Thanks to visit codestin.com
Credit goes to github.com

Skip to content

criocli: add privileged_without_host_devices flag to runtime handler config #5054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
Jul 3, 2021
Merged

criocli: add privileged_without_host_devices flag to runtime handler config #5054

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion completions/fish/crio.fish
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ complete -c crio -n '__fish_crio_no_subcommand' -f -l read-only -d 'Setup all un
complete -c crio -n '__fish_crio_no_subcommand' -f -l registry -r -d 'Registry to be prepended when pulling unqualified images, can be specified multiple times'
complete -c crio -n '__fish_crio_no_subcommand' -l root -s r -r -d 'The CRI-O root directory'
complete -c crio -n '__fish_crio_no_subcommand' -l runroot -r -d 'The CRI-O state directory'
complete -c crio -n '__fish_crio_no_subcommand' -f -l runtimes -r -d 'OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type'
complete -c crio -n '__fish_crio_no_subcommand' -f -l runtimes -r -d 'OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices'
complete -c crio -n '__fish_crio_no_subcommand' -l seccomp-profile -r -d 'Path to the seccomp.json profile to be used as the runtime\'s default. If not specified, then the internal default seccomp profile will be used. (default: "")'
complete -c crio -n '__fish_crio_no_subcommand' -f -l seccomp-use-default-when-empty -r -d 'Use the default seccomp profile when an empty one is specified (default: false)'
complete -c crio -n '__fish_crio_no_subcommand' -f -l selinux -d 'Enable selinux support (default: false)'
Expand Down
2 changes: 1 addition & 1 deletion docs/crio.8.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ crio [GLOBAL OPTIONS] command [COMMAND OPTIONS] [ARGUMENTS...]

**--runroot**="": The CRI-O state directory (default: /run/containers/storage)

**--runtimes**="": OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type (default: [])
**--runtimes**="": OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices (default: [])

**--seccomp-profile**="": Path to the seccomp.json profile to be used as the runtime's default. If not specified, then the internal default seccomp profile will be used. (default: "")

Expand Down
15 changes: 11 additions & 4 deletions internal/criocli/criocli.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,16 +136,23 @@ func mergeConfig(config *libconfig.Config, ctx *cli.Context) error {
fields := strings.Split(r, ":")

runtimeType := libconfig.DefaultRuntimeType
privilegedWithoutHostDevices := false

switch len(fields) {
case 5:
if fields[4] == "true" {
privilegedWithoutHostDevices = true
}
fallthrough
case 4:
runtimeType = fields[3]
fallthrough
case 3:
config.Runtimes[fields[0]] = &libconfig.RuntimeHandler{
RuntimePath: fields[1],
RuntimeRoot: fields[2],
RuntimeType: runtimeType,
RuntimePath: fields[1],
RuntimeRoot: fields[2],
RuntimeType: runtimeType,
PrivilegedWithoutHostDevices: privilegedWithoutHostDevices,
}
default:
return fmt.Errorf("wrong format for --runtimes: %q", r)
Expand Down Expand Up @@ -531,7 +538,7 @@ func getCrioFlags(defConf *libconfig.Config) []cli.Flag {
},
&cli.StringSliceFlag{
Name: "runtimes",
Usage: "OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type",
Usage: "OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices",
EnvVars: []string{"CONTAINER_RUNTIMES"},
},
&cli.StringFlag{
Expand Down
3 changes: 2 additions & 1 deletion test/helpers.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ OVERRIDE_OPTIONS=${OVERRIDE_OPTIONS:-}
CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-runc}
RUNTIME_BINARY_PATH=$(command -v "$CONTAINER_DEFAULT_RUNTIME")
RUNTIME_TYPE=${RUNTIME_TYPE:-oci}
PRIVILEGED_WITHOUT_HOST_DEVICES=${PRIVILEGED_WITHOUT_HOST_DEVICES:-}
# Path of the apparmor_parser binary.
APPARMOR_PARSER_BINARY=${APPARMOR_PARSER_BINARY:-/sbin/apparmor_parser}
# Path of the apparmor profile for test.
Expand Down Expand Up @@ -260,7 +261,7 @@ function setup_crio() {

RUNTIME_ROOT=${RUNTIME_ROOT:-"$TESTDIR/crio-runtime-root"}
# export here so direct calls to crio later inherit the variable
export CONTAINER_RUNTIMES=${CONTAINER_RUNTIMES:-$CONTAINER_DEFAULT_RUNTIME:$RUNTIME_BINARY_PATH:$RUNTIME_ROOT:$RUNTIME_TYPE}
export CONTAINER_RUNTIMES=${CONTAINER_RUNTIMES:-$CONTAINER_DEFAULT_RUNTIME:$RUNTIME_BINARY_PATH:$RUNTIME_ROOT:$RUNTIME_TYPE:$PRIVILEGED_WITHOUT_HOST_DEVICES}

# generate the default config file
"$CRIO_BINARY_PATH" config --default >"$CRIO_CONFIG"
Expand Down