Ensure exec can find config.json

2024-11-23 09:21:57 +01:00 · 2022-01-16 20:41:22 +01:00 · 2022-01-16 20:41:22 +01:00 · 211c05358c
commit 211c05358c
parent 63f77b2b44
3 changed files with 12 additions and 7 deletions
--- a/crates/libcontainer/src/container/init_builder.rs
+++ b/crates/libcontainer/src/container/init_builder.rs
@ -106,7 +106,8 @@ impl<'a> InitContainerBuilder<'a> {
        let mut spec = Spec::load(&source_spec_path)?;
        Self::validate_spec(&spec).context("failed to validate runtime spec")?;

-        spec.canonicalize_rootfs(&self.bundle)?;
+        spec.canonicalize_rootfs(&self.bundle)
+            .context("failed to canonicalize rootfs")?;
        Ok(spec)
    }

--- a/crates/libcontainer/src/container/tenant_builder.rs
+++ b/crates/libcontainer/src/container/tenant_builder.rs
@ -96,7 +96,7 @@ impl<'a> TenantContainerBuilder<'a> {
            .load_container_state(container_dir.clone())
            .context("failed to load container state")?;
        let mut spec = self
-            .load_init_spec(&container_dir)
+            .load_init_spec(&container)
            .context("failed to load init spec")?;
        self.adapt_spec_for_tenant(&mut spec, &container)
            .context("failed to adapt spec for tenant")?;
@ -146,10 +146,14 @@ impl<'a> TenantContainerBuilder<'a> {
        Ok(container_dir)
    }

-    fn load_init_spec(&self, container_dir: &Path) -> Result<Spec> {
-        let spec_path = container_dir.join("config.json");
+    fn load_init_spec(&self, container: &Container) -> Result<Spec> {
+        let spec_path = container.bundle().join("config.json");

-        let spec = Spec::load(spec_path).context("failed to load spec")?;
+        let mut spec = Spec::load(&spec_path)
+            .with_context(|| format!("failed to load spec from {:?}", spec_path))?;
+
+        spec.canonicalize_rootfs(container.bundle())
+            .context("failed to canonicalize rootfs")?;
        Ok(spec)
    }

--- a/crates/libcontainer/src/process/container_intermediate_process.rs
+++ b/crates/libcontainer/src/process/container_intermediate_process.rs
@ -46,7 +46,7 @@ pub fn container_intermediate_process(
    if let Some(user_namespace) = namespaces.get(LinuxNamespaceType::User) {
        namespaces
            .unshare_or_setns(user_namespace)
-            .with_context(|| format!("Failed to enter user namespace: {:?}", user_namespace))?;
+            .with_context(|| format!("failed to enter user namespace: {:?}", user_namespace))?;
        if user_namespace.path().is_none() {
            log::debug!("creating new user namespace");
            // child needs to be dumpable, otherwise the non root parent is not
@ -80,7 +80,7 @@ pub fn container_intermediate_process(
    if let Some(pid_namespace) = namespaces.get(LinuxNamespaceType::Pid) {
        namespaces
            .unshare_or_setns(pid_namespace)
-            .with_context(|| format!("Failed to enter pid namespace: {:?}", pid_namespace))?;
+            .with_context(|| format!("failed to enter pid namespace: {:?}", pid_namespace))?;
    }

    // We have to record the pid of the child (container init process), since