Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: namespace options and supplemental groups for cri manager #753

Merged
merged 1 commit into from
Mar 13, 2018
Merged

feature: namespace options and supplemental groups for cri manager #753

merged 1 commit into from
Mar 13, 2018

Conversation

YaoZengzeng
Copy link
Contributor

Signed-off-by: YaoZengzeng yaozengzeng@zju.edu.cn

Ⅰ. Describe what this PR did

Ⅱ. Does this pull request fix one issue?

fixes part of #635

Ⅲ. Describe how you did it

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

We skip the test of "HostNetworkMode", because CRI manager doesn't support logging now.

@YaoZengzeng YaoZengzeng force-pushed the security-context branch 2 times, most recently from 0f5cd78 to 379696e Compare February 26, 2018 01:55
@codecov-io
Copy link

codecov-io commented Feb 26, 2018
edited
Loading

Codecov Report

Merging #753 into master will decrease coverage by 0.04%.
The diff coverage is 7.89%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #753      +/-   ##
==========================================
- Coverage   14.62%   14.58%   -0.05%     
==========================================
  Files         115      115              
  Lines        6940     7001      +61     
==========================================
+ Hits         1015     1021       +6     
- Misses       5839     5893      +54     
- Partials       86       87       +1
Impacted Files Coverage Δ
daemon/mgr/cri.go 0% <ø> (ø) ⬆️
cli/container.go 40.85% <0%> (-0.18%) ⬇️
daemon/mgr/spec_process.go 0% <0%> (ø) ⬆️
daemon/mgr/cri_utils.go 34.12% <0%> (-5.21%) ⬇️
cli/common_flags.go 0% <0%> (ø) ⬆️
pkg/user/user.go 15.55% <75%> (+5.79%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d3c2f20...a456ad0. Read the comment docs.

@YaoZengzeng
Copy link
Contributor Author

@allencloud PTAL.

@Letty5411
Copy link
Contributor

@YaoZengzeng could you also add a test for group-add flag?

@YaoZengzeng
Copy link
Contributor Author

@allencloud @Letty5411 PTAL.

allencloud
allencloud reviewed Mar 6, 2018
View reviewed changes
daemon/mgr/spec_process.go Outdated
@@ -62,21 +63,30 @@ func setupProcessTTY(ctx context.Context, c *ContainerMeta, spec *SpecWrapper) e
}

func setupProcessUser(ctx context.Context, c *ContainerMeta, spec *SpecWrapper) (err error) {
user := specs.User{}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would invite @Ace-Tang to take a look at the implementation in setupProcessUser.

Ace-Tang
Ace-Tang reviewed Mar 6, 2018
View reviewed changes
daemon/mgr/spec_process.go Outdated
logrus.Errorf("failed to parse supplemental group id %s: %v", group, err)
continue
}
user.AdditionalGids = append(user.AdditionalGids, uint32(gid))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better to take AdditionalGids implement to package pkg/user/

@YaoZengzeng YaoZengzeng force-pushed the security-context branch 2 times, most recently from 9e774b1 to 379696e Compare March 7, 2018 06:35
@pouchrobot pouchrobot added size/L and removed size/XL labels Mar 7, 2018
@YaoZengzeng YaoZengzeng force-pushed the security-context branch 3 times, most recently from d71ae89 to 7ec47b9 Compare March 7, 2018 07:52
@YaoZengzeng
Copy link
Contributor Author

@allencloud Updated

allencloud
allencloud reviewed Mar 9, 2018
View reviewed changes
pkg/user/user.go
@@ -119,6 +119,22 @@ func GetIntegerID(user string) (uint32, uint32) {
return uint32(uid), uint32(gid)
}

// GetAdditionalGids parse supplementary gids from slice groups.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a unit test case for this func GetAdditionalGids?

@allencloud
Copy link
Collaborator

Do you have any further thoughts on this? @Ace-Tang

@YaoZengzeng YaoZengzeng force-pushed the security-context branch 3 times, most recently from 1b59dc8 to 3a26193 Compare March 13, 2018 02:55
@YaoZengzeng
feature: namespace options and supplemental groups for cri manager
a456ad0 
Signed-off-by: YaoZengzeng <yaozengzeng@zju.edu.cn>
@allencloud
Copy link
Collaborator

LGTM

@pouchrobot pouchrobot added the LGTM one maintainer or community participant agrees to merge the pull reuqest. label Mar 13, 2018
@allencloud allencloud merged commit aac63a3 into AliyunContainerService:master Mar 13, 2018
@YaoZengzeng YaoZengzeng mentioned this pull request Mar 15, 2018
Closed
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ace-Tang Ace-Tang Ace-Tang left review comments

@allencloud allencloud allencloud left review comments

Assignees

@Ace-Tang Ace-Tang

Labels
kind/feature LGTM one maintainer or community participant agrees to merge the pull reuqest. size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@YaoZengzeng @codecov-io @Letty5411 @allencloud @Ace-Tang @pouchrobot