github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-06 23:47:31 +00:00
Code Issues Projects Releases Wiki Activity

runk: Handle rootfs path in config.json properly

Browse Source 
This commit enables runk to handle `root.path` in `config.json`
properly even if the path is specified by a relative path that
includes the single (`.`) or the double (`..`) dots.
For example, with a bundle at `/to/bundle` and a rootfs directly
under `/to/bundle` such as `/to/bundle/{bin,dev,etc,home,...}`,
the `root.path` value can be either `/to/bundle` or just `.`.
This behavior conforms to OCI runtime spec.
Accordingly, a bundle path managed by runk's status file
(`status.json`) always is statically stored as a canonical path.
Previously, a bundle path has been got by `oci_state()` of rustjail's
API that returns the path as the parent directory path of a rootfs
(`root.path`). In case of the kata-agent, this works properly because
the kata containers assume that the rootfs path is always
`/to/bundle/rootfs`. However in case of standard OCI runtimes,
a rootfs can be placed anywhere under a bundle, so the rootfs path
doesn't always have to be at a `/to/bundle/rootfs`.

Fixes: #4334

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
This commit is contained in:
Manabu Sugimoto 2022-05-29 16:34:38 +09:00
parent 4134beee39
commit d862ca0590
4 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/tools/runk/libcontainer/src/builder.rs
View File

@ -37,20 +37,20 @@ impl Container {
// If the rootfs path in the spec file is a relative path, // If the rootfs path in the spec file is a relative path,
// convert it into a canonical path to pass validation of rootfs in the agent. // convert it into a canonical path to pass validation of rootfs in the agent.
if !&rootfs_path.is_absolute() { if !&rootfs_path.is_absolute() {
let rootfs_name = rootfs_path
.file_name()
.ok_or_else(|| anyhow!("invalid rootfs name"))?;
spec_root.path = bundle_canon spec_root.path = bundle_canon
.join(rootfs_name) .join(rootfs_path)
.canonicalize()?
.to_str() .to_str()
.map(|s| s.to_string()) .map(|s| s.to_string())
.ok_or_else(|| anyhow!("failed to convert bundle path"))?; .ok_or_else(|| {
anyhow!("failed to convert a rootfs path into a canonical path")
})?;
} }
} }
Ok(ContainerContext { Ok(ContainerContext {
id: self.id, id: self.id,
bundle: self.bundle, bundle: bundle_canon,
state_root: self.root, state_root: self.root,
spec, spec,
// TODO: liboci-cli does not support --no-pivot option for create and run command. // TODO: liboci-cli does not support --no-pivot option for create and run command.

3
src/tools/runk/libcontainer/src/container.rs
View File

@ -95,6 +95,7 @@ impl ContainerContext {
let oci_state = ctr.oci_state()?; let oci_state = ctr.oci_state()?;
let status = Status::new( let status = Status::new(
&self.state_root, &self.state_root,
&self.bundle,
oci_state, oci_state,
ctr.init_process_start_time, ctr.init_process_start_time,
ctr.created, ctr.created,
@ -141,7 +142,7 @@ mod tests {
#[test] #[test]
fn test_get_fifo_path() { fn test_get_fifo_path() {
let test_data = PathBuf::from(TEST_BUNDLE_PATH) let test_data = PathBuf::from(TEST_STATE_ROOT_PATH)
.join(TEST_CONTAINER_ID) .join(TEST_CONTAINER_ID)
.join(EXEC_FIFO_FILENAME); .join(EXEC_FIFO_FILENAME);
let status = create_dummy_status(); let status = create_dummy_status();

4
src/tools/runk/libcontainer/src/status.rs
View File

@ -42,6 +42,7 @@ pub struct Status {
impl Status { impl Status {
pub fn new( pub fn new(
root: &Path, root: &Path,
bundle: &Path,
oci_state: OCIState, oci_state: OCIState,
process_start_time: u64, process_start_time: u64,
created_time: SystemTime, created_time: SystemTime,
@ -64,7 +65,7 @@ impl Status {
id: oci_state.id, id: oci_state.id,
pid: oci_state.pid, pid: oci_state.pid,
root: root.to_path_buf(), root: root.to_path_buf(),
bundle: PathBuf::from(&oci_state.bundle), bundle: bundle.to_path_buf(),
rootfs, rootfs,
process_start_time, process_start_time,
created, created,
@ -209,6 +210,7 @@ mod tests {
let oci_state = create_dummy_oci_state(); let oci_state = create_dummy_oci_state();
let created = SystemTime::now(); let created = SystemTime::now();
let status = Status::new( let status = Status::new(
Path::new(TEST_STATE_ROOT_PATH),
Path::new(TEST_BUNDLE_PATH), Path::new(TEST_BUNDLE_PATH),
oci_state.clone(), oci_state.clone(),
1, 1,

4
src/tools/runk/libcontainer/src/utils.rs
View File

@ -45,7 +45,8 @@ pub(crate) mod test_utils {
use std::time::SystemTime; use std::time::SystemTime;
pub const TEST_CONTAINER_ID: &str = "test"; pub const TEST_CONTAINER_ID: &str = "test";
pub const TEST_BUNDLE_PATH: &str = "/test"; pub const TEST_STATE_ROOT_PATH: &str = "/state";
pub const TEST_BUNDLE_PATH: &str = "/bundle";
pub const TEST_ANNOTATION: &str = "test"; pub const TEST_ANNOTATION: &str = "test";
pub const TEST_CGM_DATA: &str = r#"{ pub const TEST_CGM_DATA: &str = r#"{
"paths": { "paths": {
@ -92,6 +93,7 @@ pub(crate) mod test_utils {
let oci_state = create_dummy_oci_state(); let oci_state = create_dummy_oci_state();
let created = SystemTime::now(); let created = SystemTime::now();
let status = Status::new( let status = Status::new(
Path::new(TEST_STATE_ROOT_PATH),
Path::new(TEST_BUNDLE_PATH), Path::new(TEST_BUNDLE_PATH),
oci_state.clone(), oci_state.clone(),
1, 1,