Browse code
Merge pull request #26676 from Microsoft/jjh/tp5graphdriver
Windows: Remove TP5 hack from graphdriver
Alexander Morozov authored on 2016/09/18 11:54:58Showing 1 changed files
| ... | ... |
@@ -30,7 +30,6 @@ import ( |
| 30 | 30 |
"github.com/docker/docker/pkg/ioutils" |
| 31 | 31 |
"github.com/docker/docker/pkg/longpath" |
| 32 | 32 |
"github.com/docker/docker/pkg/reexec" |
| 33 |
- "github.com/docker/docker/pkg/system" |
|
| 34 | 33 |
"github.com/docker/go-units" |
| 35 | 34 |
"github.com/vbatts/tar-split/tar/storage" |
| 36 | 35 |
) |
| ... | ... |
@@ -68,10 +67,6 @@ type Driver struct {
|
| 68 | 68 |
cache map[string]string |
| 69 | 69 |
} |
| 70 | 70 |
|
| 71 |
-func isTP5OrOlder() bool {
|
|
| 72 |
- return system.GetOSVersion().Build <= 14300 |
|
| 73 |
-} |
|
| 74 |
- |
|
| 75 | 71 |
// InitFilter returns a new Windows storage filter driver. |
| 76 | 72 |
func InitFilter(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) {
|
| 77 | 73 |
logrus.Debugf("WindowsGraphDriver InitFilter at %s", home)
|
| ... | ... |
@@ -200,29 +195,6 @@ func (d *Driver) create(id, parent, mountLabel string, readOnly bool, storageOpt |
| 200 | 200 |
parentPath = layerChain[0] |
| 201 | 201 |
} |
| 202 | 202 |
|
| 203 |
- if isTP5OrOlder() {
|
|
| 204 |
- // Pre-create the layer directory, providing an ACL to give the Hyper-V Virtual Machines |
|
| 205 |
- // group access. This is necessary to ensure that Hyper-V containers can access the |
|
| 206 |
- // virtual machine data. This is not necessary post-TP5. |
|
| 207 |
- path, err := syscall.UTF16FromString(filepath.Join(d.info.HomeDir, id)) |
|
| 208 |
- if err != nil {
|
|
| 209 |
- return err |
|
| 210 |
- } |
|
| 211 |
- // Give system and administrators full control, and VMs read, write, and execute. |
|
| 212 |
- // Mark these ACEs as inherited. |
|
| 213 |
- sd, err := winio.SddlToSecurityDescriptor("D:(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;FRFWFX;;;S-1-5-83-0)")
|
|
| 214 |
- if err != nil {
|
|
| 215 |
- return err |
|
| 216 |
- } |
|
| 217 |
- err = syscall.CreateDirectory(&path[0], &syscall.SecurityAttributes{
|
|
| 218 |
- Length: uint32(unsafe.Sizeof(syscall.SecurityAttributes{})),
|
|
| 219 |
- SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])), |
|
| 220 |
- }) |
|
| 221 |
- if err != nil {
|
|
| 222 |
- return err |
|
| 223 |
- } |
|
| 224 |
- } |
|
| 225 |
- |
|
| 226 | 203 |
if err := hcsshim.CreateSandboxLayer(d.info, id, parentPath, layerChain); err != nil {
|
| 227 | 204 |
return err |
| 228 | 205 |
} |
| ... | ... |
@@ -596,23 +568,6 @@ func writeLayerFromTar(r archive.Reader, w hcsshim.LayerWriter) (int64, error) {
|
| 596 | 596 |
} |
| 597 | 597 |
buf.Reset(w) |
| 598 | 598 |
|
| 599 |
- // Add the Hyper-V Virtual Machine group ACE to the security descriptor |
|
| 600 |
- // for TP5 so that Xenons can access all files. This is not necessary |
|
| 601 |
- // for post-TP5 builds. |
|
| 602 |
- if isTP5OrOlder() {
|
|
| 603 |
- if sddl, ok := hdr.Winheaders["sd"]; ok {
|
|
| 604 |
- var ace string |
|
| 605 |
- if hdr.Typeflag == tar.TypeDir {
|
|
| 606 |
- ace = "(A;OICI;0x1200a9;;;S-1-5-83-0)" |
|
| 607 |
- } else {
|
|
| 608 |
- ace = "(A;;0x1200a9;;;S-1-5-83-0)" |
|
| 609 |
- } |
|
| 610 |
- if hdr.Winheaders["sd"], ok = addAceToSddlDacl(sddl, ace); !ok {
|
|
| 611 |
- logrus.Debugf("failed to add VM ACE to %s", sddl)
|
|
| 612 |
- } |
|
| 613 |
- } |
|
| 614 |
- } |
|
| 615 |
- |
|
| 616 | 599 |
hdr, err = backuptar.WriteBackupStreamFromTarFile(buf, t, hdr) |
| 617 | 600 |
ferr := buf.Flush() |
| 618 | 601 |
if ferr != nil {
|