diff --git a/src/agent/oci/src/lib.rs b/src/agent/oci/src/lib.rs index 2e3c3f110..69a2a98e1 100644 --- a/src/agent/oci/src/lib.rs +++ b/src/agent/oci/src/lib.rs @@ -58,7 +58,7 @@ pub struct Spec { #[serde(skip_serializing_if = "Option::is_none")] pub windows: Option>, #[serde(skip_serializing_if = "Option::is_none")] - pub vm: Option, + pub vm: Option, } impl Spec { @@ -71,7 +71,7 @@ impl Spec { } } -pub type LinuxRlimit = POSIXRlimit; +pub type LinuxRlimit = PosixRlimit; #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] pub struct Process { @@ -93,7 +93,7 @@ pub struct Process { #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, #[serde(default, skip_serializing_if = "Vec::is_empty")] - pub rlimits: Vec, + pub rlimits: Vec, #[serde(default, rename = "noNewPrivileges")] pub no_new_privileges: bool, #[serde( @@ -199,9 +199,9 @@ pub struct Hooks { #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] pub struct Linux { #[serde(default, rename = "uidMappings", skip_serializing_if = "Vec::is_empty")] - pub uid_mappings: Vec, + pub uid_mappings: Vec, #[serde(default, rename = "gidMappings", skip_serializing_if = "Vec::is_empty")] - pub gid_mappings: Vec, + pub gid_mappings: Vec, #[serde(default, skip_serializing_if = "HashMap::is_empty")] pub sysctl: HashMap, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -261,7 +261,7 @@ pub const UTSNAMESPACE: &str = "uts"; pub const CGROUPNAMESPACE: &str = "cgroup"; #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct LinuxIDMapping { +pub struct LinuxIdMapping { #[serde(default, rename = "containerID")] pub container_id: u32, #[serde(default, rename = "hostID")] @@ -271,7 +271,7 @@ pub struct LinuxIDMapping { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct POSIXRlimit { +pub struct PosixRlimit { #[serde(default)] pub r#type: String, #[serde(default)] @@ -297,7 +297,7 @@ pub struct LinuxInterfacePriority { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct LinuxBlockIODevice { +pub struct LinuxBlockIoDevice { #[serde(default)] pub major: i64, #[serde(default)] @@ -307,7 +307,7 @@ pub struct LinuxBlockIODevice { #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] pub struct LinuxWeightDevice { #[serde(flatten)] - pub blk: LinuxBlockIODevice, + pub blk: LinuxBlockIoDevice, #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, #[serde( @@ -321,13 +321,13 @@ pub struct LinuxWeightDevice { #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] pub struct LinuxThrottleDevice { #[serde(flatten)] - pub blk: LinuxBlockIODevice, + pub blk: LinuxBlockIoDevice, #[serde(default)] pub rate: u64, } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct LinuxBlockIO { +pub struct LinuxBlockIo { #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, #[serde( @@ -391,7 +391,7 @@ pub struct LinuxMemory { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct LinuxCPU { +pub struct LinuxCpu { #[serde(default, skip_serializing_if = "Option::is_none")] pub shares: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -453,11 +453,11 @@ pub struct LinuxResources { #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub cpu: Option, + pub cpu: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub pids: Option, #[serde(skip_serializing_if = "Option::is_none", rename = "blockIO")] - pub block_io: Option, + pub block_io: Option, #[serde( default, skip_serializing_if = "Vec::is_empty", @@ -517,7 +517,7 @@ pub struct Solaris { #[serde(default, skip_serializing_if = "Vec::is_empty")] pub anet: Vec, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cappedCPU")] - pub capped_cpu: Option, + pub capped_cpu: Option, #[serde( default, skip_serializing_if = "Option::is_none", @@ -527,7 +527,7 @@ pub struct Solaris { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct SolarisCappedCPU { +pub struct SolarisCappedCpu { #[serde(default, skip_serializing_if = "String::is_empty")] pub ncpus: String, } @@ -605,7 +605,7 @@ pub struct WindowsResources { #[serde(default, skip_serializing_if = "Option::is_none")] pub memory: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub cpu: Option, + pub cpu: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub storage: Option, } @@ -617,7 +617,7 @@ pub struct WindowsMemoryResources { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct WindowsCPUResources { +pub struct WindowsCpuResources { #[serde(default, skip_serializing_if = "Option::is_none")] pub count: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -675,14 +675,14 @@ pub struct WindowsHyperV { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct VM { - pub hypervisor: VMHypervisor, - pub kernel: VMKernel, - pub image: VMImage, +pub struct Vm { + pub hypervisor: VmHypervisor, + pub kernel: VmKernel, + pub image: VmImage, } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct VMHypervisor { +pub struct VmHypervisor { #[serde(default)] pub path: String, #[serde(default, skip_serializing_if = "String::is_empty")] @@ -690,7 +690,7 @@ pub struct VMHypervisor { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct VMKernel { +pub struct VmKernel { #[serde(default)] pub path: String, #[serde(default, skip_serializing_if = "String::is_empty")] @@ -700,7 +700,7 @@ pub struct VMKernel { } #[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)] -pub struct VMImage { +pub struct VmImage { #[serde(default)] pub path: String, #[serde(default)] @@ -801,11 +801,11 @@ pub struct LinuxIntelRdt { #[derive(Debug, Serialize, Deserialize, Copy, Clone, PartialEq)] #[serde(rename_all = "lowercase")] pub enum ContainerState { - CREATING, - CREATED, - RUNNING, - STOPPED, - PAUSED, + Creating, + Created, + Running, + Stopped, + Paused, } #[derive(Serialize, Deserialize, Debug, Clone, PartialEq)] @@ -846,7 +846,7 @@ mod tests { let expected = State { version: "0.2.0".to_string(), id: "oci-container1".to_string(), - status: ContainerState::RUNNING, + status: ContainerState::Running, pid: 4422, bundle: "/containers/redis".to_string(), annotations: [("myKey".to_string(), "myValue".to_string())] @@ -1271,12 +1271,12 @@ mod tests { ambient: vec!["CAP_NET_BIND_SERVICE".to_string()], }), rlimits: vec![ - crate::POSIXRlimit { + crate::PosixRlimit { r#type: "RLIMIT_CORE".to_string(), hard: 1024, soft: 1024, }, - crate::POSIXRlimit { + crate::PosixRlimit { r#type: "RLIMIT_NOFILE".to_string(), hard: 1024, soft: 1024, @@ -1408,12 +1408,12 @@ mod tests { .cloned() .collect(), linux: Some(crate::Linux { - uid_mappings: vec![crate::LinuxIDMapping { + uid_mappings: vec![crate::LinuxIdMapping { container_id: 0, host_id: 1000, size: 32000, }], - gid_mappings: vec![crate::LinuxIDMapping { + gid_mappings: vec![crate::LinuxIdMapping { container_id: 0, host_id: 1000, size: 32000, @@ -1458,7 +1458,7 @@ mod tests { swappiness: Some(0), disable_oom_killer: Some(false), }), - cpu: Some(crate::LinuxCPU { + cpu: Some(crate::LinuxCpu { shares: Some(1024), quota: Some(1000000), period: Some(500000), @@ -1468,17 +1468,17 @@ mod tests { mems: "0-7".to_string(), }), pids: Some(crate::LinuxPids { limit: 32771 }), - block_io: Some(crate::LinuxBlockIO { + block_io: Some(crate::LinuxBlockIo { weight: Some(10), leaf_weight: Some(10), weight_device: vec![ crate::LinuxWeightDevice { - blk: crate::LinuxBlockIODevice { major: 8, minor: 0 }, + blk: crate::LinuxBlockIoDevice { major: 8, minor: 0 }, weight: Some(500), leaf_weight: Some(300), }, crate::LinuxWeightDevice { - blk: crate::LinuxBlockIODevice { + blk: crate::LinuxBlockIoDevice { major: 8, minor: 16, }, @@ -1487,13 +1487,13 @@ mod tests { }, ], throttle_read_bps_device: vec![crate::LinuxThrottleDevice { - blk: crate::LinuxBlockIODevice { major: 8, minor: 0 }, + blk: crate::LinuxBlockIoDevice { major: 8, minor: 0 }, rate: 600, }], throttle_write_bps_device: vec![], throttle_read_iops_device: vec![], throttle_write_iops_device: vec![crate::LinuxThrottleDevice { - blk: crate::LinuxBlockIODevice { + blk: crate::LinuxBlockIoDevice { major: 8, minor: 16, }, diff --git a/src/agent/rustjail/src/cgroups/fs/mod.rs b/src/agent/rustjail/src/cgroups/fs/mod.rs index cc2e5dcff..55aefed87 100644 --- a/src/agent/rustjail/src/cgroups/fs/mod.rs +++ b/src/agent/rustjail/src/cgroups/fs/mod.rs @@ -24,7 +24,7 @@ use anyhow::{anyhow, Context, Result}; use libc::{self, pid_t}; use nix::errno::Errno; use oci::{ - LinuxBlockIO, LinuxCPU, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory, + LinuxBlockIo, LinuxCpu, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory, LinuxNetwork, LinuxPids, LinuxResources, }; @@ -272,7 +272,7 @@ fn set_hugepages_resources( fn set_block_io_resources( _cg: &cgroups::Cgroup, - blkio: &LinuxBlockIO, + blkio: &LinuxBlockIo, res: &mut cgroups::Resources, ) { info!(sl!(), "cgroup manager set block io"); @@ -302,7 +302,7 @@ fn set_block_io_resources( build_blk_io_device_throttle_resource(&blkio.throttle_write_iops_device); } -fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> { +fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCpu) -> Result<()> { info!(sl!(), "cgroup manager set cpu"); let cpuset_controller: &CpuSetController = cg.controller_of().unwrap(); diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index 846257613..0cfc5e75c 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -5,7 +5,7 @@ use anyhow::{anyhow, Context, Result}; use libc::pid_t; -use oci::{ContainerState, LinuxDevice, LinuxIDMapping}; +use oci::{ContainerState, LinuxDevice, LinuxIdMapping}; use oci::{Hook, Linux, LinuxNamespace, LinuxResources, Spec}; use std::clone::Clone; use std::ffi::{CStr, CString}; @@ -83,8 +83,8 @@ pub struct ContainerStatus { impl ContainerStatus { fn new() -> Self { ContainerStatus { - pre_status: ContainerState::CREATED, - cur_status: ContainerState::CREATED, + pre_status: ContainerState::Created, + cur_status: ContainerState::Created, } } @@ -255,7 +255,7 @@ pub struct State { } #[derive(Serialize, Deserialize, Debug, Clone)] -pub struct SyncPC { +pub struct SyncPc { #[serde(default)] pid: pid_t, } @@ -268,7 +268,7 @@ pub trait Container: BaseContainer { impl Container for LinuxContainer { fn pause(&mut self) -> Result<()> { let status = self.status(); - if status != ContainerState::RUNNING && status != ContainerState::CREATED { + if status != ContainerState::Running && status != ContainerState::Created { return Err(anyhow!( "failed to pause container: current status is: {:?}", status @@ -281,7 +281,7 @@ impl Container for LinuxContainer { .unwrap() .freeze(FreezerState::Frozen)?; - self.status.transition(ContainerState::PAUSED); + self.status.transition(ContainerState::Paused); return Ok(()); } Err(anyhow!("failed to get container's cgroup manager")) @@ -289,7 +289,7 @@ impl Container for LinuxContainer { fn resume(&mut self) -> Result<()> { let status = self.status(); - if status != ContainerState::PAUSED { + if status != ContainerState::Paused { return Err(anyhow!("container status is: {:?}, not paused", status)); } @@ -299,7 +299,7 @@ impl Container for LinuxContainer { .unwrap() .freeze(FreezerState::Thawed)?; - self.status.transition(ContainerState::RUNNING); + self.status.transition(ContainerState::Running); return Ok(()); } Err(anyhow!("failed to get container's cgroup manager")) @@ -734,7 +734,7 @@ impl BaseContainer for LinuxContainer { }; let status = self.status(); - let pid = if status != ContainerState::STOPPED { + let pid = if status != ContainerState::Stopped { self.init_process_pid } else { 0 @@ -997,7 +997,7 @@ impl BaseContainer for LinuxContainer { if init { self.exec()?; - self.status.transition(ContainerState::RUNNING); + self.status.transition(ContainerState::Running); } Ok(()) @@ -1019,7 +1019,7 @@ impl BaseContainer for LinuxContainer { } } - self.status.transition(ContainerState::STOPPED); + self.status.transition(ContainerState::Stopped); mount::umount2( spec.root.as_ref().unwrap().path.as_str(), MntFlags::MNT_DETACH, @@ -1055,7 +1055,7 @@ impl BaseContainer for LinuxContainer { .unwrap() .as_secs(); - self.status.transition(ContainerState::RUNNING); + self.status.transition(ContainerState::Running); unistd::close(fd)?; Ok(()) @@ -1302,7 +1302,7 @@ async fn join_namespaces( Ok(()) } -fn write_mappings(logger: &Logger, path: &str, maps: &[LinuxIDMapping]) -> Result<()> { +fn write_mappings(logger: &Logger, path: &str, maps: &[LinuxIdMapping]) -> Result<()> { let data = maps .iter() .filter(|m| m.size != 0) @@ -1588,7 +1588,7 @@ mod tests { &OCIState { version: "1.2.3".to_string(), id: "321".to_string(), - status: ContainerState::RUNNING, + status: ContainerState::Running, pid: 2, bundle: "".to_string(), annotations: Default::default(), @@ -1611,7 +1611,7 @@ mod tests { &OCIState { version: "1.2.3".to_string(), id: "321".to_string(), - status: ContainerState::RUNNING, + status: ContainerState::Running, pid: 2, bundle: "".to_string(), annotations: Default::default(), @@ -1630,10 +1630,10 @@ mod tests { fn test_status_transtition() { let mut status = ContainerStatus::new(); let status_table: [ContainerState; 4] = [ - ContainerState::CREATED, - ContainerState::RUNNING, - ContainerState::PAUSED, - ContainerState::STOPPED, + ContainerState::Created, + ContainerState::Running, + ContainerState::Paused, + ContainerState::Stopped, ]; for s in status_table.iter() { @@ -1770,7 +1770,7 @@ mod tests { fn test_linuxcontainer_pause_bad_status() { let ret = new_linux_container_and_then(|mut c: LinuxContainer| { // Change state to pause, c.pause() should fail - c.status.transition(ContainerState::PAUSED); + c.status.transition(ContainerState::Paused); c.pause().map_err(|e| anyhow!(e)) }); @@ -1802,7 +1802,7 @@ mod tests { fn test_linuxcontainer_resume_bad_status() { let ret = new_linux_container_and_then(|mut c: LinuxContainer| { // Change state to created, c.resume() should fail - c.status.transition(ContainerState::CREATED); + c.status.transition(ContainerState::Created); c.resume().map_err(|e| anyhow!(e)) }); @@ -1813,7 +1813,7 @@ mod tests { #[test] fn test_linuxcontainer_resume_cgroupmgr_is_none() { let ret = new_linux_container_and_then(|mut c: LinuxContainer| { - c.status.transition(ContainerState::PAUSED); + c.status.transition(ContainerState::Paused); c.cgroup_manager = None; c.resume().map_err(|e| anyhow!(e)) }); @@ -1826,7 +1826,7 @@ mod tests { let ret = new_linux_container_and_then(|mut c: LinuxContainer| { c.cgroup_manager = FsManager::new("").ok(); // Change status to paused, this way we can resume it - c.status.transition(ContainerState::PAUSED); + c.status.transition(ContainerState::Paused); c.resume().map_err(|e| anyhow!(e)) }); diff --git a/src/agent/rustjail/src/lib.rs b/src/agent/rustjail/src/lib.rs index 5416af560..0d4f50865 100644 --- a/src/agent/rustjail/src/lib.rs +++ b/src/agent/rustjail/src/lib.rs @@ -109,7 +109,7 @@ pub fn process_grpc_to_oci(p: &grpc::Process) -> oci::Process { let rlimits = { let mut r = Vec::new(); for lm in p.Rlimits.iter() { - r.push(oci::POSIXRlimit { + r.push(oci::PosixRlimit { r#type: lm.Type.clone(), hard: lm.Hard, soft: lm.Soft, @@ -179,15 +179,15 @@ fn hooks_grpc_to_oci(h: &grpc::Hooks) -> oci::Hooks { } } -fn idmap_grpc_to_oci(im: &grpc::LinuxIDMapping) -> oci::LinuxIDMapping { - oci::LinuxIDMapping { +fn idmap_grpc_to_oci(im: &grpc::LinuxIDMapping) -> oci::LinuxIdMapping { + oci::LinuxIdMapping { container_id: im.ContainerID, host_id: im.HostID, size: im.Size, } } -fn idmaps_grpc_to_oci(ims: &[grpc::LinuxIDMapping]) -> Vec { +fn idmaps_grpc_to_oci(ims: &[grpc::LinuxIDMapping]) -> Vec { let mut r = Vec::new(); for im in ims.iter() { r.push(idmap_grpc_to_oci(im)); @@ -201,7 +201,7 @@ fn throttle_devices_grpc_to_oci( let mut r = Vec::new(); for td in tds.iter() { r.push(oci::LinuxThrottleDevice { - blk: oci::LinuxBlockIODevice { + blk: oci::LinuxBlockIoDevice { major: td.Major, minor: td.Minor, }, @@ -215,7 +215,7 @@ fn weight_devices_grpc_to_oci(wds: &[grpc::LinuxWeightDevice]) -> Vec Vec oci::LinuxBlockIO { +fn blockio_grpc_to_oci(blk: &grpc::LinuxBlockIO) -> oci::LinuxBlockIo { let weight_device = weight_devices_grpc_to_oci(blk.WeightDevice.as_ref()); let throttle_read_bps_device = throttle_devices_grpc_to_oci(blk.ThrottleReadBpsDevice.as_ref()); let throttle_write_bps_device = @@ -236,7 +236,7 @@ fn blockio_grpc_to_oci(blk: &grpc::LinuxBlockIO) -> oci::LinuxBlockIO { let throttle_write_iops_device = throttle_devices_grpc_to_oci(blk.ThrottleWriteIOPSDevice.as_ref()); - oci::LinuxBlockIO { + oci::LinuxBlockIo { weight: Some(blk.Weight as u16), leaf_weight: Some(blk.LeafWeight as u16), weight_device, @@ -290,7 +290,7 @@ pub fn resources_grpc_to_oci(res: &grpc::LinuxResources) -> oci::LinuxResources let cpu = if res.CPU.is_some() { let c = res.CPU.as_ref().unwrap(); - Some(oci::LinuxCPU { + Some(oci::LinuxCpu { shares: Some(c.Shares), quota: Some(c.Quota), period: Some(c.Period), diff --git a/src/agent/rustjail/src/validator.rs b/src/agent/rustjail/src/validator.rs index b5fabf929..9dbbd19dd 100644 --- a/src/agent/rustjail/src/validator.rs +++ b/src/agent/rustjail/src/validator.rs @@ -6,7 +6,7 @@ use crate::container::Config; use anyhow::{anyhow, Context, Error, Result}; use nix::errno::Errno; -use oci::{Linux, LinuxIDMapping, LinuxNamespace, Spec}; +use oci::{Linux, LinuxIdMapping, LinuxNamespace, Spec}; use std::collections::HashMap; use std::path::{Component, PathBuf}; @@ -107,7 +107,7 @@ fn security(oci: &Spec) -> Result<()> { Ok(()) } -fn idmapping(maps: &[LinuxIDMapping]) -> Result<()> { +fn idmapping(maps: &[LinuxIdMapping]) -> Result<()> { for map in maps { if map.size > 0 { return Ok(()); @@ -238,7 +238,7 @@ fn rootless_euid_mapping(oci: &Spec) -> Result<()> { Ok(()) } -fn has_idmapping(maps: &[LinuxIDMapping], id: u32) -> bool { +fn has_idmapping(maps: &[LinuxIdMapping], id: u32) -> bool { for map in maps { if id >= map.container_id && id < map.container_id + map.size { return true; @@ -441,7 +441,7 @@ mod tests { usernamespace(&spec).unwrap(); let mut linux = Linux::default(); - linux.uid_mappings = vec![LinuxIDMapping { + linux.uid_mappings = vec![LinuxIdMapping { container_id: 0, host_id: 1000, size: 0, @@ -450,7 +450,7 @@ mod tests { usernamespace(&spec).unwrap_err(); let mut linux = Linux::default(); - linux.uid_mappings = vec![LinuxIDMapping { + linux.uid_mappings = vec![LinuxIdMapping { container_id: 0, host_id: 1000, size: 100, @@ -497,12 +497,12 @@ mod tests { path: "/sys/cgroups/user".to_owned(), }, ]; - linux.uid_mappings = vec![LinuxIDMapping { + linux.uid_mappings = vec![LinuxIdMapping { container_id: 0, host_id: 1000, size: 1000, }]; - linux.gid_mappings = vec![LinuxIDMapping { + linux.gid_mappings = vec![LinuxIdMapping { container_id: 0, host_id: 1000, size: 1000,