Merge pull request #7864 from Iceber/ctr_tasks

ctr/tasks: support remapped UID/GID

cmd/ctr/commands/run/run.go

@@ -186,7 +186,7 @@ var Command = cli.Command{
 			}
 		}
 
-		opts := getNewTaskOpts(context)
+		opts := tasks.GetNewTaskOpts(context)
 		ioOpts := []cio.Opt{cio.WithFIFODir(context.String("fifo-dir"))}
 		task, err := tasks.NewTask(ctx, client, container, context.String("checkpoint"), con, context.Bool("null-io"), context.String("log-uri"), ioOpts, opts...)
 		if err != nil {

cmd/ctr/commands/run/run_unix.go

@@ -40,7 +40,6 @@ import (
 	"github.com/containerd/containerd/snapshots"
 	"github.com/intel/goresctrl/pkg/blockio"
 	"github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
 
@@ -431,30 +430,6 @@ func getRuntimeOptions(context *cli.Context) (interface{}, error) {
 	return nil, nil
 }
 
-func getNewTaskOpts(context *cli.Context) []containerd.NewTaskOpts {
-	var (
-		tOpts []containerd.NewTaskOpts
-	)
-	if context.Bool("no-pivot") {
-		tOpts = append(tOpts, containerd.WithNoPivotRoot)
-	}
-	if uidmap := context.String("uidmap"); uidmap != "" {
-		uidMap, err := parseIDMapping(uidmap)
-		if err != nil {
-			logrus.WithError(err).Warn("unable to parse uidmap; defaulting to uid 0 IO ownership")
-		}
-		tOpts = append(tOpts, containerd.WithUIDOwner(uidMap.HostID))
-	}
-	if gidmap := context.String("gidmap"); gidmap != "" {
-		gidMap, err := parseIDMapping(gidmap)
-		if err != nil {
-			logrus.WithError(err).Warn("unable to parse gidmap; defaulting to gid 0 IO ownership")
-		}
-		tOpts = append(tOpts, containerd.WithGIDOwner(gidMap.HostID))
-	}
-	return tOpts
-}
-
 func parseIDMapping(mapping string) (specs.LinuxIDMapping, error) {
 	// We expect 3 parts, but limit to 4 to allow detection of invalid values.
 	parts := strings.SplitN(mapping, ":", 4)

cmd/ctr/commands/run/run_windows.go

@@ -182,10 +182,6 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 	return client.NewContainer(ctx, id, cOpts...)
 }
 
-func getNewTaskOpts(_ *cli.Context) []containerd.NewTaskOpts {
-	return nil
-}
-
 func getNetNSPath(ctx gocontext.Context, t containerd.Task) (string, error) {
 	s, err := t.Spec(ctx)
 	if err != nil {

cmd/ctr/commands/tasks/start.go

@@ -78,7 +78,7 @@ var startCommand = cli.Command{
 		}
 		var (
 			tty    = spec.Process.Terminal
-			opts   = getNewTaskOpts(context)
+			opts   = GetNewTaskOpts(context)
 			ioOpts = []cio.Opt{cio.WithFIFODir(context.String("fifo-dir"))}
 		)
 		var con console.Console

cmd/ctr/commands/tasks/tasks_unix.go

@@ -79,6 +79,20 @@ func NewTask(ctx gocontext.Context, client *containerd.Client, container contain
 		}
 		opts = append(opts, containerd.WithTaskCheckpoint(im))
 	}
+
+	spec, err := container.Spec(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if spec.Linux != nil {
+		if len(spec.Linux.UIDMappings) != 0 {
+			opts = append(opts, containerd.WithUIDOwner(spec.Linux.UIDMappings[0].HostID))
+		}
+		if len(spec.Linux.GIDMappings) != 0 {
+			opts = append(opts, containerd.WithGIDOwner(spec.Linux.GIDMappings[0].HostID))
+		}
+	}
+
 	var ioCreator cio.Creator
 	if con != nil {
 		if nullIO {
@@ -106,7 +120,8 @@ func NewTask(ctx gocontext.Context, client *containerd.Client, container contain
 	return t, nil
 }
 
-func getNewTaskOpts(context *cli.Context) []containerd.NewTaskOpts {
+// GetNewTaskOpts resolves containerd.NewTaskOpts from cli.Context
+func GetNewTaskOpts(context *cli.Context) []containerd.NewTaskOpts {
 	if context.Bool("no-pivot") {
 		return []containerd.NewTaskOpts{containerd.WithNoPivotRoot}
 	}

cmd/ctr/commands/tasks/tasks_windows.go

@@ -82,6 +82,7 @@ func NewTask(ctx gocontext.Context, client *containerd.Client, container contain
 	return container.NewTask(ctx, ioCreator)
 }
 
-func getNewTaskOpts(_ *cli.Context) []containerd.NewTaskOpts {
+// GetNewTaskOpts resolves containerd.NewTaskOpts from cli.Context
+func GetNewTaskOpts(_ *cli.Context) []containerd.NewTaskOpts {
 	return nil
 }