diff --git a/generate/generate.go b/generate/generate.go index 8cf98179e..531cca488 100644 --- a/generate/generate.go +++ b/generate/generate.go @@ -110,7 +110,7 @@ func New() Generator { Options: []string{"nosuid", "noexec", "nodev", "ro"}, }, }, - Linux: rspec.Linux{ + Linux: &rspec.Linux{ Resources: &rspec.Resources{ Devices: []rspec.DeviceCgroup{ { @@ -181,6 +181,16 @@ func (g Generator) GetSpec() *rspec.Spec { // Save writes the spec into w. func (g Generator) Save(w io.Writer) error { + if g.spec.Linux != nil { + buf, err := json.Marshal(spec.Linux) + if err != nil { + return err + } + if string(buf) == "{}" { + spec.Linux = nil + } + } + data, err := json.MarshalIndent(g.spec, "", "\t") if err != nil { return err @@ -334,21 +344,33 @@ func (g Generator) SetProcessSelinuxLabel(label string) { // SetLinuxCgroupsPath sets g.spec.Linux.CgroupsPath. func (g Generator) SetLinuxCgroupsPath(path string) { + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.CgroupsPath = strPtr(path) } // SetLinuxMountLabel sets g.spec.Linux.MountLabel. func (g Generator) SetLinuxMountLabel(label string) { + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.MountLabel = label } // ClearLinuxSysctl clears g.spec.Linux.Sysctl. func (g Generator) ClearLinuxSysctl() { + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.Sysctl = make(map[string]string) } // AddLinuxSysctl adds a new sysctl config into g.spec.Linux.Sysctl. func (g Generator) AddLinuxSysctl(s string) error { + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } if g.spec.Linux.Sysctl == nil { g.spec.Linux.Sysctl = make(map[string]string) } @@ -363,7 +385,7 @@ func (g Generator) AddLinuxSysctl(s string) error { // RemoveLinuxSysctl removes a sysctl config from g.spec.Linux.Sysctl. func (g Generator) RemoveLinuxSysctl(key string) { - if g.spec.Linux.Sysctl == nil { + if g.spec.Linux == nil || g.spec.Linux.Sysctl == nil { return } delete(g.spec.Linux.Sysctl, key) @@ -384,6 +406,9 @@ func (g Generator) SetLinuxSeccompDefault(sdefault string) error { "SCMP_ACT_ALLOW") } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } if g.spec.Linux.Seccomp == nil { g.spec.Linux.Seccomp = &rspec.Seccomp{} } @@ -418,7 +443,7 @@ func checkSeccompArch(arch string) error { // ClearLinuxSeccompArch clears g.spec.Linux.Seccomp.Architectures. func (g Generator) ClearLinuxSeccompArch() { - if g.spec.Linux.Seccomp == nil { + if g.spec.Linux == nil || g.spec.Linux.Seccomp == nil { return } @@ -431,6 +456,9 @@ func (g Generator) AddLinuxSeccompArch(sArch string) error { return err } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } if g.spec.Linux.Seccomp == nil { g.spec.Linux.Seccomp = &rspec.Seccomp{} } @@ -446,7 +474,7 @@ func (g Generator) RemoveSeccompArch(sArch string) error { return err } - if g.spec.Linux.Seccomp == nil { + if g.spec.Linux == nil || g.spec.Linux.Seccomp == nil { return nil } @@ -546,7 +574,7 @@ func parseSeccompSyscall(s string) (rspec.Syscall, error) { // ClearLinuxSeccompSyscall clears g.spec.Linux.Seccomp.Syscalls. func (g Generator) ClearLinuxSeccompSyscall() { - if g.spec.Linux.Seccomp == nil { + if g.spec.Linux == nil || g.spec.Linux.Seccomp == nil { return } @@ -560,6 +588,9 @@ func (g Generator) AddLinuxSeccompSyscall(sSyscall string) error { return err } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } if g.spec.Linux.Seccomp == nil { g.spec.Linux.Seccomp = &rspec.Seccomp{} } @@ -570,6 +601,9 @@ func (g Generator) AddLinuxSeccompSyscall(sSyscall string) error { // AddLinuxSeccompSyscallAllow adds seccompAllow into g.spec.Linux.Seccomp.Syscalls. func (g Generator) AddLinuxSeccompSyscallAllow(seccompAllow string) { + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } if g.spec.Linux.Seccomp == nil { g.spec.Linux.Seccomp = &rspec.Seccomp{} } @@ -583,6 +617,9 @@ func (g Generator) AddLinuxSeccompSyscallAllow(seccompAllow string) { // AddLinuxSeccompSyscallErrno adds seccompErrno into g.spec.Linux.Seccomp.Syscalls. func (g Generator) AddLinuxSeccompSyscallErrno(seccompErrno string) { + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } if g.spec.Linux.Seccomp == nil { g.spec.Linux.Seccomp = &rspec.Seccomp{} } @@ -597,7 +634,7 @@ func (g Generator) AddLinuxSeccompSyscallErrno(seccompErrno string) { // RemoveSeccompSyscallByName removes all the seccomp syscalls with the given // name from g.spec.Linux.Seccomp.Syscalls. func (g Generator) RemoveSeccompSyscallByName(name string) error { - if g.spec.Linux.Seccomp == nil { + if g.spec.Linux == nil || g.spec.Linux.Seccomp == nil { return nil } @@ -614,7 +651,7 @@ func (g Generator) RemoveSeccompSyscallByName(name string) error { // RemoveSeccompSyscallByAction removes all the seccomp syscalls with the given // action from g.spec.Linux.Seccomp.Syscalls. func (g Generator) RemoveSeccompSyscallByAction(action string) error { - if g.spec.Linux.Seccomp == nil { + if g.spec.Linux == nil || g.spec.Linux.Seccomp == nil { return nil } @@ -635,7 +672,7 @@ func (g Generator) RemoveSeccompSyscallByAction(action string) error { // RemoveSeccompSyscall removes all the seccomp syscalls with the given // name and action from g.spec.Linux.Seccomp.Syscalls. func (g Generator) RemoveSeccompSyscall(name string, action string) error { - if g.spec.Linux.Seccomp == nil { + if g.spec.Linux == nil || g.spec.Linux.Seccomp == nil { return nil } @@ -685,6 +722,9 @@ func parseIDMapping(idms string) (rspec.IDMapping, error) { // ClearLinuxUIDMappings clear g.spec.Linux.UIDMappings. func (g Generator) ClearLinuxUIDMappings() { + if g.spec.Linux == nil { + return + } g.spec.Linux.UIDMappings = []rspec.IDMapping{} } @@ -695,12 +735,18 @@ func (g Generator) AddLinuxUIDMapping(uidMap string) error { return err } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.UIDMappings = append(g.spec.Linux.UIDMappings, r) return nil } // ClearLinuxGIDMappings clear g.spec.Linux.GIDMappings. func (g Generator) ClearLinuxGIDMappings() { + if g.spec.Linux == nil { + return + } g.spec.Linux.GIDMappings = []rspec.IDMapping{} } @@ -711,6 +757,9 @@ func (g Generator) AddLinuxGIDMapping(gidMap string) error { return err } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.GIDMappings = append(g.spec.Linux.GIDMappings, r) return nil } @@ -728,6 +777,9 @@ func (g Generator) SetLinuxRootPropagation(rp string) error { default: return fmt.Errorf("rootfs-propagation must be empty or one of private|rprivate|slave|rslave|shared|rshared") } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.RootfsPropagation = rp return nil } @@ -849,6 +901,9 @@ func (g Generator) SetupPrivileged(privileged bool) { g.spec.Process.Capabilities = finalCapList g.spec.Process.SelinuxLabel = "" g.spec.Process.ApparmorProfile = "" + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } g.spec.Linux.Seccomp = nil } } @@ -934,6 +989,9 @@ func mapStrToNamespace(ns string, path string) (rspec.Namespace, error) { // ClearLinuxNamespaces clear g.spec.Linux.Namespaces. func (g Generator) ClearLinuxNamespaces() { + if g.spec.Linux == nil { + return + } g.spec.Linux.Namespaces = []rspec.Namespace{} } @@ -945,6 +1003,9 @@ func (g Generator) AddOrReplaceLinuxNamespace(ns string, path string) error { return err } + if g.spec.Linux == nil { + g.spec.Linux = &rspec.Linux{} + } for i, ns := range g.spec.Linux.Namespaces { if ns.Type == namespace.Type { g.spec.Linux.Namespaces[i] = namespace @@ -962,6 +1023,9 @@ func (g Generator) RemoveLinuxNamespace(ns string) error { return err } + if g.spec.Linux == nil { + return nil + } for i, ns := range g.spec.Linux.Namespaces { if ns.Type == namespace.Type { g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces[:i], g.spec.Linux.Namespaces[i+1:]...)