Fix capabilities support. #71

Random-Liu · 2017-06-11T02:17:24Z

The capabilities in CRI and docker doesn't have the CAP_ prefix. However, we need to add it when generating the runtime spec.

With another ExecSync PR I'll send out soon, we can pass the capabilities cri validation test now:

# critest --runtime-endpoint=/var/run/cri-containerd.sock --focus=Capabili validation
Running Suite: E2ECRI Suite
===========================
Random Seed: 1497147284 - Will randomize all specs
Will run 1 of 36 specs

SSSSSSSSSSSSSSSSS
------------------------------
[k8s.io] Security Context runtime should support container with security context 
  runtime should support setting Capability
  /home/lantaol/workspace/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:369
[BeforeEach] [k8s.io] Security Context
  /home/lantaol/workspace/src/github.com/kubernetes-incubator/cri-tools/pkg/framework/framework.go:50
[BeforeEach] [k8s.io] Security Context
  /home/lantaol/workspace/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:49
[It] runtime should support setting Capability
  /home/lantaol/workspace/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:369
STEP: create pod
STEP: create container with security context Capability and test
STEP: create Capability container
STEP: Get image status for image: busybox:1.26
STEP: Pull image : busybox:1.26
STEP: Create container.
Jun 11 02:14:47.629: INFO: Created container "0f7d2fc7b86e3816c237819af959492b25f2ab39f81c222533e586b2ebfddd47"

STEP: Start container for containerID: 0f7d2fc7b86e3816c237819af959492b25f2ab39f81c222533e586b2ebfddd47
Jun 11 02:14:47.754: INFO: Started container "0f7d2fc7b86e3816c237819af959492b25f2ab39f81c222533e586b2ebfddd47"

STEP: Get container status for containerID: 0f7d2fc7b86e3816c237819af959492b25f2ab39f81c222533e586b2ebfddd47
STEP: create container without security context Capability and test
STEP: Get image status for image: busybox:1.26
STEP: Create container.
Jun 11 02:14:47.813: INFO: Created container "20abe0a3e304364ef0aeeb65cb617f1fda3dc82d4f322d0a592801ab415aeb52"

STEP: Start container for containerID: 20abe0a3e304364ef0aeeb65cb617f1fda3dc82d4f322d0a592801ab415aeb52
Jun 11 02:14:47.928: INFO: Started container "20abe0a3e304364ef0aeeb65cb617f1fda3dc82d4f322d0a592801ab415aeb52"

STEP: Get container status for containerID: 20abe0a3e304364ef0aeeb65cb617f1fda3dc82d4f322d0a592801ab415aeb52
[AfterEach] runtime should support container with security context
  /home/lantaol/workspace/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:235
STEP: stop PodSandbox
STEP: delete PodSandbox
[AfterEach] [k8s.io] Security Context
  /home/lantaol/workspace/src/github.com/kubernetes-incubator/cri-tools/pkg/framework/framework.go:51
•SSSSSSSSSSSSSSSSSS
Ran 1 of 36 Specs in 3.215 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 35 Skipped PASS

Ginkgo ran 1 suite in 3.284995122s
Test Suite Passed

/cc @heartlock
Signed-off-by: Lantao Liu [email protected]

mikebrow

LGTM... nit a comment around line 471 explaining why the CAP_ needs to be added

Signed-off-by: Lantao Liu <[email protected]>

Random-Liu · 2017-06-12T16:18:58Z

LGTM... nit a comment around line 471 explaining why the CAP_ needs to be added

Done.

Apply LGTM based on #71 (review).

Fix capabilities support.

…ices Add ability to parse cri config devices for lcow

k8s-ci-robot added the cncf-cla: yes label Jun 11, 2017

Random-Liu assigned mikebrow Jun 11, 2017

Random-Liu added this to the v0.1.0-alpha.1 milestone Jun 11, 2017

mikebrow approved these changes Jun 12, 2017

View reviewed changes

Fix capabilities support.

f247a08

Signed-off-by: Lantao Liu <[email protected]>

Random-Liu force-pushed the fix-capabilities branch from 8d736b2 to f247a08 Compare June 12, 2017 16:19

Random-Liu added the lgtm label Jun 12, 2017

Random-Liu merged commit 9b1708b into containerd:master Jun 12, 2017

Random-Liu deleted the fix-capabilities branch June 12, 2017 16:34

lanchongyizu pushed a commit to lanchongyizu/cri-containerd that referenced this pull request Sep 3, 2017

Merge pull request containerd#71 from Random-Liu/fix-capabilities

6832097

Fix capabilities support.

kevpar pushed a commit to kevpar/cri that referenced this pull request Sep 1, 2020

Merge pull request containerd#71 from katiewasnothere/add_sandbox_dev…

c18a5a3

…ices Add ability to parse cri config devices for lcow

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix capabilities support. #71

Fix capabilities support. #71

Uh oh!

Random-Liu commented Jun 11, 2017 •

edited

Loading

Uh oh!

mikebrow left a comment

Uh oh!

Random-Liu commented Jun 12, 2017 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Fix capabilities support. #71

Fix capabilities support. #71

Uh oh!

Conversation

Random-Liu commented Jun 11, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mikebrow left a comment

Choose a reason for hiding this comment

Uh oh!

Random-Liu commented Jun 12, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Random-Liu commented Jun 11, 2017 •

edited

Loading

Random-Liu commented Jun 12, 2017 •

edited

Loading