diff --git a/docs/yaml.md b/docs/yaml.md index 49b1017f3..bf4278a3f 100644 --- a/docs/yaml.md +++ b/docs/yaml.md @@ -232,6 +232,31 @@ services: - CAP_DAC_OVERRIDE ``` +## `devices` + +To access the console, it's necessary to explicitly add a "device" definition, for example: + +``` +devices: +- path: "/dev/console" + type: c + major: 5 + minor: 1 + mode: 0666 +``` + +See the [getty package](../pkg/getty/build.yml) for a more complete example +and see [runc](https://github.com/opencontainers/runc/commit/60e21ec26e15945259d4b1e790e8fd119ee86467) for context. + +To grant access to all block devices use: + +``` +devices: +- path: all + type: b +``` + +See the [format package](../pkg/format/build.yml) for an example. ### Mount Options When mounting filesystem paths into a container - whether as part of `onboot` or `services` - there are several options of which you need to be aware. Using them properly is necessary for your containers to function properly. diff --git a/examples/addbinds.yml b/examples/addbinds.yml index 1557a0d3c..e01fcdcd9 100644 --- a/examples/addbinds.yml +++ b/examples/addbinds.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 binds.add: # this will keep all of the existing ones as well - /var/tmp:/var/tmp diff --git a/examples/cadvisor.yml b/examples/cadvisor.yml index 16184a8d4..4707291e0 100644 --- a/examples/cadvisor.yml +++ b/examples/cadvisor.yml @@ -15,14 +15,14 @@ onboot: - name: sysfs image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/dm-crypt-loop.yml b/examples/dm-crypt-loop.yml index b04b0783c..6e3848eb6 100644 --- a/examples/dm-crypt-loop.yml +++ b/examples/dm-crypt-loop.yml @@ -13,10 +13,10 @@ onboot: image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "/dev/sda"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/dev/sda1", "/var/external"] - name: loop image: linuxkit/losetup:db35344a21e44a55195540a8670886f60aa77201 @@ -25,7 +25,7 @@ onboot: image: linuxkit/dm-crypt:4daf2010d088955b42ba50db813226e4b3f773cb command: ["/usr/bin/crypto", "crypt_loop_dev", "/dev/loop0"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/dev/mapper/crypt_loop_dev", "/var/secure_storage"] - name: bbox image: busybox @@ -34,7 +34,7 @@ onboot: - /var:/var services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/dm-crypt.yml b/examples/dm-crypt.yml index 978db7530..d9f8b298f 100644 --- a/examples/dm-crypt.yml +++ b/examples/dm-crypt.yml @@ -13,13 +13,13 @@ onboot: image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "/dev/sda"] - name: dm-crypt image: linuxkit/dm-crypt:4daf2010d088955b42ba50db813226e4b3f773cb command: ["/usr/bin/crypto", "crypt_dev", "/dev/sda1"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/dev/mapper/crypt_dev", "/var/secure_storage"] - name: bbox image: busybox @@ -28,7 +28,7 @@ onboot: - /var:/var services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/docker-for-mac.yml b/examples/docker-for-mac.yml index f2d9f03af..7b9930372 100644 --- a/examples/docker-for-mac.yml +++ b/examples/docker-for-mac.yml @@ -20,13 +20,13 @@ onboot: image: linuxkit/binfmt:5567917e7de481e4867d31c7490a0ebdb70e04a5 # Format and mount the disk image in /var/lib/docker - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib"] # make a swap file on the mounted disk - name: swap - image: linuxkit/swap:0028aeae2741d28120e4d2c6efcc5af003eae395 + image: linuxkit/swap:7f7074c05bad414af39f2374301b72bc67314715 command: ["/swap.sh", "--path", "/var/lib/swap", "--size", "1024M"] # mount-vpnkit mounts the 9p share used by vpnkit to coordinate port forwarding - name: mount-vpnkit @@ -52,7 +52,7 @@ services: image: linuxkit/acpid:d2ddd88c7918466f875e7c5c3e527b51dfb0b0ea # Enable getty for easier debugging - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true # Run ntpd to keep time synchronised in the VM diff --git a/examples/docker.yml b/examples/docker.yml index 79bdbb3b9..1badaa708 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -12,13 +12,13 @@ onboot: - name: sysfs image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/getty.yml b/examples/getty.yml index 778bfae47..4b85d6ef5 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 # to make insecure with passwordless root login, uncomment following lines #env: # - INSECURE=true diff --git a/examples/hostmount-writeable-overlay.yml b/examples/hostmount-writeable-overlay.yml index 64b299850..94b61c87a 100644 --- a/examples/hostmount-writeable-overlay.yml +++ b/examples/hostmount-writeable-overlay.yml @@ -18,7 +18,7 @@ onshutdown: command: ["/bin/echo", "so long and thanks for all the fish"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true runtime: diff --git a/examples/influxdb-os.yml b/examples/influxdb-os.yml index c81cc6e60..c6e856298 100644 --- a/examples/influxdb-os.yml +++ b/examples/influxdb-os.yml @@ -12,7 +12,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: influxdb diff --git a/examples/logging.yml b/examples/logging.yml index 9295c993c..bea57af84 100644 --- a/examples/logging.yml +++ b/examples/logging.yml @@ -17,7 +17,7 @@ onboot: services: # Inside the getty type `/proc/1/root/usr/bin/logread -F` to follow the log - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true # A service which generates log messages for testing diff --git a/examples/minimal.yml b/examples/minimal.yml index 6ef7a622d..7f869a6e2 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -11,6 +11,6 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index da83f0a6d..f8bb49fdc 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:cc02c2af9c928c2faeccbe4edc78bd297ad91866 services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/platform-gcp.yml b/examples/platform-gcp.yml index dd35238e5..c5e420f82 100644 --- a/examples/platform-gcp.yml +++ b/examples/platform-gcp.yml @@ -16,7 +16,7 @@ onboot: image: linuxkit/metadata:91125438842110e7709811997815b7b33dc18d1d services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/platform-hetzner.yml b/examples/platform-hetzner.yml index 60ba9eb1b..de41c6ba3 100644 --- a/examples/platform-hetzner.yml +++ b/examples/platform-hetzner.yml @@ -24,7 +24,7 @@ services: - name: rngd image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45 - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: sshd diff --git a/examples/platform-packet.yml b/examples/platform-packet.yml index 6bfd6aff7..c19508d18 100644 --- a/examples/platform-packet.yml +++ b/examples/platform-packet.yml @@ -24,7 +24,7 @@ services: - name: rngd image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45 - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: sshd diff --git a/examples/platform-rt-for-vmware.yml b/examples/platform-rt-for-vmware.yml index 1df7caeb0..02e693af0 100644 --- a/examples/platform-rt-for-vmware.yml +++ b/examples/platform-rt-for-vmware.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/platform-scaleway.yml b/examples/platform-scaleway.yml index 23e7285cc..a0415f9c5 100644 --- a/examples/platform-scaleway.yml +++ b/examples/platform-scaleway.yml @@ -19,7 +19,7 @@ onboot: image: linuxkit/metadata:91125438842110e7709811997815b7b33dc18d1d services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/platform-vmware.yml b/examples/platform-vmware.yml index de8fc8cda..f8cc02a53 100644 --- a/examples/platform-vmware.yml +++ b/examples/platform-vmware.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/platform-vultr.yml b/examples/platform-vultr.yml index 527eb25f9..d82220ded 100644 --- a/examples/platform-vultr.yml +++ b/examples/platform-vultr.yml @@ -17,7 +17,7 @@ onboot: command: ["/usr/bin/metadata", "vultr"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/redis-os.yml b/examples/redis-os.yml index 0894c8182..a9066db48 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -13,7 +13,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true # Currently redis:4.0.6-alpine has trust issue with multi-arch diff --git a/examples/sshd.yml b/examples/sshd.yml index f02e72fb9..1c61ada36 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/rngd", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/static-ip.yml b/examples/static-ip.yml index 8ab25df0f..9cacb5e9b 100644 --- a/examples/static-ip.yml +++ b/examples/static-ip.yml @@ -13,7 +13,7 @@ onboot: command: ["ip", "-b", "/etc/ip/eth0.conf"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true files: diff --git a/examples/swap.yml b/examples/swap.yml index 238201ab1..b9f108539 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -13,18 +13,18 @@ onboot: image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/external"] - name: swap - image: linuxkit/swap:0028aeae2741d28120e4d2c6efcc5af003eae395 + image: linuxkit/swap:7f7074c05bad414af39f2374301b72bc67314715 # to use unencrypted swap, use: # command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"] command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/examples/tpm.yml b/examples/tpm.yml index 5cfd0f44f..9d6ab9bc7 100644 --- a/examples/tpm.yml +++ b/examples/tpm.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: tss diff --git a/examples/wireguard.yml b/examples/wireguard.yml index 49ff7f4db..6fd3ea9ec 100644 --- a/examples/wireguard.yml +++ b/examples/wireguard.yml @@ -40,7 +40,7 @@ onboot: net: /run/netns/wg1 services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true net: /run/netns/wg1 diff --git a/linuxkit.yml b/linuxkit.yml index 5766d642a..6163bb66d 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -18,7 +18,7 @@ onshutdown: command: ["/bin/echo", "so long and thanks for all the fish"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/pkg/format/build.yml b/pkg/format/build.yml index 9fb9016f7..9f3de3ec5 100644 --- a/pkg/format/build.yml +++ b/pkg/format/build.yml @@ -2,6 +2,10 @@ image: format config: binds: - /dev:/dev + devices: + # all block devices + - path: all + type: b capabilities: - CAP_SYS_ADMIN - CAP_MKNOD diff --git a/pkg/getty/build.yml b/pkg/getty/build.yml index d10af6834..df7f728bb 100644 --- a/pkg/getty/build.yml +++ b/pkg/getty/build.yml @@ -14,5 +14,27 @@ config: - /var/lib/containerd:/var/lib/containerd - /dev:/dev - /sys:/sys + devices: + # individual console / tty character devices + - path: "/dev/console" + type: c + major: 5 + minor: 1 + mode: 0666 + - path: "/dev/tty0" + type: c + major: 4 + minor: 0 + mode: 0666 + - path: "/dev/ttyS0" + type: c + major: 4 + minor: 64 + mode: 0666 + - path: "/dev/ttyAMA0" + type: c + major: 204 + minor: 64 + mode: 0666 capabilities: - all diff --git a/pkg/mount/build.yml b/pkg/mount/build.yml index 8f8634a7a..3bf800dfc 100644 --- a/pkg/mount/build.yml +++ b/pkg/mount/build.yml @@ -4,6 +4,10 @@ config: - /dev:/dev - /var:/var:rshared,rbind - /:/hostroot + devices: + # all block devices + - path: all + type: b capabilities: - CAP_SYS_ADMIN rootfsPropagation: shared diff --git a/pkg/swap/build.yml b/pkg/swap/build.yml index 1b8c7ec53..1a8546f8d 100644 --- a/pkg/swap/build.yml +++ b/pkg/swap/build.yml @@ -3,6 +3,10 @@ config: binds: - /dev:/dev - /var:/var + devices: + # all devices (/dev/mapper is a character device) + - path: all + type: a capabilities: - CAP_SYS_ADMIN - CAP_MKNOD diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml index ef2514c03..8e6144db9 100644 --- a/projects/compose/compose-dynamic.yml +++ b/projects/compose/compose-dynamic.yml @@ -15,13 +15,13 @@ onboot: image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml index caa2e50a6..065eca92e 100644 --- a/projects/compose/compose-static.yml +++ b/projects/compose/compose-static.yml @@ -15,13 +15,13 @@ onboot: image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/projects/memorizer/memorizer.yml b/projects/memorizer/memorizer.yml index 53ed786a5..3236f0161 100644 --- a/projects/memorizer/memorizer.yml +++ b/projects/memorizer/memorizer.yml @@ -11,7 +11,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true trust: diff --git a/projects/miragesdk/examples/fdd.yml b/projects/miragesdk/examples/fdd.yml index 98fea24c4..60770df1c 100644 --- a/projects/miragesdk/examples/fdd.yml +++ b/projects/miragesdk/examples/fdd.yml @@ -12,7 +12,7 @@ onboot: image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/projects/miragesdk/examples/mirage-dhcp.yml b/projects/miragesdk/examples/mirage-dhcp.yml index 0b8b2c5e1..06a86abab 100644 --- a/projects/miragesdk/examples/mirage-dhcp.yml +++ b/projects/miragesdk/examples/mirage-dhcp.yml @@ -30,7 +30,7 @@ services: - name: sshd image: linuxkit/sshd:add8c094a9a253870b0a596796628fd4ec220b70 - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true files: diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index b69e625cd..017222db2 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -13,7 +13,7 @@ services: - name: dhcpcd image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true trust: diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index 876a2c5c2..6a4aa41a8 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 env: - INSECURE=true - name: rngd diff --git a/src/cmd/linuxkit/moby/config.go b/src/cmd/linuxkit/moby/config.go index 8ff39e890..d54243825 100644 --- a/src/cmd/linuxkit/moby/config.go +++ b/src/cmd/linuxkit/moby/config.go @@ -2,6 +2,7 @@ package moby import ( "fmt" + "os" "sort" "strconv" "strings" @@ -70,6 +71,7 @@ type ImageConfig struct { Mounts *[]specs.Mount `yaml:"mounts,omitempty" json:"mounts,omitempty"` Binds *[]string `yaml:"binds,omitempty" json:"binds,omitempty"` BindsAdd *[]string `yaml:"binds.add,omitempty" json:"binds.add,omitempty"` + Devices *[]Device `yaml:"devices,omitempty" json:"devices,omitempty"` Tmpfs *[]string `yaml:"tmpfs,omitempty" json:"tmpfs,omitempty"` Command *[]string `yaml:"command,omitempty" json:"command,omitempty"` Env *[]string `yaml:"env,omitempty" json:"env,omitempty"` @@ -102,6 +104,15 @@ type ImageConfig struct { ref *reference.Spec } +// Device specifies a device to be exposed to the container. +type Device struct { + Path string `yaml:"path" json:"path"` + Type string `yaml:"type" json:"type"` + Major int64 `yaml:"major" json:"major"` + Minor int64 `yaml:"minor" json:"minor"` + Mode string `yaml:"mode,omitempty" json:"mode,omitempty"` +} + // Runtime is the type of config processed at runtime, not used to build the OCI spec type Runtime struct { Cgroups *[]string `yaml:"cgroups,omitempty" json:"cgroups,omitempty"` @@ -561,6 +572,17 @@ func assignResources(v1, v2 *specs.LinuxResources) specs.LinuxResources { return specs.LinuxResources{} } +// assignDevices does ordered overrides from Devices +func assignDevices(v1, v2 *[]Device) []Device { + if v2 != nil { + return *v2 + } + if v1 != nil { + return *v1 + } + return []Device{} +} + // assignRuntime does ordered overrides from Runtime func assignRuntime(v1, v2 *Runtime) Runtime { if v1 == nil { @@ -1021,6 +1043,36 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin resources := assignResources(label.Resources, yaml.Resources) + devices := assignDevices(label.Devices, yaml.Devices) + var linuxDevices []specs.LinuxDevice + for _, device := range devices { + if device.Path == "all" { + // add a category of devices to the device whitelist cgroup controller + resources.Devices = append(resources.Devices, specs.LinuxDeviceCgroup{ + Allow: true, + Type: device.Type, + Access: "rwm", // read, write, mknod + }) + continue + } + mode, err := strconv.ParseInt(device.Mode, 8, 32) + if err != nil { + return oci, runtime, fmt.Errorf("Cannot parse device mode as octal value: %v", err) + } + fileMode := os.FileMode(mode) + linuxDevice := specs.LinuxDevice{ + Path: device.Path, + Type: device.Type, + Major: device.Major, + Minor: device.Minor, + FileMode: &fileMode, + } + linuxDevices = append(linuxDevices, linuxDevice) + // to access the device it must be added to the device whitelist cgroup controller + // see https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/devices.html + resources.Devices = append(resources.Devices, deviceCgroup(linuxDevice)) + } + oci.Linux = &specs.Linux{ UIDMappings: assignMappings(label.UIDMappings, yaml.UIDMappings), GIDMappings: assignMappings(label.GIDMappings, yaml.GIDMappings), @@ -1028,7 +1080,7 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin Resources: &resources, CgroupsPath: assignString(label.CgroupsPath, yaml.CgroupsPath), Namespaces: namespaces, - // Devices + Devices: linuxDevices, // Seccomp RootfsPropagation: assignString(label.RootfsPropagation, yaml.RootfsPropagation), MaskedPaths: assignStrings(label.MaskedPaths, yaml.MaskedPaths), @@ -1041,3 +1093,13 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin return oci, runtime, nil } + +func deviceCgroup(device specs.LinuxDevice) specs.LinuxDeviceCgroup { + return specs.LinuxDeviceCgroup{ + Allow: true, + Type: device.Type, + Major: &device.Major, + Minor: &device.Minor, + Access: "rwm", // read, write, mknod + } +} diff --git a/src/cmd/linuxkit/moby/schema.go b/src/cmd/linuxkit/moby/schema.go index 06a52a414..3d651d87c 100644 --- a/src/cmd/linuxkit/moby/schema.go +++ b/src/cmd/linuxkit/moby/schema.go @@ -67,6 +67,21 @@ var schema = string(` "type": "array", "items": { "$ref": "#/definitions/mount" } }, + "device": { + "type": "object", + "additionalProperties": false, + "properties": { + "path": { "type": "string" }, + "type": { "type": "string" }, + "major": { "type": "integer" }, + "minor": { "type": "integer" }, + "mode": { "type": "string" } + } + }, + "devices": { + "type": "array", + "items": { "$ref": "#/definitions/device" } + }, "idmapping": { "type": "object", "additionalProperties": false, @@ -265,6 +280,7 @@ var schema = string(` "mounts": { "$ref": "#/definitions/mounts" }, "binds": { "$ref": "#/definitions/strings" }, "binds.add": { "$ref": "#/definitions/strings" }, + "devices": { "$ref": "#/definitions/devices" }, "tmpfs": { "$ref": "#/definitions/strings" }, "command": { "$ref": "#/definitions/strings" }, "env": { "$ref": "#/definitions/strings" }, diff --git a/test/cases/000_build/020_binds/test.yml b/test/cases/000_build/020_binds/test.yml index ae67c52c3..b455df0c3 100644 --- a/test/cases/000_build/020_binds/test.yml +++ b/test/cases/000_build/020_binds/test.yml @@ -6,7 +6,7 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba binds.add: - /check.sh:/check.sh - /var/tmp:/var/tmp diff --git a/test/cases/030_security/000_docker-bench/test.yml b/test/cases/030_security/000_docker-bench/test.yml index f8ed97af0..619c555d8 100644 --- a/test/cases/030_security/000_docker-bench/test.yml +++ b/test/cases/030_security/000_docker-bench/test.yml @@ -12,9 +12,9 @@ onboot: - name: sysfs image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: rngd diff --git a/test/cases/040_packages/003_containerd/test.yml b/test/cases/040_packages/003_containerd/test.yml index 592f1b4f4..4724ccf02 100644 --- a/test/cases/040_packages/003_containerd/test.yml +++ b/test/cases/040_packages/003_containerd/test.yml @@ -13,9 +13,9 @@ onboot: - name: sysctl image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib"] - name: test image: linuxkit/test-containerd:701421314e1b114c4787255431e066a681e80f16 diff --git a/test/cases/040_packages/005_extend/000_ext4/test-create.yml b/test/cases/040_packages/005_extend/000_ext4/test-create.yml index a3a98b577..c0cf5df93 100644 --- a/test/cases/040_packages/005_extend/000_ext4/test-create.yml +++ b/test/cases/040_packages/005_extend/000_ext4/test-create.yml @@ -6,9 +6,9 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/000_ext4/test.yml b/test/cases/040_packages/005_extend/000_ext4/test.yml index 6d9fbbc87..2c3bc14e4 100644 --- a/test/cases/040_packages/005_extend/000_ext4/test.yml +++ b/test/cases/040_packages/005_extend/000_ext4/test.yml @@ -8,7 +8,7 @@ onboot: - name: extend image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/001_btrfs/test-create.yml b/test/cases/040_packages/005_extend/001_btrfs/test-create.yml index 310220ee8..ef2ab06af 100644 --- a/test/cases/040_packages/005_extend/001_btrfs/test-create.yml +++ b/test/cases/040_packages/005_extend/001_btrfs/test-create.yml @@ -9,10 +9,10 @@ onboot: image: linuxkit/modprobe:e2045c96cd2d3ef08eaf452396462d9205667690 command: ["modprobe", "btrfs"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-type", "btrfs" ] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/001_btrfs/test.yml b/test/cases/040_packages/005_extend/001_btrfs/test.yml index 8f159d219..0f5664468 100644 --- a/test/cases/040_packages/005_extend/001_btrfs/test.yml +++ b/test/cases/040_packages/005_extend/001_btrfs/test.yml @@ -12,7 +12,7 @@ onboot: image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 command: ["/usr/bin/extend", "-type", "btrfs"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/002_xfs/test-create.yml b/test/cases/040_packages/005_extend/002_xfs/test-create.yml index 9d06a9b94..6cc9cb890 100644 --- a/test/cases/040_packages/005_extend/002_xfs/test-create.yml +++ b/test/cases/040_packages/005_extend/002_xfs/test-create.yml @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-type", "xfs"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/002_xfs/test.yml b/test/cases/040_packages/005_extend/002_xfs/test.yml index 2ce6a3777..9c31f33e9 100644 --- a/test/cases/040_packages/005_extend/002_xfs/test.yml +++ b/test/cases/040_packages/005_extend/002_xfs/test.yml @@ -9,7 +9,7 @@ onboot: image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 command: ["/usr/bin/extend", "-type", "xfs"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/003_gpt/test-create.yml b/test/cases/040_packages/005_extend/003_gpt/test-create.yml index 3b86c6fbe..ccf4609ef 100644 --- a/test/cases/040_packages/005_extend/003_gpt/test-create.yml +++ b/test/cases/040_packages/005_extend/003_gpt/test-create.yml @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-partition", "gpt"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/005_extend/003_gpt/test.yml b/test/cases/040_packages/005_extend/003_gpt/test.yml index 6d9fbbc87..2c3bc14e4 100644 --- a/test/cases/040_packages/005_extend/003_gpt/test.yml +++ b/test/cases/040_packages/005_extend/003_gpt/test.yml @@ -8,7 +8,7 @@ onboot: - name: extend image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/000_auto/test.yml b/test/cases/040_packages/006_format_mount/000_auto/test.yml index d0791f39d..ab7230c36 100644 --- a/test/cases/040_packages/006_format_mount/000_auto/test.yml +++ b/test/cases/040_packages/006_format_mount/000_auto/test.yml @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/001_by_label/test.yml b/test/cases/040_packages/006_format_mount/001_by_label/test.yml index 33960a4d5..5a25ca063 100644 --- a/test/cases/040_packages/006_format_mount/001_by_label/test.yml +++ b/test/cases/040_packages/006_format_mount/001_by_label/test.yml @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-label", "docker"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "-label", "docker", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/002_by_name/test.yml.in b/test/cases/040_packages/006_format_mount/002_by_name/test.yml.in index ab0cb640f..7ff40ca8d 100644 --- a/test/cases/040_packages/006_format_mount/002_by_name/test.yml.in +++ b/test/cases/040_packages/006_format_mount/002_by_name/test.yml.in @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "@DEVICE@"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "-device", "@DEVICE@1", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/003_btrfs/test.yml b/test/cases/040_packages/006_format_mount/003_btrfs/test.yml index 75543ecfb..1c9d25f7d 100644 --- a/test/cases/040_packages/006_format_mount/003_btrfs/test.yml +++ b/test/cases/040_packages/006_format_mount/003_btrfs/test.yml @@ -9,10 +9,10 @@ onboot: image: linuxkit/modprobe:e2045c96cd2d3ef08eaf452396462d9205667690 command: ["modprobe", "btrfs"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-type", "btrfs" ] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/004_xfs/test.yml b/test/cases/040_packages/006_format_mount/004_xfs/test.yml index 9b873b62b..15e2ab4ef 100644 --- a/test/cases/040_packages/006_format_mount/004_xfs/test.yml +++ b/test/cases/040_packages/006_format_mount/004_xfs/test.yml @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-type", "xfs" ] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/005_by_device_force/test.yml b/test/cases/040_packages/006_format_mount/005_by_device_force/test.yml index 609279c3f..02585b300 100644 --- a/test/cases/040_packages/006_format_mount/005_by_device_force/test.yml +++ b/test/cases/040_packages/006_format_mount/005_by_device_force/test.yml @@ -6,19 +6,19 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-verbose", "-type", "ext4", "/dev/sda"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-verbose", "-type", "ext4", "/dev/sdb"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-verbose", "-type", "xfs", "/dev/sda"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-verbose", "-force", "-type", "xfs", "/dev/sdb"] - name: test - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc binds: - /check.sh:/check.sh command: ["sh", "./check.sh"] diff --git a/test/cases/040_packages/006_format_mount/006_gpt/test.yml b/test/cases/040_packages/006_format_mount/006_gpt/test.yml index 37f385d62..9c615f48e 100644 --- a/test/cases/040_packages/006_format_mount/006_gpt/test.yml +++ b/test/cases/040_packages/006_format_mount/006_gpt/test.yml @@ -6,10 +6,10 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-partition", "gpt"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "/var/lib/docker"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/006_format_mount/010_multiple/test.yml b/test/cases/040_packages/006_format_mount/010_multiple/test.yml index 7ab2af8ab..ca750296c 100644 --- a/test/cases/040_packages/006_format_mount/010_multiple/test.yml +++ b/test/cases/040_packages/006_format_mount/010_multiple/test.yml @@ -6,16 +6,16 @@ init: - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d onboot: - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-label", "docker"] - name: format - image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 + image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc command: ["/usr/bin/format", "-label", "foo"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "-label", "docker", "/var/lib/docker"] - name: mount - image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb + image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba command: ["/usr/bin/mountie", "-label", "foo", "/var/foo"] - name: test image: alpine:3.13 diff --git a/test/cases/040_packages/007_getty-containerd/test.yml b/test/cases/040_packages/007_getty-containerd/test.yml index 7f7b15d0a..a57b42627 100644 --- a/test/cases/040_packages/007_getty-containerd/test.yml +++ b/test/cases/040_packages/007_getty-containerd/test.yml @@ -12,7 +12,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 + image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73 files: - path: etc/getty.shadow # sample sets password for root to "abcdefgh" (without quotes)