Merge pull request #1368 from jedevc/userns-to-driver

Userns to driver
docker · Oct 24, 2022 · c924a04 · c924a04
2 parents cc7e11d + 33ef1b3
commit c924a04
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 31 deletions.
diff --git a/driver/docker-container/driver.go b/driver/docker-container/driver.go
@@ -16,7 +16,6 @@ import (
 	"github.com/docker/buildx/util/confutil"
 	"github.com/docker/buildx/util/imagetools"
 	"github.com/docker/buildx/util/progress"
-	"github.com/docker/docker/api/types"
 	dockertypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
@@ -37,7 +36,6 @@ const (
 type Driver struct {
 	driver.InitConfig
 	factory      driver.Factory
-	userNSRemap  bool // true if dockerd is running with userns-remap mode
 	netMode      string
 	image        string
 	cgroupParent string
@@ -84,7 +82,7 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 		if err != nil {
 			return err
 		}
-		rc, err := d.DockerAPI.ImageCreate(ctx, imageName, types.ImageCreateOptions{
+		rc, err := d.DockerAPI.ImageCreate(ctx, imageName, dockertypes.ImageCreateOptions{
 			RegistryAuth: ra,
 		})
 		if err != nil {
@@ -121,19 +119,30 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 				},
 			},
 		}
-		if d.userNSRemap {
-			hc.UsernsMode = "host"
-		}
 		if d.netMode != "" {
 			hc.NetworkMode = container.NetworkMode(d.netMode)
 		}
-		if info, err := d.DockerAPI.Info(ctx); err == nil && info.CgroupDriver == "cgroupfs" {
-			// Place all buildkit containers inside this cgroup by default so limits can be attached
-			// to all build activity on the host.
-			hc.CgroupParent = "/docker/buildx"
-			if d.cgroupParent != "" {
-				hc.CgroupParent = d.cgroupParent
+		if info, err := d.DockerAPI.Info(ctx); err == nil {
+			if info.CgroupDriver == "cgroupfs" {
+				// Place all buildkit containers inside this cgroup by default so limits can be attached
+				// to all build activity on the host.
+				hc.CgroupParent = "/docker/buildx"
+				if d.cgroupParent != "" {
+					hc.CgroupParent = d.cgroupParent
+				}
+			}
+
+			secOpts, err := dockertypes.DecodeSecurityOptions(info.SecurityOptions)
+			if err != nil {
+				return err
+			}
+			for _, f := range secOpts {
+				if f.Name == "userns" {
+					hc.UsernsMode = "host"
+					break
+				}
 			}
+
 		}
 		_, err := d.DockerAPI.ContainerCreate(ctx, cfg, hc, &network.NetworkingConfig{}, nil, d.Name)
 		if err != nil {
@@ -186,7 +195,7 @@ func (d *Driver) wait(ctx context.Context, l progress.SubLogger) error {
 }
 
 func (d *Driver) copyLogs(ctx context.Context, l progress.SubLogger) error {
-	rc, err := d.DockerAPI.ContainerLogs(ctx, d.Name, types.ContainerLogsOptions{
+	rc, err := d.DockerAPI.ContainerLogs(ctx, d.Name, dockertypes.ContainerLogsOptions{
 		ShowStdout: true, ShowStderr: true,
 	})
 	if err != nil {
@@ -219,7 +228,7 @@ func (d *Driver) copyToContainer(ctx context.Context, files map[string][]byte) e
 }
 
 func (d *Driver) exec(ctx context.Context, cmd []string) (string, net.Conn, error) {
-	execConfig := types.ExecConfig{
+	execConfig := dockertypes.ExecConfig{
 		Cmd:          cmd,
 		AttachStdin:  true,
 		AttachStdout: true,
@@ -235,7 +244,7 @@ func (d *Driver) exec(ctx context.Context, cmd []string) (string, net.Conn, erro
 		return "", nil, errors.New("exec ID empty")
 	}
 
-	resp, err := d.DockerAPI.ContainerExecAttach(ctx, execID, types.ExecStartCheck{})
+	resp, err := d.DockerAPI.ContainerExecAttach(ctx, execID, dockertypes.ExecStartCheck{})
 	if err != nil {
 		return "", nil, err
 	}
@@ -262,7 +271,7 @@ func (d *Driver) run(ctx context.Context, cmd []string, stdout, stderr io.Writer
 }
 
 func (d *Driver) start(ctx context.Context, l progress.SubLogger) error {
-	return d.DockerAPI.ContainerStart(ctx, d.Name, types.ContainerStartOptions{})
+	return d.DockerAPI.ContainerStart(ctx, d.Name, dockertypes.ContainerStartOptions{})
 }
 
 func (d *Driver) Info(ctx context.Context) (*driver.Info, error) {

diff --git a/driver/docker-container/factory.go b/driver/docker-container/factory.go
@@ -6,7 +6,6 @@ import (
 	"strings"
 
 	"github.com/docker/buildx/driver"
-	dockertypes "github.com/docker/docker/api/types"
 	dockerclient "github.com/docker/docker/client"
 	"github.com/pkg/errors"
 )
@@ -41,20 +40,6 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 		return nil, errors.Errorf("%s driver requires docker API access", f.Name())
 	}
 	d := &Driver{factory: f, InitConfig: cfg}
-	dockerInfo, err := cfg.DockerAPI.Info(ctx)
-	if err != nil {
-		return nil, err
-	}
-	secOpts, err := dockertypes.DecodeSecurityOptions(dockerInfo.SecurityOptions)
-	if err != nil {
-		return nil, err
-	}
-	for _, f := range secOpts {
-		if f.Name == "userns" {
-			d.userNSRemap = true
-			break
-		}
-	}
 	for k, v := range cfg.DriverOpts {
 		switch {
 		case k == "network":