Merge pull request #5882 from bergwolf/github/oci-namespaces

runtime-rs: fix sandbox_pidns calculation and oci spec amending
2025-09-16 22:39:01 +00:00 · 2022-12-13 18:32:02 +08:00
parent f1381eb361 79cf38e6ea
commit 3952fedcd0
1 changed files with 8 additions and 6 deletions
--- a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
@@ -4,6 +4,7 @@
 // SPDX-License-Identifier: Apache-2.0
 //

+use std::collections::HashMap;
 use std::sync::Arc;

 use agent::Agent;
@@ -81,8 +82,8 @@ impl Container {
        let mut inner = self.inner.write().await;
        let toml_config = self.resource_manager.config().await;
        let config = &self.config;
-        amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;
        let sandbox_pidns = is_pid_namespace_enabled(&spec);
+        amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;

        // handler rootfs
        let rootfs = self
@@ -143,13 +144,10 @@ impl Container {
        // create container
        let r = agent::CreateContainerRequest {
            process_id: agent::ContainerProcessID::new(&config.container_id, ""),
-            string_user: None,
-            devices: vec![],
            storages,
            oci: Some(spec),
-            guest_hooks: None,
            sandbox_pidns,
-            rootfs_mounts: vec![],
+            ..Default::default()
        };

        self.agent
@@ -396,6 +394,7 @@ fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<()> {
            resource.block_io = None;
            resource.hugepage_limits = Vec::new();
            resource.network = None;
+            resource.rdma = HashMap::new();
        }

        // Host pidns path does not make sense in kata. Let's just align it with
@@ -404,7 +403,10 @@ fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<()> {
        for n in linux.namespaces.iter() {
            match n.r#type.as_str() {
                oci::PIDNAMESPACE | oci::NETWORKNAMESPACE => continue,
-                _ => ns.push(n.clone()),
+                _ => ns.push(oci::LinuxNamespace {
+                    r#type: n.r#type.clone(),
+                    path: "".to_string(),
+                }),
            }
        }