From b44b3193d06a2738cc7e7c299f6487b718c82595 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Wed, 1 Dec 2021 16:08:03 +0100
Subject: [PATCH] oci.DevicesFromPath() switch to use containerd implementation

Reducing the amount of code used from runc/libcontainer

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 oci/defaults.go           |  5 +----
 oci/devices_linux.go      | 34 ++++++++++------------------------
 oci/devices_linux_test.go | 31 -------------------------------
 3 files changed, 11 insertions(+), 59 deletions(-)
 delete mode 100644 oci/devices_linux_test.go

diff --git a/oci/defaults.go b/oci/defaults.go
index 9c5b5f83dc..b79892ddc2 100644
--- a/oci/defaults.go
+++ b/oci/defaults.go
@@ -1,16 +1,13 @@
 package oci // import "github.com/docker/docker/oci"
 
 import (
-	"os"
 	"runtime"
 
 	"github.com/docker/docker/oci/caps"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func iPtr(i int64) *int64        { return &i }
-func u32Ptr(i int64) *uint32     { u := uint32(i); return &u }
-func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
+func iPtr(i int64) *int64 { return &i }
 
 // DefaultSpec returns the default spec used by docker for the current Platform
 func DefaultSpec() specs.Spec {
diff --git a/oci/devices_linux.go b/oci/devices_linux.go
index 44414c6112..6a3fa6be9f 100644
--- a/oci/devices_linux.go
+++ b/oci/devices_linux.go
@@ -6,31 +6,17 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/opencontainers/runc/libcontainer/devices"
+	coci "github.com/containerd/containerd/oci"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/sys/unix"
 )
 
-// Device transforms a libcontainer devices.Device to a specs.LinuxDevice object.
-func Device(d *devices.Device) specs.LinuxDevice {
-	return specs.LinuxDevice{
-		Type:     string(d.Type),
-		Path:     d.Path,
-		Major:    d.Major,
-		Minor:    d.Minor,
-		FileMode: fmPtr(int64(d.FileMode &^ unix.S_IFMT)), // strip file type, as OCI spec only expects file-mode to be included
-		UID:      u32Ptr(int64(d.Uid)),
-		GID:      u32Ptr(int64(d.Gid)),
-	}
-}
-
-func deviceCgroup(d *devices.Device) specs.LinuxDeviceCgroup {
+func deviceCgroup(d *specs.LinuxDevice, permissions string) specs.LinuxDeviceCgroup {
 	return specs.LinuxDeviceCgroup{
 		Allow:  true,
-		Type:   string(d.Type),
+		Type:   d.Type,
 		Major:  &d.Major,
 		Minor:  &d.Minor,
-		Access: string(d.Permissions),
+		Access: permissions,
 	}
 }
 
@@ -45,22 +31,22 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
 		}
 	}
 
-	device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions)
+	device, err := coci.DeviceFromPath(resolvedPathOnHost)
 	// if there was no error, return the device
 	if err == nil {
 		device.Path = pathInContainer
-		return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil
+		return append(devs, *device), append(devPermissions, deviceCgroup(device, cgroupPermissions)), nil
 	}
 
 	// if the device is not a device node
 	// try to see if it's a directory holding many devices
-	if err == devices.ErrNotADevice {
+	if err == coci.ErrNotADevice {
 		// check if it is a directory
 		if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
 			// mount the internal devices recursively
 			// TODO check if additional errors should be handled or logged
 			_ = filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, _ error) error {
-				childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
+				childDevice, e := coci.DeviceFromPath(dpath)
 				if e != nil {
 					// ignore the device
 					return nil
@@ -68,8 +54,8 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
 
 				// add the device to userSpecified devices
 				childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
-				devs = append(devs, Device(childDevice))
-				devPermissions = append(devPermissions, deviceCgroup(childDevice))
+				devs = append(devs, *childDevice)
+				devPermissions = append(devPermissions, deviceCgroup(childDevice, cgroupPermissions))
 
 				return nil
 			})
diff --git a/oci/devices_linux_test.go b/oci/devices_linux_test.go
deleted file mode 100644
index 42ef2a6151..0000000000
--- a/oci/devices_linux_test.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package oci
-
-import (
-	"os"
-	"testing"
-
-	"github.com/opencontainers/runc/libcontainer/devices"
-	"golang.org/x/sys/unix"
-	"gotest.tools/v3/assert"
-)
-
-func TestDeviceMode(t *testing.T) {
-	tests := []struct {
-		name string
-		in   os.FileMode
-		out  os.FileMode
-	}{
-		{name: "regular permissions", in: 0777, out: 0777},
-		{name: "block device", in: 0777 | unix.S_IFBLK, out: 0777},
-		{name: "character device", in: 0777 | unix.S_IFCHR, out: 0777},
-		{name: "fifo device", in: 0777 | unix.S_IFIFO, out: 0777},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			d := Device(&devices.Device{FileMode: tc.in})
-			assert.Equal(t, *d.FileMode, tc.out)
-		})
-	}
-}