diff --git a/cmd/gcs/main.go b/cmd/gcs/main.go index c20a591f96..13f3201fe7 100644 --- a/cmd/gcs/main.go +++ b/cmd/gcs/main.go @@ -21,12 +21,12 @@ import ( "github.com/sirupsen/logrus" "go.opencensus.io/trace" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/guest/bridge" "github.com/Microsoft/hcsshim/internal/guest/kmsg" "github.com/Microsoft/hcsshim/internal/guest/runtime/hcsv2" "github.com/Microsoft/hcsshim/internal/guest/runtime/runc" "github.com/Microsoft/hcsshim/internal/guest/transport" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/oc" "github.com/cenkalti/backoff/v4" @@ -231,7 +231,7 @@ func main() { log.SetScrubbing(*scrubLogs) - baseLogPath := constants.LCOWRootPrefixInUVM + baseLogPath := guestpath.LCOWRootPrefixInUVM logrus.Info("GCS started") diff --git a/internal/devices/drivers.go b/internal/devices/drivers.go index 4efe677e22..008e1c739c 100644 --- a/internal/devices/drivers.go +++ b/internal/devices/drivers.go @@ -8,6 +8,7 @@ import ( "fmt" "github.com/Microsoft/hcsshim/internal/cmd" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/resources" "github.com/Microsoft/hcsshim/internal/uvm" @@ -45,7 +46,7 @@ func InstallKernelDriver(ctx context.Context, vm *uvm.UtilityVM, driver string) } return closer, execPnPInstallDriver(ctx, vm, uvmPath) } - uvmPathForShare := fmt.Sprintf(uvm.LCOWGlobalMountPrefix, vm.UVMMountCounter()) + uvmPathForShare := fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, vm.UVMMountCounter()) scsiCloser, err := vm.AddSCSI(ctx, driver, uvmPathForShare, true, false, []string{}, uvm.VMAccessTypeIndividual) if err != nil { return closer, fmt.Errorf("failed to add SCSI disk to utility VM for path %+v: %s", driver, err) diff --git a/internal/guest/runtime/hcsv2/nvidia_utils.go b/internal/guest/runtime/hcsv2/nvidia_utils.go index 1ebef9f947..735bb4931d 100644 --- a/internal/guest/runtime/hcsv2/nvidia_utils.go +++ b/internal/guest/runtime/hcsv2/nvidia_utils.go @@ -14,8 +14,8 @@ import ( "github.com/pkg/errors" "github.com/Microsoft/hcsshim/cmd/gcstools/generichook" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/guest/storage/pci" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hooks" "github.com/Microsoft/hcsshim/pkg/annotations" ) @@ -77,7 +77,7 @@ func addNvidiaDevicePreHook(ctx context.Context, spec *oci.Spec) error { // updateEnvWithNvidiaVariables creates an env with the nvidia gpu vhd in PATH and insecure mode set func updateEnvWithNvidiaVariables() []string { - nvidiaBin := fmt.Sprintf("%s/bin", constants.LCOWNvidiaMountPath) + nvidiaBin := fmt.Sprintf("%s/bin", guestpath.LCOWNvidiaMountPath) env := updatePathEnv(nvidiaBin) // NVC_INSECURE_MODE allows us to run nvidia-container-cli without seccomp // we don't currently use seccomp in the uvm, so avoid using it here for now as well diff --git a/internal/guest/runtime/hcsv2/sandbox_container.go b/internal/guest/runtime/hcsv2/sandbox_container.go index c0607dd377..c76b11d3ce 100644 --- a/internal/guest/runtime/hcsv2/sandbox_container.go +++ b/internal/guest/runtime/hcsv2/sandbox_container.go @@ -14,14 +14,14 @@ import ( "github.com/pkg/errors" "go.opencensus.io/trace" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/guest/network" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/oc" "github.com/Microsoft/hcsshim/pkg/annotations" ) func getSandboxRootDir(id string) string { - return filepath.Join(constants.LCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.LCOWRootPrefixInUVM, id) } func getSandboxHugePageMountsDir(id string) string { diff --git a/internal/guest/runtime/hcsv2/standalone_container.go b/internal/guest/runtime/hcsv2/standalone_container.go index 578f72067f..89189313e8 100644 --- a/internal/guest/runtime/hcsv2/standalone_container.go +++ b/internal/guest/runtime/hcsv2/standalone_container.go @@ -14,13 +14,13 @@ import ( "github.com/pkg/errors" "go.opencensus.io/trace" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/guest/network" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/oc" ) func getStandaloneRootDir(id string) string { - return filepath.Join(constants.LCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.LCOWRootPrefixInUVM, id) } func getStandaloneHostnamePath(id string) string { diff --git a/internal/guest/runtime/hcsv2/workload_container.go b/internal/guest/runtime/hcsv2/workload_container.go index 31109b30cd..b9679d9036 100644 --- a/internal/guest/runtime/hcsv2/workload_container.go +++ b/internal/guest/runtime/hcsv2/workload_container.go @@ -14,13 +14,13 @@ import ( "go.opencensus.io/trace" "golang.org/x/sys/unix" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/oc" "github.com/Microsoft/hcsshim/pkg/annotations" ) func getWorkloadRootDir(id string) string { - return filepath.Join(constants.LCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.LCOWRootPrefixInUVM, id) } // os.MkdirAll combines the given permissions with the running process's @@ -35,9 +35,9 @@ func mkdirAllModePerm(target string) error { func updateSandboxMounts(sbid string, spec *oci.Spec) error { for i, m := range spec.Mounts { - if strings.HasPrefix(m.Source, constants.SandboxMountPrefix) { + if strings.HasPrefix(m.Source, guestpath.SandboxMountPrefix) { mountsDir := getSandboxMountsDir(sbid) - subPath := strings.TrimPrefix(m.Source, constants.SandboxMountPrefix) + subPath := strings.TrimPrefix(m.Source, guestpath.SandboxMountPrefix) sandboxSource := filepath.Join(mountsDir, subPath) // filepath.Join cleans the resulting path before returning so it would resolve the relative path if one was given. @@ -61,9 +61,9 @@ func updateSandboxMounts(sbid string, spec *oci.Spec) error { func updateHugePageMounts(sbid string, spec *oci.Spec) error { for i, m := range spec.Mounts { - if strings.HasPrefix(m.Source, constants.HugePagesMountPrefix) { + if strings.HasPrefix(m.Source, guestpath.HugePagesMountPrefix) { mountsDir := getSandboxHugePageMountsDir(sbid) - subPath := strings.TrimPrefix(m.Source, constants.HugePagesMountPrefix) + subPath := strings.TrimPrefix(m.Source, guestpath.HugePagesMountPrefix) pageSize := strings.Split(subPath, string(os.PathSeparator))[0] hugePageMountSource := filepath.Join(mountsDir, subPath) diff --git a/internal/constants/constants.go b/internal/guestpath/paths.go similarity index 57% rename from internal/constants/constants.go rename to internal/guestpath/paths.go index 0d1d1b5ee1..a40e03985b 100644 --- a/internal/constants/constants.go +++ b/internal/guestpath/paths.go @@ -1,19 +1,24 @@ -package constants +package guestpath const ( // LCOWNvidiaMountPath is the path format in LCOW UVM where nvidia tools are mounted // keep this value in sync with opengcs LCOWNvidiaMountPath = "/run/nvidia" - // LCOWRootPrefixInUVM is the path inside UVM where LCOW container's root file system will be mounted LCOWRootPrefixInUVM = "/run/gcs/c" - // WCOWRootPrefixInUVM is the path inside UVM where WCOW container's root file system will be mounted WCOWRootPrefixInUVM = `C:\c` - // SandboxMountPrefix is mount prefix used in container spec to mark a sandbox-mount SandboxMountPrefix = "sandbox://" - // HugePagesMountPrefix is mount prefix used in container spec to mark a huge-pages mount HugePagesMountPrefix = "hugepages://" + // LCOWMountPathPrefix is the path format in the LCOW UVM where non global mounts, such + // as Plan9 mounts are added + LCOWMountPathPrefix = "/mounts/m%d" + // LCOWGlobalMountPrefix is the path format in the LCOW UVM where global mounts are added + LCOWGlobalMountPrefix = "/run/mounts/m%d" + // WCOWGlobalMountPrefix is the path prefix format in the WCOW UVM where mounts are added + WCOWGlobalMountPrefix = "C:\\mounts\\m%d" + // RootfsPath is part of the container's rootfs path + RootfsPath = "rootfs" ) diff --git a/internal/hcsoci/create.go b/internal/hcsoci/create.go index 4f14a95793..4f7190f742 100644 --- a/internal/hcsoci/create.go +++ b/internal/hcsoci/create.go @@ -7,7 +7,6 @@ import ( "context" "errors" "fmt" - "github.com/Microsoft/hcsshim/internal/constants" "os" "path/filepath" "strconv" @@ -15,6 +14,7 @@ import ( "github.com/Microsoft/go-winio/pkg/guid" "github.com/Microsoft/hcsshim/internal/clone" "github.com/Microsoft/hcsshim/internal/cow" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hcs" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/log" @@ -28,7 +28,7 @@ import ( ) var ( - lcowRootInUVM = constants.LCOWRootPrefixInUVM + "/%s" + lcowRootInUVM = guestpath.LCOWRootPrefixInUVM + "/%s" wcowRootInUVM = `C:\c\%s` ) diff --git a/internal/hcsoci/devices.go b/internal/hcsoci/devices.go index a813129a3f..4f17a715d6 100644 --- a/internal/hcsoci/devices.go +++ b/internal/hcsoci/devices.go @@ -12,8 +12,8 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/devices" + "github.com/Microsoft/hcsshim/internal/guestpath" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/oci" @@ -224,14 +224,14 @@ func handleAssignedDevicesLCOW( scsiMount, err := vm.AddSCSI( ctx, gpuSupportVhdPath, - constants.LCOWNvidiaMountPath, + guestpath.LCOWNvidiaMountPath, true, false, options, uvm.VMAccessTypeNoop, ) if err != nil { - return resultDevs, closers, errors.Wrapf(err, "failed to add scsi device %s in the UVM %s at %s", gpuSupportVhdPath, vm.ID(), constants.LCOWNvidiaMountPath) + return resultDevs, closers, errors.Wrapf(err, "failed to add scsi device %s in the UVM %s at %s", gpuSupportVhdPath, vm.ID(), guestpath.LCOWNvidiaMountPath) } closers = append(closers, scsiMount) } diff --git a/internal/hcsoci/hcsdoc_wcow.go b/internal/hcsoci/hcsdoc_wcow.go index 44d9fc1042..b3080399a6 100644 --- a/internal/hcsoci/hcsdoc_wcow.go +++ b/internal/hcsoci/hcsdoc_wcow.go @@ -14,7 +14,7 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hcs/schema1" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/layers" @@ -80,7 +80,7 @@ func createMountsConfig(ctx context.Context, coi *createOptionsInternal) (*mount return nil, err } mdv2.HostPath = uvmPath - } else if strings.HasPrefix(mount.Source, constants.SandboxMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.SandboxMountPrefix) { // Convert to the path in the guest that was asked for. mdv2.HostPath = convertToWCOWSandboxMountPath(mount.Source) } else { diff --git a/internal/hcsoci/resources_lcow.go b/internal/hcsoci/resources_lcow.go index 363d2a6149..6bd3fb3b52 100644 --- a/internal/hcsoci/resources_lcow.go +++ b/internal/hcsoci/resources_lcow.go @@ -16,7 +16,7 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/layers" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/resources" @@ -41,7 +41,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * // This is the "Plan 9" root filesystem. // TODO: We need a test for this. Ask @jstarks how you can even lay this out on Windows. hostPath := coi.Spec.Root.Path - uvmPathForContainersFileSystem := path.Join(r.ContainerRootInUVM(), uvm.RootfsPath) + uvmPathForContainersFileSystem := path.Join(r.ContainerRootInUVM(), guestpath.RootfsPath) share, err := coi.HostingSystem.AddPlan9(ctx, hostPath, uvmPathForContainersFileSystem, coi.Spec.Root.Readonly, false, nil) if err != nil { return errors.Wrap(err, "adding plan9 root") @@ -67,7 +67,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * if coi.HostingSystem != nil { hostPath := mount.Source - uvmPathForShare := path.Join(containerRootInUVM, fmt.Sprintf(uvm.LCOWMountPathPrefix, i)) + uvmPathForShare := path.Join(containerRootInUVM, fmt.Sprintf(guestpath.LCOWMountPathPrefix, i)) uvmPathForFile := uvmPathForShare readOnly := false @@ -81,7 +81,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * l := log.G(ctx).WithField("mount", fmt.Sprintf("%+v", mount)) if mount.Type == "physical-disk" { l.Debug("hcsshim::allocateLinuxResources Hot-adding SCSI physical disk for OCI mount") - uvmPathForShare = fmt.Sprintf(uvm.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) + uvmPathForShare = fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) scsiMount, err := coi.HostingSystem.AddSCSIPhysicalDisk(ctx, hostPath, uvmPathForShare, readOnly, mount.Options) if err != nil { return errors.Wrapf(err, "adding SCSI physical disk mount %+v", mount) @@ -92,7 +92,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * coi.Spec.Mounts[i].Type = "none" } else if mount.Type == "virtual-disk" { l.Debug("hcsshim::allocateLinuxResources Hot-adding SCSI virtual disk for OCI mount") - uvmPathForShare = fmt.Sprintf(uvm.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) + uvmPathForShare = fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) // if the scsi device is already attached then we take the uvm path that the function below returns // that is where it was previously mounted in UVM @@ -112,18 +112,18 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * uvmPathForFile = scsiMount.UVMPath r.Add(scsiMount) coi.Spec.Mounts[i].Type = "none" - } else if strings.HasPrefix(mount.Source, constants.SandboxMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.SandboxMountPrefix) { // Mounts that map to a path in UVM are specified with 'sandbox://' prefix. // example: sandbox:///a/dirInUvm destination:/b/dirInContainer uvmPathForFile = mount.Source - } else if strings.HasPrefix(mount.Source, constants.HugePagesMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.HugePagesMountPrefix) { // currently we only support 2M hugepage size - hugePageSubDirs := strings.Split(strings.TrimPrefix(mount.Source, constants.HugePagesMountPrefix), "/") + hugePageSubDirs := strings.Split(strings.TrimPrefix(mount.Source, guestpath.HugePagesMountPrefix), "/") if len(hugePageSubDirs) < 2 { return errors.Errorf( `%s mount path is invalid, expected format: %s/`, mount.Source, - constants.HugePagesMountPrefix, + guestpath.HugePagesMountPrefix, ) } diff --git a/internal/hcsoci/resources_wcow.go b/internal/hcsoci/resources_wcow.go index bdb75cb57f..66bfc3e0d9 100644 --- a/internal/hcsoci/resources_wcow.go +++ b/internal/hcsoci/resources_wcow.go @@ -17,8 +17,8 @@ import ( "github.com/pkg/errors" "github.com/Microsoft/hcsshim/internal/cmd" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/credentials" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/layers" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/resources" @@ -142,7 +142,7 @@ func setupMounts(ctx context.Context, coi *createOptionsInternal, r *resources.R } if coi.HostingSystem != nil && schemaversion.IsV21(coi.actualSchemaVersion) { - uvmPath := fmt.Sprintf(uvm.WCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) + uvmPath := fmt.Sprintf(guestpath.WCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) readOnly := false for _, o := range mount.Options { if strings.ToLower(o) == "ro" { @@ -180,7 +180,7 @@ func setupMounts(ctx context.Context, coi *createOptionsInternal, r *resources.R return errors.Wrapf(err, "adding SCSI EVD mount failed %+v", mount) } r.Add(scsiMount) - } else if strings.HasPrefix(mount.Source, constants.SandboxMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.SandboxMountPrefix) { // Mounts that map to a path in the UVM are specified with a 'sandbox://' prefix. // // Example: sandbox:///a/dirInUvm destination:C:\\dirInContainer. @@ -230,6 +230,6 @@ func setupMounts(ctx context.Context, coi *createOptionsInternal, r *resources.R } func convertToWCOWSandboxMountPath(source string) string { - subPath := strings.TrimPrefix(source, constants.SandboxMountPrefix) + subPath := strings.TrimPrefix(source, guestpath.SandboxMountPrefix) return filepath.Join(wcowSandboxMountPath, subPath) } diff --git a/internal/layers/layers.go b/internal/layers/layers.go index 573ad72aa7..fd63377f72 100644 --- a/internal/layers/layers.go +++ b/internal/layers/layers.go @@ -11,15 +11,17 @@ import ( "path/filepath" "time" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "golang.org/x/sys/windows" + + "github.com/Microsoft/hcsshim/internal/guestpath" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/hcserror" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/ospath" "github.com/Microsoft/hcsshim/internal/uvm" "github.com/Microsoft/hcsshim/internal/wclayer" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "golang.org/x/sys/windows" ) // ImageLayers contains all the layers for an image. @@ -261,7 +263,7 @@ func MountContainerLayers(ctx context.Context, containerID string, layerFolders err = vm.CombineLayersWCOW(ctx, layers, containerScratchPathInUVM) rootfs = containerScratchPathInUVM } else { - rootfs = ospath.Join(vm.OS(), guestRoot, uvm.RootfsPath) + rootfs = ospath.Join(vm.OS(), guestRoot, guestpath.RootfsPath) err = vm.CombineLayersLCOW(ctx, containerID, lcowUvmLayerPaths, containerScratchPathInUVM, rootfs) } if err != nil { @@ -289,7 +291,7 @@ func addLCOWLayer(ctx context.Context, vm *uvm.UtilityVM, layerPath string) (uvm } options := []string{"ro"} - uvmPath = fmt.Sprintf(uvm.LCOWGlobalMountPrefix, vm.UVMMountCounter()) + uvmPath = fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, vm.UVMMountCounter()) sm, err := vm.AddSCSI(ctx, layerPath, uvmPath, true, false, options, uvm.VMAccessTypeNoop) if err != nil { return "", fmt.Errorf("failed to add SCSI layer: %s", err) @@ -460,7 +462,7 @@ func containerRootfsPath(vm *uvm.UtilityVM, rootPath string) string { if vm.OS() == "windows" { return ospath.Join(vm.OS(), rootPath) } - return ospath.Join(vm.OS(), rootPath, uvm.RootfsPath) + return ospath.Join(vm.OS(), rootPath, guestpath.RootfsPath) } func getScratchVHDPath(layerFolders []string) (string, error) { diff --git a/internal/uvm/constants.go b/internal/uvm/constants.go index aed3315a55..1ddcf903ab 100644 --- a/internal/uvm/constants.go +++ b/internal/uvm/constants.go @@ -16,16 +16,6 @@ const ( // DefaultVPMemSizeBytes is the default size of a VPMem device if the create request // doesn't specify. DefaultVPMemSizeBytes = 4 * 1024 * 1024 * 1024 // 4GB - - // LCOWMountPathPrefix is the path format in the LCOW UVM where non global mounts, such - // as Plan9 mounts are added - LCOWMountPathPrefix = "/mounts/m%d" - // LCOWGlobalMountPrefix is the path format in the LCOW UVM where global mounts are added - LCOWGlobalMountPrefix = "/run/mounts/m%d" - // WCOWGlobalMountPrefix is the path prefix format in the WCOW UVM where mounts are added - WCOWGlobalMountPrefix = "C:\\mounts\\m%d" - // RootfsPath is part of the container's rootfs path - RootfsPath = "rootfs" ) var ( diff --git a/pkg/securitypolicy/securitypolicyenforcer.go b/pkg/securitypolicy/securitypolicyenforcer.go index abb6e827c6..1d130777e8 100644 --- a/pkg/securitypolicy/securitypolicyenforcer.go +++ b/pkg/securitypolicy/securitypolicyenforcer.go @@ -11,7 +11,7 @@ import ( "strings" "sync" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hooks" "github.com/Microsoft/hcsshim/pkg/annotations" "github.com/google/go-cmp/cmp" @@ -501,9 +501,9 @@ func possibleIndicesForID(containerID string, mapping map[int]map[string]struct{ func getContainerRootInUVM(id string) string { switch runtime.GOOS { case "windows": - return filepath.Join(constants.WCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.WCOWRootPrefixInUVM, id) default: - return filepath.Join(constants.LCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.LCOWRootPrefixInUVM, id) } } @@ -543,8 +543,8 @@ func (pe *StandardSecurityPolicyEnforcer) EnforceExpectedMountsPolicy(containerI var wPaths []string for _, mount := range wMounts { wp := "" - if strings.HasPrefix(mount, constants.SandboxMountPrefix) { - sandboxPath := strings.TrimPrefix(mount, constants.SandboxMountPrefix) + if strings.HasPrefix(mount, guestpath.SandboxMountPrefix) { + sandboxPath := strings.TrimPrefix(mount, guestpath.SandboxMountPrefix) wp = filepath.Join(getContainerRootInUVM(sandboxID), "sandboxMounts", sandboxPath) } else { // Find the corresponding sandbox mount and resolve the path inside UVM. diff --git a/test/cri-containerd/container_test.go b/test/cri-containerd/container_test.go index e565083207..1afbc1b7ce 100644 --- a/test/cri-containerd/container_test.go +++ b/test/cri-containerd/container_test.go @@ -18,7 +18,7 @@ import ( "github.com/sirupsen/logrus" runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/pkg/annotations" ) @@ -728,7 +728,7 @@ func Test_CreateContainer_HugePageMount_LCOW(t *testing.T) { }, Mounts: []*runtime.Mount{ { - HostPath: fmt.Sprintf("%s2M/hugepage2M", constants.HugePagesMountPrefix), + HostPath: fmt.Sprintf("%s2M/hugepage2M", guestpath.HugePagesMountPrefix), ContainerPath: "/mnt/hugepage2M", Readonly: false, Propagation: runtime.MountPropagation_PROPAGATION_BIDIRECTIONAL, diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/devices/drivers.go b/test/vendor/github.com/Microsoft/hcsshim/internal/devices/drivers.go index 4efe677e22..008e1c739c 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/devices/drivers.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/devices/drivers.go @@ -8,6 +8,7 @@ import ( "fmt" "github.com/Microsoft/hcsshim/internal/cmd" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/resources" "github.com/Microsoft/hcsshim/internal/uvm" @@ -45,7 +46,7 @@ func InstallKernelDriver(ctx context.Context, vm *uvm.UtilityVM, driver string) } return closer, execPnPInstallDriver(ctx, vm, uvmPath) } - uvmPathForShare := fmt.Sprintf(uvm.LCOWGlobalMountPrefix, vm.UVMMountCounter()) + uvmPathForShare := fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, vm.UVMMountCounter()) scsiCloser, err := vm.AddSCSI(ctx, driver, uvmPathForShare, true, false, []string{}, uvm.VMAccessTypeIndividual) if err != nil { return closer, fmt.Errorf("failed to add SCSI disk to utility VM for path %+v: %s", driver, err) diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/constants/constants.go b/test/vendor/github.com/Microsoft/hcsshim/internal/guestpath/paths.go similarity index 57% rename from test/vendor/github.com/Microsoft/hcsshim/internal/constants/constants.go rename to test/vendor/github.com/Microsoft/hcsshim/internal/guestpath/paths.go index 0d1d1b5ee1..a40e03985b 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/constants/constants.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/guestpath/paths.go @@ -1,19 +1,24 @@ -package constants +package guestpath const ( // LCOWNvidiaMountPath is the path format in LCOW UVM where nvidia tools are mounted // keep this value in sync with opengcs LCOWNvidiaMountPath = "/run/nvidia" - // LCOWRootPrefixInUVM is the path inside UVM where LCOW container's root file system will be mounted LCOWRootPrefixInUVM = "/run/gcs/c" - // WCOWRootPrefixInUVM is the path inside UVM where WCOW container's root file system will be mounted WCOWRootPrefixInUVM = `C:\c` - // SandboxMountPrefix is mount prefix used in container spec to mark a sandbox-mount SandboxMountPrefix = "sandbox://" - // HugePagesMountPrefix is mount prefix used in container spec to mark a huge-pages mount HugePagesMountPrefix = "hugepages://" + // LCOWMountPathPrefix is the path format in the LCOW UVM where non global mounts, such + // as Plan9 mounts are added + LCOWMountPathPrefix = "/mounts/m%d" + // LCOWGlobalMountPrefix is the path format in the LCOW UVM where global mounts are added + LCOWGlobalMountPrefix = "/run/mounts/m%d" + // WCOWGlobalMountPrefix is the path prefix format in the WCOW UVM where mounts are added + WCOWGlobalMountPrefix = "C:\\mounts\\m%d" + // RootfsPath is part of the container's rootfs path + RootfsPath = "rootfs" ) diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/create.go b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/create.go index 4f14a95793..4f7190f742 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/create.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/create.go @@ -7,7 +7,6 @@ import ( "context" "errors" "fmt" - "github.com/Microsoft/hcsshim/internal/constants" "os" "path/filepath" "strconv" @@ -15,6 +14,7 @@ import ( "github.com/Microsoft/go-winio/pkg/guid" "github.com/Microsoft/hcsshim/internal/clone" "github.com/Microsoft/hcsshim/internal/cow" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hcs" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/log" @@ -28,7 +28,7 @@ import ( ) var ( - lcowRootInUVM = constants.LCOWRootPrefixInUVM + "/%s" + lcowRootInUVM = guestpath.LCOWRootPrefixInUVM + "/%s" wcowRootInUVM = `C:\c\%s` ) diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/devices.go b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/devices.go index a813129a3f..4f17a715d6 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/devices.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/devices.go @@ -12,8 +12,8 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/devices" + "github.com/Microsoft/hcsshim/internal/guestpath" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/oci" @@ -224,14 +224,14 @@ func handleAssignedDevicesLCOW( scsiMount, err := vm.AddSCSI( ctx, gpuSupportVhdPath, - constants.LCOWNvidiaMountPath, + guestpath.LCOWNvidiaMountPath, true, false, options, uvm.VMAccessTypeNoop, ) if err != nil { - return resultDevs, closers, errors.Wrapf(err, "failed to add scsi device %s in the UVM %s at %s", gpuSupportVhdPath, vm.ID(), constants.LCOWNvidiaMountPath) + return resultDevs, closers, errors.Wrapf(err, "failed to add scsi device %s in the UVM %s at %s", gpuSupportVhdPath, vm.ID(), guestpath.LCOWNvidiaMountPath) } closers = append(closers, scsiMount) } diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/hcsdoc_wcow.go b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/hcsdoc_wcow.go index 44d9fc1042..b3080399a6 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/hcsdoc_wcow.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/hcsdoc_wcow.go @@ -14,7 +14,7 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hcs/schema1" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/layers" @@ -80,7 +80,7 @@ func createMountsConfig(ctx context.Context, coi *createOptionsInternal) (*mount return nil, err } mdv2.HostPath = uvmPath - } else if strings.HasPrefix(mount.Source, constants.SandboxMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.SandboxMountPrefix) { // Convert to the path in the guest that was asked for. mdv2.HostPath = convertToWCOWSandboxMountPath(mount.Source) } else { diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_lcow.go b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_lcow.go index 363d2a6149..6bd3fb3b52 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_lcow.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_lcow.go @@ -16,7 +16,7 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/layers" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/resources" @@ -41,7 +41,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * // This is the "Plan 9" root filesystem. // TODO: We need a test for this. Ask @jstarks how you can even lay this out on Windows. hostPath := coi.Spec.Root.Path - uvmPathForContainersFileSystem := path.Join(r.ContainerRootInUVM(), uvm.RootfsPath) + uvmPathForContainersFileSystem := path.Join(r.ContainerRootInUVM(), guestpath.RootfsPath) share, err := coi.HostingSystem.AddPlan9(ctx, hostPath, uvmPathForContainersFileSystem, coi.Spec.Root.Readonly, false, nil) if err != nil { return errors.Wrap(err, "adding plan9 root") @@ -67,7 +67,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * if coi.HostingSystem != nil { hostPath := mount.Source - uvmPathForShare := path.Join(containerRootInUVM, fmt.Sprintf(uvm.LCOWMountPathPrefix, i)) + uvmPathForShare := path.Join(containerRootInUVM, fmt.Sprintf(guestpath.LCOWMountPathPrefix, i)) uvmPathForFile := uvmPathForShare readOnly := false @@ -81,7 +81,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * l := log.G(ctx).WithField("mount", fmt.Sprintf("%+v", mount)) if mount.Type == "physical-disk" { l.Debug("hcsshim::allocateLinuxResources Hot-adding SCSI physical disk for OCI mount") - uvmPathForShare = fmt.Sprintf(uvm.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) + uvmPathForShare = fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) scsiMount, err := coi.HostingSystem.AddSCSIPhysicalDisk(ctx, hostPath, uvmPathForShare, readOnly, mount.Options) if err != nil { return errors.Wrapf(err, "adding SCSI physical disk mount %+v", mount) @@ -92,7 +92,7 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * coi.Spec.Mounts[i].Type = "none" } else if mount.Type == "virtual-disk" { l.Debug("hcsshim::allocateLinuxResources Hot-adding SCSI virtual disk for OCI mount") - uvmPathForShare = fmt.Sprintf(uvm.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) + uvmPathForShare = fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) // if the scsi device is already attached then we take the uvm path that the function below returns // that is where it was previously mounted in UVM @@ -112,18 +112,18 @@ func allocateLinuxResources(ctx context.Context, coi *createOptionsInternal, r * uvmPathForFile = scsiMount.UVMPath r.Add(scsiMount) coi.Spec.Mounts[i].Type = "none" - } else if strings.HasPrefix(mount.Source, constants.SandboxMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.SandboxMountPrefix) { // Mounts that map to a path in UVM are specified with 'sandbox://' prefix. // example: sandbox:///a/dirInUvm destination:/b/dirInContainer uvmPathForFile = mount.Source - } else if strings.HasPrefix(mount.Source, constants.HugePagesMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.HugePagesMountPrefix) { // currently we only support 2M hugepage size - hugePageSubDirs := strings.Split(strings.TrimPrefix(mount.Source, constants.HugePagesMountPrefix), "/") + hugePageSubDirs := strings.Split(strings.TrimPrefix(mount.Source, guestpath.HugePagesMountPrefix), "/") if len(hugePageSubDirs) < 2 { return errors.Errorf( `%s mount path is invalid, expected format: %s/`, mount.Source, - constants.HugePagesMountPrefix, + guestpath.HugePagesMountPrefix, ) } diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_wcow.go b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_wcow.go index bdb75cb57f..66bfc3e0d9 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_wcow.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/hcsoci/resources_wcow.go @@ -17,8 +17,8 @@ import ( "github.com/pkg/errors" "github.com/Microsoft/hcsshim/internal/cmd" - "github.com/Microsoft/hcsshim/internal/constants" "github.com/Microsoft/hcsshim/internal/credentials" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/layers" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/resources" @@ -142,7 +142,7 @@ func setupMounts(ctx context.Context, coi *createOptionsInternal, r *resources.R } if coi.HostingSystem != nil && schemaversion.IsV21(coi.actualSchemaVersion) { - uvmPath := fmt.Sprintf(uvm.WCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) + uvmPath := fmt.Sprintf(guestpath.WCOWGlobalMountPrefix, coi.HostingSystem.UVMMountCounter()) readOnly := false for _, o := range mount.Options { if strings.ToLower(o) == "ro" { @@ -180,7 +180,7 @@ func setupMounts(ctx context.Context, coi *createOptionsInternal, r *resources.R return errors.Wrapf(err, "adding SCSI EVD mount failed %+v", mount) } r.Add(scsiMount) - } else if strings.HasPrefix(mount.Source, constants.SandboxMountPrefix) { + } else if strings.HasPrefix(mount.Source, guestpath.SandboxMountPrefix) { // Mounts that map to a path in the UVM are specified with a 'sandbox://' prefix. // // Example: sandbox:///a/dirInUvm destination:C:\\dirInContainer. @@ -230,6 +230,6 @@ func setupMounts(ctx context.Context, coi *createOptionsInternal, r *resources.R } func convertToWCOWSandboxMountPath(source string) string { - subPath := strings.TrimPrefix(source, constants.SandboxMountPrefix) + subPath := strings.TrimPrefix(source, guestpath.SandboxMountPrefix) return filepath.Join(wcowSandboxMountPath, subPath) } diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/layers/layers.go b/test/vendor/github.com/Microsoft/hcsshim/internal/layers/layers.go index 573ad72aa7..fd63377f72 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/layers/layers.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/layers/layers.go @@ -11,15 +11,17 @@ import ( "path/filepath" "time" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "golang.org/x/sys/windows" + + "github.com/Microsoft/hcsshim/internal/guestpath" hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" "github.com/Microsoft/hcsshim/internal/hcserror" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/ospath" "github.com/Microsoft/hcsshim/internal/uvm" "github.com/Microsoft/hcsshim/internal/wclayer" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "golang.org/x/sys/windows" ) // ImageLayers contains all the layers for an image. @@ -261,7 +263,7 @@ func MountContainerLayers(ctx context.Context, containerID string, layerFolders err = vm.CombineLayersWCOW(ctx, layers, containerScratchPathInUVM) rootfs = containerScratchPathInUVM } else { - rootfs = ospath.Join(vm.OS(), guestRoot, uvm.RootfsPath) + rootfs = ospath.Join(vm.OS(), guestRoot, guestpath.RootfsPath) err = vm.CombineLayersLCOW(ctx, containerID, lcowUvmLayerPaths, containerScratchPathInUVM, rootfs) } if err != nil { @@ -289,7 +291,7 @@ func addLCOWLayer(ctx context.Context, vm *uvm.UtilityVM, layerPath string) (uvm } options := []string{"ro"} - uvmPath = fmt.Sprintf(uvm.LCOWGlobalMountPrefix, vm.UVMMountCounter()) + uvmPath = fmt.Sprintf(guestpath.LCOWGlobalMountPrefix, vm.UVMMountCounter()) sm, err := vm.AddSCSI(ctx, layerPath, uvmPath, true, false, options, uvm.VMAccessTypeNoop) if err != nil { return "", fmt.Errorf("failed to add SCSI layer: %s", err) @@ -460,7 +462,7 @@ func containerRootfsPath(vm *uvm.UtilityVM, rootPath string) string { if vm.OS() == "windows" { return ospath.Join(vm.OS(), rootPath) } - return ospath.Join(vm.OS(), rootPath, uvm.RootfsPath) + return ospath.Join(vm.OS(), rootPath, guestpath.RootfsPath) } func getScratchVHDPath(layerFolders []string) (string, error) { diff --git a/test/vendor/github.com/Microsoft/hcsshim/internal/uvm/constants.go b/test/vendor/github.com/Microsoft/hcsshim/internal/uvm/constants.go index aed3315a55..1ddcf903ab 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/internal/uvm/constants.go +++ b/test/vendor/github.com/Microsoft/hcsshim/internal/uvm/constants.go @@ -16,16 +16,6 @@ const ( // DefaultVPMemSizeBytes is the default size of a VPMem device if the create request // doesn't specify. DefaultVPMemSizeBytes = 4 * 1024 * 1024 * 1024 // 4GB - - // LCOWMountPathPrefix is the path format in the LCOW UVM where non global mounts, such - // as Plan9 mounts are added - LCOWMountPathPrefix = "/mounts/m%d" - // LCOWGlobalMountPrefix is the path format in the LCOW UVM where global mounts are added - LCOWGlobalMountPrefix = "/run/mounts/m%d" - // WCOWGlobalMountPrefix is the path prefix format in the WCOW UVM where mounts are added - WCOWGlobalMountPrefix = "C:\\mounts\\m%d" - // RootfsPath is part of the container's rootfs path - RootfsPath = "rootfs" ) var ( diff --git a/test/vendor/github.com/Microsoft/hcsshim/pkg/securitypolicy/securitypolicyenforcer.go b/test/vendor/github.com/Microsoft/hcsshim/pkg/securitypolicy/securitypolicyenforcer.go index abb6e827c6..1d130777e8 100644 --- a/test/vendor/github.com/Microsoft/hcsshim/pkg/securitypolicy/securitypolicyenforcer.go +++ b/test/vendor/github.com/Microsoft/hcsshim/pkg/securitypolicy/securitypolicyenforcer.go @@ -11,7 +11,7 @@ import ( "strings" "sync" - "github.com/Microsoft/hcsshim/internal/constants" + "github.com/Microsoft/hcsshim/internal/guestpath" "github.com/Microsoft/hcsshim/internal/hooks" "github.com/Microsoft/hcsshim/pkg/annotations" "github.com/google/go-cmp/cmp" @@ -501,9 +501,9 @@ func possibleIndicesForID(containerID string, mapping map[int]map[string]struct{ func getContainerRootInUVM(id string) string { switch runtime.GOOS { case "windows": - return filepath.Join(constants.WCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.WCOWRootPrefixInUVM, id) default: - return filepath.Join(constants.LCOWRootPrefixInUVM, id) + return filepath.Join(guestpath.LCOWRootPrefixInUVM, id) } } @@ -543,8 +543,8 @@ func (pe *StandardSecurityPolicyEnforcer) EnforceExpectedMountsPolicy(containerI var wPaths []string for _, mount := range wMounts { wp := "" - if strings.HasPrefix(mount, constants.SandboxMountPrefix) { - sandboxPath := strings.TrimPrefix(mount, constants.SandboxMountPrefix) + if strings.HasPrefix(mount, guestpath.SandboxMountPrefix) { + sandboxPath := strings.TrimPrefix(mount, guestpath.SandboxMountPrefix) wp = filepath.Join(getContainerRootInUVM(sandboxID), "sandboxMounts", sandboxPath) } else { // Find the corresponding sandbox mount and resolve the path inside UVM. diff --git a/test/vendor/modules.txt b/test/vendor/modules.txt index df8d31c4fe..201ced4412 100644 --- a/test/vendor/modules.txt +++ b/test/vendor/modules.txt @@ -21,7 +21,6 @@ github.com/Microsoft/hcsshim/internal/clone github.com/Microsoft/hcsshim/internal/cmd github.com/Microsoft/hcsshim/internal/cni github.com/Microsoft/hcsshim/internal/computeagent -github.com/Microsoft/hcsshim/internal/constants github.com/Microsoft/hcsshim/internal/copyfile github.com/Microsoft/hcsshim/internal/cow github.com/Microsoft/hcsshim/internal/cpugroup @@ -29,6 +28,7 @@ github.com/Microsoft/hcsshim/internal/credentials github.com/Microsoft/hcsshim/internal/devices github.com/Microsoft/hcsshim/internal/extendedtask github.com/Microsoft/hcsshim/internal/gcs +github.com/Microsoft/hcsshim/internal/guestpath github.com/Microsoft/hcsshim/internal/hcs github.com/Microsoft/hcsshim/internal/hcs/resourcepaths github.com/Microsoft/hcsshim/internal/hcs/schema1