首頁 探索 說明
註冊 登入
zhouyuhuan
/
Cloudpods
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 5a933a9c9f
分支列表 標籤列表
Cloudpods
/
backend
/
vendor
/
github.com
/
containerd
/
containerd
/
task_opts_unix.go

task_opts_unix.go 4.4 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. //go:build !windows
    2. 

  2. 

  3. /*
    4. 

  4.    Copyright The containerd Authors.
    5. 

  5. 

  6.    Licensed under the Apache License, Version 2.0 (the "License");
    7. 

  7.    you may not use this file except in compliance with the License.
    8. 

  8.    You may obtain a copy of the License at
    9. 

  9. 

  10.        http://www.apache.org/licenses/LICENSE-2.0
    11. 

  11. 

  12.    Unless required by applicable law or agreed to in writing, software
    13. 

  13.    distributed under the License is distributed on an "AS IS" BASIS,
    14. 

  14.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15. 

  15.    See the License for the specific language governing permissions and
    16. 

  16.    limitations under the License.
    17. 

  17. */
    18. 

  18. 

  19. package containerd
    20. 

  20. 

  21. import (
    22. 

  22. 	"context"
    23. 

  23. 	"errors"
    24. 

  24. 

  25. 	"github.com/containerd/containerd/runtime/linux/runctypes"
    26. 

  26. 	"github.com/containerd/containerd/runtime/v2/runc/options"
    27. 

  27. )
    28. 

  28. 

  29. // WithNoNewKeyring causes tasks not to be created with a new keyring for secret storage.
    30. 

  30. // There is an upper limit on the number of keyrings in a linux system
    31. 

  31. func WithNoNewKeyring(ctx context.Context, c *Client, ti *TaskInfo) error {
    32. 

  32. 	if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
    33. 

  33. 		if ti.Options == nil {
    34. 

  34. 			ti.Options = &options.Options{}
    35. 

  35. 		}
    36. 

  36. 		opts, ok := ti.Options.(*options.Options)
    37. 

  37. 		if !ok {
    38. 

  38. 			return errors.New("invalid v2 shim create options format")
    39. 

  39. 		}
    40. 

  40. 		opts.NoNewKeyring = true
    41. 

  41. 	} else {
    42. 

  42. 		if ti.Options == nil {
    43. 

  43. 			ti.Options = &runctypes.CreateOptions{}
    44. 

  44. 		}
    45. 

  45. 		opts, ok := ti.Options.(*runctypes.CreateOptions)
    46. 

  46. 		if !ok {
    47. 

  47. 			return errors.New("could not cast TaskInfo Options to CreateOptions")
    48. 

  48. 		}
    49. 

  49. 		opts.NoNewKeyring = true
    50. 

  50. 	}
    51. 

  51. 	return nil
    52. 

  52. }
    53. 

  53. 

  54. // WithNoPivotRoot instructs the runtime not to you pivot_root
    55. 

  55. func WithNoPivotRoot(_ context.Context, _ *Client, ti *TaskInfo) error {
    56. 

  56. 	if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
    57. 

  57. 		if ti.Options == nil {
    58. 

  58. 			ti.Options = &options.Options{}
    59. 

  59. 		}
    60. 

  60. 		opts, ok := ti.Options.(*options.Options)
    61. 

  61. 		if !ok {
    62. 

  62. 			return errors.New("invalid v2 shim create options format")
    63. 

  63. 		}
    64. 

  64. 		opts.NoPivotRoot = true
    65. 

  65. 	} else {
    66. 

  66. 		if ti.Options == nil {
    67. 

  67. 			ti.Options = &runctypes.CreateOptions{
    68. 

  68. 				NoPivotRoot: true,
    69. 

  69. 			}
    70. 

  70. 			return nil
    71. 

  71. 		}
    72. 

  72. 		opts, ok := ti.Options.(*runctypes.CreateOptions)
    73. 

  73. 		if !ok {
    74. 

  74. 			return errors.New("invalid options type, expected runctypes.CreateOptions")
    75. 

  75. 		}
    76. 

  76. 		opts.NoPivotRoot = true
    77. 

  77. 	}
    78. 

  78. 	return nil
    79. 

  79. }
    80. 

  80. 

  81. // WithShimCgroup sets the existing cgroup for the shim
    82. 

  82. func WithShimCgroup(path string) NewTaskOpts {
    83. 

  83. 	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
    84. 

  84. 		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
    85. 

  85. 			if ti.Options == nil {
    86. 

  86. 				ti.Options = &options.Options{}
    87. 

  87. 			}
    88. 

  88. 			opts, ok := ti.Options.(*options.Options)
    89. 

  89. 			if !ok {
    90. 

  90. 				return errors.New("invalid v2 shim create options format")
    91. 

  91. 			}
    92. 

  92. 			opts.ShimCgroup = path
    93. 

  93. 		} else {
    94. 

  94. 			if ti.Options == nil {
    95. 

  95. 				ti.Options = &runctypes.CreateOptions{}
    96. 

  96. 			}
    97. 

  97. 			opts, ok := ti.Options.(*runctypes.CreateOptions)
    98. 

  98. 			if !ok {
    99. 

  99. 				return errors.New("could not cast TaskInfo Options to CreateOptions")
    100. 

  100. 			}
    101. 

  101. 			opts.ShimCgroup = path
    102. 

  102. 		}
    103. 

  103. 		return nil
    104. 

  104. 	}
    105. 

  105. }
    106. 

  106. 

  107. // WithUIDOwner allows console I/O to work with the remapped UID in user namespace
    108. 

  108. func WithUIDOwner(uid uint32) NewTaskOpts {
    109. 

  109. 	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
    110. 

  110. 		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
    111. 

  111. 			if ti.Options == nil {
    112. 

  112. 				ti.Options = &options.Options{}
    113. 

  113. 			}
    114. 

  114. 			opts, ok := ti.Options.(*options.Options)
    115. 

  115. 			if !ok {
    116. 

  116. 				return errors.New("invalid v2 shim create options format")
    117. 

  117. 			}
    118. 

  118. 			opts.IoUid = uid
    119. 

  119. 		} else {
    120. 

  120. 			if ti.Options == nil {
    121. 

  121. 				ti.Options = &runctypes.CreateOptions{}
    122. 

  122. 			}
    123. 

  123. 			opts, ok := ti.Options.(*runctypes.CreateOptions)
    124. 

  124. 			if !ok {
    125. 

  125. 				return errors.New("could not cast TaskInfo Options to CreateOptions")
    126. 

  126. 			}
    127. 

  127. 			opts.IoUid = uid
    128. 

  128. 		}
    129. 

  129. 		return nil
    130. 

  130. 	}
    131. 

  131. }
    132. 

  132. 

  133. // WithGIDOwner allows console I/O to work with the remapped GID in user namespace
    134. 

  134. func WithGIDOwner(gid uint32) NewTaskOpts {
    135. 

  135. 	return func(ctx context.Context, c *Client, ti *TaskInfo) error {
    136. 

  136. 		if CheckRuntime(ti.Runtime(), "io.containerd.runc") {
    137. 

  137. 			if ti.Options == nil {
    138. 

  138. 				ti.Options = &options.Options{}
    139. 

  139. 			}
    140. 

  140. 			opts, ok := ti.Options.(*options.Options)
    141. 

  141. 			if !ok {
    142. 

  142. 				return errors.New("invalid v2 shim create options format")
    143. 

  143. 			}
    144. 

  144. 			opts.IoGid = gid
    145. 

  145. 		} else {
    146. 

  146. 			if ti.Options == nil {
    147. 

  147. 				ti.Options = &runctypes.CreateOptions{}
    148. 

  148. 			}
    149. 

  149. 			opts, ok := ti.Options.(*runctypes.CreateOptions)
    150. 

  150. 			if !ok {
    151. 

  151. 				return errors.New("could not cast TaskInfo Options to CreateOptions")
    152. 

  152. 			}
    153. 

  153. 			opts.IoGid = gid
    154. 

  154. 		}
    155. 

  155. 		return nil
    156. 

  156. 	}
    157. 

  157. }
    158.