From deee3cf4a243e2db5ef9cce5c42d4a77cef6892a Mon Sep 17 00:00:00 2001 From: Arron Wang Date: Sun, 13 Mar 2022 18:16:18 +0800 Subject: [PATCH] oci: Make device type optional in LinuxDeviceCgroup Follow the oci spec to compatiable with config file generated by other implementation: https://github.com/opencontainers/runtime-spec/blob/6969a0a09ab162a574cafcc9ac814e498962c943/specs-go/config.go#L401 Fixes: #3860 Signed-off-by: Arron Wang --- src/agent/rustjail/src/cgroups/fs/mod.rs | 19 +++++++++++-------- src/agent/rustjail/src/lib.rs | 8 +++++++- src/agent/src/device.rs | 18 ++++++++++-------- src/libs/oci/src/lib.rs | 10 +++++----- src/tools/agent-ctl/src/utils.rs | 2 +- 5 files changed, 34 insertions(+), 23 deletions(-) diff --git a/src/agent/rustjail/src/cgroups/fs/mod.rs b/src/agent/rustjail/src/cgroups/fs/mod.rs index b264e5e9d6..6084eb1d2e 100644 --- a/src/agent/rustjail/src/cgroups/fs/mod.rs +++ b/src/agent/rustjail/src/cgroups/fs/mod.rs @@ -458,8 +458,11 @@ fn linux_device_to_cgroup_device(d: &LinuxDevice) -> Option { } fn linux_device_group_to_cgroup_device(d: &LinuxDeviceCgroup) -> Option { - let dev_type = match DeviceType::from_char(d.r#type.chars().next()) { - Some(t) => t, + let dev_type = match &d.r#type { + Some(t_s) => match DeviceType::from_char(t_s.chars().next()) { + Some(t_c) => t_c, + None => return None, + }, None => return None, }; @@ -516,7 +519,7 @@ lazy_static! { // all mknod to all char devices LinuxDeviceCgroup { allow: true, - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(WILDCARD), minor: Some(WILDCARD), access: "m".to_string(), @@ -525,7 +528,7 @@ lazy_static! { // all mknod to all block devices LinuxDeviceCgroup { allow: true, - r#type: "b".to_string(), + r#type: Some("b".to_string()), major: Some(WILDCARD), minor: Some(WILDCARD), access: "m".to_string(), @@ -534,7 +537,7 @@ lazy_static! { // all read/write/mknod to char device /dev/console LinuxDeviceCgroup { allow: true, - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(5), minor: Some(1), access: "rwm".to_string(), @@ -543,7 +546,7 @@ lazy_static! { // all read/write/mknod to char device /dev/pts/ LinuxDeviceCgroup { allow: true, - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(136), minor: Some(WILDCARD), access: "rwm".to_string(), @@ -552,7 +555,7 @@ lazy_static! { // all read/write/mknod to char device /dev/ptmx LinuxDeviceCgroup { allow: true, - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(5), minor: Some(2), access: "rwm".to_string(), @@ -561,7 +564,7 @@ lazy_static! { // all read/write/mknod to char device /dev/net/tun LinuxDeviceCgroup { allow: true, - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(10), minor: Some(200), access: "rwm".to_string(), diff --git a/src/agent/rustjail/src/lib.rs b/src/agent/rustjail/src/lib.rs index 7535bf9901..5172f02bbc 100644 --- a/src/agent/rustjail/src/lib.rs +++ b/src/agent/rustjail/src/lib.rs @@ -235,6 +235,12 @@ pub fn resources_grpc_to_oci(res: &grpc::LinuxResources) -> oci::LinuxResources let devices = { let mut d = Vec::new(); for dev in res.Devices.iter() { + let dev_type = if dev.Type.is_empty() { + None + } else { + Some(dev.Type.clone()) + }; + let major = if dev.Major == -1 { None } else { @@ -248,7 +254,7 @@ pub fn resources_grpc_to_oci(res: &grpc::LinuxResources) -> oci::LinuxResources }; d.push(oci::LinuxDeviceCgroup { allow: dev.Allow, - r#type: dev.Type.clone(), + r#type: dev_type, major, minor, access: dev.Access.clone(), diff --git a/src/agent/src/device.rs b/src/agent/src/device.rs index 7d89d01245..420d1fe4b0 100644 --- a/src/agent/src/device.rs +++ b/src/agent/src/device.rs @@ -571,13 +571,15 @@ fn update_spec_devices(spec: &mut Spec, mut updates: HashMap<&str, DevUpdate>) - if let Some(resources) = linux.resources.as_mut() { for r in &mut resources.devices { - if let (Some(host_major), Some(host_minor)) = (r.major, r.minor) { - if let Some(update) = res_updates.get(&(r.r#type.as_str(), host_major, host_minor)) + if let (Some(host_type), Some(host_major), Some(host_minor)) = + (r.r#type.as_ref(), r.major, r.minor) + { + if let Some(update) = res_updates.get(&(host_type.as_str(), host_major, host_minor)) { info!( sl!(), "update_spec_devices() updating resource"; - "type" => &r.r#type, + "type" => &host_type, "host_major" => host_major, "host_minor" => host_minor, "guest_major" => update.guest_major, @@ -854,7 +856,7 @@ pub fn update_device_cgroup(spec: &mut Spec) -> Result<()> { allow: false, major: Some(major), minor: Some(minor), - r#type: String::from("b"), + r#type: Some(String::from("b")), access: String::from("rw"), }); @@ -1017,13 +1019,13 @@ mod tests { resources: Some(LinuxResources { devices: vec![ oci::LinuxDeviceCgroup { - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(host_major_a), minor: Some(host_minor_a), ..oci::LinuxDeviceCgroup::default() }, oci::LinuxDeviceCgroup { - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(host_major_b), minor: Some(host_minor_b), ..oci::LinuxDeviceCgroup::default() @@ -1116,13 +1118,13 @@ mod tests { resources: Some(LinuxResources { devices: vec![ LinuxDeviceCgroup { - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(host_major), minor: Some(host_minor), ..LinuxDeviceCgroup::default() }, LinuxDeviceCgroup { - r#type: "b".to_string(), + r#type: Some("b".to_string()), major: Some(host_major), minor: Some(host_minor), ..LinuxDeviceCgroup::default() diff --git a/src/libs/oci/src/lib.rs b/src/libs/oci/src/lib.rs index 69a2a98e15..5b3dc8a4d1 100644 --- a/src/libs/oci/src/lib.rs +++ b/src/libs/oci/src/lib.rs @@ -492,8 +492,8 @@ pub struct LinuxDevice { pub struct LinuxDeviceCgroup { #[serde(default)] pub allow: bool, - #[serde(default, skip_serializing_if = "String::is_empty")] - pub r#type: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub r#type: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub major: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1429,21 +1429,21 @@ mod tests { devices: vec![ crate::LinuxDeviceCgroup { allow: false, - r#type: "".to_string(), + r#type: None, major: None, minor: None, access: "rwm".to_string(), }, crate::LinuxDeviceCgroup { allow: true, - r#type: "c".to_string(), + r#type: Some("c".to_string()), major: Some(10), minor: Some(229), access: "rw".to_string(), }, crate::LinuxDeviceCgroup { allow: true, - r#type: "b".to_string(), + r#type: Some("b".to_string()), major: Some(8), minor: Some(0), access: "r".to_string(), diff --git a/src/tools/agent-ctl/src/utils.rs b/src/tools/agent-ctl/src/utils.rs index 8dbfa53f4e..434d015642 100644 --- a/src/tools/agent-ctl/src/utils.rs +++ b/src/tools/agent-ctl/src/utils.rs @@ -382,7 +382,7 @@ fn devices_oci_to_ttrpc( device.set_Major(d.major.unwrap_or(0)); device.set_Minor(d.minor.unwrap_or(0)); device.set_Access(d.access.clone()); - device.set_Type(d.r#type.clone()); + device.set_Type(d.r#type.as_ref().unwrap_or(&"a".to_string()).clone()); device.set_Allow(d.allow); ttrpc_devices.push(device); }