specgen/generate: Add support for FreeBSD

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <[email protected]>

pkg/specgen/generate/namespaces_freebsd.go

@@ -0,0 +1,51 @@
+package generate
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/opencontainers/runtime-tools/generate"
+	"github.com/sirupsen/logrus"
+)
+
+func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt *libpod.Runtime, pod *libpod.Pod) error {
+	// UTS
+
+	hostname := s.Hostname
+	if hostname == "" {
+		switch {
+		case s.UtsNS.NSMode == specgen.FromPod:
+			hostname = pod.Hostname()
+		case s.UtsNS.NSMode == specgen.FromContainer:
+			utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
+			if err != nil {
+				return fmt.Errorf("error looking up container to share uts namespace with: %w", err)
+			}
+			hostname = utsCtr.Hostname()
+		case (s.NetNS.NSMode == specgen.Host && hostname == "") || s.UtsNS.NSMode == specgen.Host:
+			tmpHostname, err := os.Hostname()
+			if err != nil {
+				return fmt.Errorf("unable to retrieve hostname of the host: %w", err)
+			}
+			hostname = tmpHostname
+		default:
+			logrus.Debug("No hostname set; container's hostname will default to runtime default")
+		}
+	}
+
+	g.RemoveHostname()
+	if s.Hostname != "" || s.UtsNS.NSMode != specgen.Host {
+		// Set the hostname in the OCI configuration only if specified by
+		// the user or if we are creating a new UTS namespace.
+		// TODO: Should we be doing this for pod or container shared
+		// namespaces?
+		g.SetHostname(hostname)
+	}
+	if _, ok := s.Env["HOSTNAME"]; !ok && s.Hostname != "" {
+		g.AddProcessEnv("HOSTNAME", hostname)
+	}
+
+	return nil
+}

pkg/specgen/generate/namespaces_unsupported.go

@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package generate
 

pkg/specgen/generate/oci_freebsd.go

@@ -0,0 +1,96 @@
+//go:build freebsd
+
+package generate
+
+import (
+	"context"
+	"strings"
+
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/containers/podman/v4/pkg/specgen"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+// SpecGenToOCI returns the base configuration for the container.
+func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
+	g, err := generate.New("freebsd")
+	if err != nil {
+		return nil, err
+	}
+
+	g.SetProcessCwd(s.WorkDir)
+
+	g.SetProcessArgs(finalCmd)
+
+	g.SetProcessTerminal(s.Terminal)
+
+	for key, val := range s.Annotations {
+		g.AddAnnotation(key, val)
+	}
+
+	g.ClearProcessEnv()
+	for name, val := range s.Env {
+		g.AddProcessEnv(name, val)
+	}
+
+	addRlimits(s, &g)
+
+	// NAMESPACES
+	if err := specConfigureNamespaces(s, &g, rt, pod); err != nil {
+		return nil, err
+	}
+	configSpec := g.Config
+
+	if err := securityConfigureGenerator(s, &g, newImage, rtc); err != nil {
+		return nil, err
+	}
+
+	// BIND MOUNTS
+	configSpec.Mounts = SupersedeUserMounts(mounts, configSpec.Mounts)
+	// Process mounts to ensure correct options
+	if err := InitFSMounts(configSpec.Mounts); err != nil {
+		return nil, err
+	}
+
+	// Add annotations
+	if configSpec.Annotations == nil {
+		configSpec.Annotations = make(map[string]string)
+	}
+
+	if s.Remove {
+		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseFalse
+	}
+
+	if len(s.VolumesFrom) > 0 {
+		configSpec.Annotations[define.InspectAnnotationVolumesFrom] = strings.Join(s.VolumesFrom, ",")
+	}
+
+	if s.Privileged {
+		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseFalse
+	}
+
+	if s.Init {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
+	}
+
+	if s.OOMScoreAdj != nil {
+		g.SetProcessOOMScoreAdj(*s.OOMScoreAdj)
+	}
+
+	return configSpec, nil
+}
+
+func WeightDevices(wtDevices map[string]spec.LinuxWeightDevice) ([]spec.LinuxWeightDevice, error) {
+	devs := []spec.LinuxWeightDevice{}
+	return devs, nil
+}

pkg/specgen/generate/oci_unsupported.go

@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package generate
 

pkg/specgen/generate/security_freebsd.go

@@ -0,0 +1,19 @@
+package generate
+
+import (
+	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v4/libpod"
+	"github.com/containers/podman/v4/pkg/specgen"
+	"github.com/opencontainers/runtime-tools/generate"
+)
+
+// setLabelOpts sets the label options of the SecurityConfig according to the
+// input.
+func setLabelOpts(s *specgen.SpecGenerator, runtime *libpod.Runtime, pidConfig specgen.Namespace, ipcConfig specgen.Namespace) error {
+	return nil
+}
+
+func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {
+	return nil
+}

pkg/specgen/generate/security_unsupported.go

@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !freebsd
+// +build !linux,!freebsd
 
 package generate