diff --git a/virtcontainers/kata_agent.go b/virtcontainers/kata_agent.go index 22cbc42ce2..17a664212e 100644 --- a/virtcontainers/kata_agent.go +++ b/virtcontainers/kata_agent.go @@ -550,9 +550,15 @@ func constraintGRPCSpec(grpcSpec *grpc.Spec) { // here: https://github.com/kata-containers/agent/issues/104 grpcSpec.Linux.Seccomp = nil - // TODO: Remove this constraint as soon as the agent properly handles - // resources provided through the specification. - grpcSpec.Linux.Resources = nil + // By now only CPU constraints are supported + // Issue: https://github.com/kata-containers/runtime/issues/158 + // Issue: https://github.com/kata-containers/runtime/issues/204 + grpcSpec.Linux.Resources.Devices = nil + grpcSpec.Linux.Resources.Memory = nil + grpcSpec.Linux.Resources.Pids = nil + grpcSpec.Linux.Resources.BlockIO = nil + grpcSpec.Linux.Resources.HugepageLimits = nil + grpcSpec.Linux.Resources.Network = nil // Disable network namespace since it is already handled on the host by // virtcontainers. The network is a complex part which cannot be simply diff --git a/virtcontainers/kata_agent_test.go b/virtcontainers/kata_agent_test.go index e49c20460d..568d7b9d62 100644 --- a/virtcontainers/kata_agent_test.go +++ b/virtcontainers/kata_agent_test.go @@ -27,6 +27,7 @@ import ( gpb "github.com/gogo/protobuf/types" pb "github.com/kata-containers/agent/protocols/grpc" "github.com/kata-containers/runtime/virtcontainers/pkg/mock" + specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/stretchr/testify/assert" "github.com/vishvananda/netlink" "golang.org/x/net/context" @@ -379,3 +380,60 @@ func TestAppendDevices(t *testing.T) { "Device lists didn't match: got %+v, expecting %+v", updatedDevList, expected) } + +func TestConstraintGRPCSpec(t *testing.T) { + assert := assert.New(t) + + g := &pb.Spec{ + Hooks: &pb.Hooks{}, + Mounts: []pb.Mount{ + {Destination: "/dev/shm"}, + }, + Linux: &pb.Linux{ + Seccomp: &pb.LinuxSeccomp{}, + Namespaces: []pb.LinuxNamespace{ + { + Type: specs.NetworkNamespace, + Path: "/abc/123", + }, + { + Type: specs.MountNamespace, + Path: "/abc/123", + }, + }, + Resources: &pb.LinuxResources{ + Devices: []pb.LinuxDeviceCgroup{}, + Memory: &pb.LinuxMemory{}, + CPU: &pb.LinuxCPU{}, + Pids: &pb.LinuxPids{}, + BlockIO: &pb.LinuxBlockIO{}, + HugepageLimits: []pb.LinuxHugepageLimit{}, + Network: &pb.LinuxNetwork{}, + }, + }, + } + + constraintGRPCSpec(g) + + // check nil fields + assert.Nil(g.Hooks) + assert.Nil(g.Linux.Seccomp) + assert.Nil(g.Linux.Resources.Devices) + assert.Nil(g.Linux.Resources.Memory) + assert.Nil(g.Linux.Resources.Pids) + assert.Nil(g.Linux.Resources.BlockIO) + assert.Nil(g.Linux.Resources.HugepageLimits) + assert.Nil(g.Linux.Resources.Network) + assert.NotNil(g.Linux.Resources.CPU) + + // check namespaces + assert.Len(g.Linux.Namespaces, 1) + assert.Empty(g.Linux.Namespaces[0].Path) + + // check mounts + assert.Len(g.Mounts, 1) + assert.NotEmpty(g.Mounts[0].Destination) + assert.NotEmpty(g.Mounts[0].Type) + assert.NotEmpty(g.Mounts[0].Source) + assert.NotEmpty(g.Mounts[0].Options) +}