oci: add pouch default runtime spec

[Ace-Tang]

use pouch default runtime spec, instead of containerd default spec,
compare to containerd spec, we remove Root, Process(Env Cmd
NoNewPrivileges User Rlimits), Linux(CgroupsPath), this should not
be exist in default spec, remove Mount(/run), this is not used, add
allowed device, add cgroup mount.

Signed-off-by: Ace-Tang [email protected]

Ⅰ. Describe what this PR did

use pouch default runtime spec, instead of containerd default spec,
compare to containerd spec, we remove Root, Process(Env Cmd
NoNewPrivileges User Rlimits), Linux(CgroupsPath), this should not
be exist in default spec, remove Mount(/run), this is not used, add
allowed device, add cgroup mount.

Ⅱ. Does this pull request fix one issue?

fix #2116 , and base on PR #2271 ， close #2115

Ⅲ. Why don't you add test cases (unit test/integration test)? (你真的觉得不需要加测试吗？)

no.

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

For the default runtime spec pouch used, I will post an explanation, if have doubt with the new spec , please wait some time.

[codecov]

Codecov Report

Merging #2411 into master will increase coverage by 0.21%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #2411      +/-   ##
==========================================
+ Coverage   69.11%   69.32%   +0.21%     
==========================================
  Files         278      279       +1     
  Lines       18689    18820     +131     
==========================================
+ Hits        12916    13047     +131     
- Misses       4297     4299       +2     
+ Partials     1476     1474       -2

Flag	Coverage Δ
#criv1alpha1test	31.94% <97.29%> (+0.7%)	⬆️
#criv1alpha2test	36.23% <97.29%> (+0.65%)	⬆️
#integrationtest	41.06% <100%> (+0.29%)	⬆️
#nodee2etest	33.19% <97.29%> (+0.48%)	⬆️
#unittest	26.76% <0%> (+0.01%)	⬆️

Impacted Files	Coverage Δ
daemon/mgr/system.go	67.93% <ø> (-5.35%)	⬇️
ctrd/utils.go	100% <ø> (ø)	⬆️
daemon/mgr/spec_mount.go	85.57% <100%> (+1.17%)	⬆️
oci/spec_default.go	100% <100%> (ø)
daemon/mgr/spec.go	66.66% <100%> (+4.76%)	⬆️
daemon/mgr/snapshot.go	89.85% <0%> (-4.35%)	⬇️
apis/server/utils.go	71.15% <0%> (-3.85%)	⬇️
daemon/mgr/events.go	96.29% <0%> (-3.71%)	⬇️
ctrd/client.go	68.45% <0%> (-2.02%)	⬇️
... and 11 more

[rudyfly]

too many packages in pouch directory，can we merge them？

[Ace-Tang]

Give some advise ? @rudyfly

[rudyfly]

I have checked capabilities and mounts, they are right.

[fuweid]

@rudyfly, any update here?

[rudyfly]

@fuweid yes， it need update. I remove LGTM

[Ace-Tang]

/cc @rudyfly

[rudyfly]

LGTM

[Ace-Tang]

Update with fix

if sm.Destination == "/dev/shm" && c.HostConfig.ShmSize != nil &&
+                       *c.HostConfig.ShmSize != 0 {
+                       for idx, v := range sm.Options {
+                               if strings.Contains(v, "size=") {
+                                       sm.Options[idx] = fmt.Sprintf("size=%s", strconv.FormatInt(*c.HostConfig.ShmSize, 10))
+                               }
+                       }
                }

and add a test for default shm size, @rudyfly