Merge pull request moby#43055 from thaJeztah/use_containerd_oci_devic…

…es_part2
erixyuan · Oct 7, 2022 · 968a0bc · 968a0bc
2 parents 59c77c8 + b44b319
commit 968a0bc
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 59 deletions.
diff --git a/oci/defaults.go b/oci/defaults.go
@@ -1,16 +1,13 @@
 package oci // import "github.com/docker/docker/oci"
 
 import (
-	"os"
 	"runtime"
 
 	"github.com/docker/docker/oci/caps"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func iPtr(i int64) *int64        { return &i }
-func u32Ptr(i int64) *uint32     { u := uint32(i); return &u }
-func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
+func iPtr(i int64) *int64 { return &i }
 
 // DefaultSpec returns the default spec used by docker for the current Platform
 func DefaultSpec() specs.Spec {

diff --git a/oci/devices_linux.go b/oci/devices_linux.go
@@ -6,31 +6,17 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/opencontainers/runc/libcontainer/devices"
+	coci "github.com/containerd/containerd/oci"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/sys/unix"
 )
 
-// Device transforms a libcontainer devices.Device to a specs.LinuxDevice object.
-func Device(d *devices.Device) specs.LinuxDevice {
-	return specs.LinuxDevice{
-		Type:     string(d.Type),
-		Path:     d.Path,
-		Major:    d.Major,
-		Minor:    d.Minor,
-		FileMode: fmPtr(int64(d.FileMode &^ unix.S_IFMT)), // strip file type, as OCI spec only expects file-mode to be included
-		UID:      u32Ptr(int64(d.Uid)),
-		GID:      u32Ptr(int64(d.Gid)),
-	}
-}
-
-func deviceCgroup(d *devices.Device) specs.LinuxDeviceCgroup {
+func deviceCgroup(d *specs.LinuxDevice, permissions string) specs.LinuxDeviceCgroup {
 	return specs.LinuxDeviceCgroup{
 		Allow:  true,
-		Type:   string(d.Type),
+		Type:   d.Type,
 		Major:  &d.Major,
 		Minor:  &d.Minor,
-		Access: string(d.Permissions),
+		Access: permissions,
 	}
 }
 
@@ -45,31 +31,31 @@ func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (dev
 		}
 	}
 
-	device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions)
+	device, err := coci.DeviceFromPath(resolvedPathOnHost)
 	// if there was no error, return the device
 	if err == nil {
 		device.Path = pathInContainer
-		return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil
+		return append(devs, *device), append(devPermissions, deviceCgroup(device, cgroupPermissions)), nil
 	}
 
 	// if the device is not a device node
 	// try to see if it's a directory holding many devices
-	if err == devices.ErrNotADevice {
+	if err == coci.ErrNotADevice {
 		// check if it is a directory
 		if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
 			// mount the internal devices recursively
 			// TODO check if additional errors should be handled or logged
 			_ = filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, _ error) error {
-				childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
+				childDevice, e := coci.DeviceFromPath(dpath)
 				if e != nil {
 					// ignore the device
 					return nil
 				}
 
 				// add the device to userSpecified devices
 				childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
-				devs = append(devs, Device(childDevice))
-				devPermissions = append(devPermissions, deviceCgroup(childDevice))
+				devs = append(devs, *childDevice)
+				devPermissions = append(devPermissions, deviceCgroup(childDevice, cgroupPermissions))
 
 				return nil
 			})

diff --git a/oci/devices_linux_test.go b/oci/devices_linux_test.go