Merge pull request #1283 from jeffreyhuang23/issue-1230

Fix issue #1230 (add --oci-worker-binary)

cmd/buildkitd/config/config.go

@@ -76,6 +76,8 @@ type OCIConfig struct {
 	// UserRemapUnsupported is unsupported key for testing. The feature is
 	// incomplete and the intention is to make it default without config.
 	UserRemapUnsupported string `toml:"userRemapUnsupported"`
+	// For use in storing the OCI worker binary name that will replace buildkit-runc
+	Binary string `toml:"binary"`
 }
 
 type ContainerdConfig struct {

cmd/buildkitd/main_oci_worker.go

@@ -70,6 +70,11 @@ func init() {
 			Usage: "path of cni binary files",
 			Value: defaultConf.Workers.OCI.NetworkConfig.CNIBinaryPath,
 		},
+		cli.StringFlag{
+			Name:  "oci-worker-binary",
+			Usage: "name of specified oci worker binary",
+			Value: defaultConf.Workers.OCI.Binary,
+		},
 	}
 	n := "oci-worker-rootless"
 	u := "enable rootless mode"
@@ -180,6 +185,9 @@ func applyOCIFlags(c *cli.Context, cfg *config.Config) error {
 	if c.GlobalIsSet("oci-cni-binary-dir") {
 		cfg.Workers.OCI.NetworkConfig.CNIBinaryPath = c.GlobalString("oci-cni-binary-dir")
 	}
+	if c.GlobalIsSet("oci-worker-binary") {
+		cfg.Workers.OCI.Binary = c.GlobalString("oci-worker-binary")
+	}
 	return nil
 }
 
@@ -232,7 +240,7 @@ func ociWorkerInitializer(c *cli.Context, common workerInitializerOpt) ([]worker
 		},
 	}
 
-	opt, err := runc.NewWorkerOpt(common.config.Root, snFactory, cfg.Rootless, processMode, cfg.Labels, idmapping, nc, dns)
+	opt, err := runc.NewWorkerOpt(common.config.Root, snFactory, cfg.Rootless, processMode, cfg.Labels, idmapping, nc, dns, cfg.Binary)
 	if err != nil {
 		return nil, err
 	}

docs/buildkitd.toml.md

@@ -46,6 +46,9 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
   noProcessSandbox = false
   gc = true
   gckeepstorage = 9000
+  # alternate OCI worker binary name(example 'crun'), by default either 
+  # buildkit-runc or runc binary is used
+  binary = ""
   [worker.oci.labels]
     "foo" = "bar"
 

worker/runc/runc.go

@@ -32,7 +32,7 @@ type SnapshotterFactory struct {
 }
 
 // NewWorkerOpt creates a WorkerOpt.
-func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, processMode oci.ProcessMode, labels map[string]string, idmap *idtools.IdentityMapping, nopt netproviders.Opt, dns *oci.DNSConfig) (base.WorkerOpt, error) {
+func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, processMode oci.ProcessMode, labels map[string]string, idmap *idtools.IdentityMapping, nopt netproviders.Opt, dns *oci.DNSConfig, binary string) (base.WorkerOpt, error) {
 	var opt base.WorkerOpt
 	name := "runc-" + snFactory.Name
 	root = filepath.Join(root, name)
@@ -45,9 +45,18 @@ func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, proc
 		return opt, err
 	}
 
+	// Check if user has specified OCI worker binary; if they have, append it to cmds
+	var cmds []string
+	if binary != "" {
+		cmds = append(cmds, binary)
+	}
+
 	exe, err := runcexecutor.New(runcexecutor.Opt{
 		// Root directory
 		Root: filepath.Join(root, "executor"),
+		// If user has specified OCI worker binary, it will be sent to the runc executor to find and use
+		// Otherwise, a nil array will be sent and the default OCI worker binary will be used
+		CommandCandidates: cmds,
 		// without root privileges
 		Rootless:        rootless,
 		ProcessMode:     processMode,

worker/runc/runc_test.go

@@ -40,7 +40,7 @@ func newWorkerOpt(t *testing.T, processMode oci.ProcessMode) (base.WorkerOpt, fu
 		},
 	}
 	rootless := false
-	workerOpt, err := NewWorkerOpt(tmpdir, snFactory, rootless, processMode, nil, nil, netproviders.Opt{Mode: "host"}, nil)
+	workerOpt, err := NewWorkerOpt(tmpdir, snFactory, rootless, processMode, nil, nil, netproviders.Opt{Mode: "host"}, nil, "")
 	require.NoError(t, err)
 
 	return workerOpt, cleanup