add device-remove-all option

zhouhao · zhouhao · commit 1a4edce726fb · 2017-02-28T15:48:30.000+08:00
Signed-off-by: zhouhao &lt;zhouhao@cn.fujitsu.com&gt;
diff --git a/cmd/oci-runtime-tool/generate.go b/cmd/oci-runtime-tool/generate.go
@@ -28,6 +28,7 @@ var generateFlags = []cli.Flag{
 	cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},
 	cli.StringSliceFlag{Name: "device-add", Usage: "add a device which must be made available in the container"},
 	cli.StringSliceFlag{Name: "device-remove", Usage: "remove a device which must be made available in the container"},
+	cli.BoolFlag{Name: "device-remove-all", Usage: "remove all devices which must be made available in the container"},
 	cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},
 	cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},
 	cli.StringSliceFlag{Name: "env-file", Usage: "read in a file of environment variables"},
@@ -524,6 +525,10 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 		}
 	}
 
+	if context.Bool("device-remove-all") {
+		g.ClearLinuxDevices()
+	}
+
 	err := addSeccomp(context, g)
 	return err
 }
@@ -655,7 +660,7 @@ var deviceType = map[string]bool{
 	"p": true, // a FIFO
 }
 
-// parseDevice takes the raw string passed with the --device flag
+// parseDevice takes the raw string passed with the --device-add flag
 func parseDevice(device string, g *generate.Generator) (rspec.Device, error) {
 	dev := rspec.Device{}
 
diff --git a/completions/bash/oci-runtime-tool b/completions/bash/oci-runtime-tool
@@ -364,6 +364,7 @@ _oci-runtime-tool_generate() {
 	"
 
 	local boolean_options="
+		--device-remove-all
 		--disable-oom-kill
 		--linux-namespace-remove-all
 		--no-new-privileges
diff --git a/generate/generate.go b/generate/generate.go
@@ -932,7 +932,7 @@ func (g *Generator) AddDevice(device rspec.Device) {
 }
 
 //RemoveDevice remove a device from g.spec.Linux.Devices
-func(g *Generator) RemoveDevice(path string) error {
+func (g *Generator) RemoveDevice(path string) error {
 	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil {
 		return nil
 	}
@@ -946,6 +946,13 @@ func(g *Generator) RemoveDevice(path string) error {
 	return nil
 }
 
+func (g *Generator) ClearLinuxDevices() {
+	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil {
+		return
+	}
+
+	g.spec.Linux.Devices = []rspec.Device{}
+}
 
 // strPtr returns the pointer pointing to the string s.
 func strPtr(s string) *string { return &s }
diff --git a/man/oci-runtime-tool-generate.1.md b/man/oci-runtime-tool-generate.1.md
@@ -66,6 +66,9 @@ read the configuration from `config.json`.
   Remove a device file in container.
   This option can be specified multiple times.
 
+**--device-remove-all**=true|false
+  Remove all devices for linux inside the container. The default is *false*.
+
 **--disable-oom-kill**=true|false
   Whether to disable OOM Killer for the container or not.
 

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ var generateFlags = []cli.Flag{`
`28`	`28`	`cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},`
`29`	`29`	`cli.StringSliceFlag{Name: "device-add", Usage: "add a device which must be made available in the container"},`
`30`	`30`	`cli.StringSliceFlag{Name: "device-remove", Usage: "remove a device which must be made available in the container"},`
	`31`	`+ cli.BoolFlag{Name: "device-remove-all", Usage: "remove all devices which must be made available in the container"},`
`31`	`32`	`cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},`
`32`	`33`	`cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},`
`33`	`34`	`cli.StringSliceFlag{Name: "env-file", Usage: "read in a file of environment variables"},`
`@@ -524,6 +525,10 @@ func setupSpec(g generate.Generator, context cli.Context) error {`
`524`	`525`	`}`
`525`	`526`	`}`
`526`	`527`
	`528`	`+ if context.Bool("device-remove-all") {`
	`529`	`+ g.ClearLinuxDevices()`
	`530`	`+ }`
	`531`	`+`
`527`	`532`	`err := addSeccomp(context, g)`
`528`	`533`	`return err`
`529`	`534`	`}`
`@@ -655,7 +660,7 @@ var deviceType = map[string]bool{`
`655`	`660`	`"p": true, // a FIFO`
`656`	`661`	`}`
`657`	`662`
`658`		`-// parseDevice takes the raw string passed with the --device flag`
	`663`	`+// parseDevice takes the raw string passed with the --device-add flag`
`659`	`664`	`func parseDevice(device string, g *generate.Generator) (rspec.Device, error) {`
`660`	`665`	`dev := rspec.Device{}`
`661`	`666`
Original file line number	Diff line number	Diff line change
`@@ -364,6 +364,7 @@ _oci-runtime-tool_generate() {`
`364`	`364`	`"`
`365`	`365`
`366`	`366`	`local boolean_options="`
	`367`	`+ --device-remove-all`
`367`	`368`	`--disable-oom-kill`
`368`	`369`	`--linux-namespace-remove-all`
`369`	`370`	`--no-new-privileges`
Original file line number	Diff line number	Diff line change
`@@ -932,7 +932,7 @@ func (g *Generator) AddDevice(device rspec.Device) {`
`932`	`932`	`}`
`933`	`933`
`934`	`934`	`//RemoveDevice remove a device from g.spec.Linux.Devices`
`935`		`-func(g *Generator) RemoveDevice(path string) error {`
	`935`	`+func (g *Generator) RemoveDevice(path string) error {`
`936`	`936`	`if g.spec == nil \|\| g.spec.Linux == nil \|\| g.spec.Linux.Devices == nil {`
`937`	`937`	`return nil`
`938`	`938`	`}`
`@@ -946,6 +946,13 @@ func(g *Generator) RemoveDevice(path string) error {`
`946`	`946`	`return nil`
`947`	`947`	`}`
`948`	`948`
	`949`	`+func (g *Generator) ClearLinuxDevices() {`
	`950`	`+ if g.spec == nil \|\| g.spec.Linux == nil \|\| g.spec.Linux.Devices == nil {`
	`951`	`+ return`
	`952`	`+ }`
	`953`	`+`
	`954`	`+ g.spec.Linux.Devices = []rspec.Device{}`
	`955`	`+}`
`949`	`956`
`950`	`957`	`// strPtr returns the pointer pointing to the string s.`
`951`	`958`	`func strPtr(s string) *string { return &s }`