summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/oci.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen/generate/oci.go')
-rw-r--r--pkg/specgen/generate/oci.go28
1 files changed, 20 insertions, 8 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 4bc4d2327..0ed091f9a 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -6,8 +6,8 @@ import (
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/rootless"
- createconfig "github.com/containers/libpod/pkg/spec"
"github.com/containers/libpod/pkg/specgen"
+ "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
)
@@ -73,7 +73,7 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
}
gid5Available := true
if isRootless {
- nGids, err := createconfig.GetAvailableGids()
+ nGids, err := GetAvailableGids()
if err != nil {
return nil, err
}
@@ -120,7 +120,7 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
g.RemoveMount("/proc")
procMount := spec.Mount{
Destination: "/proc",
- Type: createconfig.TypeBind,
+ Type: TypeBind,
Source: "/proc",
Options: []string{"rbind", "nosuid", "noexec", "nodev"},
}
@@ -152,12 +152,12 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
// If privileged, we need to add all the host devices to the
// spec. We do not add the user provided ones because we are
// already adding them all.
- if err := createconfig.AddPrivilegedDevices(&g); err != nil {
+ if err := addPrivilegedDevices(&g); err != nil {
return nil, err
}
} else {
for _, device := range s.Devices {
- if err := createconfig.DevicesFromPath(&g, device.Path); err != nil {
+ if err := DevicesFromPath(&g, device.Path); err != nil {
return nil, err
}
}
@@ -170,7 +170,7 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
g.SetProcessApparmorProfile(s.ApparmorProfile)
}
- createconfig.BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), &g)
+ BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), &g)
for name, val := range s.Env {
g.AddProcessEnv(name, val)
@@ -214,9 +214,9 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
}
// BIND MOUNTS
- configSpec.Mounts = createconfig.SupercedeUserMounts(s.Mounts, configSpec.Mounts)
+ configSpec.Mounts = SupercedeUserMounts(s.Mounts, configSpec.Mounts)
// Process mounts to ensure correct options
- if err := createconfig.InitFSMounts(configSpec.Mounts); err != nil {
+ if err := InitFSMounts(configSpec.Mounts); err != nil {
return nil, err
}
@@ -257,3 +257,15 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
return configSpec, nil
}
+
+func GetAvailableGids() (int64, error) {
+ idMap, err := user.ParseIDMapFile("/proc/self/gid_map")
+ if err != nil {
+ return 0, err
+ }
+ count := int64(0)
+ for _, r := range idMap {
+ count += r.Count
+ }
+ return count, nil
+}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-05 22:45:39 +0000