We use cookies to ensure you get the best experience on our website
Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 20a42b1f56
Ramos Etiquetas
moby
/
vendor
/
github.com
/
containerd
/
containerd
/
container_opts_unix.go

container_opts_unix.go 6.3 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 
  1. // +build !windows
    2. 

  2. 

  3. package containerd
    4. 

  4. 

  5. import (
    6. 

  6. 	"context"
    7. 

  7. 	"encoding/json"
    8. 

  8. 	"fmt"
    9. 

  9. 	"io/ioutil"
    10. 

  10. 	"os"
    11. 

  11. 	"path/filepath"
    12. 

  12. 	"syscall"
    13. 

  13. 

  14. 	"github.com/containerd/containerd/api/types"
    15. 

  15. 	"github.com/containerd/containerd/containers"
    16. 

  16. 	"github.com/containerd/containerd/content"
    17. 

  17. 	"github.com/containerd/containerd/errdefs"
    18. 

  18. 	"github.com/containerd/containerd/images"
    19. 

  19. 	"github.com/containerd/containerd/mount"
    20. 

  20. 	"github.com/containerd/containerd/platforms"
    21. 

  21. 	"github.com/gogo/protobuf/proto"
    22. 

  22. 	protobuf "github.com/gogo/protobuf/types"
    23. 

  23. 	digest "github.com/opencontainers/go-digest"
    24. 

  24. 	"github.com/opencontainers/image-spec/identity"
    25. 

  25. 	"github.com/opencontainers/image-spec/specs-go/v1"
    26. 

  26. 	"github.com/pkg/errors"
    27. 

  27. )
    28. 

  28. 

  29. // WithCheckpoint allows a container to be created from the checkpointed information
    30. 

  30. // provided by the descriptor. The image, snapshot, and runtime specifications are
    31. 

  31. // restored on the container
    32. 

  32. func WithCheckpoint(im Image, snapshotKey string) NewContainerOpts {
    33. 

  33. 	// set image and rw, and spec
    34. 

  34. 	return func(ctx context.Context, client *Client, c *containers.Container) error {
    35. 

  35. 		var (
    36. 

  36. 			desc  = im.Target()
    37. 

  37. 			id    = desc.Digest
    38. 

  38. 			store = client.ContentStore()
    39. 

  39. 		)
    40. 

  40. 		index, err := decodeIndex(ctx, store, id)
    41. 

  41. 		if err != nil {
    42. 

  42. 			return err
    43. 

  43. 		}
    44. 

  44. 		var rw *v1.Descriptor
    45. 

  45. 		for _, m := range index.Manifests {
    46. 

  46. 			switch m.MediaType {
    47. 

  47. 			case v1.MediaTypeImageLayer:
    48. 

  48. 				fk := m
    49. 

  49. 				rw = &fk
    50. 

  50. 			case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList:
    51. 

  51. 				config, err := images.Config(ctx, store, m, platforms.Default())
    52. 

  52. 				if err != nil {
    53. 

  53. 					return errors.Wrap(err, "unable to resolve image config")
    54. 

  54. 				}
    55. 

  55. 				diffIDs, err := images.RootFS(ctx, store, config)
    56. 

  56. 				if err != nil {
    57. 

  57. 					return errors.Wrap(err, "unable to get rootfs")
    58. 

  58. 				}
    59. 

  59. 				setSnapshotterIfEmpty(c)
    60. 

  60. 				if _, err := client.SnapshotService(c.Snapshotter).Prepare(ctx, snapshotKey, identity.ChainID(diffIDs).String()); err != nil {
    61. 

  61. 					if !errdefs.IsAlreadyExists(err) {
    62. 

  62. 						return err
    63. 

  63. 					}
    64. 

  64. 				}
    65. 

  65. 				c.Image = index.Annotations["image.name"]
    66. 

  66. 			case images.MediaTypeContainerd1CheckpointConfig:
    67. 

  67. 				data, err := content.ReadBlob(ctx, store, m.Digest)
    68. 

  68. 				if err != nil {
    69. 

  69. 					return errors.Wrap(err, "unable to read checkpoint config")
    70. 

  70. 				}
    71. 

  71. 				var any protobuf.Any
    72. 

  72. 				if err := proto.Unmarshal(data, &any); err != nil {
    73. 

  73. 					return err
    74. 

  74. 				}
    75. 

  75. 				c.Spec = &any
    76. 

  76. 			}
    77. 

  77. 		}
    78. 

  78. 		if rw != nil {
    79. 

  79. 			// apply the rw snapshot to the new rw layer
    80. 

  80. 			mounts, err := client.SnapshotService(c.Snapshotter).Mounts(ctx, snapshotKey)
    81. 

  81. 			if err != nil {
    82. 

  82. 				return errors.Wrapf(err, "unable to get mounts for %s", snapshotKey)
    83. 

  83. 			}
    84. 

  84. 			if _, err := client.DiffService().Apply(ctx, *rw, mounts); err != nil {
    85. 

  85. 				return errors.Wrap(err, "unable to apply rw diff")
    86. 

  86. 			}
    87. 

  87. 		}
    88. 

  88. 		c.SnapshotKey = snapshotKey
    89. 

  89. 		return nil
    90. 

  90. 	}
    91. 

  91. }
    92. 

  92. 

  93. // WithTaskCheckpoint allows a task to be created with live runtime and memory data from a
    94. 

  94. // previous checkpoint. Additional software such as CRIU may be required to
    95. 

  95. // restore a task from a checkpoint
    96. 

  96. func WithTaskCheckpoint(im Image) NewTaskOpts {
    97. 

  97. 	return func(ctx context.Context, c *Client, info *TaskInfo) error {
    98. 

  98. 		desc := im.Target()
    99. 

  99. 		id := desc.Digest
    100. 

  100. 		index, err := decodeIndex(ctx, c.ContentStore(), id)
    101. 

  101. 		if err != nil {
    102. 

  102. 			return err
    103. 

  103. 		}
    104. 

  104. 		for _, m := range index.Manifests {
    105. 

  105. 			if m.MediaType == images.MediaTypeContainerd1Checkpoint {
    106. 

  106. 				info.Checkpoint = &types.Descriptor{
    107. 

  107. 					MediaType: m.MediaType,
    108. 

  108. 					Size_:     m.Size,
    109. 

  109. 					Digest:    m.Digest,
    110. 

  110. 				}
    111. 

  111. 				return nil
    112. 

  112. 			}
    113. 

  113. 		}
    114. 

  114. 		return fmt.Errorf("checkpoint not found in index %s", id)
    115. 

  115. 	}
    116. 

  116. }
    117. 

  117. 

  118. func decodeIndex(ctx context.Context, store content.Store, id digest.Digest) (*v1.Index, error) {
    119. 

  119. 	var index v1.Index
    120. 

  120. 	p, err := content.ReadBlob(ctx, store, id)
    121. 

  121. 	if err != nil {
    122. 

  122. 		return nil, err
    123. 

  123. 	}
    124. 

  124. 	if err := json.Unmarshal(p, &index); err != nil {
    125. 

  125. 		return nil, err
    126. 

  126. 	}
    127. 

  127. 

  128. 	return &index, nil
    129. 

  129. }
    130. 

  130. 

  131. // WithRemappedSnapshot creates a new snapshot and remaps the uid/gid for the
    132. 

  132. // filesystem to be used by a container with user namespaces
    133. 

  133. func WithRemappedSnapshot(id string, i Image, uid, gid uint32) NewContainerOpts {
    134. 

  134. 	return withRemappedSnapshotBase(id, i, uid, gid, false)
    135. 

  135. }
    136. 

  136. 

  137. // WithRemappedSnapshotView is similar to WithRemappedSnapshot but rootfs is mounted as read-only.
    138. 

  138. func WithRemappedSnapshotView(id string, i Image, uid, gid uint32) NewContainerOpts {
    139. 

  139. 	return withRemappedSnapshotBase(id, i, uid, gid, true)
    140. 

  140. }
    141. 

  141. 

  142. func withRemappedSnapshotBase(id string, i Image, uid, gid uint32, readonly bool) NewContainerOpts {
    143. 

  143. 	return func(ctx context.Context, client *Client, c *containers.Container) error {
    144. 

  144. 		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), platforms.Default())
    145. 

  145. 		if err != nil {
    146. 

  146. 			return err
    147. 

  147. 		}
    148. 

  148. 

  149. 		setSnapshotterIfEmpty(c)
    150. 

  150. 

  151. 		var (
    152. 

  152. 			snapshotter = client.SnapshotService(c.Snapshotter)
    153. 

  153. 			parent      = identity.ChainID(diffIDs).String()
    154. 

  154. 			usernsID    = fmt.Sprintf("%s-%d-%d", parent, uid, gid)
    155. 

  155. 		)
    156. 

  156. 		if _, err := snapshotter.Stat(ctx, usernsID); err == nil {
    157. 

  157. 			if _, err := snapshotter.Prepare(ctx, id, usernsID); err == nil {
    158. 

  158. 				c.SnapshotKey = id
    159. 

  159. 				c.Image = i.Name()
    160. 

  160. 				return nil
    161. 

  161. 			} else if !errdefs.IsNotFound(err) {
    162. 

  162. 				return err
    163. 

  163. 			}
    164. 

  164. 		}
    165. 

  165. 		mounts, err := snapshotter.Prepare(ctx, usernsID+"-remap", parent)
    166. 

  166. 		if err != nil {
    167. 

  167. 			return err
    168. 

  168. 		}
    169. 

  169. 		if err := remapRootFS(mounts, uid, gid); err != nil {
    170. 

  170. 			snapshotter.Remove(ctx, usernsID)
    171. 

  171. 			return err
    172. 

  172. 		}
    173. 

  173. 		if err := snapshotter.Commit(ctx, usernsID, usernsID+"-remap"); err != nil {
    174. 

  174. 			return err
    175. 

  175. 		}
    176. 

  176. 		if readonly {
    177. 

  177. 			_, err = snapshotter.View(ctx, id, usernsID)
    178. 

  178. 		} else {
    179. 

  179. 			_, err = snapshotter.Prepare(ctx, id, usernsID)
    180. 

  180. 		}
    181. 

  181. 		if err != nil {
    182. 

  182. 			return err
    183. 

  183. 		}
    184. 

  184. 		c.SnapshotKey = id
    185. 

  185. 		c.Image = i.Name()
    186. 

  186. 		return nil
    187. 

  187. 	}
    188. 

  188. }
    189. 

  189. 

  190. func remapRootFS(mounts []mount.Mount, uid, gid uint32) error {
    191. 

  191. 	root, err := ioutil.TempDir("", "ctd-remap")
    192. 

  192. 	if err != nil {
    193. 

  193. 		return err
    194. 

  194. 	}
    195. 

  195. 	defer os.Remove(root)
    196. 

  196. 	for _, m := range mounts {
    197. 

  197. 		if err := m.Mount(root); err != nil {
    198. 

  198. 			return err
    199. 

  199. 		}
    200. 

  200. 	}
    201. 

  201. 	err = filepath.Walk(root, incrementFS(root, uid, gid))
    202. 

  202. 	if uerr := mount.Unmount(root, 0); err == nil {
    203. 

  203. 		err = uerr
    204. 

  204. 	}
    205. 

  205. 	return err
    206. 

  206. }
    207. 

  207. 

  208. func incrementFS(root string, uidInc, gidInc uint32) filepath.WalkFunc {
    209. 

  209. 	return func(path string, info os.FileInfo, err error) error {
    210. 

  210. 		if err != nil {
    211. 

  211. 			return err
    212. 

  212. 		}
    213. 

  213. 		var (
    214. 

  214. 			stat = info.Sys().(*syscall.Stat_t)
    215. 

  215. 			u, g = int(stat.Uid + uidInc), int(stat.Gid + gidInc)
    216. 

  216. 		)
    217. 

  217. 		// be sure the lchown the path as to not de-reference the symlink to a host file
    218. 

  218. 		return os.Lchown(path, u, g)
    219. 

  219. 	}
    220. 

  220. }
    221.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5