summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/specgen/generate/container_create.go18
-rw-r--r--pkg/specgen/generate/namespaces.go10
2 files changed, 20 insertions, 8 deletions
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 7d792b3b1..dc116d1e6 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -6,7 +6,7 @@ import (
"path/filepath"
"strings"
- cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
+ cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
"github.com/containers/common/libimage"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
@@ -199,20 +199,21 @@ func ExecuteCreate(ctx context.Context, rt *libpod.Runtime, runtimeSpec *spec.Sp
return ctr, rt.PrepareVolumeOnCreateContainer(ctx, ctr)
}
+// ExtractCDIDevices process the list of Devices in the spec and determines if any of these are CDI devices.
+// The CDI devices are added to the list of CtrCreateOptions.
+// Note that this may modify the device list associated with the spec, which should then only contain non-CDI devices.
func ExtractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption {
devs := make([]spec.LinuxDevice, 0, len(s.Devices))
var cdiDevs []string
var options []libpod.CtrCreateOption
for _, device := range s.Devices {
- isCDIDevice, err := cdi.HasDevice(device.Path)
- if err != nil {
- logrus.Debugf("CDI HasDevice Error: %v", err)
- }
- if err == nil && isCDIDevice {
+ if isCDIDevice(device.Path) {
+ logrus.Debugf("Identified CDI device %v", device.Path)
cdiDevs = append(cdiDevs, device.Path)
continue
}
+ logrus.Debugf("Non-CDI device %v; assuming standard device", device.Path)
devs = append(devs, device)
}
s.Devices = devs
@@ -222,6 +223,11 @@ func ExtractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption {
return options
}
+// isCDIDevice checks whether the specified device is a CDI device.
+func isCDIDevice(device string) bool {
+ return cdi.IsQualifiedName(device)
+}
+
func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, imageData *libimage.ImageData, command []string, infraVolumes bool, compatibleOptions libpod.InfraInherit) ([]libpod.CtrCreateOption, error) {
var options []libpod.CtrCreateOption
var err error
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index b04cf30f5..760fbe2b9 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -193,8 +193,14 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
// This wipes the UserNS settings that get set from the infra container
// when we are inheritting from the pod. So only apply this if the container
// is not being created in a pod.
- if s.IDMappings != nil && pod == nil {
- toReturn = append(toReturn, libpod.WithIDMappings(*s.IDMappings))
+ if s.IDMappings != nil {
+ if pod == nil {
+ toReturn = append(toReturn, libpod.WithIDMappings(*s.IDMappings))
+ } else {
+ if pod.HasInfraContainer() && (len(s.IDMappings.UIDMap) > 0 || len(s.IDMappings.GIDMap) > 0) {
+ return nil, errors.Wrapf(define.ErrInvalidArg, "cannot specify a new uid/gid map when entering a pod with an infra container")
+ }
+ }
}
if s.User != "" {
toReturn = append(toReturn, libpod.WithUser(s.User))