diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 1bd933622..cff91c868 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -119,13 +119,12 @@ dependencies = [ [[package]] name = "async-broadcast" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61" +checksum = "7c48ccdbf6ca6b121e0f586cbc0e73ae440e56c67c30fa0873b4e110d9c26d2b" dependencies = [ "event-listener", "futures-core", - "parking_lot 0.12.1", ] [[package]] @@ -169,6 +168,18 @@ dependencies = [ "slab", ] +[[package]] +name = "async-fs" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "279cf904654eeebfa37ac9bb1598880884924aab82e290aa65c9e77a0e142e06" +dependencies = [ + "async-lock", + "autocfg 1.1.0", + "blocking", + "futures-lite", +] + [[package]] name = "async-io" version = "1.13.0" @@ -198,6 +209,24 @@ dependencies = [ "event-listener", ] +[[package]] +name = "async-process" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a9d28b1d97e08915212e2e45310d47854eafa69600756fc735fb788f75199c9" +dependencies = [ + "async-io", + "async-lock", + "autocfg 1.1.0", + "blocking", + "cfg-if 1.0.0", + "event-listener", + "futures-lite", + "rustix 0.37.15", + "signal-hook", + "windows-sys 0.48.0", +] + [[package]] name = "async-recursion" version = "0.3.2" @@ -209,6 +238,17 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "async-recursion" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fd55a5ba1179988837d24ab4c7cc8ed6efdeff578ede0416b4225a5fca35bd0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.28", +] + [[package]] name = "async-task" version = "4.4.0" @@ -226,6 +266,12 @@ dependencies = [ "syn 2.0.28", ] +[[package]] +name = "atomic-waker" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3" + [[package]] name = "atty" version = "0.2.14" @@ -401,6 +447,21 @@ dependencies = [ "generic-array", ] +[[package]] +name = "blocking" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +dependencies = [ + "async-channel", + "async-lock", + "async-task", + "atomic-waker", + "fastrand", + "futures-lite", + "log", +] + [[package]] name = "blowfish" version = "0.7.0" @@ -2117,7 +2178,7 @@ name = "kata-agent" version = "0.1.0" dependencies = [ "anyhow", - "async-recursion", + "async-recursion 0.3.2", "async-trait", "capctl", "cfg-if 1.0.0", @@ -2940,9 +3001,9 @@ dependencies = [ [[package]] name = "ordered-stream" -version = "0.0.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1" +checksum = "9aa2b01e1d916879f73a53d01d1d6cee68adbb31d6d9177a8cfce093cced1d50" dependencies = [ "futures-core", "pin-project-lite", @@ -4287,19 +4348,15 @@ dependencies = [ [[package]] name = "sha1" -version = "0.6.1" +version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" +checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" dependencies = [ - "sha1_smol", + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.10.7", ] -[[package]] -name = "sha1_smol" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" - [[package]] name = "sha1collisiondetection" version = "0.2.6" @@ -4359,6 +4416,16 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" +[[package]] +name = "signal-hook" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" +dependencies = [ + "libc", + "signal-hook-registry", +] + [[package]] name = "signal-hook-registry" version = "1.4.1" @@ -5687,6 +5754,16 @@ dependencies = [ "libc", ] +[[package]] +name = "xdg-home" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2769203cd13a0c6015d515be729c526d041e9cf2c0cc478d57faee85f40c6dcd" +dependencies = [ + "nix 0.26.2", + "winapi", +] + [[package]] name = "xsalsa20poly1305" version = "0.9.1" @@ -5708,29 +5785,29 @@ checksum = "735a71d46c4d68d71d4b24d03fdc2b98e38cea81730595801db779c04fe80d70" [[package]] name = "zbus" -version = "2.3.2" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b" +checksum = "31de390a2d872e4cd04edd71b425e29853f786dc99317ed72d73d6fcf5ebb948" dependencies = [ "async-broadcast", - "async-channel", "async-executor", + "async-fs", "async-io", "async-lock", - "async-recursion", + "async-process", + "async-recursion 1.0.5", "async-task", "async-trait", + "blocking", "byteorder", "derivative", - "dirs", "enumflags2", "event-listener", "futures-core", "futures-sink", "futures-util", "hex", - "lazy_static", - "nix 0.23.2", + "nix 0.26.2", "once_cell", "ordered-stream", "rand 0.8.5", @@ -5741,6 +5818,7 @@ dependencies = [ "tracing", "uds_windows", "winapi", + "xdg-home", "zbus_macros", "zbus_names", "zvariant", @@ -5748,22 +5826,23 @@ dependencies = [ [[package]] name = "zbus_macros" -version = "2.3.2" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6" +checksum = "41d1794a946878c0e807f55a397187c11fc7a038ba5d868e7db4f3bd7760bc9d" dependencies = [ "proc-macro-crate", "proc-macro2", "quote", "regex", "syn 1.0.109", + "zvariant_utils", ] [[package]] name = "zbus_names" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f34f314916bd89bdb9934154627fab152f4f28acdda03e7c4c68181b214fe7e3" +checksum = "fb80bb776dbda6e23d705cf0123c3b95df99c4ebeaec6c2599d4a5419902b4a9" dependencies = [ "serde", "static_assertions", @@ -5822,9 +5901,9 @@ dependencies = [ [[package]] name = "zvariant" -version = "3.12.0" +version = "3.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46fe4914a985446d6fd287019b5fceccce38303d71407d9e6e711d44954a05d8" +checksum = "44b291bee0d960c53170780af148dca5fa260a63cdd24f1962fa82e03e53338c" dependencies = [ "byteorder", "enumflags2", @@ -5836,9 +5915,9 @@ dependencies = [ [[package]] name = "zvariant_derive" -version = "3.12.0" +version = "3.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34c20260af4b28b3275d6676c7e2a6be0d4332e8e0aba4616d34007fd84e462a" +checksum = "934d7a7dfc310d6ee06c87ffe88ef4eca7d3e37bb251dece2ef93da8f17d8ecd" dependencies = [ "proc-macro-crate", "proc-macro2", @@ -5849,9 +5928,9 @@ dependencies = [ [[package]] name = "zvariant_utils" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53b22993dbc4d128a17a3b6c92f1c63872dd67198537ee728d8b5d7c40640a8b" +checksum = "7234f0d811589db492d16893e3f21e8e2fd282e6d01b0cddee310322062cc200" dependencies = [ "proc-macro2", "quote", diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index 3113ac643..231fa353a 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -34,7 +34,7 @@ futures = "0.3.17" async-trait = "0.1.31" inotify = "0.9.2" libseccomp = { version = "0.3.0", optional = true } -zbus = "2.3.0" +zbus = "3.12.0" bit-vec= "0.6.3" xattr = "0.2.3" diff --git a/src/agent/rustjail/src/cgroups/systemd/common.rs b/src/agent/rustjail/src/cgroups/systemd/common.rs index a39e41c7c..ec82b40c2 100644 --- a/src/agent/rustjail/src/cgroups/systemd/common.rs +++ b/src/agent/rustjail/src/cgroups/systemd/common.rs @@ -6,7 +6,10 @@ pub const DEFAULT_SLICE: &str = "system.slice"; pub const SLICE_SUFFIX: &str = ".slice"; pub const SCOPE_SUFFIX: &str = ".scope"; -pub const UNIT_MODE: &str = "replace"; +pub const WHO_ENUM_ALL: &str = "all"; +pub const SIGNAL_KILL: i32 = nix::sys::signal::SIGKILL as i32; +pub const UNIT_MODE_REPLACE: &str = "replace"; +pub const NO_SUCH_UNIT_ERROR: &str = "org.freedesktop.systemd1.NoSuchUnit"; pub type Properties<'a> = Vec<(&'a str, zbus::zvariant::Value<'a>)>; diff --git a/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs b/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs index 0ff606930..3e1e3275c 100644 --- a/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs +++ b/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs @@ -1,56 +1,50 @@ -// Copyright 2021-2022 Kata Contributors +// Copyright 2021-2023 Kata Contributors // // SPDX-License-Identifier: Apache-2.0 // use std::vec; -use super::common::CgroupHierarchy; -use super::common::{Properties, SLICE_SUFFIX, UNIT_MODE}; +use super::common::{ + CgroupHierarchy, Properties, NO_SUCH_UNIT_ERROR, SIGNAL_KILL, SLICE_SUFFIX, UNIT_MODE_REPLACE, + WHO_ENUM_ALL, +}; use super::interface::system::ManagerProxyBlocking as SystemManager; -use anyhow::{Context, Result}; +use anyhow::{anyhow, Context, Result}; use zbus::zvariant::Value; pub trait SystemdInterface { - fn start_unit( - &self, - pid: i32, - parent: &str, - unit_name: &str, - cg_hierarchy: &CgroupHierarchy, - ) -> Result<()>; - - fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()>; - - fn stop_unit(&self, unit_name: &str) -> Result<()>; - + fn start_unit(&self, pid: i32, parent: &str, cg_hierarchy: &CgroupHierarchy) -> Result<()>; + fn set_properties(&self, properties: &Properties) -> Result<()>; + fn kill_unit(&self) -> Result<()>; + fn freeze_unit(&self) -> Result<()>; + fn thaw_unit(&self) -> Result<()>; + fn add_process(&self, pid: i32) -> Result<()>; fn get_version(&self) -> Result; - - fn unit_exists(&self, unit_name: &str) -> Result; - - fn add_process(&self, pid: i32, unit_name: &str) -> Result<()>; + fn unit_exists(&self) -> Result; } #[derive(Serialize, Deserialize, Debug, Clone)] -pub struct DBusClient {} +pub struct DBusClient { + unit_name: String, +} impl DBusClient { + pub fn new(unit_name: String) -> Self { + Self { unit_name } + } + fn build_proxy(&self) -> Result> { let connection = zbus::blocking::Connection::system().context("Establishing a D-Bus connection")?; let proxy = SystemManager::new(&connection).context("Building a D-Bus proxy manager")?; + Ok(proxy) } } impl SystemdInterface for DBusClient { - fn start_unit( - &self, - pid: i32, - parent: &str, - unit_name: &str, - cg_hierarchy: &CgroupHierarchy, - ) -> Result<()> { + fn start_unit(&self, pid: i32, parent: &str, cg_hierarchy: &CgroupHierarchy) -> Result<()> { let proxy = self.build_proxy()?; // enable CPUAccounting & MemoryAccounting & (Block)IOAccounting by default @@ -68,7 +62,7 @@ impl SystemdInterface for DBusClient { CgroupHierarchy::Unified => properties.push(("BlockIOAccounting", Value::Bool(true))), } - if unit_name.ends_with(SLICE_SUFFIX) { + if self.unit_name.ends_with(SLICE_SUFFIX) { properties.push(("Wants", Value::Str(parent.into()))); } else { properties.push(("Slice", Value::Str(parent.into()))); @@ -76,27 +70,57 @@ impl SystemdInterface for DBusClient { } proxy - .start_transient_unit(unit_name, UNIT_MODE, &properties, &[]) - .with_context(|| format!("failed to start transient unit {}", unit_name))?; - Ok(()) - } - - fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()> { - let proxy = self.build_proxy()?; - - proxy - .set_unit_properties(unit_name, true, properties) - .with_context(|| format!("failed to set unit properties {}", unit_name))?; + .start_transient_unit(&self.unit_name, UNIT_MODE_REPLACE, &properties, &[]) + .context(format!("failed to start transient unit {}", self.unit_name))?; Ok(()) } - fn stop_unit(&self, unit_name: &str) -> Result<()> { + fn set_properties(&self, properties: &Properties) -> Result<()> { let proxy = self.build_proxy()?; proxy - .stop_unit(unit_name, UNIT_MODE) - .with_context(|| format!("failed to stop unit {}", unit_name))?; + .set_unit_properties(&self.unit_name, true, properties) + .context(format!("failed to set unit {} properties", self.unit_name))?; + + Ok(()) + } + + fn kill_unit(&self) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .kill_unit(&self.unit_name, WHO_ENUM_ALL, SIGNAL_KILL) + .or_else(|e| match e { + zbus::Error::MethodError(error_name, _, _) + if error_name.as_str() == NO_SUCH_UNIT_ERROR => + { + Ok(()) + } + _ => Err(e), + }) + .context(format!("failed to kill unit {}", self.unit_name))?; + + Ok(()) + } + + fn freeze_unit(&self) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .freeze_unit(&self.unit_name) + .context(format!("failed to freeze unit {}", self.unit_name))?; + + Ok(()) + } + + fn thaw_unit(&self) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .thaw_unit(&self.unit_name) + .context(format!("failed to thaw unit {}", self.unit_name))?; + Ok(()) } @@ -105,24 +129,37 @@ impl SystemdInterface for DBusClient { let systemd_version = proxy .version() - .with_context(|| "failed to get systemd version".to_string())?; + .context("failed to get systemd version".to_string())?; + Ok(systemd_version) } - fn unit_exists(&self, unit_name: &str) -> Result { - let proxy = self - .build_proxy() - .with_context(|| format!("Checking if systemd unit {} exists", unit_name))?; + fn unit_exists(&self) -> Result { + let proxy = self.build_proxy()?; - Ok(proxy.get_unit(unit_name).is_ok()) + match proxy.get_unit(&self.unit_name) { + Ok(_) => Ok(true), + Err(zbus::Error::MethodError(error_name, _, _)) + if error_name.as_str() == NO_SUCH_UNIT_ERROR => + { + Ok(false) + } + Err(e) => Err(anyhow!(format!( + "failed to check if unit {} exists: {:?}", + self.unit_name, e + ))), + } } - fn add_process(&self, pid: i32, unit_name: &str) -> Result<()> { + fn add_process(&self, pid: i32) -> Result<()> { let proxy = self.build_proxy()?; proxy - .attach_processes_to_unit(unit_name, "/", &[pid as u32]) - .with_context(|| format!("failed to add process {}", unit_name))?; + .attach_processes_to_unit(&self.unit_name, "/", &[pid as u32]) + .context(format!( + "failed to add process into unit {}", + self.unit_name + ))?; Ok(()) } diff --git a/src/agent/rustjail/src/cgroups/systemd/interface/system.rs b/src/agent/rustjail/src/cgroups/systemd/interface/system.rs index 7a4ef199e..a61563eab 100644 --- a/src/agent/rustjail/src/cgroups/systemd/interface/system.rs +++ b/src/agent/rustjail/src/cgroups/systemd/interface/system.rs @@ -1,4 +1,4 @@ -// Copyright 2021-2022 Kata Contributors +// Copyright 2021-2023 Kata Contributors // // SPDX-License-Identifier: Apache-2.0 // @@ -8,7 +8,7 @@ //! # DBus interface proxy for: `org.freedesktop.systemd1.Manager` //! -//! This code was generated by `zbus-xmlgen` `2.0.1` from DBus introspection data. +//! This code was generated by `zbus-xmlgen` `3.1.1` from DBus introspection data. //! Source: `Interface '/org/freedesktop/systemd1' from service 'org.freedesktop.systemd1' on system bus`. //! //! You may prefer to adapt it, instead of using it verbatim. @@ -189,12 +189,14 @@ trait Manager { ) -> zbus::Result; /// GetUnitByInvocationID method + #[dbus_proxy(name = "GetUnitByInvocationID")] fn get_unit_by_invocation_id( &self, invocation_id: &[u8], ) -> zbus::Result; /// GetUnitByPID method + #[dbus_proxy(name = "GetUnitByPID")] fn get_unit_by_pid(&self, pid: u32) -> zbus::Result; /// GetUnitFileLinks method @@ -210,6 +212,7 @@ trait Manager { fn halt(&self) -> zbus::Result<()>; /// KExec method + #[dbus_proxy(name = "KExec")] fn kexec(&self) -> zbus::Result<()>; /// KillUnit method @@ -330,6 +333,7 @@ trait Manager { fn lookup_dynamic_user_by_name(&self, name: &str) -> zbus::Result; /// LookupDynamicUserByUID method + #[dbus_proxy(name = "LookupDynamicUserByUID")] fn lookup_dynamic_user_by_uid(&self, uid: u32) -> zbus::Result; /// MaskUnitFiles method @@ -571,139 +575,139 @@ trait Manager { fn ctrl_alt_del_burst_action(&self) -> zbus::Result; /// DefaultBlockIOAccounting property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultBlockIOAccounting")] fn default_block_ioaccounting(&self) -> zbus::Result; /// DefaultCPUAccounting property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultCPUAccounting")] fn default_cpuaccounting(&self) -> zbus::Result; /// DefaultLimitAS property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitAS")] fn default_limit_as(&self) -> zbus::Result; /// DefaultLimitASSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitASSoft")] fn default_limit_assoft(&self) -> zbus::Result; /// DefaultLimitCORE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCORE")] fn default_limit_core(&self) -> zbus::Result; /// DefaultLimitCORESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCORESoft")] fn default_limit_coresoft(&self) -> zbus::Result; /// DefaultLimitCPU property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCPU")] fn default_limit_cpu(&self) -> zbus::Result; /// DefaultLimitCPUSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCPUSoft")] fn default_limit_cpusoft(&self) -> zbus::Result; /// DefaultLimitDATA property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitDATA")] fn default_limit_data(&self) -> zbus::Result; /// DefaultLimitDATASoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitDATASoft")] fn default_limit_datasoft(&self) -> zbus::Result; /// DefaultLimitFSIZE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitFSIZE")] fn default_limit_fsize(&self) -> zbus::Result; /// DefaultLimitFSIZESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitFSIZESoft")] fn default_limit_fsizesoft(&self) -> zbus::Result; /// DefaultLimitLOCKS property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitLOCKS")] fn default_limit_locks(&self) -> zbus::Result; /// DefaultLimitLOCKSSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitLOCKSSoft")] fn default_limit_lockssoft(&self) -> zbus::Result; /// DefaultLimitMEMLOCK property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMEMLOCK")] fn default_limit_memlock(&self) -> zbus::Result; /// DefaultLimitMEMLOCKSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMEMLOCKSoft")] fn default_limit_memlocksoft(&self) -> zbus::Result; /// DefaultLimitMSGQUEUE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMSGQUEUE")] fn default_limit_msgqueue(&self) -> zbus::Result; /// DefaultLimitMSGQUEUESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMSGQUEUESoft")] fn default_limit_msgqueuesoft(&self) -> zbus::Result; /// DefaultLimitNICE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNICE")] fn default_limit_nice(&self) -> zbus::Result; /// DefaultLimitNICESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNICESoft")] fn default_limit_nicesoft(&self) -> zbus::Result; /// DefaultLimitNOFILE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNOFILE")] fn default_limit_nofile(&self) -> zbus::Result; /// DefaultLimitNOFILESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNOFILESoft")] fn default_limit_nofilesoft(&self) -> zbus::Result; /// DefaultLimitNPROC property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNPROC")] fn default_limit_nproc(&self) -> zbus::Result; /// DefaultLimitNPROCSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNPROCSoft")] fn default_limit_nprocsoft(&self) -> zbus::Result; /// DefaultLimitRSS property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRSS")] fn default_limit_rss(&self) -> zbus::Result; /// DefaultLimitRSSSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRSSSoft")] fn default_limit_rsssoft(&self) -> zbus::Result; /// DefaultLimitRTPRIO property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTPRIO")] fn default_limit_rtprio(&self) -> zbus::Result; /// DefaultLimitRTPRIOSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTPRIOSoft")] fn default_limit_rtpriosoft(&self) -> zbus::Result; /// DefaultLimitRTTIME property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTTIME")] fn default_limit_rttime(&self) -> zbus::Result; /// DefaultLimitRTTIMESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTTIMESoft")] fn default_limit_rttimesoft(&self) -> zbus::Result; /// DefaultLimitSIGPENDING property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSIGPENDING")] fn default_limit_sigpending(&self) -> zbus::Result; /// DefaultLimitSIGPENDINGSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSIGPENDINGSoft")] fn default_limit_sigpendingsoft(&self) -> zbus::Result; /// DefaultLimitSTACK property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSTACK")] fn default_limit_stack(&self) -> zbus::Result; /// DefaultLimitSTACKSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSTACKSoft")] fn default_limit_stacksoft(&self) -> zbus::Result; /// DefaultMemoryAccounting property @@ -711,11 +715,11 @@ trait Manager { fn default_memory_accounting(&self) -> zbus::Result; /// DefaultOOMPolicy property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultOOMPolicy")] fn default_oompolicy(&self) -> zbus::Result; /// DefaultRestartUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultRestartUSec")] fn default_restart_usec(&self) -> zbus::Result; /// DefaultStandardError property @@ -731,7 +735,7 @@ trait Manager { fn default_start_limit_burst(&self) -> zbus::Result; /// DefaultStartLimitIntervalUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultStartLimitIntervalUSec")] fn default_start_limit_interval_usec(&self) -> zbus::Result; /// DefaultTasksAccounting property @@ -743,19 +747,19 @@ trait Manager { fn default_tasks_max(&self) -> zbus::Result; /// DefaultTimeoutAbortUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimeoutAbortUSec")] fn default_timeout_abort_usec(&self) -> zbus::Result; /// DefaultTimeoutStartUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimeoutStartUSec")] fn default_timeout_start_usec(&self) -> zbus::Result; /// DefaultTimeoutStopUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimeoutStopUSec")] fn default_timeout_stop_usec(&self) -> zbus::Result; /// DefaultTimerAccuracyUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimerAccuracyUSec")] fn default_timer_accuracy_usec(&self) -> zbus::Result; /// Environment property @@ -803,65 +807,64 @@ trait Manager { fn generators_start_timestamp_monotonic(&self) -> zbus::Result; /// InitRDGeneratorsFinishTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsFinishTimestamp")] fn init_rdgenerators_finish_timestamp(&self) -> zbus::Result; /// InitRDGeneratorsFinishTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsFinishTimestampMonotonic")] fn init_rdgenerators_finish_timestamp_monotonic(&self) -> zbus::Result; /// InitRDGeneratorsStartTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsStartTimestamp")] fn init_rdgenerators_start_timestamp(&self) -> zbus::Result; /// InitRDGeneratorsStartTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsStartTimestampMonotonic")] fn init_rdgenerators_start_timestamp_monotonic(&self) -> zbus::Result; /// InitRDSecurityFinishTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityFinishTimestamp")] fn init_rdsecurity_finish_timestamp(&self) -> zbus::Result; /// InitRDSecurityFinishTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityFinishTimestampMonotonic")] fn init_rdsecurity_finish_timestamp_monotonic(&self) -> zbus::Result; /// InitRDSecurityStartTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityStartTimestamp")] fn init_rdsecurity_start_timestamp(&self) -> zbus::Result; /// InitRDSecurityStartTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityStartTimestampMonotonic")] fn init_rdsecurity_start_timestamp_monotonic(&self) -> zbus::Result; /// InitRDTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDTimestamp")] fn init_rdtimestamp(&self) -> zbus::Result; /// InitRDTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDTimestampMonotonic")] fn init_rdtimestamp_monotonic(&self) -> zbus::Result; /// InitRDUnitsLoadFinishTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadFinishTimestamp")] fn init_rdunits_load_finish_timestamp(&self) -> zbus::Result; /// InitRDUnitsLoadFinishTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadFinishTimestampMonotonic")] fn init_rdunits_load_finish_timestamp_monotonic(&self) -> zbus::Result; /// InitRDUnitsLoadStartTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadStartTimestamp")] fn init_rdunits_load_start_timestamp(&self) -> zbus::Result; /// InitRDUnitsLoadStartTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadStartTimestampMonotonic")] fn init_rdunits_load_start_timestamp_monotonic(&self) -> zbus::Result; /// KExecWatchdogUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "KExecWatchdogUSec")] fn kexec_watchdog_usec(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_kexec_watchdog_usec(&self, value: u64) -> zbus::Result<()>; /// KernelTimestamp property @@ -883,33 +886,31 @@ trait Manager { /// LogLevel property #[dbus_proxy(property)] fn log_level(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_log_level(&self, value: &str) -> zbus::Result<()>; /// LogTarget property #[dbus_proxy(property)] fn log_target(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_log_target(&self, value: &str) -> zbus::Result<()>; /// NFailedJobs property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NFailedJobs")] fn nfailed_jobs(&self) -> zbus::Result; /// NFailedUnits property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NFailedUnits")] fn nfailed_units(&self) -> zbus::Result; /// NInstalledJobs property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NInstalledJobs")] fn ninstalled_jobs(&self) -> zbus::Result; /// NJobs property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NJobs")] fn njobs(&self) -> zbus::Result; /// NNames property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NNames")] fn nnames(&self) -> zbus::Result; /// Progress property @@ -917,15 +918,13 @@ trait Manager { fn progress(&self) -> zbus::Result; /// RebootWatchdogUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "RebootWatchdogUSec")] fn reboot_watchdog_usec(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_reboot_watchdog_usec(&self, value: u64) -> zbus::Result<()>; /// RuntimeWatchdogUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "RuntimeWatchdogUSec")] fn runtime_watchdog_usec(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_runtime_watchdog_usec(&self, value: u64) -> zbus::Result<()>; /// SecurityFinishTimestamp property @@ -947,7 +946,6 @@ trait Manager { /// ServiceWatchdogs property #[dbus_proxy(property)] fn service_watchdogs(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_service_watchdogs(&self, value: bool) -> zbus::Result<()>; /// ShowStatus property @@ -963,7 +961,7 @@ trait Manager { fn tainted(&self) -> zbus::Result; /// TimerSlackNSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "TimerSlackNSec")] fn timer_slack_nsec(&self) -> zbus::Result; /// UnitPath property diff --git a/src/agent/rustjail/src/cgroups/systemd/manager.rs b/src/agent/rustjail/src/cgroups/systemd/manager.rs index dcbc65a2c..19be1c961 100644 --- a/src/agent/rustjail/src/cgroups/systemd/manager.rs +++ b/src/agent/rustjail/src/cgroups/systemd/manager.rs @@ -5,7 +5,7 @@ use crate::cgroups::Manager as CgroupManager; use crate::protocols::agent::CgroupStats; -use anyhow::Result; +use anyhow::{anyhow, Result}; use cgroups::freezer::FreezerState; use libc::{self, pid_t}; use oci::LinuxResources; @@ -29,7 +29,6 @@ pub struct Manager { pub mounts: HashMap, pub cgroups_path: CgroupsPath, pub cpath: String, - pub unit_name: String, // dbus client for set properties dbus_client: DBusClient, // fs manager for get properties @@ -40,14 +39,12 @@ pub struct Manager { impl CgroupManager for Manager { fn apply(&self, pid: pid_t) -> Result<()> { - let unit_name = self.unit_name.as_str(); - if self.dbus_client.unit_exists(unit_name)? { - self.dbus_client.add_process(pid, self.unit_name.as_str())?; + if self.dbus_client.unit_exists()? { + self.dbus_client.add_process(pid)?; } else { self.dbus_client.start_unit( (pid as u32).try_into().unwrap(), self.cgroups_path.slice.as_str(), - self.unit_name.as_str(), &self.cg_hierarchy, )?; } @@ -66,8 +63,7 @@ impl CgroupManager for Manager { Pids::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; CpuSet::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; - self.dbus_client - .set_properties(self.unit_name.as_str(), &properties)?; + self.dbus_client.set_properties(&properties)?; Ok(()) } @@ -77,11 +73,15 @@ impl CgroupManager for Manager { } fn freeze(&self, state: FreezerState) -> Result<()> { - self.fs_manager.freeze(state) + match state { + FreezerState::Thawed => self.dbus_client.thaw_unit(), + FreezerState::Frozen => self.dbus_client.freeze_unit(), + _ => Err(anyhow!("Invalid FreezerState")), + } } fn destroy(&mut self) -> Result<()> { - self.dbus_client.stop_unit(self.unit_name.as_str())?; + self.dbus_client.kill_unit()?; self.fs_manager.destroy() } @@ -120,8 +120,7 @@ impl Manager { mounts: fs_manager.mounts.clone(), cgroups_path, cpath, - unit_name, - dbus_client: DBusClient {}, + dbus_client: DBusClient::new(unit_name), fs_manager, cg_hierarchy: if cgroups::hierarchies::is_cgroup2_unified_mode() { CgroupHierarchy::Unified