From 404de17ef5360d4598ce8a71bcd17d84a2f3b0f4 Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Wed, 22 Feb 2017 19:42:44 +0100 Subject: [PATCH] server: Reduce createSandboxContainer complexity By factorizing the bind mounts generation code. Signed-off-by: Samuel Ortiz --- server/container_create.go | 58 ++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/server/container_create.go b/server/container_create.go index 33f23269406..f93f17c5244 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -26,6 +26,37 @@ const ( seccompLocalhostPrefix = "localhost/" ) +func addOciBindMounts(sb *sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error { + mounts := containerConfig.GetMounts() + for _, mount := range mounts { + dest := mount.ContainerPath + if dest == "" { + return fmt.Errorf("Mount.ContainerPath is empty") + } + + src := mount.HostPath + if src == "" { + return fmt.Errorf("Mount.HostPath is empty") + } + + options := []string{"rw"} + if mount.Readonly { + options = []string{"ro"} + } + + if mount.SelinuxRelabel { + // Need a way in kubernetes to determine if the volume is shared or private + if err := label.Relabel(src, sb.mountLabel, true); err != nil && err != syscall.ENOTSUP { + return fmt.Errorf("relabel failed %s: %v", src, err) + } + } + + specgen.AddBindMount(src, dest, options) + } + + return nil +} + // CreateContainer creates a new container in specified PodSandbox func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error) { logrus.Debugf("CreateContainerRequest %+v", req) @@ -146,31 +177,8 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, } } - mounts := containerConfig.GetMounts() - for _, mount := range mounts { - dest := mount.ContainerPath - if dest == "" { - return nil, fmt.Errorf("Mount.ContainerPath is empty") - } - - src := mount.HostPath - if src == "" { - return nil, fmt.Errorf("Mount.HostPath is empty") - } - - options := []string{"rw"} - if mount.Readonly { - options = []string{"ro"} - } - - if mount.SelinuxRelabel { - // Need a way in kubernetes to determine if the volume is shared or private - if err := label.Relabel(src, sb.mountLabel, true); err != nil && err != syscall.ENOTSUP { - return nil, fmt.Errorf("relabel failed %s: %v", src, err) - } - } - - specgen.AddBindMount(src, dest, options) + if err := addOciBindMounts(sb, containerConfig, &specgen); err != nil { + return nil, err } labels := containerConfig.GetLabels()