github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-01 05:04:26 +00:00
Code Issues Projects Releases Wiki Activity

runtime: fail early when starting docker container with FC

Browse Source 
FC does not support network device hotplug. Let's add a check to fail
early when starting containers created by docker.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Peng Tao 2023-08-22 11:17:31 +00:00
parent 32fd013716
commit 21204caf20
3 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/runtime/virtcontainers/sandbox.go
View File

@ -955,6 +955,17 @@ func (s *Sandbox) createNetwork(ctx context.Context) error {
return nil return nil
} }
// docker container needs the hypervisor process ID to find out the container netns,
// which means that the hypervisor has to support network device hotplug so that docker
// can use the prestart hooks to set up container netns.
caps := s.hypervisor.Capabilities(ctx)
if !caps.IsNetworkDeviceHotplugSupported() {
spec := s.GetPatchedOCISpec()
if utils.IsDockerContainer(spec) {
return errors.New("docker container needs network device hotplug but the configured hypervisor does not support it")
}
}
span, ctx := katatrace.Trace(ctx, s.Logger(), "createNetwork", sandboxTracingTags, map[string]string{"sandbox_id": s.id}) span, ctx := katatrace.Trace(ctx, s.Logger(), "createNetwork", sandboxTracingTags, map[string]string{"sandbox_id": s.id})
defer span.End() defer span.End()
katatrace.AddTags(span, "network", s.network, "NetworkConfig", s.config.NetworkConfig) katatrace.AddTags(span, "network", s.network, "NetworkConfig", s.config.NetworkConfig)

20
src/runtime/virtcontainers/utils/utils.go
View File

@ -12,9 +12,11 @@ import (
"os" "os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"strings"
"syscall" "syscall"
"time" "time"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
@ -494,3 +496,21 @@ func RevertBytes(num uint64) uint64 {
} }
return 1024*RevertBytes(a) + b return 1024*RevertBytes(a) + b
} }
// IsDockerContainer returns if the container is managed by docker
// This is done by checking the prestart hook for `libnetwork` arguments.
func IsDockerContainer(spec *specs.Spec) bool {
if spec == nil || spec.Hooks == nil {
return false
}
for _, hook := range spec.Hooks.Prestart {
for _, arg := range hook.Args {
if strings.HasPrefix(arg, "libnetwork") {
return true
}
}
}
return false
}

23
src/runtime/virtcontainers/utils/utils_test.go
View File

@ -16,6 +16,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -580,3 +581,25 @@ func TestRevertBytes(t *testing.T) {
num := RevertBytes(testNum) num := RevertBytes(testNum)
assert.Equal(expectedNum, num) assert.Equal(expectedNum, num)
} }
func TestIsDockerContainer(t *testing.T) {
assert := assert.New(t)
ociSpec := &specs.Spec{
Hooks: &specs.Hooks{
Prestart: []specs.Hook{
{
Args: []string{
"haha",
},
},
},
},
}
assert.False(IsDockerContainer(ociSpec))
ociSpec.Hooks.Prestart = append(ociSpec.Hooks.Prestart, specs.Hook{
Args: []string{"libnetwork-xxx"},
})
assert.True(IsDockerContainer(ociSpec))
}