add device-remove option

Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>

Author: zhouhao

cmd/oci-runtime-tool/generate.go

@@ -27,6 +27,7 @@ var generateFlags = []cli.Flag{
 	cli.StringFlag{Name: "cgroups-path", Usage: "specify the path to the cgroups"},
 	cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},
 	cli.StringSliceFlag{Name: "device-add", Usage: "add a device which must be made available in the container"},
+	cli.StringSliceFlag{Name: "device-remove", Usage: "remove a device which must be made available in the container"},
 	cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},
 	cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},
 	cli.StringSliceFlag{Name: "env-file", Usage: "read in a file of environment variables"},
@@ -513,6 +514,16 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 		}
 	}
 
+	if context.IsSet("device-remove") {
+		devices := context.StringSlice("device-remove")
+		for _, device := range devices {
+			err := g.RemoveDevice(device)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	err := addSeccomp(context, g)
 	return err
 }

completions/bash/oci-runtime-tool

@@ -310,6 +310,7 @@ _oci-runtime-tool_generate() {
 		--cgroups-path
 		--cwd
 		--device-add
+		--device-remove
 		--env
 		--env-file
 		--gid

generate/generate.go

@@ -1031,6 +1031,22 @@ func (g *Generator) AddDevice(device rspec.Device) {
 	g.spec.Linux.Devices = append(g.spec.Linux.Devices, device)
 }
 
+//RemoveDevice remove a device from g.spec.Linux.Devices
+func(g *Generator) RemoveDevice(path string) error {
+	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil {
+		return nil
+	}
+
+	for i, device := range g.spec.Linux.Devices {
+		if device.Path == path {
+			g.spec.Linux.Devices = append(g.spec.Linux.Devices[:i], g.spec.Linux.Devices[i+1:]...)
+			return nil
+		}
+	}
+	return nil
+}
+
+
 // strPtr returns the pointer pointing to the string s.
 func strPtr(s string) *string { return &s }
 

man/oci-runtime-tool-generate.1.md

@@ -62,6 +62,10 @@ read the configuration from `config.json`.
     *uid*/*gid* is the user/group id of the device file.
   This option can be specified multiple times.
 
+**--device-remove**=*PATH*
+  Remove a device file in container.
+  This option can be specified multiple times.
+
 **--disable-oom-kill**=true|false
   Whether to disable OOM Killer for the container or not.