diff --git a/Cargo.lock b/Cargo.lock index 7ef201813..9eb862e43 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,5 +1,7 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. +version = 3 + [[package]] name = "adler" version = "1.0.2" @@ -415,6 +417,17 @@ dependencies = [ "libc", ] +[[package]] +name = "oci_spec" +version = "0.1.0" +dependencies = [ + "anyhow", + "caps", + "nix", + "serde", + "serde_json", +] + [[package]] name = "once_cell" version = "1.6.0" @@ -735,6 +748,7 @@ dependencies = [ "log", "mio", "nix", + "oci_spec", "once_cell", "prctl", "procfs", diff --git a/Cargo.toml b/Cargo.toml index af955cf31..4cbe34dfe 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,3 +21,4 @@ chrono = "0.4" once_cell = "1.6.0" futures = { version = "0.3", features = ["thread-pool"] } regex = "1.5" +oci_spec = { version = "0.1.0", path = "./oci_spec" } diff --git a/oci_spec/Cargo.lock b/oci_spec/Cargo.lock new file mode 100644 index 000000000..ae59a6f4f --- /dev/null +++ b/oci_spec/Cargo.lock @@ -0,0 +1,214 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "anyhow" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28b2cd92db5cbd74e8e5028f7e27dd7aa3090e89e4f2a197cc7c8dfb69c7063b" + +[[package]] +name = "bitflags" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" + +[[package]] +name = "caps" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c088f2dddef283f86b023ab1ebe2301c653326834996458b2f48d29b804e9540" +dependencies = [ + "errno", + "libc", + "thiserror", +] + +[[package]] +name = "cc" +version = "1.0.68" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a72c244c1ff497a746a7e1fb3d14bd08420ecda70c8f25c7112f2781652d787" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "errno" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa68f2fb9cae9d37c9b2b3584aba698a2e97f72d7aef7b9f7aa71d8b54ce46fe" +dependencies = [ + "errno-dragonfly", + "libc", + "winapi", +] + +[[package]] +name = "errno-dragonfly" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14ca354e36190500e1e1fb267c647932382b54053c50b14970856c0b00a35067" +dependencies = [ + "gcc", + "libc", +] + +[[package]] +name = "gcc" +version = "0.3.55" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f5f3913fa0bfe7ee1fd8248b6b9f42a5af4b9d65ec2dd2c3c26132b950ecfc2" + +[[package]] +name = "itoa" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736" + +[[package]] +name = "libc" +version = "0.2.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "789da6d93f1b866ffe175afc5322a4d76c038605a1c3319bb57b06967ca98a36" + +[[package]] +name = "nix" +version = "0.19.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2ccba0cfe4fdf15982d1674c69b1fd80bad427d293849982668dfe454bd61f2" +dependencies = [ + "bitflags", + "cc", + "cfg-if", + "libc", +] + +[[package]] +name = "oci_spec" +version = "0.1.0" +dependencies = [ + "anyhow", + "caps", + "nix", + "serde", + "serde_json", +] + +[[package]] +name = "proc-macro2" +version = "1.0.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8caf72986c1a598726adc988bb5984792ef84f5ee5aa50209145ee8077038" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "quote" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "ryu" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" + +[[package]] +name = "serde" +version = "1.0.126" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec7505abeacaec74ae4778d9d9328fe5a5d04253220a85c4ee022239fc996d03" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.126" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "963a7dbc9895aeac7ac90e74f34a5d5261828f79df35cbed41e10189d3804d43" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "799e97dc9fdae36a5c8b8f2cae9ce2ee9fdce2058c57a93e6099d919fd982f79" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "syn" +version = "1.0.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1e8cdbefb79a9a5a65e0db8b47b723ee907b7c7f8496c76a1770b5c310bab82" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "thiserror" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa6f76457f59514c7eeb4e59d891395fab0b2fd1d40723ae737d64153392e9c6" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a36768c0fbf1bb15eca10defa29526bda730a2376c2ab4393ccfa16fb1a318d" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/oci_spec/Cargo.toml b/oci_spec/Cargo.toml new file mode 100644 index 000000000..5c9438a88 --- /dev/null +++ b/oci_spec/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "oci_spec" +version = "0.1.0" +edition = "2018" + +[dependencies] +serde = { version = "1.0", features = ["derive"] } +nix = "0.19.1" +anyhow = "1.0" +serde_json = "1.0" +caps = "0.5.1" + diff --git a/src/spec.rs b/oci_spec/src/lib.rs similarity index 96% rename from src/spec.rs rename to oci_spec/src/lib.rs index cf1e08d94..9e228abbd 100644 --- a/src/spec.rs +++ b/oci_spec/src/lib.rs @@ -323,6 +323,26 @@ pub struct LinuxDeviceCgroup { pub access: String, } +impl ToString for LinuxDeviceCgroup { + fn to_string(&self) -> String { + let major = self + .major + .map(|mj| mj.to_string()) + .unwrap_or_else(|| "*".to_string()); + let minor = self + .minor + .map(|mi| mi.to_string()) + .unwrap_or_else(|| "*".to_string()); + format!( + "{} {}:{} {}", + self.typ.as_str(), + &major, + &minor, + &self.access + ) + } +} + #[derive(Serialize, Deserialize, Debug, Clone)] pub struct LinuxMemory { pub limit: Option, @@ -409,6 +429,12 @@ pub struct LinuxInterfacePriority { pub priority: u32, } +impl ToString for LinuxInterfacePriority { + fn to_string(&self) -> String { + format!("{} {}\n", self.name, self.priority) + } +} + #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] pub struct LinuxNetwork { diff --git a/src/capabilities.rs b/src/capabilities.rs index d3369b503..9e95c49f3 100644 --- a/src/capabilities.rs +++ b/src/capabilities.rs @@ -1,10 +1,10 @@ use crate::{ command::Command, - spec::{LinuxCapabilities, LinuxCapabilityType}, }; use caps::*; use anyhow::Result; +use oci_spec::{LinuxCapabilities, LinuxCapabilityType}; fn to_set(caps: &[LinuxCapabilityType]) -> CapsHashSet { let mut capabilities = CapsHashSet::new(); diff --git a/src/cgroups/blkio.rs b/src/cgroups/blkio.rs index 1035471eb..feb319ab3 100644 --- a/src/cgroups/blkio.rs +++ b/src/cgroups/blkio.rs @@ -6,8 +6,8 @@ use std::{ use crate::{ cgroups::Controller, - spec::{LinuxBlockIo, LinuxResources}, }; +use oci_spec::{LinuxBlockIo, LinuxResources}; const CGROUP_BLKIO_THROTTLE_READ_BPS: &str = "blkio.throttle.read_bps_device"; const CGROUP_BLKIO_THROTTLE_WRITE_BPS: &str = "blkio.throttle.write_bps_device"; @@ -91,7 +91,7 @@ mod tests { use std::path::PathBuf; use super::*; - use crate::spec::{LinuxBlockIo, LinuxThrottleDevice}; + use oci_spec::{LinuxBlockIo, LinuxThrottleDevice}; struct BlockIoBuilder { block_io: LinuxBlockIo, diff --git a/src/cgroups/controller.rs b/src/cgroups/controller.rs index a82bcb8a5..84e0b3cc2 100644 --- a/src/cgroups/controller.rs +++ b/src/cgroups/controller.rs @@ -3,7 +3,7 @@ use std::path::Path; use anyhow::Result; use nix::unistd::Pid; -use crate::spec::LinuxResources; +use oci_spec::LinuxResources; pub trait Controller { fn apply(linux_resources: &LinuxResources, cgroup_root: &Path, pid: Pid) -> Result<()>; diff --git a/src/cgroups/devices.rs b/src/cgroups/devices.rs index eb5d4b40b..ff64afeda 100644 --- a/src/cgroups/devices.rs +++ b/src/cgroups/devices.rs @@ -10,28 +10,8 @@ use nix::unistd::Pid; use crate::{ cgroups::Controller, rootfs::default_devices, - spec::{LinuxDeviceCgroup, LinuxDeviceType, LinuxResources}, }; - -impl ToString for LinuxDeviceCgroup { - fn to_string(&self) -> String { - let major = self - .major - .map(|mj| mj.to_string()) - .unwrap_or_else(|| "*".to_string()); - let minor = self - .minor - .map(|mi| mi.to_string()) - .unwrap_or_else(|| "*".to_string()); - format!( - "{} {}:{} {}", - self.typ.as_str(), - &major, - &minor, - &self.access - ) - } -} +use oci_spec::{LinuxDeviceCgroup, LinuxDeviceType, LinuxResources}; pub struct Devices {} diff --git a/src/cgroups/hugetlb.rs b/src/cgroups/hugetlb.rs index 0f9f60c8a..3e74cd216 100644 --- a/src/cgroups/hugetlb.rs +++ b/src/cgroups/hugetlb.rs @@ -9,8 +9,8 @@ use regex::Regex; use crate::{ cgroups::Controller, - spec::{LinuxHugepageLimit, LinuxResources}, }; +use oci_spec::{LinuxHugepageLimit, LinuxResources}; pub struct Hugetlb {} @@ -79,7 +79,7 @@ mod tests { use std::path::PathBuf; use super::*; - use crate::spec::LinuxHugepageLimit; + use oci_spec::LinuxHugepageLimit; fn set_fixture(temp_dir: &std::path::Path, filename: &str, val: &str) -> anyhow::Result<()> { std::fs::OpenOptions::new() diff --git a/src/cgroups/manager.rs b/src/cgroups/manager.rs index b6d59523c..8a74ef117 100644 --- a/src/cgroups/manager.rs +++ b/src/cgroups/manager.rs @@ -5,8 +5,8 @@ use anyhow::Result; use nix::unistd::Pid; use procfs::process::Process; -use crate::{cgroups::ControllerType, spec::LinuxResources, utils::PathBufExt}; - +use crate::{cgroups::ControllerType, utils::PathBufExt}; +use oci_spec::LinuxResources; use super::{ blkio::Blkio, devices::Devices, hugetlb::Hugetlb, memory::Memory, network_classifier::NetworkClassifier, network_priority::NetworkPriority, pids::Pids, diff --git a/src/cgroups/memory.rs b/src/cgroups/memory.rs index 43528995e..696f7455d 100644 --- a/src/cgroups/memory.rs +++ b/src/cgroups/memory.rs @@ -9,8 +9,8 @@ use nix::{errno::Errno, unistd::Pid}; use crate::{ cgroups::Controller, - spec::{LinuxMemory, LinuxResources}, }; +use oci_spec::{LinuxMemory, LinuxResources}; const CGROUP_MEMORY_SWAP_LIMIT: &str = "memory.memsw.limit_in_bytes"; const CGROUP_MEMORY_LIMIT: &str = "memory.limit_in_bytes"; @@ -239,7 +239,7 @@ impl Memory { #[cfg(test)] mod tests { use super::*; - use crate::spec::LinuxMemory; + use oci_spec::LinuxMemory; fn set_fixture(temp_dir: &std::path::Path, filename: &str, val: &str) -> Result<()> { std::fs::OpenOptions::new() diff --git a/src/cgroups/network_classifier.rs b/src/cgroups/network_classifier.rs index 6b9e1fa37..c6df7448d 100644 --- a/src/cgroups/network_classifier.rs +++ b/src/cgroups/network_classifier.rs @@ -9,8 +9,8 @@ use nix::unistd::Pid; use crate::{ cgroups::Controller, - spec::{LinuxNetwork, LinuxResources}, }; +use oci_spec::{LinuxNetwork, LinuxResources}; pub struct NetworkClassifier {} diff --git a/src/cgroups/network_priority.rs b/src/cgroups/network_priority.rs index 245b58b0f..291ca9df5 100644 --- a/src/cgroups/network_priority.rs +++ b/src/cgroups/network_priority.rs @@ -7,16 +7,8 @@ use std::{ use anyhow::Result; use nix::unistd::Pid; -use crate::{ - cgroups::Controller, - spec::{LinuxInterfacePriority, LinuxNetwork, LinuxResources}, -}; - -impl ToString for LinuxInterfacePriority { - fn to_string(&self) -> String { - format!("{} {}\n", self.name, self.priority) - } -} +use crate::cgroups::Controller; +use oci_spec::{LinuxNetwork, LinuxResources}; pub struct NetworkPriority {} @@ -65,6 +57,7 @@ mod tests { use std::path::PathBuf; use super::*; + use oci_spec::LinuxInterfacePriority; fn set_fixture(temp_dir: &std::path::Path, filename: &str, val: &str) -> Result<()> { std::fs::OpenOptions::new() diff --git a/src/cgroups/pids.rs b/src/cgroups/pids.rs index f86709641..df6d5b9c9 100644 --- a/src/cgroups/pids.rs +++ b/src/cgroups/pids.rs @@ -8,8 +8,8 @@ use anyhow::Result; use crate::{ cgroups::Controller, - spec::{LinuxPids, LinuxResources}, }; +use oci_spec::{LinuxPids, LinuxResources}; pub struct Pids {} @@ -62,7 +62,7 @@ impl Pids { #[cfg(test)] mod tests { use super::*; - use crate::spec::LinuxPids; + use oci_spec::LinuxPids; fn set_fixture(temp_dir: &std::path::Path, filename: &str, val: &str) -> Result<()> { std::fs::OpenOptions::new() diff --git a/src/command/command.rs b/src/command/command.rs index b639d3b0b..517ed6aee 100644 --- a/src/command/command.rs +++ b/src/command/command.rs @@ -7,7 +7,7 @@ use nix::{ unistd::{Gid, Uid}, }; -use crate::spec::LinuxRlimit; +use oci_spec::LinuxRlimit; pub trait Command { fn as_any(&self) -> &dyn Any; diff --git a/src/command/linux.rs b/src/command/linux.rs index 4940aefa6..0f570e33e 100644 --- a/src/command/linux.rs +++ b/src/command/linux.rs @@ -17,6 +17,8 @@ use nix::{ }; use nix::{sched::unshare, sys::stat::Mode}; +use oci_spec::LinuxRlimit; + use super::Command; use crate::capabilities; @@ -75,7 +77,7 @@ impl Command for LinuxCommand { Ok(()) } - fn set_rlimit(&self, rlimit: &crate::spec::LinuxRlimit) -> Result<()> { + fn set_rlimit(&self, rlimit: &LinuxRlimit) -> Result<()> { let rlim = &libc::rlimit { rlim_cur: rlimit.soft, rlim_max: rlimit.hard, diff --git a/src/command/test.rs b/src/command/test.rs index c9b4fef80..fe5540d14 100644 --- a/src/command/test.rs +++ b/src/command/test.rs @@ -2,6 +2,7 @@ use std::{any::Any, cell::RefCell}; use caps::{errors::CapsError, CapSet, CapsHashSet}; use nix::sched::CloneFlags; +use oci_spec::LinuxRlimit; use super::Command; @@ -56,7 +57,7 @@ impl Command for TestHelperCommand { todo!() } - fn set_rlimit(&self, _rlimit: &crate::spec::LinuxRlimit) -> anyhow::Result<()> { + fn set_rlimit(&self, _rlimit: &LinuxRlimit) -> anyhow::Result<()> { todo!() } } diff --git a/src/create.rs b/src/create.rs index e7c599eb3..4e47de0a5 100644 --- a/src/create.rs +++ b/src/create.rs @@ -14,7 +14,7 @@ use crate::namespaces::Namespaces; use crate::notify_socket::NotifyListener; use crate::process::{fork, Process}; use crate::rootfs; -use crate::spec; +use oci_spec; use crate::stdio::FileDescriptor; use crate::tty; use crate::utils; @@ -42,7 +42,7 @@ impl Create { unistd::chdir(&self.bundle)?; - let spec = spec::Spec::load("config.json")?; + let spec = oci_spec::Spec::load("config.json")?; fs::copy("config.json", container_dir.join("config.json"))?; log::debug!("spec: {:?}", spec); @@ -93,7 +93,7 @@ fn run_container>( pid_file: Option

, notify_socket: &mut NotifyListener, rootfs: PathBuf, - spec: spec::Spec, + spec: oci_spec::Spec, csocketfd: Option, container: Container, command: impl Command, @@ -151,7 +151,7 @@ fn run_container>( } fn init_process( - spec: spec::Spec, + spec: oci_spec::Spec, command: impl Command, rootfs: PathBuf, namespaces: Namespaces, diff --git a/src/lib.rs b/src/lib.rs index b9385bb8f..7bc7a06d2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -10,7 +10,6 @@ pub mod notify_socket; pub mod process; pub mod rootfs; pub mod signal; -pub mod spec; pub mod start; pub mod stdio; pub mod tty; diff --git a/src/main.rs b/src/main.rs index 8b7980449..a1ddff8bf 100644 --- a/src/main.rs +++ b/src/main.rs @@ -12,7 +12,6 @@ use nix::sys::signal as nix_signal; use youki::container::{Container, ContainerStatus}; use youki::create; use youki::signal; -use youki::spec; use youki::start; use youki::{cgroups::Manager, command::linux::LinuxCommand}; @@ -142,10 +141,12 @@ fn main() -> Result<()> { if container.root.exists() { // remove the directory storing container state fs::remove_dir_all(&container.root)?; - let spec = spec::Spec::load("config.json")?; + + let spec = oci_spec::Spec::load("config.json")?; // remove the cgroup created for the container // check https://man7.org/linux/man-pages/man7/cgroups.7.html // creating and removing cgroups section for more information on cgroups + let cmanager = Manager::new(spec.linux.unwrap().cgroups_path)?; cmanager.remove()?; } diff --git a/src/namespaces.rs b/src/namespaces.rs index 20cf69389..6266a52be 100644 --- a/src/namespaces.rs +++ b/src/namespaces.rs @@ -8,8 +8,8 @@ use nix::{ use crate::{ command::{linux::LinuxCommand, test::TestHelperCommand, Command}, - spec::{LinuxNamespace, LinuxNamespaceType}, }; +use oci_spec::{LinuxNamespace, LinuxNamespaceType}; pub struct Namespaces { spaces: Vec, diff --git a/src/process/fork.rs b/src/process/fork.rs index 1b103c946..dbe0802cb 100644 --- a/src/process/fork.rs +++ b/src/process/fork.rs @@ -15,14 +15,14 @@ use nix::unistd; use crate::cgroups::Manager; use crate::container::ContainerStatus; use crate::process::{child, init, parent, Process}; -use crate::spec; +use oci_spec; use crate::utils; use crate::{cond::Cond, container::Container}; pub fn fork_first>( pid_file: Option

, is_userns: bool, - linux: &spec::Linux, + linux: &oci_spec::Linux, container: &Container, cmanager: &Manager, ) -> Result { diff --git a/src/rootfs.rs b/src/rootfs.rs index 5a8410ba6..1b0e0eb77 100644 --- a/src/rootfs.rs +++ b/src/rootfs.rs @@ -14,7 +14,7 @@ use nix::sys::stat::{mknod, umask}; use nix::unistd::{chdir, chown, close, getcwd}; use nix::unistd::{Gid, Uid}; -use crate::spec::{LinuxDevice, LinuxDeviceType, Mount, Spec}; +use oci_spec::{LinuxDevice, LinuxDeviceType, Mount, Spec}; use crate::utils::PathBufExt; pub async fn prepare_rootfs(