summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/container.go34
-rw-r--r--pkg/specgen/generate/oci.go44
2 files changed, 62 insertions, 16 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 31465d8bf..8c02731fd 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -13,6 +13,7 @@ import (
)
func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) error {
+ var appendEntryPoint bool
newImage, err := r.ImageRuntime().NewFromLocal(s.Image)
if err != nil {
@@ -64,6 +65,16 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
}
// annotations
+
+ // Add annotations from the image
+ annotations, err := newImage.Annotations(ctx)
+ if err != nil {
+ return err
+ }
+ for k, v := range annotations {
+ annotations[k] = v
+ }
+
// in the event this container is in a pod, and the pod has an infra container
// we will want to configure it as a type "container" instead defaulting to
// the behavior of a "sandbox" container
@@ -72,20 +83,17 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
// VM, which is the default behavior
// - "container" denotes the container should join the VM of the SandboxID
// (the infra container)
- s.Annotations = make(map[string]string)
+
if len(s.Pod) > 0 {
- s.Annotations[ann.SandboxID] = s.Pod
- s.Annotations[ann.ContainerType] = ann.ContainerTypeContainer
- }
- //
- // Next, add annotations from the image
- annotations, err := newImage.Annotations(ctx)
- if err != nil {
- return err
+ annotations[ann.SandboxID] = s.Pod
+ annotations[ann.ContainerType] = ann.ContainerTypeContainer
}
- for k, v := range annotations {
+
+ // now pass in the values from client
+ for k, v := range s.Annotations {
annotations[k] = v
}
+ s.Annotations = annotations
// entrypoint
entrypoint, err := newImage.Entrypoint(ctx)
@@ -93,6 +101,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
return err
}
if len(s.Entrypoint) < 1 && len(entrypoint) > 0 {
+ appendEntryPoint = true
s.Entrypoint = entrypoint
}
command, err := newImage.Cmd(ctx)
@@ -100,7 +109,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
return err
}
if len(s.Command) < 1 && len(command) > 0 {
- s.Command = command
+ if appendEntryPoint {
+ s.Command = entrypoint
+ }
+ s.Command = append(s.Command, command...)
}
if len(s.Command) < 1 && len(s.Entrypoint) < 1 {
return errors.Errorf("No command provided or as CMD or ENTRYPOINT in this image")
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 0ed091f9a..fc269cd44 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -12,6 +12,42 @@ import (
"github.com/opencontainers/runtime-tools/generate"
)
+func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
+ var (
+ kernelMax uint64 = 1048576
+ isRootless = rootless.IsRootless()
+ nofileSet = false
+ nprocSet = false
+ )
+
+ if s.Rlimits == nil {
+ g.Config.Process.Rlimits = nil
+ return nil
+ }
+
+ for _, u := range s.Rlimits {
+ name := "RLIMIT_" + strings.ToUpper(u.Type)
+ if name == "RLIMIT_NOFILE" {
+ nofileSet = true
+ } else if name == "RLIMIT_NPROC" {
+ nprocSet = true
+ }
+ g.AddProcessRlimits(name, u.Hard, u.Soft)
+ }
+
+ // If not explicitly overridden by the user, default number of open
+ // files and number of processes to the maximum they can be set to
+ // (without overriding a sysctl)
+ if !nofileSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax)
+ }
+ if !nprocSet && !isRootless {
+ g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax)
+ }
+
+ return nil
+}
+
func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.Image) (*spec.Spec, error) {
var (
inUserNS bool
@@ -176,11 +212,9 @@ func SpecGenToOCI(s *specgen.SpecGenerator, rt *libpod.Runtime, newImage *image.
g.AddProcessEnv(name, val)
}
- // TODO rlimits and ulimits needs further refinement by someone more
- // familiar with the code.
- //if err := addRlimits(config, &g); err != nil {
- // return nil, err
- //}
+ if err := addRlimits(s, &g); err != nil {
+ return nil, err
+ }
// NAMESPACES