Skip to content

Commit

Permalink
update nix to 0.27.1
Browse files Browse the repository at this point in the history
Signed-off-by: 闹钟大魔王 <[email protected]>
  • Loading branch information
anti-entropy123 committed Sep 19, 2023
1 parent 79837a6 commit 4cd83b1
Show file tree
Hide file tree
Showing 16 changed files with 120 additions and 82 deletions.
26 changes: 19 additions & 7 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 7 additions & 7 deletions crates/libcgroups/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,24 +14,24 @@ keywords = ["youki", "container", "cgroups"]

[features]
default = ["v1", "v2", "systemd"]
v1 = []
v2 = []
systemd = ["v2", "dep:dbus"]
cgroupsv2_devices = ["rbpf", "libbpf-sys", "errno", "libc"]
v1 = ["nix/process", "nix/fs", "nix/signal"]
v2 = ["nix/process", "nix/fs", "nix/signal"]
systemd = ["v2", "dep:dbus", "nix/user"]
cgroupsv2_devices = ["rbpf", "libbpf-sys", "errno", "libc", "nix/dir"]

[dependencies]
nix = "0.26.2"
nix = { version = "0.27.1" }
procfs = "0.15.1"
oci-spec = { version = "~0.6.2", features = ["runtime"] }
dbus = { version = "0.9.7", optional = true }
fixedbitset = "0.4.2"
serde = { version = "1.0", features = ["derive"] }
rbpf = {version = "0.2.0", optional = true }
rbpf = { version = "0.2.0", optional = true }
libbpf-sys = { version = "1.2.1", optional = true }
errno = { version = "0.3.3", optional = true }
libc = { version = "0.2.148", optional = true }
thiserror = "1.0.48"
tracing = { version = "0.1.37", features = ["attributes"]}
tracing = { version = "0.1.37", features = ["attributes"] }

[dev-dependencies]
anyhow = "1.0"
Expand Down
20 changes: 18 additions & 2 deletions crates/libcontainer/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,27 @@ cgroupsv2_devices = ["libcgroups/cgroupsv2_devices"]
[dependencies]
bitflags = "2.4.0"
caps = "0.5.5"
chrono = { version = "0.4", default-features = false, features = ["clock", "serde"] }
chrono = { version = "0.4", default-features = false, features = [
"clock",
"serde",
] }
fastrand = "^2.0.0"
futures = { version = "0.3", features = ["thread-pool"] }
libc = "0.2.148"
nix = "0.26.2"
nix = { version = "0.27.1", features = [
"fs",
"process",
"signal",
"socket",
"mount",
"sched",
"hostname",
"mman",
"resource",
"dir",
"term",
"user",
] }
oci-spec = { version = "~0.6.2", features = ["runtime"] }
once_cell = "1.18.0"
procfs = "0.15.1"
Expand Down
13 changes: 9 additions & 4 deletions crates/libcontainer/src/channel.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@ use serde::{Deserialize, Serialize};
use std::{
io::{IoSlice, IoSliceMut},
marker::PhantomData,
os::unix::prelude::RawFd,
os::{
fd::{AsRawFd, OwnedFd},
unix::prelude::RawFd,
},
};

#[derive(Debug, thiserror::Error)]
Expand Down Expand Up @@ -198,18 +201,20 @@ where
{
let (os_sender, os_receiver) = unix_channel()?;
let receiver = Receiver {
receiver: os_receiver,
receiver: os_receiver.as_raw_fd(),
phantom: PhantomData,
};
let sender = Sender {
sender: os_sender,
sender: os_sender.as_raw_fd(),
phantom: PhantomData,
};
std::mem::forget(os_sender);
std::mem::forget(os_receiver);
Ok((sender, receiver))
}

// Use socketpair as the underlying pipe.
fn unix_channel() -> Result<(RawFd, RawFd), ChannelError> {
fn unix_channel() -> Result<(OwnedFd, OwnedFd), ChannelError> {
Ok(socket::socketpair(
socket::AddressFamily::Unix,
socket::SockType::SeqPacket,
Expand Down
11 changes: 10 additions & 1 deletion crates/libcontainer/src/container/init_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ use nix::unistd;
use oci_spec::runtime::Spec;
use std::{
fs,
os::fd::AsRawFd,
path::{Path, PathBuf},
rc::Rc,
rc::Rc, mem::forget,
};
use user_ns::UserNamespaceConfig;

Expand Down Expand Up @@ -85,6 +86,14 @@ impl InitContainerBuilder {
} else {
None
};
let csocketfd = csocketfd.map(|sockfd| match sockfd {
Some(sockfd) => {
let fd = sockfd.as_raw_fd();
forget(sockfd);
fd
}
None => -1,
});

let user_ns_config = UserNamespaceConfig::new(&spec)?;

Expand Down
16 changes: 9 additions & 7 deletions crates/libcontainer/src/container/tenant_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@ use oci_spec::runtime::{
};
use procfs::process::Namespace;

use std::mem::forget;
use std::os::fd::{AsRawFd, OwnedFd};
use std::rc::Rc;
use std::{
collections::HashMap,
convert::TryFrom,
ffi::{OsStr, OsString},
fs,
io::BufReader,
os::unix::prelude::RawFd,
path::{Path, PathBuf},
str::FromStr,
};
Expand Down Expand Up @@ -117,6 +118,11 @@ impl TenantContainerBuilder {
// if socket file path is given in commandline options,
// get file descriptors of console socket
let csocketfd = self.setup_tty_socket(&container_dir)?;
let csocketfd = csocketfd.map(|sockfd| {
let fd = sockfd.as_raw_fd();
forget(sockfd);
fd
});

let use_systemd = self.should_use_systemd(&container);
let user_ns_config = UserNamespaceConfig::new(&spec)?;
Expand Down Expand Up @@ -430,14 +436,10 @@ impl TenantContainerBuilder {
Ok(socket_path)
}

fn setup_tty_socket(&self, container_dir: &Path) -> Result<Option<RawFd>, LibcontainerError> {
fn setup_tty_socket(&self, container_dir: &Path) -> Result<Option<OwnedFd>, LibcontainerError> {
let tty_name = Self::generate_name(container_dir, TENANT_TTY);
let csocketfd = if let Some(console_socket) = &self.base.console_socket {
Some(tty::setup_console_socket(
container_dir,
console_socket,
&tty_name,
)?)
tty::setup_console_socket(container_dir, console_socket, &tty_name)?
} else {
None
};
Expand Down
6 changes: 1 addition & 5 deletions crates/libcontainer/src/namespaces.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
//! Cgroup (Resource limits, execution priority etc.)
use crate::syscall::{syscall::create_syscall, Syscall};
use nix::{fcntl, sched::CloneFlags, sys::stat, unistd};
use nix::{fcntl, sched::CloneFlags, sys::stat};
use oci_spec::runtime::{LinuxNamespace, LinuxNamespaceType};
use std::collections;

Expand Down Expand Up @@ -110,10 +110,6 @@ impl Namespaces {
tracing::error!(?err, ?namespace, "failed to set namespace");
err
})?;
unistd::close(fd).map_err(|err| {
tracing::error!(?err, ?namespace, "failed to close namespace file");
err
})?;
}
None => {
self.command
Expand Down
6 changes: 3 additions & 3 deletions crates/libcontainer/src/process/fork.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use std::{ffi::c_int, num::NonZeroUsize};
use std::{ffi::c_int, fs::File, num::NonZeroUsize};

use libc::SIGCHLD;
use nix::{
Expand Down Expand Up @@ -164,12 +164,12 @@ fn clone(cb: CloneCb, flags: u64, exit_signal: Option<u64>) -> Result<Pid, Clone
// do not use MAP_GROWSDOWN since it is not well supported.
// Ref: https://man7.org/linux/man-pages/man2/mmap.2.html
let child_stack = unsafe {
mman::mmap(
mman::mmap::<File>(
None,
NonZeroUsize::new(default_stack_size).ok_or(CloneError::ZeroStackSize)?,
mman::ProtFlags::PROT_READ | mman::ProtFlags::PROT_WRITE,
mman::MapFlags::MAP_PRIVATE | mman::MapFlags::MAP_ANONYMOUS | mman::MapFlags::MAP_STACK,
-1,
None,
0,
)
.map_err(CloneError::StackAllocation)?
Expand Down
23 changes: 13 additions & 10 deletions crates/libcontainer/src/process/seccomp_listener.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use nix::{
unistd,
};
use oci_spec::runtime;
use std::{io::IoSlice, path::Path};
use std::{io::IoSlice, os::fd::AsRawFd, path::Path};

use super::channel;

Expand Down Expand Up @@ -76,7 +76,7 @@ fn sync_seccomp_send_msg(listener_path: &Path, msg: &[u8], fd: i32) -> Result<()
);
SeccompListenerError::UnixOther(err)
})?;
socket::connect(socket, &unix_addr).map_err(|err| {
socket::connect(socket.as_raw_fd(), &unix_addr).map_err(|err| {
tracing::error!(
?err,
?listener_path,
Expand All @@ -91,14 +91,17 @@ fn sync_seccomp_send_msg(listener_path: &Path, msg: &[u8], fd: i32) -> Result<()
let iov = [IoSlice::new(msg)];
let fds = [fd];
let cmsgs = socket::ControlMessage::ScmRights(&fds);
socket::sendmsg::<UnixAddr>(socket, &iov, &[cmsgs], socket::MsgFlags::empty(), None).map_err(
|err| {
tracing::error!(?err, "failed to write container state to seccomp listener");
SeccompListenerError::UnixOther(err)
},
)?;
// The spec requires the listener socket to be closed immediately after sending.
let _ = unistd::close(socket);
socket::sendmsg::<UnixAddr>(
socket.as_raw_fd(),
&iov,
&[cmsgs],
socket::MsgFlags::empty(),
None,
)
.map_err(|err| {
tracing::error!(?err, "failed to write container state to seccomp listener");
SeccompListenerError::UnixOther(err)
})?;

Ok(())
}
Expand Down
3 changes: 2 additions & 1 deletion crates/libcontainer/src/syscall/linux.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ use nix::{
use oci_spec::runtime::LinuxRlimit;
use std::ffi::{CStr, CString, OsStr};
use std::fs;
use std::os::fd::{FromRawFd, OwnedFd};
use std::os::unix::ffi::OsStrExt;
use std::os::unix::fs::symlink;
use std::os::unix::io::RawFd;
Expand Down Expand Up @@ -305,7 +306,7 @@ impl Syscall for LinuxSyscall {

/// Set namespace for process
fn set_ns(&self, rawfd: i32, nstype: CloneFlags) -> Result<()> {
nix::sched::setns(rawfd, nstype)?;
nix::sched::setns(unsafe { OwnedFd::from_raw_fd(rawfd) }, nstype)?;
Ok(())
}

Expand Down
Loading

0 comments on commit 4cd83b1

Please sign in to comment.