Merge pull request #614 from q384566678/user-uesrname

liangchenye · web-flow · commit 6447317bbadb · 2018-03-27T19:40:51.000+08:00
generate: add process-username option and fix it's validation
diff --git a/cmd/oci-runtime-tool/generate.go b/cmd/oci-runtime-tool/generate.go
@@ -113,6 +113,7 @@ var generateFlags = []cli.Flag{
 	cli.BoolFlag{Name: "process-rlimits-remove-all", Usage: "remove all resource limits for processes inside the container. "},
 	cli.BoolFlag{Name: "process-terminal", Usage: "specifies whether a terminal is attached to the process"},
 	cli.IntFlag{Name: "process-uid", Usage: "uid for the process"},
+	cli.StringFlag{Name: "process-username", Usage: "username for the process"},
 	cli.StringFlag{Name: "rootfs-path", Value: "rootfs", Usage: "path to the root filesystem"},
 	cli.BoolFlag{Name: "rootfs-readonly", Usage: "make the container's rootfs readonly"},
 	cli.StringSliceFlag{Name: "solaris-anet", Usage: "set up networking for Solaris application containers"},
@@ -210,6 +211,10 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 		g.SetProcessUID(uint32(context.Int("process-uid")))
 	}
 
+	if context.IsSet("process-username") {
+		g.SetProcessUsername(context.String("process-username"))
+	}
+
 	if context.IsSet("process-gid") {
 		g.SetProcessGID(uint32(context.Int("process-gid")))
 	}
diff --git a/completions/bash/oci-runtime-tool b/completions/bash/oci-runtime-tool
@@ -387,6 +387,7 @@ _oci-runtime-tool_generate() {
 		--process-rlimits-add
 		--process-rlimits-remove
 		--process-uid
+		--process-username
 		--rootfs-path
 		--solaris-anet
 		--solaris-capped-cpu-ncpus
diff --git a/generate/generate.go b/generate/generate.go
@@ -361,6 +361,12 @@ func (g *Generator) SetProcessUID(uid uint32) {
 	g.spec.Process.User.UID = uid
 }
 
+// SetProcessUsername sets g.spec.Process.User.Username.
+func (g *Generator) SetProcessUsername(username string) {
+	g.initSpecProcess()
+	g.spec.Process.User.Username = username
+}
+
 // SetProcessGID sets g.spec.Process.User.GID.
 func (g *Generator) SetProcessGID(gid uint32) {
 	g.initSpecProcess()
diff --git a/man/oci-runtime-tool-generate.1.md b/man/oci-runtime-tool-generate.1.md
@@ -441,6 +441,9 @@ read the configuration from `config.json`.
 **--process-uid**=UID
   Sets the UID used within the container.
 
+**--process-username**=""
+  Sets the username used within the container.
+
 **--rootfs-path**=ROOTFSPATH
   Path to the rootfs, which can be an absolute path or relative to bundle path.
   e.g the absolute path of rootfs is /to/bundle/rootfs, bundle path is /to/bundle,
diff --git a/validation/process_user.go b/validation/process_user.go
@@ -1,14 +1,23 @@
 package main
 
 import (
+	"runtime"
+
 	"github.com/opencontainers/runtime-tools/validation/util"
 )
 
 func main() {
 	g := util.GetDefaultGenerator()
-	g.SetProcessUID(10)
-	g.SetProcessGID(10)
-	g.AddProcessAdditionalGid(5)
+
+	switch runtime.GOOS {
+	case "linux", "solaris":
+		g.SetProcessUID(10)
+		g.SetProcessGID(10)
+		g.AddProcessAdditionalGid(5)
+	case "windows":
+		g.SetProcessUsername("test")
+	default:
+	}
 
 	err := util.RuntimeInsideValidate(g, nil)
 	if err != nil {
