rootless: refactor libcontainer_specconv

Signed-off-by: Akihiro Suda <[email protected]>

executor/runcexecutor/executor.go

@@ -21,7 +21,7 @@ import (
 	"github.com/moby/buildkit/executor"
 	"github.com/moby/buildkit/executor/oci"
 	"github.com/moby/buildkit/identity"
-	"github.com/moby/buildkit/util/libcontainer_specconv"
+	rootlessspecconv "github.com/moby/buildkit/util/rootless/specconv"
 	"github.com/moby/buildkit/util/system"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
@@ -84,6 +84,8 @@ func New(opt Opt) (executor.Executor, error) {
 		LogFormat:    runc.JSON,
 		PdeathSignal: syscall.SIGKILL,
 		Setpgid:      true,
+		// we don't execute runc with --rootless=(true|false) explicitly,
+		// so as to support non-runc runtimes
 	}
 
 	w := &runcExecutor{
@@ -169,13 +171,11 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache.
 		return errors.Wrapf(err, "failed to create working directory %s", newp)
 	}
 
+	if err := setOOMScoreAdj(spec); err != nil {
+		return err
+	}
 	if w.rootless {
-		specconv.ToRootless(spec, nil)
-		// TODO(AkihiroSuda): keep Cgroups enabled if /sys/fs/cgroup/cpuset/buildkit exists and writable
-		spec.Linux.CgroupsPath = ""
-		// TODO(AkihiroSuda): ToRootless removes netns, but we should readd netns here
-		// if either SUID or userspace NAT is configured on the host.
-		if err := setOOMScoreAdj(spec); err != nil {
+		if err := rootlessspecconv.ToRootless(spec); err != nil {
 			return err
 		}
 	}