Move WithMounts to specs

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

pkg/cri/opts/spec.go

@@ -25,12 +25,13 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/oci"
-	"github.com/containerd/containerd/pkg/cri/util"
 	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
 	runtimespec "github.com/opencontainers/runtime-spec/specs-go"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
+	"github.com/containerd/containerd/pkg/cri/util"
 )
 
 // DefaultSandboxCPUshares is default cpu shares for sandbox container.

pkg/cri/opts/spec_linux.go

@@ -31,16 +31,17 @@ import (
 	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	"github.com/containerd/cgroups/v3"
 	"github.com/containerd/cgroups/v3/cgroup1"
-	"github.com/containerd/containerd/containers"
-	"github.com/containerd/containerd/log"
-	"github.com/containerd/containerd/mount"
-	"github.com/containerd/containerd/oci"
-	osinterface "github.com/containerd/containerd/pkg/os"
 	runtimespec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/oci"
+	osinterface "github.com/containerd/containerd/pkg/os"
 )
 
 // WithMounts sorts and adds runtime and CRI mounts to the spec
@@ -134,13 +135,13 @@ func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*ru
 				// Since default root propagation in runc is rprivate ignore
 				// setting the root propagation
 			case runtime.MountPropagation_PROPAGATION_BIDIRECTIONAL:
-				if err := ensureShared(src, osi.(osinterface.UNIX).LookupMount); err != nil {
+				if err := ensureShared(src, osi.LookupMount); err != nil {
 					return err
 				}
 				options = append(options, "rshared")
 				s.Linux.RootfsPropagation = "rshared"
 			case runtime.MountPropagation_PROPAGATION_HOST_TO_CONTAINER:
-				if err := ensureSharedOrSlave(src, osi.(osinterface.UNIX).LookupMount); err != nil {
+				if err := ensureSharedOrSlave(src, osi.LookupMount); err != nil {
 					return err
 				}
 				options = append(options, "rslave")

pkg/cri/sbserver/podsandbox/sandbox_run_linux.go

@@ -33,7 +33,6 @@ import (
 
 	"github.com/containerd/containerd/pkg/cri/annotations"
 	customopts "github.com/containerd/containerd/pkg/cri/opts"
-	osinterface "github.com/containerd/containerd/pkg/os"
 	"github.com/containerd/containerd/pkg/userns"
 )
 
@@ -291,7 +290,7 @@ func (c *Controller) setupSandboxFiles(id string, config *runtime.PodSandboxConf
 			return fmt.Errorf("failed to create sandbox shm: %w", err)
 		}
 		shmproperty := fmt.Sprintf("mode=1777,size=%d", defaultShmSize)
-		if err := c.os.(osinterface.UNIX).Mount("shm", sandboxDevShm, "tmpfs", uintptr(unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV), shmproperty); err != nil {
+		if err := c.os.Mount("shm", sandboxDevShm, "tmpfs", uintptr(unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV), shmproperty); err != nil {
 			return fmt.Errorf("failed to mount sandbox shm: %w", err)
 		}
 	}
@@ -327,7 +326,7 @@ func (c *Controller) cleanupSandboxFiles(id string, config *runtime.PodSandboxCo
 		if err != nil {
 			return fmt.Errorf("failed to follow symlink: %w", err)
 		}
-		if err := c.os.(osinterface.UNIX).Unmount(path); err != nil && !os.IsNotExist(err) {
+		if err := c.os.Unmount(path); err != nil && !os.IsNotExist(err) {
 			return fmt.Errorf("failed to unmount %q: %w", path, err)
 		}
 	}

pkg/cri/server/sandbox_run_linux.go

@@ -34,7 +34,6 @@ import (
 
 	"github.com/containerd/containerd/pkg/cri/annotations"
 	customopts "github.com/containerd/containerd/pkg/cri/opts"
-	osinterface "github.com/containerd/containerd/pkg/os"
 	"github.com/containerd/containerd/pkg/userns"
 )
 
@@ -309,7 +308,7 @@ func (c *criService) setupSandboxFiles(id string, config *runtime.PodSandboxConf
 			return fmt.Errorf("failed to create sandbox shm: %w", err)
 		}
 		shmproperty := fmt.Sprintf("mode=1777,size=%d", defaultShmSize)
-		if err := c.os.(osinterface.UNIX).Mount("shm", sandboxDevShm, "tmpfs", uintptr(unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV), shmproperty); err != nil {
+		if err := c.os.Mount("shm", sandboxDevShm, "tmpfs", uintptr(unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV), shmproperty); err != nil {
 			return fmt.Errorf("failed to mount sandbox shm: %w", err)
 		}
 	}
@@ -345,7 +344,7 @@ func (c *criService) cleanupSandboxFiles(id string, config *runtime.PodSandboxCo
 		if err != nil {
 			return fmt.Errorf("failed to follow symlink: %w", err)
 		}
-		if err := c.os.(osinterface.UNIX).Unmount(path); err != nil && !os.IsNotExist(err) {
+		if err := c.os.Unmount(path); err != nil && !os.IsNotExist(err) {
 			return fmt.Errorf("failed to unmount %q: %w", path, err)
 		}
 	}

pkg/os/mount_windows.go

@@ -0,0 +1,38 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package os
+
+import (
+	"errors"
+
+	"github.com/containerd/containerd/mount"
+)
+
+// Mount is an empty stub on Windows.
+func (RealOS) Mount(source string, target string, fstype string, flags uintptr, data string) error {
+	return errors.New("mount is not supported on Windows")
+}
+
+// Unmount is an empty stub on Windows.
+func (RealOS) Unmount(target string) error {
+	return errors.New("unmount is not supported on Windows")
+}
+
+// LookupMount is an empty stub on Windows.
+func (RealOS) LookupMount(path string) (mount.Info, error) {
+	return mount.Info{}, errors.New("mount lookups are not supported on Windows")
+}

pkg/os/os.go

@@ -21,6 +21,8 @@ import (
 	"os"
 
 	"github.com/moby/sys/symlink"
+
+	"github.com/containerd/containerd/mount"
 )
 
 // OS collects system level operations that need to be mocked out
@@ -34,6 +36,9 @@ type OS interface {
 	CopyFile(src, dest string, perm os.FileMode) error
 	WriteFile(filename string, data []byte, perm os.FileMode) error
 	Hostname() (string, error)
+	Mount(source string, target string, fstype string, flags uintptr, data string) error
+	Unmount(target string) error
+	LookupMount(path string) (mount.Info, error)
 }
 
 // RealOS is used to dispatch the real system level operations.

pkg/os/os_unix.go

@@ -21,18 +21,8 @@ package os
 import (
 	"os"
 	"path/filepath"
-
-	"github.com/containerd/containerd/mount"
 )
 
-// UNIX collects unix system level operations that need to be
-// mocked out during tests.
-type UNIX interface {
-	Mount(source string, target string, fstype string, flags uintptr, data string) error
-	Unmount(target string) error
-	LookupMount(path string) (mount.Info, error)
-}
-
 // ResolveSymbolicLink will follow any symbolic links
 func (RealOS) ResolveSymbolicLink(path string) (string, error) {
 	info, err := os.Lstat(path)

pkg/os/testing/fake_os_unix.go

@@ -1,23 +0,0 @@
-//go:build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package testing
-
-import osInterface "github.com/containerd/containerd/pkg/os"
-
-var _ osInterface.UNIX = &FakeOS{}