From bf00b8df871773c429e0315bb31205ed04929d7b Mon Sep 17 00:00:00 2001 From: Lei Li Date: Tue, 21 Sep 2021 07:49:52 +0000 Subject: [PATCH] agent-ctl: improve the oci_to_grpc code The oci_to_grpc function just handles part of oci fields, and others are not copied from oci spec to grpc spec, such as process.env, process.capabilities, mounts and so on. Try to implement more handlings to convert thoses fields. Fixes #2686 Signed-off-by: Lei Li --- tools/agent-ctl/src/utils.rs | 50 +++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/tools/agent-ctl/src/utils.rs b/tools/agent-ctl/src/utils.rs index 1a71fd6da3..a08c6f6f99 100644 --- a/tools/agent-ctl/src/utils.rs +++ b/tools/agent-ctl/src/utils.rs @@ -5,10 +5,11 @@ use crate::types::{Config, Options}; use anyhow::{anyhow, Result}; -use oci::{Process as ociProcess, Root as ociRoot, Spec as ociSpec}; +use oci::{Process as ociProcess, Root as ociRoot, Spec as ociSpec, Mount as ociMount}; use protocols::oci::{ Box as grpcBox, Linux as grpcLinux, LinuxCapabilities as grpcLinuxCapabilities, Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec, User as grpcUser, + Mount as grpcMount, }; use rand::Rng; use slog::{debug, warn}; @@ -304,11 +305,25 @@ fn process_oci_to_grpc(p: &ociProcess) -> grpcProcess { //let rlimits = vec![grpcPOSIXRlimit::new()]; let rlimits = protobuf::RepeatedField::new(); - // FIXME: Implement Capabilities OCI spec handling (copy from p.capabilities) - let capabilities = grpcLinuxCapabilities::new(); + let capabilities = match &p.capabilities { + Some(c) => { + let mut gc = grpcLinuxCapabilities::new(); - // FIXME: Implement Env OCI spec handling (copy from p.env) - let env = protobuf::RepeatedField::new(); + gc.set_Bounding(protobuf::RepeatedField::from_slice(&c.bounding)); + gc.set_Effective(protobuf::RepeatedField::from_slice(&c.effective)); + gc.set_Inheritable(protobuf::RepeatedField::from_slice(&c.inheritable)); + gc.set_Permitted(protobuf::RepeatedField::from_slice(&c.permitted)); + gc.set_Ambient(protobuf::RepeatedField::from_slice(&c.ambient)); + + protobuf::SingularPtrField::some(gc) + } + None => protobuf::SingularPtrField::none(), + }; + + let mut env = protobuf::RepeatedField::new(); + for pair in &p.env { + env.push(pair.to_string()); + } grpcProcess { Terminal: p.terminal, @@ -317,7 +332,7 @@ fn process_oci_to_grpc(p: &ociProcess) -> grpcProcess { Args: protobuf::RepeatedField::from_vec(p.args.clone()), Env: env, Cwd: p.cwd.clone(), - Capabilities: protobuf::SingularPtrField::some(capabilities), + Capabilities: capabilities, Rlimits: rlimits, NoNewPrivileges: p.no_new_privileges, ApparmorProfile: p.apparmor_profile.clone(), @@ -328,6 +343,22 @@ fn process_oci_to_grpc(p: &ociProcess) -> grpcProcess { } } +fn mount_oci_to_grpc(m: &ociMount) -> grpcMount { + let mut grpc_options = protobuf::RepeatedField::new(); + for op in &m.options { + grpc_options.push(op.to_string()); + } + + grpcMount { + destination: m.destination.clone(), + source: m.source.clone(), + field_type: m.r#type.clone(), + options: grpc_options, + unknown_fields: protobuf::UnknownFields::new(), + cached_size: protobuf::CachedSize::default(), + } +} + fn oci_to_grpc(bundle_dir: &str, cid: &str, oci: &ociSpec) -> Result { let process = match &oci.process { Some(p) => protobuf::SingularPtrField::some(process_oci_to_grpc(&p)), @@ -343,6 +374,11 @@ fn oci_to_grpc(bundle_dir: &str, cid: &str, oci: &ociSpec) -> Result { None => protobuf::SingularPtrField::none(), }; + let mut mounts = protobuf::RepeatedField::new(); + for m in &oci.mounts { + mounts.push(mount_oci_to_grpc(&m)); + } + // FIXME: Implement Linux OCI spec handling let linux = grpcLinux::new(); @@ -359,7 +395,7 @@ fn oci_to_grpc(bundle_dir: &str, cid: &str, oci: &ociSpec) -> Result { Process: process, Root: root, Hostname: hostname, - Mounts: protobuf::RepeatedField::new(), + Mounts: mounts, Hooks: protobuf::SingularPtrField::none(), Annotations: HashMap::new(), Linux: protobuf::SingularPtrField::some(linux),