aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-23 00:04:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

CCv0: Merge main into CCv0 branch

Browse Source 
Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5824
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2022-12-02 16:15:39 +00:00
parent d910a79a3f 8246de821f
commit 578ee62da2
105 changed files with 4977 additions and 562 deletions
Download Patch File Download Diff File Expand all files Collapse all files

436
src/agent/Cargo.lock generated
View File

@@ -205,6 +205,71 @@ dependencies = [
"syn",
]
[[package]]
name = "async-broadcast"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61"
dependencies = [
"event-listener",
"futures-core",
"parking_lot 0.12.1",
]
[[package]]
name = "async-channel"
version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28"
dependencies = [
"concurrent-queue",
"event-listener",
"futures-core",
]
[[package]]
name = "async-executor"
version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965"
dependencies = [
"async-task",
"concurrent-queue",
"fastrand",
"futures-lite",
"once_cell",
"slab",
]
[[package]]
name = "async-io"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7"
dependencies = [
"autocfg 1.1.0",
"concurrent-queue",
"futures-lite",
"libc",
"log",
"once_cell",
"parking",
"polling",
"slab",
"socket2",
"waker-fn",
"winapi",
]
[[package]]
name = "async-lock"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6"
dependencies = [
"event-listener",
]
[[package]]
name = "async-recursion"
version = "0.3.2"
@@ -237,6 +302,12 @@ dependencies = [
"syn",
]
[[package]]
name = "async-task"
version = "4.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524"
[[package]]
name = "async-trait"
version = "0.1.57"
@@ -541,6 +612,12 @@ dependencies = [
"pkg-config",
]
[[package]]
name = "cache-padded"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c"
[[package]]
name = "cached"
version = "0.38.0"
@@ -742,6 +819,15 @@ version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2382f75942f4b3be3690fe4f86365e9c853c1587d6ee58212cebf6e2a9ccd101"
[[package]]
name = "concurrent-queue"
version = "1.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c"
dependencies = [
"cache-padded",
]
[[package]]
name = "const-oid"
version = "0.5.2"
@@ -1091,6 +1177,17 @@ dependencies = [
"rusticata-macros",
]
[[package]]
name = "derivative"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "derive-new"
version = "0.5.9"
@@ -1181,6 +1278,15 @@ dependencies = [
"walkdir",
]
[[package]]
name = "dirs"
version = "4.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059"
dependencies = [
"dirs-sys",
]
[[package]]
name = "dirs-next"
version = "2.0.0"
@@ -1191,6 +1297,17 @@ dependencies = [
"dirs-sys-next",
]
[[package]]
name = "dirs-sys"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6"
dependencies = [
"libc",
"redox_users",
"winapi",
]
[[package]]
name = "dirs-sys-next"
version = "0.1.2"
@@ -1312,6 +1429,27 @@ dependencies = [
"cfg-if 1.0.0",
]
[[package]]
name = "enumflags2"
version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb"
dependencies = [
"enumflags2_derive",
"serde",
]
[[package]]
name = "enumflags2_derive"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "env_logger"
version = "0.9.1"
@@ -1346,6 +1484,12 @@ dependencies = [
"libc",
]
[[package]]
name = "event-listener"
version = "2.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
[[package]]
name = "fail"
version = "0.5.0"
@@ -1386,7 +1530,7 @@ dependencies = [
"cfg-if 1.0.0",
"libc",
"redox_syscall",
"windows-sys",
"windows-sys 0.36.1",
]
[[package]]
@@ -1529,6 +1673,21 @@ version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbf4d2a7a308fd4578637c0b17c7e1c7ba127b8f6ba00b29f717e9655d85eb68"
[[package]]
name = "futures-lite"
version = "1.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48"
dependencies = [
"fastrand",
"futures-core",
"futures-io",
"memchr",
"parking",
"pin-project-lite",
"waker-fn",
]
[[package]]
name = "futures-macro"
version = "0.3.24"
@@ -2432,7 +2591,7 @@ dependencies = [
"libc",
"log",
"wasi 0.11.0+wasi-snapshot-preview1",
"windows-sys",
"windows-sys 0.36.1",
]
[[package]]
@@ -2837,7 +2996,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4a3100141f1733ea40b53381b0ae3117330735ef22309a190ac57b9576ea716"
dependencies = [
"pathdiff",
"windows-sys",
"windows-sys 0.36.1",
]
[[package]]
@@ -2948,6 +3107,16 @@ dependencies = [
"num-traits",
]
[[package]]
name = "ordered-stream"
version = "0.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1"
dependencies = [
"futures-core",
"pin-project-lite",
]
[[package]]
name = "os_str_bytes"
version = "6.3.0"
@@ -2965,6 +3134,12 @@ dependencies = [
"sha2 0.9.9",
]
[[package]]
name = "parking"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72"
[[package]]
name = "parking_lot"
version = "0.11.2"
@@ -3010,7 +3185,7 @@ dependencies = [
"libc",
"redox_syscall",
"smallvec",
"windows-sys",
"windows-sys 0.36.1",
]
[[package]]
@@ -3269,6 +3444,20 @@ version = "0.3.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae"
[[package]]
name = "polling"
version = "2.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "166ca89eb77fd403230b9c156612965a81e094ec6ec3aa13663d4c8b113fa748"
dependencies = [
"autocfg 1.1.0",
"cfg-if 1.0.0",
"libc",
"log",
"wepoll-ffi",
"windows-sys 0.42.0",
]
[[package]]
name = "polyval"
version = "0.5.3"
@@ -3315,6 +3504,17 @@ dependencies = [
"syn",
]
[[package]]
name = "proc-macro-crate"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9"
dependencies = [
"once_cell",
"thiserror",
"toml",
]
[[package]]
name = "proc-macro-error"
version = "1.0.4"
@@ -3341,9 +3541,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
version = "1.0.43"
version = "1.0.47"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab"
checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725"
dependencies = [
"unicode-ident",
]
@@ -3839,7 +4039,7 @@ dependencies = [
"io-lifetimes",
"libc",
"linux-raw-sys",
"windows-sys",
"windows-sys 0.36.1",
]
[[package]]
@@ -3848,6 +4048,7 @@ version = "0.1.0"
dependencies = [
"anyhow",
"async-trait",
"bit-vec",
"capctl",
"caps",
"cfg-if 0.1.10",
@@ -3875,6 +4076,7 @@ dependencies = [
"tempfile",
"test-utils",
"tokio",
"zbus",
]
[[package]]
@@ -3914,7 +4116,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "88d6731146462ea25d9244b2ed5fd1d716d25c52e4d54aa4fb0f3c4e9854dbe2"
dependencies = [
"lazy_static",
"windows-sys",
"windows-sys 0.36.1",
]
[[package]]
@@ -4067,6 +4269,17 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_repr"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "serde_urlencoded"
version = "0.7.1"
@@ -4137,6 +4350,21 @@ dependencies = [
"digest 0.10.3",
]
[[package]]
name = "sha1"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770"
dependencies = [
"sha1_smol",
]
[[package]]
name = "sha1_smol"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
[[package]]
name = "sha1collisiondetection"
version = "0.2.6"
@@ -4410,6 +4638,12 @@ dependencies = [
"der 0.5.1",
]
[[package]]
name = "static_assertions"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
name = "string_cache"
version = "0.8.4"
@@ -4469,9 +4703,9 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
[[package]]
name = "syn"
version = "1.0.99"
version = "1.0.105"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13"
checksum = "60b9b43d45702de4c839cb9b51d9f529c5dd26a4aff255b42b1ebc03e88ee908"
dependencies = [
"proc-macro2",
"quote",
@@ -5130,6 +5364,16 @@ dependencies = [
"utcnow",
]
[[package]]
name = "uds_windows"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ce65604324d3cce9b966701489fbd0cf318cb1f7bd9dd07ac9a4ee6fb791930d"
dependencies = [
"tempfile",
"winapi",
]
[[package]]
name = "unicase"
version = "2.6.0"
@@ -5272,6 +5516,12 @@ dependencies = [
"tokio-vsock",
]
[[package]]
name = "waker-fn"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca"
[[package]]
name = "walkdir"
version = "2.3.2"
@@ -5387,6 +5637,15 @@ dependencies = [
"wasm-bindgen",
]
[[package]]
name = "wepoll-ffi"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d743fdedc5c64377b5fc2bc036b01c7fd642205a0d96356034ae3404d49eb7fb"
dependencies = [
"cc",
]
[[package]]
name = "which"
version = "4.3.0"
@@ -5435,43 +5694,100 @@ version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2"
dependencies = [
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_msvc",
"windows_aarch64_msvc 0.36.1",
"windows_i686_gnu 0.36.1",
"windows_i686_msvc 0.36.1",
"windows_x86_64_gnu 0.36.1",
"windows_x86_64_msvc 0.36.1",
]
[[package]]
name = "windows-sys"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc 0.42.0",
"windows_i686_gnu 0.42.0",
"windows_i686_msvc 0.42.0",
"windows_x86_64_gnu 0.42.0",
"windows_x86_64_gnullvm",
"windows_x86_64_msvc 0.42.0",
]
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41d2aa71f6f0cbe00ae5167d90ef3cfe66527d6f613ca78ac8024c3ccab9a19e"
[[package]]
name = "windows_aarch64_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47"
[[package]]
name = "windows_aarch64_msvc"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd0f252f5a35cac83d6311b2e795981f5ee6e67eb1f9a7f64eb4500fbc4dcdb4"
[[package]]
name = "windows_i686_gnu"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6"
[[package]]
name = "windows_i686_gnu"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbeae19f6716841636c28d695375df17562ca208b2b7d0dc47635a50ae6c5de7"
[[package]]
name = "windows_i686_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024"
[[package]]
name = "windows_i686_msvc"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "84c12f65daa39dd2babe6e442988fc329d6243fdce47d7d2d155b8d874862246"
[[package]]
name = "windows_x86_64_gnu"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1"
[[package]]
name = "windows_x86_64_gnu"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf7b1b21b5362cbc318f686150e5bcea75ecedc74dd157d874d754a2ca44b0ed"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09d525d2ba30eeb3297665bd434a54297e4170c7f1a44cad4ef58095b4cd2028"
[[package]]
name = "windows_x86_64_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"
[[package]]
name = "windows_x86_64_msvc"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f40009d85759725a34da6d89a94e63d7bdc50a862acf0dbc7c8e488f1edcb6f5"
[[package]]
name = "winreg"
version = "0.10.1"
@@ -5541,6 +5857,70 @@ dependencies = [
"linked-hash-map",
]
[[package]]
name = "zbus"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b"
dependencies = [
"async-broadcast",
"async-channel",
"async-executor",
"async-io",
"async-lock",
"async-recursion",
"async-task",
"async-trait",
"byteorder",
"derivative",
"dirs",
"enumflags2",
"event-listener",
"futures-core",
"futures-sink",
"futures-util",
"hex",
"lazy_static",
"nix 0.23.1",
"once_cell",
"ordered-stream",
"rand 0.8.5",
"serde",
"serde_repr",
"sha1",
"static_assertions",
"tracing",
"uds_windows",
"winapi",
"zbus_macros",
"zbus_names",
"zvariant",
]
[[package]]
name = "zbus_macros"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6"
dependencies = [
"proc-macro-crate",
"proc-macro2",
"quote",
"regex",
"syn",
]
[[package]]
name = "zbus_names"
version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d69bb79b44e1901ed8b217e485d0f01991aec574479b68cb03415f142bc7ae67"
dependencies = [
"serde",
"static_assertions",
"zvariant",
]
[[package]]
name = "zeroize"
version = "1.5.7"
@@ -5590,3 +5970,29 @@ dependencies = [
"cc",
"libc",
]
[[package]]
name = "zvariant"
version = "3.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c817f416f05fcbc833902f1e6064b72b1778573978cfeac54731451ccc9e207"
dependencies = [
"byteorder",
"enumflags2",
"libc",
"serde",
"static_assertions",
"zvariant_derive",
]
[[package]]
name = "zvariant_derive"
version = "3.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fdd24fffd02794a76eb10109de463444064c88f5adb9e9d1a78488adc332bfef"
dependencies = [
"proc-macro-crate",
"proc-macro2",
"quote",
"syn",
]

2
src/agent/Makefile
View File

@@ -115,6 +115,8 @@ endef
##TARGET default: build code
default: $(TARGET) show-header
static-checks-build: $(GENERATED_CODE)
$(TARGET): $(GENERATED_CODE) $(TARGET_PATH)
$(TARGET_PATH): show-summary

2
src/agent/rustjail/Cargo.toml
View File

@@ -33,6 +33,8 @@ futures = "0.3.17"
async-trait = "0.1.31"
inotify = "0.9.2"
libseccomp = { version = "0.3.0", optional = true }
zbus = "2.3.0"
bit-vec= "0.6.3"
[dev-dependencies]
serial_test = "0.5.0"

143
src/agent/rustjail/src/cgroups/fs/mod.rs
View File

@@ -32,6 +32,7 @@ use protocols::agent::{
BlkioStats, BlkioStatsEntry, CgroupStats, CpuStats, CpuUsage, HugetlbStats, MemoryData,
MemoryStats, PidsStats, ThrottlingData,
};
use std::any::Any;
use std::collections::HashMap;
use std::fs;
use std::path::Path;
@@ -193,6 +194,79 @@ impl CgroupManager for Manager {
Ok(result)
}
fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> {
if guest_cpuset.is_empty() {
return Ok(());
}
info!(sl!(), "update_cpuset_path to: {}", guest_cpuset);
let h = cgroups::hierarchies::auto();
let root_cg = h.root_control_group();
let root_cpuset_controller: &CpuSetController = root_cg.controller_of().unwrap();
let path = root_cpuset_controller.path();
let root_path = Path::new(path);
info!(sl!(), "root cpuset path: {:?}", &path);
let container_cpuset_controller: &CpuSetController = self.cgroup.controller_of().unwrap();
let path = container_cpuset_controller.path();
let container_path = Path::new(path);
info!(sl!(), "container cpuset path: {:?}", &path);
let mut paths = vec![];
for ancestor in container_path.ancestors() {
if ancestor == root_path {
break;
}
paths.push(ancestor);
}
info!(sl!(), "parent paths to update cpuset: {:?}", &paths);
let mut i = paths.len();
loop {
if i == 0 {
break;
}
i -= 1;
// remove cgroup root from path
let r_path = &paths[i]
.to_str()
.unwrap()
.trim_start_matches(root_path.to_str().unwrap());
info!(sl!(), "updating cpuset for parent path {:?}", &r_path);
let cg = new_cgroup(cgroups::hierarchies::auto(), r_path);
let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
cpuset_controller.set_cpus(guest_cpuset)?;
}
if !container_cpuset.is_empty() {
info!(
sl!(),
"updating cpuset for container path: {:?} cpuset: {}",
&container_path,
container_cpuset
);
container_cpuset_controller.set_cpus(container_cpuset)?;
}
Ok(())
}
fn get_cgroup_path(&self, cg: &str) -> Result<String> {
if cgroups::hierarchies::is_cgroup2_unified_mode() {
let cg_path = format!("/sys/fs/cgroup/{}", self.cpath);
return Ok(cg_path);
}
// for cgroup v1
Ok(self.paths.get(cg).map(|s| s.to_string()).unwrap())
}
fn as_any(&self) -> Result<&dyn Any> {
Ok(self)
}
}
fn set_network_resources(
@@ -984,75 +1058,6 @@ impl Manager {
cgroup: new_cgroup(cgroups::hierarchies::auto(), cpath),
})
}
pub fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> {
if guest_cpuset.is_empty() {
return Ok(());
}
info!(sl!(), "update_cpuset_path to: {}", guest_cpuset);
let h = cgroups::hierarchies::auto();
let root_cg = h.root_control_group();
let root_cpuset_controller: &CpuSetController = root_cg.controller_of().unwrap();
let path = root_cpuset_controller.path();
let root_path = Path::new(path);
info!(sl!(), "root cpuset path: {:?}", &path);
let container_cpuset_controller: &CpuSetController = self.cgroup.controller_of().unwrap();
let path = container_cpuset_controller.path();
let container_path = Path::new(path);
info!(sl!(), "container cpuset path: {:?}", &path);
let mut paths = vec![];
for ancestor in container_path.ancestors() {
if ancestor == root_path {
break;
}
paths.push(ancestor);
}
info!(sl!(), "parent paths to update cpuset: {:?}", &paths);
let mut i = paths.len();
loop {
if i == 0 {
break;
}
i -= 1;
// remove cgroup root from path
let r_path = &paths[i]
.to_str()
.unwrap()
.trim_start_matches(root_path.to_str().unwrap());
info!(sl!(), "updating cpuset for parent path {:?}", &r_path);
let cg = new_cgroup(cgroups::hierarchies::auto(), r_path);
let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
cpuset_controller.set_cpus(guest_cpuset)?;
}
if !container_cpuset.is_empty() {
info!(
sl!(),
"updating cpuset for container path: {:?} cpuset: {}",
&container_path,
container_cpuset
);
container_cpuset_controller.set_cpus(container_cpuset)?;
}
Ok(())
}
pub fn get_cg_path(&self, cg: &str) -> Option<String> {
if cgroups::hierarchies::is_cgroup2_unified_mode() {
let cg_path = format!("/sys/fs/cgroup/{}", self.cpath);
return Some(cg_path);
}
// for cgroup v1
self.paths.get(cg).map(|s| s.to_string())
}
}
// get the guest's online cpus.

21
src/agent/rustjail/src/cgroups/mock.rs
View File

@@ -11,6 +11,7 @@ use anyhow::Result;
use cgroups::freezer::FreezerState;
use libc::{self, pid_t};
use oci::LinuxResources;
use std::any::Any;
use std::collections::HashMap;
use std::string::String;
@@ -53,6 +54,18 @@ impl CgroupManager for Manager {
fn get_pids(&self) -> Result<Vec<pid_t>> {
Ok(Vec::new())
}
fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> {
Ok(())
}
fn get_cgroup_path(&self, _: &str) -> Result<String> {
Ok("".to_string())
}
fn as_any(&self) -> Result<&dyn Any> {
Ok(self)
}
}
impl Manager {
@@ -63,12 +76,4 @@ impl Manager {
cpath: cpath.to_string(),
})
}
pub fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> {
Ok(())
}
pub fn get_cg_path(&self, _: &str) -> Option<String> {
Some("".to_string())
}
}

20
src/agent/rustjail/src/cgroups/mod.rs
View File

@@ -4,8 +4,10 @@
//
use anyhow::{anyhow, Result};
use core::fmt::Debug;
use oci::LinuxResources;
use protocols::agent::CgroupStats;
use std::any::Any;
use cgroups::freezer::FreezerState;
@@ -38,4 +40,22 @@ pub trait Manager {
fn set(&self, _container: &LinuxResources, _update: bool) -> Result<()> {
Err(anyhow!("not supported!"))
}
fn update_cpuset_path(&self, _: &str, _: &str) -> Result<()> {
Err(anyhow!("not supported!"))
}
fn get_cgroup_path(&self, _: &str) -> Result<String> {
Err(anyhow!("not supported!"))
}
fn as_any(&self) -> Result<&dyn Any> {
Err(anyhow!("not supported!"))
}
}
impl Debug for dyn Manager + Send + Sync {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
write!(f, "CgroupManager")
}
}

10
src/agent/rustjail/src/cgroups/systemd.rs
View File

@@ -1,10 +0,0 @@
// Copyright (c) 2019 Ant Financial
//
// SPDX-License-Identifier: Apache-2.0
//
use crate::cgroups::Manager as CgroupManager;
pub struct Manager {}
impl CgroupManager for Manager {}

95
src/agent/rustjail/src/cgroups/systemd/cgroups_path.rs Normal file
View File

@@ -0,0 +1,95 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use anyhow::{anyhow, Result};
use super::common::{DEFAULT_SLICE, SCOPE_SUFFIX, SLICE_SUFFIX};
use std::string::String;
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct CgroupsPath {
pub slice: String,
pub prefix: String,
pub name: String,
}
impl CgroupsPath {
pub fn new(cgroups_path_str: &str) -> Result<Self> {
let path_vec: Vec<&str> = cgroups_path_str.split(':').collect();
if path_vec.len() != 3 {
return Err(anyhow!("invalid cpath: {:?}", cgroups_path_str));
}
Ok(CgroupsPath {
slice: if path_vec[0].is_empty() {
DEFAULT_SLICE.to_string()
} else {
path_vec[0].to_owned()
},
prefix: path_vec[1].to_owned(),
name: path_vec[2].to_owned(),
})
}
// ref: https://github.com/opencontainers/runc/blob/main/docs/systemd.md
// return: (parent_slice, unit_name)
pub fn parse(&self) -> Result<(String, String)> {
Ok((
parse_parent(self.slice.to_owned())?,
get_unit_name(self.prefix.to_owned(), self.name.to_owned()),
))
}
}
fn parse_parent(slice: String) -> Result<String> {
if !slice.ends_with(SLICE_SUFFIX) || slice.contains('/') {
return Err(anyhow!("invalid slice name: {}", slice));
} else if slice == "-.slice" {
return Ok(String::new());
}
let mut slice_path = String::new();
let mut prefix = String::new();
for subslice in slice.trim_end_matches(SLICE_SUFFIX).split('-') {
if subslice.is_empty() {
return Err(anyhow!("invalid slice name: {}", slice));
}
slice_path = format!("{}/{}{}{}", slice_path, prefix, subslice, SLICE_SUFFIX);
prefix = format!("{}{}-", prefix, subslice);
}
slice_path.remove(0);
Ok(slice_path)
}
fn get_unit_name(prefix: String, name: String) -> String {
if name.ends_with(SLICE_SUFFIX) {
name
} else if prefix.is_empty() {
format!("{}{}", name, SCOPE_SUFFIX)
} else {
format!("{}-{}{}", prefix, name, SCOPE_SUFFIX)
}
}
#[cfg(test)]
mod tests {
use super::CgroupsPath;
#[test]
fn test_cgroup_path_parse() {
let slice = "system.slice";
let prefix = "kata_agent";
let name = "123";
let cgroups_path =
CgroupsPath::new(format!("{}:{}:{}", slice, prefix, name).as_str()).unwrap();
assert_eq!(slice, cgroups_path.slice.as_str());
assert_eq!(prefix, cgroups_path.prefix.as_str());
assert_eq!(name, cgroups_path.name.as_str());
let (parent_slice, unit_name) = cgroups_path.parse().unwrap();
assert_eq!(format!("{}", slice), parent_slice);
assert_eq!(format!("{}-{}.scope", prefix, name), unit_name);
}
}

17
src/agent/rustjail/src/cgroups/systemd/common.rs Normal file
View File

@@ -0,0 +1,17 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
pub const DEFAULT_SLICE: &str = "system.slice";
pub const SLICE_SUFFIX: &str = ".slice";
pub const SCOPE_SUFFIX: &str = ".scope";
pub const UNIT_MODE: &str = "replace";
pub type Properties<'a> = Vec<(&'a str, zbus::zvariant::Value<'a>)>;
#[derive(Serialize, Deserialize, Debug, Clone)]
pub enum CgroupHierarchy {
Legacy,
Unified,
}

126
src/agent/rustjail/src/cgroups/systemd/dbus_client.rs Normal file
View File

@@ -0,0 +1,126 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use std::vec;
use super::common::CgroupHierarchy;
use super::common::{Properties, SLICE_SUFFIX, UNIT_MODE};
use super::interface::system::ManagerProxyBlocking as SystemManager;
use anyhow::{Context, Result};
use zbus::zvariant::Value;
pub trait SystemdInterface {
fn start_unit(
&self,
pid: i32,
parent: &str,
unit_name: &str,
cg_hierarchy: &CgroupHierarchy,
) -> Result<()>;
fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()>;
fn stop_unit(&self, unit_name: &str) -> Result<()>;
fn get_version(&self) -> Result<String>;
fn unit_exist(&self, unit_name: &str) -> Result<bool>;
fn add_process(&self, pid: i32, unit_name: &str) -> Result<()>;
}
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct DBusClient {}
impl DBusClient {
fn build_proxy(&self) -> Result<SystemManager<'static>> {
let connection = zbus::blocking::Connection::system()?;
let proxy = SystemManager::new(&connection)?;
Ok(proxy)
}
}
impl SystemdInterface for DBusClient {
fn start_unit(
&self,
pid: i32,
parent: &str,
unit_name: &str,
cg_hierarchy: &CgroupHierarchy,
) -> Result<()> {
let proxy = self.build_proxy()?;
// enable CPUAccounting & MemoryAccounting & (Block)IOAccounting by default
let mut properties: Properties = vec![
("CPUAccounting", Value::Bool(true)),
("DefaultDependencies", Value::Bool(false)),
("MemoryAccounting", Value::Bool(true)),
("TasksAccounting", Value::Bool(true)),
("Description", Value::Str("kata-agent container".into())),
("PIDs", Value::Array(vec![pid as u32].into())),
];
match *cg_hierarchy {
CgroupHierarchy::Legacy => properties.push(("IOAccounting", Value::Bool(true))),
CgroupHierarchy::Unified => properties.push(("BlockIOAccounting", Value::Bool(true))),
}
if unit_name.ends_with(SLICE_SUFFIX) {
properties.push(("Wants", Value::Str(parent.into())));
} else {
properties.push(("Slice", Value::Str(parent.into())));
properties.push(("Delegate", Value::Bool(true)));
}
proxy
.start_transient_unit(unit_name, UNIT_MODE, &properties, &[])
.with_context(|| format!("failed to start transient unit {}", unit_name))?;
Ok(())
}
fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()> {
let proxy = self.build_proxy()?;
proxy
.set_unit_properties(unit_name, true, properties)
.with_context(|| format!("failed to set unit properties {}", unit_name))?;
Ok(())
}
fn stop_unit(&self, unit_name: &str) -> Result<()> {
let proxy = self.build_proxy()?;
proxy
.stop_unit(unit_name, UNIT_MODE)
.with_context(|| format!("failed to stop unit {}", unit_name))?;
Ok(())
}
fn get_version(&self) -> Result<String> {
let proxy = self.build_proxy()?;
let systemd_version = proxy
.version()
.with_context(|| "failed to get systemd version".to_string())?;
Ok(systemd_version)
}
fn unit_exist(&self, unit_name: &str) -> Result<bool> {
let proxy = self.build_proxy()?;
Ok(proxy.get_unit(unit_name).is_ok())
}
fn add_process(&self, pid: i32, unit_name: &str) -> Result<()> {
let proxy = self.build_proxy()?;
proxy
.attach_processes_to_unit(unit_name, "/", &[pid as u32])
.with_context(|| format!("failed to add process {}", unit_name))?;
Ok(())
}
}

7
src/agent/rustjail/src/cgroups/systemd/interface/mod.rs Normal file
View File

@@ -0,0 +1,7 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
pub(crate) mod session;
pub(crate) mod system;

1004
src/agent/rustjail/src/cgroups/systemd/interface/session.rs Normal file
View File

File diff suppressed because it is too large Load Diff

1004
src/agent/rustjail/src/cgroups/systemd/interface/system.rs Normal file
View File

File diff suppressed because it is too large Load Diff

129
src/agent/rustjail/src/cgroups/systemd/manager.rs Normal file
View File

@@ -0,0 +1,129 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use crate::cgroups::Manager as CgroupManager;
use crate::protocols::agent::CgroupStats;
use anyhow::Result;
use cgroups::freezer::FreezerState;
use libc::{self, pid_t};
use oci::LinuxResources;
use std::any::Any;
use std::collections::HashMap;
use std::convert::TryInto;
use std::string::String;
use std::vec;
use super::super::fs::Manager as FsManager;
use super::cgroups_path::CgroupsPath;
use super::common::{CgroupHierarchy, Properties};
use super::dbus_client::{DBusClient, SystemdInterface};
use super::subsystem::transformer::Transformer;
use super::subsystem::{cpu::Cpu, cpuset::CpuSet, memory::Memory, pids::Pids};
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct Manager {
pub paths: HashMap<String, String>,
pub mounts: HashMap<String, String>,
pub cgroups_path: CgroupsPath,
pub cpath: String,
pub unit_name: String,
// dbus client for set properties
dbus_client: DBusClient,
// fs manager for get properties
fs_manager: FsManager,
// cgroup version for different dbus properties
cg_hierarchy: CgroupHierarchy,
}
impl CgroupManager for Manager {
fn apply(&self, pid: pid_t) -> Result<()> {
let unit_name = self.unit_name.as_str();
if self.dbus_client.unit_exist(unit_name).unwrap() {
self.dbus_client.add_process(pid, self.unit_name.as_str())?;
} else {
self.dbus_client.start_unit(
(pid as u32).try_into().unwrap(),
self.cgroups_path.slice.as_str(),
self.unit_name.as_str(),
&self.cg_hierarchy,
)?;
}
Ok(())
}
fn set(&self, r: &LinuxResources, _: bool) -> Result<()> {
let mut properties: Properties = vec![];
let systemd_version = self.dbus_client.get_version()?;
let systemd_version_str = systemd_version.as_str();
Cpu::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?;
Memory::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?;
Pids::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?;
CpuSet::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?;
self.dbus_client
.set_properties(self.unit_name.as_str(), &properties)?;
Ok(())
}
fn get_stats(&self) -> Result<CgroupStats> {
self.fs_manager.get_stats()
}
fn freeze(&self, state: FreezerState) -> Result<()> {
self.fs_manager.freeze(state)
}
fn destroy(&mut self) -> Result<()> {
self.dbus_client.stop_unit(self.unit_name.as_str())?;
self.fs_manager.destroy()
}
fn get_pids(&self) -> Result<Vec<pid_t>> {
self.fs_manager.get_pids()
}
fn update_cpuset_path(&self, guest_cpuset: &str, container_cpuset: &str) -> Result<()> {
self.fs_manager
.update_cpuset_path(guest_cpuset, container_cpuset)
}
fn get_cgroup_path(&self, cg: &str) -> Result<String> {
self.fs_manager.get_cgroup_path(cg)
}
fn as_any(&self) -> Result<&dyn Any> {
Ok(self)
}
}
impl Manager {
pub fn new(cgroups_path_str: &str) -> Result<Self> {
let cgroups_path = CgroupsPath::new(cgroups_path_str)?;
let (parent_slice, unit_name) = cgroups_path.parse()?;
let cpath = parent_slice + "/" + &unit_name;
let fs_manager = FsManager::new(cpath.as_str())?;
Ok(Manager {
paths: fs_manager.paths.clone(),
mounts: fs_manager.mounts.clone(),
cgroups_path,
cpath,
unit_name,
dbus_client: DBusClient {},
fs_manager,
cg_hierarchy: if cgroups::hierarchies::is_cgroup2_unified_mode() {
CgroupHierarchy::Unified
} else {
CgroupHierarchy::Legacy
},
})
}
}

12
src/agent/rustjail/src/cgroups/systemd/mod.rs Normal file
View File

@@ -0,0 +1,12 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
pub mod manager;
mod cgroups_path;
mod common;
mod dbus_client;
mod interface;
mod subsystem;

139
src/agent/rustjail/src/cgroups/systemd/subsystem/cpu.rs Normal file
View File

@@ -0,0 +1,139 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use super::super::common::{CgroupHierarchy, Properties};
use super::transformer::Transformer;
use anyhow::Result;
use oci::{LinuxCpu, LinuxResources};
use zbus::zvariant::Value;
const BASIC_SYSTEMD_VERSION: &str = "242";
const DEFAULT_CPUQUOTAPERIOD: u64 = 100 * 1000;
const SEC2MICROSEC: u64 = 1000 * 1000;
const BASIC_INTERVAL: u64 = 10 * 1000;
pub struct Cpu {}
impl Transformer for Cpu {
fn apply(
r: &LinuxResources,
properties: &mut Properties,
cgroup_hierarchy: &CgroupHierarchy,
systemd_version: &str,
) -> Result<()> {
if let Some(cpu_resources) = &r.cpu {
match cgroup_hierarchy {
CgroupHierarchy::Legacy => {
Self::legacy_apply(cpu_resources, properties, systemd_version)?
}
CgroupHierarchy::Unified => {
Self::unified_apply(cpu_resources, properties, systemd_version)?
}
}
}
Ok(())
}
}
impl Cpu {
// v1:
// cpu.shares <-> CPUShares
// cpu.period <-> CPUQuotaPeriodUSec
// cpu.period & cpu.quota <-> CPUQuotaPerSecUSec
fn legacy_apply(
cpu_resources: &LinuxCpu,
properties: &mut Properties,
systemd_version: &str,
) -> Result<()> {
if let Some(shares) = cpu_resources.shares {
properties.push(("CPUShares", Value::U64(shares)));
}
if let Some(period) = cpu_resources.period {
if period != 0 && systemd_version >= BASIC_SYSTEMD_VERSION {
properties.push(("CPUQuotaPeriodUSec", Value::U64(period)));
}
}
if let Some(quota) = cpu_resources.quota {
let period = cpu_resources.period.unwrap_or(DEFAULT_CPUQUOTAPERIOD);
if period != 0 {
let cpu_quota_per_sec_usec = resolve_cpuquota(quota, period);
properties.push(("CPUQuotaPerSecUSec", Value::U64(cpu_quota_per_sec_usec)));
}
}
Ok(())
}
// v2:
// cpu.shares <-> CPUShares
// cpu.period <-> CPUQuotaPeriodUSec
// cpu.period & cpu.quota <-> CPUQuotaPerSecUSec
fn unified_apply(
cpu_resources: &LinuxCpu,
properties: &mut Properties,
systemd_version: &str,
) -> Result<()> {
if let Some(shares) = cpu_resources.shares {
let unified_shares = get_unified_cpushares(shares);
properties.push(("CPUShares", Value::U64(unified_shares)));
}
if let Some(period) = cpu_resources.period {
if period != 0 && systemd_version >= BASIC_SYSTEMD_VERSION {
properties.push(("CPUQuotaPeriodUSec", Value::U64(period)));
}
}
if let Some(quota) = cpu_resources.quota {
let period = cpu_resources.period.unwrap_or(DEFAULT_CPUQUOTAPERIOD);
if period != 0 {
let cpu_quota_per_sec_usec = resolve_cpuquota(quota, period);
properties.push(("CPUQuotaPerSecUSec", Value::U64(cpu_quota_per_sec_usec)));
}
}
Ok(())
}
}
// ref: https://github.com/containers/crun/blob/main/crun.1.md#cgroup-v2
// [2-262144] to [1-10000]
fn get_unified_cpushares(shares: u64) -> u64 {
if shares == 0 {
return 100;
}
1 + ((shares - 2) * 9999) / 262142
}
fn resolve_cpuquota(quota: i64, period: u64) -> u64 {
let mut cpu_quota_per_sec_usec = u64::MAX;
if quota > 0 {
cpu_quota_per_sec_usec = (quota as u64) * SEC2MICROSEC / period;
if cpu_quota_per_sec_usec % BASIC_INTERVAL != 0 {
cpu_quota_per_sec_usec =
((cpu_quota_per_sec_usec / BASIC_INTERVAL) + 1) * BASIC_INTERVAL;
}
}
cpu_quota_per_sec_usec
}
#[cfg(test)]
mod tests {
use crate::cgroups::systemd::subsystem::cpu::resolve_cpuquota;
#[test]
fn test_unified_cpuquota() {
let quota: i64 = 1000000;
let period: u64 = 500000;
let cpu_quota_per_sec_usec = resolve_cpuquota(quota, period);
assert_eq!(2000000, cpu_quota_per_sec_usec);
}
}

124
src/agent/rustjail/src/cgroups/systemd/subsystem/cpuset.rs Normal file
View File

@@ -0,0 +1,124 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use super::super::common::{CgroupHierarchy, Properties};
use super::transformer::Transformer;
use anyhow::{bail, Result};
use bit_vec::BitVec;
use oci::{LinuxCpu, LinuxResources};
use std::convert::{TryFrom, TryInto};
use zbus::zvariant::Value;
const BASIC_SYSTEMD_VERSION: &str = "244";
pub struct CpuSet {}
impl Transformer for CpuSet {
fn apply(
r: &LinuxResources,
properties: &mut Properties,
_: &CgroupHierarchy,
systemd_version: &str,
) -> Result<()> {
if let Some(cpuset_resources) = &r.cpu {
Self::apply(cpuset_resources, properties, systemd_version)?;
}
Ok(())
}
}
// v1 & v2:
// cpuset.cpus <-> AllowedCPUs (v244)
// cpuset.mems <-> AllowedMemoryNodes (v244)
impl CpuSet {
fn apply(
cpuset_resources: &LinuxCpu,
properties: &mut Properties,
systemd_version: &str,
) -> Result<()> {
if systemd_version < BASIC_SYSTEMD_VERSION {
return Ok(());
}
let cpus = cpuset_resources.cpus.as_str();
if !cpus.is_empty() {
let cpus_vec: BitMask = cpus.try_into()?;
properties.push(("AllowedCPUs", Value::Array(cpus_vec.0.into())));
}
let mems = cpuset_resources.mems.as_str();
if !mems.is_empty() {
let mems_vec: BitMask = mems.try_into()?;
properties.push(("AllowedMemoryNodes", Value::Array(mems_vec.0.into())));
}
Ok(())
}
}
struct BitMask(Vec<u8>);
impl TryFrom<&str> for BitMask {
type Error = anyhow::Error;
fn try_from(bitmask_str: &str) -> Result<Self, Self::Error> {
let mut bitmask_vec = BitVec::from_elem(8, false);
let bitmask_str_vec: Vec<&str> = bitmask_str.split(',').collect();
for bitmask in bitmask_str_vec.iter() {
let range: Vec<&str> = bitmask.split('-').collect();
match range.len() {
1 => {
let idx: usize = range[0].parse()?;
while idx >= bitmask_vec.len() {
bitmask_vec.grow(8, false);
}
bitmask_vec.set(adjust_index(idx), true);
}
2 => {
let left_index = range[0].parse()?;
let right_index = range[1].parse()?;
while right_index >= bitmask_vec.len() {
bitmask_vec.grow(8, false);
}
for idx in left_index..=right_index {
bitmask_vec.set(adjust_index(idx), true);
}
}
_ => bail!("invalid bitmask str {}", bitmask_str),
}
}
let mut result_vec = bitmask_vec.to_bytes();
result_vec.reverse();
Ok(BitMask(result_vec))
}
}
#[inline(always)]
fn adjust_index(idx: usize) -> usize {
idx / 8 * 8 + 7 - idx % 8
}
#[cfg(test)]
mod tests {
use std::convert::TryInto;
use crate::cgroups::systemd::subsystem::cpuset::BitMask;
#[test]
fn test_bitmask_conversion() {
let cpus_vec: BitMask = "2-4".try_into().unwrap();
assert_eq!(vec![0b11100 as u8], cpus_vec.0);
let cpus_vec: BitMask = "1,7".try_into().unwrap();
assert_eq!(vec![0b10000010 as u8], cpus_vec.0);
let cpus_vec: BitMask = "0,2-3,7".try_into().unwrap();
assert_eq!(vec![0b10001101 as u8], cpus_vec.0);
}
}

117
src/agent/rustjail/src/cgroups/systemd/subsystem/memory.rs Normal file
View File

@@ -0,0 +1,117 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use super::super::common::{CgroupHierarchy, Properties};
use super::transformer::Transformer;
use anyhow::{bail, Result};
use oci::{LinuxMemory, LinuxResources};
use zbus::zvariant::Value;
pub struct Memory {}
impl Transformer for Memory {
fn apply(
r: &LinuxResources,
properties: &mut Properties,
cgroup_hierarchy: &CgroupHierarchy,
_: &str,
) -> Result<()> {
if let Some(memory_resources) = &r.memory {
match cgroup_hierarchy {
CgroupHierarchy::Legacy => Self::legacy_apply(memory_resources, properties)?,
CgroupHierarchy::Unified => Self::unified_apply(memory_resources, properties)?,
}
}
Ok(())
}
}
impl Memory {
// v1:
// memory.limit <-> MemoryLimit
fn legacy_apply(memory_resources: &LinuxMemory, properties: &mut Properties) -> Result<()> {
if let Some(limit) = memory_resources.limit {
let limit = match limit {
1..=i64::MAX => limit as u64,
0 => u64::MAX,
_ => bail!("invalid memory.limit"),
};
properties.push(("MemoryLimit", Value::U64(limit)));
}
Ok(())
}
// v2:
// memory.low <-> MemoryLow
// memory.max <-> MemoryMax
// memory.swap & memory.limit <-> MemorySwapMax
fn unified_apply(memory_resources: &LinuxMemory, properties: &mut Properties) -> Result<()> {
if let Some(limit) = memory_resources.limit {
let limit = match limit {
1..=i64::MAX => limit as u64,
0 => u64::MAX,
_ => bail!("invalid memory.limit: {}", limit),
};
properties.push(("MemoryMax", Value::U64(limit)));
}
if let Some(reservation) = memory_resources.reservation {
let reservation = match reservation {
1..=i64::MAX => reservation as u64,
0 => u64::MAX,
_ => bail!("invalid memory.reservation: {}", reservation),
};
properties.push(("MemoryLow", Value::U64(reservation)));
}
let swap = match memory_resources.swap {
Some(0) => u64::MAX,
Some(1..=i64::MAX) => match memory_resources.limit {
Some(1..=i64::MAX) => {
(memory_resources.limit.unwrap() - memory_resources.swap.unwrap()) as u64
}
_ => bail!("invalid memory.limit when memory.swap specified"),
},
None => u64::MAX,
_ => bail!("invalid memory.swap"),
};
properties.push(("MemorySwapMax", Value::U64(swap)));
Ok(())
}
}
#[cfg(test)]
mod tests {
use super::Memory;
use super::Properties;
use super::Value;
#[test]
fn test_unified_memory() {
let memory_resources = oci::LinuxMemory {
limit: Some(736870912),
reservation: Some(536870912),
swap: Some(536870912),
kernel: Some(0),
kernel_tcp: Some(0),
swappiness: Some(0),
disable_oom_killer: Some(false),
};
let mut properties: Properties = vec![];
assert_eq!(
true,
Memory::unified_apply(&memory_resources, &mut properties).is_ok()
);
assert_eq!(Value::U64(200000000), properties[2].1);
}
}

10
src/agent/rustjail/src/cgroups/systemd/subsystem/mod.rs Normal file
View File

@@ -0,0 +1,10 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
pub mod cpu;
pub mod cpuset;
pub mod memory;
pub mod pids;
pub mod transformer;

60
src/agent/rustjail/src/cgroups/systemd/subsystem/pids.rs Normal file
View File

@@ -0,0 +1,60 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use super::super::common::{CgroupHierarchy, Properties};
use super::transformer::Transformer;
use anyhow::Result;
use oci::{LinuxPids, LinuxResources};
use zbus::zvariant::Value;
pub struct Pids {}
impl Transformer for Pids {
fn apply(
r: &LinuxResources,
properties: &mut Properties,
_: &CgroupHierarchy,
_: &str,
) -> Result<()> {
if let Some(pids_resources) = &r.pids {
Self::apply(pids_resources, properties)?;
}
Ok(())
}
}
// pids.limit <-> TasksMax
impl Pids {
fn apply(pids_resources: &LinuxPids, properties: &mut Properties) -> Result<()> {
let limit = if pids_resources.limit > 0 {
pids_resources.limit as u64
} else {
u64::MAX
};
properties.push(("TasksMax", Value::U64(limit)));
Ok(())
}
}
#[cfg(test)]
mod tests {
use super::Pids;
use super::Properties;
use super::Value;
#[test]
fn test_subsystem_workflow() {
let pids_resources = oci::LinuxPids { limit: 0 };
let mut properties: Properties = vec![];
assert_eq!(true, Pids::apply(&pids_resources, &mut properties).is_ok());
assert_eq!(Value::U64(u64::MAX), properties[0].1);
}
}

17
src/agent/rustjail/src/cgroups/systemd/subsystem/transformer.rs Normal file
View File

@@ -0,0 +1,17 @@
// Copyright 2021-2022 Kata Contributors
//
// SPDX-License-Identifier: Apache-2.0
//
use super::super::common::{CgroupHierarchy, Properties};
use anyhow::Result;
use oci::LinuxResources;
pub trait Transformer {
fn apply(
r: &LinuxResources,
properties: &mut Properties,
cgroup_hierarchy: &CgroupHierarchy,
systemd_version: &str,
) -> Result<()>;
}

103
src/agent/rustjail/src/container.rs
View File

@@ -22,6 +22,7 @@ use crate::capabilities;
use crate::cgroups::fs::Manager as FsManager;
#[cfg(test)]
use crate::cgroups::mock::Manager as FsManager;
use crate::cgroups::systemd::manager::Manager as SystemdManager;
use crate::cgroups::Manager;
#[cfg(feature = "standard-oci-runtime")]
use crate::console;
@@ -49,6 +50,7 @@ use std::os::unix::io::AsRawFd;
use protobuf::SingularPtrField;
use oci::State as OCIState;
use regex::Regex;
use std::collections::HashMap;
use std::os::unix::io::FromRawFd;
use std::str::FromStr;
@@ -201,6 +203,8 @@ lazy_static! {
},
]
};
pub static ref SYSTEMD_CGROUP_PATH_FORMAT:Regex = Regex::new(r"^[\w\-.]*:[\w\-.]*:[\w\-.]*$").unwrap();
}
#[derive(Serialize, Deserialize, Debug)]
@@ -239,7 +243,7 @@ pub struct LinuxContainer {
pub id: String,
pub root: String,
pub config: Config,
pub cgroup_manager: Option<FsManager>,
pub cgroup_manager: Option<Box<dyn Manager + Send + Sync>>,
pub init_process_pid: pid_t,
pub init_process_start_time: u64,
pub uid_map_path: String,
@@ -390,7 +394,9 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
let buf = read_sync(crfd)?;
let cm_str = std::str::from_utf8(&buf)?;
let cm: FsManager = serde_json::from_str(cm_str)?;
// deserialize cm_str into FsManager and SystemdManager separately
let fs_cm: Result<FsManager, serde_json::Error> = serde_json::from_str(cm_str);
let systemd_cm: Result<SystemdManager, serde_json::Error> = serde_json::from_str(cm_str);
#[cfg(feature = "standard-oci-runtime")]
let csocket_fd = console::setup_console_socket(&std::env::var(CONSOLE_SOCKET_FD)?)?;
@@ -548,7 +554,18 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
if to_new.contains(CloneFlags::CLONE_NEWNS) {
// setup rootfs
mount::init_rootfs(cfd_log, &spec, &cm.paths, &cm.mounts, bind_device)?;
if let Ok(systemd_cm) = systemd_cm {
mount::init_rootfs(
cfd_log,
&spec,
&systemd_cm.paths,
&systemd_cm.mounts,
bind_device,
)?;
} else {
let fs_cm = fs_cm.unwrap();
mount::init_rootfs(cfd_log, &spec, &fs_cm.paths, &fs_cm.mounts, bind_device)?;
}
}
if init {
@@ -1018,7 +1035,8 @@ impl BaseContainer for LinuxContainer {
&logger,
spec,
&p,
self.cgroup_manager.as_ref().unwrap(),
self.cgroup_manager.as_ref().unwrap().as_ref(),
self.config.use_systemd_cgroup,
&st,
&mut pipe_w,
&mut pipe_r,
@@ -1280,11 +1298,13 @@ pub fn setup_child_logger(fd: RawFd, child_logger: Logger) -> tokio::task::JoinH
})
}
#[allow(clippy::too_many_arguments)]
async fn join_namespaces(
logger: &Logger,
spec: &Spec,
p: &Process,
cm: &FsManager,
cm: &(dyn Manager + Send + Sync),
use_systemd_cgroup: bool,
st: &OCIState,
pipe_w: &mut PipeStream,
pipe_r: &mut PipeStream,
@@ -1311,7 +1331,11 @@ async fn join_namespaces(
info!(logger, "wait child received oci process");
read_async(pipe_r).await?;
let cm_str = serde_json::to_string(cm)?;
let cm_str = if use_systemd_cgroup {
serde_json::to_string(cm.as_any()?.downcast_ref::<SystemdManager>().unwrap())
} else {
serde_json::to_string(cm.as_any()?.downcast_ref::<FsManager>().unwrap())
}?;
write_async(pipe_w, SYNC_DATA, cm_str.as_str()).await?;
// wait child setup user namespace
@@ -1334,13 +1358,16 @@ async fn join_namespaces(
}
// apply cgroups
if p.init && res.is_some() {
info!(logger, "apply cgroups!");
cm.set(res.unwrap(), false)?;
// For FsManger, it's no matter about the order of apply and set.
// For SystemdManger, apply must be precede set because we can only create a systemd unit with specific processes(pids).
if res.is_some() {
info!(logger, "apply processes to cgroups!");
cm.apply(p.pid)?;
}
if res.is_some() {
cm.apply(p.pid)?;
if p.init && res.is_some() {
info!(logger, "set properties to cgroups!");
cm.set(res.unwrap(), false)?;
}
info!(logger, "notify child to continue");
@@ -1419,7 +1446,7 @@ impl LinuxContainer {
pub fn new<T: Into<String> + Display + Clone>(
id: T,
base: T,
config: Config,
mut config: Config,
logger: &Logger,
) -> Result<Self> {
let base = base.into();
@@ -1448,18 +1475,40 @@ impl LinuxContainer {
let linux = spec.linux.as_ref().unwrap();
let cpath = if linux.cgroups_path.is_empty() {
format!("/{}", id.as_str())
// determine which cgroup driver to take and then assign to config.use_systemd_cgroup
// systemd: "[slice]:[prefix]:[name]"
// fs: "/path_a/path_b"
let cpath = if SYSTEMD_CGROUP_PATH_FORMAT.is_match(linux.cgroups_path.as_str()) {
config.use_systemd_cgroup = true;
if linux.cgroups_path.len() == 2 {
format!("system.slice:kata_agent:{}", id.as_str())
} else {
linux.cgroups_path.clone()
}
} else {
linux.cgroups_path.clone()
config.use_systemd_cgroup = false;
if linux.cgroups_path.is_empty() {
format!("/{}", id.as_str())
} else {
linux.cgroups_path.clone()
}
};
let cgroup_manager = FsManager::new(cpath.as_str()).map_err(|e| {
anyhow!(format!(
"fail to create cgroup manager with path {}: {:}",
cpath, e
))
})?;
let cgroup_manager: Box<dyn Manager + Send + Sync> = if config.use_systemd_cgroup {
Box::new(SystemdManager::new(cpath.as_str()).map_err(|e| {
anyhow!(format!(
"fail to create cgroup manager with path {}: {:}",
cpath, e
))
})?)
} else {
Box::new(FsManager::new(cpath.as_str()).map_err(|e| {
anyhow!(format!(
"fail to create cgroup manager with path {}: {:}",
cpath, e
))
})?)
};
info!(logger, "new cgroup_manager {:?}", &cgroup_manager);
Ok(LinuxContainer {
@@ -1944,7 +1993,11 @@ mod tests {
#[test]
fn test_linuxcontainer_pause() {
let ret = new_linux_container_and_then(|mut c: LinuxContainer| {
c.cgroup_manager = FsManager::new("").ok();
let cgroup_manager: Box<dyn Manager + Send + Sync> =
Box::new(FsManager::new("").map_err(|e| {
anyhow!(format!("fail to create cgroup manager with path: {:}", e))
})?);
c.cgroup_manager = Some(cgroup_manager);
c.pause().map_err(|e| anyhow!(e))
});
@@ -1977,7 +2030,11 @@ mod tests {
#[test]
fn test_linuxcontainer_resume() {
let ret = new_linux_container_and_then(|mut c: LinuxContainer| {
c.cgroup_manager = FsManager::new("").ok();
let cgroup_manager: Box<dyn Manager + Send + Sync> =
Box::new(FsManager::new("").map_err(|e| {
anyhow!(format!("fail to create cgroup manager with path: {:}", e))
})?);
c.cgroup_manager = Some(cgroup_manager);
// Change status to paused, this way we can resume it
c.status.transition(ContainerState::Paused);
c.resume().map_err(|e| anyhow!(e))

64
src/agent/src/rpc.rs
View File

@@ -47,7 +47,6 @@ use nix::errno::Errno;
use nix::mount::MsFlags;
use nix::sys::{stat, statfs};
use nix::unistd::{self, Pid};
use rustjail::cgroups::Manager;
use rustjail::process::ProcessOperations;
use crate::device::{
@@ -92,9 +91,15 @@ const CONFIG_JSON: &str = "config.json";
const INIT_TRUSTED_STORAGE: &str = "/usr/bin/kata-init-trusted-storage";
const TRUSTED_STORAGE_DEVICE: &str = "/dev/trusted_store";
/// the iptables seriers binaries could appear either in /sbin
/// or /usr/sbin, we need to check both of them
const USR_IPTABLES_SAVE: &str = "/usr/sbin/iptables-save";
const IPTABLES_SAVE: &str = "/sbin/iptables-save";
const USR_IPTABLES_RESTORE: &str = "/usr/sbin/iptables-store";
const IPTABLES_RESTORE: &str = "/sbin/iptables-restore";
const USR_IP6TABLES_SAVE: &str = "/usr/sbin/ip6tables-save";
const IP6TABLES_SAVE: &str = "/sbin/ip6tables-save";
const USR_IP6TABLES_RESTORE: &str = "/usr/sbin/ip6tables-save";
const IP6TABLES_RESTORE: &str = "/sbin/ip6tables-restore";
const ERR_CANNOT_GET_WRITER: &str = "Cannot get writer";
@@ -344,9 +349,9 @@ impl AgentService {
// start oom event loop
if let Some(ref ctr) = ctr.cgroup_manager {
let cg_path = ctr.get_cg_path("memory");
let cg_path = ctr.get_cgroup_path("memory");
if let Some(cg_path) = cg_path {
if let Ok(cg_path) = cg_path {
let rx = notifier::notify_oom(cid.as_str(), cg_path.to_string()).await?;
s.run_oom_event_monitor(rx, cid.clone()).await;
@@ -1123,8 +1128,18 @@ impl agent_ttrpc::AgentService for AgentService {
info!(sl!(), "get_ip_tables: request received");
// the binary could exists in either /usr/sbin or /sbin
// here check both of the places and return the one exists
// if none exists, return the /sbin one, and the rpc will
// returns an internal error
let cmd = if req.is_ipv6 {
IP6TABLES_SAVE
if Path::new(USR_IP6TABLES_SAVE).exists() {
USR_IP6TABLES_SAVE
} else {
IP6TABLES_SAVE
}
} else if Path::new(USR_IPTABLES_SAVE).exists() {
USR_IPTABLES_SAVE
} else {
IPTABLES_SAVE
}
@@ -1152,8 +1167,18 @@ impl agent_ttrpc::AgentService for AgentService {
info!(sl!(), "set_ip_tables request received");
// the binary could exists in both /usr/sbin and /sbin
// here check both of the places and return the one exists
// if none exists, return the /sbin one, and the rpc will
// returns an internal error
let cmd = if req.is_ipv6 {
IP6TABLES_RESTORE
if Path::new(USR_IP6TABLES_RESTORE).exists() {
USR_IP6TABLES_RESTORE
} else {
IP6TABLES_RESTORE
}
} else if Path::new(USR_IPTABLES_RESTORE).exists() {
USR_IPTABLES_RESTORE
} else {
IPTABLES_RESTORE
}
@@ -2926,16 +2951,25 @@ OtherField:other
async fn test_ip_tables() {
skip_if_not_root!();
if !check_command(IPTABLES_SAVE)
|| !check_command(IPTABLES_RESTORE)
|| !check_command(IP6TABLES_SAVE)
|| !check_command(IP6TABLES_RESTORE)
{
warn!(
sl!(),
"one or more commands for ip tables test are missing, skip it"
);
return;
let iptables_cmd_list = [
USR_IPTABLES_SAVE,
USR_IP6TABLES_SAVE,
USR_IPTABLES_RESTORE,
USR_IP6TABLES_RESTORE,
IPTABLES_SAVE,
IP6TABLES_SAVE,
IPTABLES_RESTORE,
IP6TABLES_RESTORE,
];
for cmd in iptables_cmd_list {
if !check_command(cmd) {
warn!(
sl!(),
"one or more commands for ip tables test are missing, skip it"
);
return;
}
}
let logger = slog::Logger::root(slog::Discard, o!());

3
src/dragonball/Makefile
View File

@@ -16,6 +16,9 @@ build:
@echo "INFO: cargo build..."
cargo build --all-features --target $(TRIPLE)
static-checks-build:
@echo "INFO: static-checks-build do nothing.."
check: clippy format
clippy:

3
src/libs/Makefile
View File

@@ -16,6 +16,9 @@ default: build
build:
cargo build --all-features
static-checks-build:
@echo "INFO: static-checks-build do nothing.."
check: clippy format
clippy:

9
src/runtime-rs/Makefile
View File

@@ -290,9 +290,6 @@ COMMIT_NO := $(shell git rev-parse HEAD 2>/dev/null || true)
COMMIT := $(if $(shell git status --porcelain --untracked-files=no 2>/dev/null || true),${COMMIT_NO}-dirty,${COMMIT_NO})
COMMIT_MSG = $(if $(COMMIT),$(COMMIT),unknown)
# Exported to allow cargo to see it
export VERSION_COMMIT := $(if $(COMMIT),$(VERSION)-$(COMMIT),$(VERSION))
EXTRA_RUSTFEATURES :=
ifneq ($(EXTRA_RUSTFEATURES),)
@@ -322,8 +319,8 @@ GENERATED_REPLACEMENTS= \
CONTAINERD_RUNTIME_NAME \
RUNTIME_VERSION \
BINDIR \
COMMIT \
VERSION_COMMIT
COMMIT
GENERATED_FILES :=
GENERATED_FILES += $(GENERATED_CODE)
@@ -361,6 +358,8 @@ GENERATED_FILES += $(CONFIGS)
runtime: $(TARGET)
static-checks-build: $(GENERATED_FILES)
$(TARGET): $(GENERATED_FILES) $(TARGET_PATH)
$(TARGET_PATH): $(SOURCES) | show-summary

7
src/runtime-rs/README.md
View File

@@ -103,10 +103,9 @@ Some helper libraries are maintained in [the library directory](../libs) so that
## Build and install
```bash
$ make
$ sudo make install
```
See the
[build from the source section of the rust runtime installation guide](../../docs/install/kata-containers-3.0-rust-runtime-installation-guide.md#build-from-source-installation).
## Configuration
`runtime-rs` has the same [configuration as `runtime`](../runtime/README.md#configuration) with some [limitations](#limitations).

2
src/runtime-rs/crates/resource/src/cgroups/mod.rs
View File

@@ -179,7 +179,7 @@ impl CgroupsResource {
// All vCPU threads move to the sandbox controller.
for tid in tids {
self.cgroup_manager
.add_task_by_tgid(CgroupPid { pid: *tid as u64 })?
.add_task(CgroupPid { pid: *tid as u64 })?
}
Ok(())

4
src/runtime-rs/crates/shim/src/bin/main.rs
View File

@@ -95,11 +95,11 @@ fn show_help(cmd: &OsStr) {
fn show_version(err: Option<anyhow::Error>) {
let data = format!(
r#"{} containerd shim: id: {}, version: {}, commit: {}"#,
r#"{} containerd shim (Rust): id: {}, version: {}, commit: {}"#,
config::PROJECT_NAME,
config::CONTAINERD_RUNTIME_NAME,
config::RUNTIME_VERSION,
config::RUNTIME_VERSION_COMMIT,
config::RUNTIME_GIT_COMMIT,
);
if let Some(err) = err {

1
src/runtime-rs/crates/shim/src/config.rs.in
View File

@@ -9,7 +9,6 @@
pub const PROJECT_NAME: &str = "@PROJECT_NAME@";
pub const RUNTIME_VERSION: &str = "@RUNTIME_VERSION@";
pub const RUNTIME_VERSION_COMMIT: &str = "@VERSION_COMMIT@";
pub const RUNTIME_GIT_COMMIT: &str = "@COMMIT@";
pub const RUNTIME_NAME: &str = "@RUNTIME_NAME@";
pub const CONTAINERD_RUNTIME_NAME: &str = "@CONTAINERD_RUNTIME_NAME@";

2
src/runtime/Makefile
View File

@@ -817,6 +817,8 @@ handle_vendor:
vendor: handle_vendor
./hack/tree_status.sh
static-checks-build: $(GENERATED_FILES)
clean:
$(QUIET_CLEAN)rm -f \
$(CONFIGS) \

2
src/runtime/cmd/containerd-shim-kata-v2/main.go
View File

@@ -24,7 +24,7 @@ func shimConfig(config *shimapi.Config) {
func main() {
if len(os.Args) == 2 && os.Args[1] == "--version" {
fmt.Printf("%s containerd shim: id: %q, version: %s, commit: %v\n", katautils.PROJECT, types.DefaultKataRuntimeName, katautils.VERSION, katautils.COMMIT)
fmt.Printf("%s containerd shim (Golang): id: %q, version: %s, commit: %v\n", katautils.PROJECT, types.DefaultKataRuntimeName, katautils.VERSION, katautils.COMMIT)
os.Exit(0)
}

1
src/runtime/cmd/kata-runtime/kata-check_generic_test.go
View File

@@ -4,7 +4,6 @@
//
//go:build arm64 || ppc64le
// +build arm64 ppc64le
package main

1
src/runtime/cmd/kata-runtime/kata-env_generic_test.go
View File

@@ -4,7 +4,6 @@
//
//go:build arm64 || ppc64le
// +build arm64 ppc64le
package main

2
src/runtime/go.mod
View File

@@ -50,7 +50,6 @@ require (
go.opentelemetry.io/otel/exporters/jaeger v1.0.0
go.opentelemetry.io/otel/sdk v1.3.0
go.opentelemetry.io/otel/trace v1.3.0
golang.org/x/net v0.0.0-20220722155237-a158d28d115b
golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
google.golang.org/grpc v1.47.0
@@ -100,6 +99,7 @@ require (
github.com/russross/blackfriday/v2 v2.1.0 // indirect
go.mongodb.org/mongo-driver v1.7.5 // indirect
go.opencensus.io v0.23.0 // indirect
golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/appengine v1.6.7 // indirect

1
src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go
View File

@@ -1,5 +1,4 @@
//go:build !s390x
// +build !s390x
// Copyright contributors to the Virtual Machine Manager for Go project
//

1
src/runtime/pkg/resourcecontrol/cgroups.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2021-2022 Apple Inc.
//

1
src/runtime/virtcontainers/acrn.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2019 Intel Corporation
//

1
src/runtime/virtcontainers/acrn_arch_base.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2019 Intel Corporation
//

1
src/runtime/virtcontainers/acrn_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2019 Intel Corporation
//

2
src/runtime/virtcontainers/agent.go
View File

@@ -9,13 +9,13 @@ import (
"syscall"
"time"
"context"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/net/context"
)
type newAgentFuncKey struct{}

1
src/runtime/virtcontainers/clh.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2019 Ericsson Eurolab Deutschland GmbH
//

1
src/runtime/virtcontainers/clh_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2019 Ericsson Eurolab Deutschland G.m.b.H.
//

1
src/runtime/virtcontainers/fc.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/fc_metrics.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2020 Ant Group
//

1
src/runtime/virtcontainers/fc_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2019 Intel Corporation
//

1
src/runtime/virtcontainers/ipvlan_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/ipvlan_endpoint_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

20
src/runtime/virtcontainers/kata_agent.go
View File

@@ -23,7 +23,6 @@ import (
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
volume "github.com/kata-containers/kata-containers/src/runtime/pkg/direct-volume"
"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace"
resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol"
"github.com/kata-containers/kata-containers/src/runtime/pkg/uuid"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
@@ -35,10 +34,10 @@ import (
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils"
"context"
"github.com/gogo/protobuf/proto"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
"golang.org/x/net/context"
"golang.org/x/sys/unix"
"google.golang.org/grpc/codes"
grpcStatus "google.golang.org/grpc/status"
@@ -938,18 +937,19 @@ func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool, str
grpcSpec.Linux.Resources.CPU.Mems = ""
}
// We need agent systemd cgroup now.
// There are three main reasons to do not apply systemd cgroups in the VM
// - Initrd image doesn't have systemd.
// - Nobody will be able to modify the resources of a specific container by using systemctl set-property.
// - docker is not running in the VM.
if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
// Convert systemd cgroup to cgroupfs
slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
// 0 - slice: system.slice
// 1 - prefix: docker
// 2 - name: abc123
grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
}
// if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
// // Convert systemd cgroup to cgroupfs
// slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
// // 0 - slice: system.slice
// // 1 - prefix: docker
// // 2 - name: abc123
// grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
// }
// Disable network namespace since it is already handled on the host by
// virtcontainers. The network is a complex part which cannot be simply

2
src/runtime/virtcontainers/kata_agent_test.go
View File

@@ -573,7 +573,7 @@ func TestAppendVhostUserBlkDevices(t *testing.T) {
func TestConstrainGRPCSpec(t *testing.T) {
assert := assert.New(t)
expectedCgroupPath := "/foo/bar"
expectedCgroupPath := "system.slice:foo:bar"
g := &pb.Spec{
Hooks: &pb.Hooks{},

1
src/runtime/virtcontainers/macvlan_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/macvlan_endpoint_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/macvtap_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/macvtap_endpoint_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

2
src/runtime/virtcontainers/mock_agent.go
View File

@@ -9,13 +9,13 @@ import (
"syscall"
"time"
"context"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/net/context"
)
// mockAgent is an empty Agent implementation, for testing and

1
src/runtime/virtcontainers/physical_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/physical_endpoint_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/qemu.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2016 Intel Corporation
//

1
src/runtime/virtcontainers/qemu_amd64.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/qemu_amd64_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/qemu_arch_base.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/qemu_arch_base_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/qemu_arm64.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/qemu_arm64_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 IBM
//

1
src/runtime/virtcontainers/qemu_ppc64le.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 IBM
//

1
src/runtime/virtcontainers/qemu_ppc64le_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 IBM
//

1
src/runtime/virtcontainers/qemu_s390x.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 IBM
//

1
src/runtime/virtcontainers/qemu_s390x_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 IBM
//

1
src/runtime/virtcontainers/qemu_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2016 Intel Corporation
//

1
src/runtime/virtcontainers/tap_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Huawei Corporation
//

1
src/runtime/virtcontainers/tuntap_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Huawei Corporation
// Copyright (c) 2019 Intel Corporation

2
src/runtime/virtcontainers/utils/utils.go
View File

@@ -399,7 +399,7 @@ func MkdirAllWithInheritedOwner(path string, perm os.FileMode) error {
info, err := os.Stat(curPath)
if err != nil {
if err = os.Mkdir(curPath, perm); err != nil {
if err = os.MkdirAll(curPath, perm); err != nil {
return fmt.Errorf("mkdir call failed: %v", err.Error())
}
if err = syscall.Chown(curPath, uid, gid); err != nil {

1
src/runtime/virtcontainers/utils/utils_linux_generic.go
View File

@@ -1,5 +1,4 @@
//go:build amd64 || arm64 || s390x || !ppc64le
// +build amd64 arm64 s390x !ppc64le
// Copyright (c) 2019 IBM
//

1
src/runtime/virtcontainers/veth_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/veth_endpoint_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/vhostuser_endpoint.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

1
src/runtime/virtcontainers/vhostuser_endpoint_test.go
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
// Copyright (c) 2018 Intel Corporation
//

551
src/tools/agent-ctl/Cargo.lock generated
View File

@@ -41,6 +41,88 @@ version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f"
[[package]]
name = "async-broadcast"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61"
dependencies = [
"event-listener",
"futures-core",
"parking_lot",
]
[[package]]
name = "async-channel"
version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28"
dependencies = [
"concurrent-queue",
"event-listener",
"futures-core",
]
[[package]]
name = "async-executor"
version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965"
dependencies = [
"async-task",
"concurrent-queue",
"fastrand",
"futures-lite",
"once_cell",
"slab",
]
[[package]]
name = "async-io"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7"
dependencies = [
"autocfg",
"concurrent-queue",
"futures-lite",
"libc",
"log",
"once_cell",
"parking",
"polling",
"slab",
"socket2",
"waker-fn",
"winapi",
]
[[package]]
name = "async-lock"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6"
dependencies = [
"event-listener",
]
[[package]]
name = "async-recursion"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7d78656ba01f1b93024b7c3a0467f1608e4be67d725749fdcd7d2c7678fd7a2"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "async-task"
version = "4.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524"
[[package]]
name = "async-trait"
version = "0.1.52"
@@ -65,9 +147,15 @@ dependencies = [
[[package]]
name = "autocfg"
version = "1.0.1"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]]
name = "bit-vec"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
[[package]]
name = "bitflags"
@@ -93,6 +181,12 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
[[package]]
name = "cache-padded"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c"
[[package]]
name = "capctl"
version = "0.2.0"
@@ -174,6 +268,15 @@ dependencies = [
"vec_map",
]
[[package]]
name = "concurrent-queue"
version = "1.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c"
dependencies = [
"cache-padded",
]
[[package]]
name = "core-foundation-sys"
version = "0.8.3"
@@ -200,6 +303,17 @@ dependencies = [
"lazy_static",
]
[[package]]
name = "derivative"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "derive-new"
version = "0.5.9"
@@ -211,12 +325,53 @@ dependencies = [
"syn",
]
[[package]]
name = "dirs"
version = "4.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059"
dependencies = [
"dirs-sys",
]
[[package]]
name = "dirs-sys"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6"
dependencies = [
"libc",
"redox_users",
"winapi",
]
[[package]]
name = "either"
version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
[[package]]
name = "enumflags2"
version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb"
dependencies = [
"enumflags2_derive",
"serde",
]
[[package]]
name = "enumflags2_derive"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "errno"
version = "0.2.8"
@@ -238,6 +393,21 @@ dependencies = [
"libc",
]
[[package]]
name = "event-listener"
version = "2.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
[[package]]
name = "fastrand"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499"
dependencies = [
"instant",
]
[[package]]
name = "fixedbitset"
version = "0.2.0"
@@ -271,9 +441,9 @@ dependencies = [
[[package]]
name = "futures-core"
version = "0.3.17"
version = "0.3.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d"
checksum = "4e5aa3de05362c3fb88de6531e6296e85cde7739cccad4b9dfeeb7f6ebce56bf"
[[package]]
name = "futures-executor"
@@ -292,6 +462,21 @@ version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "522de2a0fe3e380f1bc577ba0474108faf3f6b18321dbf60b3b9c39a75073377"
[[package]]
name = "futures-lite"
version = "1.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48"
dependencies = [
"fastrand",
"futures-core",
"futures-io",
"memchr",
"parking",
"pin-project-lite",
"waker-fn",
]
[[package]]
name = "futures-macro"
version = "0.3.17"
@@ -430,6 +615,15 @@ dependencies = [
"libc",
]
[[package]]
name = "instant"
version = "0.1.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
dependencies = [
"cfg-if 1.0.0",
]
[[package]]
name = "itertools"
version = "0.10.3"
@@ -491,6 +685,16 @@ version = "0.2.132"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5"
[[package]]
name = "lock_api"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390"
dependencies = [
"autocfg",
"scopeguard",
]
[[package]]
name = "log"
version = "0.4.14"
@@ -576,6 +780,7 @@ dependencies = [
"bitflags",
"cfg-if 1.0.0",
"libc",
"memoffset",
]
[[package]]
@@ -618,9 +823,48 @@ dependencies = [
[[package]]
name = "once_cell"
version = "1.9.0"
version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5"
checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
[[package]]
name = "ordered-stream"
version = "0.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1"
dependencies = [
"futures-core",
"pin-project-lite",
]
[[package]]
name = "parking"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72"
[[package]]
name = "parking_lot"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
dependencies = [
"lock_api",
"parking_lot_core",
]
[[package]]
name = "parking_lot_core"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09a279cbf25cb0757810394fbc1e359949b59e348145c643a939a525692e6929"
dependencies = [
"cfg-if 1.0.0",
"libc",
"redox_syscall",
"smallvec",
"windows-sys",
]
[[package]]
name = "path-absolutize"
@@ -653,9 +897,9 @@ dependencies = [
[[package]]
name = "pin-project-lite"
version = "0.2.7"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d31d11c69a6b52a174b42bdc0c30e5e11670f90788b2c471c31c1d17d449443"
checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
[[package]]
name = "pin-utils"
@@ -663,12 +907,37 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "polling"
version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "899b00b9c8ab553c743b3e11e87c5c7d423b2a2de229ba95b24a756344748011"
dependencies = [
"autocfg",
"cfg-if 1.0.0",
"libc",
"log",
"wepoll-ffi",
"winapi",
]
[[package]]
name = "ppv-lite86"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba"
[[package]]
name = "proc-macro-crate"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9"
dependencies = [
"once_cell",
"thiserror",
"toml",
]
[[package]]
name = "proc-macro-hack"
version = "0.5.19"
@@ -833,13 +1102,24 @@ dependencies = [
[[package]]
name = "redox_syscall"
version = "0.2.10"
version = "0.2.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff"
checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
dependencies = [
"bitflags",
]
[[package]]
name = "redox_users"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b"
dependencies = [
"getrandom",
"redox_syscall",
"thiserror",
]
[[package]]
name = "regex"
version = "1.5.6"
@@ -881,6 +1161,7 @@ version = "0.1.0"
dependencies = [
"anyhow",
"async-trait",
"bit-vec",
"capctl",
"caps",
"cfg-if 0.1.10",
@@ -889,7 +1170,7 @@ dependencies = [
"inotify",
"lazy_static",
"libc",
"nix 0.23.1",
"nix 0.24.2",
"oci",
"path-absolutize",
"protobuf",
@@ -904,6 +1185,7 @@ dependencies = [
"slog",
"slog-scope",
"tokio",
"zbus",
]
[[package]]
@@ -958,6 +1240,32 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_repr"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "sha1"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770"
dependencies = [
"sha1_smol",
]
[[package]]
name = "sha1_smol"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
[[package]]
name = "signal-hook-registry"
version = "1.4.0"
@@ -1020,6 +1328,28 @@ dependencies = [
"slog",
]
[[package]]
name = "smallvec"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1"
[[package]]
name = "socket2"
version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd"
dependencies = [
"libc",
"winapi",
]
[[package]]
name = "static_assertions"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
name = "strsim"
version = "0.8.0"
@@ -1133,6 +1463,47 @@ dependencies = [
"syn",
]
[[package]]
name = "toml"
version = "0.5.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7"
dependencies = [
"serde",
]
[[package]]
name = "tracing"
version = "0.1.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2fce9567bd60a67d08a16488756721ba392f24f29006402881e43b19aac64307"
dependencies = [
"cfg-if 1.0.0",
"pin-project-lite",
"tracing-attributes",
"tracing-core",
]
[[package]]
name = "tracing-attributes"
version = "0.1.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "11c75893af559bc8e10716548bdef5cb2b983f8e637db9d0e15126b61b484ee2"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "tracing-core"
version = "0.1.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aeea4303076558a00714b823f9ad67d58a3bbda1df83d8827d21193156e22f7"
dependencies = [
"once_cell",
]
[[package]]
name = "ttrpc"
version = "0.6.0"
@@ -1175,6 +1546,16 @@ dependencies = [
"tempfile",
]
[[package]]
name = "uds_windows"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ce65604324d3cce9b966701489fbd0cf318cb1f7bd9dd07ac9a4ee6fb791930d"
dependencies = [
"tempfile",
"winapi",
]
[[package]]
name = "unicode-segmentation"
version = "1.8.0"
@@ -1199,6 +1580,12 @@ version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
[[package]]
name = "waker-fn"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca"
[[package]]
name = "wasi"
version = "0.10.2+wasi-snapshot-preview1"
@@ -1259,6 +1646,15 @@ version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be"
[[package]]
name = "wepoll-ffi"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d743fdedc5c64377b5fc2bc036b01c7fd642205a0d96356034ae3404d49eb7fb"
dependencies = [
"cc",
]
[[package]]
name = "which"
version = "4.2.2"
@@ -1291,3 +1687,136 @@ name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "windows-sys"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2"
dependencies = [
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_msvc",
]
[[package]]
name = "windows_aarch64_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47"
[[package]]
name = "windows_i686_gnu"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6"
[[package]]
name = "windows_i686_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024"
[[package]]
name = "windows_x86_64_gnu"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1"
[[package]]
name = "windows_x86_64_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"
[[package]]
name = "zbus"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b"
dependencies = [
"async-broadcast",
"async-channel",
"async-executor",
"async-io",
"async-lock",
"async-recursion",
"async-task",
"async-trait",
"byteorder",
"derivative",
"dirs",
"enumflags2",
"event-listener",
"futures-core",
"futures-sink",
"futures-util",
"hex",
"lazy_static",
"nix 0.23.1",
"once_cell",
"ordered-stream",
"rand",
"serde",
"serde_repr",
"sha1",
"static_assertions",
"tracing",
"uds_windows",
"winapi",
"zbus_macros",
"zbus_names",
"zvariant",
]
[[package]]
name = "zbus_macros"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6"
dependencies = [
"proc-macro-crate",
"proc-macro2",
"quote",
"regex",
"syn",
]
[[package]]
name = "zbus_names"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41a408fd8a352695690f53906dc7fd036be924ec51ea5e05666ff42685ed0af5"
dependencies = [
"serde",
"static_assertions",
"zvariant",
]
[[package]]
name = "zvariant"
version = "3.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bd68e4e6432ef19df47d7e90e2e72b5e7e3d778e0ae3baddf12b951265cc758"
dependencies = [
"byteorder",
"enumflags2",
"libc",
"serde",
"static_assertions",
"zvariant_derive",
]
[[package]]
name = "zvariant_derive"
version = "3.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08e977eaa3af652f63d479ce50d924254ad76722a6289ec1a1eac3231ca30430"
dependencies = [
"proc-macro-crate",
"proc-macro2",
"quote",
"syn",
]

3
src/tools/agent-ctl/Makefile
View File

@@ -11,6 +11,9 @@ default: build
build:
@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)
static-checks-build:
@echo "INFO: static-checks-build do nothing.."
clean:
cargo clean

2
src/tools/kata-ctl/Makefile
View File

@@ -36,6 +36,8 @@ $(TARGET): $(GENERATED_CODE)
build:
@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) $(if $(findstring release,$(BUILD_TYPE)),--release) $(EXTRA_RUSTFEATURES)
static-checks-build: $(GENERATED_CODE)
$(GENERATED_FILES): %: %.in
@sed $(foreach r,$(GENERATED_REPLACEMENTS),-e 's|@$r@|$($r)|g') "$<" > "$@"

3
src/tools/log-parser/Makefile
View File

@@ -29,6 +29,9 @@ install: $(TARGET)
install -d $(shell dirname $(DESTTARGET))
install $(TARGET) $(DESTTARGET)
static-checks-build:
@echo "INFO: static-checks-build do nothing.."
clean:
rm -f $(TARGET)

475
src/tools/runk/Cargo.lock generated
View File

@@ -29,6 +29,88 @@ version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f"
[[package]]
name = "async-broadcast"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61"
dependencies = [
"event-listener",
"futures-core",
"parking_lot",
]
[[package]]
name = "async-channel"
version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28"
dependencies = [
"concurrent-queue",
"event-listener",
"futures-core",
]
[[package]]
name = "async-executor"
version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965"
dependencies = [
"async-task",
"concurrent-queue",
"fastrand",
"futures-lite",
"once_cell",
"slab",
]
[[package]]
name = "async-io"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7"
dependencies = [
"autocfg",
"concurrent-queue",
"futures-lite",
"libc",
"log",
"once_cell",
"parking",
"polling",
"slab",
"socket2",
"waker-fn",
"winapi",
]
[[package]]
name = "async-lock"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6"
dependencies = [
"event-listener",
]
[[package]]
name = "async-recursion"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7d78656ba01f1b93024b7c3a0467f1608e4be67d725749fdcd7d2c7678fd7a2"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "async-task"
version = "4.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524"
[[package]]
name = "async-trait"
version = "0.1.53"
@@ -57,6 +139,12 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]]
name = "bit-vec"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
[[package]]
name = "bitflags"
version = "1.3.2"
@@ -75,6 +163,12 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
[[package]]
name = "cache-padded"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c"
[[package]]
name = "capctl"
version = "0.2.1"
@@ -180,6 +274,15 @@ dependencies = [
"os_str_bytes",
]
[[package]]
name = "concurrent-queue"
version = "1.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c"
dependencies = [
"cache-padded",
]
[[package]]
name = "crc32fast"
version = "1.3.2"
@@ -244,6 +347,17 @@ dependencies = [
"syn",
]
[[package]]
name = "derivative"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "derive-new"
version = "0.5.9"
@@ -286,12 +400,53 @@ dependencies = [
"syn",
]
[[package]]
name = "dirs"
version = "4.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059"
dependencies = [
"dirs-sys",
]
[[package]]
name = "dirs-sys"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6"
dependencies = [
"libc",
"redox_users",
"winapi",
]
[[package]]
name = "either"
version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
[[package]]
name = "enumflags2"
version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb"
dependencies = [
"enumflags2_derive",
"serde",
]
[[package]]
name = "enumflags2_derive"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "errno"
version = "0.2.8"
@@ -313,6 +468,12 @@ dependencies = [
"libc",
]
[[package]]
name = "event-listener"
version = "2.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
[[package]]
name = "fastrand"
version = "1.7.0"
@@ -392,6 +553,21 @@ version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc4045962a5a5e935ee2fdedaa4e08284547402885ab326734432bed5d12966b"
[[package]]
name = "futures-lite"
version = "1.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48"
dependencies = [
"fastrand",
"futures-core",
"futures-io",
"memchr",
"parking",
"pin-project-lite",
"waker-fn",
]
[[package]]
name = "futures-macro"
version = "0.3.21"
@@ -433,6 +609,17 @@ dependencies = [
"slab",
]
[[package]]
name = "getrandom"
version = "0.2.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6"
dependencies = [
"cfg-if 1.0.0",
"libc",
"wasi 0.11.0+wasi-snapshot-preview1",
]
[[package]]
name = "hashbrown"
version = "0.11.2"
@@ -771,9 +958,19 @@ dependencies = [
[[package]]
name = "once_cell"
version = "1.10.0"
version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9"
checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
[[package]]
name = "ordered-stream"
version = "0.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1"
dependencies = [
"futures-core",
"pin-project-lite",
]
[[package]]
name = "os_str_bytes"
@@ -782,10 +979,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e22443d1643a904602595ba1cd8f7d896afe56d26712531c5ff73a15b2fbf64"
[[package]]
name = "parking_lot"
version = "0.12.0"
name = "parking"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87f5ec2493a61ac0506c0f4199f99070cbe83857b0337006a30f3e6719b8ef58"
checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72"
[[package]]
name = "parking_lot"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
dependencies = [
"lock_api",
"parking_lot_core",
@@ -851,6 +1054,37 @@ version = "0.3.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae"
[[package]]
name = "polling"
version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "899b00b9c8ab553c743b3e11e87c5c7d423b2a2de229ba95b24a756344748011"
dependencies = [
"autocfg",
"cfg-if 1.0.0",
"libc",
"log",
"wepoll-ffi",
"winapi",
]
[[package]]
name = "ppv-lite86"
version = "0.2.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872"
[[package]]
name = "proc-macro-crate"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9"
dependencies = [
"once_cell",
"thiserror",
"toml",
]
[[package]]
name = "proc-macro-error"
version = "1.0.4"
@@ -998,6 +1232,36 @@ dependencies = [
"proc-macro2",
]
[[package]]
name = "rand"
version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
dependencies = [
"libc",
"rand_chacha",
"rand_core",
]
[[package]]
name = "rand_chacha"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
dependencies = [
"ppv-lite86",
"rand_core",
]
[[package]]
name = "rand_core"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
dependencies = [
"getrandom",
]
[[package]]
name = "redox_syscall"
version = "0.2.13"
@@ -1007,6 +1271,17 @@ dependencies = [
"bitflags",
]
[[package]]
name = "redox_users"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b"
dependencies = [
"getrandom",
"redox_syscall",
"thiserror",
]
[[package]]
name = "regex"
version = "1.6.0"
@@ -1086,6 +1361,7 @@ version = "0.1.0"
dependencies = [
"anyhow",
"async-trait",
"bit-vec",
"capctl",
"caps",
"cfg-if 0.1.10",
@@ -1110,6 +1386,7 @@ dependencies = [
"slog",
"slog-scope",
"tokio",
"zbus",
]
[[package]]
@@ -1164,6 +1441,32 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_repr"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "sha1"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770"
dependencies = [
"sha1_smol",
]
[[package]]
name = "sha1_smol"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
[[package]]
name = "signal-hook-registry"
version = "1.4.0"
@@ -1242,6 +1545,12 @@ dependencies = [
"winapi",
]
[[package]]
name = "static_assertions"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
name = "strsim"
version = "0.10.0"
@@ -1392,6 +1701,47 @@ dependencies = [
"syn",
]
[[package]]
name = "toml"
version = "0.5.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7"
dependencies = [
"serde",
]
[[package]]
name = "tracing"
version = "0.1.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2fce9567bd60a67d08a16488756721ba392f24f29006402881e43b19aac64307"
dependencies = [
"cfg-if 1.0.0",
"pin-project-lite",
"tracing-attributes",
"tracing-core",
]
[[package]]
name = "tracing-attributes"
version = "0.1.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "11c75893af559bc8e10716548bdef5cb2b983f8e637db9d0e15126b61b484ee2"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "tracing-core"
version = "0.1.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aeea4303076558a00714b823f9ad67d58a3bbda1df83d8827d21193156e22f7"
dependencies = [
"once_cell",
]
[[package]]
name = "ttrpc"
version = "0.6.1"
@@ -1434,6 +1784,16 @@ dependencies = [
"tempfile",
]
[[package]]
name = "uds_windows"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ce65604324d3cce9b966701489fbd0cf318cb1f7bd9dd07ac9a4ee6fb791930d"
dependencies = [
"tempfile",
"winapi",
]
[[package]]
name = "unicode-segmentation"
version = "1.9.0"
@@ -1468,6 +1828,12 @@ version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
[[package]]
name = "waker-fn"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca"
[[package]]
name = "wasi"
version = "0.10.0+wasi-snapshot-preview1"
@@ -1480,6 +1846,15 @@ version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wepoll-ffi"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d743fdedc5c64377b5fc2bc036b01c7fd642205a0d96356034ae3404d49eb7fb"
dependencies = [
"cc",
]
[[package]]
name = "which"
version = "4.2.5"
@@ -1607,3 +1982,93 @@ name = "windows_x86_64_msvc"
version = "0.36.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"
[[package]]
name = "zbus"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b"
dependencies = [
"async-broadcast",
"async-channel",
"async-executor",
"async-io",
"async-lock",
"async-recursion",
"async-task",
"async-trait",
"byteorder",
"derivative",
"dirs",
"enumflags2",
"event-listener",
"futures-core",
"futures-sink",
"futures-util",
"hex",
"lazy_static",
"nix 0.23.1",
"once_cell",
"ordered-stream",
"rand",
"serde",
"serde_repr",
"sha1",
"static_assertions",
"tracing",
"uds_windows",
"winapi",
"zbus_macros",
"zbus_names",
"zvariant",
]
[[package]]
name = "zbus_macros"
version = "2.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6"
dependencies = [
"proc-macro-crate",
"proc-macro2",
"quote",
"regex",
"syn",
]
[[package]]
name = "zbus_names"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41a408fd8a352695690f53906dc7fd036be924ec51ea5e05666ff42685ed0af5"
dependencies = [
"serde",
"static_assertions",
"zvariant",
]
[[package]]
name = "zvariant"
version = "3.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bd68e4e6432ef19df47d7e90e2e72b5e7e3d778e0ae3baddf12b951265cc758"
dependencies = [
"byteorder",
"enumflags2",
"libc",
"serde",
"static_assertions",
"zvariant_derive",
]
[[package]]
name = "zvariant_derive"
version = "3.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08e977eaa3af652f63d479ce50d924254ad76722a6289ec1a1eac3231ca30430"
dependencies = [
"proc-macro-crate",
"proc-macro2",
"quote",
"syn",
]

3
src/tools/runk/Makefile
View File

@@ -34,6 +34,9 @@ default: build
build:
@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) $(EXTRA_RUSTFEATURES)
static-checks-build:
@echo "INFO: static-checks-build do nothing.."
install:
install -D $(TARGET_PATH) $(BINDIR)/$(TARGET)

22
src/tools/runk/libcontainer/src/activated_builder.rs
View File

@@ -3,7 +3,7 @@
// SPDX-License-Identifier: Apache-2.0
//
use crate::container::{create_linux_container, Container, ContainerLauncher};
use crate::container::{load_linux_container, Container, ContainerLauncher};
use crate::status::Status;
use crate::utils::validate_spec;
use anyhow::{anyhow, Result};
@@ -63,7 +63,7 @@ impl ActivatedContainer {
logger,
"enter ActivatedContainer::create_launcher {:?}", self
);
let container = Container::load(&self.root, &self.id)?;
let mut container = Container::load(&self.root, &self.id)?;
// If state is Created or Running, we can execute the process.
if container.state != ContainerState::Created && container.state != ContainerState::Running
@@ -74,17 +74,21 @@ impl ActivatedContainer {
));
}
let mut config = container.status.config;
let spec = config.spec.as_mut().unwrap();
let spec = container
.status
.config
.spec
.as_mut()
.ok_or_else(|| anyhow!("spec config was not present"))?;
self.adapt_exec_spec(spec, container.status.pid, logger)?;
debug!(logger, "adapted spec: {:?}", spec);
validate_spec(spec, &self.console_socket)?;
debug!(logger, "create LinuxContainer with config: {:?}", config);
// Maybe we should move some properties from status into LinuxContainer,
// like pid, process_start_time, created, cgroup_manager, etc. But it works now.
let runner =
create_linux_container(&self.id, &self.root, config, self.console_socket, logger)?;
debug!(
logger,
"load LinuxContainer with config: {:?}", &container.status.config
);
let runner = load_linux_container(&container.status, self.console_socket, logger)?;
Ok(ContainerLauncher::new(
&self.id,

48
src/tools/runk/libcontainer/src/container.rs
View File

@@ -17,6 +17,7 @@ use nix::{
};
use oci::{ContainerState, State as OCIState};
use procfs;
use rustjail::cgroups::fs::Manager as CgroupManager;
use rustjail::{
container::{self, BaseContainer, LinuxContainer, EXEC_FIFO_FILENAME},
process::{Process, ProcessOperations},
@@ -35,6 +36,7 @@ pub const CONFIG_FILE_NAME: &str = "config.json";
#[derive(Debug, Copy, Clone, PartialEq)]
pub enum ContainerAction {
Create,
Start,
Run,
}
@@ -236,12 +238,12 @@ impl ContainerLauncher {
if self.init {
self.spawn_container(action, logger).await?;
} else {
if action != ContainerAction::Run {
if action == ContainerAction::Create {
return Err(anyhow!(
"ContainerAction::Create is used for init-container only"
));
}
self.spawn_process(ContainerAction::Run, logger).await?;
self.spawn_process(action, logger).await?;
}
if let Some(pid_file) = self.pid_file.as_ref() {
fs::write(
@@ -257,13 +259,15 @@ impl ContainerLauncher {
// State root path root/id has been created in LinuxContainer::new(),
// so we don't have to create it again.
// Spawn a new process in the container by using the agent's codes.
self.spawn_process(action, logger).await?;
let status = self.get_status()?;
status.save()?;
debug!(logger, "saved status is {:?}", status);
// Clean up the fifo file created by LinuxContainer, which is used for block the created process.
if action == ContainerAction::Run {
if action == ContainerAction::Run || action == ContainerAction::Start {
let fifo_path = get_fifo_path(&status);
if fifo_path.exists() {
unlink(&fifo_path)?;
@@ -308,6 +312,9 @@ impl ContainerLauncher {
ContainerAction::Create => {
self.runner.start(process).await?;
}
ContainerAction::Start => {
self.runner.exec().await?;
}
ContainerAction::Run => {
self.runner.run(process).await?;
}
@@ -329,8 +336,12 @@ impl ContainerLauncher {
self.runner.created,
self.runner
.cgroup_manager
.clone()
.ok_or_else(|| anyhow!("cgroup manager was not present"))?,
.as_ref()
.unwrap()
.as_any()?
.downcast_ref::<CgroupManager>()
.unwrap()
.clone(),
self.runner.config.clone(),
)
}
@@ -358,6 +369,33 @@ pub fn create_linux_container(
Ok(container)
}
// Load rustjail's Linux container.
// "uid_map_path" and "gid_map_path" are always empty, so they are not set.
pub fn load_linux_container(
status: &Status,
console_socket: Option<PathBuf>,
logger: &Logger,
) -> Result<LinuxContainer> {
let mut container = LinuxContainer::new(
&status.id,
&status
.root
.to_str()
.map(|s| s.to_string())
.ok_or_else(|| anyhow!("failed to convert a root path"))?,
status.config.clone(),
logger,
)?;
if let Some(socket_path) = console_socket.as_ref() {
container.set_console_socket(socket_path)?;
}
container.init_process_pid = status.pid;
container.init_process_start_time = status.process_start_time;
container.created = status.created.into();
Ok(container)
}
pub fn get_config_path<P: AsRef<Path>>(bundle: P) -> PathBuf {
bundle.as_ref().join(CONFIG_FILE_NAME)
}

141
src/tools/runk/libcontainer/src/created_builder.rs Normal file
View File

@@ -0,0 +1,141 @@
// Copyright 2022 Sony Group Corporation
//
// SPDX-License-Identifier: Apache-2.0
//
use crate::container::{load_linux_container, Container, ContainerLauncher};
use anyhow::{anyhow, Result};
use derive_builder::Builder;
use oci::ContainerState;
use slog::{debug, Logger};
use std::path::PathBuf;
/// Used for start command. It will prepare the options used for starting a new container.
#[derive(Default, Builder, Debug, Clone)]
#[builder(build_fn(validate = "Self::validate"))]
pub struct CreatedContainer {
id: String,
root: PathBuf,
}
impl CreatedContainerBuilder {
/// pre-validate before building CreatedContainer
fn validate(&self) -> Result<(), String> {
// ensure container exists
let id = self.id.as_ref().unwrap();
let root = self.root.as_ref().unwrap();
let path = root.join(id);
if !path.as_path().exists() {
return Err(format!("container {} does not exist", id));
}
Ok(())
}
}
impl CreatedContainer {
/// Create ContainerLauncher that can be used to start a process from an existing init container.
/// It reads the spec from status file of the init container.
pub fn create_launcher(self, logger: &Logger) -> Result<ContainerLauncher> {
debug!(logger, "enter CreatedContainer::create_launcher {:?}", self);
let container = Container::load(&self.root, &self.id)?;
if container.state != ContainerState::Created {
return Err(anyhow!(
"cannot start a container in the {:?} state",
container.state
));
}
let config = container.status.config.clone();
debug!(
logger,
"Prepare LinuxContainer for starting with config: {:?}", config
);
let runner = load_linux_container(&container.status, None, logger)?;
Ok(ContainerLauncher::new(
&self.id,
&container.status.bundle,
&self.root,
true,
runner,
None,
))
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::status::Status;
use crate::utils::test_utils::*;
use nix::sys::stat::Mode;
use nix::unistd::{self, getpid};
use rustjail::container::EXEC_FIFO_FILENAME;
use scopeguard::defer;
use slog::o;
use std::fs::create_dir_all;
use std::path::Path;
use tempfile::tempdir;
use test_utils::skip_if_not_root;
fn create_created_container_dirs(root: &Path, id: &str, bundle: &Path) {
Status::create_dir(root, id).unwrap();
let fifo = root.join(id).join(EXEC_FIFO_FILENAME);
unistd::mkfifo(&fifo, Mode::from_bits(0o644).unwrap()).unwrap();
create_dir_all(bundle.join(TEST_ROOTFS_PATH)).unwrap();
}
#[test]
fn test_created_container_validate() {
let root = tempdir().unwrap();
let id = TEST_CONTAINER_ID.to_string();
let result = CreatedContainerBuilder::default()
.id(id)
.root(root.path().to_path_buf())
.build();
assert!(result.is_err());
}
#[test]
fn test_created_container_create_launcher() {
// create cgroup directory needs root permission
skip_if_not_root!();
let logger = slog::Logger::root(slog::Discard, o!());
let bundle_dir = tempdir().unwrap();
let root = tempdir().unwrap();
// Since tests are executed concurrently, container_id must be unique in tests with cgroup.
// Or the cgroup directory may be removed by other tests in advance.
let id = "test_created_container_create".to_string();
create_created_container_dirs(root.path(), &id, bundle_dir.path());
let pid = getpid().as_raw();
let mut spec = create_dummy_spec();
spec.root.as_mut().unwrap().path = bundle_dir
.path()
.join(TEST_ROOTFS_PATH)
.to_string_lossy()
.to_string();
let status = create_custom_dummy_status(&id, pid, root.path(), &spec);
status.save().unwrap();
// create empty cgroup directory to avoid is_pause failing
let cgroup = create_dummy_cgroup(Path::new(id.as_str()));
defer!(cgroup.delete().unwrap());
let launcher = CreatedContainerBuilder::default()
.id(id.clone())
.root(root.into_path())
.build()
.unwrap()
.create_launcher(&logger)
.unwrap();
assert!(launcher.init);
assert_eq!(launcher.runner.config.spec.unwrap(), spec);
assert_eq!(launcher.runner.id, id);
}
}

1
src/tools/runk/libcontainer/src/lib.rs
View File

@@ -6,6 +6,7 @@
pub mod activated_builder;
pub mod cgroup;
pub mod container;
pub mod created_builder;
pub mod init_builder;
pub mod status;
pub mod utils;

34
src/tools/runk/src/commands/start.rs
View File

@@ -3,34 +3,20 @@
// SPDX-License-Identifier: Apache-2.0
//
use crate::commands::state::get_container_state_name;
use anyhow::{anyhow, Result};
use libcontainer::container::{get_fifo_path, Container};
use anyhow::Result;
use libcontainer::{container::ContainerAction, created_builder::CreatedContainerBuilder};
use liboci_cli::Start;
use nix::unistd::unlink;
use oci::ContainerState;
use slog::{info, Logger};
use std::{fs::OpenOptions, io::prelude::*, path::Path};
use std::path::Path;
pub fn run(opts: Start, state_root: &Path, logger: &Logger) -> Result<()> {
let container = Container::load(state_root, &opts.container_id)?;
if container.state != ContainerState::Created {
return Err(anyhow!(
"cannot start a container in the {} state",
get_container_state_name(container.state)
));
};
pub async fn run(opts: Start, root: &Path, logger: &Logger) -> Result<()> {
let mut launcher = CreatedContainerBuilder::default()
.id(opts.container_id)
.root(root.to_path_buf())
.build()?
.create_launcher(logger)?;
let fifo_path = get_fifo_path(&container.status);
let mut file = OpenOptions::new().write(true).open(&fifo_path)?;
file.write_all("0".as_bytes())?;
info!(&logger, "container started");
if fifo_path.exists() {
unlink(&fifo_path)?;
}
launcher.launch(ContainerAction::Start, logger).await?;
info!(&logger, "start command finished successfully");

2
src/tools/runk/src/main.rs
View File

@@ -72,7 +72,7 @@ async fn cmd_run(subcmd: SubCommand, root_path: &Path, logger: &Logger) -> Resul
match subcmd {
SubCommand::Standard(cmd) => match cmd {
StandardCmd::Create(create) => commands::create::run(create, root_path, logger).await,
StandardCmd::Start(start) => commands::start::run(start, root_path, logger),
StandardCmd::Start(start) => commands::start::run(start, root_path, logger).await,
StandardCmd::Delete(delete) => commands::delete::run(delete, root_path, logger).await,
StandardCmd::State(state) => commands::state::run(state, root_path, logger),
},

3
src/tools/trace-forwarder/Makefile
View File

@@ -11,6 +11,9 @@ default: build
build:
@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)
static-checks-build:
@echo "INFO: static-checks-build do nothing.."
clean:
cargo clean