Merge release-20200323.0-215-g0c58694 (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-04-23 00:54:53 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-04-23 00:54:53 +0000
commit: 51a2b731236faedefa999f6d7ff158cfbe0fba8b (patch)
tree: f3944419852a767526666d1d9f1e2189a9f212e3 /runsc/sandbox
parent: dd8e417e4265c358fd603a57cc03bb4902116ecf (diff)
parent: 0c586946ea26610b87c4ff7bda783a5a9ca11ec0 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index e82bcef6f..e4ec16e2f 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -446,9 +446,13 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF
 		nextFD++
 	}
 
-	// If the platform needs a device FD we must pass it in.
-	if deviceFile, err := deviceFileForPlatform(conf.Platform); err != nil {
+	gPlatform, err := platform.Lookup(conf.Platform)
+	if err != nil {
 		return err
+	}
+
+	if deviceFile, err := gPlatform.OpenDevice(); err != nil {
+		return fmt.Errorf("opening device file for platform %q: %v", gPlatform, err)
 	} else if deviceFile != nil {
 		defer deviceFile.Close()
 		cmd.ExtraFiles = append(cmd.ExtraFiles, deviceFile)
@@ -539,7 +543,7 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF
 		{Type: specs.UTSNamespace},
 	}
 
-	if conf.Platform == platforms.Ptrace {
+	if gPlatform.Requirements().RequiresCurrentPIDNS {
 		// TODO(b/75837838): Also set a new PID namespace so that we limit
 		// access to other host processes.
 		log.Infof("Sandbox will be started in the current PID namespace")
author	gVisor bot <gvisor-bot@google.com>	2020-04-23 00:54:53 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-04-23 00:54:53 +0000
commit	51a2b731236faedefa999f6d7ff158cfbe0fba8b (patch)
tree	f3944419852a767526666d1d9f1e2189a9f212e3 /runsc/sandbox
parent	dd8e417e4265c358fd603a57cc03bb4902116ecf (diff)
parent	0c586946ea26610b87c4ff7bda783a5a9ca11ec0 (diff)