func testFsTypeSupport(fstest string) {
//set file path
configjsonFilePath := "./../../source/config.json"
guestProgrammeFileName := ""
outputFileName := "mount_fstypesupport_out"
//setup the guest enviroment
err := hostsetup.SetupEnv(guestProgrammeFileName, outputFileName)
if err != nil {
log.Fatalf("[Specstest] mount filesystem support test: hostsetup.SetupEnv error, %v", err)
}
fmt.Println("Host enviroment setting up for runc is already!")
//read the config.json and edit and convert
var linuxspec *specs.LinuxSpec
linuxspec, err = configconvert.ConfigToLinuxSpec(configjsonFilePath)
if err != nil {
log.Fatalf("[Specstest] mount filesystem support test: reading config error, %v", err)
}
linuxspec.Spec.Root.Path = "./rootfs_rootconfig"
mountsorigin := specs.Mount{"proc", "proc", "/proc", ""}
mountsadd := specs.Mount{fstest, "/tmp/test", "/testfs", ""}
mountsnew := []specs.Mount{mountsorigin, mountsadd}
linuxspec.Mounts = mountsnew
err = configconvert.LinuxSpecToConfig(configjsonFilePath, linuxspec)
if err != nil {
log.Fatalf("[Specstest] mount filesystem support test:writing config error, %v", err)
}
fmt.Println("Host enviroment for runc is already!")
}
func setMount(fsName string, fsType string, fsSrc string, fsDes string, fsOpt []string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
var linuxSpec specs.LinuxSpec = specsinit.SetLinuxspecMinimum()
var linuxRuntimeSpec specs.LinuxRuntimeSpec = specsinit.SetLinuxruntimeMinimum()
configMountTest := specs.MountPoint{fsName, fsDes}
runtimeMountTest := specs.Mount{fsType, fsSrc, fsOpt}
linuxSpec.Mounts = append(linuxSpec.Mounts, configMountTest)
linuxRuntimeSpec.Mounts[fsName] = runtimeMountTest
return linuxSpec, linuxRuntimeSpec
}
func addBindMounts(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
for _, b := range context.StringSlice("bind") {
var source, dest string
options := "ro"
bparts := strings.SplitN(b, ":", 3)
switch len(bparts) {
case 2:
source, dest = bparts[0], bparts[1]
case 3:
source, dest, options = bparts[0], bparts[1], bparts[2]
default:
return fmt.Errorf("--bind should have format src:dest:[options]")
}
name := filepath.Base(source)
mntName := fmt.Sprintf("%sbind", name)
spec.Mounts = append(spec.Mounts, specs.MountPoint{Name: mntName, Path: dest})
defaultOptions := []string{"bind"}
rspec.Mounts[mntName] = specs.Mount{
Type: "bind",
Source: source,
Options: append(defaultOptions, options),
}
}
return nil
}
func addMountPoint(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
for _, mps := range context.StringSlice("mountpoint-add") {
mp := strings.Split(mps, ":")
if len(mp) == 2 {
newmp := specs.MountPoint{mp[0], mp[1]}
spec.Mounts = append(spec.Mounts, newmp)
} else {
return fmt.Errorf("mountpoint-add error: %s", mps)
}
}
return nil
}
func addTmpfsMounts(spec *specs.LinuxSpec, context *cli.Context) error {
for _, dest := range context.StringSlice("tmpfs") {
mnt := specs.Mount{
Destination: dest,
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "nodev", "mode=755"},
}
spec.Mounts = append(spec.Mounts, mnt)
}
return nil
}
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
spec.Root.Path = context.String("rootfs")
spec.Root.Readonly = context.Bool("read-only")
spec.Hostname = context.String("hostname")
spec.Process.User.UID = uint32(context.Int("uid"))
spec.Process.User.GID = uint32(context.Int("gid"))
rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
args := context.String("args")
if args != "" {
spec.Process.Args = []string{args}
}
for _, e := range context.StringSlice("env") {
spec.Process.Env = append(spec.Process.Env, e)
}
groups := context.StringSlice("groups")
if groups != nil {
for _, g := range groups {
groupId, err := strconv.Atoi(g)
if err != nil {
return err
}
spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
}
}
if err := setupCapabilities(spec, rspec, context); err != nil {
return err
}
setupNamespaces(spec, rspec, context)
if err := addTmpfsMounts(spec, rspec, context); err != nil {
return err
}
if err := mountCgroups(spec, rspec, context); err != nil {
return err
}
if err := addBindMounts(spec, rspec, context); err != nil {
return err
}
if err := addHooks(spec, rspec, context); err != nil {
return err
}
if err := addRootPropagation(spec, rspec, context); err != nil {
return err
}
return nil
}
func SetBind(linuxRuntime *specs.LinuxRuntimeSpec, linuxSpec *specs.LinuxSpec) {
//testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
result := os.Getenv("GOPATH")
if result == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
source := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
mountpoint := specs.MountPoint{"bind", "/containerend"}
linuxSpec.Mounts = append(linuxSpec.Mounts, mountpoint)
linuxRuntime.Mounts["bind"] = specs.Mount{"bind", source, []string{"bind"}}
SetRight(source, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
}
func addTmpfsMounts(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
for _, dest := range context.StringSlice("tmpfs") {
name := filepath.Base(dest)
mntName := fmt.Sprintf("%stmpfs", name)
mnt := specs.MountPoint{Name: mntName, Path: dest}
spec.Mounts = append(spec.Mounts, mnt)
rmnt := specs.Mount{
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "nodev", "mode=755"},
}
rspec.Mounts[mntName] = rmnt
}
return nil
}
func mountCgroups(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
mountCgroupOption := context.String("mount-cgroups")
switch mountCgroupOption {
case "ro":
case "rw":
case "no":
return nil
default:
return fmt.Errorf("--mount-cgroups should be one of (ro,rw,no)")
}
spec.Mounts = append(spec.Mounts, specs.MountPoint{Name: "cgroup", Path: "/sys/fs/cgroup"})
rspec.Mounts["cgroup"] = specs.Mount{
Type: "cgroup",
Source: "cgroup",
Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption},
}
return nil
}
func mountCgroups(spec *specs.LinuxSpec, context *cli.Context) error {
mountCgroupOption := context.String("mount-cgroups")
switch mountCgroupOption {
case "ro":
case "rw":
case "no":
return nil
default:
return fmt.Errorf("--mount-cgroups should be one of (ro,rw,no)")
}
mnt := specs.Mount{
Destination: "/sys/fs/cgroup",
Type: "cgroup",
Source: "cgroup",
Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption},
}
spec.Mounts = append(spec.Mounts, mnt)
return nil
}
func addBindMounts(spec *specs.LinuxSpec, context *cli.Context) error {
for _, b := range context.StringSlice("bind") {
var source, dest string
options := "ro"
bparts := strings.SplitN(b, ":", 3)
switch len(bparts) {
case 2:
source, dest = bparts[0], bparts[1]
case 3:
source, dest, options = bparts[0], bparts[1], bparts[2]
default:
return fmt.Errorf("--bind should have format src:dest:[options]")
}
defaultOptions := []string{"bind"}
mnt := specs.Mount{
Destination: dest,
Type: "bind",
Source: source,
Options: append(defaultOptions, options),
}
spec.Mounts = append(spec.Mounts, mnt)
}
return nil
}
// If systemd is supporting sd_notify protocol, this function will add support
// for sd_notify protocol from within the container.
func setupSdNotify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, notifySocket string) {
mountName := "sdNotify"
spec.Mounts = append(spec.Mounts, specs.MountPoint{Name: mountName, Path: notifySocket})
spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notifySocket))
rspec.Mounts[mountName] = specs.Mount{Type: "bind", Source: notifySocket, Options: []string{"bind"}}
}
// If systemd is supporting sd_notify protocol, this function will add support
// for sd_notify protocol from within the container.
func setupSdNotify(spec *specs.LinuxSpec, notifySocket string) {
spec.Mounts = append(spec.Mounts, specs.Mount{Destination: notifySocket, Type: "bind", Source: notifySocket, Options: []string{"bind"}})
spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notifySocket))
}
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
spec.Root.Path = context.String("rootfs")
spec.Root.Readonly = context.Bool("read-only")
spec.Hostname = context.String("hostname")
spec.Process.User.UID = uint32(context.Int("uid"))
spec.Process.User.GID = uint32(context.Int("gid"))
rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
spec.Version = context.String("version")
spec.Platform.OS = context.String("os")
spec.Platform.Arch = context.String("arch")
spec.Process.Cwd = context.String("cwd")
spec.Process.Terminal = context.Bool("terminal")
rspec.Linux.CgroupsPath = context.String("cgroupspath")
rspec.Linux.ApparmorProfile = context.String("apparmor")
rspec.Linux.Resources.DisableOOMKiller = context.Bool("disableoomiller")
rspec.Linux.Resources.Pids.Limit = int64(context.Int("pids"))
rspec.Linux.Resources.Network.ClassID = context.String("networkid")
for i, a := range context.StringSlice("args") {
if i == 0 {
//Replace "sh" from getDefaultTemplate()
spec.Process.Args[0] = a
} else {
spec.Process.Args = append(spec.Process.Args, a)
}
}
for _, e := range context.StringSlice("env") {
spec.Process.Env = append(spec.Process.Env, e)
}
groups := context.StringSlice("groups")
if groups != nil {
for _, g := range groups {
groupId, err := strconv.Atoi(g)
if err != nil {
return err
}
spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
}
}
if err := setupCapabilities(spec, rspec, context); err != nil {
return err
}
setupNamespaces(spec, rspec, context)
if err := addTmpfsMounts(spec, rspec, context); err != nil {
return err
}
if err := mountCgroups(spec, rspec, context); err != nil {
return err
}
if err := addBindMounts(spec, rspec, context); err != nil {
return err
}
if err := addHooks(spec, rspec, context); err != nil {
return err
}
if err := addRootPropagation(spec, rspec, context); err != nil {
return err
}
if err := addMountPoint(spec, rspec, context); err != nil {
return err
}
if err := setUIDMappings(spec, rspec, context); err != nil {
return err
}
if err := setGIDMappings(spec, rspec, context); err != nil {
return err
}
if err := setRlimits(spec, rspec, context); err != nil {
return err
}
if err := setSysctl(spec, rspec, context); err != nil {
return err
}
if err := addDevice(spec, rspec, context); err != nil {
return err
}
if err := setSeccompDefaultAction(spec, rspec, context); err != nil {
return err
}
if err := addSeccompArchitectures(spec, rspec, context); err != nil {
return err
}
if err := addSeccompSyscalls(spec, rspec, context); err != nil {
return err
}
if err := addHugepageLimit(spec, rspec, context); err != nil {
return err
}
if err := addNetworkPriority(spec, rspec, context); err != nil {
return err
}
if err := addMounts(spec, rspec, context); err != nil {
return err
}
if err := addBlockIO(spec, rspec, context); err != nil {
return err
}
if err := setResourceMemory(spec, rspec, context); err != nil {
return err
}
if err := setResourceCPU(spec, rspec, context); err != nil {
return err
}
return nil
}
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
spec.Root.Path = context.String("rootfs")
spec.Root.Readonly = context.Bool("read-only")
spec.Hostname = context.String("hostname")
spec.Process.User.UID = uint32(context.Int("uid"))
spec.Process.User.GID = uint32(context.Int("gid"))
rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
spec.Platform.OS = context.String("os")
spec.Platform.Arch = context.String("arch")
spec.Process.Cwd = context.String("cwd")
for i, a := range context.StringSlice("args") {
if a != "" {
if i == 0 {
//Replace "sh" from getDefaultTemplate()
spec.Process.Args[0] = a
} else {
spec.Process.Args = append(spec.Process.Args, a)
}
}
}
for _, e := range context.StringSlice("env") {
spec.Process.Env = append(spec.Process.Env, e)
}
groups := context.StringSlice("groups")
if groups != nil {
for _, g := range groups {
groupId, err := strconv.Atoi(g)
if err != nil {
return err
}
spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
}
}
if err := setupCapabilities(spec, rspec, context); err != nil {
return err
}
setupNamespaces(spec, rspec, context)
if err := addTmpfsMounts(spec, rspec, context); err != nil {
return err
}
if err := mountCgroups(spec, rspec, context); err != nil {
return err
}
if err := addBindMounts(spec, rspec, context); err != nil {
return err
}
if err := addHooks(spec, rspec, context); err != nil {
return err
}
if err := addRootPropagation(spec, rspec, context); err != nil {
return err
}
if err := addIDMappings(spec, rspec, context); err != nil {
return err
}
return nil
}