From 668f5d53481fafafe6b74a19080413816b91b275 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 24 Aug 2023 12:58:34 +0200 Subject: [PATCH] features: Support mountExtensions This PR upstream added the spec for the mountExtensions feature field: https://github.com/opencontainers/runtime-spec/pull/1219 This commit just implements that and updates the OCI max version implemented to the one currently used in the spec (an unreleased version). It is not clear if in the future, the version of unreleased specs will be changed to something else: https://github.com/opencontainers/runtime-spec/pull/1221 But this is what is currently accepted. Signed-off-by: Rodrigo Campos --- src/libcrun/container.c | 5 ++++- src/libcrun/container.h | 11 +++++++++++ src/oci_features.c | 15 +++++++++++++++ tests/test_oci_features.py | 7 ++++++- 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/libcrun/container.c b/src/libcrun/container.c index 37e59312bb..401b75ed6b 100644 --- a/src/libcrun/container.c +++ b/src/libcrun/container.c @@ -3886,7 +3886,7 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info // Hardcoded feature information (*info)->oci_version_min = xstrdup ("1.0.0"); - (*info)->oci_version_max = xstrdup ("1.1.0"); + (*info)->oci_version_max = xstrdup ("1.1.0+dev"); // Populate hooks populate_array_field (&((*info)->hooks), hooks, num_hooks); @@ -3925,6 +3925,9 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info (*info)->linux.apparmor.enabled = true; (*info)->linux.selinux.enabled = true; + // Put the values for mount extensions + (*info)->linux.mount_ext.idmap.enabled = true; + // Populate the values for annotations #ifdef HAVE_SECCOMP { diff --git a/src/libcrun/container.h b/src/libcrun/container.h index 2511d0a0f0..8d87052a14 100644 --- a/src/libcrun/container.h +++ b/src/libcrun/container.h @@ -121,6 +121,16 @@ struct selinux_info_s bool enabled; }; +struct idmap_info_s +{ + bool enabled; +}; + +struct mount_ext_info_s +{ + struct idmap_info_s idmap; +}; + struct linux_info_s { char **namespaces; @@ -129,6 +139,7 @@ struct linux_info_s struct seccomp_info_s seccomp; struct apparmor_info_s apparmor; struct selinux_info_s selinux; + struct mount_ext_info_s mount_ext; }; struct annotations_info_s diff --git a/src/oci_features.c b/src/oci_features.c index f62c108841..b13449b421 100644 --- a/src/oci_features.c +++ b/src/oci_features.c @@ -170,6 +170,20 @@ crun_features_add_selinux_info (yajl_gen json_gen, const struct linux_info_s *li yajl_gen_map_close (json_gen); } +void +crun_features_add_mount_ext_info (yajl_gen json_gen, const struct linux_info_s *linux) +{ + yajl_gen_string (json_gen, (const unsigned char *) "mountExtensions", strlen ("mountExtensions")); + yajl_gen_map_open (json_gen); + + yajl_gen_string (json_gen, (const unsigned char *) "idmap", strlen ("idmap")); + yajl_gen_map_open (json_gen); + add_bool_to_json (json_gen, "enabled", linux->mount_ext.idmap.enabled); + yajl_gen_map_close (json_gen); + + yajl_gen_map_close (json_gen); +} + void crun_features_add_linux_info (yajl_gen json_gen, const struct linux_info_s *linux) { @@ -182,6 +196,7 @@ crun_features_add_linux_info (yajl_gen json_gen, const struct linux_info_s *linu crun_features_add_seccomp_info (json_gen, linux); crun_features_add_apparmor_info (json_gen, linux); crun_features_add_selinux_info (json_gen, linux); + crun_features_add_mount_ext_info (json_gen, linux); yajl_gen_map_close (json_gen); } diff --git a/tests/test_oci_features.py b/tests/test_oci_features.py index 3188175c50..59ca7b4899 100644 --- a/tests/test_oci_features.py +++ b/tests/test_oci_features.py @@ -45,7 +45,7 @@ def test_crun_features(): features = json.loads(output) expected_features = { "ociVersionMin": "1.0.0", - "ociVersionMax": "1.1.0", + "ociVersionMax": "1.1.0+dev", "hooks": [ "prestart", "createRuntime", @@ -155,6 +155,11 @@ def test_crun_features(): }, "selinux": { "enabled": True + }, + "mountExtensions": { + "idmap": { + "enabled": True, + }, } }, "annotations": {