Fix/exec cgroup path

.github/workflows/podman_tests.yaml

@@ -14,14 +14,22 @@ jobs:
         uses: taiki-e/install-action@just
       - name: Install requirements
         run: sudo env PATH=$PATH just ci-prepare
+
       - name: Install skopeo and podman requirements
-        run: sudo apt-get install -y pkg-config libsystemd-dev libelf-dev libseccomp-dev libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev bats socat
+        run: |
+          sudo apt-get install -y pkg-config libsystemd-dev libelf-dev libseccomp-dev libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev bats socat protobuf-compiler jq conmon
+          cargo install netavark aardvark-dns
+
+      - name: Copy binaries
+        run: |
+          sudo mkdir -p /usr/local/lib/podman
+          sudo cp $(which netavark) /usr/local/lib/podman && sudo cp $(which netavark)-dhcp-proxy-client /usr/local/lib/podman && sudo cp $(which aardvark-dns) /usr/local/lib/podman
 
       # setup go
       - uses: actions/setup-go@v4
         with:
           go-version: '1.20'
-      
+
       # build skopeo
       # These build steps are taken from https://github.com/containers/skopeo/issues/1648#issuecomment-1132161659
       - name: Download skopeo 1.13.1 source # because ubuntu 22.04 does not have latest, and podman tests depend on that

Vagrantfile.podmane2e

@@ -0,0 +1,68 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+GO_VERSION = "1.20.12"
+PODMAN_BRANCH = "main"
+SKOPEO_VERSION = "1.13.1"
+
+Vagrant.configure("2") do |config|
+    config.vm.box = "generic/ubuntu2204"
+    config.vm.synced_folder '.', '/vagrant/youki', disabled: false
+
+    config.vm.provider "virtualbox" do |v|
+      v.memory = 8192
+      v.cpus = 8
+    end
+
+    config.vm.provision "bootstrap", type: "shell" do |s|
+      s.inline = <<-SHELL
+        set -e -u -o pipefail
+        export DEBIAN_FRONTEND=noninteractive
+        apt-get update && apt-get install -y \
+          make \
+          pkg-config         \
+          libsystemd-dev     \
+          libdbus-glib-1-dev \
+          build-essential    \
+          libelf-dev \
+          libseccomp-dev \
+          libbtrfs-dev \
+          btrfs-progs \
+          libgpgme-dev \
+          libassuan-dev \
+          libdevmapper-dev \
+          bats \
+          socat \
+          jq \
+          conmon \
+          protobuf-compiler
+
+        wget --quiet https://go.dev/dl/go#{GO_VERSION}.linux-amd64.tar.gz -O /tmp/go#{GO_VERSION}.linux-amd64.tar.gz
+        rm -rf /usr/local/go && tar -C /usr/local -xzf /tmp/go#{GO_VERSION}.linux-amd64.tar.gz
+        echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.bashrc
+        echo "export GOPATH=$HOME/go" >> ~/.bashrc
+        export PATH=$PATH:$HOME/.cargo/bin:/usr/local/go/bin
+        export GOPATH=$HOME/go
+
+        curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+        source "$HOME/.cargo/env"
+        cargo install netavark aardvark-dns
+        mkdir -p /usr/local/lib/podman
+        sudo cp /home/vagrant/.cargo/bin/netavark* /usr/local/lib/podman/
+        sudo cp /home/vagrant/.cargo/bin/aardvark-dns /usr/local/lib/podman
+
+         mkdir /tmp/skopeo 
+         curl -fsSL "https://github.com/containers/skopeo/archive/v#{SKOPEO_VERSION}.tar.gz" | tar -xzf - -C /tmp/skopeo --strip-components=1
+         cd /tmp/skopeo && DISABLE_DOCS=1 make
+         sudo mkdir /etc/containers && sudo cp /tmp/skopeo/bin/skopeo /usr/local/bin/skopeo && sudo cp /tmp/skopeo/default-policy.json /etc/containers/policy.json
+
+        git clone https://github.com/containers/podman /vagrant/podman -b #{PODMAN_BRANCH}
+
+        cd /vagrant/podman && make binaries install.tools
+
+        rm -rf /bin/runc /sbin/runc /usr/sbin/runc /usr/bin/runc
+
+        cp /vagrant/youki/youki /usr/bin/runc
+      SHELL
+    end
+end

crates/libcgroups/src/systemd/manager.rs

@@ -353,6 +353,10 @@ impl CgroupManager for Manager {
         if pid.as_raw() == -1 {
             return Ok(());
         }
+        if self.client.transient_unit_exists(&self.unit_name) {
+            tracing::debug!("Transient unit {:?} already exists", self.unit_name);
+            return Ok(());
+        }
 
         tracing::debug!("Starting {:?}", self.unit_name);
         self.client.start_transient_unit(

crates/libcontainer/src/config.rs

@@ -109,7 +109,10 @@ mod tests {
         let config = YoukiConfig::from_spec(&spec, container_id, false)?;
         assert_eq!(&config.hooks, spec.hooks());
         dbg!(&config.cgroup_path);
-        assert_eq!(config.cgroup_path, PathBuf::from(container_id));
+        assert_eq!(
+            config.cgroup_path,
+            PathBuf::from(format!(":youki:{container_id}"))
+        );
         Ok(())
     }
 

crates/libcontainer/src/container/tenant_builder.rs

@@ -327,10 +327,17 @@ impl TenantContainerBuilder {
             ));
         }
 
+        let linux = spec.linux().as_ref().unwrap();
         let init_process = procfs::process::Process::new(container.pid().unwrap().as_raw())?;
         let ns = self.get_namespaces(init_process.namespaces()?.0)?;
-        let linux = LinuxBuilder::default().namespaces(ns).build()?;
-
+        let linux = if linux.cgroups_path().is_some() {
+            LinuxBuilder::default()
+                .namespaces(ns)
+                .cgroups_path(linux.cgroups_path().as_ref().unwrap().clone())
+                .build()?
+        } else {
+            LinuxBuilder::default().namespaces(ns).build()?
+        };
         spec.set_process(Some(process)).set_linux(Some(linux));
         Ok(())
     }

crates/libcontainer/src/utils.rs

@@ -150,14 +150,11 @@ pub fn get_user_home(uid: u32) -> Option<PathBuf> {
 pub fn get_cgroup_path(
     cgroups_path: &Option<PathBuf>,
     container_id: &str,
-    new_user_ns: bool,
+    _new_user_ns: bool,
 ) -> PathBuf {
     match cgroups_path {
         Some(cpath) => cpath.clone(),
-        None => match new_user_ns {
-            false => PathBuf::from(container_id),
-            true => PathBuf::from(format!(":youki:{container_id}")),
-        },
+        None => PathBuf::from(format!(":youki:{container_id}")),
     }
 }
 

justfile

@@ -39,11 +39,11 @@ test-basic: test-unit test-doc
 
 # run cargo unit tests
 test-unit:
-    {{ cwd }}/scripts/cargo.sh test --lib --bins --all --all-targets --all-features --no-fail-fast
+    {{ cwd }}/scripts/cargo.sh test --lib --bins --all --all-targets --all-features --no-fail-fast -- --test-threads=1
 
 # run cargo doc tests
 test-doc:
-    {{ cwd }}/scripts/cargo.sh test --doc
+    {{ cwd }}/scripts/cargo.sh test --doc -- --test-threads=1
 
 # run permutated feature compilation tests
 test-features: