-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DBUS API required for GNOI Containerz.StartContainer #182
Conversation
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
Not like this |
aa58d1b
to
be293f9
Compare
be293f9
to
a9864f2
Compare
Force push to reset author |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.
Comments skipped due to low confidence (2)
host_modules/docker_service.py:200
- The error message should use the 'image' variable instead of 'container'.
return 1, "Failed to run container {}: {}".format(image, str(e))
host_modules/docker_service.py:190
- The error message should specify that the command must be an empty string.
return errno.EPERM, "Only empty command is allowed to be managed by this service."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.
Comments skipped due to low confidence (1)
host_modules/docker_service.py:190
- [nitpick] The error message could be more descriptive. Consider rephrasing it to: "Only an empty string command is allowed. Non-empty commands are not permitted by this service."
return errno.EPERM, "Only empty string command is allowed to be managed by this service."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no suggestions.
Comments skipped due to low confidence (1)
tests/host_modules/docker_service_test.py:281
- The command should be an empty string to correctly test the image not allowed scenario.
rc, msg = docker_service.run("wrong_image_name", "command", {})
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
The stop, kill, and restart methods have repetitive code for fetching the container and checking if it is allowed. This could be refactored into a helper function to improve readability and maintainability. Refers to: host_modules/docker_service.py:85 in 68cf038. [](commit_id = 68cf038, deletion_comment = False) |
The code uses return statements to indicate success or failure, but it would benefit from logging critical operations (e.g., container stop/restart, errors) at appropriate levels (INFO/WARN/ERROR). This would make debugging and monitoring easier. Refers to: host_modules/docker_service.py:106 in 68cf038. [](commit_id = 68cf038, deletion_comment = False) |
@host_service.method( | ||
host_service.bus_name(MOD_NAME), in_signature="ssa{sv}", out_signature="is" | ||
) | ||
def run(self, image, command, kwargs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method allows passing kwargs directly to docker.containers.run. This could lead to potential security issues if not properly validated. Consider sanitizing or restricting the kwargs that can be passed to ensure they don't introduce vulnerabilities (e.g., privileged containers or host mounts).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some initial validation. Please let me know if there is anything else you can think of.
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
return container | ||
|
||
|
||
def validate_docker_run_options(kwargs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left open in ADO 27057586. Need more discussion here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
DBUS API required for GNOI Containerz.StartContainer. The PR contains the following: