DBUS API required for GNOI Containerz.StartContainer #182
Conversation
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Not like this |
hdwhdw
force-pushed
the
start_container
branch
from
aa58d1b to
be293f9
Compare
hdwhdw
force-pushed
the
start_container
branch
from
be293f9 to
a9864f2
Compare
|
Force push to reset author |
There was a problem hiding this comment.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.
Comments skipped due to low confidence (2)
host_modules/docker_service.py:200
- The error message should use the 'image' variable instead of 'container'.
return 1, "Failed to run container {}: {}".format(image, str(e))
host_modules/docker_service.py:190
- The error message should specify that the command must be an empty string.
return errno.EPERM, "Only empty command is allowed to be managed by this service."
There was a problem hiding this comment.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.
Comments skipped due to low confidence (1)
host_modules/docker_service.py:190
- [nitpick] The error message could be more descriptive. Consider rephrasing it to: "Only an empty string command is allowed. Non-empty commands are not permitted by this service."
return errno.EPERM, "Only empty string command is allowed to be managed by this service."
There was a problem hiding this comment.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.
Comments skipped due to low confidence (1)
tests/host_modules/docker_service_test.py:281
- The command should be an empty string to correctly test the image not allowed scenario.
rc, msg = docker_service.run("wrong_image_name", "command", {})
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
The stop, kill, and restart methods have repetitive code for fetching the container and checking if it is allowed. This could be refactored into a helper function to improve readability and maintainability. Refers to: host_modules/docker_service.py:85 in 68cf038. [](commit_id = 68cf038, deletion_comment = False) |
The code uses return statements to indicate success or failure, but it would benefit from logging critical operations (e.g., container stop/restart, errors) at appropriate levels (INFO/WARN/ERROR). This would make debugging and monitoring easier. Refers to: host_modules/docker_service.py:106 in 68cf038. [](commit_id = 68cf038, deletion_comment = False) |
| @host_service.method( | ||
| host_service.bus_name(MOD_NAME), in_signature="ssa{sv}", out_signature="is" | ||
| ) | ||
| def run(self, image, command, kwargs): |
There was a problem hiding this comment.
This method allows passing kwargs directly to docker.containers.run. This could lead to potential security issues if not properly validated. Consider sanitizing or restricting the kwargs that can be passed to ensure they don't introduce vulnerabilities (e.g., privileged containers or host mounts).
There was a problem hiding this comment.
Added some initial validation. Please let me know if there is anything else you can think of.
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| return container | ||
|
|
||
|
|
||
| def validate_docker_run_options(kwargs): |
DBUS API required for GNOI Containerz.StartContainer. The PR contains the following: