Skip to content

Commit

Permalink
Merge pull request #194 from utam0k/refactoring/rootless-lifetime
Browse files Browse the repository at this point in the history
reduce the number of clones by introducing lifetime to rootless.
  • Loading branch information
Furisto authored Aug 9, 2021
2 parents 243d5f6 + 787a550 commit f293c01
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 31 deletions.
12 changes: 6 additions & 6 deletions src/container/builder_impl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ use crate::{

use super::{Container, ContainerStatus};

pub(super) struct ContainerBuilderImpl {
pub(super) struct ContainerBuilderImpl<'a> {
/// Flag indicating if an init or a tenant container should be created
pub init: bool,
/// Interface to operating system primitives
Expand All @@ -24,7 +24,7 @@ pub(super) struct ContainerBuilderImpl {
/// Id of the container
pub container_id: String,
/// OCI complient runtime spec
pub spec: Spec,
pub spec: &'a Spec,
/// Root filesystem of the container
pub rootfs: PathBuf,
/// File which will be used to communicate the pid of the
Expand All @@ -33,7 +33,7 @@ pub(super) struct ContainerBuilderImpl {
/// Socket to communicate the file descriptor of the ptty
pub console_socket: Option<FileDescriptor>,
/// Options for rootless containers
pub rootless: Option<Rootless>,
pub rootless: Option<Rootless<'a>>,
/// Path to the Unix Domain Socket to communicate container start
pub notify_path: PathBuf,
/// Container state
Expand All @@ -42,7 +42,7 @@ pub(super) struct ContainerBuilderImpl {
pub preserve_fds: i32,
}

impl ContainerBuilderImpl {
impl<'a> ContainerBuilderImpl<'a> {
pub(super) fn create(&mut self) -> Result<()> {
self.run_container()?;

Expand All @@ -58,7 +58,7 @@ impl ContainerBuilderImpl {
let namespaces: Namespaces = linux.namespaces.clone().into();

// create the parent and child process structure so the parent and child process can sync with each other
let (mut parent, parent_channel) = parent::ParentProcess::new(self.rootless.clone())?;
let (mut parent, parent_channel) = parent::ParentProcess::new(&self.rootless)?;
let child = child::ChildProcess::new(parent_channel)?;

// This init_args will be passed to the container init process,
Expand All @@ -70,7 +70,7 @@ impl ContainerBuilderImpl {
spec: self.spec.clone(),
rootfs: self.rootfs.clone(),
console_socket: self.console_socket.clone(),
rootless: self.rootless.clone(),
is_rootless: self.rootless.is_some(),
notify_path: self.notify_path.clone(),
preserve_fds: self.preserve_fds,
child,
Expand Down
2 changes: 1 addition & 1 deletion src/container/init_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ impl InitContainerBuilder {
pid_file: self.base.pid_file,
console_socket: csocketfd,
use_systemd: self.use_systemd,
spec,
spec: &spec,
rootfs,
rootless,
notify_path,
Expand Down
2 changes: 1 addition & 1 deletion src/container/tenant_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ impl TenantContainerBuilder {
pid_file: self.base.pid_file,
console_socket: csocketfd,
use_systemd,
spec,
spec: &spec,
rootfs,
rootless,
notify_path: notify_path.clone(),
Expand Down
5 changes: 2 additions & 3 deletions src/process/init.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ use crate::{
notify_socket::NotifyListener,
process::child,
rootfs,
rootless::Rootless,
stdio::FileDescriptor,
syscall::{linux::LinuxSyscall, Syscall},
tty, utils,
Expand Down Expand Up @@ -96,7 +95,7 @@ pub struct ContainerInitArgs {
/// Socket to communicate the file descriptor of the ptty
pub console_socket: Option<FileDescriptor>,
/// Options for rootless containers
pub rootless: Option<Rootless>,
pub is_rootless: bool,
/// Path to the Unix Domain Socket to communicate container start
pub notify_path: PathBuf,
/// File descriptos preserved/passed to the container init process.
Expand Down Expand Up @@ -133,7 +132,7 @@ pub fn container_init(args: ContainerInitArgs) -> Result<()> {
// namespace will be created, check
// https://man7.org/linux/man-pages/man7/user_namespaces.7.html for more
// information
if args.rootless.is_some() {
if args.is_rootless {
// child needs to be dumpable, otherwise the non root parent is not
// allowed to write the uid/gid maps
prctl::set_dumpable(true).unwrap();
Expand Down
4 changes: 2 additions & 2 deletions src/process/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ pub mod parent;
/// Used to describe type of process after fork.
/// Parent and child processes mean the same thing as in a normal fork call
/// InitProcess is specifically used to indicate the process which will run the command of container
pub enum Process {
Parent(parent::ParentProcess),
pub enum Process<'a> {
Parent(parent::ParentProcess<'a>),
Child(child::ChildProcess),
}
/// Maximum event capacity of polling
Expand Down
22 changes: 11 additions & 11 deletions src/process/parent.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,22 +21,22 @@ use oci_spec::LinuxIdMapping;
const PARENT: Token = Token(0);

/// Contains receiving end of pipe to child process and a poller for that.
pub struct ParentProcess {
child_channel: ChildChannel,
pub struct ParentProcess<'a> {
child_channel: ChildChannel<'a>,
}

// Poll is used to register and listen for various events
// by registering it with an event source such as receiving end of a pipe
impl ParentProcess {
impl<'a> ParentProcess<'a> {
/// Create new Parent process structure
pub fn new(rootless: Option<Rootless>) -> Result<(Self, ParentChannel)> {
pub fn new(rootless: &'a Option<Rootless>) -> Result<(Self, ParentChannel)> {
let (parent_channel, child_channel) = Self::setup_pipes(rootless)?;
let parent = Self { child_channel };

Ok((parent, parent_channel))
}

fn setup_pipes(rootless: Option<Rootless>) -> Result<(ParentChannel, ChildChannel)> {
fn setup_pipes(rootless: &'a Option<Rootless>) -> Result<(ParentChannel, ChildChannel<'a>)> {
let (send_to_parent, receive_from_child) = pipe::new()?;
let (send_to_child, receive_from_parent) = pipe::new()?;

Expand Down Expand Up @@ -122,15 +122,15 @@ impl ParentChannel {
}
}

struct ChildChannel {
struct ChildChannel<'a> {
sender: Sender,
receiver: Receiver,
poll: Poll,
rootless: Option<Rootless>,
rootless: &'a Option<Rootless<'a>>,
}

impl ChildChannel {
fn new(sender: Sender, mut receiver: Receiver, rootless: Option<Rootless>) -> Result<Self> {
impl<'a> ChildChannel<'a> {
fn new(sender: Sender, mut receiver: Receiver, rootless: &'a Option<Rootless>) -> Result<Self> {
let poll = Poll::new()?;
poll.registry()
.register(&mut receiver, PARENT, Interest::READABLE)?;
Expand Down Expand Up @@ -201,7 +201,7 @@ impl ChildChannel {
let rootless = self.rootless.as_ref().unwrap();
write_id_mapping(
&format!("/proc/{}/uid_map", target_pid),
&rootless.uid_mappings,
rootless.uid_mappings,
rootless.newuidmap.as_deref(),
)
}
Expand All @@ -210,7 +210,7 @@ impl ChildChannel {
let rootless = self.rootless.as_ref().unwrap();
write_id_mapping(
&format!("/proc/{}/gid_map", target_pid),
&rootless.gid_mappings,
rootless.gid_mappings,
rootless.newgidmap.as_deref(),
)
}
Expand Down
14 changes: 7 additions & 7 deletions src/rootless.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,24 @@ use oci_spec::{Linux, LinuxIdMapping, Mount, Spec};
use crate::namespaces::Namespaces;

#[derive(Debug, Clone)]
pub struct Rootless {
pub struct Rootless<'a> {
/// Location of the newuidmap binary
pub newuidmap: Option<PathBuf>,
/// Location of the newgidmap binary
pub newgidmap: Option<PathBuf>,
/// Mappings for user ids
pub uid_mappings: Vec<LinuxIdMapping>,
pub uid_mappings: &'a Vec<LinuxIdMapping>,
/// Mappings for group ids
pub gid_mappings: Vec<LinuxIdMapping>,
pub gid_mappings: &'a Vec<LinuxIdMapping>,
}

impl From<&Linux> for Rootless {
fn from(linux: &Linux) -> Self {
impl<'a> From<&'a Linux> for Rootless<'a> {
fn from(linux: &'a Linux) -> Self {
Self {
newuidmap: None,
newgidmap: None,
uid_mappings: linux.uid_mappings.clone(),
gid_mappings: linux.gid_mappings.clone(),
uid_mappings: linux.uid_mappings.as_ref(),
gid_mappings: linux.gid_mappings.as_ref(),
}
}
}
Expand Down

0 comments on commit f293c01

Please sign in to comment.