113,19 +114,17 @@ func (daemon *Daemon) create(opts createOpts) (retC *container.Container, retErr img *image.Image imgID image.ID err error + os = runtime.GOOS ) - os := runtime.GOOS if opts.params.Config.Image != "" { img, err = daemon.imageService.GetImage(opts.params.Config.Image, opts.params.Platform) if err != nil { return nil, err } - if img.OS != "" { - os = img.OS - } + os = img.OperatingSystem() imgID = img.ID() - if isWindows && img.OS == "linux" { + if !system.IsOSSupported(os) { return nil, errors.New("operating system on which parent image was created is not Windows") } } else if isWindows { diff --git a/daemon/create_windows.go b/daemon/create_windows.go index de89f693ef..f47b732fbd 100644 --- a/daemon/create_windows.go +++ b/daemon/create_windows.go @@ -3,7 +3,6 @@ package daemon // import "github.com/docker/docker/daemon" import ( "context" "fmt" - "runtime" containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" @@ -14,19 +13,9 @@ import ( // createContainerOSSpecificSettings performs host-OS specific container create functionality func (daemon *Daemon) createContainerOSSpecificSettings(container *container.Container, config *containertypes.Config, hostConfig *containertypes.HostConfig) error { - - if container.OS == runtime.GOOS { + if containertypes.Isolation.IsDefault(hostConfig.Isolation) { // Make sure the host config has the default daemon isolation if not specified by caller. - if containertypes.Isolation.IsDefault(containertypes.Isolation(hostConfig.Isolation)) { - hostConfig.Isolation = daemon.defaultIsolation - } - } else { - // LCOW must be a Hyper-V container as you can't run a shared kernel when one - // is a Windows kernel, the other is a Linux kernel. - if containertypes.Isolation.IsProcess(containertypes.Isolation(hostConfig.Isolation)) { - return fmt.Errorf("process isolation is invalid for Linux containers on Windows") - } - hostConfig.Isolation = "hyperv" + hostConfig.Isolation = daemon.defaultIsolation } parser := volumemounts.NewParser() for spec := range config.Volumes { diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go index a87f700bb0..f333b737aa 100644 --- a/daemon/daemon_windows.go +++ b/daemon/daemon_windows.go @@ -510,17 +510,11 @@ func (daemon *Daemon) conditionalMountOnStart(container *container.Container) er // conditionalUnmountOnCleanup is a platform specific helper function called // during the cleanup of a container to unmount. func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container) error { - - // Bail out now for Linux containers - if system.LCOWSupported() && container.OS != "windows" { + if daemon.runAsHyperVContainer(container.HostConfig) { + // We do not unmount if a Hyper-V container return nil } - - // We do not unmount if a Hyper-V container - if !daemon.runAsHyperVContainer(container.HostConfig) { - return daemon.Unmount(container) - } - return nil + return daemon.Unmount(container) } func driverOptions(config *config.Config) []nwconfig.Option { diff --git a/daemon/oci_windows.go b/daemon/oci_windows.go index 16054f356c..4236f260b0 100644 --- a/daemon/oci_windows.go +++ b/daemon/oci_windows.go @@ -5,7 +5,6 @@ import ( "fmt" "io/ioutil" "path/filepath" - "runtime" "strings" "github.com/Microsoft/hcsshim/osversion" @@ -13,7 +12,6 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/errdefs" "github.com/docker/docker/oci" - "github.com/docker/docker/oci/caps" "github.com/docker/docker/pkg/sysinfo" "github.com/docker/docker/pkg/system" specs "github.com/opencontainers/runtime-spec/specs-go" @@ -33,8 +31,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { if err != nil { return nil, err } + if !system.IsOSSupported(img.OperatingSystem()) { + return nil, system.ErrNotSupportedOperatingSystem + } - s := oci.DefaultOSSpec(img.OS) + s := oci.DefaultSpec() linkedEnv, err := daemon.setupLinkedContainers(c) if err != nil { @@ -116,11 +117,6 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { if !mount.Writable { m.Options = append(m.Options, "ro") } - if img.OS != runtime.GOOS { - m.Type = "bind" - m.Options = append(m.Options, "rbind") - m.Options = append(m.Options, fmt.Sprintf("uvmpath=/tmp/gcs/%s/binds", c.ID)) - } s.Mounts = append(s.Mounts, m) } @@ -200,20 +196,8 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { NetworkSharedContainerName: networkSharedContainerID, } - switch img.OS { - case "windows": - if err := daemon.createSpecWindowsFields(c, &s, isHyperV); err != nil { - return nil, err - } - case "linux": - if !system.LCOWSupported() { - return nil, fmt.Errorf("Linux containers on Windows are not supported") - } - if err := daemon.createSpecLinuxFields(c, &s); err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("Unsupported platform %q", img.OS) + if err := daemon.createSpecWindowsFields(c, &s, isHyperV); err != nil { + return nil, err } if logrus.IsLevelEnabled(logrus.DebugLevel) { @@ -222,7 +206,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { } } - return (*specs.Spec)(&s), nil + return &s, nil } // Sets the Windows-specific fields of the OCI spec @@ -370,41 +354,6 @@ func (daemon *Daemon) setWindowsCredentialSpec(c *container.Container, s *specs. return nil } -// Sets the Linux-specific fields of the OCI spec -// TODO: LCOW Support. We need to do a lot more pulling in what can -// be pulled in from oci_linux.go. -func (daemon *Daemon) createSpecLinuxFields(c *container.Container, s *specs.Spec) error { - s.Root = &specs.Root{ - Path: "rootfs", - Readonly: c.HostConfig.ReadonlyRootfs, - } - - s.Hostname = c.Config.Hostname - setLinuxDomainname(c, s) - - if len(s.Process.Cwd) == 0 { - s.Process.Cwd = `/` - } - s.Process.Args = append([]string{c.Path}, c.Args...) - - // Note these are against the UVM. - setResourcesInSpec(c, s, true) // LCOW is Hyper-V only - - capabilities, err := caps.TweakCapabilities(caps.DefaultCapabilities(), c.HostConfig.CapAdd, c.HostConfig.CapDrop, c.HostConfig.Privileged) - if err != nil { - return fmt.Errorf("linux spec capabilities: %v", err) - } - if err := oci.SetCapabilities(s, capabilities); err != nil { - return fmt.Errorf("linux spec capabilities: %v", err) - } - devPermissions, err := oci.AppendDevicePermissionsFromCgroupRules(nil, c.HostConfig.DeviceCgroupRules) - if err != nil { - return fmt.Errorf("linux runtime spec devices: %v", err) - } - s.Linux.Resources.Devices = devPermissions - return nil -} - func setResourcesInSpec(c *container.Container, s *specs.Spec, isHyperV bool) { // In s.Windows.Resources cpuShares := uint16(c.HostConfig.CPUShares) diff --git a/oci/defaults.go b/oci/defaults.go index 390618a89c..55a1d7a99e 100644 --- a/oci/defaults.go +++ b/oci/defaults.go @@ -14,12 +14,7 @@ func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm } // DefaultSpec returns the default spec used by docker for the current Platform func DefaultSpec() specs.Spec { - return DefaultOSSpec(runtime.GOOS) -} - -// DefaultOSSpec returns the spec for a given OS -func DefaultOSSpec(osName string) specs.Spec { - if osName == "windows" { + if runtime.GOOS == "windows" { return DefaultWindowsSpec() } return DefaultLinuxSpec() @@ -37,7 +32,7 @@ func DefaultWindowsSpec() specs.Spec { // DefaultLinuxSpec create a default spec for running Linux containers func DefaultLinuxSpec() specs.Spec { - s := specs.Spec{ + return specs.Spec{ Version: specs.Version, Process: &specs.Process{ Capabilities: &specs.LinuxCapabilities{ @@ -48,147 +43,139 @@ func DefaultLinuxSpec() specs.Spec { }, }, Root: &specs.Root{}, - } - s.Mounts = []specs.Mount{ - { - Destination: "/proc", - Type: "proc", - Source: "proc", - Options: []string{"nosuid", "noexec", "nodev"}, + Mounts: []specs.Mount{ + { + Destination: "/proc", + Type: "proc", + Source: "proc", + Options: []string{"nosuid", "noexec", "nodev"}, + }, + { + Destination: "/dev", + Type: "tmpfs", + Source: "tmpfs", + Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"}, + }, + { + Destination: "/dev/pts", + Type: "devpts", + Source: "devpts", + Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"}, + }, + { + Destination: "/sys", + Type: "sysfs", + Source: "sysfs", + Options: []string{"nosuid", "noexec", "nodev", "ro"}, + }, + { + Destination: "/sys/fs/cgroup", + Type: "cgroup", + Source: "cgroup", + Options: []string{"ro", "nosuid", "noexec", "nodev"}, + }, + { + Destination: "/dev/mqueue", + Type: "mqueue", + Source: "mqueue", + Options: []string{"nosuid", "noexec", "nodev"}, + }, + { + Destination: "/dev/shm", + Type: "tmpfs", + Source: "shm", + Options: []string{"nosuid", "noexec", "nodev", "mode=1777"}, + }, }, - { - Destination: "/dev", - Type: "tmpfs", - Source: "tmpfs", - Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"}, - }, - { - Destination: "/dev/pts", - Type: "devpts", - Source: "devpts", - Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"}, - }, - { - Destination: "/sys", - Type: "sysfs", - Source: "sysfs", - Options: []string{"nosuid", "noexec", "nodev", "ro"}, - }, - { - Destination: "/sys/fs/cgroup", - Type: "cgroup", - Source: "cgroup", - Options: []string{"ro", "nosuid", "noexec", "nodev"}, - }, - { - Destination: "/dev/mqueue", - Type: "mqueue", - Source: "mqueue", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - { - Destination: "/dev/shm", - Type: "tmpfs", - Source: "shm", - Options: []string{"nosuid", "noexec", "nodev", "mode=1777"}, - }, - } - - s.Linux = &specs.Linux{ - MaskedPaths: []string{ - "/proc/asound", - "/proc/acpi", - "/proc/kcore", - "/proc/keys", - "/proc/latency_stats", - "/proc/timer_list", - "/proc/timer_stats", - "/proc/sched_debug", - "/proc/scsi", - "/sys/firmware", - }, - ReadonlyPaths: []string{ - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger", - }, - Namespaces: []specs.LinuxNamespace{ - {Type: "mount"}, - {Type: "network"}, - {Type: "uts"}, - {Type: "pid"}, - {Type: "ipc"}, - }, - // Devices implicitly contains the following devices: - // null, zero, full, random, urandom, tty, console, and ptmx. - // ptmx is a bind mount or symlink of the container's ptmx. - // See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices - Devices: []specs.LinuxDevice{}, - Resources: &specs.LinuxResources{ - Devices: []specs.LinuxDeviceCgroup{ - { - Allow: false, - Access: "rwm", - }, - { - Allow: true, - Type: "c", - Major: iPtr(1), - Minor: iPtr(5), - Access: "rwm", - }, - { - Allow: true, - Type: "c", - Major: iPtr(1), - Minor: iPtr(3), - Access: "rwm", - }, - { - Allow: true, - Type: "c", - Major: iPtr(1), - Minor: iPtr(9), - Access: "rwm", - }, - { - Allow: true, - Type: "c", - Major: iPtr(1), - Minor: iPtr(8), - Access: "rwm", - }, - { - Allow: true, - Type: "c", - Major: iPtr(5), - Minor: iPtr(0), - Access: "rwm", - }, - { - Allow: true, - Type: "c", - Major: iPtr(5), - Minor: iPtr(1), - Access: "rwm", - }, - { - Allow: false, - Type: "c", - Major: iPtr(10), - Minor: iPtr(229), - Access: "rwm", + Linux: &specs.Linux{ + MaskedPaths: []string{ + "/proc/asound", + "/proc/acpi", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/proc/scsi", + "/sys/firmware", + }, + ReadonlyPaths: []string{ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger", + }, + Namespaces: []specs.LinuxNamespace{ + {Type: "mount"}, + {Type: "network"}, + {Type: "uts"}, + {Type: "pid"}, + {Type: "ipc"}, + }, + // Devices implicitly contains the following devices: + // null, zero, full, random, urandom, tty, console, and ptmx. + // ptmx is a bind mount or symlink of the container's ptmx. + // See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices + Devices: []specs.LinuxDevice{}, + Resources: &specs.LinuxResources{ + Devices: []specs.LinuxDeviceCgroup{ + { + Allow: false, + Access: "rwm", + }, + { + Allow: true, + Type: "c", + Major: iPtr(1), + Minor: iPtr(5), + Access: "rwm", + }, + { + Allow: true, + Type: "c", + Major: iPtr(1), + Minor: iPtr(3), + Access: "rwm", + }, + { + Allow: true, + Type: "c", + Major: iPtr(1), + Minor: iPtr(9), + Access: "rwm", + }, + { + Allow: true, + Type: "c", + Major: iPtr(1), + Minor: iPtr(8), + Access: "rwm", + }, + { + Allow: true, + Type: "c", + Major: iPtr(5), + Minor: iPtr(0), + Access: "rwm", + }, + { + Allow: true, + Type: "c", + Major: iPtr(5), + Minor: iPtr(1), + Access: "rwm", + }, + { + Allow: false, + Type: "c", + Major: iPtr(10), + Minor: iPtr(229), + Access: "rwm", + }, }, }, }, } - - // For LCOW support, populate a blank Windows spec - if runtime.GOOS == "windows" { - s.Windows = &specs.Windows{} - } - - return s } From 79f89ed9b7160cc4140ac3b04f820af98c8f409f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Jul 2021 12:26:39 +0200 Subject: [PATCH 2/5] hack/ci: remove LCOW from examples, and fix minor linting issue Signed-off-by: Sebastiaan van Stijn --- hack/ci/windows.ps1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hack/ci/windows.ps1 b/hack/ci/windows.ps1 index 00d8f905c6..2f2272f2fe 100644 --- a/hack/ci/windows.ps1 +++ b/hack/ci/windows.ps1 @@ -61,7 +61,6 @@ Write-Host -ForegroundColor Red "----------------------------------------------- # DOCKER_STORAGE_OPTS comma-separated list of optional storage driver options for the daemon under test # examples: # DOCKER_STORAGE_OPTS="size=40G" -# DOCKER_STORAGE_OPTS="lcow.globalmode=false,lcow.kernel=kernel.efi" # # SKIP_VALIDATION_TESTS if defined skips the validation tests # @@ -191,7 +190,7 @@ Function Nuke-Everything { Stop-Process -name "tail" -Force -ErrorAction SilentlyContinue 2>&1 | Out-Null # Detach any VHDs - gwmi msvm_mountedstorageimage -namespace root/virtualization/v2 -ErrorAction SilentlyContinue | foreach-object {$_.DetachVirtualHardDisk() } + gwmi msvm_mountedstorageimage -namespace root/virtualization/v2 -ErrorAction SilentlyContinue | foreach-Object {$_.DetachVirtualHardDisk() } # Stop any compute processes Get-ComputeProcess | Stop-ComputeProcess -Force @@ -602,10 +601,10 @@ Try { } # Arguments: Allow setting optional storage-driver options - # example usage: DOCKER_STORAGE_OPTS="lcow.globalmode=false,lcow.kernel=kernel.efi" + # example usage: DDOCKER_STORAGE_OPTS="size=40G" if (-not ("$env:DOCKER_STORAGE_OPTS" -eq "")) { Write-Host -ForegroundColor Green "INFO: Running the daemon under test with storage-driver options ${env:DOCKER_STORAGE_OPTS}" - $env:DOCKER_STORAGE_OPTS.Split(",") | ForEach { + $env:DOCKER_STORAGE_OPTS.Split(",") | ForEach-Object { $dutArgs += "--storage-opt $_" } } From dc70e55c9b84c4ff9304b251b98ef22914530880 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Jul 2021 12:46:41 +0200 Subject: [PATCH 3/5] distribution: remove LCOW code Signed-off-by: Sebastiaan van Stijn --- distribution/config.go | 12 ++--------- distribution/pull_v2.go | 48 ++++++++--------------------------------- 2 files changed, 11 insertions(+), 49 deletions(-) diff --git a/distribution/config.go b/distribution/config.go index 71a3f11c07..48b0b46e26 100644 --- a/distribution/config.go +++ b/distribution/config.go @@ -3,7 +3,6 @@ package distribution // import "github.com/docker/docker/distribution" import ( "context" "encoding/json" - "fmt" "io" "runtime" @@ -21,6 +20,7 @@ import ( "github.com/docker/libtrust" digest "github.com/opencontainers/go-digest" specs "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/pkg/errors" ) // Config stores configuration for communicating @@ -155,20 +155,12 @@ func (s *imageConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) return nil, err } - // fail immediately on Windows when downloading a non-Windows image - // and vice versa. Exception on Windows if Linux Containers are enabled. - if runtime.GOOS == "windows" && unmarshalledConfig.OS == "linux" && !system.LCOWSupported() { - return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS) - } else if runtime.GOOS != "windows" && unmarshalledConfig.OS == "windows" { - return nil, fmt.Errorf("image operating system %q cannot be used on this platform", unmarshalledConfig.OS) - } - os := unmarshalledConfig.OS if os == "" { os = runtime.GOOS } if !system.IsOSSupported(os) { - return nil, system.ErrNotSupportedOperatingSystem + return nil, errors.Wrapf(system.ErrNotSupportedOperatingSystem, "image operating system %q cannot be used on this platform", os) } return &specs.Platform{OS: os, Architecture: unmarshalledConfig.Architecture, Variant: unmarshalledConfig.Variant, OSVersion: unmarshalledConfig.OSVersion}, nil } diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go index a8aa712fb1..cecc6ca13a 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go @@ -8,7 +8,6 @@ import ( "io/ioutil" "os" "runtime" - "strings" "github.com/containerd/containerd/log" "github.com/containerd/containerd/platforms" @@ -487,6 +486,14 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform } func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unverifiedManifest *schema1.SignedManifest, platform *specs.Platform) (id digest.Digest, manifestDigest digest.Digest, err error) { + if platform != nil { + // Early bath if the requested OS doesn't match that of the configuration. + // This avoids doing the download, only to potentially fail later. + if !system.IsOSSupported(platform.OS) { + return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", runtime.GOOS, platform.OS) + } + } + var verifiedManifest *schema1.Manifest verifiedManifest, err = verifySchema1Manifest(unverifiedManifest, ref) if err != nil { @@ -541,44 +548,7 @@ func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unv descriptors = append(descriptors, layerDescriptor) } - // The v1 manifest itself doesn't directly contain an OS. However, - // the history does, but unfortunately that's a string, so search through - // all the history until hopefully we find one which indicates the OS. - // supertest2014/nyan is an example of a registry image with schemav1. - configOS := runtime.GOOS - if system.LCOWSupported() { - type config struct { - Os string `json:"os,omitempty"` - } - for _, v := range verifiedManifest.History { - var c config - if err := json.Unmarshal([]byte(v.V1Compatibility), &c); err == nil { - if c.Os != "" { - configOS = c.Os - break - } - } - } - } - - // In the situation that the API call didn't specify an OS explicitly, but - // we support the operating system, switch to that operating system. - // eg FROM supertest2014/nyan with no platform specifier, and docker build - // with no --platform= flag under LCOW. - requestedOS := "" - if platform != nil { - requestedOS = platform.OS - } else if system.IsOSSupported(configOS) { - requestedOS = configOS - } - - // Early bath if the requested OS doesn't match that of the configuration. - // This avoids doing the download, only to potentially fail later. - if !strings.EqualFold(configOS, requestedOS) { - return "", "", fmt.Errorf("cannot download image with operating system %q when requesting %q", configOS, requestedOS) - } - - resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, configOS, descriptors, p.config.ProgressOutput) + resultRootFS, release, err := p.config.DownloadManager.Download(ctx, *rootFS, runtime.GOOS, descriptors, p.config.ProgressOutput) if err != nil { return "", "", err } From 0998c7e363f7bd4f56020cb14b47bcf721f4b38c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Jul 2021 13:02:43 +0200 Subject: [PATCH 4/5] system: remove LCOWSupported() utility Signed-off-by: Sebastiaan van Stijn --- builder/dockerfile/dispatchers_test.go | 2 +- pkg/system/{lcow_unsupported.go => image_os.go} | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) rename pkg/system/{lcow_unsupported.go => image_os.go} (67%) diff --git a/builder/dockerfile/dispatchers_test.go b/builder/dockerfile/dispatchers_test.go index 3799b91c32..75ae30b52d 100644 --- a/builder/dockerfile/dispatchers_test.go +++ b/builder/dockerfile/dispatchers_test.go @@ -116,7 +116,7 @@ func TestFromScratch(t *testing.T) { } err := initializeStage(sb, cmd) - if runtime.GOOS == "windows" && !system.LCOWSupported() { + if runtime.GOOS == "windows" { assert.Check(t, is.Error(err, "Linux containers are not supported on this system")) return } diff --git a/pkg/system/lcow_unsupported.go b/pkg/system/image_os.go similarity index 67% rename from pkg/system/lcow_unsupported.go rename to pkg/system/image_os.go index 09150f1282..e3de86be29 100644 --- a/pkg/system/lcow_unsupported.go +++ b/pkg/system/image_os.go @@ -4,11 +4,6 @@ import ( "strings" ) -// LCOWSupported returns true if Linux containers on Windows are supported. -func LCOWSupported() bool { - return false -} - // IsOSSupported determines if an operating system is supported by the host. func IsOSSupported(os string) bool { return strings.EqualFold(runtime.GOOS, os) From 13cb04e57c9aafd93d10d06bdb942f2f10d7a8c2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Jul 2021 13:26:52 +0200 Subject: [PATCH 5/5] remove various LCOW bits (container, image, pkg/containerfs) Signed-off-by: Sebastiaan van Stijn --- container/container.go | 16 +++++----------- image/tarexport/save.go | 4 +--- pkg/archive/copy.go | 3 --- pkg/containerfs/containerfs.go | 3 +-- 4 files changed, 7 insertions(+), 19 deletions(-) diff --git a/container/container.go b/container/container.go index 3cc248c315..3a95d6ca84 100644 --- a/container/container.go +++ b/container/container.go @@ -264,12 +264,6 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error // SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir func (container *Container) SetupWorkingDirectory(rootIdentity idtools.Identity) error { - // TODO: LCOW Support. This will need revisiting. - // We will need to do remote filesystem operations here. - if container.OS != runtime.GOOS { - return nil - } - if container.Config.WorkingDir == "" { return nil } @@ -727,14 +721,14 @@ func getConfigTargetPath(r *swarmtypes.ConfigReference) string { // CreateDaemonEnvironment creates a new environment variable slice for this container. func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string { // Setup environment - os := container.OS - if os == "" { - os = runtime.GOOS + ctrOS := container.OS + if ctrOS == "" { + ctrOS = runtime.GOOS } // Figure out what size slice we need so we can allocate this all at once. envSize := len(container.Config.Env) - if runtime.GOOS != "windows" || (runtime.GOOS == "windows" && os == "linux") { + if runtime.GOOS != "windows" { envSize += 2 + len(linkedEnv) } if tty { @@ -743,7 +737,7 @@ func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string env := make([]string, 0, envSize) if runtime.GOOS != "windows" { - env = append(env, "PATH="+system.DefaultPathEnv(os)) + env = append(env, "PATH="+system.DefaultPathEnv(ctrOS)) env = append(env, "HOSTNAME="+container.Config.Hostname) if tty { env = append(env, "TERM=xterm") diff --git a/image/tarexport/save.go b/image/tarexport/save.go index 1a3fe03be4..e802552b0f 100644 --- a/image/tarexport/save.go +++ b/image/tarexport/save.go @@ -217,9 +217,7 @@ func (s *saveSession) save(outStream io.Writer) error { for _, l := range imageDescr.layers { // IMPORTANT: We use path, not filepath here to ensure the layers - // in the manifest use Unix-style forward-slashes. Otherwise, a - // Linux image saved from LCOW won't be able to be imported on - // LCOL. + // in the manifest use Unix-style forward-slashes. layers = append(layers, path.Join(l, legacyLayerFileName)) } diff --git a/pkg/archive/copy.go b/pkg/archive/copy.go index 4b9f504d7d..8a4cee908d 100644 --- a/pkg/archive/copy.go +++ b/pkg/archive/copy.go @@ -374,9 +374,6 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read return rebased } -// TODO @gupta-ak. These might have to be changed in the future to be -// continuity driver aware as well to support LCOW. - // CopyResource performs an archive copy from the given source path to the // given destination path. The source path MUST exist and the destination // path's parent directory must exist. diff --git a/pkg/containerfs/containerfs.go b/pkg/containerfs/containerfs.go index d25826ddbb..cf2d39c82e 100644 --- a/pkg/containerfs/containerfs.go +++ b/pkg/containerfs/containerfs.go @@ -28,8 +28,7 @@ type ContainerFS interface { // Driver combines both continuity's Driver and PathDriver interfaces with a Platform // field to determine the OS. type Driver interface { - // OS returns the OS where the rootfs is located. Essentially, - // runtime.GOOS for everything aside from LCOW, which is "linux" + // OS returns the OS where the rootfs is located. Essentially, runtime.GOOS. OS() string // Architecture returns the hardware architecture where the