virtcontainers: make kataAgent/createContainer can decode old specs.Spec

in old specs.Spec, Capabilities is [] string, but we don't use CompatOCISpec for compatibility in kataAgent/createContainer. fixes #333 Signed-off-by: Shukui Yang<yangshukui@huawei.com>
kata-containers · May 26, 2018 · 043fa5f · 043fa5f
1 parent 086d197
commit 043fa5f
Show file tree

Hide file tree

Showing 2 changed files with 102 additions and 8 deletions.
diff --git a/virtcontainers/pkg/oci/utils.go b/virtcontainers/pkg/oci/utils.go
@@ -365,6 +365,13 @@ func ParseConfigJSON(bundlePath string) (CompatOCISpec, error) {
 	if err := json.Unmarshal(configByte, &ocispec); err != nil {
 		return CompatOCISpec{}, err
 	}
+	if ocispec.Process != nil {
+		caps, err := containerCapabilities(ocispec)
+		if err != nil {
+			return CompatOCISpec{}, err
+		}
+		ocispec.Process.Capabilities = caps
+	}
 
 	return ocispec, nil
 }
@@ -554,9 +561,12 @@ func ContainerConfig(ocispec CompatOCISpec, bundlePath, cid, console string, det
 		return vc.ContainerConfig{}, err
 	}
 
-	cmd.Capabilities, err = containerCapabilities(ocispec)
-	if err != nil {
-		return vc.ContainerConfig{}, err
+	if ocispec.Process != nil {
+		caps, ok := ocispec.Process.Capabilities.(vc.LinuxCapabilities)
+		if !ok {
+			return vc.ContainerConfig{}, fmt.Errorf("Unexpected format for capabilities: %v", ocispec.Process.Capabilities)
+		}
+		cmd.Capabilities = caps
 	}
 
 	var resources vc.ContainerResources

diff --git a/virtcontainers/pkg/oci/utils_test.go b/virtcontainers/pkg/oci/utils_test.go
@@ -24,11 +24,54 @@ import (
 	vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
 )
 
-const tempBundlePath = "/tmp/virtc/ocibundle/"
-const containerID = "virtc-oci-test"
-const consolePath = "/tmp/virtc/console"
-const fileMode = os.FileMode(0640)
-const dirMode = os.FileMode(0750)
+const (
+	tempBundlePath = "/tmp/virtc/ocibundle/"
+	containerID    = "virtc-oci-test"
+	consolePath    = "/tmp/virtc/console"
+	fileMode       = os.FileMode(0640)
+	dirMode        = os.FileMode(0750)
+
+	capabilitiesSpecArray = `
+		{
+		    "ociVersion": "1.0.0-rc2-dev",
+		    "process": {
+		        "capabilities": [
+		            "CAP_CHOWN",
+		            "CAP_DAC_OVERRIDE",
+		            "CAP_FSETID"
+		        ]
+		    }
+		}`
+
+	capabilitiesSpecStruct = `
+		{
+		    "ociVersion": "1.0.0-rc5",
+		    "process": {
+		        "capabilities": {
+		            "bounding": [
+		                "CAP_CHOWN",
+		                "CAP_DAC_OVERRIDE",
+		                "CAP_FSETID"
+		            ],
+		            "effective": [
+		                "CAP_CHOWN",
+		                "CAP_DAC_OVERRIDE",
+		                "CAP_FSETID"
+		            ],
+		            "inheritable": [
+		                "CAP_CHOWN",
+		                "CAP_DAC_OVERRIDE",
+		                "CAP_FSETID"
+		            ],
+		            "permitted": [
+		                "CAP_CHOWN",
+		                "CAP_DAC_OVERRIDE",
+		                "CAP_FSETID"
+		            ]
+		        }
+		    }
+		}`
+)
 
 func createConfig(fileName string, fileData string) (string, error) {
 	configPath := path.Join(tempBundlePath, fileName)
@@ -743,6 +786,47 @@ func TestContainerCapabilities(t *testing.T) {
 	assert.Equal(t, c.Ambient, []string(nil))
 }
 
+// use specs.Spec to decode the spec, the content of capabilites is [] string
+func TestCompatOCISpecWithArray(t *testing.T) {
+	compatOCISpec := CompatOCISpec{}
+	err := json.Unmarshal([]byte(capabilitiesSpecArray), &compatOCISpec)
+	assert.Nil(t, err, "use CompatOCISpec to decode capabilitiesSpecArray failed")
+
+	ociSpecJSON, err := json.Marshal(compatOCISpec)
+	assert.Nil(t, err, "encode compatOCISpec failed")
+
+	// use specs.Spec to decode the spec, specs.Spec' capabilites is struct,
+	// but the content of spec' capabilites is [] string
+	ociSpec := specs.Spec{}
+	err = json.Unmarshal(ociSpecJSON, &ociSpec)
+	assert.NotNil(t, err, "This test should fail")
+
+	caps, err := containerCapabilities(compatOCISpec)
+	assert.Nil(t, err, "decode capabilities failed")
+	compatOCISpec.Process.Capabilities = caps
+
+	ociSpecJSON, err = json.Marshal(compatOCISpec)
+	assert.Nil(t, err, "encode compatOCISpec failed")
+
+	// capabilities has been chaged to struct
+	err = json.Unmarshal(ociSpecJSON, &ociSpec)
+	assert.Nil(t, err, "This test should fail")
+}
+
+// use specs.Spec to decode the spec, the content of capabilites is struct
+func TestCompatOCISpecWithStruct(t *testing.T) {
+	compatOCISpec := CompatOCISpec{}
+	err := json.Unmarshal([]byte(capabilitiesSpecStruct), &compatOCISpec)
+	assert.Nil(t, err, "use CompatOCISpec to decode capabilitiesSpecStruct failed")
+
+	ociSpecJSON, err := json.Marshal(compatOCISpec)
+	assert.Nil(t, err, "encode compatOCISpec failed")
+
+	ociSpec := specs.Spec{}
+	err = json.Unmarshal(ociSpecJSON, &ociSpec)
+	assert.Nil(t, err, "This test should not fail")
+}
+
 func TestMain(m *testing.M) {
 	/* Create temp bundle directory if necessary */
 	err := os.MkdirAll(tempBundlePath, dirMode)