Merge pull request #2189 from thaJeztah/replace_deprecated_userns
replace uses of deprecated containerd/sys.RunningInUserNS()v0.9
Tõnis Tiigi
GitHub
commit
573f1b1255
|
|
@ -17,6 +17,7 @@ import (
|
|||
|
||||
"github.com/BurntSushi/toml"
|
||||
"github.com/containerd/containerd/pkg/seed"
|
||||
"github.com/containerd/containerd/pkg/userns"
|
||||
"github.com/containerd/containerd/platforms"
|
||||
"github.com/containerd/containerd/remotes/docker"
|
||||
"github.com/containerd/containerd/sys"
|
||||
|
|
@ -119,7 +120,7 @@ func main() {
|
|||
}
|
||||
|
||||
rootlessUsage := "set all the default options to be compatible with rootless containers"
|
||||
if sys.RunningInUserNS() {
|
||||
if userns.RunningInUserNS() {
|
||||
app.Flags = append(app.Flags, cli.BoolTFlag{
|
||||
Name: "rootless",
|
||||
Usage: rootlessUsage + " (default: true)",
|
||||
|
|
@ -355,7 +356,7 @@ func serveGRPC(cfg config.GRPCConfig, server *grpc.Server, errCh chan error) err
|
|||
}
|
||||
|
||||
func defaultConfigPath() string {
|
||||
if sys.RunningInUserNS() {
|
||||
if userns.RunningInUserNS() {
|
||||
return filepath.Join(appdefaults.UserConfigDir(), "buildkitd.toml")
|
||||
}
|
||||
return filepath.Join(appdefaults.ConfigDir, "buildkitd.toml")
|
||||
|
|
@ -409,7 +410,7 @@ func setDefaultConfig(cfg *config.Config) {
|
|||
cfg.Workers.OCI.NetworkConfig = setDefaultNetworkConfig(cfg.Workers.OCI.NetworkConfig)
|
||||
cfg.Workers.Containerd.NetworkConfig = setDefaultNetworkConfig(cfg.Workers.Containerd.NetworkConfig)
|
||||
|
||||
if sys.RunningInUserNS() {
|
||||
if userns.RunningInUserNS() {
|
||||
// if buildkitd is being executed as the mapped-root (not only EUID==0 but also $USER==root)
|
||||
// in a user namespace, we need to enable the rootless mode but
|
||||
// we don't want to honor $HOME for setting up default paths.
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
snapshotsapi "github.com/containerd/containerd/api/services/snapshots/v1"
|
||||
"github.com/containerd/containerd/defaults"
|
||||
"github.com/containerd/containerd/pkg/dialer"
|
||||
"github.com/containerd/containerd/pkg/userns"
|
||||
"github.com/containerd/containerd/reference"
|
||||
"github.com/containerd/containerd/remotes/docker"
|
||||
ctdsnapshot "github.com/containerd/containerd/snapshots"
|
||||
|
|
@ -23,7 +24,6 @@ import (
|
|||
"github.com/containerd/containerd/snapshots/overlay"
|
||||
"github.com/containerd/containerd/snapshots/overlay/overlayutils"
|
||||
snproxy "github.com/containerd/containerd/snapshots/proxy"
|
||||
"github.com/containerd/containerd/sys"
|
||||
fuseoverlayfs "github.com/containerd/fuse-overlayfs-snapshotter"
|
||||
sgzfs "github.com/containerd/stargz-snapshotter/fs"
|
||||
sgzconf "github.com/containerd/stargz-snapshotter/fs/config"
|
||||
|
|
@ -110,7 +110,7 @@ func init() {
|
|||
}
|
||||
n := "oci-worker-rootless"
|
||||
u := "enable rootless mode"
|
||||
if sys.RunningInUserNS() {
|
||||
if userns.RunningInUserNS() {
|
||||
flags = append(flags, cli.BoolTFlag{
|
||||
Name: n,
|
||||
Usage: u,
|
||||
|
|
@ -189,7 +189,7 @@ func applyOCIFlags(c *cli.Context, cfg *config.Config) error {
|
|||
cfg.Workers.OCI.Rootless = c.GlobalBool("rootless")
|
||||
}
|
||||
if c.GlobalIsSet("oci-worker-rootless") {
|
||||
if !sys.RunningInUserNS() || os.Geteuid() > 0 {
|
||||
if !userns.RunningInUserNS() || os.Geteuid() > 0 {
|
||||
return errors.New("rootless mode requires to be executed as the mapped root in a user namespace; you may use RootlessKit for setting up the namespace")
|
||||
}
|
||||
cfg.Workers.OCI.Rootless = c.GlobalBool("oci-worker-rootless")
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/containerd/containerd/mount"
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/containerd/containerd/pkg/userns"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/moby/buildkit/cache"
|
||||
"github.com/moby/buildkit/cache/metadata"
|
||||
|
|
@ -314,7 +314,7 @@ func (sm *secretMountInstance) Mount() ([]mount.Mount, func() error, error) {
|
|||
Options: []string{"nodev", "nosuid", "noexec", fmt.Sprintf("uid=%d,gid=%d", os.Geteuid(), os.Getegid())},
|
||||
}
|
||||
|
||||
if sys.RunningInUserNS() {
|
||||
if userns.RunningInUserNS() {
|
||||
tmpMount.Options = nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import (
|
|||
|
||||
"github.com/containerd/containerd/containers"
|
||||
"github.com/containerd/containerd/oci"
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/containerd/containerd/pkg/userns"
|
||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
@ -80,7 +80,7 @@ func WithInsecureSpec() oci.SpecOpts {
|
|||
},
|
||||
}
|
||||
|
||||
if !sys.RunningInUserNS() {
|
||||
if !userns.RunningInUserNS() {
|
||||
// Devices automatically mounted on insecure mode
|
||||
s.Linux.Devices = append(s.Linux.Devices, []specs.LinuxDevice{
|
||||
// Writes to this come out as printk's, reads export the buffered printk records. (dmesg)
|
||||
|
|
|
|||
Loading…
Reference in New Issue