2021-08-23 13:14:53 +00:00
|
|
|
//go:build !windows
|
2020-07-07 20:33:46 +00:00
|
|
|
|
|
|
|
|
package daemon
|
|
|
|
|
|
|
|
|
|
import (
|
2023-04-05 11:32:03 +00:00
|
|
|
"bytes"
|
2023-06-23 00:33:17 +00:00
|
|
|
"context"
|
2022-08-31 20:12:30 +00:00
|
|
|
"crypto/sha256"
|
|
|
|
|
"encoding/base32"
|
2023-04-05 11:32:03 +00:00
|
|
|
"encoding/json"
|
2020-07-07 20:33:46 +00:00
|
|
|
"fmt"
|
2022-08-31 20:12:30 +00:00
|
|
|
"io"
|
2020-07-07 20:33:46 +00:00
|
|
|
"os"
|
|
|
|
|
"os/exec"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"strings"
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
"github.com/containerd/containerd/plugin"
|
2020-07-07 20:33:46 +00:00
|
|
|
v2runcoptions "github.com/containerd/containerd/runtime/v2/runc/options"
|
2022-08-31 21:24:22 +00:00
|
|
|
"github.com/containerd/containerd/runtime/v2/shim"
|
2023-09-13 15:41:45 +00:00
|
|
|
"github.com/containerd/log"
|
2020-07-07 20:33:46 +00:00
|
|
|
"github.com/docker/docker/daemon/config"
|
2021-01-04 19:43:19 +00:00
|
|
|
"github.com/docker/docker/errdefs"
|
2023-02-17 19:12:06 +00:00
|
|
|
"github.com/docker/docker/libcontainerd/shimopts"
|
2022-08-31 20:12:30 +00:00
|
|
|
"github.com/docker/docker/pkg/ioutils"
|
|
|
|
|
"github.com/docker/docker/pkg/system"
|
2023-04-05 11:32:03 +00:00
|
|
|
"github.com/opencontainers/runtime-spec/specs-go/features"
|
2020-07-07 20:33:46 +00:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
defaultRuntimeName = "runc"
|
2022-08-31 21:24:22 +00:00
|
|
|
|
|
|
|
|
// The runtime used to specify the containerd v2 runc shim
|
|
|
|
|
linuxV2RuntimeName = "io.containerd.runc.v2"
|
2020-07-07 20:33:46 +00:00
|
|
|
)
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
type shimConfig struct {
|
|
|
|
|
Shim string
|
|
|
|
|
Opts interface{}
|
|
|
|
|
Features *features.Features
|
|
|
|
|
|
|
|
|
|
// Check if the ShimConfig is valid given the current state of the system.
|
|
|
|
|
PreflightCheck func() error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type runtimes struct {
|
2022-08-31 21:24:22 +00:00
|
|
|
Default string
|
2022-08-31 20:12:30 +00:00
|
|
|
configured map[string]*shimConfig
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 21:24:22 +00:00
|
|
|
func stockRuntimes() map[string]string {
|
|
|
|
|
return map[string]string{
|
|
|
|
|
linuxV2RuntimeName: defaultRuntimeName,
|
|
|
|
|
config.StockRuntimeName: defaultRuntimeName,
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
func defaultV2ShimConfig(conf *config.Config, runtimePath string) *shimConfig {
|
|
|
|
|
shim := &shimConfig{
|
|
|
|
|
Shim: plugin.RuntimeRuncV2,
|
2020-07-07 20:33:46 +00:00
|
|
|
Opts: &v2runcoptions.Options{
|
|
|
|
|
BinaryName: runtimePath,
|
|
|
|
|
Root: filepath.Join(conf.ExecRoot, "runtime-"+defaultRuntimeName),
|
|
|
|
|
SystemdCgroup: UsingSystemd(conf),
|
|
|
|
|
NoPivotRoot: os.Getenv("DOCKER_RAMDISK") != "",
|
|
|
|
|
},
|
|
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
|
|
|
|
|
var featuresStderr bytes.Buffer
|
|
|
|
|
featuresCmd := exec.Command(runtimePath, "features")
|
|
|
|
|
featuresCmd.Stderr = &featuresStderr
|
|
|
|
|
if featuresB, err := featuresCmd.Output(); err != nil {
|
2023-06-23 00:33:17 +00:00
|
|
|
log.G(context.TODO()).WithError(err).Warnf("Failed to run %v: %q", featuresCmd.Args, featuresStderr.String())
|
2022-08-31 20:12:30 +00:00
|
|
|
} else {
|
|
|
|
|
var features features.Features
|
|
|
|
|
if jsonErr := json.Unmarshal(featuresB, &features); jsonErr != nil {
|
2023-06-23 00:33:17 +00:00
|
|
|
log.G(context.TODO()).WithError(err).Warnf("Failed to unmarshal the output of %v as a JSON", featuresCmd.Args)
|
2022-08-31 20:12:30 +00:00
|
|
|
} else {
|
|
|
|
|
shim.Features = &features
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return shim
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
func runtimeScriptsDir(cfg *config.Config) string {
|
|
|
|
|
return filepath.Join(cfg.Root, "runtimes")
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
// initRuntimesDir creates a fresh directory where we'll store the runtime
|
|
|
|
|
// scripts (i.e. in order to support runtimeArgs).
|
|
|
|
|
func initRuntimesDir(cfg *config.Config) error {
|
|
|
|
|
runtimeDir := runtimeScriptsDir(cfg)
|
|
|
|
|
if err := os.RemoveAll(runtimeDir); err != nil {
|
|
|
|
|
return err
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
2023-08-24 15:59:22 +00:00
|
|
|
return system.MkdirAll(runtimeDir, 0o700)
|
2022-08-31 20:12:30 +00:00
|
|
|
}
|
2020-07-07 20:33:46 +00:00
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
func setupRuntimes(cfg *config.Config) (runtimes, error) {
|
2022-08-31 21:24:22 +00:00
|
|
|
if _, ok := cfg.Runtimes[config.StockRuntimeName]; ok {
|
|
|
|
|
return runtimes{}, errors.Errorf("runtime name '%s' is reserved", config.StockRuntimeName)
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
newrt := runtimes{
|
2022-08-31 21:24:22 +00:00
|
|
|
Default: cfg.DefaultRuntime,
|
2022-08-31 20:12:30 +00:00
|
|
|
configured: make(map[string]*shimConfig),
|
|
|
|
|
}
|
2022-08-31 21:24:22 +00:00
|
|
|
for name, path := range stockRuntimes() {
|
|
|
|
|
newrt.configured[name] = defaultV2ShimConfig(cfg, path)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if newrt.Default != "" {
|
|
|
|
|
_, isStock := newrt.configured[newrt.Default]
|
|
|
|
|
_, isConfigured := cfg.Runtimes[newrt.Default]
|
|
|
|
|
if !isStock && !isConfigured && !isPermissibleC8dRuntimeName(newrt.Default) {
|
|
|
|
|
return runtimes{}, errors.Errorf("specified default runtime '%s' does not exist", newrt.Default)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
newrt.Default = config.StockRuntimeName
|
|
|
|
|
}
|
2020-07-07 20:33:46 +00:00
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
dir := runtimeScriptsDir(cfg)
|
|
|
|
|
for name, rt := range cfg.Runtimes {
|
|
|
|
|
var c *shimConfig
|
2023-02-17 19:12:06 +00:00
|
|
|
if rt.Path == "" && rt.Type == "" {
|
2022-08-31 20:12:30 +00:00
|
|
|
return runtimes{}, errors.Errorf("runtime %s: either a runtimeType or a path must be configured", name)
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
2023-02-17 19:12:06 +00:00
|
|
|
if rt.Path != "" {
|
|
|
|
|
if rt.Type != "" {
|
2022-08-31 20:12:30 +00:00
|
|
|
return runtimes{}, errors.Errorf("runtime %s: cannot configure both path and runtimeType for the same runtime", name)
|
2023-02-17 19:12:06 +00:00
|
|
|
}
|
|
|
|
|
if len(rt.Options) > 0 {
|
2022-08-31 20:12:30 +00:00
|
|
|
return runtimes{}, errors.Errorf("runtime %s: options cannot be used with a path runtime", name)
|
2023-02-17 19:12:06 +00:00
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
binaryName := rt.Path
|
|
|
|
|
needsWrapper := len(rt.Args) > 0
|
|
|
|
|
if needsWrapper {
|
|
|
|
|
var err error
|
|
|
|
|
binaryName, err = wrapRuntime(dir, name, rt.Path, rt.Args)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return runtimes{}, err
|
2023-02-17 19:12:06 +00:00
|
|
|
}
|
|
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
c = defaultV2ShimConfig(cfg, binaryName)
|
|
|
|
|
if needsWrapper {
|
|
|
|
|
path := rt.Path
|
|
|
|
|
c.PreflightCheck = func() error {
|
|
|
|
|
// Check that the runtime path actually exists so that we can return a well known error.
|
|
|
|
|
_, err := exec.LookPath(path)
|
|
|
|
|
return errors.Wrap(err, "error while looking up the specified runtime path")
|
2023-04-05 11:32:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-02-17 19:12:06 +00:00
|
|
|
} else {
|
|
|
|
|
if len(rt.Args) > 0 {
|
2022-08-31 20:12:30 +00:00
|
|
|
return runtimes{}, errors.Errorf("runtime %s: args cannot be used with a runtimeType runtime", name)
|
2023-02-17 19:12:06 +00:00
|
|
|
}
|
|
|
|
|
// Unlike implicit runtimes, there is no restriction on configuring a shim by path.
|
2022-08-31 20:12:30 +00:00
|
|
|
c = &shimConfig{Shim: rt.Type}
|
2023-02-17 19:12:06 +00:00
|
|
|
if len(rt.Options) > 0 {
|
|
|
|
|
// It has to be a pointer type or there'll be a panic in containerd/typeurl when we try to start the container.
|
2022-08-31 20:12:30 +00:00
|
|
|
var err error
|
|
|
|
|
c.Opts, err = shimopts.Generate(rt.Type, rt.Options)
|
2023-02-17 19:12:06 +00:00
|
|
|
if err != nil {
|
2022-08-31 20:12:30 +00:00
|
|
|
return runtimes{}, errors.Wrapf(err, "runtime %v", name)
|
2023-02-17 19:12:06 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
newrt.configured[name] = c
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
|
|
|
|
|
return newrt, nil
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
// A non-standard Base32 encoding which lacks vowels to avoid accidentally
|
|
|
|
|
// spelling naughty words. Don't use this to encode any data which requires
|
|
|
|
|
// compatibility with anything outside of the currently-running process.
|
|
|
|
|
var base32Disemvoweled = base32.NewEncoding("0123456789BCDFGHJKLMNPQRSTVWXYZ-")
|
|
|
|
|
|
|
|
|
|
// wrapRuntime writes a shell script to dir which will execute binary with args
|
|
|
|
|
// concatenated to the script's argv. This is needed because the
|
|
|
|
|
// io.containerd.runc.v2 shim has no options for passing extra arguments to the
|
|
|
|
|
// runtime binary.
|
|
|
|
|
func wrapRuntime(dir, name, binary string, args []string) (string, error) {
|
|
|
|
|
var wrapper bytes.Buffer
|
|
|
|
|
sum := sha256.New()
|
|
|
|
|
_, _ = fmt.Fprintf(io.MultiWriter(&wrapper, sum), "#!/bin/sh\n%s %s $@\n", binary, strings.Join(args, " "))
|
|
|
|
|
// Generate a consistent name for the wrapper script derived from the
|
|
|
|
|
// contents so that multiple wrapper scripts can coexist with the same
|
|
|
|
|
// base name. The existing scripts might still be referenced by running
|
|
|
|
|
// containers.
|
|
|
|
|
suffix := base32Disemvoweled.EncodeToString(sum.Sum(nil))
|
|
|
|
|
scriptPath := filepath.Join(dir, name+"."+suffix)
|
2023-08-24 15:59:22 +00:00
|
|
|
if err := ioutils.AtomicWriteFile(scriptPath, wrapper.Bytes(), 0o700); err != nil {
|
2022-08-31 20:12:30 +00:00
|
|
|
return "", err
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
return scriptPath, nil
|
2020-07-07 20:33:46 +00:00
|
|
|
}
|
2021-01-04 19:43:19 +00:00
|
|
|
|
2022-08-31 21:24:22 +00:00
|
|
|
// Get returns the containerd runtime and options for name, suitable to pass
|
|
|
|
|
// into containerd.WithRuntime(). The runtime and options for the default
|
|
|
|
|
// runtime are returned when name is the empty string.
|
2022-08-31 20:12:30 +00:00
|
|
|
func (r *runtimes) Get(name string) (string, interface{}, error) {
|
2022-08-31 21:24:22 +00:00
|
|
|
if name == "" {
|
|
|
|
|
name = r.Default
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
rt := r.configured[name]
|
|
|
|
|
if rt != nil {
|
|
|
|
|
if rt.PreflightCheck != nil {
|
|
|
|
|
if err := rt.PreflightCheck(); err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
daemon: support other containerd runtimes (MVP)
Contrary to popular belief, the OCI Runtime specification does not
specify the command-line API for runtimes. Looking at containerd's
architecture from the lens of the OCI Runtime spec, the _shim_ is the
OCI Runtime and runC is "just" an implementation detail of the
io.containerd.runc.v2 runtime. When one configures a non-default runtime
in Docker, what they're really doing is instructing Docker to create
containers using the io.containerd.runc.v2 runtime with a configuration
option telling the runtime that the runC binary is at some non-default
path. Consequently, only OCI runtimes which are compatible with the
io.containerd.runc.v2 shim, such as crun, can be used in this manner.
Other OCI runtimes, including kata-containers v2, come with their own
containerd shim and are not compatible with io.containerd.runc.v2.
As Docker has not historically provided a way to select a non-default
runtime which requires its own shim, runtimes such as kata-containers v2
could not be used with Docker.
Allow other containerd shims to be used with Docker; no daemon
configuration required. If the daemon is instructed to create a
container with a runtime name which does not match any of the configured
or stock runtimes, it passes the name along to containerd verbatim. A
user can start a container with the kata-containers runtime, for
example, simply by calling
docker run --runtime io.containerd.kata.v2
Runtime names which containerd would interpret as a path to an arbitrary
binary are disallowed. While handy for development and testing it is not
strictly necessary and would allow anyone with Engine API access to
trivially execute any binary on the host as root, so we have decided it
would be safest for our users if it was not allowed.
It is not yet possible to set an alternative containerd shim as the
default runtime; it can only be configured per-container.
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-07-20 20:12:01 +00:00
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
return rt.Shim, rt.Opts, nil
|
2021-01-04 19:43:19 +00:00
|
|
|
}
|
|
|
|
|
|
2022-08-31 21:24:22 +00:00
|
|
|
if !isPermissibleC8dRuntimeName(name) {
|
2022-08-31 20:12:30 +00:00
|
|
|
return "", nil, errdefs.InvalidParameter(errors.Errorf("unknown or invalid runtime name: %s", name))
|
2021-01-04 19:43:19 +00:00
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
return name, nil, nil
|
|
|
|
|
}
|
2021-01-04 19:43:19 +00:00
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
func (r *runtimes) Features(name string) *features.Features {
|
2022-08-31 21:24:22 +00:00
|
|
|
if name == "" {
|
|
|
|
|
name = r.Default
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 20:12:30 +00:00
|
|
|
rt := r.configured[name]
|
|
|
|
|
if rt != nil {
|
|
|
|
|
return rt.Features
|
2021-01-04 19:43:19 +00:00
|
|
|
}
|
2022-08-31 20:12:30 +00:00
|
|
|
return nil
|
2021-01-04 19:43:19 +00:00
|
|
|
}
|
2022-08-31 21:24:22 +00:00
|
|
|
|
|
|
|
|
// isPermissibleC8dRuntimeName tests whether name is safe to pass into
|
|
|
|
|
// containerd as a runtime name, and whether the name is well-formed.
|
|
|
|
|
// It does not check if the runtime is installed.
|
|
|
|
|
//
|
|
|
|
|
// A runtime name containing slash characters is interpreted by containerd as
|
|
|
|
|
// the path to a runtime binary. If we allowed this, anyone with Engine API
|
|
|
|
|
// access could get containerd to execute an arbitrary binary as root. Although
|
|
|
|
|
// Engine API access is already equivalent to root on the host, the runtime name
|
|
|
|
|
// has not historically been a vector to run arbitrary code as root so users are
|
|
|
|
|
// not expecting it to become one.
|
|
|
|
|
//
|
|
|
|
|
// This restriction is not configurable. There are viable workarounds for
|
|
|
|
|
// legitimate use cases: administrators and runtime developers can make runtimes
|
|
|
|
|
// available for use with Docker by installing them onto PATH following the
|
|
|
|
|
// [binary naming convention] for containerd Runtime v2.
|
|
|
|
|
//
|
|
|
|
|
// [binary naming convention]: https://github.com/containerd/containerd/blob/main/runtime/v2/README.md#binary-naming
|
|
|
|
|
func isPermissibleC8dRuntimeName(name string) bool {
|
|
|
|
|
// containerd uses a rather permissive test to validate runtime names:
|
|
|
|
|
//
|
|
|
|
|
// - Any name for which filepath.IsAbs(name) is interpreted as the absolute
|
|
|
|
|
// path to a shim binary. We want to block this behaviour.
|
|
|
|
|
// - Any name which contains at least one '.' character and no '/' characters
|
|
|
|
|
// and does not begin with a '.' character is a valid runtime name. The shim
|
|
|
|
|
// binary name is derived from the final two components of the name and
|
|
|
|
|
// searched for on the PATH. The name "a.." is technically valid per
|
|
|
|
|
// containerd's implementation: it would resolve to a binary named
|
|
|
|
|
// "containerd-shim---".
|
|
|
|
|
//
|
|
|
|
|
// https://github.com/containerd/containerd/blob/11ded166c15f92450958078cd13c6d87131ec563/runtime/v2/manager.go#L297-L317
|
|
|
|
|
// https://github.com/containerd/containerd/blob/11ded166c15f92450958078cd13c6d87131ec563/runtime/v2/shim/util.go#L83-L93
|
|
|
|
|
return !filepath.IsAbs(name) && !strings.ContainsRune(name, '/') && shim.BinaryName(name) != ""
|
|
|
|
|
}
|
