diff options
| author | John Stephens <johnstep@users.noreply.github.com> | 2018-03-05 15:12:52 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-05 15:12:52 -0800 |
| commit | 3e1505e3e671d35636f7818dc1f41e4a4d429620 (patch) | |
| tree | c811d293bd76a9ad66d10ff89c5c2b55b1e6da8a /plugin | |
| parent | 4b2fb7e394e8ee631394d6c12f8267065f39766b (diff) | |
| parent | 83908836d35b9f85a94489854d7eefd7dce785f8 (diff) | |
| download | docker-3e1505e3e671d35636f7818dc1f41e4a4d429620.tar.gz | |
Merge pull request #36327 from Microsoft/jjh/block-pulling-uplevel
Windows: Block pulling uplevel images
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/backend_linux.go | 15 | ||||
| -rw-r--r-- | plugin/blobstore.go | 8 | ||||
| -rw-r--r-- | plugin/manager.go | 11 |
3 files changed, 24 insertions, 10 deletions
diff --git a/plugin/backend_linux.go b/plugin/backend_linux.go index c86b11f61a..000ee996dc 100644 --- a/plugin/backend_linux.go +++ b/plugin/backend_linux.go @@ -33,6 +33,7 @@ import ( "github.com/docker/docker/plugin/v2" refstore "github.com/docker/docker/reference" digest "github.com/opencontainers/go-digest" + specs "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/net/context" @@ -146,10 +147,15 @@ func (s *tempConfigStore) Get(d digest.Digest) ([]byte, error) { return s.config, nil } -func (s *tempConfigStore) RootFSAndOSFromConfig(c []byte) (*image.RootFS, string, error) { +func (s *tempConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) { return configToRootFS(c) } +func (s *tempConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) { + // TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS + return &specs.Platform{OS: runtime.GOOS}, nil +} + func computePrivileges(c types.PluginConfig) types.PluginPrivileges { var privileges types.PluginPrivileges if c.Network.Type != "null" && c.Network.Type != "bridge" && c.Network.Type != "" { @@ -534,10 +540,15 @@ func (s *pluginConfigStore) Get(d digest.Digest) ([]byte, error) { return ioutil.ReadAll(rwc) } -func (s *pluginConfigStore) RootFSAndOSFromConfig(c []byte) (*image.RootFS, string, error) { +func (s *pluginConfigStore) RootFSFromConfig(c []byte) (*image.RootFS, error) { return configToRootFS(c) } +func (s *pluginConfigStore) PlatformFromConfig(c []byte) (*specs.Platform, error) { + // TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS + return &specs.Platform{OS: runtime.GOOS}, nil +} + type pluginLayerProvider struct { pm *Manager plugin *v2.Plugin diff --git a/plugin/blobstore.go b/plugin/blobstore.go index 1702220704..82d6ce18e6 100644 --- a/plugin/blobstore.go +++ b/plugin/blobstore.go @@ -6,6 +6,7 @@ import ( "io/ioutil" "os" "path/filepath" + "runtime" "github.com/docker/docker/distribution/xfer" "github.com/docker/docker/image" @@ -14,6 +15,7 @@ import ( "github.com/docker/docker/pkg/chrootarchive" "github.com/docker/docker/pkg/progress" "github.com/opencontainers/go-digest" + specs "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/net/context" @@ -178,6 +180,10 @@ func (dm *downloadManager) Put(dt []byte) (digest.Digest, error) { func (dm *downloadManager) Get(d digest.Digest) ([]byte, error) { return nil, fmt.Errorf("digest not found") } -func (dm *downloadManager) RootFSAndOSFromConfig(c []byte) (*image.RootFS, string, error) { +func (dm *downloadManager) RootFSFromConfig(c []byte) (*image.RootFS, error) { return configToRootFS(c) } +func (dm *downloadManager) PlatformFromConfig(c []byte) (*specs.Platform, error) { + // TODO: LCOW/Plugins. This will need revisiting. For now use the runtime OS + return &specs.Platform{OS: runtime.GOOS}, nil +} diff --git a/plugin/manager.go b/plugin/manager.go index 1879a78903..7595e7cbcc 100644 --- a/plugin/manager.go +++ b/plugin/manager.go @@ -8,7 +8,6 @@ import ( "path/filepath" "reflect" "regexp" - "runtime" "sort" "strings" "sync" @@ -353,19 +352,17 @@ func isEqualPrivilege(a, b types.PluginPrivilege) bool { return reflect.DeepEqual(a.Value, b.Value) } -func configToRootFS(c []byte) (*image.RootFS, string, error) { - // TODO @jhowardmsft LCOW - Will need to revisit this. - os := runtime.GOOS +func configToRootFS(c []byte) (*image.RootFS, error) { var pluginConfig types.PluginConfig if err := json.Unmarshal(c, &pluginConfig); err != nil { - return nil, "", err + return nil, err } // validation for empty rootfs is in distribution code if pluginConfig.Rootfs == nil { - return nil, os, nil + return nil, nil } - return rootFSFromPlugin(pluginConfig.Rootfs), os, nil + return rootFSFromPlugin(pluginConfig.Rootfs), nil } func rootFSFromPlugin(pluginfs *types.PluginConfigRootfs) *image.RootFS { |