diff --git a/runc/Cargo.lock b/runc/Cargo.lock index b76101b9..521f6a67 100644 --- a/runc/Cargo.lock +++ b/runc/Cargo.lock @@ -41,6 +41,55 @@ dependencies = [ "libc", ] +[[package]] +name = "anstream" +version = "0.6.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64e15c1ab1f89faffbf04a634d5e1962e9074f2741eef6d97f3c4e322426d526" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1" + +[[package]] +name = "anstyle-parse" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb47de1e80c2b463c735db5b217a0ddc39d612e7ac9e2e96a5aed1f57616c1cb" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" +dependencies = [ + "anstyle", + "windows-sys 0.52.0", +] + [[package]] name = "anyhow" version = "1.0.66" @@ -66,18 +115,18 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] name = "async-trait" -version = "0.1.73" +version = "0.1.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" +checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -163,6 +212,12 @@ version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + [[package]] name = "bitflags" version = "1.3.2" @@ -175,6 +230,18 @@ version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +[[package]] +name = "built" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "236e6289eda5a812bc6b53c3b024039382a2895fbbeef2d748b2931546d392c4" +dependencies = [ + "cargo-lock", + "chrono", + "git2", + "semver", +] + [[package]] name = "bumpalo" version = "3.13.0" @@ -203,13 +270,28 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" +[[package]] +name = "cargo-lock" +version = "9.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e11c675378efb449ed3ce8de78d75d0d80542fc98487c26aba28eb3b82feac72" +dependencies = [ + "petgraph 0.6.4", + "semver", + "serde", + "toml", + "url", +] + [[package]] name = "cc" -version = "1.0.83" +version = "1.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +checksum = "5fb8dd288a69fc53a1996d7ecfbf4a20d59065bff137ce7e56bbd620de191189" dependencies = [ + "jobserver", "libc", + "shlex", ] [[package]] @@ -224,6 +306,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cfg_aliases" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e" + [[package]] name = "cgroups-rs" version = "0.2.11" @@ -238,16 +326,56 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.27" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f56b4c72906975ca04becb8a30e102dfecddd0c06181e3e95ddc444be28881f8" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ "android-tzdata", "iana-time-zone", "num-traits", - "windows-targets 0.48.5", + "windows-targets 0.52.6", +] + +[[package]] +name = "clap" +version = "4.5.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.5.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim 0.11.1", ] +[[package]] +name = "clap_derive" +version = "4.5.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" +dependencies = [ + "heck 0.5.0", + "proc-macro2", + "quote", + "syn 2.0.74", +] + +[[package]] +name = "clap_lex" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" + [[package]] name = "cmake" version = "0.1.50" @@ -257,6 +385,12 @@ dependencies = [ "cc", ] +[[package]] +name = "colorchoice" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0" + [[package]] name = "command-fds" version = "0.2.2" @@ -270,11 +404,12 @@ dependencies = [ [[package]] name = "containerd-sandbox" version = "0.1.0" -source = "git+https://github.com/kuasar-io/rust-extensions.git?rev=6ae99540b754cd28c5389d5d6fdeff6ec7290ec5#6ae99540b754cd28c5389d5d6fdeff6ec7290ec5" +source = "git+https://github.com/kuasar-io/rust-extensions.git#53b4ca86b3461efb22b881b891e41fb45e264c7f" dependencies = [ "anyhow", "async-stream", "async-trait", + "base64 0.22.1", "futures", "go-flag", "libc", @@ -298,7 +433,7 @@ dependencies = [ [[package]] name = "containerd-shim" version = "0.3.0" -source = "git+https://github.com/kuasar-io/rust-extensions.git?rev=6ae99540b754cd28c5389d5d6fdeff6ec7290ec5#6ae99540b754cd28c5389d5d6fdeff6ec7290ec5" +source = "git+https://github.com/kuasar-io/rust-extensions.git#53b4ca86b3461efb22b881b891e41fb45e264c7f" dependencies = [ "async-trait", "cgroups-rs", @@ -309,7 +444,7 @@ dependencies = [ "lazy_static", "libc", "log", - "nix 0.25.1", + "nix 0.28.0", "oci-spec", "page_size", "pin-project-lite", @@ -329,7 +464,7 @@ dependencies = [ [[package]] name = "containerd-shim-protos" version = "0.2.0" -source = "git+https://github.com/kuasar-io/rust-extensions.git?rev=6ae99540b754cd28c5389d5d6fdeff6ec7290ec5#6ae99540b754cd28c5389d5d6fdeff6ec7290ec5" +source = "git+https://github.com/kuasar-io/rust-extensions.git#53b4ca86b3461efb22b881b891e41fb45e264c7f" dependencies = [ "async-trait", "protobuf 3.2.0", @@ -372,7 +507,7 @@ dependencies = [ "ident_case", "proc-macro2", "quote", - "strsim", + "strsim 0.10.0", "syn 1.0.109", ] @@ -518,6 +653,15 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "form_urlencoded" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" +dependencies = [ + "percent-encoding", +] + [[package]] name = "futures" version = "0.3.28" @@ -574,7 +718,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -636,6 +780,19 @@ version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" +[[package]] +name = "git2" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b903b73e45dc0c6c596f2d37eccece7c1c8bb6e4407b001096387c63d0d93724" +dependencies = [ + "bitflags 2.4.0", + "libc", + "libgit2-sys", + "log", + "url", +] + [[package]] name = "go-flag" version = "0.1.0" @@ -691,6 +848,12 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + [[package]] name = "hermit-abi" version = "0.1.19" @@ -823,6 +986,16 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" +[[package]] +name = "idna" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "indexmap" version = "1.9.3" @@ -863,6 +1036,12 @@ dependencies = [ "libc", ] +[[package]] +name = "is_terminal_polyfill" +version = "1.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" + [[package]] name = "itertools" version = "0.10.5" @@ -878,6 +1057,15 @@ version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +[[package]] +name = "jobserver" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" +dependencies = [ + "libc", +] + [[package]] name = "js-sys" version = "0.3.64" @@ -895,9 +1083,33 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" + +[[package]] +name = "libgit2-sys" +version = "0.17.0+1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10472326a8a6477c3c20a64547b0059e4b0d086869eee31e6d7da728a8eb7224" +dependencies = [ + "cc", + "libc", + "libz-sys", + "pkg-config", +] + +[[package]] +name = "libz-sys" +version = "1.1.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdc53a7799a7496ebc9fd29f31f7df80e83c9bda5299768af5f9e59eeea74647" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] [[package]] name = "linux-raw-sys" @@ -948,6 +1160,15 @@ dependencies = [ "autocfg", ] +[[package]] +name = "memoffset" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" +dependencies = [ + "autocfg", +] + [[package]] name = "mime" version = "0.3.17" @@ -990,7 +1211,7 @@ dependencies = [ "cc", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -1003,7 +1224,7 @@ dependencies = [ "cc", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -1027,19 +1248,21 @@ dependencies = [ "bitflags 1.3.2", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", "pin-utils", ] [[package]] name = "nix" -version = "0.27.1" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" +checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4" dependencies = [ "bitflags 2.4.0", "cfg-if 1.0.0", + "cfg_aliases", "libc", + "memoffset 0.9.1", ] [[package]] @@ -1193,7 +1416,7 @@ checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -1208,6 +1431,12 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkg-config" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -1221,7 +1450,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52" dependencies = [ "libc", - "nix 0.27.1", + "nix 0.28.0", ] [[package]] @@ -1260,9 +1489,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -1456,9 +1685,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.33" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -1534,7 +1763,7 @@ checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" [[package]] name = "runc" version = "0.2.0" -source = "git+https://github.com/kuasar-io/rust-extensions.git?rev=6ae99540b754cd28c5389d5d6fdeff6ec7290ec5#6ae99540b754cd28c5389d5d6fdeff6ec7290ec5" +source = "git+https://github.com/kuasar-io/rust-extensions.git#53b4ca86b3461efb22b881b891e41fb45e264c7f" dependencies = [ "async-trait", "futures", @@ -1561,14 +1790,16 @@ version = "0.1.0" dependencies = [ "anyhow", "async-trait", + "built", "byteorder", + "clap", "containerd-sandbox", "containerd-shim", "env_logger", "futures", "go-flag", "log", - "nix 0.25.1", + "nix 0.28.0", "oci-spec", "os_pipe", "prctl", @@ -1627,6 +1858,15 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "semver" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" +dependencies = [ + "serde", +] + [[package]] name = "serde" version = "1.0.163" @@ -1644,7 +1884,7 @@ checksum = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -1658,6 +1898,21 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_spanned" +version = "0.6.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d" +dependencies = [ + "serde", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "signal-hook" version = "0.3.17" @@ -1730,6 +1985,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + [[package]] name = "syn" version = "1.0.109" @@ -1743,9 +2004,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.29" +version = "2.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a" +checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" dependencies = [ "proc-macro2", "quote", @@ -1797,7 +2058,7 @@ checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -1827,6 +2088,21 @@ dependencies = [ "time-core", ] +[[package]] +name = "tinyvec" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tokio" version = "1.32.0" @@ -1864,7 +2140,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -1915,6 +2191,40 @@ dependencies = [ "vsock", ] +[[package]] +name = "toml" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd79e69d3b627db300ff956027cc6c3798cef26d22526befdfcd12feeb6d2257" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit", +] + +[[package]] +name = "toml_datetime" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41" +dependencies = [ + "serde", +] + +[[package]] +name = "toml_edit" +version = "0.19.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" +dependencies = [ + "indexmap 2.0.0", + "serde", + "serde_spanned", + "toml_datetime", + "winnow", +] + [[package]] name = "tonic" version = "0.7.2" @@ -1924,7 +2234,7 @@ dependencies = [ "async-stream", "async-trait", "axum", - "base64", + "base64 0.13.1", "bytes 1.4.0", "futures-core", "futures-util", @@ -2032,7 +2342,7 @@ checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", ] [[package]] @@ -2106,18 +2416,50 @@ dependencies = [ "tempfile", ] +[[package]] +name = "unicode-bidi" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" + [[package]] name = "unicode-ident" version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" +[[package]] +name = "unicode-normalization" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" +dependencies = [ + "tinyvec", +] + [[package]] name = "unicode-segmentation" version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1dd624098567895118886609431a7c3b8f516e41d30e0643f03d94592a147e36" +[[package]] +name = "url" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "143b538f18257fac9cad154828a57c6bf5157e1aa604d4816b5995bf6de87ae5" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +] + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + [[package]] name = "uuid" version = "1.4.1" @@ -2127,6 +2469,12 @@ dependencies = [ "getrandom", ] +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.4" @@ -2179,7 +2527,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", "wasm-bindgen-shared", ] @@ -2201,7 +2549,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.74", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2281,6 +2629,15 @@ dependencies = [ "windows-targets 0.48.5", ] +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", +] + [[package]] name = "windows-targets" version = "0.42.2" @@ -2311,6 +2668,22 @@ dependencies = [ "windows_x86_64_msvc 0.48.5", ] +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + [[package]] name = "windows_aarch64_gnullvm" version = "0.42.2" @@ -2323,6 +2696,12 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + [[package]] name = "windows_aarch64_msvc" version = "0.42.2" @@ -2335,6 +2714,12 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + [[package]] name = "windows_i686_gnu" version = "0.42.2" @@ -2347,6 +2732,18 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + [[package]] name = "windows_i686_msvc" version = "0.42.2" @@ -2359,6 +2756,12 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + [[package]] name = "windows_x86_64_gnu" version = "0.42.2" @@ -2371,6 +2774,12 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + [[package]] name = "windows_x86_64_gnullvm" version = "0.42.2" @@ -2383,6 +2792,12 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + [[package]] name = "windows_x86_64_msvc" version = "0.42.2" @@ -2394,3 +2809,18 @@ name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "winnow" +version = "0.5.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" +dependencies = [ + "memchr", +] diff --git a/runc/Cargo.toml b/runc/Cargo.toml index c23bddec..f724b80b 100644 --- a/runc/Cargo.toml +++ b/runc/Cargo.toml @@ -5,13 +5,16 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html +[build-dependencies] +built = { version = "0.7.0", features = ["cargo-lock", "dependency-tree", "git2", "chrono", "semver"] } + [dependencies] env_logger = "0.9.0" anyhow = { version = "=1.0.66", default-features = false, features = ["std"] } tokio = { version = "1.19.2", features = ["full"] } signal-hook-tokio = { version = "0.3.1", features = ["futures-v0_3"] } -async-trait = "0.1.51" -nix = "0.25" +async-trait = "0.1.81" +nix = { version = "0.28.0", features = ["fs", "mount", "socket", "process", "sched", "signal", "term"] } futures = { version = "0.3.21" } log = { version = "0.4.17", features = ["std"] } oci-spec = "0.5.4" @@ -24,7 +27,9 @@ os_pipe = "1.1.4" byteorder = "1.4.3" go-flag = "0.1.0" uuid = { version = "1.1.2", features = ["v4"] } +clap = { version = "4.5.4", features = ["derive"] } +built = { version = "0.7.0", features = ["cargo-lock", "dependency-tree", "git2", "chrono", "semver"] } -containerd-sandbox = { git = "https://github.com/kuasar-io/rust-extensions.git", rev = "6ae99540b754cd28c5389d5d6fdeff6ec7290ec5" } -containerd-shim = { git = "https://github.com/kuasar-io/rust-extensions.git", rev = "6ae99540b754cd28c5389d5d6fdeff6ec7290ec5", features = ["async"] } -runc = { git = "https://github.com/kuasar-io/rust-extensions.git", rev = "6ae99540b754cd28c5389d5d6fdeff6ec7290ec5", features = ["async"] } +containerd-sandbox = { git = "https://github.com/kuasar-io/rust-extensions.git" } +containerd-shim = { git = "https://github.com/kuasar-io/rust-extensions.git", features = ["async"] } +runc = { git = "https://github.com/kuasar-io/rust-extensions.git", features = ["async"] } diff --git a/runc/build.rs b/runc/build.rs new file mode 100644 index 00000000..86b7aee3 --- /dev/null +++ b/runc/build.rs @@ -0,0 +1,24 @@ +/* +Copyright 2024 The Kuasar Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +use std::process::exit; + +fn main() { + if let Err(e) = built::write_built_file() { + eprint!("Failed to acquire build-time information: {:?}", e); + exit(-1) + } +} diff --git a/runc/rustfmt.toml b/runc/rustfmt.toml new file mode 100644 index 00000000..e409f68e --- /dev/null +++ b/runc/rustfmt.toml @@ -0,0 +1,4 @@ +newline_style = "Unix" +unstable_features = true +group_imports = "StdExternalCrate" +imports_granularity = "Crate" diff --git a/runc/src/args.rs b/runc/src/args.rs new file mode 100644 index 00000000..e2b74199 --- /dev/null +++ b/runc/src/args.rs @@ -0,0 +1,60 @@ +/* +Copyright 2024 The Kuasar Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +use clap::Parser; + +#[derive(Parser, Debug)] +#[command(author, about, long_about = None)] +pub struct Args { + /// Version info + #[arg(short, long)] + pub version: bool, + + /// Sandboxer working directory, default is `/run/kuasar-runc` + #[arg(short, long, value_name = "DIR", default_value = "/run/kuasar-runc")] + pub dir: String, + + /// Address for sandboxer's server, default is `/run/runc-sandboxer.sock` + #[arg( + short, + long, + value_name = "FILE", + default_value = "/run/runc-sandboxer.sock" + )] + pub listen: String, + + // log_level is optional and should not have default value if not given, since + // it can be defined in configuration file. + /// Logging level for sandboxer [trace, debug, info, warn, error, fatal, panic] + #[arg(long, value_name = "STRING")] + pub log_level: Option, +} + +#[cfg(test)] +mod tests { + use clap::Parser; + + use crate::args::Args; + + #[test] + fn test_args_parse_default() { + let args = Args::parse(); + assert!(!args.version); + assert_eq!(args.dir, "/run/kuasar-runc"); + assert_eq!(args.listen, "/run/runc-sandboxer.sock"); + assert!(args.log_level.is_none()); + } +} diff --git a/runc/src/common.rs b/runc/src/common.rs index b3fe0bc6..6ec48cd8 100644 --- a/runc/src/common.rs +++ b/runc/src/common.rs @@ -14,7 +14,16 @@ See the License for the specific language governing permissions and limitations under the License. */ -use std::{io::IoSliceMut, ops::Deref, os::unix::io::RawFd, path::Path, sync::Arc}; +use std::{ + io::IoSliceMut, + ops::Deref, + os::{ + fd::{FromRawFd, OwnedFd}, + unix::io::RawFd, + }, + path::Path, + sync::Arc, +}; use anyhow::anyhow; use containerd_shim::{ @@ -164,7 +173,7 @@ pub fn create_runc( #[derive(Default)] pub(crate) struct CreateConfig {} -pub fn receive_socket(stream_fd: RawFd) -> containerd_shim::Result { +pub fn receive_socket(stream_fd: RawFd) -> containerd_shim::Result { let mut buf = [0u8; 4096]; let mut iovec = [IoSliceMut::new(&mut buf)]; let mut space = cmsg_space!([RawFd; 2]); @@ -194,8 +203,9 @@ pub fn receive_socket(stream_fd: RawFd) -> containerd_shim::Result { "copy_console: console socket get path: {}, fd: {}", path, &fds[0] ); - tcgetattr(fds[0])?; - Ok(fds[0]) + let fd = unsafe { OwnedFd::from_raw_fd(fds[0]) }; + tcgetattr(&fd)?; + Ok(fd) } pub fn has_shared_pid_namespace(spec: &Spec) -> bool { diff --git a/runc/src/main.rs b/runc/src/main.rs index 60299efa..74b12d5d 100644 --- a/runc/src/main.rs +++ b/runc/src/main.rs @@ -14,51 +14,71 @@ See the License for the specific language governing permissions and limitations under the License. */ -use std::ffi::CString; -use std::os::fd::RawFd; -use std::process::exit; +use std::{ + ffi::CString, + os::fd::{AsRawFd, FromRawFd, OwnedFd, RawFd}, + path::Path, + process::exit, + str::FromStr, +}; use anyhow::anyhow; +use clap::Parser; use containerd_shim::asynchronous::monitor::monitor_notify_by_pid; use futures::StreamExt; -use log::{debug, error, warn}; -use nix::fcntl::{fcntl, FcntlArg, FdFlag, OFlag}; -use nix::sched::{setns, unshare, CloneFlags}; -use nix::sys::signal::{sigaction, SaFlags, SigAction, SigHandler, SigSet, SIGCHLD}; -use nix::sys::stat::Mode; -use nix::unistd::{close, fork, pause, pipe, read, write, ForkResult}; +use log::{debug, error, warn, LevelFilter}; use nix::{ errno::Errno, + fcntl::{fcntl, FcntlArg, FdFlag, OFlag}, libc, + sched::{setns, unshare, CloneFlags}, sys::{ + signal::{sigaction, SaFlags, SigAction, SigHandler, SigSet, SIGCHLD}, + stat::Mode, wait, wait::{WaitPidFlag, WaitStatus}, }, - unistd::Pid, + unistd::{fork, pause, pipe, read, write, ForkResult, Pid}, }; use prctl::PrctlMM; use signal_hook_tokio::Signals; use uuid::Uuid; -use crate::sandbox::{RuncSandboxer, SandboxParent}; -use crate::task::fork_task_server; +use crate::{ + sandbox::{RuncSandboxer, SandboxParent}, + task::fork_task_server, +}; +mod args; mod common; mod runc; mod sandbox; mod task; +mod version; fn main() { - env_logger::builder().format_timestamp_micros().init(); + let args = args::Args::parse(); + if args.version { + version::print_version_info(); + return; + } + + // Update args log level if it not presents args but in config. + let log_level = + LevelFilter::from_str(&args.log_level.unwrap_or_default()).unwrap_or(LevelFilter::Info); + env_logger::Builder::from_default_env() + .format_timestamp_micros() + .filter_module("containerd_sandbox", log_level) + .filter_module("runc_sandboxer", log_level) + .init(); + let sandbox_parent = fork_sandbox_parent().unwrap(); - let os_args: Vec<_> = std::env::args_os().collect(); - // TODO avoid parse args multiple times - let flags = containerd_sandbox::args::parse(&os_args[1..]).unwrap(); - let task_socket = format!("{}/task-{}.sock", flags.dir, Uuid::new_v4()); - fork_task_server(&task_socket, &flags.dir).unwrap(); + + let task_socket = format!("{}/task-{}.sock", &args.dir, Uuid::new_v4()); + fork_task_server(&task_socket, &args.dir).unwrap(); let runtime = tokio::runtime::Runtime::new().unwrap(); runtime.block_on(async move { - start_sandboxer(sandbox_parent, task_socket, flags.dir) + start_sandboxer(sandbox_parent, task_socket, &args.listen, &args.dir) .await .unwrap(); }); @@ -75,12 +95,12 @@ fn fork_sandbox_parent() -> Result { match unsafe { fork().map_err(|e| anyhow!("failed to fork sandbox parent {}", e))? } { ForkResult::Parent { child } => { debug!("forked process {} for the sandbox parent", child); - close(reqr).unwrap_or_default(); - close(respw).unwrap_or_default(); + drop(reqr); + drop(respw); } ForkResult::Child => { - close(reqw).unwrap_or_default(); - close(respr).unwrap_or_default(); + drop(reqw); + drop(respr); prctl::set_child_subreaper(true).unwrap(); let comm = "[sandbox-parent]"; let comm_cstr = CString::new(comm).unwrap(); @@ -95,7 +115,7 @@ fn fork_sandbox_parent() -> Result { sigaction(SIGCHLD, &sig_action).unwrap(); } loop { - let buffer = read_count(reqr, 512).unwrap(); + let buffer = read_count(reqr.as_raw_fd(), 512).unwrap(); let id = String::from_utf8_lossy(&buffer[0..64]).to_string(); let mut zero_index = 64; for (i, &b) in buffer.iter().enumerate().take(512).skip(64) { @@ -106,12 +126,12 @@ fn fork_sandbox_parent() -> Result { } let netns = String::from_utf8_lossy(&buffer[64..zero_index]).to_string(); let sandbox_pid = fork_sandbox(&id, &netns).unwrap(); - write_all(respw, sandbox_pid.to_le_bytes().as_slice()).unwrap(); + write_all(&respw, sandbox_pid.to_le_bytes().as_slice()).unwrap(); } } } - fcntl(reqw, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)).unwrap_or_default(); - fcntl(respr, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)).unwrap_or_default(); + fcntl(reqw.as_raw_fd(), FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)).unwrap_or_default(); + fcntl(respr.as_raw_fd(), FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)).unwrap_or_default(); Ok(SandboxParent::new(reqw, respr)) } @@ -136,7 +156,7 @@ pub fn read_count(fd: RawFd, count: usize) -> Result, anyhow::Error> { } } -pub fn write_all(fd: RawFd, buf: &[u8]) -> Result<(), anyhow::Error> { +pub fn write_all(fd: &OwnedFd, buf: &[u8]) -> Result<(), anyhow::Error> { let mut idx = 0; let count = buf.len(); loop { @@ -162,21 +182,21 @@ fn fork_sandbox(id: &str, netns: &str) -> Result { match unsafe { fork().map_err(|e| anyhow!("failed to fork sandbox {}", e))? } { ForkResult::Parent { child } => { debug!("forked process {} for the sandbox {}", child, id); - close(w).unwrap_or_default(); + drop(w); let mut resp = [0u8; 4]; - let r = read_count(r, 4)?; + let r = read_count(r.as_raw_fd(), 4)?; resp[..].copy_from_slice(r.as_slice()); let pid = i32::from_le_bytes(resp); Ok(pid) } ForkResult::Child => { - close(r).unwrap_or_default(); + drop(r); unshare(CloneFlags::CLONE_NEWIPC | CloneFlags::CLONE_NEWUTS | CloneFlags::CLONE_NEWPID) .unwrap(); match unsafe { fork().unwrap() } { ForkResult::Parent { child } => { debug!("forked process {} for the sandbox {}", child, id); - write_all(w, child.as_raw().to_le_bytes().as_slice()).unwrap(); + write_all(&w, child.as_raw().to_le_bytes().as_slice()).unwrap(); exit(0); } ForkResult::Child => { @@ -186,7 +206,8 @@ fn fork_sandbox(id: &str, netns: &str) -> Result { set_process_comm(addr as u64, comm_cstr.as_bytes_with_nul().len() as u64); if !netns.is_empty() { let netns_fd = - nix::fcntl::open(netns, OFlag::O_CLOEXEC, Mode::empty()).unwrap(); + safe_open_file(Path::new(&netns), OFlag::O_CLOEXEC, Mode::empty()) + .unwrap(); setns(netns_fd, CloneFlags::CLONE_NEWNET).unwrap(); } loop { @@ -198,6 +219,16 @@ fn fork_sandbox(id: &str, netns: &str) -> Result { } } +pub fn safe_open_file( + path: &P, + oflag: OFlag, + mode: Mode, +) -> Result { + let fd = nix::fcntl::open(path, oflag, mode)?; + // SAFETY: contruct a OwnedFd from RawFd, close fd when OwnedFd drop + Ok(unsafe { OwnedFd::from_raw_fd(fd) }) +} + fn set_process_comm(addr: u64, len: u64) { if prctl::set_mm(PrctlMM::PR_SET_MM_ARG_START, addr).is_err() { prctl::set_mm(PrctlMM::PR_SET_MM_ARG_END, addr + len).unwrap(); @@ -230,12 +261,13 @@ extern "C" fn sandbox_parent_handle_signals(_: libc::c_int) { async fn start_sandboxer( sandbox_parent: SandboxParent, task_socket: String, - dir: String, + listen: &str, + dir: &str, ) -> anyhow::Result<()> { let task_address = format!("unix://{}", task_socket); let sandboxer = RuncSandboxer::new(sandbox_parent, &task_address).await?; - sandboxer.recover(&dir).await?; - containerd_sandbox::run("runc-sandboxer", sandboxer).await?; + sandboxer.recover(dir).await?; + containerd_sandbox::run("kuasar-runc-sandboxer", listen, dir, sandboxer).await?; Ok(()) } diff --git a/runc/src/runc.rs b/runc/src/runc.rs index 3b55f1fd..f864dd24 100644 --- a/runc/src/runc.rs +++ b/runc/src/runc.rs @@ -16,9 +16,12 @@ use std::{ convert::TryFrom, - os::unix::{ - io::{AsRawFd, FromRawFd, RawFd}, - prelude::ExitStatusExt, + os::{ + fd::{IntoRawFd, OwnedFd}, + unix::{ + io::{AsRawFd, FromRawFd}, + prelude::ExitStatusExt, + }, }, path::{Path, PathBuf}, process::ExitStatus, @@ -34,6 +37,7 @@ use containerd_shim::{ container::{ContainerFactory, ContainerTemplate, ProcessFactory}, monitor::{monitor_subscribe, monitor_unsubscribe, Subscription}, processes::{ProcessLifecycle, ProcessTemplate}, + util::write_str_to_file, }, io::Stdio, io_error, @@ -44,22 +48,21 @@ use containerd_shim::{ cgroups::metrics::Metrics, protobuf::{CodedInputStream, Message}, }, - util::{asyncify, mkdir, mount_rootfs, read_file_to_str, write_options, write_runtime}, + util::{ + asyncify, mkdir, mount_rootfs, read_file_to_str, read_spec, write_options, write_runtime, + CONFIG_FILE_NAME, + }, Console, Error, ExitSignal, Result, }; -use containerd_shim::{ - asynchronous::util::write_str_to_file, - util::{read_spec, CONFIG_FILE_NAME}, -}; use log::{debug, error}; use nix::{sys::signal::kill, unistd::Pid}; use oci_spec::runtime::{LinuxResources, Process}; use runc::{Command, Runc, Spawner}; use serde::{Deserialize, Serialize}; -use tokio::io::{AsyncBufReadExt, BufReader}; use tokio::{ fs::{File, OpenOptions}, - io::{AsyncRead, AsyncReadExt, AsyncWrite}, + io::{AsyncBufReadExt, AsyncRead, AsyncReadExt, AsyncWrite, BufReader}, + sync::Mutex, }; use crate::common::{ @@ -291,6 +294,7 @@ impl ProcessFactory for RuncExecFactory { spec: p, exit_signal: Default::default(), }), + stdin: Arc::new(Mutex::new(None)), }) } } @@ -506,8 +510,8 @@ async fn copy_console( ) -> Result { debug!("copy_console: waiting for runtime to send console fd"); let stream = console_socket.accept().await?; - let fd = asyncify(move || -> Result { receive_socket(stream.as_raw_fd()) }).await?; - let f = unsafe { File::from_raw_fd(fd) }; + let fd = asyncify(move || -> Result { receive_socket(stream.as_raw_fd()) }).await?; + let f = unsafe { File::from_raw_fd(fd.into_raw_fd()) }; if !stdio.stdin.is_empty() { debug!("copy_console: pipe stdin to console"); let console_stdin = f diff --git a/runc/src/sandbox.rs b/runc/src/sandbox.rs index e1032662..00eb532d 100644 --- a/runc/src/sandbox.rs +++ b/runc/src/sandbox.rs @@ -14,37 +14,33 @@ See the License for the specific language governing permissions and limitations under the License. */ -use std::collections::HashMap; -use std::io::Write; -use std::os::fd::RawFd; -use std::path::Path; -use std::sync::Arc; +use std::{ + collections::HashMap, + io::Write, + os::fd::{AsRawFd, OwnedFd}, + path::Path, + sync::Arc, +}; use anyhow::anyhow; use async_trait::async_trait; -use containerd_sandbox::cri::api::v1::NamespaceMode; -use containerd_sandbox::data::{ContainerData, SandboxData}; -use containerd_sandbox::error::{Error, Result}; -use containerd_sandbox::signal::ExitSignal; use containerd_sandbox::{ + cri::api::v1::NamespaceMode, + data::{ContainerData, SandboxData}, + error::{Error, Result}, + signal::ExitSignal, Container, ContainerOption, Sandbox, SandboxOption, SandboxStatus, Sandboxer, }; use log::warn; use nix::{ - mount::MsFlags, - unistd::{close, Pid}, -}; -use nix::{ - mount::{mount, umount}, + mount::{mount, umount, MsFlags}, sys::signal::{kill, Signal}, + unistd::Pid, }; use serde::{Deserialize, Serialize}; use tokio::{ - fs::{create_dir_all, remove_dir_all}, + fs::{create_dir_all, remove_dir_all, File, OpenOptions}, io::{AsyncReadExt, AsyncWriteExt}, -}; -use tokio::{ - fs::{File, OpenOptions}, sync::{Mutex, RwLock}, }; @@ -80,34 +76,27 @@ impl Container for RuncContainerData { } pub struct SandboxParent { - req: RawFd, - resp: RawFd, + req: OwnedFd, + resp: OwnedFd, } impl SandboxParent { - pub fn new(req: RawFd, resp: RawFd) -> Self { + pub fn new(req: OwnedFd, resp: OwnedFd) -> Self { Self { req, resp } } pub fn fork_sandbox_process(&mut self, id: &str, netns: &str) -> Result { let mut req = [0u8; 512]; (&mut req[0..64]).write_all(id.as_bytes())?; (&mut req[64..]).write_all(netns.as_bytes())?; - write_all(self.req, &req)?; + write_all(&self.req, &req)?; let mut resp = [0u8; 4]; - let r = read_count(self.resp, 4)?; + let r = read_count(self.resp.as_raw_fd(), 4)?; resp[..].copy_from_slice(r.as_slice()); let pid = i32::from_le_bytes(resp); Ok(pid) } } -impl Drop for SandboxParent { - fn drop(&mut self) { - close(self.req).unwrap_or_default(); - close(self.resp).unwrap_or_default(); - } -} - impl RuncSandboxer { pub async fn new(sandbox_parent: SandboxParent, task_address: &str) -> Result { Ok(Self { @@ -181,7 +170,10 @@ impl Sandboxer for RuncSandboxer { e })?; - sandbox.data.task_address.clone_from(&self.task_address); + sandbox + .data + .task_address + .clone_from(&format!("ttrpc+{}", self.task_address)); sandbox.dump().await.map_err(|e| { kill(Pid::from_raw(sandbox_pid), Signal::SIGKILL).unwrap_or_default(); e @@ -189,6 +181,12 @@ impl Sandboxer for RuncSandboxer { Ok(()) } + async fn update(&self, id: &str, data: SandboxData) -> Result<()> { + let sandbox = self.sandbox(id).await?; + sandbox.lock().await.data = data; + Ok(()) + } + async fn sandbox(&self, id: &str) -> Result>> { return Ok(self .sandboxes diff --git a/runc/src/task.rs b/runc/src/task.rs index 7462b6c7..964f88b7 100644 --- a/runc/src/task.rs +++ b/runc/src/task.rs @@ -14,32 +14,47 @@ See the License for the specific language governing permissions and limitations under the License. */ -use std::os::fd::{AsRawFd, RawFd}; -use std::os::unix::net::UnixListener; -use std::process::exit; -use std::sync::Arc; -use std::{collections::HashMap, time::Duration}; +use std::{ + collections::HashMap, + mem::forget, + os::{ + fd::{AsRawFd, OwnedFd}, + unix::net::UnixListener, + }, + process::exit, + sync::Arc, + time::Duration, +}; use anyhow::anyhow; use containerd_sandbox::error; -use containerd_shim::asynchronous::monitor::{monitor_subscribe, monitor_unsubscribe}; -use containerd_shim::asynchronous::task::TaskService; -use containerd_shim::asynchronous::util::{asyncify, read_spec}; -use containerd_shim::container::Container; -use containerd_shim::monitor::{Subject, Topic}; -use containerd_shim::processes::Process; -use containerd_shim::protos::shim::shim_ttrpc_async::create_task; -use containerd_shim::protos::ttrpc::asynchronous::Server; +use containerd_shim::{ + asynchronous::{ + monitor::{monitor_subscribe, monitor_unsubscribe}, + task::TaskService, + util::{asyncify, read_spec}, + }, + container::Container, + monitor::{Subject, Topic}, + processes::Process, + protos::{shim::shim_ttrpc_async::create_task, ttrpc::asynchronous::Server}, +}; use log::{debug, error}; -use nix::libc; -use nix::unistd::{close, fork, pipe, ForkResult}; +use nix::{ + libc, + unistd::{fork, pipe, ForkResult}, +}; use signal_hook_tokio::Signals; -use tokio::sync::Mutex; -use tokio::{sync::mpsc::channel, time::sleep}; +use tokio::{ + sync::{mpsc::channel, Mutex}, + time::sleep, +}; -use crate::common::{has_shared_pid_namespace, prepare_unix_socket}; -use crate::runc::{RuncContainer, RuncFactory}; -use crate::{handle_signals, read_count}; +use crate::{ + common::{has_shared_pid_namespace, prepare_unix_socket}, + handle_signals, read_count, + runc::{RuncContainer, RuncFactory}, +}; pub fn fork_task_server(task_socket: &str, sandbox_parent_dir: &str) -> Result<(), anyhow::Error> { prepare_unix_socket(task_socket)?; @@ -48,12 +63,13 @@ pub fn fork_task_server(task_socket: &str, sandbox_parent_dir: &str) -> Result<( let (pipe_r, pipe_w) = pipe().map_err(|e| anyhow!("failed to create pipe {}", e))?; match unsafe { fork().map_err(|e| anyhow!("failed to fork task service {}", e))? } { ForkResult::Parent { child: _ } => { - close(pipe_r).unwrap_or_default(); + drop(pipe_r); drop(task_listener); + forget(pipe_w); Ok(()) } ForkResult::Child => { - close(pipe_w).unwrap_or_default(); + drop(pipe_w); prctl::set_child_subreaper(true).unwrap(); // TODO set thread count let runtime = tokio::runtime::Runtime::new().unwrap(); @@ -70,7 +86,7 @@ pub fn fork_task_server(task_socket: &str, sandbox_parent_dir: &str) -> Result<( async fn run_task_server( listener: UnixListener, - exit_pipe: RawFd, + exit_pipe: OwnedFd, sandbox_parent_dir: &str, ) -> error::Result<()> { let task = start_task_service(sandbox_parent_dir).await?; @@ -88,7 +104,7 @@ async fn run_task_server( .await .map_err(|e| anyhow!("failed to start task server, {}", e))?; // wait parent exit - asyncify(move || Ok(read_count(exit_pipe, 1).unwrap_or_default())) + asyncify(move || Ok(read_count(exit_pipe.as_raw_fd(), 1).unwrap_or_default())) .await .unwrap_or_default(); diff --git a/runc/src/version.rs b/runc/src/version.rs new file mode 100644 index 00000000..7956e43b --- /dev/null +++ b/runc/src/version.rs @@ -0,0 +1,30 @@ +/* +Copyright 2024 The Kuasar Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +pub mod built_info { + // The file has been placed there by the build script. + include!(concat!(env!("OUT_DIR"), "/built.rs")); +} + +pub fn print_version_info() { + if let Some(v) = built_info::GIT_VERSION { + match built_info::GIT_DIRTY { + Some(true) => println!("Version: {}-dirty", v), + _ => println!("Version: {}", v), + } + } + println!("Build Time: {}", built_info::BUILT_TIME_UTC) +}