compose icon indicating copy to clipboard operation
compose copied to clipboard

Published 20 hours ago verified publisher icon docker

Fix up with seccomp file and replicas

Open XiangRongLin opened this issue 2 years ago • 4 comments

What I did Work on a copy of securityOpts when parsing them. This means that the input in not modified and the second time the function gets called for the replica securityOpts still contains the filename instead of the content of the file. This is based on the practice to not modify input values, which may not be a good practice in go. But I don't know since it's my first time developing in go.

An alternative solution would be to do this copy in the loop for the replicas. In this case it is also ensured that if other parts of the options parsing is modifying the input, they will not produce the same problem.

Related issue

fixes #9458

(not mandatory) A picture of a cute animal, if possible in relation with what you did

XiangRongLin avatar May 14 '22 18:05 XiangRongLin

Thanks for looking into this. I'd prefer we don't need to make changes to the copied parseSecurityOpts function, so that we can make this one public in docker/cli and use the original one. IIUC you had thoughts for an alternate fix, then could you please investigate this option? thanks

ndeloof avatar May 17 '22 10:05 ndeloof

related: https://github.com/docker/cli/pull/3616

ndeloof avatar May 17 '22 10:05 ndeloof

IIUC you had thoughts for an alternate fix, then could you please investigate this option?

That would require doing a deep copy of service before passing in variable into this function. https://github.com/docker/compose/blob/a603e271173f2d3cc09721db1767009a49f7a5ad/pkg/compose/convergence.go#L235

GO does not provide deep copy functionality for structs out of the box so a library or a lot of code would be needed for that. Additionally the operation would be very expensive for the whole struct.

Another way would be to lift out the changes out of the copied function. I force-pushed the branch with this variant. This way only the neccessary objects is deep copied.

XiangRongLin avatar May 17 '22 11:05 XiangRongLin

@ndeloof can you take another look at it?

XiangRongLin avatar May 31 '22 12:05 XiangRongLin

Although the current behavior (mutating the input slice) is not ideal, we'd really prefer to make the changes upstream via docker/cli#3616 and rely on that having better behavior instead of working around that here, so I'm closing this PR, but I appreciate your contribution and apologize for the back and forth!

milas avatar Aug 17 '22 14:08 milas