diff --git a/libcontainerd/remote/client.go b/libcontainerd/remote/client.go index 11a9ebd2cb..4110e41e7e 100644 --- a/libcontainerd/remote/client.go +++ b/libcontainerd/remote/client.go @@ -212,16 +212,14 @@ func (c *client) Create(ctx context.Context, id string, ociSpec *specs.Spec, run return errors.WithStack(errdefs.Conflict(errors.New("id already in use"))) } - bdir, err := prepareBundleDir(filepath.Join(c.stateDir, id), ociSpec) - if err != nil { - return errdefs.System(errors.Wrap(err, "prepare bundle dir failed")) - } - + bdir := filepath.Join(c.stateDir, id) c.logger.WithField("bundle", bdir).WithField("root", ociSpec.Root.Path).Debug("bundle dir created") cdCtr, err := c.client.NewContainer(ctx, id, containerd.WithSpec(ociSpec), - containerd.WithRuntime(runtimeName, runtimeOptions)) + containerd.WithRuntime(runtimeName, runtimeOptions), + WithBundle(bdir, ociSpec), + ) if err != nil { return wrapError(err) } diff --git a/libcontainerd/remote/client_linux.go b/libcontainerd/remote/client_linux.go index 22e764fbd1..1a43cc771a 100644 --- a/libcontainerd/remote/client_linux.go +++ b/libcontainerd/remote/client_linux.go @@ -9,6 +9,7 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/cio" + "github.com/containerd/containerd/containers" libcontainerdtypes "github.com/docker/docker/libcontainerd/types" "github.com/docker/docker/pkg/idtools" "github.com/opencontainers/runtime-spec/specs-go" @@ -58,29 +59,31 @@ func getSpecUser(ociSpec *specs.Spec) (int, int) { return uid, gid } -func prepareBundleDir(bundleDir string, ociSpec *specs.Spec) (string, error) { - uid, gid := getSpecUser(ociSpec) - if uid == 0 && gid == 0 { - return bundleDir, idtools.MkdirAllAndChownNew(bundleDir, 0755, idtools.Identity{UID: 0, GID: 0}) - } - - p := string(filepath.Separator) - components := strings.Split(bundleDir, string(filepath.Separator)) - for _, d := range components[1:] { - p = filepath.Join(p, d) - fi, err := os.Stat(p) - if err != nil && !os.IsNotExist(err) { - return "", err +// WithBundle creates the bundle for the container +func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOpts { + return func(ctx context.Context, client *containerd.Client, c *containers.Container) error { + uid, gid := getSpecUser(ociSpec) + if uid == 0 && gid == 0 { + return idtools.MkdirAllAndChownNew(bundleDir, 0755, idtools.Identity{UID: 0, GID: 0}) } - if os.IsNotExist(err) || fi.Mode()&1 == 0 { - p = fmt.Sprintf("%s.%d.%d", p, uid, gid) - if err := idtools.MkdirAndChown(p, 0700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) { - return "", err + + p := string(filepath.Separator) + components := strings.Split(bundleDir, string(filepath.Separator)) + for _, d := range components[1:] { + p = filepath.Join(p, d) + fi, err := os.Stat(p) + if err != nil && !os.IsNotExist(err) { + return err + } + if os.IsNotExist(err) || fi.Mode()&1 == 0 { + p = fmt.Sprintf("%s.%d.%d", p, uid, gid) + if err := idtools.MkdirAndChown(p, 0700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) { + return err + } } } + return nil } - - return p, nil } func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet { diff --git a/libcontainerd/remote/client_windows.go b/libcontainerd/remote/client_windows.go index d6885622f9..66f588a116 100644 --- a/libcontainerd/remote/client_windows.go +++ b/libcontainerd/remote/client_windows.go @@ -7,7 +7,9 @@ import ( "path/filepath" "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options" + "github.com/containerd/containerd" "github.com/containerd/containerd/cio" + "github.com/containerd/containerd/containers" libcontainerdtypes "github.com/docker/docker/libcontainerd/types" specs "github.com/opencontainers/runtime-spec/specs-go" @@ -35,9 +37,12 @@ func summaryFromInterface(i interface{}) (*libcontainerdtypes.Summary, error) { } } -func prepareBundleDir(bundleDir string, ociSpec *specs.Spec) (string, error) { - // TODO: (containerd) Determine if we need to use system.MkdirAllWithACL here - return bundleDir, os.MkdirAll(bundleDir, 0755) +// WithBundle creates the bundle for the container +func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOpts { + return func(ctx context.Context, client *containerd.Client, c *containers.Container) error { + // TODO: (containerd) Determine if we need to use system.MkdirAllWithACL here + return os.MkdirAll(bundleDir, 0755) + } } func pipeName(containerID, processID, name string) string {