diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2017-12-19 09:07:49 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-12-19 18:51:52 +0000 |
| commit | 94a810751539afeb1590ccc1a9745f1d5767fda2 (patch) | |
| tree | 0e143bd90c976c60db4f0435d12c6266e0fe3e72 /cmd/podman/spec.go | |
| parent | c0432eb0e8a2c777a5c6d8caa01475c06553594c (diff) | |
| download | podman-94a810751539afeb1590ccc1a9745f1d5767fda2.tar.gz podman-94a810751539afeb1590ccc1a9745f1d5767fda2.tar.bz2 podman-94a810751539afeb1590ccc1a9745f1d5767fda2.zip | |
Add support for adding devices to container
Also add --quiet option to kpod create/run since
this will help with writing tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #140
Approved by: TomSweeneyRedHat
Diffstat (limited to 'cmd/podman/spec.go')
| -rw-r--r-- | cmd/podman/spec.go | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go index b13556d93..550f74218 100644 --- a/cmd/podman/spec.go +++ b/cmd/podman/spec.go @@ -10,6 +10,7 @@ import ( "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" "github.com/docker/go-units" + "github.com/opencontainers/runc/libcontainer/devices" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -163,6 +164,25 @@ func setupCapabilities(config *createConfig, configSpec *spec.Spec) error { return nil } +func addDevice(g *generate.Generator, device string) error { + dev, err := devices.DeviceFromPath(device, "rwm") + if err != nil { + return errors.Wrapf(err, "%s is not a valid device", device) + } + linuxdev := spec.LinuxDevice{ + Path: dev.Path, + Type: string(dev.Type), + Major: dev.Major, + Minor: dev.Minor, + FileMode: &dev.FileMode, + UID: &dev.Uid, + GID: &dev.Gid, + } + g.AddDevice(linuxdev) + g.AddLinuxResourcesDevice(true, string(dev.Type), &dev.Major, &dev.Minor, dev.Permissions) + return nil +} + // Parses information needed to create a container into an OCI runtime spec func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g := generate.New() @@ -233,6 +253,13 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g.SetLinuxResourcesCPUMems(config.Resources.CPUsetMems) } + // Devices + for _, device := range config.Devices { + if err := addDevice(&g, device); err != nil { + return nil, err + } + } + // SECURITY OPTS g.SetProcessNoNewPrivileges(config.NoNewPrivileges) g.SetProcessApparmorProfile(config.ApparmorProfile) @@ -321,7 +348,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { Hooks: &configSpec.Hooks{}, //Annotations Resources: &configSpec.LinuxResources{ - Devices: config.GetDefaultDevices(), BlockIO: &blkio, //HugepageLimits: Network: &configSpec.LinuxNetwork{ @@ -331,7 +357,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { }, //CgroupsPath: //Namespaces: []LinuxNamespace - //Devices // DefaultAction: // Architectures // Syscalls: |