DBUS API required for GNOI Containerz.StartContainer

[hdwhdw]

DBUS API required for GNOI Containerz.StartContainer. The PR contains the following:

1. Add a function run to DBUS docker service.
2. Use the allowed_container list to verify whether an image is allowed to be run.

[mssonicbld]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[hdwhdw]

Not like this

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: hdwhdw / name: Dawei Huang (b047e24, bd79f59, 4202e5b, cab1b98, 15beef8, b9f1f02, 193b699, 6065944, 630555d, bfe0197, a9864f2, 68cf038, a026034, 01cb0b2)

[hdwhdw]

Force push to reset author

Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.

Comments skipped due to low confidence (2)

host_modules/docker_service.py:200

• The error message should use the 'image' variable instead of 'container'.

return 1, "Failed to run container {}: {}".format(image, str(e))

host_modules/docker_service.py:190

• The error message should specify that the command must be an empty string.

return errno.EPERM, "Only empty command is allowed to be managed by this service."

Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.

Comments skipped due to low confidence (1)

host_modules/docker_service.py:190

• [nitpick] The error message could be more descriptive. Consider rephrasing it to: "Only an empty string command is allowed. Non-empty commands are not permitted by this service."

return errno.EPERM, "Only empty string command is allowed to be managed by this service."

Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.

Comments skipped due to low confidence (1)

tests/host_modules/docker_service_test.py:281

• The command should be an empty string to correctly test the image not allowed scenario.

rc, msg = docker_service.run("wrong_image_name", "command", {})

Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.

[FengPan-Frank]

Thanks @hdwhdw for the work! Could you add more description for the PR? Seems we need to maintain the container list, which I have one new container "docker-sonic-bmp" added.

[hdwhdw]

Thanks for the review. Added more description to the PR. There could be better solution to this but currently I just hardcoded a set of all allowed container images. As for solution, I could say put a gnoi.json that contains a white list in /etc/sonic, so we don't need to push an upgrade to allowed one more container image. That will be done in another PR.

[FengPan-Frank]

could you help to contain bmp first? pls refer below

[mssonicbld]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[xincunli-sonic]

"

missing trailing comma?

[xincunli-sonic]

def stop(self, container):

The stop, kill, and restart methods have repetitive code for fetching the container and checking if it is allowed. This could be refactored into a helper function to improve readability and maintainability.

---

Refers to: host_modules/docker_service.py:85 in 68cf038. [](commit_id = 68cf038, deletion_comment = False)

[xincunli-sonic]

        return 0, "Container {} has been stopped.".format(container.name)

The code uses return statements to indicate success or failure, but it would benefit from logging critical operations (e.g., container stop/restart, errors) at appropriate levels (INFO/WARN/ERROR). This would make debugging and monitoring easier.

---

Refers to: host_modules/docker_service.py:106 in 68cf038. [](commit_id = 68cf038, deletion_comment = False)

[xincunli-sonic]

kwargs

This method allows passing kwargs directly to docker.containers.run. This could lead to potential security issues if not properly validated. Consider sanitizing or restricting the kwargs that can be passed to ensure they don't introduce vulnerabilities (e.g., privileged containers or host mounts).