diff --git a/cmd/buildkitd/config/config.go b/cmd/buildkitd/config/config.go index 03c71c31..97ba3f5b 100644 --- a/cmd/buildkitd/config/config.go +++ b/cmd/buildkitd/config/config.go @@ -76,6 +76,8 @@ type OCIConfig struct { // UserRemapUnsupported is unsupported key for testing. The feature is // incomplete and the intention is to make it default without config. UserRemapUnsupported string `toml:"userRemapUnsupported"` + // For use in storing the OCI worker binary name that will replace buildkit-runc + Binary string `toml:"binary"` } type ContainerdConfig struct { diff --git a/cmd/buildkitd/main_oci_worker.go b/cmd/buildkitd/main_oci_worker.go index c8bf6bdd..2ba68bba 100644 --- a/cmd/buildkitd/main_oci_worker.go +++ b/cmd/buildkitd/main_oci_worker.go @@ -70,6 +70,11 @@ func init() { Usage: "path of cni binary files", Value: defaultConf.Workers.OCI.NetworkConfig.CNIBinaryPath, }, + cli.StringFlag{ + Name: "oci-worker-binary", + Usage: "name of specified oci worker binary", + Value: defaultConf.Workers.OCI.Binary, + }, } n := "oci-worker-rootless" u := "enable rootless mode" @@ -180,6 +185,9 @@ func applyOCIFlags(c *cli.Context, cfg *config.Config) error { if c.GlobalIsSet("oci-cni-binary-dir") { cfg.Workers.OCI.NetworkConfig.CNIBinaryPath = c.GlobalString("oci-cni-binary-dir") } + if c.GlobalIsSet("oci-worker-binary") { + cfg.Workers.OCI.Binary = c.GlobalString("oci-worker-binary") + } return nil } @@ -232,7 +240,7 @@ func ociWorkerInitializer(c *cli.Context, common workerInitializerOpt) ([]worker }, } - opt, err := runc.NewWorkerOpt(common.config.Root, snFactory, cfg.Rootless, processMode, cfg.Labels, idmapping, nc, dns) + opt, err := runc.NewWorkerOpt(common.config.Root, snFactory, cfg.Rootless, processMode, cfg.Labels, idmapping, nc, dns, cfg.Binary) if err != nil { return nil, err } diff --git a/docs/buildkitd.toml.md b/docs/buildkitd.toml.md index 5836f7e4..bdf2cc7e 100644 --- a/docs/buildkitd.toml.md +++ b/docs/buildkitd.toml.md @@ -46,6 +46,9 @@ insecure-entitlements = [ "network.host", "security.insecure" ] noProcessSandbox = false gc = true gckeepstorage = 9000 + # alternate OCI worker binary name(example 'crun'), by default either + # buildkit-runc or runc binary is used + binary = "" [worker.oci.labels] "foo" = "bar" diff --git a/worker/runc/runc.go b/worker/runc/runc.go index b80e93ac..0cbbc72f 100644 --- a/worker/runc/runc.go +++ b/worker/runc/runc.go @@ -32,7 +32,7 @@ type SnapshotterFactory struct { } // NewWorkerOpt creates a WorkerOpt. -func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, processMode oci.ProcessMode, labels map[string]string, idmap *idtools.IdentityMapping, nopt netproviders.Opt, dns *oci.DNSConfig) (base.WorkerOpt, error) { +func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, processMode oci.ProcessMode, labels map[string]string, idmap *idtools.IdentityMapping, nopt netproviders.Opt, dns *oci.DNSConfig, binary string) (base.WorkerOpt, error) { var opt base.WorkerOpt name := "runc-" + snFactory.Name root = filepath.Join(root, name) @@ -45,9 +45,18 @@ func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, proc return opt, err } + // Check if user has specified OCI worker binary; if they have, append it to cmds + var cmds []string + if binary != "" { + cmds = append(cmds, binary) + } + exe, err := runcexecutor.New(runcexecutor.Opt{ // Root directory Root: filepath.Join(root, "executor"), + // If user has specified OCI worker binary, it will be sent to the runc executor to find and use + // Otherwise, a nil array will be sent and the default OCI worker binary will be used + CommandCandidates: cmds, // without root privileges Rootless: rootless, ProcessMode: processMode, diff --git a/worker/runc/runc_test.go b/worker/runc/runc_test.go index 7fb2d277..cbb94532 100644 --- a/worker/runc/runc_test.go +++ b/worker/runc/runc_test.go @@ -40,7 +40,7 @@ func newWorkerOpt(t *testing.T, processMode oci.ProcessMode) (base.WorkerOpt, fu }, } rootless := false - workerOpt, err := NewWorkerOpt(tmpdir, snFactory, rootless, processMode, nil, nil, netproviders.Opt{Mode: "host"}, nil) + workerOpt, err := NewWorkerOpt(tmpdir, snFactory, rootless, processMode, nil, nil, netproviders.Opt{Mode: "host"}, nil, "") require.NoError(t, err) return workerOpt, cleanup