|
|
@@ -6,31 +6,17 @@ import (
|
|
|
"path/filepath"
|
|
|
"strings"
|
|
|
|
|
|
- "github.com/opencontainers/runc/libcontainer/devices"
|
|
|
+ coci "github.com/containerd/containerd/oci"
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
|
- "golang.org/x/sys/unix"
|
|
|
)
|
|
|
|
|
|
-// Device transforms a libcontainer devices.Device to a specs.LinuxDevice object.
|
|
|
-func Device(d *devices.Device) specs.LinuxDevice {
|
|
|
- return specs.LinuxDevice{
|
|
|
- Type: string(d.Type),
|
|
|
- Path: d.Path,
|
|
|
- Major: d.Major,
|
|
|
- Minor: d.Minor,
|
|
|
- FileMode: fmPtr(int64(d.FileMode &^ unix.S_IFMT)), // strip file type, as OCI spec only expects file-mode to be included
|
|
|
- UID: u32Ptr(int64(d.Uid)),
|
|
|
- GID: u32Ptr(int64(d.Gid)),
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-func deviceCgroup(d *devices.Device) specs.LinuxDeviceCgroup {
|
|
|
+func deviceCgroup(d *specs.LinuxDevice, permissions string) specs.LinuxDeviceCgroup {
|
|
|
return specs.LinuxDeviceCgroup{
|
|
|
Allow: true,
|
|
|
- Type: string(d.Type),
|
|
|
+ Type: d.Type,
|
|
|
Major: &d.Major,
|
|
|
Minor: &d.Minor,
|
|
|
- Access: string(d.Permissions),
|
|
|
+ Access: permissions,
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -45,22 +31,22 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions)
|
|
|
+ device, err := coci.DeviceFromPath(resolvedPathOnHost)
|
|
|
// if there was no error, return the device
|
|
|
if err == nil {
|
|
|
device.Path = pathInContainer
|
|
|
- return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil
|
|
|
+ return append(devs, *device), append(devPermissions, deviceCgroup(device, cgroupPermissions)), nil
|
|
|
}
|
|
|
|
|
|
// if the device is not a device node
|
|
|
// try to see if it's a directory holding many devices
|
|
|
- if err == devices.ErrNotADevice {
|
|
|
+ if err == coci.ErrNotADevice {
|
|
|
// check if it is a directory
|
|
|
if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
|
|
|
// mount the internal devices recursively
|
|
|
// TODO check if additional errors should be handled or logged
|
|
|
_ = filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, _ error) error {
|
|
|
- childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
|
|
|
+ childDevice, e := coci.DeviceFromPath(dpath)
|
|
|
if e != nil {
|
|
|
// ignore the device
|
|
|
return nil
|
|
|
@@ -68,8 +54,8 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
|
|
|
|
|
|
// add the device to userSpecified devices
|
|
|
childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
|
|
|
- devs = append(devs, Device(childDevice))
|
|
|
- devPermissions = append(devPermissions, deviceCgroup(childDevice))
|
|
|
+ devs = append(devs, *childDevice)
|
|
|
+ devPermissions = append(devPermissions, deviceCgroup(childDevice, cgroupPermissions))
|
|
|
|
|
|
return nil
|
|
|
})
|
Sebastiaan van Stijn