Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use containerd OCI defaults where possible #42485

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Use containerd OCI defaults where possible #42485

wants to merge 2 commits into from
+19 −64

Conversation

thaJeztah
Copy link
Member

There are some differences between docker and containerd:

Had this branch still around, and realised I didn't push it

Docker:

"" false rwm // what does this do? default permissions on `/dev`?
"/dev/console" true rwm
"/dev/null" true rwm
"/dev/random" true rwm
"/dev/tty" true rwm
"/dev/urandom" true rwm
"/dev/zero" true rwm
"fuse" false rwm

In docker, /dev/pts is specified as mount (spec.Mounts)

Containerd:

"/dev/console" true rwm
"/dev/full" true rwm
"/dev/null" true rwm
"/dev/ptmx" true rwm // /dev/ptmx -> /dev/pts/ptmx - pts namespaces are "coming soon"
"/dev/pts/" true rwm // pts namespaces are "coming soon"
"/dev/random" true rwm
"/dev/tty" true rwm
"/dev/urandom" true rwm
"/dev/zero" true rwm
"tuntap" true rwm

@thaJeztah thaJeztah marked this pull request as draft June 8, 2021 14:34
@thaJeztah thaJeztah added the status/failing-ci Indicates that the PR in its current state fails the test suite label Jun 9, 2021
@thaJeztah
oci: DefaultLinuxSpec(): annotate default devices
0b2fe8f 
Inspired by comments in the equivalent function in containerd

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Use containerd OCI defaults where possible
cc5dad9 
There are some differences between docker and containerd:

Docker:

""              false   rwm // what does this do? default permissions on `/dev`?
"/dev/console"  true    rwm
"/dev/null"     true    rwm
"/dev/random"   true    rwm
"/dev/tty"      true    rwm
"/dev/urandom"  true    rwm
"/dev/zero"     true    rwm
"fuse"          false   rwm

In docker, `/dev/pts` is specified as mount (spec.Mounts)

Containerd:

"/dev/console"  true    rwm
"/dev/full"     true    rwm
"/dev/null"     true    rwm
"/dev/ptmx"     true    rwm // /dev/ptmx -> /dev/pts/ptmx - pts namespaces are "coming soon"
"/dev/pts/"     true    rwm // pts namespaces are "coming soon"
"/dev/random"   true    rwm
"/dev/tty"      true    rwm
"/dev/urandom"  true    rwm
"/dev/zero"     true    rwm
"tuntap"        true    rwm

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Copy link
Member Author

Opened containerd/containerd#6923 to remove tuntap from containerd's default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/runtime status/failing-ci Indicates that the PR in its current state fails the test suite status/2-code-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@thaJeztah