github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Update Windows lcow differ to set NT VIRTUAL MACHINE\Virtual Machines SID

Browse Source 
For LCOW using the Virtual Machines SID for the shared read-only layers
improves overall performance avoiding the need to set per VM access at runtime.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
This commit is contained in:
Justin Terry (VM) 2019-03-21 14:15:17 -07:00
parent 4c9b5ef8ea
commit 7361b19875
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
diff/lcow/lcow.go
View File

@ -25,6 +25,7 @@ import (
"path"
"time"
"github.com/Microsoft/go-winio/pkg/security"
"github.com/Microsoft/hcsshim/ext4/tar2ext4"
"github.com/containerd/containerd/archive/compression"
"github.com/containerd/containerd/content"
@ -142,7 +143,6 @@ func (s windowsLcowDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mou
if err != nil {
return emptyDesc, err
}
defer outFile.Close()
defer func() {
if err != nil {
outFile.Close()
@ -154,6 +154,12 @@ func (s windowsLcowDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mou
if err != nil {
return emptyDesc, errors.Wrapf(err, "failed to convert tar to ext4 vhd")
}
outFile.Close()
err = security.GrantVmGroupAccess(layerPath)
if err != nil {
return emptyDesc, errors.Wrapf(err, "failed GrantVmGroupAccess on layer vhd: %v", layerPath)
}
return ocispec.Descriptor{
MediaType: ocispec.MediaTypeImageLayer,