cri/sbserver: Remap snapshots for sbserver too

This is a port of 31a6449734 ("Add capability for snapshotters to
declare support for UID remapping") to sbserver.

This patch remaps the rootfs in the platform-specific if user namespaces
are in use, so the pod can read/write to the rootfs.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos
2023-07-07 18:47:07 +02:00
parent 508e6f6e03
commit 36a96d7f32
10 changed files with 82 additions and 9 deletions

View File

@@ -264,6 +264,7 @@ func appArmorProfileExists(profile string) (bool, error) {
}
// snapshotterOpts returns any Linux specific snapshotter options for the rootfs snapshot
func snapshotterOpts(snapshotterName string, config *runtime.ContainerConfig) []snapshots.Opt {
return []snapshots.Opt{}
func snapshotterOpts(snapshotterName string, config *runtime.ContainerConfig) ([]snapshots.Opt, error) {
nsOpts := config.GetLinux().GetSecurityContext().GetNamespaceOptions()
return snapshotterRemapOpts(nsOpts)
}