server: Reduce createSandboxContainer complexity

By factorizing the bind mounts generation code. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
cri-o · Feb 22, 2017 · 404de17 · 404de17
1 parent dfac363
commit 404de17
Showing 1 changed file with 33 additions and 25 deletions.
diff --git a/server/container_create.go b/server/container_create.go
@@ -26,6 +26,37 @@ const (
 	seccompLocalhostPrefix = "localhost/"
 )
 
+func addOciBindMounts(sb *sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error {
+	mounts := containerConfig.GetMounts()
+	for _, mount := range mounts {
+		dest := mount.ContainerPath
+		if dest == "" {
+			return fmt.Errorf("Mount.ContainerPath is empty")
+		}
+
+		src := mount.HostPath
+		if src == "" {
+			return fmt.Errorf("Mount.HostPath is empty")
+		}
+
+		options := []string{"rw"}
+		if mount.Readonly {
+			options = []string{"ro"}
+		}
+
+		if mount.SelinuxRelabel {
+			// Need a way in kubernetes to determine if the volume is shared or private
+			if err := label.Relabel(src, sb.mountLabel, true); err != nil && err != syscall.ENOTSUP {
+				return fmt.Errorf("relabel failed %s: %v", src, err)
+			}
+		}
+
+		specgen.AddBindMount(src, dest, options)
+	}
+
+	return nil
+}
+
 // CreateContainer creates a new container in specified PodSandbox
 func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error) {
 	logrus.Debugf("CreateContainerRequest %+v", req)
@@ -146,31 +177,8 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 		}
 	}
 
-	mounts := containerConfig.GetMounts()
-	for _, mount := range mounts {
-		dest := mount.ContainerPath
-		if dest == "" {
-			return nil, fmt.Errorf("Mount.ContainerPath is empty")
-		}
-
-		src := mount.HostPath
-		if src == "" {
-			return nil, fmt.Errorf("Mount.HostPath is empty")
-		}
-
-		options := []string{"rw"}
-		if mount.Readonly {
-			options = []string{"ro"}
-		}
-
-		if mount.SelinuxRelabel {
-			// Need a way in kubernetes to determine if the volume is shared or private
-			if err := label.Relabel(src, sb.mountLabel, true); err != nil && err != syscall.ENOTSUP {
-				return nil, fmt.Errorf("relabel failed %s: %v", src, err)
-			}
-		}
-
-		specgen.AddBindMount(src, dest, options)
+	if err := addOciBindMounts(sb, containerConfig, &specgen); err != nil {
+		return nil, err
 	}
 
 	labels := containerConfig.GetLabels()