Implemented hooks

Cargo.toml

@@ -35,6 +35,7 @@ systemd = { version = "0.8", default-features = false, optional = true }
 dbus = "0.9.2"
 tabwriter = "1"
 fastrand = "1.4.1"
+crossbeam-channel = "0.5"
 
 [dev-dependencies]
 oci_spec = { version = "0.1.0", path = "./oci_spec", features = ["proptests"] }

integration_test.sh

@@ -1,19 +1,44 @@
 #!/bin/bash -eu
 
-root=$(pwd)
+ROOT=$(pwd)
+RUNTIME=${ROOT}/youki
 cd integration_test/src/github.com/opencontainers/runtime-tools
-GOPATH=$root/integration_test make runtimetest validation-executables
-test_cases=("default/default.t" "linux_cgroups_devices/linux_cgroups_devices.t" "linux_cgroups_hugetlb/linux_cgroups_hugetlb.t" 
-"linux_cgroups_pids/linux_cgroups_pids.t" "linux_cgroups_memory/linux_cgroups_memory.t" "linux_cgroups_network/linux_cgroups_network.t" 
-"linux_cgroups_cpus/linux_cgroups_cpus.t" "linux_cgroups_relative_cpus/linux_cgroups_relative_cpus.t" 
-"linux_cgroups_relative_devices/linux_cgroups_relative_devices.t" "linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.t" 
-"linux_cgroups_relative_memory/linux_cgroups_relative_memory.t" "linux_cgroups_relative_network/linux_cgroups_relative_network.t" 
-"linux_cgroups_relative_pids/linux_cgroups_relative_pids.t" "create/create.t" "kill/kill.t" "delete/delete.t" "state/state.t" "linux_sysctl/linux_sysctl.t")
+GOPATH=${ROOT}/integration_test make runtimetest validation-executables
+test_cases=(
+  "default/default.t"
+  "linux_cgroups_devices/linux_cgroups_devices.t"
+  "linux_cgroups_hugetlb/linux_cgroups_hugetlb.t" 
+  "linux_cgroups_pids/linux_cgroups_pids.t"
+  "linux_cgroups_memory/linux_cgroups_memory.t"
+  "linux_cgroups_network/linux_cgroups_network.t"
+  "linux_cgroups_cpus/linux_cgroups_cpus.t"
+  "linux_cgroups_relative_cpus/linux_cgroups_relative_cpus.t" 
+  "linux_cgroups_relative_devices/linux_cgroups_relative_devices.t"
+  "linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.t" 
+  "linux_cgroups_relative_memory/linux_cgroups_relative_memory.t"
+  "linux_cgroups_relative_network/linux_cgroups_relative_network.t" 
+  "linux_cgroups_relative_pids/linux_cgroups_relative_pids.t"
+  "create/create.t"
+  "kill/kill.t"
+  "delete/delete.t"
+  "state/state.t"
+  "linux_sysctl/linux_sysctl.t"
+  "hooks/hooks.t"
+  "prestart/prestart.t"
+  "poststart/poststart.t"
+  "prestart_fail/prestart_fail.t"
+  "poststart_fail/poststart_fail.t"
+  "poststop/poststop.t"
+  "hooks_stdin/hooks_stdin.t"
+)
+
 # Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
-# no_paas_test_case=("start/start.t")
+# no_paas_test_case=(
+#   "start/start.t" 
+# )
 for case in "${test_cases[@]}"; do
   echo "Running $case"
-  if [ 0 -ne $(sudo RUST_BACKTRACE=1 YOUKI_LOG_LEVEL=debug RUNTIME=$root/youki $root/integration_test/src/github.com/opencontainers/runtime-tools/validation/$case | grep "not ok" | wc -l) ]; then
+  if [ 0 -ne $(sudo RUST_BACKTRACE=1 YOUKI_LOG_LEVEL=debug RUNTIME=${RUNTIME} ${ROOT}/integration_test/src/github.com/opencontainers/runtime-tools/validation/$case | grep "not ok" | wc -l) ]; then
       exit 1
   fi
   sleep 1

src/commands/delete.rs

@@ -6,6 +6,7 @@ use clap::Clap;
 use nix::sys::signal::Signal;
 
 use crate::container::{Container, ContainerStatus};
+use crate::hooks;
 use crate::utils;
 use cgroups;
 use nix::sys::signal as nix_signal;
@@ -61,6 +62,11 @@ impl Delete {
                 let cmanager =
                     cgroups::common::create_cgroup_manager(cgroups_path, systemd_cgroup)?;
                 cmanager.remove()?;
+
+                if let Some(hooks) = spec.hooks.as_ref() {
+                    hooks::run_hooks(hooks.poststop.as_ref(), Some(&container))
+                        .with_context(|| "Failed to run post stop hooks")?;
+                }
             }
             std::process::exit(0)
         } else {

src/commands/start.rs

@@ -2,11 +2,12 @@
 
 use std::path::PathBuf;
 
-use anyhow::{bail, Result};
+use anyhow::{bail, Context, Result};
 use clap::Clap;
 use nix::unistd;
 
 use crate::container::{Container, ContainerStatus};
+use crate::hooks;
 use crate::notify_socket::{NotifySocket, NOTIFY_FILE};
 
 #[derive(Clap, Debug)]
@@ -35,12 +36,30 @@ impl Start {
             bail!(err_msg);
         }
 
+        let spec_path = container.root.join("config.json");
+        let spec = oci_spec::Spec::load(spec_path).context("failed to load spec")?;
+        if let Some(hooks) = spec.hooks.as_ref() {
+            // While prestart is marked as deprecated in the OCI spec, the docker and integration test still
+            // uses it.
+            #[allow(deprecated)]
+            hooks::run_hooks(hooks.prestart.as_ref(), Some(&container))
+                .with_context(|| "Failed to run pre start hooks")?;
+        }
+
         unistd::chdir(container.root.as_os_str())?;
 
         let mut notify_socket = NotifySocket::new(&container.root.join(NOTIFY_FILE));
         notify_socket.notify_container_start()?;
+        let container = container.update_status(ContainerStatus::Running);
+        container.save()?;
+
+        // Run post start hooks. It runs after the container process is started.
+        // It is called in the Runtime Namespace.
+        if let Some(hooks) = spec.hooks.as_ref() {
+            hooks::run_hooks(hooks.poststart.as_ref(), Some(&container))
+                .with_context(|| "Failed to run post start hooks")?;
+        }
 
-        container.update_status(ContainerStatus::Running).save()?;
         Ok(())
     }
 }

src/container/builder_impl.rs

@@ -7,6 +7,7 @@ use oci_spec::Spec;
 use std::{fs, os::unix::prelude::RawFd, path::PathBuf};
 
 use crate::{
+    hooks,
     namespaces::Namespaces,
     process::{child, fork, init, parent},
     rootless::Rootless,
@@ -62,6 +63,12 @@ impl<'a> ContainerBuilderImpl<'a> {
         let (mut parent, parent_channel) = parent::ParentProcess::new(&self.rootless)?;
         let child = child::ChildProcess::new(parent_channel)?;
 
+        if self.init {
+            if let Some(hooks) = self.spec.hooks.as_ref() {
+                hooks::run_hooks(hooks.create_runtime.as_ref(), self.container.as_ref())?
+            }
+        }
+
         // This init_args will be passed to the container init process,
         // therefore we will have to move all the variable by value. Since self
         // is a shared reference, we have to clone these variables here.
@@ -74,6 +81,7 @@ impl<'a> ContainerBuilderImpl<'a> {
             is_rootless: self.rootless.is_some(),
             notify_path: self.notify_path.clone(),
             preserve_fds: self.preserve_fds,
+            container: self.container.clone(),
             child,
         };
 

src/container/container.rs

@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use std::ffi::OsString;
 use std::fs;
 use std::path::{Path, PathBuf};
@@ -15,14 +16,23 @@ use crate::syscall::syscall::create_syscall;
 use crate::container::{ContainerStatus, State};
 
 /// Structure representing the container data
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct Container {
     // State of the container
     pub state: State,
     // indicated the directory for the root path in the container
     pub root: PathBuf,
 }
 
+impl Default for Container {
+    fn default() -> Self {
+        Self {
+            state: State::default(),
+            root: PathBuf::from("/run/youki"),
+        }
+    }
+}
+
 impl Container {
     pub fn new(
         container_id: &str,
@@ -153,6 +163,11 @@ impl Container {
         self
     }
 
+    pub fn set_annotations(mut self, annotations: Option<HashMap<String, String>>) -> Self {
+        self.state.annotations = annotations;
+        self
+    }
+
     pub fn systemd(&self) -> Option<bool> {
         self.state.use_systemd
     }

src/container/init_builder.rs

@@ -44,7 +44,8 @@ impl InitContainerBuilder {
 
         let container_state = self
             .create_container_state(&container_dir)?
-            .set_systemd(self.use_systemd);
+            .set_systemd(self.use_systemd)
+            .set_annotations(spec.annotations.clone());
 
         unistd::chdir(&*container_dir)?;
         let notify_path = container_dir.join(NOTIFY_FILE);

src/container/state.rs

@@ -24,6 +24,11 @@ pub enum ContainerStatus {
     // The container process has paused
     Paused,
 }
+impl Default for ContainerStatus {
+    fn default() -> Self {
+        ContainerStatus::Creating
+    }
+}
 
 impl ContainerStatus {
     pub fn can_start(&self) -> bool {
@@ -66,7 +71,7 @@ impl Display for ContainerStatus {
 }
 
 /// Stores the state information of the container
-#[derive(Serialize, Deserialize, Debug, Clone)]
+#[derive(Serialize, Deserialize, Debug, Clone, Default)]
 #[serde(rename_all = "camelCase")]
 pub struct State {
     // Version is the version of the specification that is supported.
@@ -81,7 +86,8 @@ pub struct State {
     // Bundle is the path to the container's bundle directory.
     pub bundle: String,
     // Annotations are key values associated with the container.
-    pub annotations: HashMap<String, String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub annotations: Option<HashMap<String, String>>,
     // Creation time of the container
     #[serde(skip_serializing_if = "Option::is_none")]
     pub created: Option<DateTime<Utc>>,
@@ -107,7 +113,7 @@ impl State {
             status,
             pid,
             bundle: bundle.to_string(),
-            annotations: HashMap::default(),
+            annotations: Some(HashMap::default()),
             created: None,
             creator: None,
             use_systemd: None,