diff options
Diffstat (limited to 'pkg/specgen')
| -rw-r--r-- | pkg/specgen/generate/container_create.go | 18 | ||||
| -rw-r--r-- | pkg/specgen/generate/namespaces.go | 10 |
2 files changed, 20 insertions, 8 deletions
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 7d792b3b1..dc116d1e6 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -6,7 +6,7 @@ import ( "path/filepath" "strings" - cdi "github.com/container-orchestrated-devices/container-device-interface/pkg" + cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi" "github.com/containers/common/libimage" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" @@ -199,20 +199,21 @@ func ExecuteCreate(ctx context.Context, rt *libpod.Runtime, runtimeSpec *spec.Sp return ctr, rt.PrepareVolumeOnCreateContainer(ctx, ctr) } +// ExtractCDIDevices process the list of Devices in the spec and determines if any of these are CDI devices. +// The CDI devices are added to the list of CtrCreateOptions. +// Note that this may modify the device list associated with the spec, which should then only contain non-CDI devices. func ExtractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption { devs := make([]spec.LinuxDevice, 0, len(s.Devices)) var cdiDevs []string var options []libpod.CtrCreateOption for _, device := range s.Devices { - isCDIDevice, err := cdi.HasDevice(device.Path) - if err != nil { - logrus.Debugf("CDI HasDevice Error: %v", err) - } - if err == nil && isCDIDevice { + if isCDIDevice(device.Path) { + logrus.Debugf("Identified CDI device %v", device.Path) cdiDevs = append(cdiDevs, device.Path) continue } + logrus.Debugf("Non-CDI device %v; assuming standard device", device.Path) devs = append(devs, device) } s.Devices = devs @@ -222,6 +223,11 @@ func ExtractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption { return options } +// isCDIDevice checks whether the specified device is a CDI device. +func isCDIDevice(device string) bool { + return cdi.IsQualifiedName(device) +} + func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, imageData *libimage.ImageData, command []string, infraVolumes bool, compatibleOptions libpod.InfraInherit) ([]libpod.CtrCreateOption, error) { var options []libpod.CtrCreateOption var err error diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index b04cf30f5..760fbe2b9 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -193,8 +193,14 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. // This wipes the UserNS settings that get set from the infra container // when we are inheritting from the pod. So only apply this if the container // is not being created in a pod. - if s.IDMappings != nil && pod == nil { - toReturn = append(toReturn, libpod.WithIDMappings(*s.IDMappings)) + if s.IDMappings != nil { + if pod == nil { + toReturn = append(toReturn, libpod.WithIDMappings(*s.IDMappings)) + } else { + if pod.HasInfraContainer() && (len(s.IDMappings.UIDMap) > 0 || len(s.IDMappings.GIDMap) > 0) { + return nil, errors.Wrapf(define.ErrInvalidArg, "cannot specify a new uid/gid map when entering a pod with an infra container") + } + } } if s.User != "" { toReturn = append(toReturn, libpod.WithUser(s.User)) |