Skip to content

Commit

Permalink
runc: add copyright and CI scripts
Browse files Browse the repository at this point in the history
Signed-off-by: Abel Feng <[email protected]>
  • Loading branch information
abel-von committed Dec 7, 2023
1 parent b5b6b54 commit 228d3a9
Show file tree
Hide file tree
Showing 7 changed files with 86 additions and 29 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
checks:
strategy:
matrix:
directories: [vmm/sandbox, vmm/task, shim, quark]
directories: [vmm/sandbox, vmm/task, shim, quark, runc]
features: [--all-features]
include:
- directories: wasm
Expand Down Expand Up @@ -49,7 +49,7 @@ jobs:
tests:
strategy:
matrix:
directories: [vmm/sandbox, vmm/task, shim, quark]
directories: [vmm/sandbox, vmm/task, shim, quark, runc]
features: [--all-features]
include:
- directories: wasm
Expand Down
11 changes: 10 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,13 @@ bin/quark-sandboxer:
@cd quark && cargo build --release
@mkdir -p bin && cp quark/target/release/quark-sandboxer bin/quark-sandboxer

bin/runc-sandboxer:
@cd runc && cargo build --release
@mkdir -p bin && cp runc/target/release/runc-sandboxer bin/runc-sandboxer

wasm: bin/wasm-sandboxer
quark: bin/quark-sandboxer
runc: bin/runc-sandboxer

ifeq ($(HYPERVISOR), stratovirt)
vmm: bin/vmm-sandboxer bin/kuasar.initrd bin/vmlinux.bin
Expand All @@ -57,6 +62,7 @@ clean:
@cd vmm/task && cargo clean
@cd wasm && cargo clean
@cd quark && cargo clean
@cd runc && cargo clean

install-vmm:
@install -d -m 750 ${DEST_DIR}${BIN_DIR}
Expand All @@ -82,4 +88,7 @@ install-wasm:
install-quark:
@install -p -m 550 bin/quark-sandboxer ${DEST_DIR}${BIN_DIR}/quark-sandboxer

install: all install-vmm install-wasm install-quark
install-runc:
@install -p -m 550 bin/runc-sandboxer ${DEST_DIR}${BIN_DIR}/runc-sandboxer

install: all install-vmm install-wasm install-quark install-runc
20 changes: 10 additions & 10 deletions runc/src/common.rs
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
/*
Copyright The containerd Authors.
Copyright 2022 The Kuasar Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

use std::{io::IoSliceMut, ops::Deref, os::unix::io::RawFd, path::Path, sync::Arc};
Expand Down
30 changes: 23 additions & 7 deletions runc/src/main.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
/*
Copyright 2022 The Kuasar Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

use std::ffi::CString;
use std::os::fd::RawFd;
use std::process::exit;
Expand Down Expand Up @@ -38,7 +54,7 @@ fn main() {
let os_args: Vec<_> = std::env::args_os().collect();
// TODO avoid parse args multiple times
let flags = containerd_sandbox::args::parse(&os_args[1..]).unwrap();
let task_socket = format!("{}/task-{}.sock", flags.dir, Uuid::new_v4().to_string());
let task_socket = format!("{}/task-{}.sock", flags.dir, Uuid::new_v4());
fork_task_server(&task_socket, &flags.dir).unwrap();
let runtime = tokio::runtime::Runtime::new().unwrap();
runtime.block_on(async move {
Expand Down Expand Up @@ -66,7 +82,7 @@ fn fork_sandbox_parent() -> Result<SandboxParent, anyhow::Error> {
close(reqw).unwrap_or_default();
close(respr).unwrap_or_default();
prctl::set_child_subreaper(true).unwrap();
let comm = format!("[sandbox-parent]");
let comm = "[sandbox-parent]";
let comm_cstr = CString::new(comm).unwrap();
let addr = comm_cstr.as_ptr();
set_process_comm(addr as u64, comm_cstr.as_bytes_with_nul().len() as u64);
Expand All @@ -82,8 +98,8 @@ fn fork_sandbox_parent() -> Result<SandboxParent, anyhow::Error> {
let buffer = read_count(reqr, 512).unwrap();
let id = String::from_utf8_lossy(&buffer[0..64]).to_string();
let mut zero_index = 64;
for i in 64..512 {
if buffer[i] == 0 {
for (i, &b) in buffer.iter().enumerate().take(512).skip(64) {
if b == 0 {
zero_index = i;
break;
}
Expand Down Expand Up @@ -151,7 +167,7 @@ fn fork_sandbox(id: &str, netns: &str) -> Result<i32, anyhow::Error> {
let r = read_count(r, 4)?;
resp[..].copy_from_slice(r.as_slice());
let pid = i32::from_le_bytes(resp);
return Ok(pid);
Ok(pid)
}
ForkResult::Child => {
close(r).unwrap_or_default();
Expand All @@ -170,7 +186,7 @@ fn fork_sandbox(id: &str, netns: &str) -> Result<i32, anyhow::Error> {
set_process_comm(addr as u64, comm_cstr.as_bytes_with_nul().len() as u64);
if !netns.is_empty() {
let netns_fd =
nix::fcntl::open(&*netns, OFlag::O_CLOEXEC, Mode::empty()).unwrap();
nix::fcntl::open(netns, OFlag::O_CLOEXEC, Mode::empty()).unwrap();
setns(netns_fd, CloneFlags::CLONE_NEWNET).unwrap();
}
loop {
Expand All @@ -183,7 +199,7 @@ fn fork_sandbox(id: &str, netns: &str) -> Result<i32, anyhow::Error> {
}

fn set_process_comm(addr: u64, len: u64) {
if let Err(_) = prctl::set_mm(PrctlMM::PR_SET_MM_ARG_START, addr) {
if prctl::set_mm(PrctlMM::PR_SET_MM_ARG_START, addr).is_err() {
prctl::set_mm(PrctlMM::PR_SET_MM_ARG_END, addr + len).unwrap();
prctl::set_mm(PrctlMM::PR_SET_MM_ARG_START, addr).unwrap()
} else {
Expand Down
4 changes: 2 additions & 2 deletions runc/src/runc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ impl RuncFactory {
if let Some(s) = socket {
s.clean().await;
}
let runtime_e = runtime_error(e, &*bundle).await;
let runtime_e = runtime_error(e, bundle).await;
return Err(runtime_e);
}
copy_io_or_console(init, socket, pio, init.lifecycle.exit_signal.clone()).await?;
Expand Down Expand Up @@ -474,7 +474,7 @@ impl ProcessLifecycle<ExecProcess> for RuncExecLifecycle {
} else {
// TODO this is kill from nix crate, it is os specific, maybe have annotated with target os
kill(
Pid::from_raw(p.pid as i32),
Pid::from_raw(p.pid),
nix::sys::signal::Signal::try_from(signal as i32).unwrap(),
)
.map_err(Into::into)
Expand Down
28 changes: 22 additions & 6 deletions runc/src/sandbox.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
/*
Copyright 2022 The Kuasar Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

use std::collections::HashMap;
use std::io::Write;
use std::os::fd::RawFd;
Expand Down Expand Up @@ -94,11 +110,11 @@ impl Drop for SandboxParent {

impl RuncSandboxer {
pub async fn new(sandbox_parent: SandboxParent, task_address: &str) -> Result<Self> {
return Ok(Self {
Ok(Self {
task_address: task_address.to_string(),
sandboxes: Default::default(),
sandbox_parent: Arc::new(Mutex::new(sandbox_parent)),
});
})
}

pub async fn recover(&self, dir: &str) -> Result<()> {
Expand Down Expand Up @@ -161,13 +177,13 @@ impl Sandboxer for RuncSandboxer {
let mut sandbox_parent = self.sandbox_parent.lock().await;
let sandbox_pid = sandbox_parent.fork_sandbox_process(id, &sandbox.data.netns)?;
sandbox.prepare_sandbox_ns(sandbox_pid).await.map_err(|e| {
kill(Pid::from_raw(sandbox_pid as i32), Signal::SIGKILL).unwrap_or_default();
kill(Pid::from_raw(sandbox_pid), Signal::SIGKILL).unwrap_or_default();
e
})?;

sandbox.data.task_address = self.task_address.clone();
sandbox.dump().await.map_err(|e| {
kill(Pid::from_raw(sandbox_pid as i32), Signal::SIGKILL).unwrap_or_default();
kill(Pid::from_raw(sandbox_pid), Signal::SIGKILL).unwrap_or_default();
e
})?;
Ok(())
Expand Down Expand Up @@ -290,7 +306,7 @@ impl RuncSandbox {
)
.map_err(|e| anyhow!("failed to mount sandbox network ns, {}", e))?;

kill(Pid::from_raw(sandbox_pid as i32), Signal::SIGKILL).unwrap_or_default();
kill(Pid::from_raw(sandbox_pid), Signal::SIGKILL).unwrap_or_default();
self.status = SandboxStatus::Running(0);
} else {
self.status = SandboxStatus::Running(sandbox_pid as u32);
Expand All @@ -315,7 +331,7 @@ impl RuncSandbox {
return true;
}
}
return false;
false
}
}

Expand Down
18 changes: 17 additions & 1 deletion runc/src/task.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
/*
Copyright 2022 The Kuasar Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

use std::os::fd::{AsRawFd, RawFd};
use std::os::unix::net::UnixListener;
use std::process::exit;
Expand Down Expand Up @@ -34,7 +50,7 @@ pub fn fork_task_server(task_socket: &str, sandbox_parent_dir: &str) -> Result<(
ForkResult::Parent { child: _ } => {
close(pipe_r).unwrap_or_default();
drop(task_listener);
return Ok(());
Ok(())
}
ForkResult::Child => {
close(pipe_w).unwrap_or_default();
Expand Down

0 comments on commit 228d3a9

Please sign in to comment.