diff --git a/crates/containerd-shim-wasm/src/container/context.rs b/crates/containerd-shim-wasm/src/container/context.rs index 5138c8fd1..97fea259a 100644 --- a/crates/containerd-shim-wasm/src/container/context.rs +++ b/crates/containerd-shim-wasm/src/container/context.rs @@ -1,5 +1,6 @@ use std::path::{Path, PathBuf}; +use oci_spec::image::Platform; use oci_spec::runtime::Spec; use crate::sandbox::oci::WasmLayer; @@ -24,6 +25,8 @@ pub trait RuntimeContext { fn wasi_entrypoint(&self) -> WasiEntrypoint; fn wasm_layers(&self) -> &[WasmLayer]; + + fn platform(&self) -> &Platform; } pub struct WasiEntrypoint { @@ -34,6 +37,7 @@ pub struct WasiEntrypoint { pub(crate) struct WasiContext<'a> { pub spec: &'a Spec, pub wasm_layers: &'a [WasmLayer], + pub platform: &'a Platform, } impl RuntimeContext for WasiContext<'_> { @@ -62,6 +66,10 @@ impl RuntimeContext for WasiContext<'_> { fn wasm_layers(&self) -> &[WasmLayer] { self.wasm_layers } + + fn platform(&self) -> &Platform { + self.platform + } } #[cfg(test)] @@ -86,6 +94,7 @@ mod tests { let ctx = WasiContext { spec: &spec, wasm_layers: &[], + platform: &Platform::default(), }; let args = ctx.args(); @@ -105,6 +114,7 @@ mod tests { let ctx = WasiContext { spec: &spec, wasm_layers: &[], + platform: &Platform::default(), }; let args = ctx.args(); @@ -132,6 +142,7 @@ mod tests { let ctx = WasiContext { spec: &spec, wasm_layers: &[], + platform: &Platform::default(), }; let args = ctx.args(); @@ -153,6 +164,7 @@ mod tests { let ctx = WasiContext { spec: &spec, wasm_layers: &[], + platform: &Platform::default(), }; let path = ctx.wasi_entrypoint().path; @@ -180,6 +192,7 @@ mod tests { let ctx = WasiContext { spec: &spec, wasm_layers: &[], + platform: &Platform::default(), }; let WasiEntrypoint { path, func } = ctx.wasi_entrypoint(); @@ -208,6 +221,7 @@ mod tests { let ctx = WasiContext { spec: &spec, wasm_layers: &[], + platform: &Platform::default(), }; let WasiEntrypoint { path, func } = ctx.wasi_entrypoint(); diff --git a/crates/containerd-shim-wasm/src/sandbox/containerd.rs b/crates/containerd-shim-wasm/src/sandbox/containerd.rs index 381c8982e..187335498 100644 --- a/crates/containerd-shim-wasm/src/sandbox/containerd.rs +++ b/crates/containerd-shim-wasm/src/sandbox/containerd.rs @@ -10,7 +10,7 @@ use containerd_client::services::v1::{GetContainerRequest, GetImageRequest, Read use containerd_client::tonic::transport::Channel; use containerd_client::{tonic, with_namespace}; use futures::TryStreamExt; -use oci_spec::image::{Arch, ImageManifest, ImageConfiguration, MediaType}; +use oci_spec::image::{Arch, ImageManifest, MediaType, Platform}; use tokio::runtime::Runtime; use tonic::Request; @@ -116,7 +116,10 @@ impl Client { // load module will query the containerd store to find an image that has an OS of type 'wasm' // If found it continues to parse the manifest and return the layers that contains the WASM modules // and possibly other configuration layers. - pub fn load_modules(&self, containerd_id: impl ToString) -> Result> { + pub fn load_modules( + &self, + containerd_id: impl ToString, + ) -> Result<(Vec, Platform)> { let image_name = self.get_image(containerd_id.to_string())?; let digest = self.get_image_content_sha(image_name)?; let manifest = self.read_content(digest)?; @@ -126,20 +129,20 @@ impl Client { let image_config_descriptor = manifest.config(); let image_config = self.read_content(image_config_descriptor.digest())?; let image_config = image_config.as_slice(); - let image_config = ImageConfiguration::from_reader(image_config)?; - let arch = image_config.architecture(); - match arch { + // the only part we care about here is the platform values + let platform: Platform = serde_json::from_slice(image_config)?; + match platform.architecture() { Arch::Wasm => { log::info!("found manifest with WASM OCI image format."); } _ => { log::info!("manifest is not in WASM OCI image format"); - return Ok([].to_vec()); + return Ok(([].to_vec(), platform)); } } - manifest + let layers = manifest .layers() .iter() .filter(|x| !is_image_layer_type(x.media_type())) @@ -149,19 +152,25 @@ impl Client { layer: module, }) }) - .collect::>>() + .collect::>>()?; + Ok((layers, platform)) } } -fn is_image_layer_type(media_type: &MediaType)-> bool { +fn is_image_layer_type(media_type: &MediaType) -> bool { match media_type { - MediaType::ImageLayer | - MediaType::ImageLayerGzip | - MediaType::ImageLayerNonDistributable | - MediaType::ImageLayerNonDistributableGzip | - MediaType::ImageLayerNonDistributableZstd | - MediaType::ImageLayerZstd => true, - MediaType::Other(s) if s.as_str().starts_with("application/vnd.docker.image.rootfs.") => true, - _ => false + MediaType::ImageLayer + | MediaType::ImageLayerGzip + | MediaType::ImageLayerNonDistributable + | MediaType::ImageLayerNonDistributableGzip + | MediaType::ImageLayerNonDistributableZstd + | MediaType::ImageLayerZstd => true, + MediaType::Other(s) + if s.as_str() + .starts_with("application/vnd.docker.image.rootfs.") => + { + true + } + _ => false, } } diff --git a/crates/containerd-shim-wasm/src/sys/unix/container/executor.rs b/crates/containerd-shim-wasm/src/sys/unix/container/executor.rs index e6fe0b802..287f74d3c 100644 --- a/crates/containerd-shim-wasm/src/sys/unix/container/executor.rs +++ b/crates/containerd-shim-wasm/src/sys/unix/container/executor.rs @@ -10,6 +10,7 @@ use libcontainer::workload::{ Executor as LibcontainerExecutor, ExecutorError as LibcontainerExecutorError, ExecutorValidationError, }; +use oci_spec::image::Platform; use oci_spec::runtime::Spec; use crate::container::{Engine, PathResolve, RuntimeContext, Stdio, WasiContext}; @@ -28,6 +29,7 @@ pub(crate) struct Executor { stdio: Stdio, inner: OnceCell, wasm_layers: Vec, + platform: Platform, } impl LibcontainerExecutor for Executor { @@ -64,18 +66,24 @@ impl LibcontainerExecutor for Executor { } impl Executor { - pub fn new(engine: E, stdio: Stdio, wasm_layers: Vec) -> Self { + pub fn new(engine: E, stdio: Stdio, wasm_layers: Vec, platform: Platform) -> Self { Self { engine, stdio, inner: Default::default(), wasm_layers, + platform, } } fn ctx<'a>(&'a self, spec: &'a Spec) -> WasiContext<'a> { let wasm_layers = &self.wasm_layers; - WasiContext { spec, wasm_layers } + let platform = &self.platform; + WasiContext { + spec, + wasm_layers, + platform, + } } fn inner(&self, spec: &Spec) -> &InnerExecutor { diff --git a/crates/containerd-shim-wasm/src/sys/unix/container/instance.rs b/crates/containerd-shim-wasm/src/sys/unix/container/instance.rs index dbca437a0..247bb39b5 100644 --- a/crates/containerd-shim-wasm/src/sys/unix/container/instance.rs +++ b/crates/containerd-shim-wasm/src/sys/unix/container/instance.rs @@ -12,6 +12,7 @@ use libcontainer::syscall::syscall::SyscallType; use nix::errno::Errno; use nix::sys::wait::{waitid, Id as WaitID, WaitPidFlag, WaitStatus}; use nix::unistd::Pid; +use oci_spec::image::Platform; use crate::container::Engine; use crate::sandbox::instance_utils::{determine_rootdir, get_instance_root, instance_exists}; @@ -43,15 +44,15 @@ impl SandboxInstance for Instance { let stdio = Stdio::init_from_cfg(cfg)?; // check if container is OCI image with wasm layers and attempt to read the module - let modules = containerd::Client::connect(cfg.get_containerd_address(), &namespace)? + let (modules, platform) = containerd::Client::connect(cfg.get_containerd_address(), &namespace)? .load_modules(&id) .unwrap_or_else(|e| { log::warn!("Error obtaining wasm layers for container {id}. Will attempt to use files inside container image. Error: {e}"); - vec![] + (vec![], Platform::default()) }); ContainerBuilder::new(id.clone(), SyscallType::Linux) - .with_executor(Executor::new(engine, stdio, modules)) + .with_executor(Executor::new(engine, stdio, modules, platform)) .with_root_path(rootdir.clone())? .as_init(&bundle) .with_systemd(false)