Bug fixes for podman and docker on Windows native.

Alexhuszagh · Alexhuszagh · commit e7dc70abbdd5 · 2022-06-04T13:34:56.000-05:00
diff --git a/src/docker.rs b/src/docker.rs
@@ -24,13 +24,15 @@ const SECCOMP: &str = include_str!("seccomp.json");
 
 // determine if the container engine is docker. this fixes issues with
 // any aliases (#530), and doesn't fail if an executable suffix exists.
-fn get_is_docker(ce: std::path::PathBuf, verbose: bool) -> Result<bool> {
+fn get_engine_type(ce: std::path::PathBuf, verbose: bool) -> Result<(bool, bool)> {
     let stdout = Command::new(ce)
         .arg("--help")
         .run_and_get_stdout(verbose)?
         .to_lowercase();
 
-    Ok(stdout.contains("docker") && !stdout.contains("emulate"))
+    let is_docker = stdout.contains("docker") && !stdout.contains("emulate");
+    let is_podman = stdout.contains("podman");
+    Ok((is_docker, is_podman))
 }
 
 fn get_container_engine() -> Result<std::path::PathBuf, which::Error> {
@@ -144,7 +146,8 @@ pub fn run(
     let runner = config.runner(target)?;
 
     let mut docker = docker_command("run")?;
-    let is_docker = get_is_docker(get_container_engine().unwrap(), verbose)?;
+    #[allow(unused_variables)] // is_podman, target_os = "windows"
+    let (is_docker, is_podman) = get_engine_type(get_container_engine().unwrap(), verbose)?;
 
     for ref var in config.env_passthrough(target)? {
         validate_env_var(var)?;
@@ -195,18 +198,31 @@ pub fn run(
 
     // docker uses seccomp now on all installations
     if target.needs_docker_seccomp() {
-        let path = env::current_dir()
-            .wrap_err("couldn't get current directory")?
-            .canonicalize()
-            .wrap_err_with(|| "when canonicalizing current_dir".to_string())?
-            .join("target")
-            .join(target.triple())
-            .join("seccomp.json");
-        if !path.exists() {
-            write_file(&path, false)?.write_all(SECCOMP.as_bytes())?;
-        }
+        let seccomp = if is_docker && cfg!(target_os = "windows") {
+            // docker on windows fails due to a bug in reading the profile
+            // https://github.com/docker/for-win/issues/12760
+            "unconfined".to_string()
+        } else {
+            #[allow(unused_mut)] // target_os = "windows"
+            let mut path = env::current_dir()
+                .wrap_err("couldn't get current directory")?
+                .canonicalize()
+                .wrap_err_with(|| "when canonicalizing current_dir".to_string())?
+                .join("target")
+                .join(target.triple())
+                .join("seccomp.json");
+            if !path.exists() {
+                write_file(&path, false)?.write_all(SECCOMP.as_bytes())?;
+            }
+            #[cfg(target_os = "windows")]
+            if is_podman {
+                // podman weirdly expects a WSL path here, and fails otherwise
+                path = wslpath(&path, verbose)?;
+            }
+            path.display().to_string()
+        };
 
-        docker.args(&["--security-opt", &format!("seccomp={}", path.display())]);
+        docker.args(&["--security-opt", &format!("seccomp={}", seccomp)]);
     }
 
     // We need to specify the user for Docker, but not for Podman.
