From f633ad25dbed755e2000745f10cbe7279fb513d0 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Sun, 6 Nov 2016 15:49:24 -0800 Subject: [PATCH 1/3] generate: Move Generator.spec to Generator.Config This makes the attribute public, since quite a few config manipulations are easier using Go's types than they are via getter/setter/mutator methods. This also means that we can drop methods that are more awkward than direct access (although we'll want to keep methods that are more convenient than direct access). I haven't done any method-dropping in this commit though, aside from the getter/setter for the config itself. I'd called for this back when we started adding these methods [1], and Mrunal was sounding more positive about the public-attribute approach a few weeks ago [2]. I've also renamed this from "spec" to "config", because it is a config. I'm not sure why runtime-spec decided to call the main config.go type 'Spec' [3], but I don't think we should repeat that idiosyncrasy. [1]: https://github.com/opencontainers/runtime-tools/pull/137#issuecomment-234342815 [2]: https://github.com/opencontainers/runtime-tools/pull/253#issuecomment-255598378 [3]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc2/specs-go/config.go#L6 Signed-off-by: W. Trevor King --- cmd/oci-runtime-tool/generate.go | 4 +- generate/config.go | 67 +++++ generate/generate.go | 478 +++++++++++++++---------------- generate/spec.go | 67 ----- 4 files changed, 302 insertions(+), 314 deletions(-) create mode 100644 generate/config.go delete mode 100644 generate/spec.go diff --git a/cmd/oci-runtime-tool/generate.go b/cmd/oci-runtime-tool/generate.go index 3509a88f9..c5adca0f5 100644 --- a/cmd/oci-runtime-tool/generate.go +++ b/cmd/oci-runtime-tool/generate.go @@ -131,9 +131,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { g.HostSpecific = true } - spec := g.Spec() - - if len(spec.Version) == 0 { + if len(g.Config.Version) == 0 { g.SetVersion(rspec.Version) } diff --git a/generate/config.go b/generate/config.go new file mode 100644 index 000000000..5e5212b08 --- /dev/null +++ b/generate/config.go @@ -0,0 +1,67 @@ +package generate + +import ( + rspec "github.com/opencontainers/runtime-spec/specs-go" +) + +func (g *Generator) initConfig() { + if g.Config == nil { + g.Config = &rspec.Spec{} + } +} + +func (g *Generator) initConfigAnnotations() { + g.initConfig() + if g.Config.Annotations == nil { + g.Config.Annotations = make(map[string]string) + } +} + +func (g *Generator) initConfigLinux() { + g.initConfig() + if g.Config.Linux == nil { + g.Config.Linux = &rspec.Linux{} + } +} + +func (g *Generator) initConfigLinuxSysctl() { + g.initConfigLinux() + if g.Config.Linux.Sysctl == nil { + g.Config.Linux.Sysctl = make(map[string]string) + } +} + +func (g *Generator) initConfigLinuxSeccomp() { + g.initConfigLinux() + if g.Config.Linux.Seccomp == nil { + g.Config.Linux.Seccomp = &rspec.Seccomp{} + } +} + +func (g *Generator) initConfigLinuxResources() { + g.initConfigLinux() + if g.Config.Linux.Resources == nil { + g.Config.Linux.Resources = &rspec.Resources{} + } +} + +func (g *Generator) initConfigLinuxResourcesCPU() { + g.initConfigLinuxResources() + if g.Config.Linux.Resources.CPU == nil { + g.Config.Linux.Resources.CPU = &rspec.CPU{} + } +} + +func (g *Generator) initConfigLinuxResourcesMemory() { + g.initConfigLinuxResources() + if g.Config.Linux.Resources.Memory == nil { + g.Config.Linux.Resources.Memory = &rspec.Memory{} + } +} + +func (g *Generator) initConfigLinuxResourcesPids() { + g.initConfigLinuxResources() + if g.Config.Linux.Resources.Pids == nil { + g.Config.Linux.Resources.Pids = &rspec.Pids{} + } +} diff --git a/generate/generate.go b/generate/generate.go index bd8e4908b..5810bb333 100644 --- a/generate/generate.go +++ b/generate/generate.go @@ -19,9 +19,9 @@ var ( Namespaces = []string{"network", "pid", "mount", "ipc", "uts", "user", "cgroup"} ) -// Generator represents a generator for a container spec. +// Generator represents a generator for a container config. type Generator struct { - spec *rspec.Spec + Config *rspec.Spec HostSpecific bool } @@ -30,9 +30,9 @@ type ExportOptions struct { Seccomp bool // seccomp toggles if only seccomp should be exported } -// New creates a spec Generator with the default spec. +// New creates a config Generator with the default config. func New() Generator { - spec := rspec.Spec{ + config := rspec.Spec{ Version: rspec.Version, Platform: rspec.Platform{ OS: runtime.GOOS, @@ -145,20 +145,20 @@ func New() Generator { Devices: []rspec.Device{}, }, } - spec.Linux.Seccomp = seccomp.DefaultProfile(&spec) + config.Linux.Seccomp = seccomp.DefaultProfile(&config) return Generator{ - spec: &spec, + Config: &config, } } -// NewFromSpec creates a spec Generator from a given spec. -func NewFromSpec(spec *rspec.Spec) Generator { +// NewFromConfig creates a config Generator from a given config. +func NewFromConfig(config *rspec.Spec) Generator { return Generator{ - spec: spec, + Config: config, } } -// NewFromFile loads the template specifed in a file into a spec Generator. +// NewFromFile loads the template specifed in a file into a config Generator. func NewFromFile(path string) (Generator, error) { cf, err := os.Open(path) if err != nil { @@ -171,35 +171,25 @@ func NewFromFile(path string) (Generator, error) { return NewFromTemplate(cf) } -// NewFromTemplate loads the template from io.Reader into a spec Generator. +// NewFromTemplate loads the template from io.Reader into a config Generator. func NewFromTemplate(r io.Reader) (Generator, error) { - var spec rspec.Spec - if err := json.NewDecoder(r).Decode(&spec); err != nil { + var config rspec.Spec + if err := json.NewDecoder(r).Decode(&config); err != nil { return Generator{}, err } return Generator{ - spec: &spec, + Config: &config, }, nil } -// SetSpec sets the spec in the Generator g. -func (g *Generator) SetSpec(spec *rspec.Spec) { - g.spec = spec -} - -// Spec gets the spec in the Generator g. -func (g *Generator) Spec() *rspec.Spec { - return g.spec -} - -// Save writes the spec into w. +// Save writes the config into w. func (g *Generator) Save(w io.Writer, exportOpts ExportOptions) (err error) { var data []byte if exportOpts.Seccomp { - data, err = json.MarshalIndent(g.spec.Linux.Seccomp, "", "\t") + data, err = json.MarshalIndent(g.Config.Linux.Seccomp, "", "\t") } else { - data, err = json.MarshalIndent(g.spec, "", "\t") + data, err = json.MarshalIndent(g.Config, "", "\t") } if err != nil { return err @@ -213,7 +203,7 @@ func (g *Generator) Save(w io.Writer, exportOpts ExportOptions) (err error) { return nil } -// SaveToFile writes the spec into a file. +// SaveToFile writes the config into a file. func (g *Generator) SaveToFile(path string, exportOpts ExportOptions) error { f, err := os.Create(path) if err != nil { @@ -223,284 +213,284 @@ func (g *Generator) SaveToFile(path string, exportOpts ExportOptions) error { return g.Save(f, exportOpts) } -// SetVersion sets g.spec.Version. +// SetVersion sets g.Config.Version. func (g *Generator) SetVersion(version string) { - g.initSpec() - g.spec.Version = version + g.initConfig() + g.Config.Version = version } -// SetRootPath sets g.spec.Root.Path. +// SetRootPath sets g.Config.Root.Path. func (g *Generator) SetRootPath(path string) { - g.initSpec() - g.spec.Root.Path = path + g.initConfig() + g.Config.Root.Path = path } -// SetRootReadonly sets g.spec.Root.Readonly. +// SetRootReadonly sets g.Config.Root.Readonly. func (g *Generator) SetRootReadonly(b bool) { - g.initSpec() - g.spec.Root.Readonly = b + g.initConfig() + g.Config.Root.Readonly = b } -// SetHostname sets g.spec.Hostname. +// SetHostname sets g.Config.Hostname. func (g *Generator) SetHostname(s string) { - g.initSpec() - g.spec.Hostname = s + g.initConfig() + g.Config.Hostname = s } -// ClearAnnotations clears g.spec.Annotations. +// ClearAnnotations clears g.Config.Annotations. func (g *Generator) ClearAnnotations() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Annotations = make(map[string]string) + g.Config.Annotations = make(map[string]string) } -// AddAnnotation adds an annotation into g.spec.Annotations. +// AddAnnotation adds an annotation into g.Config.Annotations. func (g *Generator) AddAnnotation(key, value string) { - g.initSpecAnnotations() - g.spec.Annotations[key] = value + g.initConfigAnnotations() + g.Config.Annotations[key] = value } -// RemoveAnnotation remove an annotation from g.spec.Annotations. +// RemoveAnnotation remove an annotation from g.Config.Annotations. func (g *Generator) RemoveAnnotation(key string) { - if g.spec == nil || g.spec.Annotations == nil { + if g.Config == nil || g.Config.Annotations == nil { return } - delete(g.spec.Annotations, key) + delete(g.Config.Annotations, key) } -// SetPlatformOS sets g.spec.Process.OS. +// SetPlatformOS sets g.Config.Process.OS. func (g *Generator) SetPlatformOS(os string) { - g.initSpec() - g.spec.Platform.OS = os + g.initConfig() + g.Config.Platform.OS = os } -// SetPlatformArch sets g.spec.Platform.Arch. +// SetPlatformArch sets g.Config.Platform.Arch. func (g *Generator) SetPlatformArch(arch string) { - g.initSpec() - g.spec.Platform.Arch = arch + g.initConfig() + g.Config.Platform.Arch = arch } -// SetProcessUID sets g.spec.Process.User.UID. +// SetProcessUID sets g.Config.Process.User.UID. func (g *Generator) SetProcessUID(uid uint32) { - g.initSpec() - g.spec.Process.User.UID = uid + g.initConfig() + g.Config.Process.User.UID = uid } -// SetProcessGID sets g.spec.Process.User.GID. +// SetProcessGID sets g.Config.Process.User.GID. func (g *Generator) SetProcessGID(gid uint32) { - g.initSpec() - g.spec.Process.User.GID = gid + g.initConfig() + g.Config.Process.User.GID = gid } -// SetProcessCwd sets g.spec.Process.Cwd. +// SetProcessCwd sets g.Config.Process.Cwd. func (g *Generator) SetProcessCwd(cwd string) { - g.initSpec() - g.spec.Process.Cwd = cwd + g.initConfig() + g.Config.Process.Cwd = cwd } -// SetProcessNoNewPrivileges sets g.spec.Process.NoNewPrivileges. +// SetProcessNoNewPrivileges sets g.Config.Process.NoNewPrivileges. func (g *Generator) SetProcessNoNewPrivileges(b bool) { - g.initSpec() - g.spec.Process.NoNewPrivileges = b + g.initConfig() + g.Config.Process.NoNewPrivileges = b } -// SetProcessTerminal sets g.spec.Process.Terminal. +// SetProcessTerminal sets g.Config.Process.Terminal. func (g *Generator) SetProcessTerminal(b bool) { - g.initSpec() - g.spec.Process.Terminal = b + g.initConfig() + g.Config.Process.Terminal = b } -// SetProcessApparmorProfile sets g.spec.Process.ApparmorProfile. +// SetProcessApparmorProfile sets g.Config.Process.ApparmorProfile. func (g *Generator) SetProcessApparmorProfile(prof string) { - g.initSpec() - g.spec.Process.ApparmorProfile = prof + g.initConfig() + g.Config.Process.ApparmorProfile = prof } -// SetProcessArgs sets g.spec.Process.Args. +// SetProcessArgs sets g.Config.Process.Args. func (g *Generator) SetProcessArgs(args []string) { - g.initSpec() - g.spec.Process.Args = args + g.initConfig() + g.Config.Process.Args = args } -// ClearProcessEnv clears g.spec.Process.Env. +// ClearProcessEnv clears g.Config.Process.Env. func (g *Generator) ClearProcessEnv() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Process.Env = []string{} + g.Config.Process.Env = []string{} } -// AddProcessEnv adds env into g.spec.Process.Env. +// AddProcessEnv adds env into g.Config.Process.Env. func (g *Generator) AddProcessEnv(env string) { - g.initSpec() - g.spec.Process.Env = append(g.spec.Process.Env, env) + g.initConfig() + g.Config.Process.Env = append(g.Config.Process.Env, env) } -// ClearProcessAdditionalGids clear g.spec.Process.AdditionalGids. +// ClearProcessAdditionalGids clear g.Config.Process.AdditionalGids. func (g *Generator) ClearProcessAdditionalGids() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Process.User.AdditionalGids = []uint32{} + g.Config.Process.User.AdditionalGids = []uint32{} } -// AddProcessAdditionalGid adds an additional gid into g.spec.Process.AdditionalGids. +// AddProcessAdditionalGid adds an additional gid into g.Config.Process.AdditionalGids. func (g *Generator) AddProcessAdditionalGid(gid uint32) { - g.initSpec() - for _, group := range g.spec.Process.User.AdditionalGids { + g.initConfig() + for _, group := range g.Config.Process.User.AdditionalGids { if group == gid { return } } - g.spec.Process.User.AdditionalGids = append(g.spec.Process.User.AdditionalGids, gid) + g.Config.Process.User.AdditionalGids = append(g.Config.Process.User.AdditionalGids, gid) } -// SetProcessSelinuxLabel sets g.spec.Process.SelinuxLabel. +// SetProcessSelinuxLabel sets g.Config.Process.SelinuxLabel. func (g *Generator) SetProcessSelinuxLabel(label string) { - g.initSpec() - g.spec.Process.SelinuxLabel = label + g.initConfig() + g.Config.Process.SelinuxLabel = label } -// SetLinuxCgroupsPath sets g.spec.Linux.CgroupsPath. +// SetLinuxCgroupsPath sets g.Config.Linux.CgroupsPath. func (g *Generator) SetLinuxCgroupsPath(path string) { - g.initSpecLinux() - g.spec.Linux.CgroupsPath = strPtr(path) + g.initConfigLinux() + g.Config.Linux.CgroupsPath = strPtr(path) } -// SetLinuxMountLabel sets g.spec.Linux.MountLabel. +// SetLinuxMountLabel sets g.Config.Linux.MountLabel. func (g *Generator) SetLinuxMountLabel(label string) { - g.initSpecLinux() - g.spec.Linux.MountLabel = label + g.initConfigLinux() + g.Config.Linux.MountLabel = label } -// SetLinuxResourcesDisableOOMKiller sets g.spec.Linux.Resources.DisableOOMKiller. +// SetLinuxResourcesDisableOOMKiller sets g.Config.Linux.Resources.DisableOOMKiller. func (g *Generator) SetLinuxResourcesDisableOOMKiller(disable bool) { - g.initSpecLinuxResources() - g.spec.Linux.Resources.DisableOOMKiller = &disable + g.initConfigLinuxResources() + g.Config.Linux.Resources.DisableOOMKiller = &disable } -// SetLinuxResourcesOOMScoreAdj sets g.spec.Linux.Resources.OOMScoreAdj. +// SetLinuxResourcesOOMScoreAdj sets g.Config.Linux.Resources.OOMScoreAdj. func (g *Generator) SetLinuxResourcesOOMScoreAdj(adj int) { - g.initSpecLinuxResources() - g.spec.Linux.Resources.OOMScoreAdj = &adj + g.initConfigLinuxResources() + g.Config.Linux.Resources.OOMScoreAdj = &adj } -// SetLinuxResourcesCPUShares sets g.spec.Linux.Resources.CPU.Shares. +// SetLinuxResourcesCPUShares sets g.Config.Linux.Resources.CPU.Shares. func (g *Generator) SetLinuxResourcesCPUShares(shares uint64) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.Shares = &shares + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.Shares = &shares } -// SetLinuxResourcesCPUQuota sets g.spec.Linux.Resources.CPU.Quota. +// SetLinuxResourcesCPUQuota sets g.Config.Linux.Resources.CPU.Quota. func (g *Generator) SetLinuxResourcesCPUQuota(quota uint64) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.Quota = "a + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.Quota = "a } -// SetLinuxResourcesCPUPeriod sets g.spec.Linux.Resources.CPU.Period. +// SetLinuxResourcesCPUPeriod sets g.Config.Linux.Resources.CPU.Period. func (g *Generator) SetLinuxResourcesCPUPeriod(period uint64) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.Period = &period + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.Period = &period } -// SetLinuxResourcesCPURealtimeRuntime sets g.spec.Linux.Resources.CPU.RealtimeRuntime. +// SetLinuxResourcesCPURealtimeRuntime sets g.Config.Linux.Resources.CPU.RealtimeRuntime. func (g *Generator) SetLinuxResourcesCPURealtimeRuntime(time uint64) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.RealtimeRuntime = &time + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.RealtimeRuntime = &time } -// SetLinuxResourcesCPURealtimePeriod sets g.spec.Linux.Resources.CPU.RealtimePeriod. +// SetLinuxResourcesCPURealtimePeriod sets g.Config.Linux.Resources.CPU.RealtimePeriod. func (g *Generator) SetLinuxResourcesCPURealtimePeriod(period uint64) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.RealtimePeriod = &period + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.RealtimePeriod = &period } -// SetLinuxResourcesCPUCpus sets g.spec.Linux.Resources.CPU.Cpus. +// SetLinuxResourcesCPUCpus sets g.Config.Linux.Resources.CPU.Cpus. func (g *Generator) SetLinuxResourcesCPUCpus(cpus string) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.Cpus = &cpus + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.Cpus = &cpus } -// SetLinuxResourcesCPUMems sets g.spec.Linux.Resources.CPU.Mems. +// SetLinuxResourcesCPUMems sets g.Config.Linux.Resources.CPU.Mems. func (g *Generator) SetLinuxResourcesCPUMems(mems string) { - g.initSpecLinuxResourcesCPU() - g.spec.Linux.Resources.CPU.Mems = &mems + g.initConfigLinuxResourcesCPU() + g.Config.Linux.Resources.CPU.Mems = &mems } -// SetLinuxResourcesMemoryLimit sets g.spec.Linux.Resources.Memory.Limit. +// SetLinuxResourcesMemoryLimit sets g.Config.Linux.Resources.Memory.Limit. func (g *Generator) SetLinuxResourcesMemoryLimit(limit uint64) { - g.initSpecLinuxResourcesMemory() - g.spec.Linux.Resources.Memory.Limit = &limit + g.initConfigLinuxResourcesMemory() + g.Config.Linux.Resources.Memory.Limit = &limit } -// SetLinuxResourcesMemoryReservation sets g.spec.Linux.Resources.Memory.Reservation. +// SetLinuxResourcesMemoryReservation sets g.Config.Linux.Resources.Memory.Reservation. func (g *Generator) SetLinuxResourcesMemoryReservation(reservation uint64) { - g.initSpecLinuxResourcesMemory() - g.spec.Linux.Resources.Memory.Reservation = &reservation + g.initConfigLinuxResourcesMemory() + g.Config.Linux.Resources.Memory.Reservation = &reservation } -// SetLinuxResourcesMemorySwap sets g.spec.Linux.Resources.Memory.Swap. +// SetLinuxResourcesMemorySwap sets g.Config.Linux.Resources.Memory.Swap. func (g *Generator) SetLinuxResourcesMemorySwap(swap uint64) { - g.initSpecLinuxResourcesMemory() - g.spec.Linux.Resources.Memory.Swap = &swap + g.initConfigLinuxResourcesMemory() + g.Config.Linux.Resources.Memory.Swap = &swap } -// SetLinuxResourcesMemoryKernel sets g.spec.Linux.Resources.Memory.Kernel. +// SetLinuxResourcesMemoryKernel sets g.Config.Linux.Resources.Memory.Kernel. func (g *Generator) SetLinuxResourcesMemoryKernel(kernel uint64) { - g.initSpecLinuxResourcesMemory() - g.spec.Linux.Resources.Memory.Kernel = &kernel + g.initConfigLinuxResourcesMemory() + g.Config.Linux.Resources.Memory.Kernel = &kernel } -// SetLinuxResourcesMemoryKernelTCP sets g.spec.Linux.Resources.Memory.KernelTCP. +// SetLinuxResourcesMemoryKernelTCP sets g.Config.Linux.Resources.Memory.KernelTCP. func (g *Generator) SetLinuxResourcesMemoryKernelTCP(kernelTCP uint64) { - g.initSpecLinuxResourcesMemory() - g.spec.Linux.Resources.Memory.KernelTCP = &kernelTCP + g.initConfigLinuxResourcesMemory() + g.Config.Linux.Resources.Memory.KernelTCP = &kernelTCP } -// SetLinuxResourcesMemorySwappiness sets g.spec.Linux.Resources.Memory.Swappiness. +// SetLinuxResourcesMemorySwappiness sets g.Config.Linux.Resources.Memory.Swappiness. func (g *Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64) { - g.initSpecLinuxResourcesMemory() - g.spec.Linux.Resources.Memory.Swappiness = &swappiness + g.initConfigLinuxResourcesMemory() + g.Config.Linux.Resources.Memory.Swappiness = &swappiness } -// SetLinuxResourcesPidsLimit sets g.spec.Linux.Resources.Pids.Limit. +// SetLinuxResourcesPidsLimit sets g.Config.Linux.Resources.Pids.Limit. func (g *Generator) SetLinuxResourcesPidsLimit(limit int64) { - g.initSpecLinuxResourcesPids() - g.spec.Linux.Resources.Pids.Limit = &limit + g.initConfigLinuxResourcesPids() + g.Config.Linux.Resources.Pids.Limit = &limit } -// ClearLinuxSysctl clears g.spec.Linux.Sysctl. +// ClearLinuxSysctl clears g.Config.Linux.Sysctl. func (g *Generator) ClearLinuxSysctl() { - if g.spec == nil || g.spec.Linux == nil { + if g.Config == nil || g.Config.Linux == nil { return } - g.spec.Linux.Sysctl = make(map[string]string) + g.Config.Linux.Sysctl = make(map[string]string) } -// AddLinuxSysctl adds a new sysctl config into g.spec.Linux.Sysctl. +// AddLinuxSysctl adds a new sysctl config into g.Config.Linux.Sysctl. func (g *Generator) AddLinuxSysctl(key, value string) { - g.initSpecLinuxSysctl() - g.spec.Linux.Sysctl[key] = value + g.initConfigLinuxSysctl() + g.Config.Linux.Sysctl[key] = value } -// RemoveLinuxSysctl removes a sysctl config from g.spec.Linux.Sysctl. +// RemoveLinuxSysctl removes a sysctl config from g.Config.Linux.Sysctl. func (g *Generator) RemoveLinuxSysctl(key string) { - if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Sysctl == nil { + if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Sysctl == nil { return } - delete(g.spec.Linux.Sysctl, key) + delete(g.Config.Linux.Sysctl, key) } -// ClearLinuxUIDMappings clear g.spec.Linux.UIDMappings. +// ClearLinuxUIDMappings clear g.Config.Linux.UIDMappings. func (g *Generator) ClearLinuxUIDMappings() { - if g.spec == nil || g.spec.Linux == nil { + if g.Config == nil || g.Config.Linux == nil { return } - g.spec.Linux.UIDMappings = []rspec.IDMapping{} + g.Config.Linux.UIDMappings = []rspec.IDMapping{} } -// AddLinuxUIDMapping adds uidMap into g.spec.Linux.UIDMappings. +// AddLinuxUIDMapping adds uidMap into g.Config.Linux.UIDMappings. func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32) { idMapping := rspec.IDMapping{ HostID: hid, @@ -508,19 +498,19 @@ func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32) { Size: size, } - g.initSpecLinux() - g.spec.Linux.UIDMappings = append(g.spec.Linux.UIDMappings, idMapping) + g.initConfigLinux() + g.Config.Linux.UIDMappings = append(g.Config.Linux.UIDMappings, idMapping) } -// ClearLinuxGIDMappings clear g.spec.Linux.GIDMappings. +// ClearLinuxGIDMappings clear g.Config.Linux.GIDMappings. func (g *Generator) ClearLinuxGIDMappings() { - if g.spec == nil || g.spec.Linux == nil { + if g.Config == nil || g.Config.Linux == nil { return } - g.spec.Linux.GIDMappings = []rspec.IDMapping{} + g.Config.Linux.GIDMappings = []rspec.IDMapping{} } -// AddLinuxGIDMapping adds gidMap into g.spec.Linux.GIDMappings. +// AddLinuxGIDMapping adds gidMap into g.Config.Linux.GIDMappings. func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32) { idMapping := rspec.IDMapping{ HostID: hid, @@ -528,11 +518,11 @@ func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32) { Size: size, } - g.initSpecLinux() - g.spec.Linux.GIDMappings = append(g.spec.Linux.GIDMappings, idMapping) + g.initConfigLinux() + g.Config.Linux.GIDMappings = append(g.Config.Linux.GIDMappings, idMapping) } -// SetLinuxRootPropagation sets g.spec.Linux.RootfsPropagation. +// SetLinuxRootPropagation sets g.Config.Linux.RootfsPropagation. func (g *Generator) SetLinuxRootPropagation(rp string) error { switch rp { case "": @@ -545,57 +535,57 @@ func (g *Generator) SetLinuxRootPropagation(rp string) error { default: return fmt.Errorf("rootfs-propagation must be empty or one of private|rprivate|slave|rslave|shared|rshared") } - g.initSpecLinux() - g.spec.Linux.RootfsPropagation = rp + g.initConfigLinux() + g.Config.Linux.RootfsPropagation = rp return nil } -// ClearPreStartHooks clear g.spec.Hooks.Prestart. +// ClearPreStartHooks clear g.Config.Hooks.Prestart. func (g *Generator) ClearPreStartHooks() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Hooks.Prestart = []rspec.Hook{} + g.Config.Hooks.Prestart = []rspec.Hook{} } -// AddPreStartHook add a prestart hook into g.spec.Hooks.Prestart. +// AddPreStartHook add a prestart hook into g.Config.Hooks.Prestart. func (g *Generator) AddPreStartHook(path string, args []string) { - g.initSpec() + g.initConfig() hook := rspec.Hook{Path: path, Args: args} - g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) + g.Config.Hooks.Prestart = append(g.Config.Hooks.Prestart, hook) } -// ClearPostStopHooks clear g.spec.Hooks.Poststop. +// ClearPostStopHooks clear g.Config.Hooks.Poststop. func (g *Generator) ClearPostStopHooks() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Hooks.Poststop = []rspec.Hook{} + g.Config.Hooks.Poststop = []rspec.Hook{} } -// AddPostStopHook adds a poststop hook into g.spec.Hooks.Poststop. +// AddPostStopHook adds a poststop hook into g.Config.Hooks.Poststop. func (g *Generator) AddPostStopHook(path string, args []string) { - g.initSpec() + g.initConfig() hook := rspec.Hook{Path: path, Args: args} - g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) + g.Config.Hooks.Poststop = append(g.Config.Hooks.Poststop, hook) } -// ClearPostStartHooks clear g.spec.Hooks.Poststart. +// ClearPostStartHooks clear g.Config.Hooks.Poststart. func (g *Generator) ClearPostStartHooks() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Hooks.Poststart = []rspec.Hook{} + g.Config.Hooks.Poststart = []rspec.Hook{} } -// AddPostStartHook adds a poststart hook into g.spec.Hooks.Poststart. +// AddPostStartHook adds a poststart hook into g.Config.Hooks.Poststart. func (g *Generator) AddPostStartHook(path string, args []string) { - g.initSpec() + g.initConfig() hook := rspec.Hook{Path: path, Args: args} - g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) + g.Config.Hooks.Poststart = append(g.Config.Hooks.Poststart, hook) } -// AddTmpfsMount adds a tmpfs mount into g.spec.Mounts. +// AddTmpfsMount adds a tmpfs mount into g.Config.Mounts. func (g *Generator) AddTmpfsMount(dest string, options []string) { mnt := rspec.Mount{ Destination: dest, @@ -604,11 +594,11 @@ func (g *Generator) AddTmpfsMount(dest string, options []string) { Options: options, } - g.initSpec() - g.spec.Mounts = append(g.spec.Mounts, mnt) + g.initConfig() + g.Config.Mounts = append(g.Config.Mounts, mnt) } -// AddCgroupsMount adds a cgroup mount into g.spec.Mounts. +// AddCgroupsMount adds a cgroup mount into g.Config.Mounts. func (g *Generator) AddCgroupsMount(mountCgroupOption string) error { switch mountCgroupOption { case "ro": @@ -626,13 +616,13 @@ func (g *Generator) AddCgroupsMount(mountCgroupOption string) error { Source: "cgroup", Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption}, } - g.initSpec() - g.spec.Mounts = append(g.spec.Mounts, mnt) + g.initConfig() + g.Config.Mounts = append(g.Config.Mounts, mnt) return nil } -// AddBindMount adds a bind mount into g.spec.Mounts. +// AddBindMount adds a bind mount into g.Config.Mounts. func (g *Generator) AddBindMount(source, dest, options string) { if options == "" { options = "ro" @@ -646,11 +636,11 @@ func (g *Generator) AddBindMount(source, dest, options string) { Source: source, Options: append(defaultOptions, options), } - g.initSpec() - g.spec.Mounts = append(g.spec.Mounts, mnt) + g.initConfig() + g.Config.Mounts = append(g.Config.Mounts, mnt) } -// SetupPrivileged sets up the priviledge-related fields inside g.spec. +// SetupPrivileged sets up the priviledge-related fields inside g.Config. func (g *Generator) SetupPrivileged(privileged bool) { if privileged { // Add all capabilities in privileged mode. @@ -661,11 +651,11 @@ func (g *Generator) SetupPrivileged(privileged bool) { } finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))) } - g.initSpecLinux() - g.spec.Process.Capabilities = finalCapList - g.spec.Process.SelinuxLabel = "" - g.spec.Process.ApparmorProfile = "" - g.spec.Linux.Seccomp = nil + g.initConfigLinux() + g.Config.Process.Capabilities = finalCapList + g.Config.Process.SelinuxLabel = "" + g.Config.Process.ApparmorProfile = "" + g.Config.Linux.Seccomp = nil } } @@ -699,15 +689,15 @@ func checkCap(c string, hostSpecific bool) error { return nil } -// ClearProcessCapabilities clear g.spec.Process.Capabilities. +// ClearProcessCapabilities clear g.Config.Process.Capabilities. func (g *Generator) ClearProcessCapabilities() { - if g.spec == nil { + if g.Config == nil { return } - g.spec.Process.Capabilities = []string{} + g.Config.Process.Capabilities = []string{} } -// AddProcessCapability adds a process capability into g.spec.Process.Capabilities. +// AddProcessCapability adds a process capability into g.Config.Process.Capabilities. func (g *Generator) AddProcessCapability(c string) error { if err := checkCap(c, g.HostSpecific); err != nil { return err @@ -715,18 +705,18 @@ func (g *Generator) AddProcessCapability(c string) error { cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c)) - g.initSpec() - for _, cap := range g.spec.Process.Capabilities { + g.initConfig() + for _, cap := range g.Config.Process.Capabilities { if strings.ToUpper(cap) == cp { return nil } } - g.spec.Process.Capabilities = append(g.spec.Process.Capabilities, cp) + g.Config.Process.Capabilities = append(g.Config.Process.Capabilities, cp) return nil } -// DropProcessCapability drops a process capability from g.spec.Process.Capabilities. +// DropProcessCapability drops a process capability from g.Config.Process.Capabilities. func (g *Generator) DropProcessCapability(c string) error { if err := checkCap(c, g.HostSpecific); err != nil { return err @@ -734,10 +724,10 @@ func (g *Generator) DropProcessCapability(c string) error { cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c)) - g.initSpec() - for i, cap := range g.spec.Process.Capabilities { + g.initConfig() + for i, cap := range g.Config.Process.Capabilities { if strings.ToUpper(cap) == cp { - g.spec.Process.Capabilities = append(g.spec.Process.Capabilities[:i], g.spec.Process.Capabilities[i+1:]...) + g.Config.Process.Capabilities = append(g.Config.Process.Capabilities[:i], g.Config.Process.Capabilities[i+1:]...) return nil } } @@ -766,46 +756,46 @@ func mapStrToNamespace(ns string, path string) (rspec.Namespace, error) { } } -// ClearLinuxNamespaces clear g.spec.Linux.Namespaces. +// ClearLinuxNamespaces clear g.Config.Linux.Namespaces. func (g *Generator) ClearLinuxNamespaces() { - if g.spec == nil || g.spec.Linux == nil { + if g.Config == nil || g.Config.Linux == nil { return } - g.spec.Linux.Namespaces = []rspec.Namespace{} + g.Config.Linux.Namespaces = []rspec.Namespace{} } // AddOrReplaceLinuxNamespace adds or replaces a namespace inside -// g.spec.Linux.Namespaces. +// g.Config.Linux.Namespaces. func (g *Generator) AddOrReplaceLinuxNamespace(ns string, path string) error { namespace, err := mapStrToNamespace(ns, path) if err != nil { return err } - g.initSpecLinux() - for i, ns := range g.spec.Linux.Namespaces { + g.initConfigLinux() + for i, ns := range g.Config.Linux.Namespaces { if ns.Type == namespace.Type { - g.spec.Linux.Namespaces[i] = namespace + g.Config.Linux.Namespaces[i] = namespace return nil } } - g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces, namespace) + g.Config.Linux.Namespaces = append(g.Config.Linux.Namespaces, namespace) return nil } -// RemoveLinuxNamespace removes a namespace from g.spec.Linux.Namespaces. +// RemoveLinuxNamespace removes a namespace from g.Config.Linux.Namespaces. func (g *Generator) RemoveLinuxNamespace(ns string) error { namespace, err := mapStrToNamespace(ns, "") if err != nil { return err } - if g.spec == nil || g.spec.Linux == nil { + if g.Config == nil || g.Config.Linux == nil { return nil } - for i, ns := range g.spec.Linux.Namespaces { + for i, ns := range g.Config.Linux.Namespaces { if ns.Type == namespace.Type { - g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces[:i], g.spec.Linux.Namespaces[i+1:]...) + g.Config.Linux.Namespaces = append(g.Config.Linux.Namespaces[:i], g.Config.Linux.Namespaces[i+1:]...) return nil } } @@ -817,49 +807,49 @@ func strPtr(s string) *string { return &s } // SetSyscallAction adds rules for syscalls with the specified action func (g *Generator) SetSyscallAction(arguments seccomp.SyscallOpts) error { - g.initSpecLinuxSeccomp() - return seccomp.ParseSyscallFlag(arguments, g.spec.Linux.Seccomp) + g.initConfigLinuxSeccomp() + return seccomp.ParseSyscallFlag(arguments, g.Config.Linux.Seccomp) } // SetDefaultSeccompAction sets the default action for all syscalls not defined // and then removes any syscall rules with this action already specified. func (g *Generator) SetDefaultSeccompAction(action string) error { - g.initSpecLinuxSeccomp() - return seccomp.ParseDefaultAction(action, g.spec.Linux.Seccomp) + g.initConfigLinuxSeccomp() + return seccomp.ParseDefaultAction(action, g.Config.Linux.Seccomp) } // SetDefaultSeccompActionForce only sets the default action for all syscalls not defined func (g *Generator) SetDefaultSeccompActionForce(action string) error { - g.initSpecLinuxSeccomp() - return seccomp.ParseDefaultActionForce(action, g.spec.Linux.Seccomp) + g.initConfigLinuxSeccomp() + return seccomp.ParseDefaultActionForce(action, g.Config.Linux.Seccomp) } // SetSeccompArchitecture sets the supported seccomp architectures func (g *Generator) SetSeccompArchitecture(architecture string) error { - g.initSpecLinuxSeccomp() - return seccomp.ParseArchitectureFlag(architecture, g.spec.Linux.Seccomp) + g.initConfigLinuxSeccomp() + return seccomp.ParseArchitectureFlag(architecture, g.Config.Linux.Seccomp) } // RemoveSeccompRule removes rules for any specified syscalls func (g *Generator) RemoveSeccompRule(arguments string) error { - g.initSpecLinuxSeccomp() - return seccomp.RemoveAction(arguments, g.spec.Linux.Seccomp) + g.initConfigLinuxSeccomp() + return seccomp.RemoveAction(arguments, g.Config.Linux.Seccomp) } // RemoveAllSeccompRules removes all syscall rules func (g *Generator) RemoveAllSeccompRules() error { - g.initSpecLinuxSeccomp() - return seccomp.RemoveAllSeccompRules(g.spec.Linux.Seccomp) + g.initConfigLinuxSeccomp() + return seccomp.RemoveAllSeccompRules(g.Config.Linux.Seccomp) } -// AddLinuxMaskedPaths adds masked paths into g.spec.Linux.MaskedPaths. +// AddLinuxMaskedPaths adds masked paths into g.Config.Linux.MaskedPaths. func (g *Generator) AddLinuxMaskedPaths(path string) { - g.initSpecLinux() - g.spec.Linux.MaskedPaths = append(g.spec.Linux.MaskedPaths, path) + g.initConfigLinux() + g.Config.Linux.MaskedPaths = append(g.Config.Linux.MaskedPaths, path) } -// AddLinuxReadonlyPaths adds readonly paths into g.spec.Linux.MaskedPaths. +// AddLinuxReadonlyPaths adds readonly paths into g.Config.Linux.MaskedPaths. func (g *Generator) AddLinuxReadonlyPaths(path string) { - g.initSpecLinux() - g.spec.Linux.ReadonlyPaths = append(g.spec.Linux.ReadonlyPaths, path) + g.initConfigLinux() + g.Config.Linux.ReadonlyPaths = append(g.Config.Linux.ReadonlyPaths, path) } diff --git a/generate/spec.go b/generate/spec.go deleted file mode 100644 index 5711699c5..000000000 --- a/generate/spec.go +++ /dev/null @@ -1,67 +0,0 @@ -package generate - -import ( - rspec "github.com/opencontainers/runtime-spec/specs-go" -) - -func (g *Generator) initSpec() { - if g.spec == nil { - g.spec = &rspec.Spec{} - } -} - -func (g *Generator) initSpecAnnotations() { - g.initSpec() - if g.spec.Annotations == nil { - g.spec.Annotations = make(map[string]string) - } -} - -func (g *Generator) initSpecLinux() { - g.initSpec() - if g.spec.Linux == nil { - g.spec.Linux = &rspec.Linux{} - } -} - -func (g *Generator) initSpecLinuxSysctl() { - g.initSpecLinux() - if g.spec.Linux.Sysctl == nil { - g.spec.Linux.Sysctl = make(map[string]string) - } -} - -func (g *Generator) initSpecLinuxSeccomp() { - g.initSpecLinux() - if g.spec.Linux.Seccomp == nil { - g.spec.Linux.Seccomp = &rspec.Seccomp{} - } -} - -func (g *Generator) initSpecLinuxResources() { - g.initSpecLinux() - if g.spec.Linux.Resources == nil { - g.spec.Linux.Resources = &rspec.Resources{} - } -} - -func (g *Generator) initSpecLinuxResourcesCPU() { - g.initSpecLinuxResources() - if g.spec.Linux.Resources.CPU == nil { - g.spec.Linux.Resources.CPU = &rspec.CPU{} - } -} - -func (g *Generator) initSpecLinuxResourcesMemory() { - g.initSpecLinuxResources() - if g.spec.Linux.Resources.Memory == nil { - g.spec.Linux.Resources.Memory = &rspec.Memory{} - } -} - -func (g *Generator) initSpecLinuxResourcesPids() { - g.initSpecLinuxResources() - if g.spec.Linux.Resources.Pids == nil { - g.spec.Linux.Resources.Pids = &rspec.Pids{} - } -} From 82d7a69b185d088fff38a3ee64af7e8be9f58b43 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Mon, 7 Nov 2016 22:12:23 -0800 Subject: [PATCH 2/3] generate: Remove trivial methods and expose pointer-init methods In most cases it's easier for the user to mutate Generator.Config directly, and exposing the pointer-property initializers lets them do that easily. Signed-off-by: W. Trevor King --- generate/config.go | 37 ++-- generate/generate.go | 512 +++---------------------------------------- 2 files changed, 49 insertions(+), 500 deletions(-) diff --git a/generate/config.go b/generate/config.go index 5e5212b08..b5fe532e5 100644 --- a/generate/config.go +++ b/generate/config.go @@ -4,63 +4,56 @@ import ( rspec "github.com/opencontainers/runtime-spec/specs-go" ) -func (g *Generator) initConfig() { +func (g *Generator) InitConfig() { if g.Config == nil { g.Config = &rspec.Spec{} } } -func (g *Generator) initConfigAnnotations() { - g.initConfig() +func (g *Generator) InitConfigAnnotations() { + g.InitConfig() if g.Config.Annotations == nil { g.Config.Annotations = make(map[string]string) } } -func (g *Generator) initConfigLinux() { - g.initConfig() +func (g *Generator) InitConfigLinux() { + g.InitConfig() if g.Config.Linux == nil { g.Config.Linux = &rspec.Linux{} } } -func (g *Generator) initConfigLinuxSysctl() { - g.initConfigLinux() - if g.Config.Linux.Sysctl == nil { - g.Config.Linux.Sysctl = make(map[string]string) - } -} - -func (g *Generator) initConfigLinuxSeccomp() { - g.initConfigLinux() +func (g *Generator) InitConfigLinuxSeccomp() { + g.InitConfigLinux() if g.Config.Linux.Seccomp == nil { g.Config.Linux.Seccomp = &rspec.Seccomp{} } } -func (g *Generator) initConfigLinuxResources() { - g.initConfigLinux() +func (g *Generator) InitConfigLinuxResources() { + g.InitConfigLinux() if g.Config.Linux.Resources == nil { g.Config.Linux.Resources = &rspec.Resources{} } } -func (g *Generator) initConfigLinuxResourcesCPU() { - g.initConfigLinuxResources() +func (g *Generator) InitConfigLinuxResourcesCPU() { + g.InitConfigLinuxResources() if g.Config.Linux.Resources.CPU == nil { g.Config.Linux.Resources.CPU = &rspec.CPU{} } } -func (g *Generator) initConfigLinuxResourcesMemory() { - g.initConfigLinuxResources() +func (g *Generator) InitConfigLinuxResourcesMemory() { + g.InitConfigLinuxResources() if g.Config.Linux.Resources.Memory == nil { g.Config.Linux.Resources.Memory = &rspec.Memory{} } } -func (g *Generator) initConfigLinuxResourcesPids() { - g.initConfigLinuxResources() +func (g *Generator) InitConfigLinuxResourcesPids() { + g.InitConfigLinuxResources() if g.Config.Linux.Resources.Pids == nil { g.Config.Linux.Resources.Pids = &rspec.Pids{} } diff --git a/generate/generate.go b/generate/generate.go index 5810bb333..18791d907 100644 --- a/generate/generate.go +++ b/generate/generate.go @@ -121,7 +121,7 @@ func New() Generator { Devices: []rspec.DeviceCgroup{ { Allow: false, - Access: strPtr("rwm"), + Access: StrPtr("rwm"), }, }, }, @@ -151,13 +151,6 @@ func New() Generator { } } -// NewFromConfig creates a config Generator from a given config. -func NewFromConfig(config *rspec.Spec) Generator { - return Generator{ - Config: config, - } -} - // NewFromFile loads the template specifed in a file into a config Generator. func NewFromFile(path string) (Generator, error) { cf, err := os.Open(path) @@ -213,131 +206,9 @@ func (g *Generator) SaveToFile(path string, exportOpts ExportOptions) error { return g.Save(f, exportOpts) } -// SetVersion sets g.Config.Version. -func (g *Generator) SetVersion(version string) { - g.initConfig() - g.Config.Version = version -} - -// SetRootPath sets g.Config.Root.Path. -func (g *Generator) SetRootPath(path string) { - g.initConfig() - g.Config.Root.Path = path -} - -// SetRootReadonly sets g.Config.Root.Readonly. -func (g *Generator) SetRootReadonly(b bool) { - g.initConfig() - g.Config.Root.Readonly = b -} - -// SetHostname sets g.Config.Hostname. -func (g *Generator) SetHostname(s string) { - g.initConfig() - g.Config.Hostname = s -} - -// ClearAnnotations clears g.Config.Annotations. -func (g *Generator) ClearAnnotations() { - if g.Config == nil { - return - } - g.Config.Annotations = make(map[string]string) -} - -// AddAnnotation adds an annotation into g.Config.Annotations. -func (g *Generator) AddAnnotation(key, value string) { - g.initConfigAnnotations() - g.Config.Annotations[key] = value -} - -// RemoveAnnotation remove an annotation from g.Config.Annotations. -func (g *Generator) RemoveAnnotation(key string) { - if g.Config == nil || g.Config.Annotations == nil { - return - } - delete(g.Config.Annotations, key) -} - -// SetPlatformOS sets g.Config.Process.OS. -func (g *Generator) SetPlatformOS(os string) { - g.initConfig() - g.Config.Platform.OS = os -} - -// SetPlatformArch sets g.Config.Platform.Arch. -func (g *Generator) SetPlatformArch(arch string) { - g.initConfig() - g.Config.Platform.Arch = arch -} - -// SetProcessUID sets g.Config.Process.User.UID. -func (g *Generator) SetProcessUID(uid uint32) { - g.initConfig() - g.Config.Process.User.UID = uid -} - -// SetProcessGID sets g.Config.Process.User.GID. -func (g *Generator) SetProcessGID(gid uint32) { - g.initConfig() - g.Config.Process.User.GID = gid -} - -// SetProcessCwd sets g.Config.Process.Cwd. -func (g *Generator) SetProcessCwd(cwd string) { - g.initConfig() - g.Config.Process.Cwd = cwd -} - -// SetProcessNoNewPrivileges sets g.Config.Process.NoNewPrivileges. -func (g *Generator) SetProcessNoNewPrivileges(b bool) { - g.initConfig() - g.Config.Process.NoNewPrivileges = b -} - -// SetProcessTerminal sets g.Config.Process.Terminal. -func (g *Generator) SetProcessTerminal(b bool) { - g.initConfig() - g.Config.Process.Terminal = b -} - -// SetProcessApparmorProfile sets g.Config.Process.ApparmorProfile. -func (g *Generator) SetProcessApparmorProfile(prof string) { - g.initConfig() - g.Config.Process.ApparmorProfile = prof -} - -// SetProcessArgs sets g.Config.Process.Args. -func (g *Generator) SetProcessArgs(args []string) { - g.initConfig() - g.Config.Process.Args = args -} - -// ClearProcessEnv clears g.Config.Process.Env. -func (g *Generator) ClearProcessEnv() { - if g.Config == nil { - return - } - g.Config.Process.Env = []string{} -} - -// AddProcessEnv adds env into g.Config.Process.Env. -func (g *Generator) AddProcessEnv(env string) { - g.initConfig() - g.Config.Process.Env = append(g.Config.Process.Env, env) -} - -// ClearProcessAdditionalGids clear g.Config.Process.AdditionalGids. -func (g *Generator) ClearProcessAdditionalGids() { - if g.Config == nil { - return - } - g.Config.Process.User.AdditionalGids = []uint32{} -} - // AddProcessAdditionalGid adds an additional gid into g.Config.Process.AdditionalGids. func (g *Generator) AddProcessAdditionalGid(gid uint32) { - g.initConfig() + g.InitConfig() for _, group := range g.Config.Process.User.AdditionalGids { if group == gid { return @@ -346,317 +217,21 @@ func (g *Generator) AddProcessAdditionalGid(gid uint32) { g.Config.Process.User.AdditionalGids = append(g.Config.Process.User.AdditionalGids, gid) } -// SetProcessSelinuxLabel sets g.Config.Process.SelinuxLabel. -func (g *Generator) SetProcessSelinuxLabel(label string) { - g.initConfig() - g.Config.Process.SelinuxLabel = label -} - -// SetLinuxCgroupsPath sets g.Config.Linux.CgroupsPath. -func (g *Generator) SetLinuxCgroupsPath(path string) { - g.initConfigLinux() - g.Config.Linux.CgroupsPath = strPtr(path) -} - -// SetLinuxMountLabel sets g.Config.Linux.MountLabel. -func (g *Generator) SetLinuxMountLabel(label string) { - g.initConfigLinux() - g.Config.Linux.MountLabel = label -} - -// SetLinuxResourcesDisableOOMKiller sets g.Config.Linux.Resources.DisableOOMKiller. -func (g *Generator) SetLinuxResourcesDisableOOMKiller(disable bool) { - g.initConfigLinuxResources() - g.Config.Linux.Resources.DisableOOMKiller = &disable -} - -// SetLinuxResourcesOOMScoreAdj sets g.Config.Linux.Resources.OOMScoreAdj. -func (g *Generator) SetLinuxResourcesOOMScoreAdj(adj int) { - g.initConfigLinuxResources() - g.Config.Linux.Resources.OOMScoreAdj = &adj -} - -// SetLinuxResourcesCPUShares sets g.Config.Linux.Resources.CPU.Shares. -func (g *Generator) SetLinuxResourcesCPUShares(shares uint64) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.Shares = &shares -} - -// SetLinuxResourcesCPUQuota sets g.Config.Linux.Resources.CPU.Quota. -func (g *Generator) SetLinuxResourcesCPUQuota(quota uint64) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.Quota = "a -} - -// SetLinuxResourcesCPUPeriod sets g.Config.Linux.Resources.CPU.Period. -func (g *Generator) SetLinuxResourcesCPUPeriod(period uint64) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.Period = &period -} - -// SetLinuxResourcesCPURealtimeRuntime sets g.Config.Linux.Resources.CPU.RealtimeRuntime. -func (g *Generator) SetLinuxResourcesCPURealtimeRuntime(time uint64) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.RealtimeRuntime = &time -} - -// SetLinuxResourcesCPURealtimePeriod sets g.Config.Linux.Resources.CPU.RealtimePeriod. -func (g *Generator) SetLinuxResourcesCPURealtimePeriod(period uint64) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.RealtimePeriod = &period -} - -// SetLinuxResourcesCPUCpus sets g.Config.Linux.Resources.CPU.Cpus. -func (g *Generator) SetLinuxResourcesCPUCpus(cpus string) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.Cpus = &cpus -} - -// SetLinuxResourcesCPUMems sets g.Config.Linux.Resources.CPU.Mems. -func (g *Generator) SetLinuxResourcesCPUMems(mems string) { - g.initConfigLinuxResourcesCPU() - g.Config.Linux.Resources.CPU.Mems = &mems -} - -// SetLinuxResourcesMemoryLimit sets g.Config.Linux.Resources.Memory.Limit. -func (g *Generator) SetLinuxResourcesMemoryLimit(limit uint64) { - g.initConfigLinuxResourcesMemory() - g.Config.Linux.Resources.Memory.Limit = &limit -} - -// SetLinuxResourcesMemoryReservation sets g.Config.Linux.Resources.Memory.Reservation. -func (g *Generator) SetLinuxResourcesMemoryReservation(reservation uint64) { - g.initConfigLinuxResourcesMemory() - g.Config.Linux.Resources.Memory.Reservation = &reservation -} - -// SetLinuxResourcesMemorySwap sets g.Config.Linux.Resources.Memory.Swap. -func (g *Generator) SetLinuxResourcesMemorySwap(swap uint64) { - g.initConfigLinuxResourcesMemory() - g.Config.Linux.Resources.Memory.Swap = &swap -} - -// SetLinuxResourcesMemoryKernel sets g.Config.Linux.Resources.Memory.Kernel. -func (g *Generator) SetLinuxResourcesMemoryKernel(kernel uint64) { - g.initConfigLinuxResourcesMemory() - g.Config.Linux.Resources.Memory.Kernel = &kernel -} - -// SetLinuxResourcesMemoryKernelTCP sets g.Config.Linux.Resources.Memory.KernelTCP. -func (g *Generator) SetLinuxResourcesMemoryKernelTCP(kernelTCP uint64) { - g.initConfigLinuxResourcesMemory() - g.Config.Linux.Resources.Memory.KernelTCP = &kernelTCP -} - -// SetLinuxResourcesMemorySwappiness sets g.Config.Linux.Resources.Memory.Swappiness. -func (g *Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64) { - g.initConfigLinuxResourcesMemory() - g.Config.Linux.Resources.Memory.Swappiness = &swappiness -} - -// SetLinuxResourcesPidsLimit sets g.Config.Linux.Resources.Pids.Limit. -func (g *Generator) SetLinuxResourcesPidsLimit(limit int64) { - g.initConfigLinuxResourcesPids() - g.Config.Linux.Resources.Pids.Limit = &limit -} - -// ClearLinuxSysctl clears g.Config.Linux.Sysctl. -func (g *Generator) ClearLinuxSysctl() { - if g.Config == nil || g.Config.Linux == nil { - return - } - g.Config.Linux.Sysctl = make(map[string]string) -} - -// AddLinuxSysctl adds a new sysctl config into g.Config.Linux.Sysctl. -func (g *Generator) AddLinuxSysctl(key, value string) { - g.initConfigLinuxSysctl() - g.Config.Linux.Sysctl[key] = value -} - -// RemoveLinuxSysctl removes a sysctl config from g.Config.Linux.Sysctl. -func (g *Generator) RemoveLinuxSysctl(key string) { - if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Sysctl == nil { - return - } - delete(g.Config.Linux.Sysctl, key) -} - -// ClearLinuxUIDMappings clear g.Config.Linux.UIDMappings. -func (g *Generator) ClearLinuxUIDMappings() { - if g.Config == nil || g.Config.Linux == nil { - return - } - g.Config.Linux.UIDMappings = []rspec.IDMapping{} -} - -// AddLinuxUIDMapping adds uidMap into g.Config.Linux.UIDMappings. -func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32) { - idMapping := rspec.IDMapping{ - HostID: hid, - ContainerID: cid, - Size: size, - } - - g.initConfigLinux() - g.Config.Linux.UIDMappings = append(g.Config.Linux.UIDMappings, idMapping) -} - -// ClearLinuxGIDMappings clear g.Config.Linux.GIDMappings. -func (g *Generator) ClearLinuxGIDMappings() { - if g.Config == nil || g.Config.Linux == nil { - return - } - g.Config.Linux.GIDMappings = []rspec.IDMapping{} -} - -// AddLinuxGIDMapping adds gidMap into g.Config.Linux.GIDMappings. -func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32) { - idMapping := rspec.IDMapping{ - HostID: hid, - ContainerID: cid, - Size: size, - } - - g.initConfigLinux() - g.Config.Linux.GIDMappings = append(g.Config.Linux.GIDMappings, idMapping) -} - -// SetLinuxRootPropagation sets g.Config.Linux.RootfsPropagation. -func (g *Generator) SetLinuxRootPropagation(rp string) error { - switch rp { - case "": - case "private": - case "rprivate": - case "slave": - case "rslave": - case "shared": - case "rshared": - default: - return fmt.Errorf("rootfs-propagation must be empty or one of private|rprivate|slave|rslave|shared|rshared") - } - g.initConfigLinux() - g.Config.Linux.RootfsPropagation = rp - return nil -} - -// ClearPreStartHooks clear g.Config.Hooks.Prestart. -func (g *Generator) ClearPreStartHooks() { - if g.Config == nil { - return - } - g.Config.Hooks.Prestart = []rspec.Hook{} -} - -// AddPreStartHook add a prestart hook into g.Config.Hooks.Prestart. -func (g *Generator) AddPreStartHook(path string, args []string) { - g.initConfig() - hook := rspec.Hook{Path: path, Args: args} - g.Config.Hooks.Prestart = append(g.Config.Hooks.Prestart, hook) -} - -// ClearPostStopHooks clear g.Config.Hooks.Poststop. -func (g *Generator) ClearPostStopHooks() { - if g.Config == nil { - return - } - g.Config.Hooks.Poststop = []rspec.Hook{} -} - -// AddPostStopHook adds a poststop hook into g.Config.Hooks.Poststop. -func (g *Generator) AddPostStopHook(path string, args []string) { - g.initConfig() - hook := rspec.Hook{Path: path, Args: args} - g.Config.Hooks.Poststop = append(g.Config.Hooks.Poststop, hook) -} - -// ClearPostStartHooks clear g.Config.Hooks.Poststart. -func (g *Generator) ClearPostStartHooks() { - if g.Config == nil { - return - } - g.Config.Hooks.Poststart = []rspec.Hook{} -} - -// AddPostStartHook adds a poststart hook into g.Config.Hooks.Poststart. -func (g *Generator) AddPostStartHook(path string, args []string) { - g.initConfig() - hook := rspec.Hook{Path: path, Args: args} - g.Config.Hooks.Poststart = append(g.Config.Hooks.Poststart, hook) -} - -// AddTmpfsMount adds a tmpfs mount into g.Config.Mounts. -func (g *Generator) AddTmpfsMount(dest string, options []string) { - mnt := rspec.Mount{ - Destination: dest, - Type: "tmpfs", - Source: "tmpfs", - Options: options, - } - - g.initConfig() - g.Config.Mounts = append(g.Config.Mounts, mnt) -} - -// AddCgroupsMount adds a cgroup mount into g.Config.Mounts. -func (g *Generator) AddCgroupsMount(mountCgroupOption string) error { - switch mountCgroupOption { - case "ro": - case "rw": - break - case "no": - return nil - default: - return fmt.Errorf("--mount-cgroups should be one of (ro,rw,no)") - } - - mnt := rspec.Mount{ - Destination: "/sys/fs/cgroup", - Type: "cgroup", - Source: "cgroup", - Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption}, - } - g.initConfig() - g.Config.Mounts = append(g.Config.Mounts, mnt) - - return nil -} - -// AddBindMount adds a bind mount into g.Config.Mounts. -func (g *Generator) AddBindMount(source, dest, options string) { - if options == "" { - options = "ro" - } - - defaultOptions := []string{"bind"} - - mnt := rspec.Mount{ - Destination: dest, - Type: "bind", - Source: source, - Options: append(defaultOptions, options), - } - g.initConfig() - g.Config.Mounts = append(g.Config.Mounts, mnt) -} - // SetupPrivileged sets up the priviledge-related fields inside g.Config. -func (g *Generator) SetupPrivileged(privileged bool) { - if privileged { - // Add all capabilities in privileged mode. - var finalCapList []string - for _, cap := range capability.List() { - if g.HostSpecific && cap > lastCap() { - continue - } - finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))) +func (g *Generator) SetupPrivileged() { + // Add all capabilities in privileged mode. + var finalCapList []string + for _, cap := range capability.List() { + if g.HostSpecific && cap > lastCap() { + continue } - g.initConfigLinux() - g.Config.Process.Capabilities = finalCapList - g.Config.Process.SelinuxLabel = "" - g.Config.Process.ApparmorProfile = "" - g.Config.Linux.Seccomp = nil + finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))) } + g.InitConfigLinux() + g.Config.Process.Capabilities = finalCapList + g.Config.Process.SelinuxLabel = "" + g.Config.Process.ApparmorProfile = "" + g.Config.Linux.Seccomp = nil } func lastCap() capability.Cap { @@ -689,14 +264,6 @@ func checkCap(c string, hostSpecific bool) error { return nil } -// ClearProcessCapabilities clear g.Config.Process.Capabilities. -func (g *Generator) ClearProcessCapabilities() { - if g.Config == nil { - return - } - g.Config.Process.Capabilities = []string{} -} - // AddProcessCapability adds a process capability into g.Config.Process.Capabilities. func (g *Generator) AddProcessCapability(c string) error { if err := checkCap(c, g.HostSpecific); err != nil { @@ -705,7 +272,7 @@ func (g *Generator) AddProcessCapability(c string) error { cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c)) - g.initConfig() + g.InitConfig() for _, cap := range g.Config.Process.Capabilities { if strings.ToUpper(cap) == cp { return nil @@ -724,7 +291,7 @@ func (g *Generator) DropProcessCapability(c string) error { cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c)) - g.initConfig() + g.InitConfig() for i, cap := range g.Config.Process.Capabilities { if strings.ToUpper(cap) == cp { g.Config.Process.Capabilities = append(g.Config.Process.Capabilities[:i], g.Config.Process.Capabilities[i+1:]...) @@ -756,14 +323,6 @@ func mapStrToNamespace(ns string, path string) (rspec.Namespace, error) { } } -// ClearLinuxNamespaces clear g.Config.Linux.Namespaces. -func (g *Generator) ClearLinuxNamespaces() { - if g.Config == nil || g.Config.Linux == nil { - return - } - g.Config.Linux.Namespaces = []rspec.Namespace{} -} - // AddOrReplaceLinuxNamespace adds or replaces a namespace inside // g.Config.Linux.Namespaces. func (g *Generator) AddOrReplaceLinuxNamespace(ns string, path string) error { @@ -772,7 +331,7 @@ func (g *Generator) AddOrReplaceLinuxNamespace(ns string, path string) error { return err } - g.initConfigLinux() + g.InitConfigLinux() for i, ns := range g.Config.Linux.Namespaces { if ns.Type == namespace.Type { g.Config.Linux.Namespaces[i] = namespace @@ -802,54 +361,51 @@ func (g *Generator) RemoveLinuxNamespace(ns string) error { return nil } -// strPtr returns the pointer pointing to the string s. -func strPtr(s string) *string { return &s } +// BoolPtr returns the pointer pointing to the boolean b. +func BoolPtr(b bool) *bool { return &b } + +// IntPtr returns the pointer pointing to the int i. +func IntPtr(i int) *int { return &i } + +// StrPtr returns the pointer pointing to the string s. +func StrPtr(s string) *string { return &s } + +// Uint64Ptr returns the pointer pointing to the uint64 i. +func Uint64Ptr(i uint64) *uint64 { return &i } // SetSyscallAction adds rules for syscalls with the specified action func (g *Generator) SetSyscallAction(arguments seccomp.SyscallOpts) error { - g.initConfigLinuxSeccomp() + g.InitConfigLinuxSeccomp() return seccomp.ParseSyscallFlag(arguments, g.Config.Linux.Seccomp) } // SetDefaultSeccompAction sets the default action for all syscalls not defined // and then removes any syscall rules with this action already specified. func (g *Generator) SetDefaultSeccompAction(action string) error { - g.initConfigLinuxSeccomp() + g.InitConfigLinuxSeccomp() return seccomp.ParseDefaultAction(action, g.Config.Linux.Seccomp) } // SetDefaultSeccompActionForce only sets the default action for all syscalls not defined func (g *Generator) SetDefaultSeccompActionForce(action string) error { - g.initConfigLinuxSeccomp() + g.InitConfigLinuxSeccomp() return seccomp.ParseDefaultActionForce(action, g.Config.Linux.Seccomp) } // SetSeccompArchitecture sets the supported seccomp architectures func (g *Generator) SetSeccompArchitecture(architecture string) error { - g.initConfigLinuxSeccomp() + g.InitConfigLinuxSeccomp() return seccomp.ParseArchitectureFlag(architecture, g.Config.Linux.Seccomp) } // RemoveSeccompRule removes rules for any specified syscalls func (g *Generator) RemoveSeccompRule(arguments string) error { - g.initConfigLinuxSeccomp() + g.InitConfigLinuxSeccomp() return seccomp.RemoveAction(arguments, g.Config.Linux.Seccomp) } // RemoveAllSeccompRules removes all syscall rules func (g *Generator) RemoveAllSeccompRules() error { - g.initConfigLinuxSeccomp() + g.InitConfigLinuxSeccomp() return seccomp.RemoveAllSeccompRules(g.Config.Linux.Seccomp) } - -// AddLinuxMaskedPaths adds masked paths into g.Config.Linux.MaskedPaths. -func (g *Generator) AddLinuxMaskedPaths(path string) { - g.initConfigLinux() - g.Config.Linux.MaskedPaths = append(g.Config.Linux.MaskedPaths, path) -} - -// AddLinuxReadonlyPaths adds readonly paths into g.Config.Linux.MaskedPaths. -func (g *Generator) AddLinuxReadonlyPaths(path string) { - g.initConfigLinux() - g.Config.Linux.ReadonlyPaths = append(g.Config.Linux.ReadonlyPaths, path) -} From 330d00dd3daf93f058ecc5fa03b14f6cbaa0c345 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Mon, 7 Nov 2016 22:13:40 -0800 Subject: [PATCH 3/3] generate: Adjust command-line generator to use .Config directly This saves a few lines of code and removes a layer of indirection. It's now obvious to the caller exactly what is changing, although there is sometimes less per-setting validation. That's ok though; folks interested in validating the config can call the validator on it after they've finished mucking about. This new approach also initializes any needer pointer fields at the top. With the current runtime-spec types, that can lead to some orphaned pointer fields, e.g.; $ ./oci-runtime-tool generate --template <(echo '{}') { "ociVersion": "1.0.0-rc1-dev", "platform": { "os": "linux", "arch": "amd64" }, "process": { "user": { "uid": 0, "gid": 0 }, "args": null, "cwd": "/" }, "root": { "path": "rootfs" }, "hooks": {}, "linux": { "resources": { "devices": null } } } but the devices issue was fixed in runtime-spec 1.0.0-rc2 [1] and there are other approaches to collapsing unused pointer properties [2]. [1]: https://github.com/opencontainers/runtime-spec/pull/526 [2]: https://github.com/opencontainers/runtime-tools/pull/112 Signed-off-by: W. Trevor King --- cmd/oci-runtime-tool/generate.go | 195 ++++++++++++++----------------- 1 file changed, 90 insertions(+), 105 deletions(-) diff --git a/cmd/oci-runtime-tool/generate.go b/cmd/oci-runtime-tool/generate.go index c5adca0f5..83a7087f9 100644 --- a/cmd/oci-runtime-tool/generate.go +++ b/cmd/oci-runtime-tool/generate.go @@ -131,16 +131,18 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { g.HostSpecific = true } + g.InitConfigLinuxResources() + if len(g.Config.Version) == 0 { - g.SetVersion(rspec.Version) + g.Config.Version = rspec.Version } if context.IsSet("hostname") { - g.SetHostname(context.String("hostname")) + g.Config.Hostname = context.String("hostname") } - g.SetPlatformOS(context.String("os")) - g.SetPlatformArch(context.String("arch")) + g.Config.Platform.OS = context.String("os") + g.Config.Platform.Arch = context.String("arch") if context.IsSet("label") { annotations := context.StringSlice("label") @@ -149,51 +151,48 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { if len(pair) != 2 { return fmt.Errorf("incorrectly specified annotation: %s", s) } - g.AddAnnotation(pair[0], pair[1]) + g.Config.Annotations[pair[0]] = pair[1] } } - g.SetRootPath(context.String("rootfs")) + g.Config.Root.Path = context.String("rootfs") if context.IsSet("read-only") { - g.SetRootReadonly(context.Bool("read-only")) + g.Config.Root.Readonly = context.Bool("read-only") } if context.IsSet("uid") { - g.SetProcessUID(uint32(context.Int("uid"))) + g.Config.Process.User.UID = uint32(context.Int("uid")) } if context.IsSet("gid") { - g.SetProcessGID(uint32(context.Int("gid"))) + g.Config.Process.User.GID = uint32(context.Int("gid")) } if context.IsSet("selinux-label") { - g.SetProcessSelinuxLabel(context.String("selinux-label")) + g.Config.Process.SelinuxLabel = context.String("selinux-label") } - g.SetProcessCwd(context.String("cwd")) + g.Config.Process.Cwd = context.String("cwd") if context.IsSet("apparmor") { - g.SetProcessApparmorProfile(context.String("apparmor")) + g.Config.Process.ApparmorProfile = context.String("apparmor") } if context.IsSet("no-new-privileges") { - g.SetProcessNoNewPrivileges(context.Bool("no-new-privileges")) + g.Config.Process.NoNewPrivileges = context.Bool("no-new-privileges") } if context.IsSet("tty") { - g.SetProcessTerminal(context.Bool("tty")) + g.Config.Process.Terminal = context.Bool("tty") } if context.IsSet("args") { - g.SetProcessArgs(context.StringSlice("args")) + g.Config.Process.Args = context.StringSlice("args") } if context.IsSet("env") { - envs := context.StringSlice("env") - for _, env := range envs { - g.AddProcessEnv(env) - } + g.Config.Process.Env = append(g.Config.Process.Env, context.StringSlice("env")...) } if context.IsSet("groups") { @@ -208,25 +207,19 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { } if context.IsSet("cgroups-path") { - g.SetLinuxCgroupsPath(context.String("cgroups-path")) + g.Config.Linux.CgroupsPath = generate.StrPtr(context.String("cgroups-path")) } if context.IsSet("masked-paths") { - paths := context.StringSlice("masked-paths") - for _, path := range paths { - g.AddLinuxMaskedPaths(path) - } + g.Config.Linux.MaskedPaths = append(g.Config.Linux.MaskedPaths, context.StringSlice("masked-paths")...) } if context.IsSet("readonly-paths") { - paths := context.StringSlice("readonly-paths") - for _, path := range paths { - g.AddLinuxReadonlyPaths(path) - } + g.Config.Linux.ReadonlyPaths = append(g.Config.Linux.ReadonlyPaths, context.StringSlice("readonly-paths")...) } if context.IsSet("mount-label") { - g.SetLinuxMountLabel(context.String("mount-label")) + g.Config.Linux.MountLabel = context.String("mount-label") } if context.IsSet("sysctl") { @@ -236,15 +229,13 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { if len(pair) != 2 { return fmt.Errorf("incorrectly specified sysctl: %s", s) } - g.AddLinuxSysctl(pair[0], pair[1]) + g.Config.Linux.Sysctl[pair[0]] = pair[1] } } - privileged := false - if context.IsSet("privileged") { - privileged = context.Bool("privileged") + if context.IsSet("privileged") && context.Bool("privileged") { + g.SetupPrivileged() } - g.SetupPrivileged(privileged) if context.IsSet("cap-add") { addCaps := context.StringSlice("cap-add") @@ -285,137 +276,133 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { if context.IsSet("tmpfs") { tmpfsSlice := context.StringSlice("tmpfs") for _, s := range tmpfsSlice { - dest, options, err := parseTmpfsMount(s) + mnt, err := parseTmpfsMount(s) if err != nil { return err } - g.AddTmpfsMount(dest, options) + g.Config.Mounts = append(g.Config.Mounts, mnt) } } - mountCgroupOption := context.String("mount-cgroups") - if err := g.AddCgroupsMount(mountCgroupOption); err != nil { - return err + if context.IsSet("mount-cgroups") && context.String("mount-cgroups") != "no" { + g.Config.Mounts = append(g.Config.Mounts, rspec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "cgroup", + Source: "cgroup", + Options: []string{"nosuid", "noexec", "nodev", "relatime", context.String("mount-cgroups")}, + }) } if context.IsSet("bind") { binds := context.StringSlice("bind") for _, bind := range binds { - source, dest, options, err := parseBindMount(bind) + mnt, err := parseBindMount(bind) if err != nil { return err } - g.AddBindMount(source, dest, options) + g.Config.Mounts = append(g.Config.Mounts, mnt) } } if context.IsSet("prestart") { preStartHooks := context.StringSlice("prestart") for _, hook := range preStartHooks { - path, args := parseHook(hook) - g.AddPreStartHook(path, args) + g.Config.Hooks.Prestart = append(g.Config.Hooks.Prestart, parseHook(hook)) } } if context.IsSet("poststop") { postStopHooks := context.StringSlice("poststop") for _, hook := range postStopHooks { - path, args := parseHook(hook) - g.AddPostStopHook(path, args) + g.Config.Hooks.Poststop = append(g.Config.Hooks.Poststop, parseHook(hook)) } } if context.IsSet("poststart") { postStartHooks := context.StringSlice("poststart") for _, hook := range postStartHooks { - path, args := parseHook(hook) - g.AddPostStartHook(path, args) + g.Config.Hooks.Poststart = append(g.Config.Hooks.Poststart, parseHook(hook)) } } if context.IsSet("root-propagation") { - rp := context.String("root-propagation") - if err := g.SetLinuxRootPropagation(rp); err != nil { - return err - } + g.Config.Linux.RootfsPropagation = context.String("root-propagation") } for _, uidMap := range uidMaps { - hid, cid, size, err := parseIDMapping(uidMap) + mapping, err := parseIDMapping(uidMap) if err != nil { return err } - - g.AddLinuxUIDMapping(hid, cid, size) + g.Config.Linux.UIDMappings = append(g.Config.Linux.UIDMappings, mapping) } for _, gidMap := range gidMaps { - hid, cid, size, err := parseIDMapping(gidMap) + mapping, err := parseIDMapping(gidMap) if err != nil { return err } - - g.AddLinuxGIDMapping(hid, cid, size) + g.Config.Linux.GIDMappings = append(g.Config.Linux.GIDMappings, mapping) } if context.IsSet("disable-oom-kill") { - g.SetLinuxResourcesDisableOOMKiller(context.Bool("disable-oom-kill")) + g.Config.Linux.Resources.DisableOOMKiller = generate.BoolPtr(context.Bool("disable-oom-kill")) } if context.IsSet("oom-score-adj") { - g.SetLinuxResourcesOOMScoreAdj(context.Int("oom-score-adj")) + g.Config.Linux.Resources.OOMScoreAdj = generate.IntPtr(context.Int("oom-score-adj")) } if context.IsSet("linux-cpu-shares") { - g.SetLinuxResourcesCPUShares(context.Uint64("linux-cpu-shares")) + g.Config.Linux.Resources.CPU.Shares = generate.Uint64Ptr(context.Uint64("linux-cpu-shares")) } if context.IsSet("linux-cpu-period") { - g.SetLinuxResourcesCPUPeriod(context.Uint64("linux-cpu-period")) + g.Config.Linux.Resources.CPU.Period = generate.Uint64Ptr(context.Uint64("linux-cpu-period")) } if context.IsSet("linux-cpu-quota") { - g.SetLinuxResourcesCPUQuota(context.Uint64("linux-cpu-quota")) + g.Config.Linux.Resources.CPU.Quota = generate.Uint64Ptr(context.Uint64("linux-cpu-quota")) } if context.IsSet("linux-realtime-runtime") { - g.SetLinuxResourcesCPURealtimeRuntime(context.Uint64("linux-realtime-runtime")) + g.Config.Linux.Resources.CPU.RealtimeRuntime = generate.Uint64Ptr(context.Uint64("linux-realtime-runtime")) } if context.IsSet("linux-realtime-period") { - g.SetLinuxResourcesCPURealtimePeriod(context.Uint64("linux-realtime-period")) + g.Config.Linux.Resources.CPU.RealtimePeriod = generate.Uint64Ptr(context.Uint64("linux-realtime-period")) } if context.IsSet("linux-cpus") { - g.SetLinuxResourcesCPUCpus(context.String("linux-cpus")) + g.Config.Linux.Resources.CPU.Cpus = generate.StrPtr(context.String("linux-cpus")) } if context.IsSet("linux-mems") { - g.SetLinuxResourcesCPUMems(context.String("linux-mems")) + g.Config.Linux.Resources.CPU.Mems = generate.StrPtr(context.String("linux-mems")) } if context.IsSet("linux-mem-limit") { - g.SetLinuxResourcesMemoryLimit(context.Uint64("linux-mem-limit")) + g.Config.Linux.Resources.Memory.Limit = generate.Uint64Ptr(context.Uint64("linux-mem-limit")) } if context.IsSet("linux-mem-reservation") { - g.SetLinuxResourcesMemoryReservation(context.Uint64("linux-mem-reservation")) + g.Config.Linux.Resources.Memory.Reservation = generate.Uint64Ptr(context.Uint64("linux-mem-reservation")) } if context.IsSet("linux-mem-swap") { - g.SetLinuxResourcesMemorySwap(context.Uint64("linux-mem-swap")) + g.Config.Linux.Resources.Memory.Swap = generate.Uint64Ptr(context.Uint64("linux-mem-swap")) } if context.IsSet("linux-mem-kernel-limit") { - g.SetLinuxResourcesMemoryKernel(context.Uint64("linux-mem-kernel-limit")) + g.Config.Linux.Resources.Memory.Kernel = generate.Uint64Ptr(context.Uint64("linux-mem-kernel-limit")) } if context.IsSet("linux-mem-kernel-tcp") { - g.SetLinuxResourcesMemoryKernelTCP(context.Uint64("linux-mem-kernel-tcp")) + g.Config.Linux.Resources.Memory.KernelTCP = generate.Uint64Ptr(context.Uint64("linux-mem-kernel-tcp")) } if context.IsSet("linux-mem-swappiness") { - g.SetLinuxResourcesMemorySwappiness(context.Uint64("linux-mem-swappiness")) + g.Config.Linux.Resources.Memory.Swappiness = generate.Uint64Ptr(context.Uint64("linux-mem-swappiness")) } err := addSeccomp(context, g) @@ -436,74 +423,72 @@ func setupLinuxNamespaces(context *cli.Context, g *generate.Generator, needsNewU } } -func parseIDMapping(idms string) (uint32, uint32, uint32, error) { +func parseIDMapping(idms string) (mapping rspec.IDMapping, err error) { idm := strings.Split(idms, ":") if len(idm) != 3 { - return 0, 0, 0, fmt.Errorf("idmappings error: %s", idms) + return mapping, fmt.Errorf("idmappings error: %s", idms) } hid, err := strconv.Atoi(idm[0]) if err != nil { - return 0, 0, 0, err + return mapping, err } cid, err := strconv.Atoi(idm[1]) if err != nil { - return 0, 0, 0, err + return mapping, err } size, err := strconv.Atoi(idm[2]) if err != nil { - return 0, 0, 0, err + return mapping, err } - return uint32(hid), uint32(cid), uint32(size), nil + mapping.HostID = uint32(hid) + mapping.ContainerID = uint32(cid) + mapping.Size = uint32(size) + return mapping, nil } -func parseHook(s string) (string, []string) { +func parseHook(s string) (hook rspec.Hook) { parts := strings.Split(s, ":") - args := []string{} - path := parts[0] - if len(parts) > 1 { - args = parts[1:] - } - return path, args + hook.Path = parts[0] + hook.Args = parts[1:] + return hook } -func parseTmpfsMount(s string) (string, []string, error) { - var dest string - var options []string - var err error - +func parseTmpfsMount(s string) (mnt rspec.Mount, err error) { parts := strings.Split(s, ":") if len(parts) == 2 { - dest = parts[0] - options = strings.Split(parts[1], ",") + mnt.Destination = parts[0] + mnt.Options = strings.Split(parts[1], ",") } else if len(parts) == 1 { - dest = parts[0] - options = []string{"rw", "noexec", "nosuid", "nodev", "size=65536k"} + mnt.Destination = parts[0] + mnt.Options = []string{"rw", "noexec", "nosuid", "nodev", "size=65536k"} } else { - err = fmt.Errorf("invalid value for --tmpfs") + return mnt, fmt.Errorf("invalid value for --tmpfs") } - - return dest, options, err + mnt.Type = "tmpfs" + mnt.Source = "tmpfs" + return mnt, err } -func parseBindMount(s string) (string, string, string, error) { - var source, dest string - options := "ro" - +func parseBindMount(s string) (mnt rspec.Mount, err error) { bparts := strings.SplitN(s, ":", 3) switch len(bparts) { case 2: - source, dest = bparts[0], bparts[1] + mnt.Source = bparts[0] + mnt.Destination = bparts[1] + mnt.Options = []string{"ro"} case 3: - source, dest, options = bparts[0], bparts[1], bparts[2] + mnt.Source = bparts[0] + mnt.Destination = bparts[1] + mnt.Options = strings.Split(bparts[2], ",") default: - return source, dest, options, fmt.Errorf("--bind should have format src:dest:[options]") + return mnt, fmt.Errorf("--bind should have format src:dest:[options]") } - return source, dest, options, nil + return mnt, nil } func addSeccomp(context *cli.Context, g *generate.Generator) error {