github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 06:48:51 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #5882 from bergwolf/github/oci-namespaces

Browse Source 
runtime-rs: fix sandbox_pidns calculation and oci spec amending
This commit is contained in:
Bin Liu
2022-12-13 18:32:02 +08:00
committed by GitHub
parent f1381eb361 79cf38e6ea
commit 3952fedcd0
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
View File

@@ -4,6 +4,7 @@
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// //
use std::collections::HashMap;
use std::sync::Arc; use std::sync::Arc;
use agent::Agent; use agent::Agent;
@@ -81,8 +82,8 @@ impl Container {
let mut inner = self.inner.write().await; let mut inner = self.inner.write().await;
let toml_config = self.resource_manager.config().await; let toml_config = self.resource_manager.config().await;
let config = &self.config; let config = &self.config;
amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;
let sandbox_pidns = is_pid_namespace_enabled(&spec); let sandbox_pidns = is_pid_namespace_enabled(&spec);
amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;
// handler rootfs // handler rootfs
let rootfs = self let rootfs = self
@@ -143,13 +144,10 @@ impl Container {
// create container // create container
let r = agent::CreateContainerRequest { let r = agent::CreateContainerRequest {
process_id: agent::ContainerProcessID::new(&config.container_id, ""), process_id: agent::ContainerProcessID::new(&config.container_id, ""),
string_user: None,
devices: vec![],
storages, storages,
oci: Some(spec), oci: Some(spec),
guest_hooks: None,
sandbox_pidns, sandbox_pidns,
rootfs_mounts: vec![], ..Default::default()
}; };
self.agent self.agent
@@ -396,6 +394,7 @@ fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<()> {
resource.block_io = None; resource.block_io = None;
resource.hugepage_limits = Vec::new(); resource.hugepage_limits = Vec::new();
resource.network = None; resource.network = None;
resource.rdma = HashMap::new();
} }
// Host pidns path does not make sense in kata. Let's just align it with // Host pidns path does not make sense in kata. Let's just align it with
@@ -404,7 +403,10 @@ fn amend_spec(spec: &mut oci::Spec, disable_guest_seccomp: bool) -> Result<()> {
for n in linux.namespaces.iter() { for n in linux.namespaces.iter() {
match n.r#type.as_str() { match n.r#type.as_str() {
oci::PIDNAMESPACE | oci::NETWORKNAMESPACE => continue, oci::PIDNAMESPACE | oci::NETWORKNAMESPACE => continue,
_ => ns.push(n.clone()), _ => ns.push(oci::LinuxNamespace {
r#type: n.r#type.clone(),
path: "".to_string(),
}),
} }
} }