Allow directories for --device and in-container path

Signed-off-by: apostasie <spam_blackhole@farcloser.world>
containerd · May 11, 2024 · 6b4c3a8 · 6b4c3a8
1 parent 8eeef86
commit 6b4c3a8
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 31 deletions.
diff --git a/build-test.sh b/build-test.sh
@@ -0,0 +1 @@
+GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o nerdctl ./cmd/nerdctl/
diff --git a/cmd/nerdctl/container_run_cgroup_linux_test.go b/cmd/nerdctl/container_run_cgroup_linux_test.go
@@ -212,39 +212,46 @@ func TestRunDevice(t *testing.T) {
 func TestParseDevice(t *testing.T) {
 	t.Parallel()
 	type testCase struct {
-		s               string
-		expectedDevPath string
-		expectedMode    string
-		err             string
+		s                     string
+		expectedDevPath       string
+		expectedContainerPath string
+		expectedMode          string
+		err                   string
 	}
 	testCases := []testCase{
 		{
-			s:               "/dev/sda1",
-			expectedDevPath: "/dev/sda1",
-			expectedMode:    "rwm",
+			s:                     "/dev/sda1",
+			expectedDevPath:       "/dev/sda1",
+			expectedContainerPath: "/dev/sda1",
+			expectedMode:          "rwm",
 		},
 		{
-			s:               "/dev/sda2:r",
-			expectedDevPath: "/dev/sda2",
-			expectedMode:    "r",
+			s:                     "/dev/sda2:r",
+			expectedDevPath:       "/dev/sda2",
+			expectedContainerPath: "/dev/sda2",
+			expectedMode:          "r",
 		},
 		{
-			s:               "/dev/sda3:rw",
-			expectedDevPath: "/dev/sda3",
-			expectedMode:    "rw",
+			s:                     "/dev/sda3:rw",
+			expectedDevPath:       "/dev/sda3",
+			expectedContainerPath: "/dev/sda3",
+			expectedMode:          "rw",
 		},
 		{
 			s:   "sda4",
 			err: "not an absolute path",
 		},
 		{
-			s:               "/dev/sda5:/dev/sda5",
-			expectedDevPath: "/dev/sda5",
-			expectedMode:    "rwm",
+			s:                     "/dev/sda5:/dev/sda5",
+			expectedDevPath:       "/dev/sda5",
+			expectedContainerPath: "/dev/sda5",
+			expectedMode:          "rwm",
 		},
 		{
-			s:   "/dev/sda6:/dev/foo6",
-			err: "not supported yet",
+			s:                     "/dev/sda6:/dev/foo6",
+			expectedDevPath:       "/dev/sda6",
+			expectedContainerPath: "/dev/foo6",
+			expectedMode:          "rwm",
 		},
 		{
 			s:   "/dev/sda7:/dev/sda7:rwmx",
@@ -254,10 +261,11 @@ func TestParseDevice(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Log(tc.s)
-		devPath, mode, err := container.ParseDevice(tc.s)
+		devPath, containerPath, mode, err := container.ParseDevice(tc.s)
 		if tc.err == "" {
 			assert.NilError(t, err)
 			assert.Equal(t, tc.expectedDevPath, devPath)
+			assert.Equal(t, tc.expectedContainerPath, containerPath)
 			assert.Equal(t, tc.expectedMode, mode)
 		} else {
 			assert.ErrorContains(t, err, tc.err)

diff --git a/pkg/cmd/container/run_cgroup_linux.go b/pkg/cmd/container/run_cgroup_linux.go
@@ -199,12 +199,13 @@ func generateCgroupOpts(id string, options types.ContainerCreateOptions) ([]oci.
 	}
 
 	for _, f := range options.Device {
-		devPath, mode, err := ParseDevice(f)
+		devPath, conPath, mode, err := ParseDevice(f)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse device %q: %w", f, err)
 		}
-		opts = append(opts, oci.WithLinuxDevice(devPath, mode))
+		opts = append(opts, oci.WithDevices(devPath, conPath, mode))
 	}
+
 	return opts, nil
 }
 
@@ -246,8 +247,8 @@ func generateCgroupPath(id, cgroupManager, cgroupParent string) (string, error)
 	return path, nil
 }
 
-// ParseDevice parses the give device string into hostDevPath and mode(defaults: "rwm").
-func ParseDevice(s string) (hostDevPath string, mode string, err error) {
+// ParseDevice parses the give device string into hostDevPath, containerPath and mode(defaults: "rwm").
+func ParseDevice(s string) (hostDevPath string, containerPath string, mode string, err error) {
 	mode = "rwm"
 	split := strings.Split(s, ":")
 	var containerDevPath string
@@ -268,21 +269,17 @@ func ParseDevice(s string) (hostDevPath string, mode string, err error) {
 		containerDevPath = split[1]
 		mode = split[2]
 	default:
-		return "", "", errors.New("too many `:` symbols")
-	}
-
-	if containerDevPath != hostDevPath {
-		return "", "", errors.New("changing the path inside the container is not supported yet")
+		return "", "", "", errors.New("too many `:` symbols")
 	}
 
 	if !filepath.IsAbs(hostDevPath) {
-		return "", "", fmt.Errorf("%q is not an absolute path", hostDevPath)
+		return "", "", "", fmt.Errorf("%q is not an absolute path", hostDevPath)
 	}
 
 	if err := validateDeviceMode(mode); err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
-	return hostDevPath, mode, nil
+	return hostDevPath, containerDevPath, mode, nil
 }
 
 func validateDeviceMode(mode string) error {

diff --git a/test.json b/test.json
@@ -0,0 +1,2 @@
+{"Command":"\"/boot/entrypoint.sh\"","CreatedAt":"2024-05-10T22:44:54.266198053Z","ID":"75562dea5c72","Image":"docker.io/dubodubonduponey/dns:bookworm-2024-03-01","Platform":"linux/arm64/v8","Names":"dns","Ports":"0.0.0.0:4242->4242/tcp","Status":"Created","Runtime":"io.containerd.runc.v2","Size":"","Labels":{"containerd.io/restart.loguri":"binary:///home/apo/nerdctl-patch?_NERDCTL_INTERNAL_LOGGING=%2Fvar%2Flib%2Fnerdctl%2F1935db59","containerd.io/restart.policy":"always","containerd.io/restart.status":"running","io.containerd.image.config.stop-signal":"SIGTERM","nerdctl/error":"failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time=\"2024-05-10T15:44:58-07:00\" level=fatal msg=\"failed to call cni.Setup: plugin type=\\\"bridge\\\" failed (add): failed to allocate all requested IPs: 10.0.0.47\"\nFailed to write to log, write /var/lib/nerdctl/1935db59/containers/default/75562dea5c72f8772add1eaf4a549178b5a4ff5af111da5924d8ed587bfe2ebd/oci-hook.startContainer.log: file already closed: unknown","nerdctl/extraHosts":"null","nerdctl/hostname":"dns-oliphant.local","nerdctl/ip":"10.0.0.47","nerdctl/ipc":"{\"mode\":\"private\"}","nerdctl/log-uri":"binary:///home/apo/nerdctl-patch?_NERDCTL_INTERNAL_LOGGING=%2Fvar%2Flib%2Fnerdctl%2F1935db59","nerdctl/mounts":"[{\"Type\":\"volume\",\"Name\":\"data-dns\",\"Source\":\"/var/lib/nerdctl/1935db59/volumes/default/data-dns/_data\",\"Destination\":\"/magnetar/user/data\",\"Driver\":\"local\",\"Mode\":\"\",\"RW\":false,\"Propagation\":\"\"}]","nerdctl/name":"dns","nerdctl/namespace":"default","nerdctl/networks":"[\"hadron-mac-v6\",\"hadron-bridge\"]","nerdctl/platform":"linux/arm64/v8","nerdctl/ports":"[{\"HostPort\":4242,\"ContainerPort\":4242,\"Protocol\":\"tcp\",\"HostIP\":\"0.0.0.0\"}]","nerdctl/state-dir":"/var/lib/nerdctl/1935db59/containers/default/75562dea5c72f8772add1eaf4a549178b5a4ff5af111da5924d8ed587bfe2ebd","org.hadron.core.version":"v0.1-dev","org.hadron.plan.description":"some_plan_descriptor","org.hadron.plan.name":"plan_name","org.hadron.plan.sha":"8a6256ad545de0712383228888069b723f8b85ec6f35b7ab448dba61f380e848","org.hadron.plan.tag":"2024/05/10-15:44:36-5D88AA53-4089-48D0-84A9-1F76A187384D"}}
+