Changed the name of the rule that runs the tests to "test" for
consistency, but retained `check` for backwards compatibility
for now.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Dup a new file descriptor for temporary logger writer,
since this logger would be dropped and it's writer would
be closed out of if definition scope, which would cause
the logger process thread terminated if it used the original
pipe write fd.
Fixes: #318
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
With this change, a container is not longer given access to
the underlying root partition.
This is done by explicitly adding the root partition
to the device cgroup of the container.
Fixes: #317
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
The agent logger is useful and generic enough that it can be used by
other components, so move the agent logging package to below a top level
`pkg` to encourage re-use.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Clean up all clippy warning.
Also fix a bug in dealing with IFLA_IFNAME attribute.
nlh.addattr_var(IFLA_IFNAME, name.as_ptr() as *const u8, name.len() + 1);
The `name` is a rust String, which doesn't including the trailing '\0',
so name.len() + 1 may cause invalid memory access.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Implment `TryFrom<IPAddress> for RtIPAddr` instead of From<IPAddress>,
so error code could be returned instead of unwrap().
Do the same for `TryFrom<Route> for RtRoute`.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
There are too much unsafe code in the netlink crate, we need to reduce
unsafe code as much as possible. To achieve this, methods are classified
as public interfaces and internal methods.
All public interface of RtnlHandle has been reimplemented as safe code,
only some public helper functions to manipulater Netlink message data
structures are implemented as unsafe code.
The code to parse IPv4/IPv6/MAC addresses has been moved to a dedicated
file named parser.rs.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
The scan_fmt crate has dependency on other four crates, and it's trivial
to use std library to implement the same logic. Get rid of scan_fmt to
reduce the dependency chain.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Use features to enable/disable slog and agent handler on demand.
This helps to reduce dependency chains if slog/agent handler is unused.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
The netlink crate is a library to communicate with Linux kenrel by using
the netlink socket. It's generic enough to be reused by other clients.
So get rid of dependency on the rustjail crate by:
1) normalize all pub interfaces to return Result<T, nix::Error>,
2) add helpers to reduce duplicated code,
3) move parse_mac() into lib.rs,
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Add grpc API for adding arp neighbours for a network
interface. These are expected to be static arp entries
sent by the runtime.
Signed-off-by: Tim Zhang <tim@hyper.sh>
Got:
make PROTO_FILE=agent.proto generate-protocol
google/protobuf/descriptor.proto: Read access is denied for file: /usr/local/include/google/protobuf/descriptor.proto
This commit will fix this error.
Signed-off-by: Tim Zhang <tim@hyper.sh>
In Kata 1.x, agent interface is defined in agent repo and vendored by runtime. But in Kata 2.0, agent and runtime will use ttrpc as protocol, and agent is using rust language, so runtime can't vendor agent again, have to compile from agent's protobuf files.
This PR will hold proto files under src/agent, and compile it to rust/go sources for agent/runtime. Typing `make generate-protocols` under root of this repo or `src/agent` can see how to use it.
Signed-off-by: bin liu <bin@hyper.sh>
Hardcode the Cargo.lock file to prevent dependencies
change which would cause some compatible issues.
Fixes: #230
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since the ttrpc upgraded with async supported, which isn't
compatible with current agent, thus it's better to change
the dependency to a stable branch.
Fixes: #229
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
It's better to check whether the sandbox's get_container
result instead of unwrap it directly, otherwise it would
crash the agent if the conainer id is invalid.
Fixes: #178
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
When kill a process, if the exec id is empty, then
it means to kill all processes in the container, if
the exec id isn't empty, then it will only kill the
specific exec process.
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Add the container id and exec id to start container's log
which would make it clearly to check the log.
Fixes: #173
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
In the previous implementation, create a container process
by forking the parent process as the container process,
and then at the forked child process do much more setting,
such as rootfs mounting, drop capabilities and so on, at
last exec the container entry cmd to switch into container
process.
But since the parent is a muti thread process, which would
cause a dead lock in the forked child. For example, if one
of the parent process's thread do some malloc operation, which
would take a mutex lock, and at the same time, the parent forked
a child process, since the mutex lock status would be inherited
by the child process but there's no chance to release the lock
in the child since the child process only has a single thread
which would meet a dead lock if it would do some malloc operation.
Thus, the new implementation would do exec directly after forked
and then do the setting in the exec process. Of course, this requred
a data communication between parent and child since the child cannot
depends on the shared memory by fork way.
Fixes: #166Fixes: #133
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Adds a cmdline option to configure the stdout/stderr pipe sizes.
Uses `F_SETPIPE_SZ` to resize the write side of the pipe after
creation.
Example Cmdline option: `agent.container_pipe_size=2097152`
fixes#152
Signed-off-by: Alex Price <aprice@atlassian.com>
I add another sub-command `build-service` in Makefile to
generate rust-agent-related systemd service files, which
are necessary for building guest rootfs image.
The whole design is following the one in go-agent.
Fixes: #144
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
It's better to catch the error of couldn't find the process
in tty_win_resize service, other wise, an invalid process id
could crash the agent.
Fixes: #137
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This reverts commit a3e46a369f.
There is still problem with static link, built binary will
segmentfault on clearlinux. So revert this patch for now.
Depends-on: github.com/kata-containers/tests#2293
Fixes: #69
Signed-off-by: Yang Bo <bo@hyper.sh>
