Merge pull request #5324 from thaJeztah/no_libcontainer_devices

cri/server: use containerd/oci instead of libcontainer/devices (remove libcontainer/devices dependency)
containerd · Apr 8, 2021 · 01a3926 · 01a3926
2 parents ceb0875 + 9bc8d63
commit 01a3926
Show file tree

Hide file tree

Showing 9 changed files with 142 additions and 528 deletions.
diff --git a/oci/spec_opts_linux.go b/oci/spec_opts_linux.go
@@ -20,31 +20,24 @@ package oci
 
 import (
 	"context"
-	"io/ioutil"
-	"os"
-	"path/filepath"
 
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/pkg/cap"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 // WithHostDevices adds all the hosts device nodes to the container's spec
 func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 	setLinux(s)
 
-	devs, err := getDevices("/dev", "")
+	devs, err := HostDevices()
 	if err != nil {
 		return err
 	}
 	s.Linux.Devices = append(s.Linux.Devices, devs...)
 	return nil
 }
 
-var errNotADevice = errors.New("not a device node")
-
 // WithDevices recursively adds devices from the passed in path and associated cgroup rules for that device.
 // If devicePath is a dir it traverses the dir to add all devices in that dir.
 // If devicePath is not a dir, it attempts to add the single device.
@@ -69,108 +62,6 @@ func WithDevices(devicePath, containerPath, permissions string) SpecOpts {
 	}
 }
 
-func getDevices(path, containerPath string) ([]specs.LinuxDevice, error) {
-	stat, err := os.Stat(path)
-	if err != nil {
-		return nil, errors.Wrap(err, "error stating device path")
-	}
-
-	if !stat.IsDir() {
-		dev, err := deviceFromPath(path)
-		if err != nil {
-			return nil, err
-		}
-		if containerPath != "" {
-			dev.Path = containerPath
-		}
-		return []specs.LinuxDevice{*dev}, nil
-	}
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-	var out []specs.LinuxDevice
-	for _, f := range files {
-		switch {
-		case f.IsDir():
-			switch f.Name() {
-			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
-			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
-			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
-				continue
-			default:
-				var cp string
-				if containerPath != "" {
-					cp = filepath.Join(containerPath, filepath.Base(f.Name()))
-				}
-				sub, err := getDevices(filepath.Join(path, f.Name()), cp)
-				if err != nil {
-					return nil, err
-				}
-
-				out = append(out, sub...)
-				continue
-			}
-		case f.Name() == "console":
-			continue
-		}
-		device, err := deviceFromPath(filepath.Join(path, f.Name()))
-		if err != nil {
-			if err == errNotADevice {
-				continue
-			}
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, err
-		}
-		if containerPath != "" {
-			device.Path = filepath.Join(containerPath, filepath.Base(f.Name()))
-		}
-		out = append(out, *device)
-	}
-	return out, nil
-}
-
-func deviceFromPath(path string) (*specs.LinuxDevice, error) {
-	var stat unix.Stat_t
-	if err := unix.Lstat(path, &stat); err != nil {
-		return nil, err
-	}
-
-	var (
-		// The type is 32bit on mips.
-		devNumber = uint64(stat.Rdev) // nolint: unconvert
-		major     = unix.Major(devNumber)
-		minor     = unix.Minor(devNumber)
-	)
-	if major == 0 {
-		return nil, errNotADevice
-	}
-
-	var (
-		devType string
-		mode    = stat.Mode
-	)
-	switch {
-	case mode&unix.S_IFBLK == unix.S_IFBLK:
-		devType = "b"
-	case mode&unix.S_IFCHR == unix.S_IFCHR:
-		devType = "c"
-	}
-	fm := os.FileMode(mode &^ unix.S_IFMT)
-	return &specs.LinuxDevice{
-		Type:     devType,
-		Path:     path,
-		Major:    int64(major),
-		Minor:    int64(minor),
-		FileMode: &fm,
-		UID:      &stat.Uid,
-		GID:      &stat.Gid,
-	}, nil
-}
-
 // WithMemorySwap sets the container's swap in bytes
 func WithMemorySwap(swap int64) SpecOpts {
 	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {

diff --git a/oci/spec_opts_unix.go b/oci/spec_opts_unix.go
@@ -20,33 +20,25 @@ package oci
 
 import (
 	"context"
-	"io/ioutil"
-	"os"
-	"path/filepath"
 
 	"github.com/containerd/containerd/containers"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
 )
 
 // WithHostDevices adds all the hosts device nodes to the container's spec
 func WithHostDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 	setLinux(s)
 
-	devs, err := getDevices("/dev", "")
+	devs, err := HostDevices()
 	if err != nil {
 		return err
 	}
 	s.Linux.Devices = append(s.Linux.Devices, devs...)
 	return nil
 }
 
-var errNotADevice = errors.New("not a device node")
-
 // WithDevices recursively adds devices from the passed in path and associated cgroup rules for that device.
 // If devicePath is a dir it traverses the dir to add all devices in that dir.
-// If devicePath is not a dir, it attempts to add the signle device.
+// If devicePath is not a dir, it attempts to add the single device.
 func WithDevices(devicePath, containerPath, permissions string) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 		devs, err := getDevices(devicePath, containerPath)
@@ -58,107 +50,6 @@ func WithDevices(devicePath, containerPath, permissions string) SpecOpts {
 	}
 }
 
-func getDevices(path, containerPath string) ([]specs.LinuxDevice, error) {
-	stat, err := os.Stat(path)
-	if err != nil {
-		return nil, errors.Wrap(err, "error stating device path")
-	}
-
-	if !stat.IsDir() {
-		dev, err := deviceFromPath(path)
-		if err != nil {
-			return nil, err
-		}
-		if containerPath != "" {
-			dev.Path = containerPath
-		}
-		return []specs.LinuxDevice{*dev}, nil
-	}
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-	var out []specs.LinuxDevice
-	for _, f := range files {
-		switch {
-		case f.IsDir():
-			switch f.Name() {
-			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
-			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
-			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
-				continue
-			default:
-				var cp string
-				if containerPath != "" {
-					cp = filepath.Join(containerPath, filepath.Base(f.Name()))
-				}
-				sub, err := getDevices(filepath.Join(path, f.Name()), cp)
-				if err != nil {
-					return nil, err
-				}
-
-				out = append(out, sub...)
-				continue
-			}
-		case f.Name() == "console":
-			continue
-		}
-		device, err := deviceFromPath(filepath.Join(path, f.Name()))
-		if err != nil {
-			if err == errNotADevice {
-				continue
-			}
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, err
-		}
-		if containerPath != "" {
-			device.Path = filepath.Join(containerPath, filepath.Base(f.Name()))
-		}
-		out = append(out, *device)
-	}
-	return out, nil
-}
-
-func deviceFromPath(path string) (*specs.LinuxDevice, error) {
-	var stat unix.Stat_t
-	if err := unix.Lstat(path, &stat); err != nil {
-		return nil, err
-	}
-
-	var (
-		devNumber = uint64(stat.Rdev)
-		major     = unix.Major(devNumber)
-		minor     = unix.Minor(devNumber)
-	)
-	if major == 0 {
-		return nil, errNotADevice
-	}
-
-	var (
-		devType string
-		mode    = stat.Mode
-	)
-	switch {
-	case mode&unix.S_IFBLK == unix.S_IFBLK:
-		devType = "b"
-	case mode&unix.S_IFCHR == unix.S_IFCHR:
-		devType = "c"
-	}
-	fm := os.FileMode(mode &^ unix.S_IFMT)
-	return &specs.LinuxDevice{
-		Type:     devType,
-		Path:     path,
-		Major:    int64(major),
-		Minor:    int64(minor),
-		FileMode: &fm,
-		UID:      &stat.Uid,
-		GID:      &stat.Gid,
-	}, nil
-}
-
 // WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period
 func WithCPUCFS(quota int64, period uint64) SpecOpts {
 	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {