Remove no_pivot when creating container from CRI

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2023-03-13 14:39:58 -07:00
parent 07c2ae12e1
commit 8bd82e355a
16 changed files with 5 additions and 333 deletions
--- a/pkg/cri/server/container_start.go
+++ b/pkg/cri/server/container_start.go
@@ -110,17 +110,12 @@ func (c *criService) StartContainer(ctx context.Context, r *runtime.StartContain
 		return cntr.IO, nil
 	}

-	ctrInfo, err := container.Info(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get container info: %w", err)
-	}
-
 	ociRuntime, err := c.getSandboxRuntime(sandbox.Config, sandbox.Metadata.RuntimeHandler)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get sandbox runtime: %w", err)
 	}

-	taskOpts := c.taskOpts(ctrInfo.Runtime.Name)
+	var taskOpts []containerd.NewTaskOpts
 	if ociRuntime.Path != "" {
 		taskOpts = append(taskOpts, containerd.WithRuntimePath(ociRuntime.Path))
 	}
--- a/pkg/cri/server/helpers_test.go
+++ b/pkg/cri/server/helpers_test.go
@@ -236,7 +236,7 @@ systemd_cgroup = true
 	require.NoError(t, err)
 	err = tree.Unmarshal(&nilOptsConfig)
 	require.NoError(t, err)
-	require.Len(t, nilOptsConfig.Runtimes, 3)
+	require.Len(t, nilOptsConfig.Runtimes, 1)

 	tree, err = toml.Load(nonNilOpts)
 	require.NoError(t, err)
--- a/pkg/cri/server/sandbox_run.go
+++ b/pkg/cri/server/sandbox_run.go
@@ -352,7 +352,7 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
 	log.G(ctx).Tracef("Create sandbox container (id=%q, name=%q).",
 		id, name)

-	taskOpts := c.taskOpts(ociRuntime.Type)
+	var taskOpts []containerd.NewTaskOpts
 	if ociRuntime.Path != "" {
 		taskOpts = append(taskOpts, containerd.WithRuntimePath(ociRuntime.Path))
 	}
--- a/pkg/cri/server/sandbox_run_linux.go
+++ b/pkg/cri/server/sandbox_run_linux.go
@@ -22,9 +22,7 @@ import (
 	"strconv"
 	"strings"

-	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/oci"
-	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/snapshots"
 	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
 	runtimespec "github.com/opencontainers/runtime-spec/specs-go"
@@ -344,22 +342,6 @@ func (c *criService) cleanupSandboxFiles(id string, config *runtime.PodSandboxCo
 	return nil
 }

-// taskOpts generates task options for a (sandbox) container.
-func (c *criService) taskOpts(runtimeType string) []containerd.NewTaskOpts {
-	// TODO(random-liu): Remove this after shim v1 is deprecated.
-	var taskOpts []containerd.NewTaskOpts
-
-	// c.config.NoPivot is only supported for RuntimeLinuxV1 = "io.containerd.runtime.v1.linux" legacy linux runtime
-	// and is not supported for RuntimeRuncV1 = "io.containerd.runc.v1" or  RuntimeRuncV2 = "io.containerd.runc.v2"
-	// for RuncV1/2 no pivot is set under the containerd.runtimes.runc.options config see
-	// https://github.com/containerd/containerd/blob/v1.3.2/runtime/v2/runc/options/oci.pb.go#L26
-	if c.config.NoPivot && runtimeType == plugin.RuntimeLinuxV1 {
-		taskOpts = append(taskOpts, containerd.WithNoPivotRoot)
-	}
-
-	return taskOpts
-}
-
 func (c *criService) updateNetNamespacePath(spec *runtimespec.Spec, nsPath string) {
 	for i := range spec.Linux.Namespaces {
 		if spec.Linux.Namespaces[i].Type == runtimespec.NetworkNamespace {
--- a/pkg/cri/server/sandbox_run_other.go
+++ b/pkg/cri/server/sandbox_run_other.go
@@ -19,7 +19,6 @@
 package server

 import (
-	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/pkg/cri/annotations"
 	"github.com/containerd/containerd/snapshots"
@@ -51,11 +50,6 @@ func (c *criService) cleanupSandboxFiles(id string, config *runtime.PodSandboxCo
 	return nil
 }

-// taskOpts generates task options for a (sandbox) container.
-func (c *criService) taskOpts(runtimeType string) []containerd.NewTaskOpts {
-	return []containerd.NewTaskOpts{}
-}
-
 func (c *criService) updateNetNamespacePath(spec *runtimespec.Spec, nsPath string) {
 }

--- a/pkg/cri/server/sandbox_run_windows.go
+++ b/pkg/cri/server/sandbox_run_windows.go
@@ -20,7 +20,6 @@ import (
 	"fmt"
 	"strconv"

-	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/snapshots"
 	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
@@ -104,11 +103,6 @@ func (c *criService) cleanupSandboxFiles(id string, config *runtime.PodSandboxCo
 	return nil
 }

-// No task options needed for windows.
-func (c *criService) taskOpts(runtimeType string) []containerd.NewTaskOpts {
-	return nil
-}
-
 func (c *criService) updateNetNamespacePath(spec *runtimespec.Spec, nsPath string) {
 	spec.Windows.Network.NetworkNamespace = nsPath
 }