youki
youki copied to clipboard
containers
[FEATURE]: Define Linux Network Devices
Background
In this issue https://github.com/opencontainers/runtime-spec/issues/1239 and PR https://github.com/opencontainers/runtime-spec/pull/1271 on runtime-spec, support for the netdevices field in the OCI specification is being added.
Feature Request
We are upgrading oci-spec-rs by supporting the netdevices field and adding the feature of moving existing network devices into the container namespace.
Is the request related to some problem running youki?
No response
Proposed Solution
No response
Considerations
No response
Additional Context
Since it's a recently added field, neither runc nor runtime-tools has implemented it yet. A pull request is currently open for runc. As for runtime-tools, the implementation is still missing, so additional test implementations will be necessary.
@utam0k
I created an issue regarding the netdevices field. Please let me know if I misunderstood anything. I'm also interested in working on this issue and would appreciate it if I could be assigned.
Hey @nayuta-ai , thanks for opening this. I'm not familiar with this yet, but as this has landed in spec, we can start support for it. I think first we need to update oci-spec-rs to have this definition in it. Then we can upgrade oci-spec crate in youki, but not implement this ; and once youki has upgraded the oci-spec, we can start implementation here.
May I ask you to open a corresponding issue on oci-spec , and if you are interested in it, open a PR for that? I'll assign that issue and this one to you as well if you are interested.
Also, because this is so new , I think we would be the first ones to implement this, along with runc i.e. we won't have any reference implementation. In such case, maybe we should either gate it via features or note it in release notes that this is still experimental and there can be bugs or accidental vulnerabilities. wdyt?
FYI: runc has already had the PoC by @aojea, the author of this OCI Runtime's PR. https://github.com/opencontainers/runc/pull/4538
Anyway, since it's worth starting to implement this feature in production or experimental, I'll assign it to you.
May I ask you to open a corresponding issue on oci-spec , and if you are interested in it, open a PR for that? I'll assign that issue and this one to you as well if you are interested.
Acknowledged! I've created an issue, and as I'm interested in this, I plan to submit a PR. Thank you for your consideration!
oci-spec-rs has been merged, and I have a question regarding the continued work.
- What is the best way to proceed? For example, there is no implementation in runtime-tools, so I think we have to test and implement contest implementation to guarantee the operation.I would like to get your opinion whether I should maintain it as one PR or separate them.
- Also, I feel that oci-spec-rs is crate managed and cannot be used on the youki side without releasing it.What kind of development system do you have?
Please take care of the above!
I would like to get your opinion whether I should maintain it as one PR or separate them.
I prefer one PR.
Also, I feel that oci-spec-rs is crate managed and cannot be used on the youki side without releasing it.What kind of development system do you have?
I'm going to release the new version.
@utam0k
A problem occurred with the get method in LinuxNetDevice, so I have created an issue and a PR for the fix. Additionally, I have added tests to prevent similar problems in the future. Please review it!
https://github.com/youki-dev/oci-spec-rs/issues/277 https://github.com/youki-dev/oci-spec-rs/pull/278