kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

oci.DevicesFromPath() switch to use containerd implementation

Browse source 
Reducing the amount of code used from runc/libcontainer

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-12-01 16:08:03 +01:00
parent 572ca799db
commit b44b3193d0
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
3 changed files with 11 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
oci/defaults.go
View file

@ -1,7 +1,6 @@
package oci // import "github.com/docker/docker/oci" package oci // import "github.com/docker/docker/oci"
import ( import (
"os"
"runtime" "runtime"
"github.com/docker/docker/oci/caps" "github.com/docker/docker/oci/caps"
@ -9,8 +8,6 @@ import (
) )
func iPtr(i int64) *int64 { return &i } func iPtr(i int64) *int64 { return &i }
func u32Ptr(i int64) *uint32 { u := uint32(i); return &u }
func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
// DefaultSpec returns the default spec used by docker for the current Platform // DefaultSpec returns the default spec used by docker for the current Platform
func DefaultSpec() specs.Spec { func DefaultSpec() specs.Spec {

34
oci/devices_linux.go
View file

@ -6,31 +6,17 @@ import (
"path/filepath" "path/filepath"
"strings" "strings"
"github.com/opencontainers/runc/libcontainer/devices" coci "github.com/containerd/containerd/oci"
specs "github.com/opencontainers/runtime-spec/specs-go" specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/sys/unix"
) )
// Device transforms a libcontainer devices.Device to a specs.LinuxDevice object. func deviceCgroup(d *specs.LinuxDevice, permissions string) specs.LinuxDeviceCgroup {
func Device(d *devices.Device) specs.LinuxDevice {
return specs.LinuxDevice{
Type: string(d.Type),
Path: d.Path,
Major: d.Major,
Minor: d.Minor,
FileMode: fmPtr(int64(d.FileMode &^ unix.S_IFMT)), // strip file type, as OCI spec only expects file-mode to be included
UID: u32Ptr(int64(d.Uid)),
GID: u32Ptr(int64(d.Gid)),
}
}
func deviceCgroup(d *devices.Device) specs.LinuxDeviceCgroup {
return specs.LinuxDeviceCgroup{ return specs.LinuxDeviceCgroup{
Allow: true, Allow: true,
Type: string(d.Type), Type: d.Type,
Major: &d.Major, Major: &d.Major,
Minor: &d.Minor, Minor: &d.Minor,
Access: string(d.Permissions), Access: permissions,
} }
} }
@ -45,22 +31,22 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
} }
} }
device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions) device, err := coci.DeviceFromPath(resolvedPathOnHost)
// if there was no error, return the device // if there was no error, return the device
if err == nil { if err == nil {
device.Path = pathInContainer device.Path = pathInContainer
return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil return append(devs, *device), append(devPermissions, deviceCgroup(device, cgroupPermissions)), nil
} }
// if the device is not a device node // if the device is not a device node
// try to see if it's a directory holding many devices // try to see if it's a directory holding many devices
if err == devices.ErrNotADevice { if err == coci.ErrNotADevice {
// check if it is a directory // check if it is a directory
if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() { if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
// mount the internal devices recursively // mount the internal devices recursively
// TODO check if additional errors should be handled or logged // TODO check if additional errors should be handled or logged
_ = filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, _ error) error { _ = filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, _ error) error {
childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions) childDevice, e := coci.DeviceFromPath(dpath)
if e != nil { if e != nil {
// ignore the device // ignore the device
return nil return nil
@ -68,8 +54,8 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
// add the device to userSpecified devices // add the device to userSpecified devices
childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1) childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
devs = append(devs, Device(childDevice)) devs = append(devs, *childDevice)
devPermissions = append(devPermissions, deviceCgroup(childDevice)) devPermissions = append(devPermissions, deviceCgroup(childDevice, cgroupPermissions))
return nil return nil
}) })

31
oci/devices_linux_test.go
View file

@ -1,31 +0,0 @@
package oci
import (
"os"
"testing"
"github.com/opencontainers/runc/libcontainer/devices"
"golang.org/x/sys/unix"
"gotest.tools/v3/assert"
)
func TestDeviceMode(t *testing.T) {
tests := []struct {
name string
in os.FileMode
out os.FileMode
}{
{name: "regular permissions", in: 0777, out: 0777},
{name: "block device", in: 0777 | unix.S_IFBLK, out: 0777},
{name: "character device", in: 0777 | unix.S_IFCHR, out: 0777},
{name: "fifo device", in: 0777 | unix.S_IFIFO, out: 0777},
}
for _, tc := range tests {
tc := tc
t.Run(tc.name, func(t *testing.T) {
d := Device(&devices.Device{FileMode: tc.in})
assert.Equal(t, *d.FileMode, tc.out)
})
}
}