From 105cb479917f4fca5e0484466e94b66860a515cf Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Fri, 13 Jun 2025 10:39:33 +0800 Subject: [PATCH] agent: always try to override oci process spec In previous version, only when the `guest-pull` feature is enabled during the build time, the OCI process will be tried to be overrided when the storage has a guest pull volume and also it is sandbox. After getting rid of the feature, whether it is guest-pull is runtimely determined thus we can always do this trying override, by checking if there is kata guest pull volume in storages and it's sandbox. Signed-off-by: Xynnn007 --- src/agent/src/rpc.rs | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index f072434f2e..3bcdf54420 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -312,19 +312,14 @@ impl AgentService { let pipe_size = AGENT_CONFIG.container_pipe_size; - let p = if let Some(p) = oci.process() { - { - let new_p = - confidential_data_hub::image::get_process(p, &oci, req.storages.clone())?; - Process::new(&sl(), &new_p, cid.as_str(), true, pipe_size, proc_io)? - } - - Process::new(&sl(), p, cid.as_str(), true, pipe_size, proc_io)? - } else { + let Some(p) = oci.process() else { info!(sl(), "no process configurations!"); return Err(anyhow!(nix::Error::EINVAL)); }; + let new_p = confidential_data_hub::image::get_process(p, &oci, req.storages.clone())?; + let p = Process::new(&sl(), &new_p, cid.as_str(), true, pipe_size, proc_io)?; + // if starting container failed, we will do some rollback work // to ensure no resources are leaked. if let Err(err) = ctr.start(p).await {