oci: fix the file mode of the device by Iceber · Pull Request #5028 · containerd/containerd

Iceber · 2021-02-10T08:54:25Z

The file mode of the device in the OCI runtime specification does not contain file type bits

unix.Stat_t.Mode contains the file type and mode，details are in "The file type and mode" section of inode

This issue causes some config.json to fail the runtime spec schema validation

For example, the config.json for the kube-proxy container

devices:
    [
            {
                "path":"/dev/sda",
                "type":"b",
                "major":8,
                "minor":0,
                "fileMode":25008,
                "uid":0,
                "gid":6
            },
           {
                "path":"/dev/null",
                "type":"c",
                "major":1,
                "minor":3,
                "fileMode":8630,
                "uid":0,
                "gid":0
            },
            {
                "path":"/dev/tty0",
                "type":"c",
                "major":4,
                "minor":0,
                "fileMode":8592,
                "uid":0,
                "gid":5
            },
            ...
    ]

Discussions about FileMode: opencontainers/runtime-spec#1082

Signed-off-by: Iceber Gu <[email protected]>

k8s-ci-robot · 2021-02-10T08:54:33Z

Hi @Iceber. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

theopenlab-ci · 2021-02-10T09:01:49Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 5m 48s (non-voting)

theopenlab-ci · 2021-02-10T09:28:34Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 5m 44s (non-voting)

thaJeztah · 2021-02-10T09:31:04Z

@AkihiroSuda does libcontainer/devices.DeviceFromPath need a similar change?

Iceber · 2021-02-10T10:08:58Z

@thaJeztah @AkihiroSuda

# libcontainer/devices/device.go
type Device struct {
        Rule

        // Path to the device.
        Path string `json:"path"`

        // FileMode permission bits for the device.
        FileMode os.FileMode `json:"file_mode"`

        // Uid of the device.
        Uid uint32 `json:"uid"`

        // Gid of the device.
        Gid uint32 `json:"gid"`
}

mode &^ unix.S_IFMT should be added when setting device.FileMode.

Iceber · 2021-02-10T10:12:56Z

I'm going to try to fix this issue in runc

thaJeztah · 2021-02-10T11:25:40Z

I'm going to try to fix this issue in runc

Thank you!

theopenlab-ci · 2021-02-17T00:31:31Z

Build succeeded.

containerd-build-arm64 : NODE_FAILURE in 0s (non-voting)

Iceber · 2021-02-17T00:53:50Z

@thaJeztah opencontainers/runc#2804 is approved, pls review.

thaJeztah

LGTM

Iceber · 2021-02-22T03:14:18Z

@AkihiroSuda PTAL, Thanks

Iceber · 2021-02-22T03:39:04Z

@AkihiroSuda Is it necessary to fix the previous version?

AkihiroSuda · 2021-02-22T03:42:10Z

I'd prefer not to backport this unless there is a strong reason

Iceber · 2021-02-22T04:06:16Z

This issue was found in the use of 1.2.10, the essence of the issue is that it does not comply with the OCI runtime specification, fixing the previous version may make sense
Of course, this issue does not cause program anomalies, but may cause confusion in the use of

estesp

LGTM

oci: fix the file mode of the device

d08aa4b

Signed-off-by: Iceber Gu <[email protected]>

k8s-ci-robot added the needs-ok-to-test label Feb 10, 2021

Iceber closed this Feb 10, 2021

Iceber reopened this Feb 10, 2021

Iceber mentioned this pull request Feb 10, 2021

libcontainer: fix the file mode of the device opencontainers/runc#2804

Merged

Iceber closed this Feb 17, 2021

Iceber reopened this Feb 17, 2021

thaJeztah approved these changes Feb 17, 2021

View reviewed changes

thaJeztah mentioned this pull request Feb 17, 2021

oci.Device() fix FileMode to match runtime spec moby/moby#42038

Merged

AkihiroSuda approved these changes Feb 22, 2021

View reviewed changes

estesp approved these changes Feb 22, 2021

View reviewed changes

estesp merged commit 08d765a into containerd:master Feb 22, 2021

Iceber deleted the runtime-spec branch February 22, 2021 16:29

Conversation

Iceber commented Feb 10, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented Feb 10, 2021

Uh oh!

theopenlab-ci Bot commented Feb 10, 2021

Uh oh!

theopenlab-ci Bot commented Feb 10, 2021

Uh oh!

thaJeztah commented Feb 10, 2021

Uh oh!

Iceber commented Feb 10, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Iceber commented Feb 10, 2021

Uh oh!

thaJeztah commented Feb 10, 2021

Uh oh!

theopenlab-ci Bot commented Feb 17, 2021

Uh oh!

Iceber commented Feb 17, 2021

Uh oh!

thaJeztah left a comment

Choose a reason for hiding this comment

Uh oh!

Iceber commented Feb 22, 2021

Uh oh!

Iceber commented Feb 22, 2021

Uh oh!

AkihiroSuda commented Feb 22, 2021

Uh oh!

Iceber commented Feb 22, 2021

Uh oh!

estesp left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Iceber commented Feb 10, 2021 •

edited

Loading

Iceber commented Feb 10, 2021 •

edited

Loading