From d7bb4b5512b5ed77bd25a15a2e418d6d9dff345d Mon Sep 17 00:00:00 2001 From: Yuan-Zhuo Date: Tue, 25 Oct 2022 13:57:09 +0800 Subject: [PATCH 01/17] agent: support systemd cgroup for kata agent 1. Implemented a rust module for operating cgroups through systemd with the help of zbus (src/agent/rustjail/src/cgroups/systemd). 2. Add support for optional cgroup configuration through fs and systemd at agent (src/agent/rustjail/src/container.rs). 3. Described the usage and supported properties of the agent systemd cgroup (docs/design/agent-systemd-cgroup.md). Fixes: #4336 Signed-off-by: Yuan-Zhuo --- docs/design/README.md | 1 + docs/design/agent-systemd-cgroup.md | 84 ++ src/agent/Cargo.lock | 370 +++++- src/agent/rustjail/Cargo.toml | 2 + src/agent/rustjail/src/cgroups/fs/mod.rs | 143 +-- src/agent/rustjail/src/cgroups/mock.rs | 21 +- src/agent/rustjail/src/cgroups/mod.rs | 20 + src/agent/rustjail/src/cgroups/systemd.rs | 10 - .../src/cgroups/systemd/cgroups_path.rs | 95 ++ .../rustjail/src/cgroups/systemd/common.rs | 17 + .../src/cgroups/systemd/dbus_client.rs | 126 +++ .../src/cgroups/systemd/interface/mod.rs | 7 + .../src/cgroups/systemd/interface/session.rs | 1004 +++++++++++++++++ .../src/cgroups/systemd/interface/system.rs | 1004 +++++++++++++++++ .../rustjail/src/cgroups/systemd/manager.rs | 129 +++ src/agent/rustjail/src/cgroups/systemd/mod.rs | 12 + .../src/cgroups/systemd/subsystem/cpu.rs | 139 +++ .../src/cgroups/systemd/subsystem/cpuset.rs | 124 ++ .../src/cgroups/systemd/subsystem/memory.rs | 117 ++ .../src/cgroups/systemd/subsystem/mod.rs | 10 + .../src/cgroups/systemd/subsystem/pids.rs | 60 + .../cgroups/systemd/subsystem/transformer.rs | 17 + src/agent/rustjail/src/container.rs | 103 +- src/agent/src/rpc.rs | 5 +- src/runtime/virtcontainers/kata_agent.go | 18 +- src/runtime/virtcontainers/kata_agent_test.go | 2 +- src/tools/agent-ctl/Cargo.lock | 551 ++++++++- src/tools/runk/Cargo.lock | 482 +++++++- src/tools/runk/libcontainer/src/container.rs | 9 +- .../osbuilder/rootfs-builder/ubuntu/config.sh | 2 +- .../rootfs-builder/ubuntu/rootfs_lib.sh | 10 +- 31 files changed, 4546 insertions(+), 148 deletions(-) create mode 100644 docs/design/agent-systemd-cgroup.md delete mode 100644 src/agent/rustjail/src/cgroups/systemd.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/cgroups_path.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/common.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/dbus_client.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/interface/mod.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/interface/session.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/interface/system.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/manager.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/mod.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/subsystem/cpu.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/subsystem/cpuset.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/subsystem/memory.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/subsystem/mod.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/subsystem/pids.rs create mode 100644 src/agent/rustjail/src/cgroups/systemd/subsystem/transformer.rs diff --git a/docs/design/README.md b/docs/design/README.md index adcffd019..434124eea 100644 --- a/docs/design/README.md +++ b/docs/design/README.md @@ -8,6 +8,7 @@ Kata Containers design documents: - [VSocks](VSocks.md) - [VCPU handling](vcpu-handling.md) - [Host cgroups](host-cgroups.md) +- [Agent systemd cgroup](agent-systemd-cgroup.md) - [`Inotify` support](inotify.md) - [Metrics(Kata 2.0)](kata-2-0-metrics.md) - [Design for Kata Containers `Lazyload` ability with `nydus`](kata-nydus-design.md) diff --git a/docs/design/agent-systemd-cgroup.md b/docs/design/agent-systemd-cgroup.md new file mode 100644 index 000000000..686a27b30 --- /dev/null +++ b/docs/design/agent-systemd-cgroup.md @@ -0,0 +1,84 @@ +# Systemd Cgroup for Agent + +As we know, we can interact with cgroups in two ways, **`cgroupfs`** and **`systemd`**. The former is achieved by reading and writing cgroup `tmpfs` files under `/sys/fs/cgroup` while the latter is done by configuring a transient unit by requesting systemd. Kata agent uses **`cgroupfs`** by default, unless you pass the parameter `--systemd-cgroup`. + +## usage + +For systemd, kata agent configures cgroups according to the following `linux.cgroupsPath` format standard provided by `runc` (`[slice]:[prefix]:[name]`). If you don't provide a valid `linux.cgroupsPath`, kata agent will treat it as `"system.slice:kata_agent:"`. + +> Here slice is a systemd slice under which the container is placed. If empty, it defaults to system.slice, except when cgroup v2 is used and rootless container is created, in which case it defaults to user.slice. +> +> Note that slice can contain dashes to denote a sub-slice (e.g. user-1000.slice is a correct notation, meaning a `subslice` of user.slice), but it must not contain slashes (e.g. user.slice/user-1000.slice is invalid). +> +> A slice of `-` represents a root slice. +> +> Next, prefix and name are used to compose the unit name, which is `-.scope`, unless name has `.slice` suffix, in which case prefix is ignored and the name is used as is. + +## supported properties + +The kata agent will translate the parameters in the `linux.resources` of `config.json` into systemd unit properties, and send it to systemd for configuration. Since systemd supports limited properties, only the following parameters in `linux.resources` will be applied. We will simply treat hybrid mode as legacy mode by the way. + +- CPU + + - v1 + + | runtime spec resource | systemd property name | + | --------------------- | --------------------- | + | `cpu.shares` | `CPUShares` | + + - v2 + + | runtime spec resource | systemd property name | + | -------------------------- | -------------------------- | + | `cpu.shares` | `CPUShares` | + | `cpu.period` | `CPUQuotaPeriodUSec`(v242) | + | `cpu.period` & `cpu.quota` | `CPUQuotaPerSecUSec` | + +- MEMORY + + - v1 + + | runtime spec resource | systemd property name | + | --------------------- | --------------------- | + | `memory.limit` | `MemoryLimit` | + + - v2 + + | runtime spec resource | systemd property name | + | ------------------------------ | --------------------- | + | `memory.low` | `MemoryLow` | + | `memory.max` | `MemoryMax` | + | `memory.swap` & `memory.limit` | `MemorySwapMax` | + +- PIDS + + | runtime spec resource | systemd property name | + | --------------------- | --------------------- | + | `pids.limit ` | `TasksMax` | + +- CPUSET + + | runtime spec resource | systemd property name | + | --------------------- | -------------------------- | + | `cpuset.cpus` | `AllowedCPUs`(v244) | + | `cpuset.mems` | `AllowedMemoryNodes`(v244) | + +## Systemd Interface + +`session.rs` and `system.rs` in `src/agent/rustjail/src/cgroups/systemd/interface` are automatically generated by `zbus-xmlgen`, which is is an accompanying tool provided by `zbus` to generate Rust code from `D-Bus XML interface descriptions`. The specific commands to generate these two files are as follows: + +```shell +// system.rs +zbus-xmlgen --system org.freedesktop.systemd1 /org/freedesktop/systemd1 +// session.rs +zbus-xmlgen --session org.freedesktop.systemd1 /org/freedesktop/systemd1 +``` + +The current implementation of `cgroups/systemd` uses `system.rs` while `session.rs` could be used to build rootless containers in the future. + +## references + +- [runc - systemd cgroup driver](https://github.com/opencontainers/runc/blob/main/docs/systemd.md) + +- [systemd.resource-control — Resource control unit settings](https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html) + diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index a6a464c9a..b37f39a9c 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -47,6 +47,71 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" +[[package]] +name = "async-broadcast" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61" +dependencies = [ + "event-listener", + "futures-core", + "parking_lot 0.12.1", +] + +[[package]] +name = "async-channel" +version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28" +dependencies = [ + "concurrent-queue", + "event-listener", + "futures-core", +] + +[[package]] +name = "async-executor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965" +dependencies = [ + "async-task", + "concurrent-queue", + "fastrand", + "futures-lite", + "once_cell", + "slab", +] + +[[package]] +name = "async-io" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7" +dependencies = [ + "autocfg", + "concurrent-queue", + "futures-lite", + "libc", + "log", + "once_cell", + "parking", + "polling", + "slab", + "socket2", + "waker-fn", + "winapi", +] + +[[package]] +name = "async-lock" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6" +dependencies = [ + "event-listener", +] + [[package]] name = "async-recursion" version = "0.3.2" @@ -58,6 +123,12 @@ dependencies = [ "syn", ] +[[package]] +name = "async-task" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524" + [[package]] name = "async-trait" version = "0.1.56" @@ -95,6 +166,12 @@ dependencies = [ "serde", ] +[[package]] +name = "bit-vec" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" + [[package]] name = "bitflags" version = "1.3.2" @@ -135,6 +212,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +[[package]] +name = "cache-padded" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c" + [[package]] name = "capctl" version = "0.2.1" @@ -247,6 +330,15 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2382f75942f4b3be3690fe4f86365e9c853c1587d6ee58212cebf6e2a9ccd101" +[[package]] +name = "concurrent-queue" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c" +dependencies = [ + "cache-padded", +] + [[package]] name = "core-foundation-sys" version = "0.8.3" @@ -307,6 +399,17 @@ dependencies = [ "once_cell", ] +[[package]] +name = "derivative" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "derive-new" version = "0.5.9" @@ -318,12 +421,53 @@ dependencies = [ "syn", ] +[[package]] +name = "dirs" +version = "4.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6" +dependencies = [ + "libc", + "redox_users", + "winapi", +] + [[package]] name = "either" version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" +[[package]] +name = "enumflags2" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb" +dependencies = [ + "enumflags2_derive", + "serde", +] + +[[package]] +name = "enumflags2_derive" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "errno" version = "0.2.8" @@ -345,6 +489,12 @@ dependencies = [ "libc", ] +[[package]] +name = "event-listener" +version = "2.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" + [[package]] name = "fail" version = "0.5.0" @@ -435,6 +585,21 @@ version = "0.3.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc4045962a5a5e935ee2fdedaa4e08284547402885ab326734432bed5d12966b" +[[package]] +name = "futures-lite" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48" +dependencies = [ + "fastrand", + "futures-core", + "futures-io", + "memchr", + "parking", + "pin-project-lite", + "waker-fn", +] + [[package]] name = "futures-macro" version = "0.3.21" @@ -1002,9 +1167,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.12.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7709cef83f0c1f58f666e746a08b21e0085f7440fa6a29cc194d68aac97a4225" +checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" [[package]] name = "opentelemetry" @@ -1026,12 +1191,28 @@ dependencies = [ "tokio-stream", ] +[[package]] +name = "ordered-stream" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1" +dependencies = [ + "futures-core", + "pin-project-lite", +] + [[package]] name = "os_str_bytes" version = "6.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21326818e99cfe6ce1e524c2a805c189a99b5ae555a35d19f9a284b427d86afa" +[[package]] +name = "parking" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72" + [[package]] name = "parking_lot" version = "0.11.2" @@ -1159,12 +1340,37 @@ version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +[[package]] +name = "polling" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab4609a838d88b73d8238967b60dd115cc08d38e2bbaf51ee1e4b695f89122e2" +dependencies = [ + "autocfg", + "cfg-if 1.0.0", + "libc", + "log", + "wepoll-ffi", + "winapi", +] + [[package]] name = "ppv-lite86" version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" +[[package]] +name = "proc-macro-crate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9" +dependencies = [ + "once_cell", + "thiserror", + "toml", +] + [[package]] name = "proc-macro-error" version = "1.0.4" @@ -1434,6 +1640,17 @@ dependencies = [ "bitflags", ] +[[package]] +name = "redox_users" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" +dependencies = [ + "getrandom 0.2.7", + "redox_syscall", + "thiserror", +] + [[package]] name = "regex" version = "1.5.6" @@ -1499,6 +1716,7 @@ version = "0.1.0" dependencies = [ "anyhow", "async-trait", + "bit-vec", "capctl", "caps", "cfg-if 0.1.10", @@ -1526,6 +1744,7 @@ dependencies = [ "tempfile", "test-utils", "tokio", + "zbus", ] [[package]] @@ -1580,6 +1799,17 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_repr" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "serial_test" version = "0.5.1" @@ -1602,6 +1832,21 @@ dependencies = [ "syn", ] +[[package]] +name = "sha1" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" +dependencies = [ + "sha1_smol", +] + +[[package]] +name = "sha1_smol" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" + [[package]] name = "sharded-slab" version = "0.1.4" @@ -1700,6 +1945,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "static_assertions" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" + [[package]] name = "strsim" version = "0.10.0" @@ -2048,6 +2299,16 @@ dependencies = [ "tempfile", ] +[[package]] +name = "uds_windows" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce65604324d3cce9b966701489fbd0cf318cb1f7bd9dd07ac9a4ee6fb791930d" +dependencies = [ + "tempfile", + "winapi", +] + [[package]] name = "unicode-ident" version = "1.0.1" @@ -2099,6 +2360,12 @@ dependencies = [ "tokio-vsock", ] +[[package]] +name = "waker-fn" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" + [[package]] name = "wasi" version = "0.9.0+wasi-snapshot-preview1" @@ -2171,6 +2438,15 @@ version = "0.2.81" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be" +[[package]] +name = "wepoll-ffi" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d743fdedc5c64377b5fc2bc036b01c7fd642205a0d96356034ae3404d49eb7fb" +dependencies = [ + "cc", +] + [[package]] name = "which" version = "4.2.5" @@ -2255,3 +2531,93 @@ name = "windows_x86_64_msvc" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" + +[[package]] +name = "zbus" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b" +dependencies = [ + "async-broadcast", + "async-channel", + "async-executor", + "async-io", + "async-lock", + "async-recursion", + "async-task", + "async-trait", + "byteorder", + "derivative", + "dirs", + "enumflags2", + "event-listener", + "futures-core", + "futures-sink", + "futures-util", + "hex", + "lazy_static", + "nix 0.23.1", + "once_cell", + "ordered-stream", + "rand 0.8.5", + "serde", + "serde_repr", + "sha1", + "static_assertions", + "tracing", + "uds_windows", + "winapi", + "zbus_macros", + "zbus_names", + "zvariant", +] + +[[package]] +name = "zbus_macros" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6" +dependencies = [ + "proc-macro-crate", + "proc-macro2", + "quote", + "regex", + "syn", +] + +[[package]] +name = "zbus_names" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41a408fd8a352695690f53906dc7fd036be924ec51ea5e05666ff42685ed0af5" +dependencies = [ + "serde", + "static_assertions", + "zvariant", +] + +[[package]] +name = "zvariant" +version = "3.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b794fb7f59af4105697b0449ba31731ee5dbb3e773a17dbdf3d36206ea1b1644" +dependencies = [ + "byteorder", + "enumflags2", + "libc", + "serde", + "static_assertions", + "zvariant_derive", +] + +[[package]] +name = "zvariant_derive" +version = "3.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd58d4b6c8e26d3dd2149c8c40c6613ef6451b9885ff1296d1ac86c388351a54" +dependencies = [ + "proc-macro-crate", + "proc-macro2", + "quote", + "syn", +] diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index b193c70c7..031175e86 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -33,6 +33,8 @@ futures = "0.3.17" async-trait = "0.1.31" inotify = "0.9.2" libseccomp = { version = "0.3.0", optional = true } +zbus = "2.3.0" +bit-vec= "0.6.3" [dev-dependencies] serial_test = "0.5.0" diff --git a/src/agent/rustjail/src/cgroups/fs/mod.rs b/src/agent/rustjail/src/cgroups/fs/mod.rs index 87d09f8c7..55f657afe 100644 --- a/src/agent/rustjail/src/cgroups/fs/mod.rs +++ b/src/agent/rustjail/src/cgroups/fs/mod.rs @@ -32,6 +32,7 @@ use protocols::agent::{ BlkioStats, BlkioStatsEntry, CgroupStats, CpuStats, CpuUsage, HugetlbStats, MemoryData, MemoryStats, PidsStats, ThrottlingData, }; +use std::any::Any; use std::collections::HashMap; use std::fs; use std::path::Path; @@ -193,6 +194,79 @@ impl CgroupManager for Manager { Ok(result) } + + fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> { + if guest_cpuset.is_empty() { + return Ok(()); + } + info!(sl!(), "update_cpuset_path to: {}", guest_cpuset); + + let h = cgroups::hierarchies::auto(); + let root_cg = h.root_control_group(); + + let root_cpuset_controller: &CpuSetController = root_cg.controller_of().unwrap(); + let path = root_cpuset_controller.path(); + let root_path = Path::new(path); + info!(sl!(), "root cpuset path: {:?}", &path); + + let container_cpuset_controller: &CpuSetController = self.cgroup.controller_of().unwrap(); + let path = container_cpuset_controller.path(); + let container_path = Path::new(path); + info!(sl!(), "container cpuset path: {:?}", &path); + + let mut paths = vec![]; + for ancestor in container_path.ancestors() { + if ancestor == root_path { + break; + } + paths.push(ancestor); + } + info!(sl!(), "parent paths to update cpuset: {:?}", &paths); + + let mut i = paths.len(); + loop { + if i == 0 { + break; + } + i -= 1; + + // remove cgroup root from path + let r_path = &paths[i] + .to_str() + .unwrap() + .trim_start_matches(root_path.to_str().unwrap()); + info!(sl!(), "updating cpuset for parent path {:?}", &r_path); + let cg = new_cgroup(cgroups::hierarchies::auto(), r_path); + let cpuset_controller: &CpuSetController = cg.controller_of().unwrap(); + cpuset_controller.set_cpus(guest_cpuset)?; + } + + if !container_cpuset.is_empty() { + info!( + sl!(), + "updating cpuset for container path: {:?} cpuset: {}", + &container_path, + container_cpuset + ); + container_cpuset_controller.set_cpus(container_cpuset)?; + } + + Ok(()) + } + + fn get_cgroup_path(&self, cg: &str) -> Result { + if cgroups::hierarchies::is_cgroup2_unified_mode() { + let cg_path = format!("/sys/fs/cgroup/{}", self.cpath); + return Ok(cg_path); + } + + // for cgroup v1 + Ok(self.paths.get(cg).map(|s| s.to_string()).unwrap()) + } + + fn as_any(&self) -> Result<&dyn Any> { + Ok(self) + } } fn set_network_resources( @@ -981,75 +1055,6 @@ impl Manager { cgroup: new_cgroup(cgroups::hierarchies::auto(), cpath), }) } - - pub fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> { - if guest_cpuset.is_empty() { - return Ok(()); - } - info!(sl!(), "update_cpuset_path to: {}", guest_cpuset); - - let h = cgroups::hierarchies::auto(); - let root_cg = h.root_control_group(); - - let root_cpuset_controller: &CpuSetController = root_cg.controller_of().unwrap(); - let path = root_cpuset_controller.path(); - let root_path = Path::new(path); - info!(sl!(), "root cpuset path: {:?}", &path); - - let container_cpuset_controller: &CpuSetController = self.cgroup.controller_of().unwrap(); - let path = container_cpuset_controller.path(); - let container_path = Path::new(path); - info!(sl!(), "container cpuset path: {:?}", &path); - - let mut paths = vec![]; - for ancestor in container_path.ancestors() { - if ancestor == root_path { - break; - } - paths.push(ancestor); - } - info!(sl!(), "parent paths to update cpuset: {:?}", &paths); - - let mut i = paths.len(); - loop { - if i == 0 { - break; - } - i -= 1; - - // remove cgroup root from path - let r_path = &paths[i] - .to_str() - .unwrap() - .trim_start_matches(root_path.to_str().unwrap()); - info!(sl!(), "updating cpuset for parent path {:?}", &r_path); - let cg = new_cgroup(cgroups::hierarchies::auto(), r_path); - let cpuset_controller: &CpuSetController = cg.controller_of().unwrap(); - cpuset_controller.set_cpus(guest_cpuset)?; - } - - if !container_cpuset.is_empty() { - info!( - sl!(), - "updating cpuset for container path: {:?} cpuset: {}", - &container_path, - container_cpuset - ); - container_cpuset_controller.set_cpus(container_cpuset)?; - } - - Ok(()) - } - - pub fn get_cg_path(&self, cg: &str) -> Option { - if cgroups::hierarchies::is_cgroup2_unified_mode() { - let cg_path = format!("/sys/fs/cgroup/{}", self.cpath); - return Some(cg_path); - } - - // for cgroup v1 - self.paths.get(cg).map(|s| s.to_string()) - } } // get the guest's online cpus. diff --git a/src/agent/rustjail/src/cgroups/mock.rs b/src/agent/rustjail/src/cgroups/mock.rs index e1603c846..fbad6d664 100644 --- a/src/agent/rustjail/src/cgroups/mock.rs +++ b/src/agent/rustjail/src/cgroups/mock.rs @@ -11,6 +11,7 @@ use anyhow::Result; use cgroups::freezer::FreezerState; use libc::{self, pid_t}; use oci::LinuxResources; +use std::any::Any; use std::collections::HashMap; use std::string::String; @@ -53,6 +54,18 @@ impl CgroupManager for Manager { fn get_pids(&self) -> Result> { Ok(Vec::new()) } + + fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> { + Ok(()) + } + + fn get_cgroup_path(&self, _: &str) -> Result { + Ok("".to_string()) + } + + fn as_any(&self) -> Result<&dyn Any> { + Ok(self) + } } impl Manager { @@ -63,12 +76,4 @@ impl Manager { cpath: cpath.to_string(), }) } - - pub fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> { - Ok(()) - } - - pub fn get_cg_path(&self, _: &str) -> Option { - Some("".to_string()) - } } diff --git a/src/agent/rustjail/src/cgroups/mod.rs b/src/agent/rustjail/src/cgroups/mod.rs index 389ff79fa..24275c314 100644 --- a/src/agent/rustjail/src/cgroups/mod.rs +++ b/src/agent/rustjail/src/cgroups/mod.rs @@ -4,8 +4,10 @@ // use anyhow::{anyhow, Result}; +use core::fmt::Debug; use oci::LinuxResources; use protocols::agent::CgroupStats; +use std::any::Any; use cgroups::freezer::FreezerState; @@ -38,4 +40,22 @@ pub trait Manager { fn set(&self, _container: &LinuxResources, _update: bool) -> Result<()> { Err(anyhow!("not supported!")) } + + fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> { + Err(anyhow!("not supported!")) + } + + fn get_cgroup_path(&self, _: &str) -> Result { + Err(anyhow!("not supported!")) + } + + fn as_any(&self) -> Result<&dyn Any> { + Err(anyhow!("not supported!")) + } +} + +impl Debug for dyn Manager + Send + Sync { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + write!(f, "CgroupManager") + } } diff --git a/src/agent/rustjail/src/cgroups/systemd.rs b/src/agent/rustjail/src/cgroups/systemd.rs deleted file mode 100644 index 669f6d5bb..000000000 --- a/src/agent/rustjail/src/cgroups/systemd.rs +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) 2019 Ant Financial -// -// SPDX-License-Identifier: Apache-2.0 -// - -use crate::cgroups::Manager as CgroupManager; - -pub struct Manager {} - -impl CgroupManager for Manager {} diff --git a/src/agent/rustjail/src/cgroups/systemd/cgroups_path.rs b/src/agent/rustjail/src/cgroups/systemd/cgroups_path.rs new file mode 100644 index 000000000..696c0ece0 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/cgroups_path.rs @@ -0,0 +1,95 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use anyhow::{anyhow, Result}; + +use super::common::{DEFAULT_SLICE, SCOPE_SUFFIX, SLICE_SUFFIX}; +use std::string::String; + +#[derive(Serialize, Deserialize, Debug, Clone)] +pub struct CgroupsPath { + pub slice: String, + pub prefix: String, + pub name: String, +} + +impl CgroupsPath { + pub fn new(cgroups_path_str: &str) -> Result { + let path_vec: Vec<&str> = cgroups_path_str.split(':').collect(); + if path_vec.len() != 3 { + return Err(anyhow!("invalid cpath: {:?}", cgroups_path_str)); + } + + Ok(CgroupsPath { + slice: if path_vec[0].is_empty() { + DEFAULT_SLICE.to_string() + } else { + path_vec[0].to_owned() + }, + prefix: path_vec[1].to_owned(), + name: path_vec[2].to_owned(), + }) + } + + // ref: https://github.com/opencontainers/runc/blob/main/docs/systemd.md + // return: (parent_slice, unit_name) + pub fn parse(&self) -> Result<(String, String)> { + Ok(( + parse_parent(self.slice.to_owned())?, + get_unit_name(self.prefix.to_owned(), self.name.to_owned()), + )) + } +} + +fn parse_parent(slice: String) -> Result { + if !slice.ends_with(SLICE_SUFFIX) || slice.contains('/') { + return Err(anyhow!("invalid slice name: {}", slice)); + } else if slice == "-.slice" { + return Ok(String::new()); + } + + let mut slice_path = String::new(); + let mut prefix = String::new(); + for subslice in slice.trim_end_matches(SLICE_SUFFIX).split('-') { + if subslice.is_empty() { + return Err(anyhow!("invalid slice name: {}", slice)); + } + slice_path = format!("{}/{}{}{}", slice_path, prefix, subslice, SLICE_SUFFIX); + prefix = format!("{}{}-", prefix, subslice); + } + slice_path.remove(0); + Ok(slice_path) +} + +fn get_unit_name(prefix: String, name: String) -> String { + if name.ends_with(SLICE_SUFFIX) { + name + } else if prefix.is_empty() { + format!("{}{}", name, SCOPE_SUFFIX) + } else { + format!("{}-{}{}", prefix, name, SCOPE_SUFFIX) + } +} + +#[cfg(test)] +mod tests { + use super::CgroupsPath; + + #[test] + fn test_cgroup_path_parse() { + let slice = "system.slice"; + let prefix = "kata_agent"; + let name = "123"; + let cgroups_path = + CgroupsPath::new(format!("{}:{}:{}", slice, prefix, name).as_str()).unwrap(); + assert_eq!(slice, cgroups_path.slice.as_str()); + assert_eq!(prefix, cgroups_path.prefix.as_str()); + assert_eq!(name, cgroups_path.name.as_str()); + + let (parent_slice, unit_name) = cgroups_path.parse().unwrap(); + assert_eq!(format!("{}", slice), parent_slice); + assert_eq!(format!("{}-{}.scope", prefix, name), unit_name); + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/common.rs b/src/agent/rustjail/src/cgroups/systemd/common.rs new file mode 100644 index 000000000..a39e41c7c --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/common.rs @@ -0,0 +1,17 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +pub const DEFAULT_SLICE: &str = "system.slice"; +pub const SLICE_SUFFIX: &str = ".slice"; +pub const SCOPE_SUFFIX: &str = ".scope"; +pub const UNIT_MODE: &str = "replace"; + +pub type Properties<'a> = Vec<(&'a str, zbus::zvariant::Value<'a>)>; + +#[derive(Serialize, Deserialize, Debug, Clone)] +pub enum CgroupHierarchy { + Legacy, + Unified, +} diff --git a/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs b/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs new file mode 100644 index 000000000..09c46f24d --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs @@ -0,0 +1,126 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use std::vec; + +use super::common::CgroupHierarchy; +use super::common::{Properties, SLICE_SUFFIX, UNIT_MODE}; +use super::interface::system::ManagerProxyBlocking as SystemManager; +use anyhow::{Context, Result}; +use zbus::zvariant::Value; + +pub trait SystemdInterface { + fn start_unit( + &self, + pid: i32, + parent: &str, + unit_name: &str, + cg_hierarchy: &CgroupHierarchy, + ) -> Result<()>; + + fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()>; + + fn stop_unit(&self, unit_name: &str) -> Result<()>; + + fn get_version(&self) -> Result; + + fn unit_exist(&self, unit_name: &str) -> Result; + + fn add_process(&self, pid: i32, unit_name: &str) -> Result<()>; +} + +#[derive(Serialize, Deserialize, Debug, Clone)] +pub struct DBusClient {} + +impl DBusClient { + fn build_proxy(&self) -> Result> { + let connection = zbus::blocking::Connection::system()?; + let proxy = SystemManager::new(&connection)?; + Ok(proxy) + } +} + +impl SystemdInterface for DBusClient { + fn start_unit( + &self, + pid: i32, + parent: &str, + unit_name: &str, + cg_hierarchy: &CgroupHierarchy, + ) -> Result<()> { + let proxy = self.build_proxy()?; + + // enable CPUAccounting & MemoryAccounting & (Block)IOAccounting by default + let mut properties: Properties = vec![ + ("CPUAccounting", Value::Bool(true)), + ("DefaultDependencies", Value::Bool(false)), + ("MemoryAccounting", Value::Bool(true)), + ("TasksAccounting", Value::Bool(true)), + ("Description", Value::Str("kata-agent container".into())), + ("PIDs", Value::Array(vec![pid as u32].into())), + ]; + + match *cg_hierarchy { + CgroupHierarchy::Legacy => properties.push(("IOAccounting", Value::Bool(true))), + CgroupHierarchy::Unified => properties.push(("BlockIOAccounting", Value::Bool(true))), + } + + if unit_name.ends_with(SLICE_SUFFIX) { + properties.push(("Wants", Value::Str(parent.into()))); + } else { + properties.push(("Slice", Value::Str(parent.into()))); + properties.push(("Delegate", Value::Bool(true))); + } + + proxy + .start_transient_unit(unit_name, UNIT_MODE, &properties, &[]) + .with_context(|| format!("failed to start transient unit {}", unit_name))?; + Ok(()) + } + + fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .set_unit_properties(unit_name, true, properties) + .with_context(|| format!("failed to set unit properties {}", unit_name))?; + + Ok(()) + } + + fn stop_unit(&self, unit_name: &str) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .stop_unit(unit_name, UNIT_MODE) + .with_context(|| format!("failed to stop unit {}", unit_name))?; + Ok(()) + } + + fn get_version(&self) -> Result { + let proxy = self.build_proxy()?; + + let systemd_version = proxy + .version() + .with_context(|| "failed to get systemd version".to_string())?; + Ok(systemd_version) + } + + fn unit_exist(&self, unit_name: &str) -> Result { + let proxy = self.build_proxy()?; + + Ok(proxy.get_unit(unit_name).is_ok()) + } + + fn add_process(&self, pid: i32, unit_name: &str) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .attach_processes_to_unit(unit_name, "/", &[pid as u32]) + .with_context(|| format!("failed to add process {}", unit_name))?; + + Ok(()) + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/interface/mod.rs b/src/agent/rustjail/src/cgroups/systemd/interface/mod.rs new file mode 100644 index 000000000..d0ac62111 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/interface/mod.rs @@ -0,0 +1,7 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +pub(crate) mod session; +pub(crate) mod system; diff --git a/src/agent/rustjail/src/cgroups/systemd/interface/session.rs b/src/agent/rustjail/src/cgroups/systemd/interface/session.rs new file mode 100644 index 000000000..648303ad3 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/interface/session.rs @@ -0,0 +1,1004 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +#![allow(unknown_lints)] +#![allow(clippy::all)] + +//! # DBus interface proxy for: `org.freedesktop.systemd1.Manager` +//! +//! This code was generated by `zbus-xmlgen` `2.0.1` from DBus introspection data. +//! Source: `Interface '/org/freedesktop/systemd1' from service 'org.freedesktop.systemd1' on session bus`. +//! +//! You may prefer to adapt it, instead of using it verbatim. +//! +//! More information can be found in the +//! [Writing a client proxy](https://dbus.pages.freedesktop.org/zbus/client.html) +//! section of the zbus documentation. +//! +//! This DBus object implements +//! [standard DBus interfaces](https://dbus.freedesktop.org/doc/dbus-specification.html), +//! (`org.freedesktop.DBus.*`) for which the following zbus proxies can be used: +//! +//! * [`zbus::fdo::PeerProxy`] +//! * [`zbus::fdo::IntrospectableProxy`] +//! * [`zbus::fdo::PropertiesProxy`] +//! +//! …consequently `zbus-xmlgen` did not generate code for the above interfaces. + +use zbus::dbus_proxy; + +#[dbus_proxy( + interface = "org.freedesktop.systemd1.Manager", + default_service = "org.freedesktop.systemd1", + default_path = "/org/freedesktop/systemd1" +)] +trait Manager { + /// AbandonScope method + fn abandon_scope(&self, name: &str) -> zbus::Result<()>; + + /// AddDependencyUnitFiles method + fn add_dependency_unit_files( + &self, + files: &[&str], + target: &str, + type_: &str, + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// AttachProcessesToUnit method + fn attach_processes_to_unit( + &self, + unit_name: &str, + subcgroup: &str, + pids: &[u32], + ) -> zbus::Result<()>; + + /// BindMountUnit method + fn bind_mount_unit( + &self, + name: &str, + source: &str, + destination: &str, + read_only: bool, + mkdir: bool, + ) -> zbus::Result<()>; + + /// CancelJob method + fn cancel_job(&self, id: u32) -> zbus::Result<()>; + + /// CleanUnit method + fn clean_unit(&self, name: &str, mask: &[&str]) -> zbus::Result<()>; + + /// ClearJobs method + fn clear_jobs(&self) -> zbus::Result<()>; + + /// DisableUnitFiles method + fn disable_unit_files( + &self, + files: &[&str], + runtime: bool, + ) -> zbus::Result>; + + /// DisableUnitFilesWithFlags method + fn disable_unit_files_with_flags( + &self, + files: &[&str], + flags: u64, + ) -> zbus::Result>; + + /// Dump method + fn dump(&self) -> zbus::Result; + + /// DumpByFileDescriptor method + fn dump_by_file_descriptor(&self) -> zbus::Result; + + /// EnableUnitFiles method + fn enable_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// EnableUnitFilesWithFlags method + fn enable_unit_files_with_flags( + &self, + files: &[&str], + flags: u64, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// EnqueueMarkedJobs method + fn enqueue_marked_jobs(&self) -> zbus::Result>; + + /// EnqueueUnitJob method + fn enqueue_unit_job( + &self, + name: &str, + job_type: &str, + job_mode: &str, + ) -> zbus::Result<( + u32, + zbus::zvariant::OwnedObjectPath, + String, + zbus::zvariant::OwnedObjectPath, + String, + Vec<( + u32, + zbus::zvariant::OwnedObjectPath, + String, + zbus::zvariant::OwnedObjectPath, + String, + )>, + )>; + + /// Exit method + fn exit(&self) -> zbus::Result<()>; + + /// FreezeUnit method + fn freeze_unit(&self, name: &str) -> zbus::Result<()>; + + /// GetDefaultTarget method + fn get_default_target(&self) -> zbus::Result; + + /// GetDynamicUsers method + fn get_dynamic_users(&self) -> zbus::Result>; + + /// GetJob method + fn get_job(&self, id: u32) -> zbus::Result; + + /// GetJobAfter method + fn get_job_after( + &self, + id: u32, + ) -> zbus::Result< + Vec<( + u32, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// GetJobBefore method + fn get_job_before( + &self, + id: u32, + ) -> zbus::Result< + Vec<( + u32, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// GetUnit method + fn get_unit(&self, name: &str) -> zbus::Result; + + /// GetUnitByControlGroup method + fn get_unit_by_control_group( + &self, + cgroup: &str, + ) -> zbus::Result; + + /// GetUnitByInvocationID method + fn get_unit_by_invocation_id( + &self, + invocation_id: &[u8], + ) -> zbus::Result; + + /// GetUnitByPID method + fn get_unit_by_pid(&self, pid: u32) -> zbus::Result; + + /// GetUnitFileLinks method + fn get_unit_file_links(&self, name: &str, runtime: bool) -> zbus::Result>; + + /// GetUnitFileState method + fn get_unit_file_state(&self, file: &str) -> zbus::Result; + + /// GetUnitProcesses method + fn get_unit_processes(&self, name: &str) -> zbus::Result>; + + /// Halt method + fn halt(&self) -> zbus::Result<()>; + + /// KExec method + fn kexec(&self) -> zbus::Result<()>; + + /// KillUnit method + fn kill_unit(&self, name: &str, whom: &str, signal: i32) -> zbus::Result<()>; + + /// LinkUnitFiles method + fn link_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// ListJobs method + fn list_jobs( + &self, + ) -> zbus::Result< + Vec<( + u32, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitFiles method + fn list_unit_files(&self) -> zbus::Result>; + + /// ListUnitFilesByPatterns method + fn list_unit_files_by_patterns( + &self, + states: &[&str], + patterns: &[&str], + ) -> zbus::Result>; + + /// ListUnits method + fn list_units( + &self, + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitsByNames method + fn list_units_by_names( + &self, + names: &[&str], + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitsByPatterns method + fn list_units_by_patterns( + &self, + states: &[&str], + patterns: &[&str], + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitsFiltered method + fn list_units_filtered( + &self, + states: &[&str], + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// LoadUnit method + fn load_unit(&self, name: &str) -> zbus::Result; + + /// LookupDynamicUserByName method + fn lookup_dynamic_user_by_name(&self, name: &str) -> zbus::Result; + + /// LookupDynamicUserByUID method + fn lookup_dynamic_user_by_uid(&self, uid: u32) -> zbus::Result; + + /// MaskUnitFiles method + fn mask_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// MountImageUnit method + fn mount_image_unit( + &self, + name: &str, + source: &str, + destination: &str, + read_only: bool, + mkdir: bool, + options: &[(&str, &str)], + ) -> zbus::Result<()>; + + /// PowerOff method + fn power_off(&self) -> zbus::Result<()>; + + /// PresetAllUnitFiles method + fn preset_all_unit_files( + &self, + mode: &str, + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// PresetUnitFiles method + fn preset_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// PresetUnitFilesWithMode method + fn preset_unit_files_with_mode( + &self, + files: &[&str], + mode: &str, + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// Reboot method + fn reboot(&self) -> zbus::Result<()>; + + /// ReenableUnitFiles method + fn reenable_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// Reexecute method + fn reexecute(&self) -> zbus::Result<()>; + + /// RefUnit method + fn ref_unit(&self, name: &str) -> zbus::Result<()>; + + /// Reload method + fn reload(&self) -> zbus::Result<()>; + + /// ReloadOrRestartUnit method + fn reload_or_restart_unit( + &self, + name: &str, + mode: &str, + ) -> zbus::Result; + + /// ReloadOrTryRestartUnit method + fn reload_or_try_restart_unit( + &self, + name: &str, + mode: &str, + ) -> zbus::Result; + + /// ReloadUnit method + fn reload_unit(&self, name: &str, mode: &str) -> zbus::Result; + + /// ResetFailed method + fn reset_failed(&self) -> zbus::Result<()>; + + /// ResetFailedUnit method + fn reset_failed_unit(&self, name: &str) -> zbus::Result<()>; + + /// RestartUnit method + fn restart_unit(&self, name: &str, mode: &str) + -> zbus::Result; + + /// RevertUnitFiles method + fn revert_unit_files(&self, files: &[&str]) -> zbus::Result>; + + /// SetDefaultTarget method + fn set_default_target( + &self, + name: &str, + force: bool, + ) -> zbus::Result>; + + /// SetEnvironment method + fn set_environment(&self, assignments: &[&str]) -> zbus::Result<()>; + + /// SetExitCode method + fn set_exit_code(&self, number: u8) -> zbus::Result<()>; + + /// SetShowStatus method + fn set_show_status(&self, mode: &str) -> zbus::Result<()>; + + /// SetUnitProperties method + fn set_unit_properties( + &self, + name: &str, + runtime: bool, + properties: &[(&str, zbus::zvariant::Value<'_>)], + ) -> zbus::Result<()>; + + /// StartTransientUnit method + fn start_transient_unit( + &self, + name: &str, + mode: &str, + properties: &[(&str, zbus::zvariant::Value<'_>)], + aux: &[(&str, &[(&str, zbus::zvariant::Value<'_>)])], + ) -> zbus::Result; + + /// StartUnit method + fn start_unit(&self, name: &str, mode: &str) -> zbus::Result; + + /// StartUnitReplace method + fn start_unit_replace( + &self, + old_unit: &str, + new_unit: &str, + mode: &str, + ) -> zbus::Result; + + /// StopUnit method + fn stop_unit(&self, name: &str, mode: &str) -> zbus::Result; + + /// Subscribe method + fn subscribe(&self) -> zbus::Result<()>; + + /// SwitchRoot method + fn switch_root(&self, new_root: &str, init: &str) -> zbus::Result<()>; + + /// ThawUnit method + fn thaw_unit(&self, name: &str) -> zbus::Result<()>; + + /// TryRestartUnit method + fn try_restart_unit( + &self, + name: &str, + mode: &str, + ) -> zbus::Result; + + /// UnmaskUnitFiles method + fn unmask_unit_files( + &self, + files: &[&str], + runtime: bool, + ) -> zbus::Result>; + + /// UnrefUnit method + fn unref_unit(&self, name: &str) -> zbus::Result<()>; + + /// UnsetAndSetEnvironment method + fn unset_and_set_environment(&self, names: &[&str], assignments: &[&str]) -> zbus::Result<()>; + + /// UnsetEnvironment method + fn unset_environment(&self, names: &[&str]) -> zbus::Result<()>; + + /// Unsubscribe method + fn unsubscribe(&self) -> zbus::Result<()>; + + /// JobNew signal + #[dbus_proxy(signal)] + fn job_new(&self, id: u32, job: zbus::zvariant::ObjectPath<'_>, unit: &str) + -> zbus::Result<()>; + + /// JobRemoved signal + #[dbus_proxy(signal)] + fn job_removed( + &self, + id: u32, + job: zbus::zvariant::ObjectPath<'_>, + unit: &str, + result: &str, + ) -> zbus::Result<()>; + + /// Reloading signal + #[dbus_proxy(signal)] + fn reloading(&self, active: bool) -> zbus::Result<()>; + + /// StartupFinished signal + #[dbus_proxy(signal)] + fn startup_finished( + &self, + firmware: u64, + loader: u64, + kernel: u64, + initrd: u64, + userspace: u64, + total: u64, + ) -> zbus::Result<()>; + + /// UnitFilesChanged signal + #[dbus_proxy(signal)] + fn unit_files_changed(&self) -> zbus::Result<()>; + + /// UnitNew signal + #[dbus_proxy(signal)] + fn unit_new(&self, id: &str, unit: zbus::zvariant::ObjectPath<'_>) -> zbus::Result<()>; + + /// UnitRemoved signal + #[dbus_proxy(signal)] + fn unit_removed(&self, id: &str, unit: zbus::zvariant::ObjectPath<'_>) -> zbus::Result<()>; + + /// Architecture property + #[dbus_proxy(property)] + fn architecture(&self) -> zbus::Result; + + /// ConfirmSpawn property + #[dbus_proxy(property)] + fn confirm_spawn(&self) -> zbus::Result; + + /// ControlGroup property + #[dbus_proxy(property)] + fn control_group(&self) -> zbus::Result; + + /// CtrlAltDelBurstAction property + #[dbus_proxy(property)] + fn ctrl_alt_del_burst_action(&self) -> zbus::Result; + + /// DefaultBlockIOAccounting property + #[dbus_proxy(property)] + fn default_block_ioaccounting(&self) -> zbus::Result; + + /// DefaultCPUAccounting property + #[dbus_proxy(property)] + fn default_cpuaccounting(&self) -> zbus::Result; + + /// DefaultLimitAS property + #[dbus_proxy(property)] + fn default_limit_as(&self) -> zbus::Result; + + /// DefaultLimitASSoft property + #[dbus_proxy(property)] + fn default_limit_assoft(&self) -> zbus::Result; + + /// DefaultLimitCORE property + #[dbus_proxy(property)] + fn default_limit_core(&self) -> zbus::Result; + + /// DefaultLimitCORESoft property + #[dbus_proxy(property)] + fn default_limit_coresoft(&self) -> zbus::Result; + + /// DefaultLimitCPU property + #[dbus_proxy(property)] + fn default_limit_cpu(&self) -> zbus::Result; + + /// DefaultLimitCPUSoft property + #[dbus_proxy(property)] + fn default_limit_cpusoft(&self) -> zbus::Result; + + /// DefaultLimitDATA property + #[dbus_proxy(property)] + fn default_limit_data(&self) -> zbus::Result; + + /// DefaultLimitDATASoft property + #[dbus_proxy(property)] + fn default_limit_datasoft(&self) -> zbus::Result; + + /// DefaultLimitFSIZE property + #[dbus_proxy(property)] + fn default_limit_fsize(&self) -> zbus::Result; + + /// DefaultLimitFSIZESoft property + #[dbus_proxy(property)] + fn default_limit_fsizesoft(&self) -> zbus::Result; + + /// DefaultLimitLOCKS property + #[dbus_proxy(property)] + fn default_limit_locks(&self) -> zbus::Result; + + /// DefaultLimitLOCKSSoft property + #[dbus_proxy(property)] + fn default_limit_lockssoft(&self) -> zbus::Result; + + /// DefaultLimitMEMLOCK property + #[dbus_proxy(property)] + fn default_limit_memlock(&self) -> zbus::Result; + + /// DefaultLimitMEMLOCKSoft property + #[dbus_proxy(property)] + fn default_limit_memlocksoft(&self) -> zbus::Result; + + /// DefaultLimitMSGQUEUE property + #[dbus_proxy(property)] + fn default_limit_msgqueue(&self) -> zbus::Result; + + /// DefaultLimitMSGQUEUESoft property + #[dbus_proxy(property)] + fn default_limit_msgqueuesoft(&self) -> zbus::Result; + + /// DefaultLimitNICE property + #[dbus_proxy(property)] + fn default_limit_nice(&self) -> zbus::Result; + + /// DefaultLimitNICESoft property + #[dbus_proxy(property)] + fn default_limit_nicesoft(&self) -> zbus::Result; + + /// DefaultLimitNOFILE property + #[dbus_proxy(property)] + fn default_limit_nofile(&self) -> zbus::Result; + + /// DefaultLimitNOFILESoft property + #[dbus_proxy(property)] + fn default_limit_nofilesoft(&self) -> zbus::Result; + + /// DefaultLimitNPROC property + #[dbus_proxy(property)] + fn default_limit_nproc(&self) -> zbus::Result; + + /// DefaultLimitNPROCSoft property + #[dbus_proxy(property)] + fn default_limit_nprocsoft(&self) -> zbus::Result; + + /// DefaultLimitRSS property + #[dbus_proxy(property)] + fn default_limit_rss(&self) -> zbus::Result; + + /// DefaultLimitRSSSoft property + #[dbus_proxy(property)] + fn default_limit_rsssoft(&self) -> zbus::Result; + + /// DefaultLimitRTPRIO property + #[dbus_proxy(property)] + fn default_limit_rtprio(&self) -> zbus::Result; + + /// DefaultLimitRTPRIOSoft property + #[dbus_proxy(property)] + fn default_limit_rtpriosoft(&self) -> zbus::Result; + + /// DefaultLimitRTTIME property + #[dbus_proxy(property)] + fn default_limit_rttime(&self) -> zbus::Result; + + /// DefaultLimitRTTIMESoft property + #[dbus_proxy(property)] + fn default_limit_rttimesoft(&self) -> zbus::Result; + + /// DefaultLimitSIGPENDING property + #[dbus_proxy(property)] + fn default_limit_sigpending(&self) -> zbus::Result; + + /// DefaultLimitSIGPENDINGSoft property + #[dbus_proxy(property)] + fn default_limit_sigpendingsoft(&self) -> zbus::Result; + + /// DefaultLimitSTACK property + #[dbus_proxy(property)] + fn default_limit_stack(&self) -> zbus::Result; + + /// DefaultLimitSTACKSoft property + #[dbus_proxy(property)] + fn default_limit_stacksoft(&self) -> zbus::Result; + + /// DefaultMemoryAccounting property + #[dbus_proxy(property)] + fn default_memory_accounting(&self) -> zbus::Result; + + /// DefaultOOMPolicy property + #[dbus_proxy(property)] + fn default_oompolicy(&self) -> zbus::Result; + + /// DefaultRestartUSec property + #[dbus_proxy(property)] + fn default_restart_usec(&self) -> zbus::Result; + + /// DefaultStandardError property + #[dbus_proxy(property)] + fn default_standard_error(&self) -> zbus::Result; + + /// DefaultStandardOutput property + #[dbus_proxy(property)] + fn default_standard_output(&self) -> zbus::Result; + + /// DefaultStartLimitBurst property + #[dbus_proxy(property)] + fn default_start_limit_burst(&self) -> zbus::Result; + + /// DefaultStartLimitIntervalUSec property + #[dbus_proxy(property)] + fn default_start_limit_interval_usec(&self) -> zbus::Result; + + /// DefaultTasksAccounting property + #[dbus_proxy(property)] + fn default_tasks_accounting(&self) -> zbus::Result; + + /// DefaultTasksMax property + #[dbus_proxy(property)] + fn default_tasks_max(&self) -> zbus::Result; + + /// DefaultTimeoutAbortUSec property + #[dbus_proxy(property)] + fn default_timeout_abort_usec(&self) -> zbus::Result; + + /// DefaultTimeoutStartUSec property + #[dbus_proxy(property)] + fn default_timeout_start_usec(&self) -> zbus::Result; + + /// DefaultTimeoutStopUSec property + #[dbus_proxy(property)] + fn default_timeout_stop_usec(&self) -> zbus::Result; + + /// DefaultTimerAccuracyUSec property + #[dbus_proxy(property)] + fn default_timer_accuracy_usec(&self) -> zbus::Result; + + /// Environment property + #[dbus_proxy(property)] + fn environment(&self) -> zbus::Result>; + + /// ExitCode property + #[dbus_proxy(property)] + fn exit_code(&self) -> zbus::Result; + + /// Features property + #[dbus_proxy(property)] + fn features(&self) -> zbus::Result; + + /// FinishTimestamp property + #[dbus_proxy(property)] + fn finish_timestamp(&self) -> zbus::Result; + + /// FinishTimestampMonotonic property + #[dbus_proxy(property)] + fn finish_timestamp_monotonic(&self) -> zbus::Result; + + /// FirmwareTimestamp property + #[dbus_proxy(property)] + fn firmware_timestamp(&self) -> zbus::Result; + + /// FirmwareTimestampMonotonic property + #[dbus_proxy(property)] + fn firmware_timestamp_monotonic(&self) -> zbus::Result; + + /// GeneratorsFinishTimestamp property + #[dbus_proxy(property)] + fn generators_finish_timestamp(&self) -> zbus::Result; + + /// GeneratorsFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn generators_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// GeneratorsStartTimestamp property + #[dbus_proxy(property)] + fn generators_start_timestamp(&self) -> zbus::Result; + + /// GeneratorsStartTimestampMonotonic property + #[dbus_proxy(property)] + fn generators_start_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDGeneratorsFinishTimestamp property + #[dbus_proxy(property)] + fn init_rdgenerators_finish_timestamp(&self) -> zbus::Result; + + /// InitRDGeneratorsFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdgenerators_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDGeneratorsStartTimestamp property + #[dbus_proxy(property)] + fn init_rdgenerators_start_timestamp(&self) -> zbus::Result; + + /// InitRDGeneratorsStartTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdgenerators_start_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDSecurityFinishTimestamp property + #[dbus_proxy(property)] + fn init_rdsecurity_finish_timestamp(&self) -> zbus::Result; + + /// InitRDSecurityFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdsecurity_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDSecurityStartTimestamp property + #[dbus_proxy(property)] + fn init_rdsecurity_start_timestamp(&self) -> zbus::Result; + + /// InitRDSecurityStartTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdsecurity_start_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDTimestamp property + #[dbus_proxy(property)] + fn init_rdtimestamp(&self) -> zbus::Result; + + /// InitRDTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdtimestamp_monotonic(&self) -> zbus::Result; + + /// InitRDUnitsLoadFinishTimestamp property + #[dbus_proxy(property)] + fn init_rdunits_load_finish_timestamp(&self) -> zbus::Result; + + /// InitRDUnitsLoadFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdunits_load_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDUnitsLoadStartTimestamp property + #[dbus_proxy(property)] + fn init_rdunits_load_start_timestamp(&self) -> zbus::Result; + + /// InitRDUnitsLoadStartTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdunits_load_start_timestamp_monotonic(&self) -> zbus::Result; + + /// KExecWatchdogUSec property + #[dbus_proxy(property)] + fn kexec_watchdog_usec(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_kexec_watchdog_usec(&self, value: u64) -> zbus::Result<()>; + + /// KernelTimestamp property + #[dbus_proxy(property)] + fn kernel_timestamp(&self) -> zbus::Result; + + /// KernelTimestampMonotonic property + #[dbus_proxy(property)] + fn kernel_timestamp_monotonic(&self) -> zbus::Result; + + /// LoaderTimestamp property + #[dbus_proxy(property)] + fn loader_timestamp(&self) -> zbus::Result; + + /// LoaderTimestampMonotonic property + #[dbus_proxy(property)] + fn loader_timestamp_monotonic(&self) -> zbus::Result; + + /// LogLevel property + #[dbus_proxy(property)] + fn log_level(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_log_level(&self, value: &str) -> zbus::Result<()>; + + /// LogTarget property + #[dbus_proxy(property)] + fn log_target(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_log_target(&self, value: &str) -> zbus::Result<()>; + + /// NFailedJobs property + #[dbus_proxy(property)] + fn nfailed_jobs(&self) -> zbus::Result; + + /// NFailedUnits property + #[dbus_proxy(property)] + fn nfailed_units(&self) -> zbus::Result; + + /// NInstalledJobs property + #[dbus_proxy(property)] + fn ninstalled_jobs(&self) -> zbus::Result; + + /// NJobs property + #[dbus_proxy(property)] + fn njobs(&self) -> zbus::Result; + + /// NNames property + #[dbus_proxy(property)] + fn nnames(&self) -> zbus::Result; + + /// Progress property + #[dbus_proxy(property)] + fn progress(&self) -> zbus::Result; + + /// RebootWatchdogUSec property + #[dbus_proxy(property)] + fn reboot_watchdog_usec(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_reboot_watchdog_usec(&self, value: u64) -> zbus::Result<()>; + + /// RuntimeWatchdogUSec property + #[dbus_proxy(property)] + fn runtime_watchdog_usec(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_runtime_watchdog_usec(&self, value: u64) -> zbus::Result<()>; + + /// SecurityFinishTimestamp property + #[dbus_proxy(property)] + fn security_finish_timestamp(&self) -> zbus::Result; + + /// SecurityFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn security_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// SecurityStartTimestamp property + #[dbus_proxy(property)] + fn security_start_timestamp(&self) -> zbus::Result; + + /// SecurityStartTimestampMonotonic property + #[dbus_proxy(property)] + fn security_start_timestamp_monotonic(&self) -> zbus::Result; + + /// ServiceWatchdogs property + #[dbus_proxy(property)] + fn service_watchdogs(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_service_watchdogs(&self, value: bool) -> zbus::Result<()>; + + /// ShowStatus property + #[dbus_proxy(property)] + fn show_status(&self) -> zbus::Result; + + /// SystemState property + #[dbus_proxy(property)] + fn system_state(&self) -> zbus::Result; + + /// Tainted property + #[dbus_proxy(property)] + fn tainted(&self) -> zbus::Result; + + /// TimerSlackNSec property + #[dbus_proxy(property)] + fn timer_slack_nsec(&self) -> zbus::Result; + + /// UnitPath property + #[dbus_proxy(property)] + fn unit_path(&self) -> zbus::Result>; + + /// UnitsLoadFinishTimestamp property + #[dbus_proxy(property)] + fn units_load_finish_timestamp(&self) -> zbus::Result; + + /// UnitsLoadFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn units_load_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// UnitsLoadStartTimestamp property + #[dbus_proxy(property)] + fn units_load_start_timestamp(&self) -> zbus::Result; + + /// UnitsLoadStartTimestampMonotonic property + #[dbus_proxy(property)] + fn units_load_start_timestamp_monotonic(&self) -> zbus::Result; + + /// UserspaceTimestamp property + #[dbus_proxy(property)] + fn userspace_timestamp(&self) -> zbus::Result; + + /// UserspaceTimestampMonotonic property + #[dbus_proxy(property)] + fn userspace_timestamp_monotonic(&self) -> zbus::Result; + + /// Version property + #[dbus_proxy(property)] + fn version(&self) -> zbus::Result; + + /// Virtualization property + #[dbus_proxy(property)] + fn virtualization(&self) -> zbus::Result; +} diff --git a/src/agent/rustjail/src/cgroups/systemd/interface/system.rs b/src/agent/rustjail/src/cgroups/systemd/interface/system.rs new file mode 100644 index 000000000..7a4ef199e --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/interface/system.rs @@ -0,0 +1,1004 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +#![allow(unknown_lints)] +#![allow(clippy::all)] + +//! # DBus interface proxy for: `org.freedesktop.systemd1.Manager` +//! +//! This code was generated by `zbus-xmlgen` `2.0.1` from DBus introspection data. +//! Source: `Interface '/org/freedesktop/systemd1' from service 'org.freedesktop.systemd1' on system bus`. +//! +//! You may prefer to adapt it, instead of using it verbatim. +//! +//! More information can be found in the +//! [Writing a client proxy](https://dbus.pages.freedesktop.org/zbus/client.html) +//! section of the zbus documentation. +//! +//! This DBus object implements +//! [standard DBus interfaces](https://dbus.freedesktop.org/doc/dbus-specification.html), +//! (`org.freedesktop.DBus.*`) for which the following zbus proxies can be used: +//! +//! * [`zbus::fdo::PeerProxy`] +//! * [`zbus::fdo::IntrospectableProxy`] +//! * [`zbus::fdo::PropertiesProxy`] +//! +//! …consequently `zbus-xmlgen` did not generate code for the above interfaces. + +use zbus::dbus_proxy; + +#[dbus_proxy( + interface = "org.freedesktop.systemd1.Manager", + default_service = "org.freedesktop.systemd1", + default_path = "/org/freedesktop/systemd1" +)] +trait Manager { + /// AbandonScope method + fn abandon_scope(&self, name: &str) -> zbus::Result<()>; + + /// AddDependencyUnitFiles method + fn add_dependency_unit_files( + &self, + files: &[&str], + target: &str, + type_: &str, + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// AttachProcessesToUnit method + fn attach_processes_to_unit( + &self, + unit_name: &str, + subcgroup: &str, + pids: &[u32], + ) -> zbus::Result<()>; + + /// BindMountUnit method + fn bind_mount_unit( + &self, + name: &str, + source: &str, + destination: &str, + read_only: bool, + mkdir: bool, + ) -> zbus::Result<()>; + + /// CancelJob method + fn cancel_job(&self, id: u32) -> zbus::Result<()>; + + /// CleanUnit method + fn clean_unit(&self, name: &str, mask: &[&str]) -> zbus::Result<()>; + + /// ClearJobs method + fn clear_jobs(&self) -> zbus::Result<()>; + + /// DisableUnitFiles method + fn disable_unit_files( + &self, + files: &[&str], + runtime: bool, + ) -> zbus::Result>; + + /// DisableUnitFilesWithFlags method + fn disable_unit_files_with_flags( + &self, + files: &[&str], + flags: u64, + ) -> zbus::Result>; + + /// Dump method + fn dump(&self) -> zbus::Result; + + /// DumpByFileDescriptor method + fn dump_by_file_descriptor(&self) -> zbus::Result; + + /// EnableUnitFiles method + fn enable_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// EnableUnitFilesWithFlags method + fn enable_unit_files_with_flags( + &self, + files: &[&str], + flags: u64, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// EnqueueMarkedJobs method + fn enqueue_marked_jobs(&self) -> zbus::Result>; + + /// EnqueueUnitJob method + fn enqueue_unit_job( + &self, + name: &str, + job_type: &str, + job_mode: &str, + ) -> zbus::Result<( + u32, + zbus::zvariant::OwnedObjectPath, + String, + zbus::zvariant::OwnedObjectPath, + String, + Vec<( + u32, + zbus::zvariant::OwnedObjectPath, + String, + zbus::zvariant::OwnedObjectPath, + String, + )>, + )>; + + /// Exit method + fn exit(&self) -> zbus::Result<()>; + + /// FreezeUnit method + fn freeze_unit(&self, name: &str) -> zbus::Result<()>; + + /// GetDefaultTarget method + fn get_default_target(&self) -> zbus::Result; + + /// GetDynamicUsers method + fn get_dynamic_users(&self) -> zbus::Result>; + + /// GetJob method + fn get_job(&self, id: u32) -> zbus::Result; + + /// GetJobAfter method + fn get_job_after( + &self, + id: u32, + ) -> zbus::Result< + Vec<( + u32, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// GetJobBefore method + fn get_job_before( + &self, + id: u32, + ) -> zbus::Result< + Vec<( + u32, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// GetUnit method + fn get_unit(&self, name: &str) -> zbus::Result; + + /// GetUnitByControlGroup method + fn get_unit_by_control_group( + &self, + cgroup: &str, + ) -> zbus::Result; + + /// GetUnitByInvocationID method + fn get_unit_by_invocation_id( + &self, + invocation_id: &[u8], + ) -> zbus::Result; + + /// GetUnitByPID method + fn get_unit_by_pid(&self, pid: u32) -> zbus::Result; + + /// GetUnitFileLinks method + fn get_unit_file_links(&self, name: &str, runtime: bool) -> zbus::Result>; + + /// GetUnitFileState method + fn get_unit_file_state(&self, file: &str) -> zbus::Result; + + /// GetUnitProcesses method + fn get_unit_processes(&self, name: &str) -> zbus::Result>; + + /// Halt method + fn halt(&self) -> zbus::Result<()>; + + /// KExec method + fn kexec(&self) -> zbus::Result<()>; + + /// KillUnit method + fn kill_unit(&self, name: &str, whom: &str, signal: i32) -> zbus::Result<()>; + + /// LinkUnitFiles method + fn link_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// ListJobs method + fn list_jobs( + &self, + ) -> zbus::Result< + Vec<( + u32, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitFiles method + fn list_unit_files(&self) -> zbus::Result>; + + /// ListUnitFilesByPatterns method + fn list_unit_files_by_patterns( + &self, + states: &[&str], + patterns: &[&str], + ) -> zbus::Result>; + + /// ListUnits method + fn list_units( + &self, + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitsByNames method + fn list_units_by_names( + &self, + names: &[&str], + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitsByPatterns method + fn list_units_by_patterns( + &self, + states: &[&str], + patterns: &[&str], + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// ListUnitsFiltered method + fn list_units_filtered( + &self, + states: &[&str], + ) -> zbus::Result< + Vec<( + String, + String, + String, + String, + String, + String, + zbus::zvariant::OwnedObjectPath, + u32, + String, + zbus::zvariant::OwnedObjectPath, + )>, + >; + + /// LoadUnit method + fn load_unit(&self, name: &str) -> zbus::Result; + + /// LookupDynamicUserByName method + fn lookup_dynamic_user_by_name(&self, name: &str) -> zbus::Result; + + /// LookupDynamicUserByUID method + fn lookup_dynamic_user_by_uid(&self, uid: u32) -> zbus::Result; + + /// MaskUnitFiles method + fn mask_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// MountImageUnit method + fn mount_image_unit( + &self, + name: &str, + source: &str, + destination: &str, + read_only: bool, + mkdir: bool, + options: &[(&str, &str)], + ) -> zbus::Result<()>; + + /// PowerOff method + fn power_off(&self) -> zbus::Result<()>; + + /// PresetAllUnitFiles method + fn preset_all_unit_files( + &self, + mode: &str, + runtime: bool, + force: bool, + ) -> zbus::Result>; + + /// PresetUnitFiles method + fn preset_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// PresetUnitFilesWithMode method + fn preset_unit_files_with_mode( + &self, + files: &[&str], + mode: &str, + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// Reboot method + fn reboot(&self) -> zbus::Result<()>; + + /// ReenableUnitFiles method + fn reenable_unit_files( + &self, + files: &[&str], + runtime: bool, + force: bool, + ) -> zbus::Result<(bool, Vec<(String, String, String)>)>; + + /// Reexecute method + fn reexecute(&self) -> zbus::Result<()>; + + /// RefUnit method + fn ref_unit(&self, name: &str) -> zbus::Result<()>; + + /// Reload method + fn reload(&self) -> zbus::Result<()>; + + /// ReloadOrRestartUnit method + fn reload_or_restart_unit( + &self, + name: &str, + mode: &str, + ) -> zbus::Result; + + /// ReloadOrTryRestartUnit method + fn reload_or_try_restart_unit( + &self, + name: &str, + mode: &str, + ) -> zbus::Result; + + /// ReloadUnit method + fn reload_unit(&self, name: &str, mode: &str) -> zbus::Result; + + /// ResetFailed method + fn reset_failed(&self) -> zbus::Result<()>; + + /// ResetFailedUnit method + fn reset_failed_unit(&self, name: &str) -> zbus::Result<()>; + + /// RestartUnit method + fn restart_unit(&self, name: &str, mode: &str) + -> zbus::Result; + + /// RevertUnitFiles method + fn revert_unit_files(&self, files: &[&str]) -> zbus::Result>; + + /// SetDefaultTarget method + fn set_default_target( + &self, + name: &str, + force: bool, + ) -> zbus::Result>; + + /// SetEnvironment method + fn set_environment(&self, assignments: &[&str]) -> zbus::Result<()>; + + /// SetExitCode method + fn set_exit_code(&self, number: u8) -> zbus::Result<()>; + + /// SetShowStatus method + fn set_show_status(&self, mode: &str) -> zbus::Result<()>; + + /// SetUnitProperties method + fn set_unit_properties( + &self, + name: &str, + runtime: bool, + properties: &[(&str, zbus::zvariant::Value<'_>)], + ) -> zbus::Result<()>; + + /// StartTransientUnit method + fn start_transient_unit( + &self, + name: &str, + mode: &str, + properties: &[(&str, zbus::zvariant::Value<'_>)], + aux: &[(&str, &[(&str, zbus::zvariant::Value<'_>)])], + ) -> zbus::Result; + + /// StartUnit method + fn start_unit(&self, name: &str, mode: &str) -> zbus::Result; + + /// StartUnitReplace method + fn start_unit_replace( + &self, + old_unit: &str, + new_unit: &str, + mode: &str, + ) -> zbus::Result; + + /// StopUnit method + fn stop_unit(&self, name: &str, mode: &str) -> zbus::Result; + + /// Subscribe method + fn subscribe(&self) -> zbus::Result<()>; + + /// SwitchRoot method + fn switch_root(&self, new_root: &str, init: &str) -> zbus::Result<()>; + + /// ThawUnit method + fn thaw_unit(&self, name: &str) -> zbus::Result<()>; + + /// TryRestartUnit method + fn try_restart_unit( + &self, + name: &str, + mode: &str, + ) -> zbus::Result; + + /// UnmaskUnitFiles method + fn unmask_unit_files( + &self, + files: &[&str], + runtime: bool, + ) -> zbus::Result>; + + /// UnrefUnit method + fn unref_unit(&self, name: &str) -> zbus::Result<()>; + + /// UnsetAndSetEnvironment method + fn unset_and_set_environment(&self, names: &[&str], assignments: &[&str]) -> zbus::Result<()>; + + /// UnsetEnvironment method + fn unset_environment(&self, names: &[&str]) -> zbus::Result<()>; + + /// Unsubscribe method + fn unsubscribe(&self) -> zbus::Result<()>; + + /// JobNew signal + #[dbus_proxy(signal)] + fn job_new(&self, id: u32, job: zbus::zvariant::ObjectPath<'_>, unit: &str) + -> zbus::Result<()>; + + /// JobRemoved signal + #[dbus_proxy(signal)] + fn job_removed( + &self, + id: u32, + job: zbus::zvariant::ObjectPath<'_>, + unit: &str, + result: &str, + ) -> zbus::Result<()>; + + /// Reloading signal + #[dbus_proxy(signal)] + fn reloading(&self, active: bool) -> zbus::Result<()>; + + /// StartupFinished signal + #[dbus_proxy(signal)] + fn startup_finished( + &self, + firmware: u64, + loader: u64, + kernel: u64, + initrd: u64, + userspace: u64, + total: u64, + ) -> zbus::Result<()>; + + /// UnitFilesChanged signal + #[dbus_proxy(signal)] + fn unit_files_changed(&self) -> zbus::Result<()>; + + /// UnitNew signal + #[dbus_proxy(signal)] + fn unit_new(&self, id: &str, unit: zbus::zvariant::ObjectPath<'_>) -> zbus::Result<()>; + + /// UnitRemoved signal + #[dbus_proxy(signal)] + fn unit_removed(&self, id: &str, unit: zbus::zvariant::ObjectPath<'_>) -> zbus::Result<()>; + + /// Architecture property + #[dbus_proxy(property)] + fn architecture(&self) -> zbus::Result; + + /// ConfirmSpawn property + #[dbus_proxy(property)] + fn confirm_spawn(&self) -> zbus::Result; + + /// ControlGroup property + #[dbus_proxy(property)] + fn control_group(&self) -> zbus::Result; + + /// CtrlAltDelBurstAction property + #[dbus_proxy(property)] + fn ctrl_alt_del_burst_action(&self) -> zbus::Result; + + /// DefaultBlockIOAccounting property + #[dbus_proxy(property)] + fn default_block_ioaccounting(&self) -> zbus::Result; + + /// DefaultCPUAccounting property + #[dbus_proxy(property)] + fn default_cpuaccounting(&self) -> zbus::Result; + + /// DefaultLimitAS property + #[dbus_proxy(property)] + fn default_limit_as(&self) -> zbus::Result; + + /// DefaultLimitASSoft property + #[dbus_proxy(property)] + fn default_limit_assoft(&self) -> zbus::Result; + + /// DefaultLimitCORE property + #[dbus_proxy(property)] + fn default_limit_core(&self) -> zbus::Result; + + /// DefaultLimitCORESoft property + #[dbus_proxy(property)] + fn default_limit_coresoft(&self) -> zbus::Result; + + /// DefaultLimitCPU property + #[dbus_proxy(property)] + fn default_limit_cpu(&self) -> zbus::Result; + + /// DefaultLimitCPUSoft property + #[dbus_proxy(property)] + fn default_limit_cpusoft(&self) -> zbus::Result; + + /// DefaultLimitDATA property + #[dbus_proxy(property)] + fn default_limit_data(&self) -> zbus::Result; + + /// DefaultLimitDATASoft property + #[dbus_proxy(property)] + fn default_limit_datasoft(&self) -> zbus::Result; + + /// DefaultLimitFSIZE property + #[dbus_proxy(property)] + fn default_limit_fsize(&self) -> zbus::Result; + + /// DefaultLimitFSIZESoft property + #[dbus_proxy(property)] + fn default_limit_fsizesoft(&self) -> zbus::Result; + + /// DefaultLimitLOCKS property + #[dbus_proxy(property)] + fn default_limit_locks(&self) -> zbus::Result; + + /// DefaultLimitLOCKSSoft property + #[dbus_proxy(property)] + fn default_limit_lockssoft(&self) -> zbus::Result; + + /// DefaultLimitMEMLOCK property + #[dbus_proxy(property)] + fn default_limit_memlock(&self) -> zbus::Result; + + /// DefaultLimitMEMLOCKSoft property + #[dbus_proxy(property)] + fn default_limit_memlocksoft(&self) -> zbus::Result; + + /// DefaultLimitMSGQUEUE property + #[dbus_proxy(property)] + fn default_limit_msgqueue(&self) -> zbus::Result; + + /// DefaultLimitMSGQUEUESoft property + #[dbus_proxy(property)] + fn default_limit_msgqueuesoft(&self) -> zbus::Result; + + /// DefaultLimitNICE property + #[dbus_proxy(property)] + fn default_limit_nice(&self) -> zbus::Result; + + /// DefaultLimitNICESoft property + #[dbus_proxy(property)] + fn default_limit_nicesoft(&self) -> zbus::Result; + + /// DefaultLimitNOFILE property + #[dbus_proxy(property)] + fn default_limit_nofile(&self) -> zbus::Result; + + /// DefaultLimitNOFILESoft property + #[dbus_proxy(property)] + fn default_limit_nofilesoft(&self) -> zbus::Result; + + /// DefaultLimitNPROC property + #[dbus_proxy(property)] + fn default_limit_nproc(&self) -> zbus::Result; + + /// DefaultLimitNPROCSoft property + #[dbus_proxy(property)] + fn default_limit_nprocsoft(&self) -> zbus::Result; + + /// DefaultLimitRSS property + #[dbus_proxy(property)] + fn default_limit_rss(&self) -> zbus::Result; + + /// DefaultLimitRSSSoft property + #[dbus_proxy(property)] + fn default_limit_rsssoft(&self) -> zbus::Result; + + /// DefaultLimitRTPRIO property + #[dbus_proxy(property)] + fn default_limit_rtprio(&self) -> zbus::Result; + + /// DefaultLimitRTPRIOSoft property + #[dbus_proxy(property)] + fn default_limit_rtpriosoft(&self) -> zbus::Result; + + /// DefaultLimitRTTIME property + #[dbus_proxy(property)] + fn default_limit_rttime(&self) -> zbus::Result; + + /// DefaultLimitRTTIMESoft property + #[dbus_proxy(property)] + fn default_limit_rttimesoft(&self) -> zbus::Result; + + /// DefaultLimitSIGPENDING property + #[dbus_proxy(property)] + fn default_limit_sigpending(&self) -> zbus::Result; + + /// DefaultLimitSIGPENDINGSoft property + #[dbus_proxy(property)] + fn default_limit_sigpendingsoft(&self) -> zbus::Result; + + /// DefaultLimitSTACK property + #[dbus_proxy(property)] + fn default_limit_stack(&self) -> zbus::Result; + + /// DefaultLimitSTACKSoft property + #[dbus_proxy(property)] + fn default_limit_stacksoft(&self) -> zbus::Result; + + /// DefaultMemoryAccounting property + #[dbus_proxy(property)] + fn default_memory_accounting(&self) -> zbus::Result; + + /// DefaultOOMPolicy property + #[dbus_proxy(property)] + fn default_oompolicy(&self) -> zbus::Result; + + /// DefaultRestartUSec property + #[dbus_proxy(property)] + fn default_restart_usec(&self) -> zbus::Result; + + /// DefaultStandardError property + #[dbus_proxy(property)] + fn default_standard_error(&self) -> zbus::Result; + + /// DefaultStandardOutput property + #[dbus_proxy(property)] + fn default_standard_output(&self) -> zbus::Result; + + /// DefaultStartLimitBurst property + #[dbus_proxy(property)] + fn default_start_limit_burst(&self) -> zbus::Result; + + /// DefaultStartLimitIntervalUSec property + #[dbus_proxy(property)] + fn default_start_limit_interval_usec(&self) -> zbus::Result; + + /// DefaultTasksAccounting property + #[dbus_proxy(property)] + fn default_tasks_accounting(&self) -> zbus::Result; + + /// DefaultTasksMax property + #[dbus_proxy(property)] + fn default_tasks_max(&self) -> zbus::Result; + + /// DefaultTimeoutAbortUSec property + #[dbus_proxy(property)] + fn default_timeout_abort_usec(&self) -> zbus::Result; + + /// DefaultTimeoutStartUSec property + #[dbus_proxy(property)] + fn default_timeout_start_usec(&self) -> zbus::Result; + + /// DefaultTimeoutStopUSec property + #[dbus_proxy(property)] + fn default_timeout_stop_usec(&self) -> zbus::Result; + + /// DefaultTimerAccuracyUSec property + #[dbus_proxy(property)] + fn default_timer_accuracy_usec(&self) -> zbus::Result; + + /// Environment property + #[dbus_proxy(property)] + fn environment(&self) -> zbus::Result>; + + /// ExitCode property + #[dbus_proxy(property)] + fn exit_code(&self) -> zbus::Result; + + /// Features property + #[dbus_proxy(property)] + fn features(&self) -> zbus::Result; + + /// FinishTimestamp property + #[dbus_proxy(property)] + fn finish_timestamp(&self) -> zbus::Result; + + /// FinishTimestampMonotonic property + #[dbus_proxy(property)] + fn finish_timestamp_monotonic(&self) -> zbus::Result; + + /// FirmwareTimestamp property + #[dbus_proxy(property)] + fn firmware_timestamp(&self) -> zbus::Result; + + /// FirmwareTimestampMonotonic property + #[dbus_proxy(property)] + fn firmware_timestamp_monotonic(&self) -> zbus::Result; + + /// GeneratorsFinishTimestamp property + #[dbus_proxy(property)] + fn generators_finish_timestamp(&self) -> zbus::Result; + + /// GeneratorsFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn generators_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// GeneratorsStartTimestamp property + #[dbus_proxy(property)] + fn generators_start_timestamp(&self) -> zbus::Result; + + /// GeneratorsStartTimestampMonotonic property + #[dbus_proxy(property)] + fn generators_start_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDGeneratorsFinishTimestamp property + #[dbus_proxy(property)] + fn init_rdgenerators_finish_timestamp(&self) -> zbus::Result; + + /// InitRDGeneratorsFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdgenerators_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDGeneratorsStartTimestamp property + #[dbus_proxy(property)] + fn init_rdgenerators_start_timestamp(&self) -> zbus::Result; + + /// InitRDGeneratorsStartTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdgenerators_start_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDSecurityFinishTimestamp property + #[dbus_proxy(property)] + fn init_rdsecurity_finish_timestamp(&self) -> zbus::Result; + + /// InitRDSecurityFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdsecurity_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDSecurityStartTimestamp property + #[dbus_proxy(property)] + fn init_rdsecurity_start_timestamp(&self) -> zbus::Result; + + /// InitRDSecurityStartTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdsecurity_start_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDTimestamp property + #[dbus_proxy(property)] + fn init_rdtimestamp(&self) -> zbus::Result; + + /// InitRDTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdtimestamp_monotonic(&self) -> zbus::Result; + + /// InitRDUnitsLoadFinishTimestamp property + #[dbus_proxy(property)] + fn init_rdunits_load_finish_timestamp(&self) -> zbus::Result; + + /// InitRDUnitsLoadFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdunits_load_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// InitRDUnitsLoadStartTimestamp property + #[dbus_proxy(property)] + fn init_rdunits_load_start_timestamp(&self) -> zbus::Result; + + /// InitRDUnitsLoadStartTimestampMonotonic property + #[dbus_proxy(property)] + fn init_rdunits_load_start_timestamp_monotonic(&self) -> zbus::Result; + + /// KExecWatchdogUSec property + #[dbus_proxy(property)] + fn kexec_watchdog_usec(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_kexec_watchdog_usec(&self, value: u64) -> zbus::Result<()>; + + /// KernelTimestamp property + #[dbus_proxy(property)] + fn kernel_timestamp(&self) -> zbus::Result; + + /// KernelTimestampMonotonic property + #[dbus_proxy(property)] + fn kernel_timestamp_monotonic(&self) -> zbus::Result; + + /// LoaderTimestamp property + #[dbus_proxy(property)] + fn loader_timestamp(&self) -> zbus::Result; + + /// LoaderTimestampMonotonic property + #[dbus_proxy(property)] + fn loader_timestamp_monotonic(&self) -> zbus::Result; + + /// LogLevel property + #[dbus_proxy(property)] + fn log_level(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_log_level(&self, value: &str) -> zbus::Result<()>; + + /// LogTarget property + #[dbus_proxy(property)] + fn log_target(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_log_target(&self, value: &str) -> zbus::Result<()>; + + /// NFailedJobs property + #[dbus_proxy(property)] + fn nfailed_jobs(&self) -> zbus::Result; + + /// NFailedUnits property + #[dbus_proxy(property)] + fn nfailed_units(&self) -> zbus::Result; + + /// NInstalledJobs property + #[dbus_proxy(property)] + fn ninstalled_jobs(&self) -> zbus::Result; + + /// NJobs property + #[dbus_proxy(property)] + fn njobs(&self) -> zbus::Result; + + /// NNames property + #[dbus_proxy(property)] + fn nnames(&self) -> zbus::Result; + + /// Progress property + #[dbus_proxy(property)] + fn progress(&self) -> zbus::Result; + + /// RebootWatchdogUSec property + #[dbus_proxy(property)] + fn reboot_watchdog_usec(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_reboot_watchdog_usec(&self, value: u64) -> zbus::Result<()>; + + /// RuntimeWatchdogUSec property + #[dbus_proxy(property)] + fn runtime_watchdog_usec(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_runtime_watchdog_usec(&self, value: u64) -> zbus::Result<()>; + + /// SecurityFinishTimestamp property + #[dbus_proxy(property)] + fn security_finish_timestamp(&self) -> zbus::Result; + + /// SecurityFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn security_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// SecurityStartTimestamp property + #[dbus_proxy(property)] + fn security_start_timestamp(&self) -> zbus::Result; + + /// SecurityStartTimestampMonotonic property + #[dbus_proxy(property)] + fn security_start_timestamp_monotonic(&self) -> zbus::Result; + + /// ServiceWatchdogs property + #[dbus_proxy(property)] + fn service_watchdogs(&self) -> zbus::Result; + #[dbus_proxy(property)] + fn set_service_watchdogs(&self, value: bool) -> zbus::Result<()>; + + /// ShowStatus property + #[dbus_proxy(property)] + fn show_status(&self) -> zbus::Result; + + /// SystemState property + #[dbus_proxy(property)] + fn system_state(&self) -> zbus::Result; + + /// Tainted property + #[dbus_proxy(property)] + fn tainted(&self) -> zbus::Result; + + /// TimerSlackNSec property + #[dbus_proxy(property)] + fn timer_slack_nsec(&self) -> zbus::Result; + + /// UnitPath property + #[dbus_proxy(property)] + fn unit_path(&self) -> zbus::Result>; + + /// UnitsLoadFinishTimestamp property + #[dbus_proxy(property)] + fn units_load_finish_timestamp(&self) -> zbus::Result; + + /// UnitsLoadFinishTimestampMonotonic property + #[dbus_proxy(property)] + fn units_load_finish_timestamp_monotonic(&self) -> zbus::Result; + + /// UnitsLoadStartTimestamp property + #[dbus_proxy(property)] + fn units_load_start_timestamp(&self) -> zbus::Result; + + /// UnitsLoadStartTimestampMonotonic property + #[dbus_proxy(property)] + fn units_load_start_timestamp_monotonic(&self) -> zbus::Result; + + /// UserspaceTimestamp property + #[dbus_proxy(property)] + fn userspace_timestamp(&self) -> zbus::Result; + + /// UserspaceTimestampMonotonic property + #[dbus_proxy(property)] + fn userspace_timestamp_monotonic(&self) -> zbus::Result; + + /// Version property + #[dbus_proxy(property)] + fn version(&self) -> zbus::Result; + + /// Virtualization property + #[dbus_proxy(property)] + fn virtualization(&self) -> zbus::Result; +} diff --git a/src/agent/rustjail/src/cgroups/systemd/manager.rs b/src/agent/rustjail/src/cgroups/systemd/manager.rs new file mode 100644 index 000000000..481ef1e60 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/manager.rs @@ -0,0 +1,129 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use crate::cgroups::Manager as CgroupManager; +use crate::protocols::agent::CgroupStats; +use anyhow::Result; +use cgroups::freezer::FreezerState; +use libc::{self, pid_t}; +use oci::LinuxResources; +use std::any::Any; +use std::collections::HashMap; +use std::convert::TryInto; +use std::string::String; +use std::vec; + +use super::super::fs::Manager as FsManager; + +use super::cgroups_path::CgroupsPath; +use super::common::{CgroupHierarchy, Properties}; +use super::dbus_client::{DBusClient, SystemdInterface}; +use super::subsystem::transformer::Transformer; +use super::subsystem::{cpu::Cpu, cpuset::CpuSet, memory::Memory, pids::Pids}; + +#[derive(Serialize, Deserialize, Debug, Clone)] +pub struct Manager { + pub paths: HashMap, + pub mounts: HashMap, + pub cgroups_path: CgroupsPath, + pub cpath: String, + pub unit_name: String, + // dbus client for set properties + dbus_client: DBusClient, + // fs manager for get properties + fs_manager: FsManager, + // cgroup version for different dbus properties + cg_hierarchy: CgroupHierarchy, +} + +impl CgroupManager for Manager { + fn apply(&self, pid: pid_t) -> Result<()> { + let unit_name = self.unit_name.as_str(); + if self.dbus_client.unit_exist(unit_name).unwrap() { + self.dbus_client.add_process(pid, self.unit_name.as_str())?; + } else { + self.dbus_client.start_unit( + (pid as u32).try_into().unwrap(), + self.cgroups_path.slice.as_str(), + self.unit_name.as_str(), + &self.cg_hierarchy, + )?; + } + + Ok(()) + } + + fn set(&self, r: &LinuxResources, _: bool) -> Result<()> { + let mut properties: Properties = vec![]; + + let systemd_version = self.dbus_client.get_version()?; + let systemd_version_str = systemd_version.as_str(); + + Cpu::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; + Memory::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; + Pids::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; + CpuSet::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; + + self.dbus_client + .set_properties(self.unit_name.as_str(), &properties)?; + + Ok(()) + } + + fn get_stats(&self) -> Result { + self.fs_manager.get_stats() + } + + fn freeze(&self, state: FreezerState) -> Result<()> { + self.fs_manager.freeze(state) + } + + fn destroy(&mut self) -> Result<()> { + self.dbus_client.stop_unit(self.unit_name.as_str())?; + self.fs_manager.destroy() + } + + fn get_pids(&self) -> Result> { + self.fs_manager.get_pids() + } + + fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> { + self.fs_manager + .update_cpuset_path(guest_cpuset, container_cpuset) + } + + fn get_cgroup_path(&self, cg: &str) -> Result { + self.fs_manager.get_cgroup_path(cg) + } + + fn as_any(&self) -> Result<&dyn Any> { + Ok(self) + } +} + +impl Manager { + pub fn new(cgroups_path_str: &str) -> Result { + let cgroups_path = CgroupsPath::new(cgroups_path_str)?; + let (parent_slice, unit_name) = cgroups_path.parse()?; + let cpath = parent_slice + "/" + &unit_name; + + let fs_manager = FsManager::new(cpath.as_str())?; + + Ok(Manager { + paths: fs_manager.paths.clone(), + mounts: fs_manager.mounts.clone(), + cgroups_path, + cpath, + unit_name, + dbus_client: DBusClient {}, + fs_manager, + cg_hierarchy: if cgroups::hierarchies::is_cgroup2_unified_mode() { + CgroupHierarchy::Unified + } else { + CgroupHierarchy::Legacy + }, + }) + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/mod.rs b/src/agent/rustjail/src/cgroups/systemd/mod.rs new file mode 100644 index 000000000..1bfb49a36 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/mod.rs @@ -0,0 +1,12 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +pub mod manager; + +mod cgroups_path; +mod common; +mod dbus_client; +mod interface; +mod subsystem; diff --git a/src/agent/rustjail/src/cgroups/systemd/subsystem/cpu.rs b/src/agent/rustjail/src/cgroups/systemd/subsystem/cpu.rs new file mode 100644 index 000000000..6735b4d3c --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/subsystem/cpu.rs @@ -0,0 +1,139 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::super::common::{CgroupHierarchy, Properties}; +use super::transformer::Transformer; + +use anyhow::Result; +use oci::{LinuxCpu, LinuxResources}; +use zbus::zvariant::Value; + +const BASIC_SYSTEMD_VERSION: &str = "242"; +const DEFAULT_CPUQUOTAPERIOD: u64 = 100 * 1000; +const SEC2MICROSEC: u64 = 1000 * 1000; +const BASIC_INTERVAL: u64 = 10 * 1000; + +pub struct Cpu {} + +impl Transformer for Cpu { + fn apply( + r: &LinuxResources, + properties: &mut Properties, + cgroup_hierarchy: &CgroupHierarchy, + systemd_version: &str, + ) -> Result<()> { + if let Some(cpu_resources) = &r.cpu { + match cgroup_hierarchy { + CgroupHierarchy::Legacy => { + Self::legacy_apply(cpu_resources, properties, systemd_version)? + } + CgroupHierarchy::Unified => { + Self::unified_apply(cpu_resources, properties, systemd_version)? + } + } + } + + Ok(()) + } +} + +impl Cpu { + // v1: + // cpu.shares <-> CPUShares + // cpu.period <-> CPUQuotaPeriodUSec + // cpu.period & cpu.quota <-> CPUQuotaPerSecUSec + fn legacy_apply( + cpu_resources: &LinuxCpu, + properties: &mut Properties, + systemd_version: &str, + ) -> Result<()> { + if let Some(shares) = cpu_resources.shares { + properties.push(("CPUShares", Value::U64(shares))); + } + + if let Some(period) = cpu_resources.period { + if period != 0 && systemd_version >= BASIC_SYSTEMD_VERSION { + properties.push(("CPUQuotaPeriodUSec", Value::U64(period))); + } + } + + if let Some(quota) = cpu_resources.quota { + let period = cpu_resources.period.unwrap_or(DEFAULT_CPUQUOTAPERIOD); + if period != 0 { + let cpu_quota_per_sec_usec = resolve_cpuquota(quota, period); + properties.push(("CPUQuotaPerSecUSec", Value::U64(cpu_quota_per_sec_usec))); + } + } + + Ok(()) + } + + // v2: + // cpu.shares <-> CPUShares + // cpu.period <-> CPUQuotaPeriodUSec + // cpu.period & cpu.quota <-> CPUQuotaPerSecUSec + fn unified_apply( + cpu_resources: &LinuxCpu, + properties: &mut Properties, + systemd_version: &str, + ) -> Result<()> { + if let Some(shares) = cpu_resources.shares { + let unified_shares = get_unified_cpushares(shares); + properties.push(("CPUShares", Value::U64(unified_shares))); + } + + if let Some(period) = cpu_resources.period { + if period != 0 && systemd_version >= BASIC_SYSTEMD_VERSION { + properties.push(("CPUQuotaPeriodUSec", Value::U64(period))); + } + } + + if let Some(quota) = cpu_resources.quota { + let period = cpu_resources.period.unwrap_or(DEFAULT_CPUQUOTAPERIOD); + if period != 0 { + let cpu_quota_per_sec_usec = resolve_cpuquota(quota, period); + properties.push(("CPUQuotaPerSecUSec", Value::U64(cpu_quota_per_sec_usec))); + } + } + + Ok(()) + } +} + +// ref: https://github.com/containers/crun/blob/main/crun.1.md#cgroup-v2 +// [2-262144] to [1-10000] +fn get_unified_cpushares(shares: u64) -> u64 { + if shares == 0 { + return 100; + } + + 1 + ((shares - 2) * 9999) / 262142 +} + +fn resolve_cpuquota(quota: i64, period: u64) -> u64 { + let mut cpu_quota_per_sec_usec = u64::MAX; + if quota > 0 { + cpu_quota_per_sec_usec = (quota as u64) * SEC2MICROSEC / period; + if cpu_quota_per_sec_usec % BASIC_INTERVAL != 0 { + cpu_quota_per_sec_usec = + ((cpu_quota_per_sec_usec / BASIC_INTERVAL) + 1) * BASIC_INTERVAL; + } + } + cpu_quota_per_sec_usec +} + +#[cfg(test)] +mod tests { + use crate::cgroups::systemd::subsystem::cpu::resolve_cpuquota; + + #[test] + fn test_unified_cpuquota() { + let quota: i64 = 1000000; + let period: u64 = 500000; + let cpu_quota_per_sec_usec = resolve_cpuquota(quota, period); + + assert_eq!(2000000, cpu_quota_per_sec_usec); + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/subsystem/cpuset.rs b/src/agent/rustjail/src/cgroups/systemd/subsystem/cpuset.rs new file mode 100644 index 000000000..3f05cdc7c --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/subsystem/cpuset.rs @@ -0,0 +1,124 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::super::common::{CgroupHierarchy, Properties}; + +use super::transformer::Transformer; + +use anyhow::{bail, Result}; +use bit_vec::BitVec; +use oci::{LinuxCpu, LinuxResources}; +use std::convert::{TryFrom, TryInto}; +use zbus::zvariant::Value; + +const BASIC_SYSTEMD_VERSION: &str = "244"; + +pub struct CpuSet {} + +impl Transformer for CpuSet { + fn apply( + r: &LinuxResources, + properties: &mut Properties, + _: &CgroupHierarchy, + systemd_version: &str, + ) -> Result<()> { + if let Some(cpuset_resources) = &r.cpu { + Self::apply(cpuset_resources, properties, systemd_version)?; + } + + Ok(()) + } +} + +// v1 & v2: +// cpuset.cpus <-> AllowedCPUs (v244) +// cpuset.mems <-> AllowedMemoryNodes (v244) +impl CpuSet { + fn apply( + cpuset_resources: &LinuxCpu, + properties: &mut Properties, + systemd_version: &str, + ) -> Result<()> { + if systemd_version < BASIC_SYSTEMD_VERSION { + return Ok(()); + } + + let cpus = cpuset_resources.cpus.as_str(); + if !cpus.is_empty() { + let cpus_vec: BitMask = cpus.try_into()?; + properties.push(("AllowedCPUs", Value::Array(cpus_vec.0.into()))); + } + + let mems = cpuset_resources.mems.as_str(); + if !mems.is_empty() { + let mems_vec: BitMask = mems.try_into()?; + properties.push(("AllowedMemoryNodes", Value::Array(mems_vec.0.into()))); + } + + Ok(()) + } +} + +struct BitMask(Vec); + +impl TryFrom<&str> for BitMask { + type Error = anyhow::Error; + + fn try_from(bitmask_str: &str) -> Result { + let mut bitmask_vec = BitVec::from_elem(8, false); + let bitmask_str_vec: Vec<&str> = bitmask_str.split(',').collect(); + for bitmask in bitmask_str_vec.iter() { + let range: Vec<&str> = bitmask.split('-').collect(); + match range.len() { + 1 => { + let idx: usize = range[0].parse()?; + while idx >= bitmask_vec.len() { + bitmask_vec.grow(8, false); + } + bitmask_vec.set(adjust_index(idx), true); + } + 2 => { + let left_index = range[0].parse()?; + let right_index = range[1].parse()?; + while right_index >= bitmask_vec.len() { + bitmask_vec.grow(8, false); + } + for idx in left_index..=right_index { + bitmask_vec.set(adjust_index(idx), true); + } + } + _ => bail!("invalid bitmask str {}", bitmask_str), + } + } + let mut result_vec = bitmask_vec.to_bytes(); + result_vec.reverse(); + + Ok(BitMask(result_vec)) + } +} + +#[inline(always)] +fn adjust_index(idx: usize) -> usize { + idx / 8 * 8 + 7 - idx % 8 +} + +#[cfg(test)] +mod tests { + use std::convert::TryInto; + + use crate::cgroups::systemd::subsystem::cpuset::BitMask; + + #[test] + fn test_bitmask_conversion() { + let cpus_vec: BitMask = "2-4".try_into().unwrap(); + assert_eq!(vec![0b11100 as u8], cpus_vec.0); + + let cpus_vec: BitMask = "1,7".try_into().unwrap(); + assert_eq!(vec![0b10000010 as u8], cpus_vec.0); + + let cpus_vec: BitMask = "0,2-3,7".try_into().unwrap(); + assert_eq!(vec![0b10001101 as u8], cpus_vec.0); + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/subsystem/memory.rs b/src/agent/rustjail/src/cgroups/systemd/subsystem/memory.rs new file mode 100644 index 000000000..e2ec5343c --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/subsystem/memory.rs @@ -0,0 +1,117 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::super::common::{CgroupHierarchy, Properties}; + +use super::transformer::Transformer; + +use anyhow::{bail, Result}; +use oci::{LinuxMemory, LinuxResources}; +use zbus::zvariant::Value; + +pub struct Memory {} + +impl Transformer for Memory { + fn apply( + r: &LinuxResources, + properties: &mut Properties, + cgroup_hierarchy: &CgroupHierarchy, + _: &str, + ) -> Result<()> { + if let Some(memory_resources) = &r.memory { + match cgroup_hierarchy { + CgroupHierarchy::Legacy => Self::legacy_apply(memory_resources, properties)?, + CgroupHierarchy::Unified => Self::unified_apply(memory_resources, properties)?, + } + } + + Ok(()) + } +} + +impl Memory { + // v1: + // memory.limit <-> MemoryLimit + fn legacy_apply(memory_resources: &LinuxMemory, properties: &mut Properties) -> Result<()> { + if let Some(limit) = memory_resources.limit { + let limit = match limit { + 1..=i64::MAX => limit as u64, + 0 => u64::MAX, + _ => bail!("invalid memory.limit"), + }; + properties.push(("MemoryLimit", Value::U64(limit))); + } + + Ok(()) + } + + // v2: + // memory.low <-> MemoryLow + // memory.max <-> MemoryMax + // memory.swap & memory.limit <-> MemorySwapMax + fn unified_apply(memory_resources: &LinuxMemory, properties: &mut Properties) -> Result<()> { + if let Some(limit) = memory_resources.limit { + let limit = match limit { + 1..=i64::MAX => limit as u64, + 0 => u64::MAX, + _ => bail!("invalid memory.limit: {}", limit), + }; + properties.push(("MemoryMax", Value::U64(limit))); + } + + if let Some(reservation) = memory_resources.reservation { + let reservation = match reservation { + 1..=i64::MAX => reservation as u64, + 0 => u64::MAX, + _ => bail!("invalid memory.reservation: {}", reservation), + }; + properties.push(("MemoryLow", Value::U64(reservation))); + } + + let swap = match memory_resources.swap { + Some(0) => u64::MAX, + Some(1..=i64::MAX) => match memory_resources.limit { + Some(1..=i64::MAX) => { + (memory_resources.limit.unwrap() - memory_resources.swap.unwrap()) as u64 + } + _ => bail!("invalid memory.limit when memory.swap specified"), + }, + None => u64::MAX, + _ => bail!("invalid memory.swap"), + }; + + properties.push(("MemorySwapMax", Value::U64(swap))); + + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::Memory; + use super::Properties; + use super::Value; + + #[test] + fn test_unified_memory() { + let memory_resources = oci::LinuxMemory { + limit: Some(736870912), + reservation: Some(536870912), + swap: Some(536870912), + kernel: Some(0), + kernel_tcp: Some(0), + swappiness: Some(0), + disable_oom_killer: Some(false), + }; + let mut properties: Properties = vec![]; + + assert_eq!( + true, + Memory::unified_apply(&memory_resources, &mut properties).is_ok() + ); + + assert_eq!(Value::U64(200000000), properties[2].1); + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/subsystem/mod.rs b/src/agent/rustjail/src/cgroups/systemd/subsystem/mod.rs new file mode 100644 index 000000000..6810040a2 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/subsystem/mod.rs @@ -0,0 +1,10 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +pub mod cpu; +pub mod cpuset; +pub mod memory; +pub mod pids; +pub mod transformer; diff --git a/src/agent/rustjail/src/cgroups/systemd/subsystem/pids.rs b/src/agent/rustjail/src/cgroups/systemd/subsystem/pids.rs new file mode 100644 index 000000000..7ff1ee7c6 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/subsystem/pids.rs @@ -0,0 +1,60 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::super::common::{CgroupHierarchy, Properties}; + +use super::transformer::Transformer; + +use anyhow::Result; +use oci::{LinuxPids, LinuxResources}; +use zbus::zvariant::Value; + +pub struct Pids {} + +impl Transformer for Pids { + fn apply( + r: &LinuxResources, + properties: &mut Properties, + _: &CgroupHierarchy, + _: &str, + ) -> Result<()> { + if let Some(pids_resources) = &r.pids { + Self::apply(pids_resources, properties)?; + } + + Ok(()) + } +} + +// pids.limit <-> TasksMax +impl Pids { + fn apply(pids_resources: &LinuxPids, properties: &mut Properties) -> Result<()> { + let limit = if pids_resources.limit > 0 { + pids_resources.limit as u64 + } else { + u64::MAX + }; + + properties.push(("TasksMax", Value::U64(limit))); + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::Pids; + use super::Properties; + use super::Value; + + #[test] + fn test_subsystem_workflow() { + let pids_resources = oci::LinuxPids { limit: 0 }; + let mut properties: Properties = vec![]; + + assert_eq!(true, Pids::apply(&pids_resources, &mut properties).is_ok()); + + assert_eq!(Value::U64(u64::MAX), properties[0].1); + } +} diff --git a/src/agent/rustjail/src/cgroups/systemd/subsystem/transformer.rs b/src/agent/rustjail/src/cgroups/systemd/subsystem/transformer.rs new file mode 100644 index 000000000..952ed4dd2 --- /dev/null +++ b/src/agent/rustjail/src/cgroups/systemd/subsystem/transformer.rs @@ -0,0 +1,17 @@ +// Copyright 2021-2022 Kata Contributors +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::super::common::{CgroupHierarchy, Properties}; +use anyhow::Result; +use oci::LinuxResources; + +pub trait Transformer { + fn apply( + r: &LinuxResources, + properties: &mut Properties, + cgroup_hierarchy: &CgroupHierarchy, + systemd_version: &str, + ) -> Result<()>; +} diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index afa374bc2..de92adf4c 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -22,6 +22,7 @@ use crate::capabilities; use crate::cgroups::fs::Manager as FsManager; #[cfg(test)] use crate::cgroups::mock::Manager as FsManager; +use crate::cgroups::systemd::manager::Manager as SystemdManager; use crate::cgroups::Manager; #[cfg(feature = "standard-oci-runtime")] use crate::console; @@ -49,6 +50,7 @@ use std::os::unix::io::AsRawFd; use protobuf::SingularPtrField; use oci::State as OCIState; +use regex::Regex; use std::collections::HashMap; use std::os::unix::io::FromRawFd; use std::str::FromStr; @@ -201,6 +203,8 @@ lazy_static! { }, ] }; + + pub static ref SYSTEMD_CGROUP_PATH_FORMAT:Regex = Regex::new(r"^[\w\-.]*:[\w\-.]*:[\w\-.]*$").unwrap(); } #[derive(Serialize, Deserialize, Debug)] @@ -239,7 +243,7 @@ pub struct LinuxContainer { pub id: String, pub root: String, pub config: Config, - pub cgroup_manager: Option, + pub cgroup_manager: Option>, pub init_process_pid: pid_t, pub init_process_start_time: u64, pub uid_map_path: String, @@ -390,7 +394,9 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { let buf = read_sync(crfd)?; let cm_str = std::str::from_utf8(&buf)?; - let cm: FsManager = serde_json::from_str(cm_str)?; + // deserialize cm_str into FsManager and SystemdManager separately + let fs_cm: Result = serde_json::from_str(cm_str); + let systemd_cm: Result = serde_json::from_str(cm_str); #[cfg(feature = "standard-oci-runtime")] let csocket_fd = console::setup_console_socket(&std::env::var(CONSOLE_SOCKET_FD)?)?; @@ -548,7 +554,18 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { if to_new.contains(CloneFlags::CLONE_NEWNS) { // setup rootfs - mount::init_rootfs(cfd_log, &spec, &cm.paths, &cm.mounts, bind_device)?; + if let Ok(systemd_cm) = systemd_cm { + mount::init_rootfs( + cfd_log, + &spec, + &systemd_cm.paths, + &systemd_cm.mounts, + bind_device, + )?; + } else { + let fs_cm = fs_cm.unwrap(); + mount::init_rootfs(cfd_log, &spec, &fs_cm.paths, &fs_cm.mounts, bind_device)?; + } } if init { @@ -1018,7 +1035,8 @@ impl BaseContainer for LinuxContainer { &logger, spec, &p, - self.cgroup_manager.as_ref().unwrap(), + self.cgroup_manager.as_ref().unwrap().as_ref(), + self.config.use_systemd_cgroup, &st, &mut pipe_w, &mut pipe_r, @@ -1280,11 +1298,13 @@ pub fn setup_child_logger(fd: RawFd, child_logger: Logger) -> tokio::task::JoinH }) } +#[allow(clippy::too_many_arguments)] async fn join_namespaces( logger: &Logger, spec: &Spec, p: &Process, - cm: &FsManager, + cm: &(dyn Manager + Send + Sync), + use_systemd_cgroup: bool, st: &OCIState, pipe_w: &mut PipeStream, pipe_r: &mut PipeStream, @@ -1311,7 +1331,11 @@ async fn join_namespaces( info!(logger, "wait child received oci process"); read_async(pipe_r).await?; - let cm_str = serde_json::to_string(cm)?; + let cm_str = if use_systemd_cgroup { + serde_json::to_string(cm.as_any()?.downcast_ref::().unwrap()) + } else { + serde_json::to_string(cm.as_any()?.downcast_ref::().unwrap()) + }?; write_async(pipe_w, SYNC_DATA, cm_str.as_str()).await?; // wait child setup user namespace @@ -1334,13 +1358,16 @@ async fn join_namespaces( } // apply cgroups - if p.init && res.is_some() { - info!(logger, "apply cgroups!"); - cm.set(res.unwrap(), false)?; + // For FsManger, it's no matter about the order of apply and set. + // For SystemdManger, apply must be precede set because we can only create a systemd unit with specific processes(pids). + if res.is_some() { + info!(logger, "apply processes to cgroups!"); + cm.apply(p.pid)?; } - if res.is_some() { - cm.apply(p.pid)?; + if p.init && res.is_some() { + info!(logger, "set properties to cgroups!"); + cm.set(res.unwrap(), false)?; } info!(logger, "notify child to continue"); @@ -1419,7 +1446,7 @@ impl LinuxContainer { pub fn new + Display + Clone>( id: T, base: T, - config: Config, + mut config: Config, logger: &Logger, ) -> Result { let base = base.into(); @@ -1448,18 +1475,40 @@ impl LinuxContainer { let linux = spec.linux.as_ref().unwrap(); - let cpath = if linux.cgroups_path.is_empty() { - format!("/{}", id.as_str()) + // determine which cgroup driver to take and then assign to config.use_systemd_cgroup + // systemd: "[slice]:[prefix]:[name]" + // fs: "/path_a/path_b" + let cpath = if SYSTEMD_CGROUP_PATH_FORMAT.is_match(linux.cgroups_path.as_str()) { + config.use_systemd_cgroup = true; + if linux.cgroups_path.len() == 2 { + format!("system.slice:kata_agent:{}", id.as_str()) + } else { + linux.cgroups_path.clone() + } } else { - linux.cgroups_path.clone() + config.use_systemd_cgroup = false; + if linux.cgroups_path.is_empty() { + format!("/{}", id.as_str()) + } else { + linux.cgroups_path.clone() + } }; - let cgroup_manager = FsManager::new(cpath.as_str()).map_err(|e| { - anyhow!(format!( - "fail to create cgroup manager with path {}: {:}", - cpath, e - )) - })?; + let cgroup_manager: Box = if config.use_systemd_cgroup { + Box::new(SystemdManager::new(cpath.as_str()).map_err(|e| { + anyhow!(format!( + "fail to create cgroup manager with path {}: {:}", + cpath, e + )) + })?) + } else { + Box::new(FsManager::new(cpath.as_str()).map_err(|e| { + anyhow!(format!( + "fail to create cgroup manager with path {}: {:}", + cpath, e + )) + })?) + }; info!(logger, "new cgroup_manager {:?}", &cgroup_manager); Ok(LinuxContainer { @@ -1944,7 +1993,11 @@ mod tests { #[test] fn test_linuxcontainer_pause() { let ret = new_linux_container_and_then(|mut c: LinuxContainer| { - c.cgroup_manager = FsManager::new("").ok(); + let cgroup_manager: Box = + Box::new(FsManager::new("").map_err(|e| { + anyhow!(format!("fail to create cgroup manager with path: {:}", e)) + })?); + c.cgroup_manager = Some(cgroup_manager); c.pause().map_err(|e| anyhow!(e)) }); @@ -1977,7 +2030,11 @@ mod tests { #[test] fn test_linuxcontainer_resume() { let ret = new_linux_container_and_then(|mut c: LinuxContainer| { - c.cgroup_manager = FsManager::new("").ok(); + let cgroup_manager: Box = + Box::new(FsManager::new("").map_err(|e| { + anyhow!(format!("fail to create cgroup manager with path: {:}", e)) + })?); + c.cgroup_manager = Some(cgroup_manager); // Change status to paused, this way we can resume it c.status.transition(ContainerState::Paused); c.resume().map_err(|e| anyhow!(e)) diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index bf6420e9b..49f72dca6 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -44,7 +44,6 @@ use nix::errno::Errno; use nix::mount::MsFlags; use nix::sys::{stat, statfs}; use nix::unistd::{self, Pid}; -use rustjail::cgroups::Manager; use rustjail::process::ProcessOperations; use crate::device::{ @@ -267,9 +266,9 @@ impl AgentService { // start oom event loop if let Some(ref ctr) = ctr.cgroup_manager { - let cg_path = ctr.get_cg_path("memory"); + let cg_path = ctr.get_cgroup_path("memory"); - if let Some(cg_path) = cg_path { + if let Ok(cg_path) = cg_path { let rx = notifier::notify_oom(cid.as_str(), cg_path.to_string()).await?; s.run_oom_event_monitor(rx, cid.clone()).await; diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index f10f81dae..f53372dfb 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -23,7 +23,6 @@ import ( "github.com/kata-containers/kata-containers/src/runtime/pkg/device/config" volume "github.com/kata-containers/kata-containers/src/runtime/pkg/direct-volume" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace" - resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol" "github.com/kata-containers/kata-containers/src/runtime/pkg/uuid" persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api" pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols" @@ -927,18 +926,19 @@ func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool, str grpcSpec.Linux.Resources.CPU.Mems = "" } + // We need agent systemd cgroup now. // There are three main reasons to do not apply systemd cgroups in the VM // - Initrd image doesn't have systemd. // - Nobody will be able to modify the resources of a specific container by using systemctl set-property. // - docker is not running in the VM. - if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) { - // Convert systemd cgroup to cgroupfs - slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":") - // 0 - slice: system.slice - // 1 - prefix: docker - // 2 - name: abc123 - grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2]) - } + // if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) { + // // Convert systemd cgroup to cgroupfs + // slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":") + // // 0 - slice: system.slice + // // 1 - prefix: docker + // // 2 - name: abc123 + // grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2]) + // } // Disable network namespace since it is already handled on the host by // virtcontainers. The network is a complex part which cannot be simply diff --git a/src/runtime/virtcontainers/kata_agent_test.go b/src/runtime/virtcontainers/kata_agent_test.go index 27a6837e9..c8e1f52d0 100644 --- a/src/runtime/virtcontainers/kata_agent_test.go +++ b/src/runtime/virtcontainers/kata_agent_test.go @@ -574,7 +574,7 @@ func TestAppendVhostUserBlkDevices(t *testing.T) { func TestConstrainGRPCSpec(t *testing.T) { assert := assert.New(t) - expectedCgroupPath := "/foo/bar" + expectedCgroupPath := "system.slice:foo:bar" g := &pb.Spec{ Hooks: &pb.Hooks{}, diff --git a/src/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock index 414ce3c4a..389e68aae 100644 --- a/src/tools/agent-ctl/Cargo.lock +++ b/src/tools/agent-ctl/Cargo.lock @@ -41,6 +41,88 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" +[[package]] +name = "async-broadcast" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61" +dependencies = [ + "event-listener", + "futures-core", + "parking_lot", +] + +[[package]] +name = "async-channel" +version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28" +dependencies = [ + "concurrent-queue", + "event-listener", + "futures-core", +] + +[[package]] +name = "async-executor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965" +dependencies = [ + "async-task", + "concurrent-queue", + "fastrand", + "futures-lite", + "once_cell", + "slab", +] + +[[package]] +name = "async-io" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7" +dependencies = [ + "autocfg", + "concurrent-queue", + "futures-lite", + "libc", + "log", + "once_cell", + "parking", + "polling", + "slab", + "socket2", + "waker-fn", + "winapi", +] + +[[package]] +name = "async-lock" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6" +dependencies = [ + "event-listener", +] + +[[package]] +name = "async-recursion" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7d78656ba01f1b93024b7c3a0467f1608e4be67d725749fdcd7d2c7678fd7a2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "async-task" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524" + [[package]] name = "async-trait" version = "0.1.52" @@ -65,9 +147,15 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "bit-vec" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" [[package]] name = "bitflags" @@ -93,6 +181,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +[[package]] +name = "cache-padded" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c" + [[package]] name = "capctl" version = "0.2.0" @@ -174,6 +268,15 @@ dependencies = [ "vec_map", ] +[[package]] +name = "concurrent-queue" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c" +dependencies = [ + "cache-padded", +] + [[package]] name = "core-foundation-sys" version = "0.8.3" @@ -200,6 +303,17 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "derivative" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "derive-new" version = "0.5.9" @@ -211,12 +325,53 @@ dependencies = [ "syn", ] +[[package]] +name = "dirs" +version = "4.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6" +dependencies = [ + "libc", + "redox_users", + "winapi", +] + [[package]] name = "either" version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" +[[package]] +name = "enumflags2" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb" +dependencies = [ + "enumflags2_derive", + "serde", +] + +[[package]] +name = "enumflags2_derive" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "errno" version = "0.2.8" @@ -238,6 +393,21 @@ dependencies = [ "libc", ] +[[package]] +name = "event-listener" +version = "2.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" + +[[package]] +name = "fastrand" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" +dependencies = [ + "instant", +] + [[package]] name = "fixedbitset" version = "0.2.0" @@ -271,9 +441,9 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.17" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" +checksum = "4e5aa3de05362c3fb88de6531e6296e85cde7739cccad4b9dfeeb7f6ebce56bf" [[package]] name = "futures-executor" @@ -292,6 +462,21 @@ version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377" +[[package]] +name = "futures-lite" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48" +dependencies = [ + "fastrand", + "futures-core", + "futures-io", + "memchr", + "parking", + "pin-project-lite", + "waker-fn", +] + [[package]] name = "futures-macro" version = "0.3.17" @@ -430,6 +615,15 @@ dependencies = [ "libc", ] +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if 1.0.0", +] + [[package]] name = "itertools" version = "0.10.3" @@ -491,6 +685,16 @@ version = "0.2.132" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" +[[package]] +name = "lock_api" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390" +dependencies = [ + "autocfg", + "scopeguard", +] + [[package]] name = "log" version = "0.4.14" @@ -576,6 +780,7 @@ dependencies = [ "bitflags", "cfg-if 1.0.0", "libc", + "memoffset", ] [[package]] @@ -618,9 +823,48 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.9.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" +checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" + +[[package]] +name = "ordered-stream" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1" +dependencies = [ + "futures-core", + "pin-project-lite", +] + +[[package]] +name = "parking" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72" + +[[package]] +name = "parking_lot" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09a279cbf25cb0757810394fbc1e359949b59e348145c643a939a525692e6929" +dependencies = [ + "cfg-if 1.0.0", + "libc", + "redox_syscall", + "smallvec", + "windows-sys", +] [[package]] name = "path-absolutize" @@ -653,9 +897,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.7" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d31d11c69a6b52a174b42bdc0c30e5e11670f90788b2c471c31c1d17d449443" +checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" [[package]] name = "pin-utils" @@ -663,12 +907,37 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "polling" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899b00b9c8ab553c743b3e11e87c5c7d423b2a2de229ba95b24a756344748011" +dependencies = [ + "autocfg", + "cfg-if 1.0.0", + "libc", + "log", + "wepoll-ffi", + "winapi", +] + [[package]] name = "ppv-lite86" version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" +[[package]] +name = "proc-macro-crate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9" +dependencies = [ + "once_cell", + "thiserror", + "toml", +] + [[package]] name = "proc-macro-hack" version = "0.5.19" @@ -833,13 +1102,24 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.2.10" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" dependencies = [ "bitflags", ] +[[package]] +name = "redox_users" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" +dependencies = [ + "getrandom", + "redox_syscall", + "thiserror", +] + [[package]] name = "regex" version = "1.5.6" @@ -881,6 +1161,7 @@ version = "0.1.0" dependencies = [ "anyhow", "async-trait", + "bit-vec", "capctl", "caps", "cfg-if 0.1.10", @@ -889,7 +1170,7 @@ dependencies = [ "inotify", "lazy_static", "libc", - "nix 0.23.1", + "nix 0.24.2", "oci", "path-absolutize", "protobuf", @@ -904,6 +1185,7 @@ dependencies = [ "slog", "slog-scope", "tokio", + "zbus", ] [[package]] @@ -958,6 +1240,32 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_repr" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha1" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" +dependencies = [ + "sha1_smol", +] + +[[package]] +name = "sha1_smol" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" + [[package]] name = "signal-hook-registry" version = "1.4.0" @@ -1020,6 +1328,28 @@ dependencies = [ "slog", ] +[[package]] +name = "smallvec" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1" + +[[package]] +name = "socket2" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" +dependencies = [ + "libc", + "winapi", +] + +[[package]] +name = "static_assertions" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" + [[package]] name = "strsim" version = "0.8.0" @@ -1133,6 +1463,47 @@ dependencies = [ "syn", ] +[[package]] +name = "toml" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7" +dependencies = [ + "serde", +] + +[[package]] +name = "tracing" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fce9567bd60a67d08a16488756721ba392f24f29006402881e43b19aac64307" +dependencies = [ + "cfg-if 1.0.0", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11c75893af559bc8e10716548bdef5cb2b983f8e637db9d0e15126b61b484ee2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5aeea4303076558a00714b823f9ad67d58a3bbda1df83d8827d21193156e22f7" +dependencies = [ + "once_cell", +] + [[package]] name = "ttrpc" version = "0.6.0" @@ -1175,6 +1546,16 @@ dependencies = [ "tempfile", ] +[[package]] +name = "uds_windows" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce65604324d3cce9b966701489fbd0cf318cb1f7bd9dd07ac9a4ee6fb791930d" +dependencies = [ + "tempfile", + "winapi", +] + [[package]] name = "unicode-segmentation" version = "1.8.0" @@ -1199,6 +1580,12 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" +[[package]] +name = "waker-fn" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" + [[package]] name = "wasi" version = "0.10.2+wasi-snapshot-preview1" @@ -1259,6 +1646,15 @@ version = "0.2.81" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be" +[[package]] +name = "wepoll-ffi" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d743fdedc5c64377b5fc2bc036b01c7fd642205a0d96356034ae3404d49eb7fb" +dependencies = [ + "cc", +] + [[package]] name = "which" version = "4.2.2" @@ -1291,3 +1687,136 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2" +dependencies = [ + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47" + +[[package]] +name = "windows_i686_gnu" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6" + +[[package]] +name = "windows_i686_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" + +[[package]] +name = "zbus" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b" +dependencies = [ + "async-broadcast", + "async-channel", + "async-executor", + "async-io", + "async-lock", + "async-recursion", + "async-task", + "async-trait", + "byteorder", + "derivative", + "dirs", + "enumflags2", + "event-listener", + "futures-core", + "futures-sink", + "futures-util", + "hex", + "lazy_static", + "nix 0.23.1", + "once_cell", + "ordered-stream", + "rand", + "serde", + "serde_repr", + "sha1", + "static_assertions", + "tracing", + "uds_windows", + "winapi", + "zbus_macros", + "zbus_names", + "zvariant", +] + +[[package]] +name = "zbus_macros" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6" +dependencies = [ + "proc-macro-crate", + "proc-macro2", + "quote", + "regex", + "syn", +] + +[[package]] +name = "zbus_names" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41a408fd8a352695690f53906dc7fd036be924ec51ea5e05666ff42685ed0af5" +dependencies = [ + "serde", + "static_assertions", + "zvariant", +] + +[[package]] +name = "zvariant" +version = "3.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bd68e4e6432ef19df47d7e90e2e72b5e7e3d778e0ae3baddf12b951265cc758" +dependencies = [ + "byteorder", + "enumflags2", + "libc", + "serde", + "static_assertions", + "zvariant_derive", +] + +[[package]] +name = "zvariant_derive" +version = "3.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08e977eaa3af652f63d479ce50d924254ad76722a6289ec1a1eac3231ca30430" +dependencies = [ + "proc-macro-crate", + "proc-macro2", + "quote", + "syn", +] diff --git a/src/tools/runk/Cargo.lock b/src/tools/runk/Cargo.lock index 5862c2758..fb22c2845 100644 --- a/src/tools/runk/Cargo.lock +++ b/src/tools/runk/Cargo.lock @@ -29,6 +29,88 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" +[[package]] +name = "async-broadcast" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61" +dependencies = [ + "event-listener", + "futures-core", + "parking_lot", +] + +[[package]] +name = "async-channel" +version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28" +dependencies = [ + "concurrent-queue", + "event-listener", + "futures-core", +] + +[[package]] +name = "async-executor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965" +dependencies = [ + "async-task", + "concurrent-queue", + "fastrand", + "futures-lite", + "once_cell", + "slab", +] + +[[package]] +name = "async-io" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7" +dependencies = [ + "autocfg", + "concurrent-queue", + "futures-lite", + "libc", + "log", + "once_cell", + "parking", + "polling", + "slab", + "socket2", + "waker-fn", + "winapi", +] + +[[package]] +name = "async-lock" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6" +dependencies = [ + "event-listener", +] + +[[package]] +name = "async-recursion" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7d78656ba01f1b93024b7c3a0467f1608e4be67d725749fdcd7d2c7678fd7a2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "async-task" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524" + [[package]] name = "async-trait" version = "0.1.53" @@ -57,6 +139,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +[[package]] +name = "bit-vec" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" + [[package]] name = "bitflags" version = "1.3.2" @@ -75,6 +163,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +[[package]] +name = "cache-padded" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c" + [[package]] name = "capctl" version = "0.2.1" @@ -180,6 +274,15 @@ dependencies = [ "os_str_bytes", ] +[[package]] +name = "concurrent-queue" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c" +dependencies = [ + "cache-padded", +] + [[package]] name = "crc32fast" version = "1.3.2" @@ -244,6 +347,17 @@ dependencies = [ "syn", ] +[[package]] +name = "derivative" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "derive-new" version = "0.5.9" @@ -286,12 +400,53 @@ dependencies = [ "syn", ] +[[package]] +name = "dirs" +version = "4.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6" +dependencies = [ + "libc", + "redox_users", + "winapi", +] + [[package]] name = "either" version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" +[[package]] +name = "enumflags2" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb" +dependencies = [ + "enumflags2_derive", + "serde", +] + +[[package]] +name = "enumflags2_derive" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "errno" version = "0.2.8" @@ -313,6 +468,12 @@ dependencies = [ "libc", ] +[[package]] +name = "event-listener" +version = "2.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" + [[package]] name = "fastrand" version = "1.7.0" @@ -392,6 +553,21 @@ version = "0.3.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc4045962a5a5e935ee2fdedaa4e08284547402885ab326734432bed5d12966b" +[[package]] +name = "futures-lite" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48" +dependencies = [ + "fastrand", + "futures-core", + "futures-io", + "memchr", + "parking", + "pin-project-lite", + "waker-fn", +] + [[package]] name = "futures-macro" version = "0.3.21" @@ -433,6 +609,17 @@ dependencies = [ "slab", ] +[[package]] +name = "getrandom" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" +dependencies = [ + "cfg-if 1.0.0", + "libc", + "wasi 0.11.0+wasi-snapshot-preview1", +] + [[package]] name = "hashbrown" version = "0.11.2" @@ -582,10 +769,11 @@ dependencies = [ [[package]] name = "libseccomp" -version = "0.2.3" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49bda1fbf25c42ac8942ff7df1eb6172a3bc36299e84be0dba8c888a7db68c80" +checksum = "21c57fd8981a80019807b7b68118618d29a87177c63d704fc96e6ecd003ae5b3" dependencies = [ + "bitflags", "libc", "libseccomp-sys", "pkg-config", @@ -770,9 +958,19 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.10.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9" +checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" + +[[package]] +name = "ordered-stream" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1" +dependencies = [ + "futures-core", + "pin-project-lite", +] [[package]] name = "os_str_bytes" @@ -781,10 +979,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e22443d1643a904602595ba1cd8f7d896afe56d26712531c5ff73a15b2fbf64" [[package]] -name = "parking_lot" -version = "0.12.0" +name = "parking" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f5ec2493a61ac0506c0f4199f99070cbe83857b0337006a30f3e6719b8ef58" +checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72" + +[[package]] +name = "parking_lot" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" dependencies = [ "lock_api", "parking_lot_core", @@ -850,6 +1054,37 @@ version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +[[package]] +name = "polling" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899b00b9c8ab553c743b3e11e87c5c7d423b2a2de229ba95b24a756344748011" +dependencies = [ + "autocfg", + "cfg-if 1.0.0", + "libc", + "log", + "wepoll-ffi", + "winapi", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" + +[[package]] +name = "proc-macro-crate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9" +dependencies = [ + "once_cell", + "thiserror", + "toml", +] + [[package]] name = "proc-macro-error" version = "1.0.4" @@ -997,6 +1232,36 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +dependencies = [ + "getrandom", +] + [[package]] name = "redox_syscall" version = "0.2.13" @@ -1006,6 +1271,17 @@ dependencies = [ "bitflags", ] +[[package]] +name = "redox_users" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" +dependencies = [ + "getrandom", + "redox_syscall", + "thiserror", +] + [[package]] name = "regex" version = "1.6.0" @@ -1085,6 +1361,7 @@ version = "0.1.0" dependencies = [ "anyhow", "async-trait", + "bit-vec", "capctl", "caps", "cfg-if 0.1.10", @@ -1094,7 +1371,7 @@ dependencies = [ "lazy_static", "libc", "libseccomp", - "nix 0.23.1", + "nix 0.24.2", "oci", "path-absolutize", "protobuf", @@ -1109,6 +1386,7 @@ dependencies = [ "slog", "slog-scope", "tokio", + "zbus", ] [[package]] @@ -1163,6 +1441,32 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_repr" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha1" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" +dependencies = [ + "sha1_smol", +] + +[[package]] +name = "sha1_smol" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" + [[package]] name = "signal-hook-registry" version = "1.4.0" @@ -1241,6 +1545,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "static_assertions" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" + [[package]] name = "strsim" version = "0.10.0" @@ -1391,6 +1701,47 @@ dependencies = [ "syn", ] +[[package]] +name = "toml" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7" +dependencies = [ + "serde", +] + +[[package]] +name = "tracing" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fce9567bd60a67d08a16488756721ba392f24f29006402881e43b19aac64307" +dependencies = [ + "cfg-if 1.0.0", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11c75893af559bc8e10716548bdef5cb2b983f8e637db9d0e15126b61b484ee2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5aeea4303076558a00714b823f9ad67d58a3bbda1df83d8827d21193156e22f7" +dependencies = [ + "once_cell", +] + [[package]] name = "ttrpc" version = "0.6.1" @@ -1433,6 +1784,16 @@ dependencies = [ "tempfile", ] +[[package]] +name = "uds_windows" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce65604324d3cce9b966701489fbd0cf318cb1f7bd9dd07ac9a4ee6fb791930d" +dependencies = [ + "tempfile", + "winapi", +] + [[package]] name = "unicode-segmentation" version = "1.9.0" @@ -1467,6 +1828,12 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +[[package]] +name = "waker-fn" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" + [[package]] name = "wasi" version = "0.10.0+wasi-snapshot-preview1" @@ -1479,6 +1846,15 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wepoll-ffi" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d743fdedc5c64377b5fc2bc036b01c7fd642205a0d96356034ae3404d49eb7fb" +dependencies = [ + "cc", +] + [[package]] name = "which" version = "4.2.5" @@ -1606,3 +1982,93 @@ name = "windows_x86_64_msvc" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" + +[[package]] +name = "zbus" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b" +dependencies = [ + "async-broadcast", + "async-channel", + "async-executor", + "async-io", + "async-lock", + "async-recursion", + "async-task", + "async-trait", + "byteorder", + "derivative", + "dirs", + "enumflags2", + "event-listener", + "futures-core", + "futures-sink", + "futures-util", + "hex", + "lazy_static", + "nix 0.23.1", + "once_cell", + "ordered-stream", + "rand", + "serde", + "serde_repr", + "sha1", + "static_assertions", + "tracing", + "uds_windows", + "winapi", + "zbus_macros", + "zbus_names", + "zvariant", +] + +[[package]] +name = "zbus_macros" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6" +dependencies = [ + "proc-macro-crate", + "proc-macro2", + "quote", + "regex", + "syn", +] + +[[package]] +name = "zbus_names" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41a408fd8a352695690f53906dc7fd036be924ec51ea5e05666ff42685ed0af5" +dependencies = [ + "serde", + "static_assertions", + "zvariant", +] + +[[package]] +name = "zvariant" +version = "3.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bd68e4e6432ef19df47d7e90e2e72b5e7e3d778e0ae3baddf12b951265cc758" +dependencies = [ + "byteorder", + "enumflags2", + "libc", + "serde", + "static_assertions", + "zvariant_derive", +] + +[[package]] +name = "zvariant_derive" +version = "3.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08e977eaa3af652f63d479ce50d924254ad76722a6289ec1a1eac3231ca30430" +dependencies = [ + "proc-macro-crate", + "proc-macro2", + "quote", + "syn", +] diff --git a/src/tools/runk/libcontainer/src/container.rs b/src/tools/runk/libcontainer/src/container.rs index fce2d9ecd..44d70c3aa 100644 --- a/src/tools/runk/libcontainer/src/container.rs +++ b/src/tools/runk/libcontainer/src/container.rs @@ -17,6 +17,7 @@ use nix::{ }; use oci::{ContainerState, State as OCIState}; use procfs; +use rustjail::cgroups::fs::Manager as CgroupManager; use rustjail::{ container::{self, BaseContainer, LinuxContainer, EXEC_FIFO_FILENAME}, process::{Process, ProcessOperations}, @@ -327,8 +328,12 @@ impl ContainerLauncher { self.runner.created, self.runner .cgroup_manager - .clone() - .ok_or_else(|| anyhow!("cgroup manager was not present"))?, + .as_ref() + .unwrap() + .as_any()? + .downcast_ref::() + .unwrap() + .clone(), self.runner.config.clone(), ) } diff --git a/tools/osbuilder/rootfs-builder/ubuntu/config.sh b/tools/osbuilder/rootfs-builder/ubuntu/config.sh index 97a7353e8..ec5dfafd6 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/config.sh +++ b/tools/osbuilder/rootfs-builder/ubuntu/config.sh @@ -5,7 +5,7 @@ OS_NAME=ubuntu # This should be Ubuntu's code name, e.g. "focal" (Focal Fossa) for 20.04 OS_VERSION=${OS_VERSION:-focal} -PACKAGES="chrony iptables" +PACKAGES="chrony iptables dbus" [ "$AGENT_INIT" = no ] && PACKAGES+=" init" [ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp2" REPO_URL=http://ports.ubuntu.com diff --git a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh index 4261c7ff0..daa158bf7 100644 --- a/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh +++ b/tools/osbuilder/rootfs-builder/ubuntu/rootfs_lib.sh @@ -2,6 +2,12 @@ # # SPDX-License-Identifier: Apache-2.0 +build_dbus() { + local rootfs_dir=$1 + ln -sf /lib/systemd/system/dbus.service $rootfs_dir/etc/systemd/system/dbus.service + ln -sf /lib/systemd/system/dbus.socket $rootfs_dir/etc/systemd/system/dbus.socket +} + build_rootfs() { local rootfs_dir=$1 local multistrap_conf=multistrap.conf @@ -19,7 +25,9 @@ keyring=ubuntu-keyring suite=focal packages=$PACKAGES $EXTRA_PKGS EOF - multistrap -a "$DEB_ARCH" -d "$rootfs_dir" -f "$multistrap_conf" + if ! multistrap -a "$DEB_ARCH" -d "$rootfs_dir" -f "$multistrap_conf"; then + build_dbus $rootfs_dir + fi rm -rf "$rootfs_dir/var/run" ln -s /run "$rootfs_dir/var/run" cp --remove-destination /etc/resolv.conf "$rootfs_dir/etc" From 4b45e1386905c7e62dbaf9172d4aaffa5540e4ee Mon Sep 17 00:00:00 2001 From: Alexandru Matei Date: Mon, 21 Nov 2022 17:36:00 +0200 Subject: [PATCH 02/17] runtime: don't fail mkdir if the folder is already created Use MkdirAll instead of Mkdir so it doesn't generate an error when the folder is created by another process Fixes #5713 Signed-off-by: Alexandru Matei --- src/runtime/virtcontainers/utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/utils/utils.go b/src/runtime/virtcontainers/utils/utils.go index 86f1ad874..8b05bfc2f 100644 --- a/src/runtime/virtcontainers/utils/utils.go +++ b/src/runtime/virtcontainers/utils/utils.go @@ -399,7 +399,7 @@ func MkdirAllWithInheritedOwner(path string, perm os.FileMode) error { info, err := os.Stat(curPath) if err != nil { - if err = os.Mkdir(curPath, perm); err != nil { + if err = os.MkdirAll(curPath, perm); err != nil { return fmt.Errorf("mkdir call failed: %v", err.Error()) } if err = syscall.Chown(curPath, uid, gid); err != nil { From cd85a44a0404a33036750df11ce8eb6d258518af Mon Sep 17 00:00:00 2001 From: Gabriela Cervantes Date: Thu, 24 Nov 2022 17:57:36 +0000 Subject: [PATCH 03/17] tools: Remove extra tab spaces from kata deploy binaries script This PR removes extra tab spaces from the kata deploy binaries script. Fixes #5747 Signed-off-by: Gabriela Cervantes --- .../packaging/kata-deploy/local-build/kata-deploy-binaries.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 3e36d710d..1e83e3153 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -195,7 +195,7 @@ handle_build() { install_shimv2 install_virtiofsd ;; - + cloud-hypervisor) install_clh ;; firecracker) install_firecracker ;; @@ -216,7 +216,6 @@ handle_build() { virtiofsd) install_virtiofsd ;; - *) die "Invalid build target ${build_target}" ;; From 1dfd845f51e0ca8d5d0b101e6e2b7dbbb78560dc Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Fri, 25 Nov 2022 11:07:28 +0800 Subject: [PATCH 04/17] runtime: go fix code for 1.19 We have starting to use golang 1.19, some features are not supported later, so run `go fix` to fix them. Fixes: #5750 Signed-off-by: Bin Liu --- src/runtime/cmd/kata-runtime/kata-check_generic_test.go | 1 - src/runtime/cmd/kata-runtime/kata-env_generic_test.go | 1 - src/runtime/go.mod | 2 +- src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go | 1 - src/runtime/pkg/resourcecontrol/cgroups.go | 1 - src/runtime/virtcontainers/acrn.go | 1 - src/runtime/virtcontainers/acrn_arch_base.go | 1 - src/runtime/virtcontainers/acrn_test.go | 1 - src/runtime/virtcontainers/agent.go | 2 +- src/runtime/virtcontainers/clh.go | 1 - src/runtime/virtcontainers/clh_test.go | 1 - src/runtime/virtcontainers/fc.go | 1 - src/runtime/virtcontainers/fc_metrics.go | 1 - src/runtime/virtcontainers/fc_test.go | 1 - src/runtime/virtcontainers/ipvlan_endpoint.go | 1 - src/runtime/virtcontainers/ipvlan_endpoint_test.go | 1 - src/runtime/virtcontainers/kata_agent.go | 2 +- src/runtime/virtcontainers/macvlan_endpoint.go | 1 - src/runtime/virtcontainers/macvlan_endpoint_test.go | 1 - src/runtime/virtcontainers/macvtap_endpoint.go | 1 - src/runtime/virtcontainers/macvtap_endpoint_test.go | 1 - src/runtime/virtcontainers/mock_agent.go | 2 +- src/runtime/virtcontainers/physical_endpoint.go | 1 - src/runtime/virtcontainers/physical_endpoint_test.go | 1 - src/runtime/virtcontainers/qemu.go | 1 - src/runtime/virtcontainers/qemu_amd64.go | 1 - src/runtime/virtcontainers/qemu_amd64_test.go | 1 - src/runtime/virtcontainers/qemu_arch_base.go | 1 - src/runtime/virtcontainers/qemu_arch_base_test.go | 1 - src/runtime/virtcontainers/qemu_arm64.go | 1 - src/runtime/virtcontainers/qemu_arm64_test.go | 1 - src/runtime/virtcontainers/qemu_ppc64le.go | 1 - src/runtime/virtcontainers/qemu_ppc64le_test.go | 1 - src/runtime/virtcontainers/qemu_s390x.go | 1 - src/runtime/virtcontainers/qemu_s390x_test.go | 1 - src/runtime/virtcontainers/qemu_test.go | 1 - src/runtime/virtcontainers/tap_endpoint.go | 1 - src/runtime/virtcontainers/tuntap_endpoint.go | 1 - src/runtime/virtcontainers/utils/utils_linux_generic.go | 1 - src/runtime/virtcontainers/veth_endpoint.go | 1 - src/runtime/virtcontainers/veth_endpoint_test.go | 1 - src/runtime/virtcontainers/vhostuser_endpoint.go | 1 - src/runtime/virtcontainers/vhostuser_endpoint_test.go | 1 - 43 files changed, 4 insertions(+), 43 deletions(-) diff --git a/src/runtime/cmd/kata-runtime/kata-check_generic_test.go b/src/runtime/cmd/kata-runtime/kata-check_generic_test.go index 6584b66e0..18e722e43 100644 --- a/src/runtime/cmd/kata-runtime/kata-check_generic_test.go +++ b/src/runtime/cmd/kata-runtime/kata-check_generic_test.go @@ -4,7 +4,6 @@ // //go:build arm64 || ppc64le -// +build arm64 ppc64le package main diff --git a/src/runtime/cmd/kata-runtime/kata-env_generic_test.go b/src/runtime/cmd/kata-runtime/kata-env_generic_test.go index 8e22ba74a..ca862338b 100644 --- a/src/runtime/cmd/kata-runtime/kata-env_generic_test.go +++ b/src/runtime/cmd/kata-runtime/kata-env_generic_test.go @@ -4,7 +4,6 @@ // //go:build arm64 || ppc64le -// +build arm64 ppc64le package main diff --git a/src/runtime/go.mod b/src/runtime/go.mod index 54d5742d8..895f62c62 100644 --- a/src/runtime/go.mod +++ b/src/runtime/go.mod @@ -50,7 +50,6 @@ require ( go.opentelemetry.io/otel/exporters/jaeger v1.0.0 go.opentelemetry.io/otel/sdk v1.3.0 go.opentelemetry.io/otel/trace v1.3.0 - golang.org/x/net v0.0.0-20220722155237-a158d28d115b golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f google.golang.org/grpc v1.47.0 @@ -99,6 +98,7 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect go.mongodb.org/mongo-driver v1.7.5 // indirect go.opencensus.io v0.23.0 // indirect + golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go b/src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go index 26b2ac547..ec70767d7 100644 --- a/src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go +++ b/src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go @@ -1,5 +1,4 @@ //go:build !s390x -// +build !s390x // Copyright contributors to the Virtual Machine Manager for Go project // diff --git a/src/runtime/pkg/resourcecontrol/cgroups.go b/src/runtime/pkg/resourcecontrol/cgroups.go index 9434cd897..da88820ef 100644 --- a/src/runtime/pkg/resourcecontrol/cgroups.go +++ b/src/runtime/pkg/resourcecontrol/cgroups.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2021-2022 Apple Inc. // diff --git a/src/runtime/virtcontainers/acrn.go b/src/runtime/virtcontainers/acrn.go index fec7f159b..3863000a6 100644 --- a/src/runtime/virtcontainers/acrn.go +++ b/src/runtime/virtcontainers/acrn.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2019 Intel Corporation // diff --git a/src/runtime/virtcontainers/acrn_arch_base.go b/src/runtime/virtcontainers/acrn_arch_base.go index 7379274b0..8d8c42242 100644 --- a/src/runtime/virtcontainers/acrn_arch_base.go +++ b/src/runtime/virtcontainers/acrn_arch_base.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2019 Intel Corporation // diff --git a/src/runtime/virtcontainers/acrn_test.go b/src/runtime/virtcontainers/acrn_test.go index 25c79f960..9ce189812 100644 --- a/src/runtime/virtcontainers/acrn_test.go +++ b/src/runtime/virtcontainers/acrn_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2019 Intel Corporation // diff --git a/src/runtime/virtcontainers/agent.go b/src/runtime/virtcontainers/agent.go index 90730153e..dc5d1d9ad 100644 --- a/src/runtime/virtcontainers/agent.go +++ b/src/runtime/virtcontainers/agent.go @@ -9,12 +9,12 @@ import ( "syscall" "time" + "context" persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api" pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" specs "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/net/context" ) type newAgentFuncKey struct{} diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index afe48b804..92089a537 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2019 Ericsson Eurolab Deutschland GmbH // diff --git a/src/runtime/virtcontainers/clh_test.go b/src/runtime/virtcontainers/clh_test.go index e8f02101e..6865f4b1f 100644 --- a/src/runtime/virtcontainers/clh_test.go +++ b/src/runtime/virtcontainers/clh_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2019 Ericsson Eurolab Deutschland G.m.b.H. // diff --git a/src/runtime/virtcontainers/fc.go b/src/runtime/virtcontainers/fc.go index dc86f6b40..4fb1dddfe 100644 --- a/src/runtime/virtcontainers/fc.go +++ b/src/runtime/virtcontainers/fc.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/fc_metrics.go b/src/runtime/virtcontainers/fc_metrics.go index 32cbd5c1d..90832707b 100644 --- a/src/runtime/virtcontainers/fc_metrics.go +++ b/src/runtime/virtcontainers/fc_metrics.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2020 Ant Group // diff --git a/src/runtime/virtcontainers/fc_test.go b/src/runtime/virtcontainers/fc_test.go index 78ab704ee..64bde2232 100644 --- a/src/runtime/virtcontainers/fc_test.go +++ b/src/runtime/virtcontainers/fc_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2019 Intel Corporation // diff --git a/src/runtime/virtcontainers/ipvlan_endpoint.go b/src/runtime/virtcontainers/ipvlan_endpoint.go index 53a57e740..f3da40e88 100644 --- a/src/runtime/virtcontainers/ipvlan_endpoint.go +++ b/src/runtime/virtcontainers/ipvlan_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/ipvlan_endpoint_test.go b/src/runtime/virtcontainers/ipvlan_endpoint_test.go index 7fe33d166..2bec272e6 100644 --- a/src/runtime/virtcontainers/ipvlan_endpoint_test.go +++ b/src/runtime/virtcontainers/ipvlan_endpoint_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index f10f81dae..c5b49e59b 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -34,10 +34,10 @@ import ( "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils" + "context" "github.com/gogo/protobuf/proto" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" - "golang.org/x/net/context" "golang.org/x/sys/unix" "google.golang.org/grpc/codes" grpcStatus "google.golang.org/grpc/status" diff --git a/src/runtime/virtcontainers/macvlan_endpoint.go b/src/runtime/virtcontainers/macvlan_endpoint.go index 061a36f15..76dc911a8 100644 --- a/src/runtime/virtcontainers/macvlan_endpoint.go +++ b/src/runtime/virtcontainers/macvlan_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/macvlan_endpoint_test.go b/src/runtime/virtcontainers/macvlan_endpoint_test.go index 896be917e..8e0e9a2b6 100644 --- a/src/runtime/virtcontainers/macvlan_endpoint_test.go +++ b/src/runtime/virtcontainers/macvlan_endpoint_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/macvtap_endpoint.go b/src/runtime/virtcontainers/macvtap_endpoint.go index 1a2452cf1..d223c0bc7 100644 --- a/src/runtime/virtcontainers/macvtap_endpoint.go +++ b/src/runtime/virtcontainers/macvtap_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/macvtap_endpoint_test.go b/src/runtime/virtcontainers/macvtap_endpoint_test.go index 6b7e00943..3787f2b15 100644 --- a/src/runtime/virtcontainers/macvtap_endpoint_test.go +++ b/src/runtime/virtcontainers/macvtap_endpoint_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/mock_agent.go b/src/runtime/virtcontainers/mock_agent.go index a3c4d44b0..67ec52319 100644 --- a/src/runtime/virtcontainers/mock_agent.go +++ b/src/runtime/virtcontainers/mock_agent.go @@ -9,12 +9,12 @@ import ( "syscall" "time" + "context" persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api" pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" specs "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/net/context" ) // mockAgent is an empty Agent implementation, for testing and diff --git a/src/runtime/virtcontainers/physical_endpoint.go b/src/runtime/virtcontainers/physical_endpoint.go index ea64ba926..b71e512d7 100644 --- a/src/runtime/virtcontainers/physical_endpoint.go +++ b/src/runtime/virtcontainers/physical_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/physical_endpoint_test.go b/src/runtime/virtcontainers/physical_endpoint_test.go index cac41358f..bba7f7d1c 100644 --- a/src/runtime/virtcontainers/physical_endpoint_test.go +++ b/src/runtime/virtcontainers/physical_endpoint_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index 2933f854c..d33f02f6e 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2016 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index 233fafcc0..124fd4534 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go index 73641ab45..33d506dcd 100644 --- a/src/runtime/virtcontainers/qemu_amd64_test.go +++ b/src/runtime/virtcontainers/qemu_amd64_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu_arch_base.go b/src/runtime/virtcontainers/qemu_arch_base.go index 07282afa7..e16c285ab 100644 --- a/src/runtime/virtcontainers/qemu_arch_base.go +++ b/src/runtime/virtcontainers/qemu_arch_base.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu_arch_base_test.go b/src/runtime/virtcontainers/qemu_arch_base_test.go index 41d3bbd43..37611bb5b 100644 --- a/src/runtime/virtcontainers/qemu_arch_base_test.go +++ b/src/runtime/virtcontainers/qemu_arch_base_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu_arm64.go b/src/runtime/virtcontainers/qemu_arm64.go index 378b89c6d..ccf164139 100644 --- a/src/runtime/virtcontainers/qemu_arm64.go +++ b/src/runtime/virtcontainers/qemu_arm64.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/qemu_arm64_test.go b/src/runtime/virtcontainers/qemu_arm64_test.go index 15ae38222..07e67ac8c 100644 --- a/src/runtime/virtcontainers/qemu_arm64_test.go +++ b/src/runtime/virtcontainers/qemu_arm64_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 IBM // diff --git a/src/runtime/virtcontainers/qemu_ppc64le.go b/src/runtime/virtcontainers/qemu_ppc64le.go index 6e62551b6..7f6de2fcd 100644 --- a/src/runtime/virtcontainers/qemu_ppc64le.go +++ b/src/runtime/virtcontainers/qemu_ppc64le.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 IBM // diff --git a/src/runtime/virtcontainers/qemu_ppc64le_test.go b/src/runtime/virtcontainers/qemu_ppc64le_test.go index fd59f51b3..85e1dfe80 100644 --- a/src/runtime/virtcontainers/qemu_ppc64le_test.go +++ b/src/runtime/virtcontainers/qemu_ppc64le_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 IBM // diff --git a/src/runtime/virtcontainers/qemu_s390x.go b/src/runtime/virtcontainers/qemu_s390x.go index 46a1af4ad..422db2b87 100644 --- a/src/runtime/virtcontainers/qemu_s390x.go +++ b/src/runtime/virtcontainers/qemu_s390x.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 IBM // diff --git a/src/runtime/virtcontainers/qemu_s390x_test.go b/src/runtime/virtcontainers/qemu_s390x_test.go index 909e1b87e..24a67bdd9 100644 --- a/src/runtime/virtcontainers/qemu_s390x_test.go +++ b/src/runtime/virtcontainers/qemu_s390x_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 IBM // diff --git a/src/runtime/virtcontainers/qemu_test.go b/src/runtime/virtcontainers/qemu_test.go index b932189e8..f30dd0a69 100644 --- a/src/runtime/virtcontainers/qemu_test.go +++ b/src/runtime/virtcontainers/qemu_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2016 Intel Corporation // diff --git a/src/runtime/virtcontainers/tap_endpoint.go b/src/runtime/virtcontainers/tap_endpoint.go index 62b855382..4bd88d50f 100644 --- a/src/runtime/virtcontainers/tap_endpoint.go +++ b/src/runtime/virtcontainers/tap_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Huawei Corporation // diff --git a/src/runtime/virtcontainers/tuntap_endpoint.go b/src/runtime/virtcontainers/tuntap_endpoint.go index 888e666ef..c76fef5ad 100644 --- a/src/runtime/virtcontainers/tuntap_endpoint.go +++ b/src/runtime/virtcontainers/tuntap_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Huawei Corporation // Copyright (c) 2019 Intel Corporation diff --git a/src/runtime/virtcontainers/utils/utils_linux_generic.go b/src/runtime/virtcontainers/utils/utils_linux_generic.go index bf57f77e2..b3d12f299 100644 --- a/src/runtime/virtcontainers/utils/utils_linux_generic.go +++ b/src/runtime/virtcontainers/utils/utils_linux_generic.go @@ -1,5 +1,4 @@ //go:build amd64 || arm64 || s390x || !ppc64le -// +build amd64 arm64 s390x !ppc64le // Copyright (c) 2019 IBM // diff --git a/src/runtime/virtcontainers/veth_endpoint.go b/src/runtime/virtcontainers/veth_endpoint.go index 52a7ae479..e3ed63d70 100644 --- a/src/runtime/virtcontainers/veth_endpoint.go +++ b/src/runtime/virtcontainers/veth_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/veth_endpoint_test.go b/src/runtime/virtcontainers/veth_endpoint_test.go index c6ae2ce67..dc6f03270 100644 --- a/src/runtime/virtcontainers/veth_endpoint_test.go +++ b/src/runtime/virtcontainers/veth_endpoint_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/vhostuser_endpoint.go b/src/runtime/virtcontainers/vhostuser_endpoint.go index 55f37f189..6656f33dc 100644 --- a/src/runtime/virtcontainers/vhostuser_endpoint.go +++ b/src/runtime/virtcontainers/vhostuser_endpoint.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // diff --git a/src/runtime/virtcontainers/vhostuser_endpoint_test.go b/src/runtime/virtcontainers/vhostuser_endpoint_test.go index c75930ff6..a49a3e61e 100644 --- a/src/runtime/virtcontainers/vhostuser_endpoint_test.go +++ b/src/runtime/virtcontainers/vhostuser_endpoint_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux // Copyright (c) 2018 Intel Corporation // From 1d93a934682b7f15bcc40c9df52c15254063d7fb Mon Sep 17 00:00:00 2001 From: Ji-Xinyou Date: Tue, 8 Nov 2022 10:47:00 +0800 Subject: [PATCH 05/17] fix(agent): fix iptables binary path in guest Some rootfs put iptables-save and iptables-restore under /usr/sbin instead of /sbin. This pr checks both and returns the one exist. Fixes: #5608 Signed-off-by: Ji-Xinyou --- src/agent/src/rpc.rs | 59 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index 58d571a36..338c9566f 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -84,9 +84,15 @@ use std::path::PathBuf; const CONTAINER_BASE: &str = "/run/kata-containers"; const MODPROBE_PATH: &str = "/sbin/modprobe"; +/// the iptables seriers binaries could appear either in /sbin +/// or /usr/sbin, we need to check both of them +const USR_IPTABLES_SAVE: &str = "/usr/sbin/iptables-save"; const IPTABLES_SAVE: &str = "/sbin/iptables-save"; +const USR_IPTABLES_RESTORE: &str = "/usr/sbin/iptables-store"; const IPTABLES_RESTORE: &str = "/sbin/iptables-restore"; +const USR_IP6TABLES_SAVE: &str = "/usr/sbin/ip6tables-save"; const IP6TABLES_SAVE: &str = "/sbin/ip6tables-save"; +const USR_IP6TABLES_RESTORE: &str = "/usr/sbin/ip6tables-save"; const IP6TABLES_RESTORE: &str = "/sbin/ip6tables-restore"; const ERR_CANNOT_GET_WRITER: &str = "Cannot get writer"; @@ -998,8 +1004,18 @@ impl agent_ttrpc::AgentService for AgentService { info!(sl!(), "get_ip_tables: request received"); + // the binary could exists in either /usr/sbin or /sbin + // here check both of the places and return the one exists + // if none exists, return the /sbin one, and the rpc will + // returns an internal error let cmd = if req.is_ipv6 { - IP6TABLES_SAVE + if Path::new(USR_IP6TABLES_SAVE).exists() { + USR_IP6TABLES_SAVE + } else { + IP6TABLES_SAVE + } + } else if Path::new(USR_IPTABLES_SAVE).exists() { + USR_IPTABLES_SAVE } else { IPTABLES_SAVE } @@ -1027,8 +1043,18 @@ impl agent_ttrpc::AgentService for AgentService { info!(sl!(), "set_ip_tables request received"); + // the binary could exists in both /usr/sbin and /sbin + // here check both of the places and return the one exists + // if none exists, return the /sbin one, and the rpc will + // returns an internal error let cmd = if req.is_ipv6 { - IP6TABLES_RESTORE + if Path::new(USR_IP6TABLES_RESTORE).exists() { + USR_IP6TABLES_RESTORE + } else { + IP6TABLES_RESTORE + } + } else if Path::new(USR_IPTABLES_RESTORE).exists() { + USR_IPTABLES_RESTORE } else { IPTABLES_RESTORE } @@ -2756,16 +2782,25 @@ OtherField:other async fn test_ip_tables() { skip_if_not_root!(); - if !check_command(IPTABLES_SAVE) - || !check_command(IPTABLES_RESTORE) - || !check_command(IP6TABLES_SAVE) - || !check_command(IP6TABLES_RESTORE) - { - warn!( - sl!(), - "one or more commands for ip tables test are missing, skip it" - ); - return; + let iptables_cmd_list = [ + USR_IPTABLES_SAVE, + USR_IP6TABLES_SAVE, + USR_IPTABLES_RESTORE, + USR_IP6TABLES_RESTORE, + IPTABLES_SAVE, + IP6TABLES_SAVE, + IPTABLES_RESTORE, + IP6TABLES_RESTORE, + ]; + + for cmd in iptables_cmd_list { + if !check_command(cmd) { + warn!( + sl!(), + "one or more commands for ip tables test are missing, skip it" + ); + return; + } } let logger = slog::Logger::root(slog::Discard, o!()); From 67fe703ff5dfd7a02dc94e8b746565819a5ed42b Mon Sep 17 00:00:00 2001 From: Chen Taotao Date: Tue, 22 Nov 2022 01:05:21 -0800 Subject: [PATCH 06/17] runtime-rs: remove the version number from the commit display message The displayed commit message and version message are partially duplicated. Remove the version number from the commit display message. Fixes:#5735 Signed-off-by: Chen Taotao --- src/runtime-rs/Makefile | 7 ++----- src/runtime-rs/crates/shim/src/bin/main.rs | 2 +- src/runtime-rs/crates/shim/src/config.rs.in | 1 - 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index a78d41770..1050c70ed 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -290,9 +290,6 @@ COMMIT_NO := $(shell git rev-parse HEAD 2>/dev/null || true) COMMIT := $(if $(shell git status --porcelain --untracked-files=no 2>/dev/null || true),${COMMIT_NO}-dirty,${COMMIT_NO}) COMMIT_MSG = $(if $(COMMIT),$(COMMIT),unknown) -# Exported to allow cargo to see it -export VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION)) - EXTRA_RUSTFEATURES := ifneq ($(EXTRA_RUSTFEATURES),) @@ -322,8 +319,8 @@ GENERATED_REPLACEMENTS= \ CONTAINERD_RUNTIME_NAME \ RUNTIME_VERSION \ BINDIR \ - COMMIT \ - VERSION_COMMIT + COMMIT + GENERATED_FILES := GENERATED_FILES += $(GENERATED_CODE) diff --git a/src/runtime-rs/crates/shim/src/bin/main.rs b/src/runtime-rs/crates/shim/src/bin/main.rs index 3583f9f8a..1ee9fc203 100644 --- a/src/runtime-rs/crates/shim/src/bin/main.rs +++ b/src/runtime-rs/crates/shim/src/bin/main.rs @@ -99,7 +99,7 @@ fn show_version(err: Option) { config::PROJECT_NAME, config::CONTAINERD_RUNTIME_NAME, config::RUNTIME_VERSION, - config::RUNTIME_VERSION_COMMIT, + config::RUNTIME_GIT_COMMIT, ); if let Some(err) = err { diff --git a/src/runtime-rs/crates/shim/src/config.rs.in b/src/runtime-rs/crates/shim/src/config.rs.in index 4c1b9c562..f4e01c9e2 100644 --- a/src/runtime-rs/crates/shim/src/config.rs.in +++ b/src/runtime-rs/crates/shim/src/config.rs.in @@ -9,7 +9,6 @@ pub const PROJECT_NAME: &str = "@PROJECT_NAME@"; pub const RUNTIME_VERSION: &str = "@RUNTIME_VERSION@"; -pub const RUNTIME_VERSION_COMMIT: &str = "@VERSION_COMMIT@"; pub const RUNTIME_GIT_COMMIT: &str = "@COMMIT@"; pub const RUNTIME_NAME: &str = "@RUNTIME_NAME@"; pub const CONTAINERD_RUNTIME_NAME: &str = "@CONTAINERD_RUNTIME_NAME@"; From 2426ea9bdc585cb5424bd71f9d842f531e677e7e Mon Sep 17 00:00:00 2001 From: Chen Taotao Date: Tue, 22 Nov 2022 01:34:58 -0800 Subject: [PATCH 07/17] doc: update runtime-rs "Build and Install" When using source code to compile runtime-rs,make the documentation point out the detailed environment build and compilation methods to avoid errors caused by related dependent packages. Fixes:#5757 Signed-off-by: Chen Taotao --- src/runtime-rs/README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/README.md b/src/runtime-rs/README.md index a10e827ba..89c90966b 100644 --- a/src/runtime-rs/README.md +++ b/src/runtime-rs/README.md @@ -103,10 +103,9 @@ Some helper libraries are maintained in [the library directory](../libs) so that ## Build and install -```bash -$ make -$ sudo make install -``` +See the +[build from the source section of the rust runtime installation guide](../../docs/install/kata-containers-3.0-rust-runtime-installation-guide.md#build-from-source-installation). + ## Configuration `runtime-rs` has the same [configuration as `runtime`](../runtime/README.md#configuration) with some [limitations](#limitations). From 340e24f1759843f576ea5a6492986b4b2b02123f Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Fri, 25 Nov 2022 15:33:32 +0800 Subject: [PATCH 08/17] actions: skip some job using "paths-ignore" filter If only docs/images are changed, some jobs should not run. Fixes: #5759 Signed-off-by: Bin Liu --- .github/workflows/cargo-deny-runner.yaml | 9 ++++++++- .github/workflows/darwin-tests.yaml | 2 +- .github/workflows/snap.yaml | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cargo-deny-runner.yaml b/.github/workflows/cargo-deny-runner.yaml index 5d6dfeb6c..ffc93d70b 100644 --- a/.github/workflows/cargo-deny-runner.yaml +++ b/.github/workflows/cargo-deny-runner.yaml @@ -1,5 +1,12 @@ name: Cargo Crates Check Runner -on: [pull_request] +on: + - pull_request: + types: + - opened + - edited + - reopened + - synchronize + paths-ignore: [ '**.md', '**.png', '**.jpg', '**.jpeg', '**.svg', '/docs/**' ] jobs: cargo-deny-runner: runs-on: ubuntu-latest diff --git a/.github/workflows/darwin-tests.yaml b/.github/workflows/darwin-tests.yaml index 278d2e287..5c29abb72 100644 --- a/.github/workflows/darwin-tests.yaml +++ b/.github/workflows/darwin-tests.yaml @@ -5,7 +5,7 @@ on: - edited - reopened - synchronize - + paths-ignore: [ '**.md', '**.png', '**.jpg', '**.jpeg', '**.svg', '/docs/**' ] name: Darwin tests jobs: test: diff --git a/.github/workflows/snap.yaml b/.github/workflows/snap.yaml index 9176d45d2..a924646a2 100644 --- a/.github/workflows/snap.yaml +++ b/.github/workflows/snap.yaml @@ -6,6 +6,7 @@ on: - synchronize - reopened - edited + paths-ignore: [ '**.md', '**.png', '**.jpg', '**.jpeg', '**.svg', '/docs/**' ] jobs: test: From 2edbe389d872d4c3ca3c06dd1895ce527df1af32 Mon Sep 17 00:00:00 2001 From: gaohuatao Date: Fri, 25 Nov 2022 15:22:14 +0800 Subject: [PATCH 09/17] runtime-rs: moving only vCPU threads into sandbox controller when overhead controller exists, just contrain vCPU threads in sandbox controller Fixes:#5760 Signed-off-by: gaohuatao --- src/runtime-rs/crates/resource/src/cgroups/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime-rs/crates/resource/src/cgroups/mod.rs b/src/runtime-rs/crates/resource/src/cgroups/mod.rs index beb485008..7bcb39449 100644 --- a/src/runtime-rs/crates/resource/src/cgroups/mod.rs +++ b/src/runtime-rs/crates/resource/src/cgroups/mod.rs @@ -179,7 +179,7 @@ impl CgroupsResource { // All vCPU threads move to the sandbox controller. for tid in tids { self.cgroup_manager - .add_task_by_tgid(CgroupPid { pid: *tid as u64 })? + .add_task(CgroupPid { pid: *tid as u64 })? } Ok(()) From 69aae02276158b86fc31f99fbfd653d6f567a3c4 Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Fri, 25 Nov 2022 16:25:48 +0800 Subject: [PATCH 10/17] actions: use matrix to refactor static checks Using matrix to reduce the duplication that of similar code. Fixes: #5763 Signed-off-by: Bin Liu --- .../workflows/static-checks-dragonball.yaml | 33 ++ .github/workflows/static-checks.yaml | 300 +----------------- 2 files changed, 50 insertions(+), 283 deletions(-) create mode 100644 .github/workflows/static-checks-dragonball.yaml diff --git a/.github/workflows/static-checks-dragonball.yaml b/.github/workflows/static-checks-dragonball.yaml new file mode 100644 index 000000000..5eab2baf8 --- /dev/null +++ b/.github/workflows/static-checks-dragonball.yaml @@ -0,0 +1,33 @@ +on: + pull_request: + types: + - opened + - edited + - reopened + - synchronize + paths-ignore: [ '**.md', '**.png', '**.jpg', '**.jpeg', '**.svg', '/docs/**' ] + +name: Static checks dragonball +jobs: + test-dragonball: + runs-on: self-hosted + env: + RUST_BACKTRACE: "1" + steps: + - uses: actions/checkout@v3 + - name: Set env + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + run: | + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + - name: Install Rust + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + run: | + ./ci/install_rust.sh + PATH=$PATH:"$HOME/.cargo/bin" + - name: Run Unit Test + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + run: | + cd src/dragonball + /root/.cargo/bin/cargo version + rustc --version + sudo -E env PATH=$PATH LIBC=gnu SUPPORT_VIRTUALIZATION=true make test diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 477e7c157..0ba5b9084 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -8,60 +8,16 @@ on: name: Static checks jobs: - check-vendored-code: - runs-on: ubuntu-20.04 - env: - TRAVIS: "true" - TRAVIS_BRANCH: ${{ github.base_ref }} - TRAVIS_PULL_REQUEST_BRANCH: ${{ github.head_ref }} - TRAVIS_PULL_REQUEST_SHA : ${{ github.event.pull_request.head.sha }} - RUST_BACKTRACE: "1" - target_branch: ${{ github.base_ref }} - steps: - - name: Install Go - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/setup-go@v3 - with: - go-version: 1.19.2 - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Setup GOPATH - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH: ${TRAVIS_BRANCH}" - echo "TRAVIS_PULL_REQUEST_BRANCH: ${TRAVIS_PULL_REQUEST_BRANCH}" - echo "TRAVIS_PULL_REQUEST_SHA: ${TRAVIS_PULL_REQUEST_SHA}" - echo "TRAVIS: ${TRAVIS}" - - name: Set env - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v3 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Setup travis references - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH=${TRAVIS_BRANCH:-$(echo $GITHUB_REF | awk 'BEGIN { FS = \"/\" } ; { print $3 }')}" - target_branch=${TRAVIS_BRANCH} - - name: Setup - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh - env: - GOPATH: ${{ runner.workspace }}/kata-containers - # Check whether the vendored code is up-to-date & working as the first thing - - name: Check vendored code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make vendor - static-checks: runs-on: ubuntu-20.04 + strategy: + matrix: + cmd: + - "make vendor" + - "make static-checks" + - "make check" + - "make test" + - "sudo -E PATH=\"$PATH\" make test" env: TRAVIS: "true" TRAVIS_BRANCH: ${{ github.base_ref }} @@ -70,8 +26,13 @@ jobs: RUST_BACKTRACE: "1" target_branch: ${{ github.base_ref }} steps: - - name: Install Go + - name: Checkout code if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} + uses: actions/checkout@v3 + with: + fetch-depth: 0 + path: ./src/github.com/${{ github.repository }} + - name: Install Go uses: actions/setup-go@v3 with: go-version: 1.19.2 @@ -89,12 +50,6 @@ jobs: run: | echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v3 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - name: Setup travis references if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} run: | @@ -114,6 +69,7 @@ jobs: rustup target add x86_64-unknown-linux-musl rustup component add rustfmt clippy - name: Setup seccomp + if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} run: | libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) @@ -121,229 +77,7 @@ jobs: echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Static Checks + - name: Run check if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make static-checks - - - compiler-checks: - runs-on: ubuntu-20.04 - env: - TRAVIS: "true" - TRAVIS_BRANCH: ${{ github.base_ref }} - TRAVIS_PULL_REQUEST_BRANCH: ${{ github.head_ref }} - TRAVIS_PULL_REQUEST_SHA : ${{ github.event.pull_request.head.sha }} - RUST_BACKTRACE: "1" - target_branch: ${{ github.base_ref }} - steps: - - name: Install Go - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/setup-go@v3 - with: - go-version: 1.19.2 - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Setup GOPATH - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH: ${TRAVIS_BRANCH}" - echo "TRAVIS_PULL_REQUEST_BRANCH: ${TRAVIS_PULL_REQUEST_BRANCH}" - echo "TRAVIS_PULL_REQUEST_SHA: ${TRAVIS_PULL_REQUEST_SHA}" - echo "TRAVIS: ${TRAVIS}" - - name: Set env - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v3 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Setup travis references - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH=${TRAVIS_BRANCH:-$(echo $GITHUB_REF | awk 'BEGIN { FS = \"/\" } ; { print $3 }')}" - target_branch=${TRAVIS_BRANCH} - - name: Setup - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Installing rust - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_rust.sh - PATH=$PATH:"$HOME/.cargo/bin" - rustup target add x86_64-unknown-linux-musl - rustup component add rustfmt clippy - - name: Setup seccomp - run: | - libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) - gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" - echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Run Compiler Checks - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make check - - unit-tests: - runs-on: ubuntu-20.04 - env: - TRAVIS: "true" - TRAVIS_BRANCH: ${{ github.base_ref }} - TRAVIS_PULL_REQUEST_BRANCH: ${{ github.head_ref }} - TRAVIS_PULL_REQUEST_SHA : ${{ github.event.pull_request.head.sha }} - RUST_BACKTRACE: "1" - target_branch: ${{ github.base_ref }} - steps: - - name: Install Go - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/setup-go@v3 - with: - go-version: 1.19.2 - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Setup GOPATH - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH: ${TRAVIS_BRANCH}" - echo "TRAVIS_PULL_REQUEST_BRANCH: ${TRAVIS_PULL_REQUEST_BRANCH}" - echo "TRAVIS_PULL_REQUEST_SHA: ${TRAVIS_PULL_REQUEST_SHA}" - echo "TRAVIS: ${TRAVIS}" - - name: Set env - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v3 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Setup travis references - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH=${TRAVIS_BRANCH:-$(echo $GITHUB_REF | awk 'BEGIN { FS = \"/\" } ; { print $3 }')}" - target_branch=${TRAVIS_BRANCH} - - name: Setup - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Installing rust - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_rust.sh - PATH=$PATH:"$HOME/.cargo/bin" - rustup target add x86_64-unknown-linux-musl - rustup component add rustfmt clippy - - name: Setup seccomp - run: | - libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) - gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" - echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Run Unit Tests - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make test - - unit-tests-as-root: - runs-on: ubuntu-20.04 - env: - TRAVIS: "true" - TRAVIS_BRANCH: ${{ github.base_ref }} - TRAVIS_PULL_REQUEST_BRANCH: ${{ github.head_ref }} - TRAVIS_PULL_REQUEST_SHA : ${{ github.event.pull_request.head.sha }} - RUST_BACKTRACE: "1" - target_branch: ${{ github.base_ref }} - steps: - - name: Install Go - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/setup-go@v3 - with: - go-version: 1.19.2 - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Setup GOPATH - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH: ${TRAVIS_BRANCH}" - echo "TRAVIS_PULL_REQUEST_BRANCH: ${TRAVIS_PULL_REQUEST_BRANCH}" - echo "TRAVIS_PULL_REQUEST_SHA: ${TRAVIS_PULL_REQUEST_SHA}" - echo "TRAVIS: ${TRAVIS}" - - name: Set env - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v3 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Setup travis references - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "TRAVIS_BRANCH=${TRAVIS_BRANCH:-$(echo $GITHUB_REF | awk 'BEGIN { FS = \"/\" } ; { print $3 }')}" - target_branch=${TRAVIS_BRANCH} - - name: Setup - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Installing rust - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_rust.sh - PATH=$PATH:"$HOME/.cargo/bin" - rustup target add x86_64-unknown-linux-musl - rustup component add rustfmt clippy - - name: Setup seccomp - run: | - libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) - gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" - echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Run Unit Tests As Root User - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && sudo -E PATH="$PATH" make test - - test-dragonball: - runs-on: self-hosted - env: - RUST_BACKTRACE: "1" - steps: - - uses: actions/checkout@v3 - - name: Set env - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - - name: Install Rust - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - ./ci/install_rust.sh - PATH=$PATH:"$HOME/.cargo/bin" - - name: Run Unit Test - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - cd src/dragonball - /root/.cargo/bin/cargo version - rustc --version - sudo -E env PATH=$PATH LIBC=gnu SUPPORT_VIRTUALIZATION=true make test + cd ${GOPATH}/src/github.com/${{ github.repository }} && ${{ matrix.cmd }} From e723bad0afb36823fb926db95fa4da43bb6e439f Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Mon, 28 Nov 2022 14:27:03 +0800 Subject: [PATCH 11/17] ci: let static checks don't depend on build Build is a time consumable operation, skip build while let ci run faster. Fixes: #5777 Signed-off-by: Bin Liu --- Makefile | 4 ++-- src/agent/Makefile | 2 ++ src/dragonball/Makefile | 3 +++ src/libs/Makefile | 3 +++ src/runtime-rs/Makefile | 2 ++ src/runtime/Makefile | 2 ++ src/tools/agent-ctl/Makefile | 3 +++ src/tools/kata-ctl/Makefile | 2 ++ src/tools/log-parser/Makefile | 3 +++ src/tools/runk/Makefile | 3 +++ src/tools/trace-forwarder/Makefile | 3 +++ utils.mk | 3 +++ 12 files changed, 31 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c76af04a9..d4a3dad05 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ TOOLS += log-parser TOOLS += runk TOOLS += trace-forwarder -STANDARD_TARGETS = build check clean install test vendor +STANDARD_TARGETS = build check clean install static-checks-build test vendor default: all @@ -37,7 +37,7 @@ generate-protocols: make -C src/agent generate-protocols # Some static checks rely on generated source files of components. -static-checks: build +static-checks: static-checks-build bash ci/static-checks.sh docs-url-alive-check: diff --git a/src/agent/Makefile b/src/agent/Makefile index f0e86fd6b..51da58d3a 100644 --- a/src/agent/Makefile +++ b/src/agent/Makefile @@ -107,6 +107,8 @@ endef ##TARGET default: build code default: $(TARGET) show-header +static-checks-build: $(GENERATED_CODE) + $(TARGET): $(GENERATED_CODE) $(TARGET_PATH) $(TARGET_PATH): show-summary diff --git a/src/dragonball/Makefile b/src/dragonball/Makefile index 279d872bb..ab8e5b694 100644 --- a/src/dragonball/Makefile +++ b/src/dragonball/Makefile @@ -16,6 +16,9 @@ build: @echo "INFO: cargo build..." cargo build --all-features --target $(TRIPLE) +static-checks-build: + @echo "INFO: static-checks-build do nothing.." + check: clippy format clippy: diff --git a/src/libs/Makefile b/src/libs/Makefile index 9ce0be19d..aabaa3391 100644 --- a/src/libs/Makefile +++ b/src/libs/Makefile @@ -16,6 +16,9 @@ default: build build: cargo build --all-features +static-checks-build: + @echo "INFO: static-checks-build do nothing.." + check: clippy format clippy: diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index a78d41770..5dcd89e64 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -361,6 +361,8 @@ GENERATED_FILES += $(CONFIGS) runtime: $(TARGET) +static-checks-build: $(GENERATED_FILES) + $(TARGET): $(GENERATED_FILES) $(TARGET_PATH) $(TARGET_PATH): $(SOURCES) | show-summary diff --git a/src/runtime/Makefile b/src/runtime/Makefile index a96ee49dc..0f49badd4 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -680,6 +680,8 @@ handle_vendor: vendor: handle_vendor ./hack/tree_status.sh +static-checks-build: $(GENERATED_FILES) + clean: $(QUIET_CLEAN)rm -f \ $(CONFIGS) \ diff --git a/src/tools/agent-ctl/Makefile b/src/tools/agent-ctl/Makefile index 99713f6c8..c8fc72683 100644 --- a/src/tools/agent-ctl/Makefile +++ b/src/tools/agent-ctl/Makefile @@ -11,6 +11,9 @@ default: build build: @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) +static-checks-build: + @echo "INFO: static-checks-build do nothing.." + clean: cargo clean diff --git a/src/tools/kata-ctl/Makefile b/src/tools/kata-ctl/Makefile index e11af3845..167f85c3e 100644 --- a/src/tools/kata-ctl/Makefile +++ b/src/tools/kata-ctl/Makefile @@ -36,6 +36,8 @@ $(TARGET): $(GENERATED_CODE) build: @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) $(if $(findstring release,$(BUILD_TYPE)),--release) $(EXTRA_RUSTFEATURES) +static-checks-build: $(GENERATED_CODE) + $(GENERATED_FILES): %: %.in @sed $(foreach r,$(GENERATED_REPLACEMENTS),-e 's|@$r@|$($r)|g') "$<" > "$@" diff --git a/src/tools/log-parser/Makefile b/src/tools/log-parser/Makefile index bdef52ab7..0a680059b 100644 --- a/src/tools/log-parser/Makefile +++ b/src/tools/log-parser/Makefile @@ -29,6 +29,9 @@ install: $(TARGET) install -d $(shell dirname $(DESTTARGET)) install $(TARGET) $(DESTTARGET) +static-checks-build: + @echo "INFO: static-checks-build do nothing.." + clean: rm -f $(TARGET) diff --git a/src/tools/runk/Makefile b/src/tools/runk/Makefile index 1dde1c6ea..d025b6a89 100644 --- a/src/tools/runk/Makefile +++ b/src/tools/runk/Makefile @@ -34,6 +34,9 @@ default: build build: @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) $(EXTRA_RUSTFEATURES) +static-checks-build: + @echo "INFO: static-checks-build do nothing.." + install: install -D $(TARGET_PATH) $(BINDIR)/$(TARGET) diff --git a/src/tools/trace-forwarder/Makefile b/src/tools/trace-forwarder/Makefile index b6b223c00..5a529e211 100644 --- a/src/tools/trace-forwarder/Makefile +++ b/src/tools/trace-forwarder/Makefile @@ -11,6 +11,9 @@ default: build build: @RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) +static-checks-build: + @echo "INFO: static-checks-build do nothing.." + clean: cargo clean diff --git a/utils.mk b/utils.mk index bc4aa392c..a7d559d34 100644 --- a/utils.mk +++ b/utils.mk @@ -39,6 +39,9 @@ $(2) : $(1)/$(2)/Makefile make -C $(1)/$(2) build-$(2) : $(2) +static-checks-build-$(2): + make -C $(1)/$(2) static-checks-build + check-$(2) : $(2) make -C $(1)/$(2) check From e12db92e4df2efa9a9e2f699aca2fb93b420f49f Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Mon, 29 Aug 2022 18:16:09 +0900 Subject: [PATCH 12/17] runk: Re-implement start operation using the agent codes This commit re-implements `start` operation by leveraging the agent codes. Currently, `runk` has own `start` mechanism even if the agent already has the feature to handle starting a container. This worsen the maintainability and `runk` cannot keep up with the changes on the agent side easily. Hence, `runk` replaces own implementations with agent's ones. Fixes: #5648 Signed-off-by: Manabu Sugimoto --- .../libcontainer/src/activated_builder.rs | 22 +-- src/tools/runk/libcontainer/src/container.rs | 39 ++++- .../runk/libcontainer/src/created_builder.rs | 141 ++++++++++++++++++ src/tools/runk/libcontainer/src/lib.rs | 1 + src/tools/runk/src/commands/start.rs | 34 ++--- src/tools/runk/src/main.rs | 2 +- 6 files changed, 202 insertions(+), 37 deletions(-) create mode 100644 src/tools/runk/libcontainer/src/created_builder.rs diff --git a/src/tools/runk/libcontainer/src/activated_builder.rs b/src/tools/runk/libcontainer/src/activated_builder.rs index bc4f0a423..ac563cbb1 100644 --- a/src/tools/runk/libcontainer/src/activated_builder.rs +++ b/src/tools/runk/libcontainer/src/activated_builder.rs @@ -3,7 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 // -use crate::container::{create_linux_container, Container, ContainerLauncher}; +use crate::container::{load_linux_container, Container, ContainerLauncher}; use crate::status::Status; use crate::utils::validate_spec; use anyhow::{anyhow, Result}; @@ -63,7 +63,7 @@ impl ActivatedContainer { logger, "enter ActivatedContainer::create_launcher {:?}", self ); - let container = Container::load(&self.root, &self.id)?; + let mut container = Container::load(&self.root, &self.id)?; // If state is Created or Running, we can execute the process. if container.state != ContainerState::Created && container.state != ContainerState::Running @@ -74,17 +74,21 @@ impl ActivatedContainer { )); } - let mut config = container.status.config; - let spec = config.spec.as_mut().unwrap(); + let spec = container + .status + .config + .spec + .as_mut() + .ok_or_else(|| anyhow!("spec config was not present"))?; self.adapt_exec_spec(spec, container.status.pid, logger)?; debug!(logger, "adapted spec: {:?}", spec); validate_spec(spec, &self.console_socket)?; - debug!(logger, "create LinuxContainer with config: {:?}", config); - // Maybe we should move some properties from status into LinuxContainer, - // like pid, process_start_time, created, cgroup_manager, etc. But it works now. - let runner = - create_linux_container(&self.id, &self.root, config, self.console_socket, logger)?; + debug!( + logger, + "load LinuxContainer with config: {:?}", &container.status.config + ); + let runner = load_linux_container(&container.status, self.console_socket, logger)?; Ok(ContainerLauncher::new( &self.id, diff --git a/src/tools/runk/libcontainer/src/container.rs b/src/tools/runk/libcontainer/src/container.rs index 260ea9d36..03796806e 100644 --- a/src/tools/runk/libcontainer/src/container.rs +++ b/src/tools/runk/libcontainer/src/container.rs @@ -35,6 +35,7 @@ pub const CONFIG_FILE_NAME: &str = "config.json"; #[derive(Debug, Copy, Clone, PartialEq)] pub enum ContainerAction { Create, + Start, Run, } @@ -236,12 +237,12 @@ impl ContainerLauncher { if self.init { self.spawn_container(action, logger).await?; } else { - if action != ContainerAction::Run { + if action == ContainerAction::Create { return Err(anyhow!( "ContainerAction::Create is used for init-container only" )); } - self.spawn_process(ContainerAction::Run, logger).await?; + self.spawn_process(action, logger).await?; } if let Some(pid_file) = self.pid_file.as_ref() { fs::write( @@ -257,13 +258,15 @@ impl ContainerLauncher { // State root path root/id has been created in LinuxContainer::new(), // so we don't have to create it again. + // Spawn a new process in the container by using the agent's codes. self.spawn_process(action, logger).await?; + let status = self.get_status()?; status.save()?; debug!(logger, "saved status is {:?}", status); // Clean up the fifo file created by LinuxContainer, which is used for block the created process. - if action == ContainerAction::Run { + if action == ContainerAction::Run || action == ContainerAction::Start { let fifo_path = get_fifo_path(&status); if fifo_path.exists() { unlink(&fifo_path)?; @@ -308,6 +311,9 @@ impl ContainerLauncher { ContainerAction::Create => { self.runner.start(process).await?; } + ContainerAction::Start => { + self.runner.exec().await?; + } ContainerAction::Run => { self.runner.run(process).await?; } @@ -358,6 +364,33 @@ pub fn create_linux_container( Ok(container) } +// Load rustjail's Linux container. +// "uid_map_path" and "gid_map_path" are always empty, so they are not set. +pub fn load_linux_container( + status: &Status, + console_socket: Option, + logger: &Logger, +) -> Result { + let mut container = LinuxContainer::new( + &status.id, + &status + .root + .to_str() + .map(|s| s.to_string()) + .ok_or_else(|| anyhow!("failed to convert a root path"))?, + status.config.clone(), + logger, + )?; + if let Some(socket_path) = console_socket.as_ref() { + container.set_console_socket(socket_path)?; + } + + container.init_process_pid = status.pid; + container.init_process_start_time = status.process_start_time; + container.created = status.created.into(); + Ok(container) +} + pub fn get_config_path>(bundle: P) -> PathBuf { bundle.as_ref().join(CONFIG_FILE_NAME) } diff --git a/src/tools/runk/libcontainer/src/created_builder.rs b/src/tools/runk/libcontainer/src/created_builder.rs new file mode 100644 index 000000000..c642e39c8 --- /dev/null +++ b/src/tools/runk/libcontainer/src/created_builder.rs @@ -0,0 +1,141 @@ +// Copyright 2022 Sony Group Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +use crate::container::{load_linux_container, Container, ContainerLauncher}; +use anyhow::{anyhow, Result}; +use derive_builder::Builder; +use oci::ContainerState; +use slog::{debug, Logger}; +use std::path::PathBuf; + +/// Used for start command. It will prepare the options used for starting a new container. +#[derive(Default, Builder, Debug, Clone)] +#[builder(build_fn(validate = "Self::validate"))] +pub struct CreatedContainer { + id: String, + root: PathBuf, +} + +impl CreatedContainerBuilder { + /// pre-validate before building CreatedContainer + fn validate(&self) -> Result<(), String> { + // ensure container exists + let id = self.id.as_ref().unwrap(); + let root = self.root.as_ref().unwrap(); + let path = root.join(id); + if !path.as_path().exists() { + return Err(format!("container {} does not exist", id)); + } + + Ok(()) + } +} + +impl CreatedContainer { + /// Create ContainerLauncher that can be used to start a process from an existing init container. + /// It reads the spec from status file of the init container. + pub fn create_launcher(self, logger: &Logger) -> Result { + debug!(logger, "enter CreatedContainer::create_launcher {:?}", self); + let container = Container::load(&self.root, &self.id)?; + + if container.state != ContainerState::Created { + return Err(anyhow!( + "cannot start a container in the {:?} state", + container.state + )); + } + + let config = container.status.config.clone(); + + debug!( + logger, + "Prepare LinuxContainer for starting with config: {:?}", config + ); + let runner = load_linux_container(&container.status, None, logger)?; + + Ok(ContainerLauncher::new( + &self.id, + &container.status.bundle, + &self.root, + true, + runner, + None, + )) + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::status::Status; + use crate::utils::test_utils::*; + use nix::sys::stat::Mode; + use nix::unistd::{self, getpid}; + use rustjail::container::EXEC_FIFO_FILENAME; + use scopeguard::defer; + use slog::o; + use std::fs::create_dir_all; + use std::path::Path; + use tempfile::tempdir; + use test_utils::skip_if_not_root; + + fn create_created_container_dirs(root: &Path, id: &str, bundle: &Path) { + Status::create_dir(root, id).unwrap(); + let fifo = root.join(id).join(EXEC_FIFO_FILENAME); + unistd::mkfifo(&fifo, Mode::from_bits(0o644).unwrap()).unwrap(); + create_dir_all(bundle.join(TEST_ROOTFS_PATH)).unwrap(); + } + + #[test] + fn test_created_container_validate() { + let root = tempdir().unwrap(); + let id = TEST_CONTAINER_ID.to_string(); + let result = CreatedContainerBuilder::default() + .id(id) + .root(root.path().to_path_buf()) + .build(); + assert!(result.is_err()); + } + + #[test] + fn test_created_container_create_launcher() { + // create cgroup directory needs root permission + skip_if_not_root!(); + let logger = slog::Logger::root(slog::Discard, o!()); + let bundle_dir = tempdir().unwrap(); + let root = tempdir().unwrap(); + // Since tests are executed concurrently, container_id must be unique in tests with cgroup. + // Or the cgroup directory may be removed by other tests in advance. + let id = "test_created_container_create".to_string(); + create_created_container_dirs(root.path(), &id, bundle_dir.path()); + let pid = getpid().as_raw(); + + let mut spec = create_dummy_spec(); + spec.root.as_mut().unwrap().path = bundle_dir + .path() + .join(TEST_ROOTFS_PATH) + .to_string_lossy() + .to_string(); + + let status = create_custom_dummy_status(&id, pid, root.path(), &spec); + status.save().unwrap(); + + // create empty cgroup directory to avoid is_pause failing + let cgroup = create_dummy_cgroup(Path::new(id.as_str())); + defer!(cgroup.delete().unwrap()); + + let launcher = CreatedContainerBuilder::default() + .id(id.clone()) + .root(root.into_path()) + .build() + .unwrap() + .create_launcher(&logger) + .unwrap(); + + assert!(launcher.init); + assert_eq!(launcher.runner.config.spec.unwrap(), spec); + assert_eq!(launcher.runner.id, id); + } +} diff --git a/src/tools/runk/libcontainer/src/lib.rs b/src/tools/runk/libcontainer/src/lib.rs index d9fa77b11..1d31a6608 100644 --- a/src/tools/runk/libcontainer/src/lib.rs +++ b/src/tools/runk/libcontainer/src/lib.rs @@ -6,6 +6,7 @@ pub mod activated_builder; pub mod cgroup; pub mod container; +pub mod created_builder; pub mod init_builder; pub mod status; pub mod utils; diff --git a/src/tools/runk/src/commands/start.rs b/src/tools/runk/src/commands/start.rs index 8176aa0fa..9d9f7f14f 100644 --- a/src/tools/runk/src/commands/start.rs +++ b/src/tools/runk/src/commands/start.rs @@ -3,34 +3,20 @@ // SPDX-License-Identifier: Apache-2.0 // -use crate::commands::state::get_container_state_name; -use anyhow::{anyhow, Result}; -use libcontainer::container::{get_fifo_path, Container}; +use anyhow::Result; +use libcontainer::{container::ContainerAction, created_builder::CreatedContainerBuilder}; use liboci_cli::Start; -use nix::unistd::unlink; -use oci::ContainerState; use slog::{info, Logger}; -use std::{fs::OpenOptions, io::prelude::*, path::Path}; +use std::path::Path; -pub fn run(opts: Start, state_root: &Path, logger: &Logger) -> Result<()> { - let container = Container::load(state_root, &opts.container_id)?; - if container.state != ContainerState::Created { - return Err(anyhow!( - "cannot start a container in the {} state", - get_container_state_name(container.state) - )); - }; +pub async fn run(opts: Start, root: &Path, logger: &Logger) -> Result<()> { + let mut launcher = CreatedContainerBuilder::default() + .id(opts.container_id) + .root(root.to_path_buf()) + .build()? + .create_launcher(logger)?; - let fifo_path = get_fifo_path(&container.status); - let mut file = OpenOptions::new().write(true).open(&fifo_path)?; - - file.write_all("0".as_bytes())?; - - info!(&logger, "container started"); - - if fifo_path.exists() { - unlink(&fifo_path)?; - } + launcher.launch(ContainerAction::Start, logger).await?; info!(&logger, "start command finished successfully"); diff --git a/src/tools/runk/src/main.rs b/src/tools/runk/src/main.rs index 23334d149..ce300ca69 100644 --- a/src/tools/runk/src/main.rs +++ b/src/tools/runk/src/main.rs @@ -72,7 +72,7 @@ async fn cmd_run(subcmd: SubCommand, root_path: &Path, logger: &Logger) -> Resul match subcmd { SubCommand::Standard(cmd) => match cmd { StandardCmd::Create(create) => commands::create::run(create, root_path, logger).await, - StandardCmd::Start(start) => commands::start::run(start, root_path, logger), + StandardCmd::Start(start) => commands::start::run(start, root_path, logger).await, StandardCmd::Delete(delete) => commands::delete::run(delete, root_path, logger).await, StandardCmd::State(state) => commands::state::run(state, root_path, logger), }, From f443b78537466045ca22119088d3afc04ac5b455 Mon Sep 17 00:00:00 2001 From: Alexandru Matei Date: Fri, 25 Nov 2022 19:53:20 +0200 Subject: [PATCH 13/17] build: update golang version to 1.19.3 This Go release fixes golang/go#56309 Fixes #5773 Signed-off-by: Alexandru Matei --- .github/workflows/darwin-tests.yaml | 2 +- .github/workflows/docs-url-alive-check.yaml | 2 +- .github/workflows/static-checks.yaml | 2 +- versions.yaml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/darwin-tests.yaml b/.github/workflows/darwin-tests.yaml index 5c29abb72..bf8813776 100644 --- a/.github/workflows/darwin-tests.yaml +++ b/.github/workflows/darwin-tests.yaml @@ -14,7 +14,7 @@ jobs: - name: Install Go uses: actions/setup-go@v2 with: - go-version: 1.19.2 + go-version: 1.19.3 - name: Checkout code uses: actions/checkout@v2 - name: Build utils diff --git a/.github/workflows/docs-url-alive-check.yaml b/.github/workflows/docs-url-alive-check.yaml index f8ca138ff..bd1f5ab2c 100644 --- a/.github/workflows/docs-url-alive-check.yaml +++ b/.github/workflows/docs-url-alive-check.yaml @@ -14,7 +14,7 @@ jobs: - name: Install Go uses: actions/setup-go@v2 with: - go-version: 1.19.2 + go-version: 1.19.3 env: GOPATH: ${{ runner.workspace }}/kata-containers - name: Set env diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 0ba5b9084..69dfbae59 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -35,7 +35,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.2 + go-version: 1.19.3 env: GOPATH: ${{ runner.workspace }}/kata-containers - name: Setup GOPATH diff --git a/versions.yaml b/versions.yaml index d685b0097..28da079d6 100644 --- a/versions.yaml +++ b/versions.yaml @@ -301,12 +301,12 @@ languages: golang: description: "Google's 'go' language" notes: "'version' is the default minimum version used by this project." - version: "1.19.2" + version: "1.19.3" meta: description: | 'newest-version' is the latest version known to work when building Kata - newest-version: "1.19.2" + newest-version: "1.19.3" rust: description: "Rust language" From 86cb05883306a99ba76396c0fda63f143bb6d912 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Mon, 28 Nov 2022 15:47:43 +0000 Subject: [PATCH 14/17] snap: Fix snapcraft setup (unbreak snap releases) Setup the snapcraft environment manually as the action we had been using for this does not appear to be actively maintained currently. Related to this, switch to specifying the snapcraft store credentials using the `SNAPCRAFT_STORE_CREDENTIALS` secret. This unbreaks `snapcraft upload`, which Canonical appear to have broken by removing the previous facility. Fixes: #5772. Signed-off-by: James O. D. Hunt --- .github/workflows/snap-release.yaml | 16 +++++++++++++--- .github/workflows/snap.yaml | 11 ++++++++++- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snap-release.yaml b/.github/workflows/snap-release.yaml index b271d7d3d..0d41197a0 100644 --- a/.github/workflows/snap-release.yaml +++ b/.github/workflows/snap-release.yaml @@ -4,6 +4,9 @@ on: tags: - '[0-9]+.[0-9]+.[0-9]+*' +env: + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.snapcraft_token }} + jobs: release-snap: runs-on: ubuntu-20.04 @@ -14,9 +17,16 @@ jobs: fetch-depth: 0 - name: Install Snapcraft - uses: samuelmeuli/action-snapcraft@v1 - with: - snapcraft_token: ${{ secrets.snapcraft_token }} + run: | + # Required to avoid snapcraft install failure + sudo chown root:root / + + # "--classic" is needed for the GitHub action runner + # environment. + sudo snap install snapcraft --classic + + # Allow other parts to access snap binaries + echo /snap/bin >> "$GITHUB_PATH" - name: Build snap run: | diff --git a/.github/workflows/snap.yaml b/.github/workflows/snap.yaml index a924646a2..2f1495824 100644 --- a/.github/workflows/snap.yaml +++ b/.github/workflows/snap.yaml @@ -20,7 +20,16 @@ jobs: - name: Install Snapcraft if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: samuelmeuli/action-snapcraft@v1 + run: | + # Required to avoid snapcraft install failure + sudo chown root:root / + + # "--classic" is needed for the GitHub action runner + # environment. + sudo snap install snapcraft --classic + + # Allow other parts to access snap binaries + echo /snap/bin >> "$GITHUB_PATH" - name: Build snap if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} From f7fc436bed5faa72ac44a146bf8e9046eeca0092 Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Thu, 1 Dec 2022 12:22:05 +0800 Subject: [PATCH 15/17] workflow: fix cargo-deny-runner.yaml syntax error There is a syntax error in .github/workflows/cargo-deny-runner.yaml Fixes: #5808 Signed-off-by: Bin Liu --- .github/workflows/cargo-deny-runner.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cargo-deny-runner.yaml b/.github/workflows/cargo-deny-runner.yaml index ffc93d70b..65237c7be 100644 --- a/.github/workflows/cargo-deny-runner.yaml +++ b/.github/workflows/cargo-deny-runner.yaml @@ -1,6 +1,6 @@ name: Cargo Crates Check Runner on: - - pull_request: + pull_request: types: - opened - edited From d4321ab48970a2e087fb3826bfb24746fe8b967e Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Thu, 1 Dec 2022 12:16:05 +0800 Subject: [PATCH 16/17] runtime: Add identification in version for runtime-rs Now we are supporting two runtime/shim, the go version, and the rust version, for debug purposes, we can add an identification in the version info to tell us which runtime/shim is used. Fixes: #5806 Signed-off-by: Bin Liu --- src/runtime-rs/crates/shim/src/bin/main.rs | 2 +- src/runtime/cmd/containerd-shim-kata-v2/main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/runtime-rs/crates/shim/src/bin/main.rs b/src/runtime-rs/crates/shim/src/bin/main.rs index 3583f9f8a..da2a6f12f 100644 --- a/src/runtime-rs/crates/shim/src/bin/main.rs +++ b/src/runtime-rs/crates/shim/src/bin/main.rs @@ -95,7 +95,7 @@ fn show_help(cmd: &OsStr) { fn show_version(err: Option) { let data = format!( - r#"{} containerd shim: id: {}, version: {}, commit: {}"#, + r#"{} containerd shim (Rust): id: {}, version: {}, commit: {}"#, config::PROJECT_NAME, config::CONTAINERD_RUNTIME_NAME, config::RUNTIME_VERSION, diff --git a/src/runtime/cmd/containerd-shim-kata-v2/main.go b/src/runtime/cmd/containerd-shim-kata-v2/main.go index 412dec6ec..b9a6890bf 100644 --- a/src/runtime/cmd/containerd-shim-kata-v2/main.go +++ b/src/runtime/cmd/containerd-shim-kata-v2/main.go @@ -24,7 +24,7 @@ func shimConfig(config *shimapi.Config) { func main() { if len(os.Args) == 2 && os.Args[1] == "--version" { - fmt.Printf("%s containerd shim: id: %q, version: %s, commit: %v\n", katautils.PROJECT, types.DefaultKataRuntimeName, katautils.VERSION, katautils.COMMIT) + fmt.Printf("%s containerd shim (Golang): id: %q, version: %s, commit: %v\n", katautils.PROJECT, types.DefaultKataRuntimeName, katautils.VERSION, katautils.COMMIT) os.Exit(0) } From 89574f03f8c943aaf5df86640df91d8b4902f68c Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Thu, 1 Dec 2022 15:37:16 +0800 Subject: [PATCH 17/17] workflow: call cargo in user's $PATH Call cargo in root's HOME may lead to permission error, should call cargo installed in user's HOME/PATH. Fixes: #5813 Signed-off-by: Bin Liu --- .github/workflows/static-checks-dragonball.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/static-checks-dragonball.yaml b/.github/workflows/static-checks-dragonball.yaml index 5eab2baf8..9c8ae694b 100644 --- a/.github/workflows/static-checks-dragonball.yaml +++ b/.github/workflows/static-checks-dragonball.yaml @@ -28,6 +28,6 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} run: | cd src/dragonball - /root/.cargo/bin/cargo version + cargo version rustc --version sudo -E env PATH=$PATH LIBC=gnu SUPPORT_VIRTUALIZATION=true make test