From c80a3ecafda985fe252975f49ccbd5dfcb286471 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 31 Jul 2023 17:45:59 +0200 Subject: [PATCH] cri/sbserver: Use platform instead of GOOS for userns detection In the sbserver we should not use the GOOS, as windows hosts can run linux containers. On the sbserver we should use the platform param. Signed-off-by: Rodrigo Campos --- pkg/cri/sbserver/sandbox_run.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/pkg/cri/sbserver/sandbox_run.go b/pkg/cri/sbserver/sandbox_run.go index 4b3e77159..c6baa7709 100644 --- a/pkg/cri/sbserver/sandbox_run.go +++ b/pkg/cri/sbserver/sandbox_run.go @@ -23,7 +23,6 @@ import ( "fmt" "math" "path/filepath" - goruntime "runtime" "strings" "time" @@ -144,8 +143,17 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox } }() + controller, err := c.getSandboxController(sandbox.Config, sandbox.RuntimeHandler) + if err != nil { + return nil, fmt.Errorf("failed to get sandbox controller: %w", err) + } + platform, err := controller.Platform(ctx, sandbox.ID) + if err != nil { + return nil, fmt.Errorf("failed to query sandbox platform: %w", err) + } + userNsEnabled := false - if goruntime.GOOS != "windows" { + if platform.OS == "linux" { usernsOpts := config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetUsernsOptions() if usernsOpts != nil && usernsOpts.GetMode() == runtime.NamespaceMode_POD { userNsEnabled = true @@ -233,11 +241,6 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox return nil, fmt.Errorf("unable to save sandbox %q to store: %w", id, err) } - controller, err := c.getSandboxController(config, r.GetRuntimeHandler()) - if err != nil { - return nil, fmt.Errorf("failed to get sandbox controller: %w", err) - } - // Save sandbox metadata to store if sandboxInfo, err = c.client.SandboxStore().Update(ctx, sandboxInfo, "extensions"); err != nil { return nil, fmt.Errorf("unable to update extensions for sandbox %q: %w", id, err)