Linux containers on FreeBSD Obtained from: https://github.com/containerd/containerd/pull/7000 --- oci/spec_opts.go.orig 2022-06-06 17:19:23 UTC +++ oci/spec_opts.go @@ -365,6 +365,7 @@ func WithImageConfigArgs(image Image, args []string) S return fmt.Errorf("unknown image config media type %s", ic.MediaType) } + appendOSMounts(s, ociimage.OS) setProcess(s) if s.Linux != nil { defaults := config.Env --- oci/spec_opts_darwin.go.orig 2022-06-11 11:16:33 UTC +++ oci/spec_opts_darwin.go @@ -0,0 +1,21 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package oci + +func appendOSMounts(s *Spec, os string) error { + return nil +} --- oci/spec_opts_freebsd.go.orig 2022-06-11 11:16:33 UTC +++ oci/spec_opts_freebsd.go @@ -0,0 +1,50 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package oci + +import ( + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// appendOSMounts modifies the mount spec to mount emulated Linux filesystems on FreeBSD, +// as per: https://wiki.freebsd.org/LinuxJails +func appendOSMounts(s *Spec, os string) error { + // No-op for FreeBSD containers + if os != "linux" { + return nil + } + /* The nosuid noexec options are for consistency with Linux mounts: on FreeBSD it is + by default impossible to execute anything from these filesystems. + */ + var mounts = []specs.Mount{ + { + Destination: "/proc", + Type: "linprocfs", + Source: "linprocfs", + Options: []string{"nosuid", "noexec"}, + }, + { + Destination: "/sys", + Type: "linsysfs", + Source: "linsysfs", + Options: []string{"nosuid", "noexec", "nodev"}, + }, + } + + s.Mounts = append(mounts, s.Mounts...) + return nil +} --- oci/spec_opts_linux.go.orig 2022-06-06 17:19:23 UTC +++ oci/spec_opts_linux.go @@ -153,3 +153,7 @@ func WithRdt(closID, l3CacheSchema, memBwSchema string return nil } } + +func appendOSMounts(s *Spec, os string) error { + return nil +} --- platforms/defaults_freebsd.go.orig 2022-06-11 11:16:33 UTC +++ platforms/defaults_freebsd.go @@ -0,0 +1,42 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package platforms + +import ( + specs "github.com/opencontainers/image-spec/specs-go/v1" + "runtime" +) + +// DefaultSpec returns the current platform's default platform specification. +func DefaultSpec() specs.Platform { + return specs.Platform{ + OS: runtime.GOOS, + Architecture: runtime.GOARCH, + // The Variant field will be empty if arch != ARM. + Variant: cpuVariant(), + } +} + +// Default returns the default matcher for the platform. +func Default() MatchComparer { + return Ordered(DefaultSpec(), specs.Platform{ + OS: "linux", + Architecture: runtime.GOARCH, + // The Variant field will be empty if arch != ARM. + Variant: cpuVariant(), + }) +} --- platforms/defaults_unix.go.orig 2022-06-06 17:19:23 UTC +++ platforms/defaults_unix.go @@ -1,5 +1,5 @@ -//go:build !windows && !darwin -// +build !windows,!darwin +//go:build !windows && !darwin && !freebsd +// +build !windows,!darwin,!freebsd /* Copyright The containerd Authors.