( id string, sandboxID string, sandboxPid uint32, containerName string, imageName string, config *runtime.ContainerConfig, sandboxConfig *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig, extraMounts []*runtime.Mount, ociRuntime criconfig.Runtime, runtimeHandler *runtime.RuntimeHandler, )
| 718 | } |
| 719 | |
| 720 | func (c *criService) buildLinuxSpec( |
| 721 | id string, |
| 722 | sandboxID string, |
| 723 | sandboxPid uint32, |
| 724 | containerName string, |
| 725 | imageName string, |
| 726 | config *runtime.ContainerConfig, |
| 727 | sandboxConfig *runtime.PodSandboxConfig, |
| 728 | imageConfig *imagespec.ImageConfig, |
| 729 | extraMounts []*runtime.Mount, |
| 730 | ociRuntime criconfig.Runtime, |
| 731 | runtimeHandler *runtime.RuntimeHandler, |
| 732 | ) (_ []oci.SpecOpts, retErr error) { |
| 733 | specOpts := []oci.SpecOpts{ |
| 734 | oci.WithoutRunMount, |
| 735 | } |
| 736 | // only clear the default security settings if the runtime does not have a custom |
| 737 | // base runtime spec spec. Admins can use this functionality to define |
| 738 | // default ulimits, seccomp, or other default settings. |
| 739 | if ociRuntime.BaseRuntimeSpec == "" { |
| 740 | specOpts = append(specOpts, customopts.WithoutDefaultSecuritySettings) |
| 741 | } |
| 742 | |
| 743 | specOpts = append(specOpts, |
| 744 | customopts.WithRelativeRoot(relativeRootfsPath), |
| 745 | customopts.WithProcessArgs(config, imageConfig), |
| 746 | oci.WithDefaultPathEnv, |
| 747 | // this will be set based on the security context below |
| 748 | oci.WithNewPrivileges, |
| 749 | ) |
| 750 | |
| 751 | if config.GetWorkingDir() != "" { |
| 752 | specOpts = append(specOpts, oci.WithProcessCwd(config.GetWorkingDir())) |
| 753 | } else if imageConfig.WorkingDir != "" { |
| 754 | specOpts = append(specOpts, oci.WithProcessCwd(imageConfig.WorkingDir)) |
| 755 | } |
| 756 | |
| 757 | if config.GetTty() { |
| 758 | specOpts = append(specOpts, oci.WithTTY) |
| 759 | } |
| 760 | |
| 761 | // Add HOSTNAME env. |
| 762 | var ( |
| 763 | err error |
| 764 | hostname = sandboxConfig.GetHostname() |
| 765 | ) |
| 766 | if hostname == "" { |
| 767 | if hostname, err = c.os.Hostname(); err != nil { |
| 768 | return nil, err |
| 769 | } |
| 770 | } |
| 771 | specOpts = append(specOpts, oci.WithEnv([]string{hostnameEnv + "=" + hostname})) |
| 772 | |
| 773 | // Apply envs from image config first, so that envs from container config |
| 774 | // can override them. |
| 775 | env := append([]string{}, imageConfig.Env...) |
| 776 | for _, e := range config.GetEnvs() { |
| 777 | env = append(env, e.GetKey()+"="+e.GetValue()) |
no test coverage detected