浏览代码

builder-next: fixes for rootless mode

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Tonis Tiigi 6 年之前
父节点
当前提交
f9b9d5f584

+ 1 - 0
builder/builder-next/builder.go

@@ -75,6 +75,7 @@ type Opt struct {
 	DefaultCgroupParent string
 	ResolverOpt         resolver.ResolveOptionsFunc
 	BuilderConfig       config.BuilderConfig
+	Rootless            bool
 }
 
 // Builder can build using BuildKit backend

+ 1 - 1
builder/builder-next/controller.go

@@ -107,7 +107,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
 		return nil, err
 	}
 
-	exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController)
+	exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless)
 	if err != nil {
 		return nil, err
 	}

+ 15 - 9
builder/builder-next/executor_unix.go

@@ -20,9 +20,9 @@ import (
 
 const networkName = "bridge"
 
-func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (executor.Executor, error) {
+func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool) (executor.Executor, error) {
 	networkProviders := map[pb.NetMode]network.Provider{
-		pb.NetMode_UNSET: &bridgeProvider{NetworkController: net},
+		pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: filepath.Join(root, "net")},
 		pb.NetMode_HOST:  network.NewHostProvider(),
 		pb.NetMode_NONE:  network.NewNoneProvider(),
 	}
@@ -30,11 +30,13 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
 		Root:                filepath.Join(root, "executor"),
 		CommandCandidates:   []string{"runc"},
 		DefaultCgroupParent: cgroupParent,
+		Rootless:            rootless,
 	}, networkProviders)
 }
 
 type bridgeProvider struct {
 	libnetwork.NetworkController
+	Root string
 }
 
 func (p *bridgeProvider) New() (network.Namespace, error) {
@@ -70,7 +72,8 @@ func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Netw
 		return
 	}
 
-	sbx, err := c.NewSandbox(id, libnetwork.OptionUseExternalKey())
+	sbx, err := c.NewSandbox(id, libnetwork.OptionUseExternalKey(), libnetwork.OptionHostsPath(filepath.Join(iface.provider.Root, id, "hosts")),
+		libnetwork.OptionResolvConfPath(filepath.Join(iface.provider.Root, id, "resolv.conf")))
 	if err != nil {
 		iface.err = err
 		return
@@ -88,23 +91,26 @@ func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Netw
 func (iface *lnInterface) Set(s *specs.Spec) {
 	<-iface.ready
 	if iface.err != nil {
+		logrus.WithError(iface.err).Error("failed to set networking spec")
 		return
 	}
 	// attach netns to bridge within the container namespace, using reexec in a prestart hook
 	s.Hooks = &specs.Hooks{
 		Prestart: []specs.Hook{{
 			Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),
-			Args: []string{"libnetwork-setkey", iface.sbx.ContainerID(), iface.provider.NetworkController.ID()},
+			Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), iface.provider.NetworkController.ID()},
 		}},
 	}
 }
 
 func (iface *lnInterface) Close() error {
 	<-iface.ready
-	go func() {
-		if err := iface.sbx.Delete(); err != nil {
-			logrus.Errorf("failed to delete builder network sandbox: %v", err)
-		}
-	}()
+	if iface.sbx != nil {
+		go func() {
+			if err := iface.sbx.Delete(); err != nil {
+				logrus.Errorf("failed to delete builder network sandbox: %v", err)
+			}
+		}()
+	}
 	return iface.err
 }

+ 1 - 1
builder/builder-next/executor_windows.go

@@ -10,7 +10,7 @@ import (
 	"github.com/moby/buildkit/executor"
 )
 
-func newExecutor(_, _ string, _ libnetwork.NetworkController) (executor.Executor, error) {
+func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool) (executor.Executor, error) {
 	return &winExecutor{}, nil
 }
 

+ 1 - 0
cmd/dockerd/daemon.go

@@ -325,6 +325,7 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e
 		DefaultCgroupParent: cgroupParent,
 		ResolverOpt:         d.NewResolveOptionsFunc(),
 		BuilderConfig:       config.Builder,
+		Rootless:            d.Rootless(),
 	})
 	if err != nil {
 		return opts, err

+ 1 - 1
daemon/info.go

@@ -175,7 +175,7 @@ func (daemon *Daemon) fillSecurityOptions(v *types.Info, sysInfo *sysinfo.SysInf
 	if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {
 		securityOptions = append(securityOptions, "name=userns")
 	}
-	if daemon.configStoreRootless() {
+	if daemon.Rootless() {
 		securityOptions = append(securityOptions, "name=rootless")
 	}
 	v.SecurityOptions = securityOptions

+ 2 - 1
daemon/info_unix.go

@@ -247,6 +247,7 @@ func parseRuncVersion(v string) (version string, commit string, err error) {
 	return version, commit, err
 }
 
-func (daemon *Daemon) configStoreRootless() bool {
+// Rootless returns true if daemon is running in rootless mode
+func (daemon *Daemon) Rootless() bool {
 	return daemon.configStore.Rootless
 }

+ 2 - 1
daemon/info_windows.go

@@ -14,6 +14,7 @@ func (daemon *Daemon) fillPlatformVersion(v *types.Version) {}
 func fillDriverWarnings(v *types.Info) {
 }
 
-func (daemon *Daemon) configStoreRootless() bool {
+// Rootless returns true if daemon is running in rootless mode
+func (daemon *Daemon) Rootless() bool {
 	return false
 }