From ee49fad019b4132c21d92f982bfc5d1f2860545e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Wilczy=C5=84ski?= Date: Wed, 8 May 2024 17:26:14 +0900 Subject: [PATCH 1/2] Check for nil values when importing container definition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also, ensure that the "image" attribute has been provided. Signed-off-by: Krzysztof Wilczyński --- server/container_restore.go | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/server/container_restore.go b/server/container_restore.go index d8bb48564b5..d628bd4692f 100644 --- a/server/container_restore.go +++ b/server/container_restore.go @@ -57,19 +57,24 @@ func (s *Server) CRImportCheckpoint( ) (ctrID string, retErr error) { var mountPoint string - input := createConfig.Image.Image + // Ensure that the image to restore the checkpoint from has been provided. + if createConfig.Image == nil || createConfig.Image.Image == "" { + return "", errors.New(`attribute "image" missing from container definition`) + } + + inputImage := createConfig.Image.Image createMounts := createConfig.Mounts createAnnotations := createConfig.Annotations createLabels := createConfig.Labels - restoreStorageImageID, err := s.checkIfCheckpointOCIImage(ctx, input) + restoreStorageImageID, err := s.checkIfCheckpointOCIImage(ctx, inputImage) if err != nil { return "", err } var restoreArchivePath string if restoreStorageImageID != nil { - log.Debugf(ctx, "Restoring from oci image %s\n", input) + log.Debugf(ctx, "Restoring from oci image %s\n", inputImage) // This is not out-of-process, but it is at least out of the CRI-O codebase; containers/storage uses raw strings. mountPoint, err = s.ContainerServer.StorageImageServer().GetStore().MountImage(restoreStorageImageID.IDStringForOutOfProcessConsumptionOnly(), nil, "") @@ -88,9 +93,9 @@ func (s *Server) CRImportCheckpoint( } else { // First get the container definition from the // tarball to a temporary directory - archiveFile, err := os.Open(input) + archiveFile, err := os.Open(inputImage) if err != nil { - return "", fmt.Errorf("failed to open checkpoint archive %s for import: %w", input, err) + return "", fmt.Errorf("failed to open checkpoint archive %s for import: %w", inputImage, err) } defer func(f *os.File) { if err := f.Close(); err != nil { @@ -98,7 +103,7 @@ func (s *Server) CRImportCheckpoint( } }(archiveFile) - restoreArchivePath = input + restoreArchivePath = inputImage options := &archive.TarOptions{ // Here we only need the files config.dump and spec.dump ExcludePatterns: []string{ @@ -270,11 +275,14 @@ func (s *Server) CRImportCheckpoint( Labels: originalLabels, } - if createConfig.Linux.Resources != nil { - containerConfig.Linux.Resources = createConfig.Linux.Resources - } - if createConfig.Linux.SecurityContext != nil { - containerConfig.Linux.SecurityContext = createConfig.Linux.SecurityContext + if createConfig.Linux != nil { + if createConfig.Linux.Resources != nil { + containerConfig.Linux.Resources = createConfig.Linux.Resources + } + + if createConfig.Linux.SecurityContext != nil { + containerConfig.Linux.SecurityContext = createConfig.Linux.SecurityContext + } } if dumpSpec.Linux != nil { From 794ce67db7779185a04622c00edd1234dab314ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Wilczy=C5=84ski?= Date: Wed, 8 May 2024 23:18:56 +0900 Subject: [PATCH 2/2] Remove surplus newline from the log message MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sascha Grunert Signed-off-by: Krzysztof Wilczyński --- server/container_restore.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/container_restore.go b/server/container_restore.go index d628bd4692f..2dc2594d9a8 100644 --- a/server/container_restore.go +++ b/server/container_restore.go @@ -74,7 +74,7 @@ func (s *Server) CRImportCheckpoint( var restoreArchivePath string if restoreStorageImageID != nil { - log.Debugf(ctx, "Restoring from oci image %s\n", inputImage) + log.Debugf(ctx, "Restoring from oci image %s", inputImage) // This is not out-of-process, but it is at least out of the CRI-O codebase; containers/storage uses raw strings. mountPoint, err = s.ContainerServer.StorageImageServer().GetStore().MountImage(restoreStorageImageID.IDStringForOutOfProcessConsumptionOnly(), nil, "")