From f265727bdf637c717cd8bdc8675aff4d1714963e Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 10 Jan 2017 11:00:57 -0800 Subject: [PATCH] plugins: rename DeviceCreation to AllowAllDevices Signed-off-by: Tibor Vass --- api/swagger.yaml | 8 ++++---- api/types/plugin.go | 8 ++++---- docs/extend/config.md | 6 +++++- plugin/backend_linux.go | 6 +++--- plugin/v2/plugin_linux.go | 2 +- 5 files changed, 17 insertions(+), 13 deletions(-) diff --git a/api/swagger.yaml b/api/swagger.yaml index c1c6338ee2..8d851a2e77 100644 --- a/api/swagger.yaml +++ b/api/swagger.yaml @@ -1444,13 +1444,13 @@ definitions: Linux: type: "object" x-nullable: false - required: [Capabilities, DeviceCreation, Devices] + required: [Capabilities, AllowAllDevices, Devices] properties: Capabilities: type: "array" items: type: "string" - DeviceCreation: + AllowAllDevices: type: "boolean" x-nullable: false Devices: @@ -1522,7 +1522,7 @@ definitions: Type: "" Linux: Capabilities: null - DeviceCreation: false + AllowAllDevices: false Devices: null Mounts: null PropagatedMount: "/data" @@ -6364,7 +6364,7 @@ paths: Type: "" Linux: Capabilities: null - DeviceCreation: false + AllowAllDevices: false Devices: null Mounts: null PropagatedMount: "/data" diff --git a/api/types/plugin.go b/api/types/plugin.go index 44c7f52721..46f47be26f 100644 --- a/api/types/plugin.go +++ b/api/types/plugin.go @@ -120,14 +120,14 @@ type PluginConfigInterface struct { // swagger:model PluginConfigLinux type PluginConfigLinux struct { + // allow all devices + // Required: true + AllowAllDevices bool `json:"AllowAllDevices"` + // capabilities // Required: true Capabilities []string `json:"Capabilities"` - // device creation - // Required: true - DeviceCreation bool `json:"DeviceCreation"` - // devices // Required: true Devices []PluginDevice `json:"Devices"` diff --git a/docs/extend/config.md b/docs/extend/config.md index 538dc6ac47..b98be592a0 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -153,6 +153,10 @@ Config provides the base accessible fields for working with V0 plugin format capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) + - **`allowAllDevices`** *boolean* + + If `/dev` is bind mounted from the host, and allowAllDevices is set to true, the plugin will have `rwm` access to all devices on the host. + - **`devices`** *PluginDevice array* device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) @@ -205,7 +209,7 @@ Config provides the base accessible fields for working with V0 plugin format }, "Linux": { "Capabilities": null, - "DeviceCreation": false, + "AllowAllDevices": false, "Devices": null }, "Mounts": null, diff --git a/plugin/backend_linux.go b/plugin/backend_linux.go index 6ac1e06762..91406d5a33 100644 --- a/plugin/backend_linux.go +++ b/plugin/backend_linux.go @@ -159,10 +159,10 @@ func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) { }) } } - if c.Linux.DeviceCreation { + if c.Linux.AllowAllDevices { privileges = append(privileges, types.PluginPrivilege{ - Name: "device-creation", - Description: "allow creating devices inside plugin", + Name: "allow-all-devices", + Description: "allow 'rwm' access to all devices", Value: []string{"true"}, }) } diff --git a/plugin/v2/plugin_linux.go b/plugin/v2/plugin_linux.go index 0f4cb29849..f1c2da0bc7 100644 --- a/plugin/v2/plugin_linux.go +++ b/plugin/v2/plugin_linux.go @@ -87,7 +87,7 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) { s.Linux.RootfsPropagation = "rshared" } - if p.PluginObj.Config.Linux.DeviceCreation { + if p.PluginObj.Config.Linux.AllowAllDevices { rwm := "rwm" s.Linux.Resources.Devices = []specs.DeviceCgroup{{Allow: true, Access: &rwm}} }