MCPcopy Index your code
hub / github.com/containerd/containerd / buildLinuxSpec

Method buildLinuxSpec

internal/cri/server/container_create.go:720–975  ·  view source on GitHub ↗
(
	id string,
	sandboxID string,
	sandboxPid uint32,
	containerName string,
	imageName string,
	config *runtime.ContainerConfig,
	sandboxConfig *runtime.PodSandboxConfig,
	imageConfig *imagespec.ImageConfig,
	extraMounts []*runtime.Mount,
	ociRuntime criconfig.Runtime,
	runtimeHandler *runtime.RuntimeHandler,
)

Source from the content-addressed store, hash-verified

718}
719
720func (c *criService) buildLinuxSpec(
721 id string,
722 sandboxID string,
723 sandboxPid uint32,
724 containerName string,
725 imageName string,
726 config *runtime.ContainerConfig,
727 sandboxConfig *runtime.PodSandboxConfig,
728 imageConfig *imagespec.ImageConfig,
729 extraMounts []*runtime.Mount,
730 ociRuntime criconfig.Runtime,
731 runtimeHandler *runtime.RuntimeHandler,
732) (_ []oci.SpecOpts, retErr error) {
733 specOpts := []oci.SpecOpts{
734 oci.WithoutRunMount,
735 }
736 // only clear the default security settings if the runtime does not have a custom
737 // base runtime spec spec. Admins can use this functionality to define
738 // default ulimits, seccomp, or other default settings.
739 if ociRuntime.BaseRuntimeSpec == "" {
740 specOpts = append(specOpts, customopts.WithoutDefaultSecuritySettings)
741 }
742
743 specOpts = append(specOpts,
744 customopts.WithRelativeRoot(relativeRootfsPath),
745 customopts.WithProcessArgs(config, imageConfig),
746 oci.WithDefaultPathEnv,
747 // this will be set based on the security context below
748 oci.WithNewPrivileges,
749 )
750
751 if config.GetWorkingDir() != "" {
752 specOpts = append(specOpts, oci.WithProcessCwd(config.GetWorkingDir()))
753 } else if imageConfig.WorkingDir != "" {
754 specOpts = append(specOpts, oci.WithProcessCwd(imageConfig.WorkingDir))
755 }
756
757 if config.GetTty() {
758 specOpts = append(specOpts, oci.WithTTY)
759 }
760
761 // Add HOSTNAME env.
762 var (
763 err error
764 hostname = sandboxConfig.GetHostname()
765 )
766 if hostname == "" {
767 if hostname, err = c.os.Hostname(); err != nil {
768 return nil, err
769 }
770 }
771 specOpts = append(specOpts, oci.WithEnv([]string{hostnameEnv + "=" + hostname}))
772
773 // Apply envs from image config first, so that envs from container config
774 // can override them.
775 env := append([]string{}, imageConfig.Env...)
776 for _, e := range config.GetEnvs() {
777 env = append(env, e.GetKey()+"="+e.GetValue())

Callers 1

buildContainerSpecMethod · 0.95

Implementers 1

criServiceinternal/cri/server/service.go

Calls 15

WithProcessCwdFunction · 0.92
WithEnvFunction · 0.92
WithLinuxNamespaceFunction · 0.92
WithMaskedPathsFunction · 0.92
WithReadonlyPathsFunction · 0.92
WithRootFSReadonlyFunction · 0.92
WithCgroupFunction · 0.92
ClassNameToLinuxOCIFunction · 0.92
WithBlockIOFunction · 0.92

Tested by

no test coverage detected