fetch current container runtime config through the command line

Signed-off-by: Tariq Ibrahim <tibrahim@nvidia.com>
2025-06-26 18:18:24 +00:00 · 2024-08-08 15:40:00 -07:00 · 2024-08-08 15:40:00 -07:00 · ac01a90003
commit ac01a90003
parent da5e3ce8c3
5 changed files with 61 additions and 33 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -18,6 +18,10 @@ linters:
 linters-settings:
  goimports:
    local-prefixes: github.com/NVIDIA/nvidia-container-toolkit
  gosec:
    excludes:
    # TODO: Consider hardening security of command line invocations
    - G204
 issues:
  exclude:
--- a/pkg/config/engine/containerd/option.go
+++ b/pkg/config/engine/containerd/option.go
@ -18,7 +18,7 @@ package containerd
 import (
 	"fmt"
-	"os"
+	"os/exec"
 	"github.com/pelletier/go-toml"
@ -36,6 +36,7 @@ type builder struct {
 	runtimeType          string
 	useLegacyConfig      bool
 	containerAnnotations []string
 	hostRootMount        string
 }
 // Option defines a function that can be used to configure the config builder
@ -76,6 +77,13 @@ func WithContainerAnnotations(containerAnnotations ...string) Option {
 	}
 }
 // WithHostRootMount sets the container annotations for the config builder
 func WithHostRootMount(hostRootMount string) Option {
 	return func(b *builder) {
 		b.hostRootMount = hostRootMount
 	}
 }
 func (b *builder) build() (engine.Interface, error) {
 	if b.path == "" {
 		return nil, fmt.Errorf("config path is empty")
@ -85,7 +93,7 @@ func (b *builder) build() (engine.Interface, error) {
 		b.runtimeType = defaultRuntimeType
 	}
-	config, err := b.loadConfig(b.path)
+	config, err := b.loadConfig()
 	if err != nil {
 		return nil, fmt.Errorf("failed to load config: %v", err)
 	}
@ -109,23 +117,28 @@ func (b *builder) build() (engine.Interface, error) {
 }
 // loadConfig loads the containerd config from disk
-func (b *builder) loadConfig(config string) (*Config, error) {
+func (b *builder) loadConfig() (*Config, error) {
-	info, err := os.Stat(config)
+	var args []string
 	if os.IsExist(err) && info.IsDir() {
 		return nil, fmt.Errorf("config file is a directory")
 	}
-	if os.IsNotExist(err) {
+	if b.hostRootMount != "" {
-		b.logger.Infof("Config file does not exist; using empty config")
+		args = append(args, "chroot", b.hostRootMount)
 		config = "/dev/null"
 	} else {
 		b.logger.Infof("Loading config from %v", config)
 	}
 	args = append(args, "containerd", "config", "dump")
-	tomlConfig, err := toml.LoadFile(config)
+	b.logger.Infof("Getting current containerd config")
 	// TODO: Can we harden this so that there is less risk of command injection
 	cmd := exec.Command(args[0], args[1:]...)
 	output, err := cmd.Output()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("error executing containerd confg command: %w", err)
 	}
 	tomlConfig, err := toml.LoadBytes(output)
 	if err != nil {
 		return nil, fmt.Errorf("error unmarshaling containerd config toml: %w", err)
 	}
 	b.logger.Infof("Successfully loaded containerd config")
 	cfg := Config{
 		Tree: tomlConfig,
--- a/pkg/config/engine/crio/option.go
+++ b/pkg/config/engine/crio/option.go
@ -18,7 +18,7 @@ package crio
 import (
 	"fmt"
-	"os"
+	"os/exec"
 	"github.com/pelletier/go-toml"
@ -26,8 +26,9 @@ import (
 )
 type builder struct {
-	logger logger.Interface
+	logger        logger.Interface
-	path   string
+	path          string
 	hostRootMount string
 }
 // Option defines a function that can be used to configure the config builder
@ -47,6 +48,13 @@ func WithPath(path string) Option {
 	}
 }
 // WithHostRootMount sets the host root mount for the config builder
 func WithHostRootMount(hostRootMount string) Option {
 	return func(b *builder) {
 		b.hostRootMount = hostRootMount
 	}
 }
 func (b *builder) build() (*Config, error) {
 	if b.logger == nil {
 		b.logger = logger.New()
@ -60,34 +68,35 @@ func (b *builder) build() (*Config, error) {
 		return &c, nil
 	}
-	return b.loadConfig(b.path)
+	return b.loadConfig()
 }
 // loadConfig loads the cri-o config from disk
-func (b *builder) loadConfig(config string) (*Config, error) {
+func (b *builder) loadConfig() (*Config, error) {
 	b.logger.Infof("Loading config: %v", config)
-	info, err := os.Stat(config)
+	var args []string
-	if os.IsExist(err) && info.IsDir() {
+	if b.hostRootMount != "" {
-		return nil, fmt.Errorf("config file is a directory")
+		args = append(args, "chroot", b.hostRootMount)
 	}
 	args = append(args, "crio", "status", "config")
-	if os.IsNotExist(err) {
+	b.logger.Infof("Getting current crio config")
 		b.logger.Infof("Config file does not exist; using empty config")
 		config = "/dev/null"
 	} else {
 		b.logger.Infof("Loading config from %v", config)
 	}
-	cfg, err := toml.LoadFile(config)
+	// TODO: Can we harden this so that there is less risk of command injection
 	cmd := exec.Command(args[0], args[1:]...)
 	output, err := cmd.Output()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("error executing crio status command: %w", err)
 	}
 	tomlConfig, err := toml.LoadBytes(output)
 	if err != nil {
 		return nil, fmt.Errorf("error unmarshaling crio config toml: %w", err)
 	}
-	b.logger.Infof("Successfully loaded config")
+	b.logger.Infof("Successfully loaded crio config")
 	c := Config{
-		Tree:   cfg,
+		Tree:   tomlConfig,
 		Logger: b.logger,
 	}
 	return &c, nil
--- a/tools/container/containerd/containerd.go
+++ b/tools/container/containerd/containerd.go
@ -193,6 +193,7 @@ func Setup(c *cli.Context, o *options) error {
 		containerd.WithRuntimeType(o.runtimeType),
 		containerd.WithUseLegacyConfig(o.useLegacyConfig),
 		containerd.WithContainerAnnotations(o.containerAnnotationsFromCDIPrefixes()...),
 		containerd.WithHostRootMount(o.HostRootMount),
 	)
 	if err != nil {
 		return fmt.Errorf("unable to load config: %v", err)
--- a/tools/container/crio/crio.go
+++ b/tools/container/crio/crio.go
@ -222,6 +222,7 @@ func setupConfig(o *options) error {
 	cfg, err := crio.New(
 		crio.WithPath(o.Config),
 		crio.WithHostRootMount(o.HostRootMount),
 	)
 	if err != nil {
 		return fmt.Errorf("unable to load config: %v", err)