jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1551 from crosbymichael/linux-nil 

fix panic when Linux is nil
This commit is contained in:
Qiang Huang 2017-08-14 19:35:31 +08:00 committed by GitHub
parent 3f2f8b84a7 527dc5acbb
commit 9aa46c1e66
1 changed files with 63 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
libcontainer/specconv/spec_linux.go
View File

@ -184,20 +184,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
} }
exists := false exists := false
if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
return nil, fmt.Errorf("rootfsPropagation=%v is not supported", spec.Linux.RootfsPropagation)
}
for _, ns := range spec.Linux.Namespaces {
t, exists := namespaceMapping[ns.Type]
if !exists {
return nil, fmt.Errorf("namespace %q does not exist", ns)
}
if config.Namespaces.Contains(t) {
return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
}
config.Namespaces.Add(t, ns.Path)
}
if config.Namespaces.Contains(configs.NEWNET) { if config.Namespaces.Contains(configs.NEWNET) {
config.Networks = []*configs.Network{ config.Networks = []*configs.Network{
{ {
@ -219,9 +205,26 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
return nil, err return nil, err
} }
config.Cgroups = c config.Cgroups = c
// set extra path masking for libcontainer for the various unsafe places in proc // set linux-specific config
if spec.Linux != nil {
if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
return nil, fmt.Errorf("rootfsPropagation=%v is not supported", spec.Linux.RootfsPropagation)
}
for _, ns := range spec.Linux.Namespaces {
t, exists := namespaceMapping[ns.Type]
if !exists {
return nil, fmt.Errorf("namespace %q does not exist", ns)
}
if config.Namespaces.Contains(t) {
return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
}
config.Namespaces.Add(t, ns.Path)
}
config.MaskPaths = spec.Linux.MaskedPaths config.MaskPaths = spec.Linux.MaskedPaths
config.ReadonlyPaths = spec.Linux.ReadonlyPaths config.ReadonlyPaths = spec.Linux.ReadonlyPaths
config.MountLabel = spec.Linux.MountLabel
config.Sysctl = spec.Linux.Sysctl
if spec.Linux.Seccomp != nil { if spec.Linux.Seccomp != nil {
seccomp, err := setupSeccomp(spec.Linux.Seccomp) seccomp, err := setupSeccomp(spec.Linux.Seccomp)
if err != nil { if err != nil {
@ -229,6 +232,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
} }
config.Seccomp = seccomp config.Seccomp = seccomp
} }
}
if spec.Process.SelinuxLabel != "" { if spec.Process.SelinuxLabel != "" {
config.ProcessLabel = spec.Process.SelinuxLabel config.ProcessLabel = spec.Process.SelinuxLabel
} }
@ -246,7 +250,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
} }
} }
createHooks(spec, config) createHooks(spec, config)
config.MountLabel = spec.Linux.MountLabel
config.Version = specs.Version config.Version = specs.Version
return config, nil return config, nil
} }
@ -566,6 +569,7 @@ func createDevices(spec *specs.Spec, config *configs.Config) error {
}, },
} }
// merge in additional devices from the spec // merge in additional devices from the spec
if spec.Linux != nil {
for _, d := range spec.Linux.Devices { for _, d := range spec.Linux.Devices {
var uid, gid uint32 var uid, gid uint32
var filemode os.FileMode = 0666 var filemode os.FileMode = 0666
@ -594,13 +598,11 @@ func createDevices(spec *specs.Spec, config *configs.Config) error {
} }
config.Devices = append(config.Devices, device) config.Devices = append(config.Devices, device)
} }
}
return nil return nil
} }
func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { func setupUserNamespace(spec *specs.Spec, config *configs.Config) error {
if len(spec.Linux.UIDMappings) == 0 {
return nil
}
create := func(m specs.LinuxIDMapping) configs.IDMap { create := func(m specs.LinuxIDMapping) configs.IDMap {
return configs.IDMap{ return configs.IDMap{
HostID: int(m.HostID), HostID: int(m.HostID),
@ -608,12 +610,17 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error {
Size: int(m.Size), Size: int(m.Size),
} }
} }
if spec.Linux != nil {
if len(spec.Linux.UIDMappings) == 0 {
return nil
}
for _, m := range spec.Linux.UIDMappings { for _, m := range spec.Linux.UIDMappings {
config.UidMappings = append(config.UidMappings, create(m)) config.UidMappings = append(config.UidMappings, create(m))
} }
for _, m := range spec.Linux.GIDMappings { for _, m := range spec.Linux.GIDMappings {
config.GidMappings = append(config.GidMappings, create(m)) config.GidMappings = append(config.GidMappings, create(m))
} }
}
rootUID, err := config.HostRootUID() rootUID, err := config.HostRootUID()
if err != nil { if err != nil {
return err return err