File tree Expand file tree Collapse file tree
cmd/containerd-shim-runhcs-v1 Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -502,6 +502,11 @@ func (p *pod) updateConfigForHostProcessContainer(s *specs.Spec) error {
502502 return errors .New ("cannot create a host process container inside sandbox which has missing annotation: microsoft.com/hostprocess-container" )
503503 }
504504
505+ if isHypervisorIsolatedPrivilegedSandbox &&
506+ p .host != nil && ! p .host .HostProcessContainerSupported () {
507+ return fmt .Errorf ("UVM does not support HostProcess containers" )
508+ }
509+
505510 if isProcessIsolatedPrivilegedSandbox || (isHypervisorIsolatedPrivilegedSandbox && isHypervisorIsolatedPrivilegedContainer ) {
506511 if isProcessIsolatedPrivilegedSandbox && ! isProcessIsolatedPrivilegedContainer {
507512 // This is a short circuit to make sure that all containers in a pod will have
Original file line number Diff line number Diff line change @@ -104,3 +104,7 @@ func (w *WCOWGuestDefinedCapabilities) IsDeleteContainerStateSupported() bool {
104104func (w * WCOWGuestDefinedCapabilities ) IsLogForwardingSupported () bool {
105105 return w .LogForwardingSupported
106106}
107+
108+ func (w * WCOWGuestDefinedCapabilities ) IsHostProcessContainerSupported () bool {
109+ return w .HostProcessContainerSupported
110+ }
Original file line number Diff line number Diff line change @@ -222,6 +222,7 @@ type GuestDefinedCapabilities struct {
222222 DeleteContainerStateSupported bool `json:",omitempty"`
223223 UpdateContainerSupported bool `json:",omitempty"`
224224 LogForwardingSupported bool `json:",omitempty"`
225+ HostProcessContainerSupported bool `json:",omitempty"`
225226}
226227
227228// GuestConnectionInfo is the structure of an iterm return by a GuestConnection call on a utility VM
Original file line number Diff line number Diff line change @@ -21,6 +21,17 @@ func (uvm *UtilityVM) DeleteContainerStateSupported() bool {
2121 return uvm .guestCaps .IsDeleteContainerStateSupported ()
2222}
2323
24+ // HostProcessContainerSupported returns if the WCOW UVM supports
25+ // running host process containers.
26+ func (uvm * UtilityVM ) HostProcessContainerSupported () bool {
27+ if uvm .OS () != "windows" {
28+ return false
29+ }
30+
31+ wcaps := gcs .GetWCOWCapabilities (uvm .gc .Capabilities ())
32+ return wcaps != nil && wcaps .HostProcessContainerSupported
33+ }
34+
2435// Capabilities returns the protocol version and the guest defined capabilities.
2536// This should only be used for testing.
2637func (uvm * UtilityVM ) Capabilities () (uint32 , gcs.GuestDefinedCapabilities ) {
You can’t perform that action at this time.
0 commit comments