github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add support for spec generation with host devices

Browse Source 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2019-10-04 14:54:21 -04:00
parent 8d0d1ebb63
commit 25947db049
3 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
oci/spec_opts.go
View File

@ -1006,6 +1006,21 @@ func WithParentCgroupDevices(_ context.Context, _ Client, _ *containers.Containe
return nil return nil
} }
// WithAllDevicesAllowed permits READ WRITE MKNOD on all devices nodes for the container
func WithAllDevicesAllowed(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
setLinux(s)
if s.Linux.Resources == nil {
s.Linux.Resources = &specs.LinuxResources{}
}
s.Linux.Resources.Devices = []specs.LinuxDeviceCgroup{
{
Allow: true,
Access: rwm,
},
}
return nil
}
// WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to // WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to
// the container's resource cgroup spec // the container's resource cgroup spec
func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error { func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {

59
oci/spec_opts_linux.go
View File

@ -19,12 +19,71 @@
package oci package oci
import ( import (
"context"
"io/ioutil"
"os" "os"
"path/filepath"
"github.com/containerd/containerd/containers"
specs "github.com/opencontainers/runtime-spec/specs-go" specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
// WithHostDevices adds all the hosts device nodes to the container's spec
func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
setLinux(s)
devs, err := getDevices("/dev")
if err != nil {
return err
}
for _, d := range devs {
s.Linux.Devices = append(s.Linux.Devices, d)
}
return nil
}
func getDevices(path string) ([]specs.LinuxDevice, error) {
files, err := ioutil.ReadDir(path)
if err != nil {
return nil, err
}
var out []specs.LinuxDevice
for _, f := range files {
switch {
case f.IsDir():
switch f.Name() {
// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
continue
default:
sub, err := getDevices(filepath.Join(path, f.Name()))
if err != nil {
return nil, err
}
out = append(out, sub...)
continue
}
case f.Name() == "console":
continue
}
device, err := deviceFromPath(filepath.Join(path, f.Name()), "rwm")
if err != nil {
if err == ErrNotADevice {
continue
}
if os.IsNotExist(err) {
continue
}
return nil, err
}
out = append(out, *device)
}
return out, nil
}
func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) { func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
var stat unix.Stat_t var stat unix.Stat_t
if err := unix.Lstat(path, &stat); err != nil { if err := unix.Lstat(path, &stat); err != nil {

7
oci/spec_opts_windows.go
View File

@ -67,6 +67,13 @@ func WithWindowNetworksAllowUnqualifiedDNSQuery() SpecOpts {
} }
} }
// WithHostDevices adds all the hosts device nodes to the container's spec
//
// Not supported on windows
func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
return nil
}
func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) { func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
return nil, errors.New("device from path not supported on Windows") return nil, errors.New("device from path not supported on Windows")
} }