Skip to content

Commit

Permalink
fix compat api privileged and entrypoint code
Browse files Browse the repository at this point in the history 
when adding /dev to a privileged container using the compatibility API, we need to make sure we dont pass on devices that are simply symlinks.  this was already being done by specgen but not on the compat. side.

the entrypoint code that was recently rewritten for the compatibility layer was also failing due to the odd inputs that docker is willing to accept in its json, specifically [] vs "".  in the case of the latter, this was being made into a []string with a len of one but no content.  this would then be used to prefix the command to run in the container and would fail.  For example " ls" vs "ls".

Signed-off-by: baude <[email protected]>
  • Loading branch information
@baude
baude committed Oct 1, 2020
1 parent 5d22eb0 commit f0c7116
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 5 deletions.
3 changes: 3 additions & 0 deletions pkg/spec/config_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,9 @@ func getDevices(path string) ([]*configs.Device, error) {
}
case f.Name() == "console":
continue
case f.Mode()&os.ModeSymlink != 0:
// do not add symlink'd devices to privileged devices
continue
}
device, err := devices.DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
if err != nil {
Expand Down
19 changes: 14 additions & 5 deletions pkg/spec/spec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,14 +182,23 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
g.SetProcessCwd(config.WorkDir)

ProcessArgs := make([]string, 0)
if len(config.Entrypoint) > 0 {
ProcessArgs = config.Entrypoint
// We need to iterate the input for entrypoint because it is a []string
// but "" is a legit json input, which translates into a []string with an
// empty position. This messes up the eventual command being executed
// in the container
for _, a := range config.Entrypoint {
if len(a) > 0 {
ProcessArgs = append(ProcessArgs, a)
}
}
if len(config.Command) > 0 {
ProcessArgs = append(ProcessArgs, config.Command...)
// Same issue as explained above for config.Entrypoint.
for _, a := range config.Command {
if len(a) > 0 {
ProcessArgs = append(ProcessArgs, a)
}
}
g.SetProcessArgs(ProcessArgs)

g.SetProcessArgs(ProcessArgs)
g.SetProcessTerminal(config.Tty)

for key, val := range config.Annotations {
Expand Down

0 comments on commit f0c7116

Please sign in to comment.