...

Source file src/github.com/Microsoft/hcsshim/internal/hcsoci/hcsdoc_lcow.go

Documentation: github.com/Microsoft/hcsshim/internal/hcsoci 

     1  //go:build windows
     2  // +build windows
     3  
     4  package hcsoci
     5  
     6  import (
     7  	"context"
     8  	"encoding/json"
     9  
    10  	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
    11  	"github.com/Microsoft/hcsshim/internal/log"
    12  	"github.com/Microsoft/hcsshim/internal/oci"
    13  	"github.com/Microsoft/hcsshim/internal/schemaversion"
    14  	"github.com/Microsoft/hcsshim/pkg/annotations"
    15  	specs "github.com/opencontainers/runtime-spec/specs-go"
    16  )
    17  
    18  func createLCOWSpec(ctx context.Context, coi *createOptionsInternal) (*specs.Spec, error) {
    19  	// Remarshal the spec to perform a deep copy.
    20  	j, err := json.Marshal(coi.Spec)
    21  	if err != nil {
    22  		return nil, err
    23  	}
    24  	spec := &specs.Spec{}
    25  	err = json.Unmarshal(j, spec)
    26  	if err != nil {
    27  		return nil, err
    28  	}
    29  
    30  	// Linux containers don't care about Windows aspects of the spec except the
    31  	// network namespace and windows devices
    32  	spec.Windows = nil
    33  	if coi.Spec.Windows != nil {
    34  		setWindowsNetworkNamespace(coi, spec)
    35  		setWindowsDevices(coi, spec)
    36  	}
    37  
    38  	// Hooks are not supported (they should be run in the host)
    39  	spec.Hooks = nil
    40  
    41  	// Clear unsupported features
    42  	spec.Linux.CgroupsPath = "" // GCS controls its cgroups hierarchy on its own.
    43  	if spec.Linux.Resources != nil {
    44  		spec.Linux.Resources.Devices = nil
    45  		spec.Linux.Resources.Pids = nil
    46  		spec.Linux.Resources.BlockIO = nil
    47  		spec.Linux.Resources.HugepageLimits = nil
    48  		spec.Linux.Resources.Network = nil
    49  	}
    50  
    51  	if oci.ParseAnnotationsBool(ctx, spec.Annotations, annotations.LCOWPrivileged, false) {
    52  		spec.Linux.Seccomp = nil
    53  	}
    54  
    55  	return spec, nil
    56  }
    57  
    58  func setWindowsNetworkNamespace(coi *createOptionsInternal, spec *specs.Spec) {
    59  	if coi.Spec.Windows.Network != nil &&
    60  		coi.Spec.Windows.Network.NetworkNamespace != "" {
    61  		if spec.Windows == nil {
    62  			spec.Windows = &specs.Windows{}
    63  		}
    64  		spec.Windows.Network = &specs.WindowsNetwork{
    65  			NetworkNamespace: coi.Spec.Windows.Network.NetworkNamespace,
    66  		}
    67  	}
    68  }
    69  
    70  func setWindowsDevices(coi *createOptionsInternal, spec *specs.Spec) {
    71  	if coi.Spec.Windows.Devices != nil {
    72  		if spec.Windows == nil {
    73  			spec.Windows = &specs.Windows{}
    74  		}
    75  		spec.Windows.Devices = coi.Spec.Windows.Devices
    76  	}
    77  }
    78  
    79  type linuxHostedSystem struct {
    80  	SchemaVersion    *hcsschema.Version
    81  	OciBundlePath    string
    82  	OciSpecification *specs.Spec
    83  
    84  	// ScratchDirPath represents the path inside the UVM at which the container scratch
    85  	// directory is present.  Usually, this is the path at which the container scratch
    86  	// VHD is mounted inside the UVM. But in case of scratch sharing this is a
    87  	// directory under the UVM scratch directory.
    88  	ScratchDirPath string
    89  }
    90  
    91  func createLinuxContainerDocument(ctx context.Context, coi *createOptionsInternal, guestRoot, scratchPath string) (*linuxHostedSystem, error) {
    92  	spec, err := createLCOWSpec(ctx, coi)
    93  	if err != nil {
    94  		return nil, err
    95  	}
    96  
    97  	log.G(ctx).WithField("guestRoot", guestRoot).Debug("hcsshim::createLinuxContainerDoc")
    98  	return &linuxHostedSystem{
    99  		SchemaVersion:    schemaversion.SchemaV21(),
   100  		OciBundlePath:    guestRoot,
   101  		OciSpecification: spec,
   102  		ScratchDirPath:   scratchPath,
   103  	}, nil
   104  }
   105  

View as plain text