Add support for CDI device configuration

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/buger/goterm v0.0.0-20181115115552-c206103e1f37
 	github.com/checkpoint-restore/checkpointctl v0.0.0-20210301084134-a2024f5584e7
 	github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b
+	github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9
 	github.com/containernetworking/cni v0.8.1
 	github.com/containernetworking/plugins v0.9.1
 	github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8

go.sum

@@ -120,6 +120,8 @@ github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
+github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9 h1:Kn0s9/APRtr5dk/83aXj97WX0+PYnJK9BO8g0Xclm0I=
+github.com/container-orchestrated-devices/container-device-interface v0.0.0-20210325223243-f99e8b6c10b9/go.mod h1:eQt66kIaJpUhCrjCtBFQGQxGLbAUl0OuuwjTH16ON4s=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
 github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
 github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=

libpod/container_config.go

@@ -366,4 +366,6 @@ type ContainerMiscConfig struct {
 	Umask string `json:"umask,omitempty"`
 	// PidFile is the file that saves the pid of the container process
 	PidFile string `json:"pid_file,omitempty"`
+	// CDIDevices contains devices that use the CDI
+	CDIDevices []string `json:"cdiDevices,omitempty"`
 }

libpod/container_internal_linux.go

@@ -20,6 +20,7 @@ import (
 	"time"
 
 	metadata "github.com/checkpoint-restore/checkpointctl/lib"
+	cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
 	cnitypes "github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/buildah/pkg/chrootuser"
@@ -704,6 +705,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	}
 	g.SetLinuxCgroupsPath(cgroupPath)
 
+	// Warning: CDI may alter g.Config in place.
+	if len(c.config.CDIDevices) > 0 {
+		if err = cdi.UpdateOCISpecForDevices(g.Config, c.config.CDIDevices); err != nil {
+			return nil, errors.Wrapf(err, "error setting up CDI devices")
+		}
+	}
+
 	// Mounts need to be sorted so paths will not cover other paths
 	mounts := sortMounts(g.Mounts())
 	g.ClearMounts()

libpod/options.go

@@ -293,6 +293,17 @@ func WithHooksDir(hooksDirs ...string) RuntimeOption {
 	}
 }
 
+// WithCDI sets the devices to check for for CDI configuration.
+func WithCDI(devices []string) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return define.ErrCtrFinalized
+		}
+		ctr.config.CDIDevices = devices
+		return nil
+	}
+}
+
 // WithDefaultMountsFile sets the file to look at for default mounts (mainly
 // secrets).
 // Note we are not saving this in the database as it is for testing purposes

pkg/specgen/generate/container_create.go

@@ -6,12 +6,14 @@ import (
 	"path/filepath"
 	"strings"
 
+	cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/libpod/image"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/containers/storage/types"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -136,13 +138,44 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		options = append(options, libpod.WithNetworkAliases(s.Aliases))
 	}
 
+	if len(s.Devices) > 0 {
+		opts = extractCDIDevices(s)
+		options = append(options, opts...)
+	}
+
 	runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod, command)
 	if err != nil {
 		return nil, err
 	}
 	return rt.NewContainer(ctx, runtimeSpec, options...)
 }
 
+func extractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption {
+	devs := make([]spec.LinuxDevice, 0, len(s.Devices))
+	var cdiDevs []string
+	var options []libpod.CtrCreateOption
+
+	for _, device := range s.Devices {
+		isCDIDevice, err := cdi.HasDevice(device.Path)
+		if err != nil {
+			logrus.Debugf("CDI HasDevice Error: %v", err)
+		}
+		if err == nil && isCDIDevice {
+			cdiDevs = append(cdiDevs, device.Path)
+			continue
+		}
+
+		devs = append(devs, device)
+	}
+
+	s.Devices = devs
+	if len(cdiDevs) > 0 {
+		options = append(options, libpod.WithCDI(cdiDevs))
+	}
+
+	return options
+}
+
 func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, img *image.Image, command []string) ([]libpod.CtrCreateOption, error) {
 	var options []libpod.CtrCreateOption
 	var err error

test/e2e/cdi/device.json

@@ -0,0 +1,14 @@
+{
+  "cdiVersion": "0.2.0",
+  "kind": "vendor.com/device",
+  "devices": [
+    {
+      "name": "myKmsg",
+      "containerEdits": {
+        "mounts": [
+          {"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]}
+        ]
+      }
+    }
+  ]
+}

test/e2e/run_device_test.go

@@ -2,6 +2,7 @@ package integration
 
 import (
 	"os"
+	"os/exec"
 
 	. "github.com/containers/podman/v3/test/utils"
 	. "github.com/onsi/ginkgo"
@@ -94,4 +95,22 @@ var _ = Describe("Podman run device", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 	})
+
+	It("podman run CDI device test", func() {
+		SkipIfRootless("Rootless will not be able to create files/folders in /etc")
+		cdiDir := "/etc/cdi"
+		if _, err := os.Stat(cdiDir); os.IsNotExist(err) {
+			Expect(os.MkdirAll(cdiDir, os.ModePerm)).To(BeNil())
+		}
+		defer os.RemoveAll(cdiDir)
+
+		cmd := exec.Command("cp", "cdi/device.json", cdiDir)
+		err = cmd.Run()
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
+	})
 })