add device-remove-all potion

zhouhao · zhouhao · commit 4fad62b3c3a8 · 2017-02-15T09:31:18.000+08:00
Signed-off-by: zhouhao &lt;zhouhao@cn.fujitsu.com&gt;
diff --git a/cmd/oci-runtime-tool/generate.go b/cmd/oci-runtime-tool/generate.go
@@ -28,6 +28,7 @@ var generateFlags = []cli.Flag{
 	cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},
 	cli.StringSliceFlag{Name: "device-add", Usage: "add a device which must be made available in the container"},
 	cli.StringSliceFlag{Name: "device-remove", Usage: "remove a device which must be made available in the container"},
+	cli.StringSliceFlag{Name: "device-remove-all", Usage: "remove all devices which must be made available in the container"},
 	cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},
 	cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},
 	cli.StringSliceFlag{Name: "env-file", Usage: "read in a file of environment variables"},
@@ -529,6 +530,11 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 		}
 	}
 
+
+	if context.Bool("device-remove-all") {
+		g.ClearLinuxDevices()
+	}
+
 	err := addSeccomp(context, g)
 	return err
 }
diff --git a/completions/bash/oci-runtime-tool b/completions/bash/oci-runtime-tool
@@ -364,6 +364,7 @@ _oci-runtime-tool_generate() {
 	"
 
 	local boolean_options="
+		--device-remove-all
 		--disable-oom-kill
 		--linux-namespace-remove-all
 		--no-new-privileges
diff --git a/generate/generate.go b/generate/generate.go
@@ -936,6 +936,15 @@ func (g *Generator) RemoveDevice(dev rspec.Device) error {
 	return nil
 }
 
+// ClearLinuxDevices clear g.spec.Linux.Devices.
+func (g *Generator) ClearLinuxDevices() {
+	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil {
+		return
+	}
+
+	g.spec.Linux.Devices = []rspec.Device{}
+}
+
 // strPtr returns the pointer pointing to the string s.
 func strPtr(s string) *string { return &s }
 
diff --git a/man/oci-runtime-tool-generate.1.md b/man/oci-runtime-tool-generate.1.md
@@ -66,6 +66,9 @@ read the configuration from `config.json`.
   Remove a device file in container.
   This option can be specified multiple times.
 
+**--device-remove-all**=true|false
+  Remove all devices for linux inside the container. The default is *false*.
+
 **--disable-oom-kill**=true|false
   Whether to disable OOM Killer for the container or not.
 

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ var generateFlags = []cli.Flag{`
`28`	`28`	`cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},`
`29`	`29`	`cli.StringSliceFlag{Name: "device-add", Usage: "add a device which must be made available in the container"},`
`30`	`30`	`cli.StringSliceFlag{Name: "device-remove", Usage: "remove a device which must be made available in the container"},`
	`31`	`+ cli.StringSliceFlag{Name: "device-remove-all", Usage: "remove all devices which must be made available in the container"},`
`31`	`32`	`cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},`
`32`	`33`	`cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},`
`33`	`34`	`cli.StringSliceFlag{Name: "env-file", Usage: "read in a file of environment variables"},`
`@@ -529,6 +530,11 @@ func setupSpec(g generate.Generator, context cli.Context) error {`
`529`	`530`	`}`
`530`	`531`	`}`
`531`	`532`
	`533`	`+`
	`534`	`+ if context.Bool("device-remove-all") {`
	`535`	`+ g.ClearLinuxDevices()`
	`536`	`+ }`
	`537`	`+`
`532`	`538`	`err := addSeccomp(context, g)`
`533`	`539`	`return err`
`534`	`540`	`}`
Original file line number	Diff line number	Diff line change
`@@ -364,6 +364,7 @@ _oci-runtime-tool_generate() {`
`364`	`364`	`"`
`365`	`365`
`366`	`366`	`local boolean_options="`
	`367`	`+ --device-remove-all`
`367`	`368`	`--disable-oom-kill`
`368`	`369`	`--linux-namespace-remove-all`
`369`	`370`	`--no-new-privileges`