From 8a37a916dccf40bf7ca590d3c3a939633d5d7835 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Fri, 3 Mar 2023 16:42:37 +0100 Subject: [PATCH 01/14] checkpoint: Add the missing options and change options order Add the missing command-line options as documented for runc, and also reorder the options to match the documentation: https://github.com/opencontainers/runc/blob/main/man/runc-checkpoint.8.md (This does not mean that they are necessarily implemented) Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/checkpoint.rs | 50 ++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/crates/liboci-cli/src/checkpoint.rs b/crates/liboci-cli/src/checkpoint.rs index 3e8f72309..3ba62932e 100644 --- a/crates/liboci-cli/src/checkpoint.rs +++ b/crates/liboci-cli/src/checkpoint.rs @@ -2,29 +2,55 @@ use clap::Parser; use std::path::PathBuf; /// Checkpoint a running container +/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-checkpoint.8.md #[derive(Parser, Debug)] pub struct Checkpoint { - #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] - pub container_id: String, - /// Allow external unix sockets - #[clap(long)] - pub ext_unix_sk: bool, - /// Allow file locks - #[clap(long)] - pub file_locks: bool, /// Path for saving criu image files #[clap(long, default_value = "checkpoint")] pub image_path: PathBuf, + /// Path for saving work files and logs + #[clap(long)] + pub work_path: Option, + /// Path for previous criu image file in pre-dump + #[clap(long)] + pub parent_path: Option, /// Leave the process running after checkpointing #[clap(long)] pub leave_running: bool, + /// Allow open tcp connections + #[clap(long)] + pub tcp_established: bool, + /// Allow external unix sockets + #[clap(long)] + pub ext_unix_sk: bool, /// Allow shell jobs #[clap(long)] pub shell_job: bool, - /// Allow open tcp connections + /// Use lazy migration mechanism #[clap(long)] - pub tcp_established: bool, - /// Path for saving work files and logs + pub lazy_pages: bool, + /// Pass a file descriptor fd to criu #[clap(long)] - pub work_path: Option, + pub status_fd: Option, // TODO: Is u32 the right type? + /// Start a page server at the given URL + #[clap(long)] + pub page_server: Option, + /// Allow file locks + #[clap(long)] + pub file_locks: bool, + /// Do a pre-dump + #[clap(long)] + pub pre_dump: bool, + /// Cgroups mode + #[clap(long)] + pub manage_cgroups_mode: Option, + /// Checkpoint a namespace, but don't save its properties + #[clap(long)] + pub empty_ns: bool, + /// Enable auto-deduplication + #[clap(long)] + pub auto_dedup: bool, + + #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] + pub container_id: String, } From 6f930200e880fc035bbb89f284475526d0b0452b Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Fri, 3 Mar 2023 18:37:29 +0100 Subject: [PATCH 02/14] create: Add no_pivot option, and change option order The --no-pivot option is documented in https://github.com/opencontainers/runc/blob/main/man/runc-create.8.md Also change the options order in order to match the doc, this makes the code a bit easier to maintain. Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/create.rs | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/crates/liboci-cli/src/create.rs b/crates/liboci-cli/src/create.rs index c83d56960..a67879220 100644 --- a/crates/liboci-cli/src/create.rs +++ b/crates/liboci-cli/src/create.rs @@ -3,22 +3,30 @@ use clap::Parser; use std::path::PathBuf; /// Create a container +/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-create.8.md #[derive(Parser, Debug)] pub struct Create { - /// File to write pid of the container created - // note that in the end, container is just another process - #[clap(short, long)] - pub pid_file: Option, - /// path to the bundle directory, containing config.json and root filesystem + /// Path to the bundle directory, containing config.json and root filesystem #[clap(short, long, default_value = ".")] pub bundle: PathBuf, /// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal #[clap(short, long)] pub console_socket: Option, + /// File to write pid of the container created + // note that in the end, container is just another process + #[clap(short, long)] + pub pid_file: Option, + /// Do not use pivot rool to jail process inside rootfs + #[clap(long)] + pub no_pivot: bool, + /// Do not create a new session keyring for the container. + #[clap(long)] + pub no_new_keyring: bool, /// Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total) #[clap(long, default_value = "0")] pub preserve_fds: i32, - /// name of the container instance to be started + + /// Name of the container instance to be started #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] pub container_id: String, } From 20431f309df1bb06f0b8b90d9110ef52f086baf1 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Fri, 3 Mar 2023 22:45:21 +0100 Subject: [PATCH 03/14] exec: Add missing command-line options Add the missing command-line options for the exec subcommand. Reference: https://github.com/opencontainers/runc/blob/main/man/runc-exec.8.md Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/exec.rs | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/crates/liboci-cli/src/exec.rs b/crates/liboci-cli/src/exec.rs index bc60b593e..eb9df44b9 100644 --- a/crates/liboci-cli/src/exec.rs +++ b/crates/liboci-cli/src/exec.rs @@ -4,6 +4,7 @@ use std::path::PathBuf; use clap::Parser; /// Execute a process within an existing container +/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-exec.8.md #[derive(Parser, Debug)] pub struct Exec { /// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal @@ -20,6 +21,12 @@ pub struct Exec { /// Environment variables that should be set in the container #[clap(short, long, value_parser = parse_key_val::, number_of_values = 1)] pub env: Vec<(String, String)>, + /// Run the command as a user + #[clap(short, long, value_parser = parse_colon_separated_pair::)] + pub user: Option<(u32, Option)>, + /// Add additional group IDs. Can be specified multiple times + #[clap(long, short = 'g', number_of_values = 1)] + pub additional_gids: Vec, /// Prevent the process from gaining additional privileges #[clap(long)] pub no_new_privs: bool, @@ -29,6 +36,24 @@ pub struct Exec { /// Detach from the container process #[clap(short, long)] pub detach: bool, + /// Set the asm process label for the process commonly used with selinux + #[clap(long)] + pub process_label: Option, + /// Set the apparmor profile for the process + #[clap(long)] + pub apparmor: Option, + /// Add a capability to the bounding set for the process + #[clap(long, number_of_values = 1)] + pub cap: Vec, + /// Pass N additional file descriptors to the container + #[clap(long, default_value = "0")] + pub preserve_fds: i32, + /// Allow exec in a paused container + #[clap(long)] + pub ignore_paused: bool, + /// Execute a process in a sub-cgroup + #[clap(long)] + pub cgroup: Option, /// Identifier of the container #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] pub container_id: String, @@ -49,3 +74,19 @@ where .ok_or_else(|| format!("invalid KEY=value: no `=` found in `{s}`"))?; Ok((s[..pos].parse()?, s[pos + 1..].parse()?)) } + +fn parse_colon_separated_pair( + s: &str, +) -> Result<(T, Option), Box> +where + T: std::str::FromStr, + T::Err: Error + Send + Sync + 'static, + U: std::str::FromStr, + U::Err: Error + Send + Sync + 'static, +{ + if let Some(pos) = s.find(':') { + Ok((s[..pos].parse()?, Some(s[pos + 1..].parse()?))) + } else { + Ok((s.parse()?, None)) + } +} From c58b30898b212a9f6235da0f4267d867bb40dae6 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Sat, 4 Mar 2023 00:43:17 +0100 Subject: [PATCH 04/14] run: Add missing options to run subcommand Also change the order to match the documentation in https://github.com/opencontainers/runc/blob/main/man/runc-run.8.md Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/run.rs | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/crates/liboci-cli/src/run.rs b/crates/liboci-cli/src/run.rs index e7a9d965f..d0b1e1a92 100644 --- a/crates/liboci-cli/src/run.rs +++ b/crates/liboci-cli/src/run.rs @@ -4,19 +4,34 @@ use std::path::PathBuf; /// Create a container and immediately start it #[derive(Parser, Debug)] pub struct Run { - /// File to write pid of the container created - // note that in the end, container is just another process - #[clap(short, long)] - pub pid_file: Option, - /// path to the bundle directory, containing config.json and root filesystem + /// Path to the bundle directory, containing config.json and root filesystem #[clap(short, long, default_value = ".")] pub bundle: PathBuf, /// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal #[clap(short, long)] pub console_socket: Option, + /// Detach from teh container process + #[clap(short, long)] + pub detach: bool, + /// File to write pid of the container created + // note that in the end, container is just another process + #[clap(short, long)] + pub pid_file: Option, + /// Disable the use of the subreaper used to reap reparented processes + #[clap(long)] + pub no_subreaper: bool, + /// Do not use pivot root to jail process inside rootfs + #[clap(long)] + pub no_pivot: bool, + /// Do not create a new session keyring for the container. This will cause the container to inherit the calling processes session key. + #[clap(long)] + pub no_new_keyring: bool, /// Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total) #[clap(long, default_value = "0")] pub preserve_fds: i32, + // Keep container's state directory and cgroup + #[clap(long)] + pub keep: bool, /// name of the container instance to be started #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] pub container_id: String, From b7f54aa4cdb111e86024f8664e4fd8777129b50e Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Sat, 4 Mar 2023 01:22:02 +0100 Subject: [PATCH 05/14] update: Add missing options to the update subcommand Add command-line options as documented in https://github.com/opencontainers/runc/blob/main/man/runc-update.8.md Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/run.rs | 3 -- crates/liboci-cli/src/update.rs | 58 +++++++++++++++++++++++++++++++-- 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/crates/liboci-cli/src/run.rs b/crates/liboci-cli/src/run.rs index d0b1e1a92..8b7281b8e 100644 --- a/crates/liboci-cli/src/run.rs +++ b/crates/liboci-cli/src/run.rs @@ -10,9 +10,6 @@ pub struct Run { /// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal #[clap(short, long)] pub console_socket: Option, - /// Detach from teh container process - #[clap(short, long)] - pub detach: bool, /// File to write pid of the container created // note that in the end, container is just another process #[clap(short, long)] diff --git a/crates/liboci-cli/src/update.rs b/crates/liboci-cli/src/update.rs index b05f7b24a..eee356cb3 100644 --- a/crates/liboci-cli/src/update.rs +++ b/crates/liboci-cli/src/update.rs @@ -4,15 +4,67 @@ use std::path::PathBuf; /// Update running container resource constraints #[derive(Parser, Debug)] pub struct Update { - #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] - pub container_id: String, - /// Read the new resource limits from the given json file. Use - to read from stdin. /// If this option is used, all other options are ignored. #[clap(short, long)] pub resources: Option, + /// Set a new I/O weight + #[clap(long)] + pub blkio_weight: Option, + + /// Set CPU CFS period to be used for hardcapping (in microseconds) + #[clap(long)] + pub cpu_period: Option, + + /// Set CPU usage limit within a given period (in microseconds) + #[clap(long)] + pub cpu_quota: Option, + + /// Set CPU realtime period to be used for hardcapping (in microseconds) + #[clap(long)] + pub cpu_rt_period: Option, + + /// Set CPU realtime hardcap limit (in microseconds) + #[clap(long)] + pub cpu_rt_runtime: Option, + + /// Set CPU shares (relative weight vs. other containers) + #[clap(long)] + pub cpu_share: Option, + + /// Set CPU(s) to use. The list can contain commas and ranges. For example: 0-3,7 + #[clap(long)] + pub cpuset_cpus: Option, + + /// Set memory node(s) to use. The list format is the same as for --cpuset-cpus. + #[clap(long)] + pub cpuset_mems: Option, + + /// Set memory limit to num bytes. + #[clap(long)] + pub memory: Option, + + /// Set memory reservation (or soft limit) to num bytes. + #[clap(long)] + pub memory_reservation: Option, + + /// Set total memory + swap usage to num bytes. Use -1 to unset the limit (i.e. use unlimited swap). + #[clap(long)] + pub memory_swap: Option, + /// Set the maximum number of processes allowed in the container #[clap(long)] pub pids_limit: Option, + + /// Set the value for Intel RDT/CAT L3 cache schema. + #[clap(long)] + pub l3_cache_schema: Option, + + /// Set the Intel RDT/MBA memory bandwidth schema. + #[clap(long)] + pub mem_bw_schema: Option, + + #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] + pub container_id: String, } From e2234039ccddd877cbb0309dec3af6ebf1f283df Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Sat, 4 Mar 2023 01:29:05 +0100 Subject: [PATCH 06/14] spec: Add options for the spec subcommand Add the missing bundle option, as documented in https://github.com/opencontainers/runc/blob/main/man/runc-spec.8.md Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/spec.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crates/liboci-cli/src/spec.rs b/crates/liboci-cli/src/spec.rs index 6f685fcdd..d2f034f09 100644 --- a/crates/liboci-cli/src/spec.rs +++ b/crates/liboci-cli/src/spec.rs @@ -1,8 +1,13 @@ use clap::Parser; +use std::path::PathBuf; /// Command generates a config.json #[derive(Parser, Debug)] pub struct Spec { + /// Set path to the root of the bundle directory + #[clap(long, short)] + pub bundle: Option, + /// Generate a configuration for a rootless container #[clap(long)] pub rootless: bool, From 4c57517b643748c9afefef769f8cd9d1f6cc7a2f Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Tue, 7 Mar 2023 18:28:14 +0100 Subject: [PATCH 07/14] features: Add features subcommand The 'features' subcommand is not publicly documented yet, but it was introduced in `runc` in https://github.com/opencontainers/runc/pull/3296. Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/features.rs | 7 +++++++ crates/liboci-cli/src/lib.rs | 6 ++++-- crates/youki/src/commands/features.rs | 8 ++++++++ crates/youki/src/commands/mod.rs | 1 + crates/youki/src/main.rs | 1 + 5 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 crates/liboci-cli/src/features.rs create mode 100644 crates/youki/src/commands/features.rs diff --git a/crates/liboci-cli/src/features.rs b/crates/liboci-cli/src/features.rs new file mode 100644 index 000000000..109d54c17 --- /dev/null +++ b/crates/liboci-cli/src/features.rs @@ -0,0 +1,7 @@ +use clap::Parser; + +/// Return the features list for a container +/// This is not a documented subcommand of runc yet, but it was introduced by +/// https://github.com/opencontainers/runc/pull/3296 +#[derive(Parser, Debug)] +pub struct Features {} diff --git a/crates/liboci-cli/src/lib.rs b/crates/liboci-cli/src/lib.rs index 6576cfdf4..89c48a6d4 100644 --- a/crates/liboci-cli/src/lib.rs +++ b/crates/liboci-cli/src/lib.rs @@ -17,6 +17,7 @@ pub use {create::Create, delete::Delete, kill::Kill, start::Start, state::State} mod checkpoint; mod events; mod exec; +mod features; mod list; mod pause; mod ps; @@ -26,8 +27,8 @@ mod spec; mod update; pub use { - checkpoint::Checkpoint, events::Events, exec::Exec, list::List, pause::Pause, ps::Ps, - resume::Resume, run::Run, spec::Spec, update::Update, + checkpoint::Checkpoint, events::Events, exec::Exec, features::Features, list::List, + pause::Pause, ps::Ps, resume::Resume, run::Run, spec::Spec, update::Update, }; // Subcommands parsed by liboci-cli, based on the [OCI @@ -52,6 +53,7 @@ pub enum CommonCmd { Checkpointt(Checkpoint), Events(Events), Exec(Exec), + Features(Features), List(List), Pause(Pause), #[clap(allow_hyphen_values = true)] diff --git a/crates/youki/src/commands/features.rs b/crates/youki/src/commands/features.rs new file mode 100644 index 000000000..bf359bd0a --- /dev/null +++ b/crates/youki/src/commands/features.rs @@ -0,0 +1,8 @@ +//! Contains Functionality of `features` container command +use anyhow::Result; +use liboci_cli::Features; + +/// lists all existing containers +pub fn features(_: Features) -> Result<()> { + Ok(()) +} diff --git a/crates/youki/src/commands/mod.rs b/crates/youki/src/commands/mod.rs index 7cd3669ac..0c763c529 100644 --- a/crates/youki/src/commands/mod.rs +++ b/crates/youki/src/commands/mod.rs @@ -13,6 +13,7 @@ pub mod create; pub mod delete; pub mod events; pub mod exec; +pub mod features; pub mod info; pub mod kill; pub mod list; diff --git a/crates/youki/src/main.rs b/crates/youki/src/main.rs index bf82cb76c..77d4ec269 100644 --- a/crates/youki/src/main.rs +++ b/crates/youki/src/main.rs @@ -127,6 +127,7 @@ fn main() -> Result<()> { std::process::exit(-1); } }, + CommonCmd::Features(features) => commands::features::features(features), CommonCmd::List(list) => commands::list::list(list, root_path), CommonCmd::Pause(pause) => commands::pause::pause(pause, root_path), CommonCmd::Ps(ps) => commands::ps::ps(ps, root_path), From 136abf54547b84817f973d1c1c90a33c4081d0f3 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Wed, 8 Mar 2023 10:28:14 +0100 Subject: [PATCH 08/14] liboci-cli: Update README with information about features subcommand The `features` subcommand is implemented in `runc`, but not documented. See https://github.com/opencontainers/runc/pull/3296 Signed-off-by: Christophe de Dinechin Suggested-by: Toru Komatsu --- crates/liboci-cli/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crates/liboci-cli/README.md b/crates/liboci-cli/README.md index ea5809ae9..a322836ee 100644 --- a/crates/liboci-cli/README.md +++ b/crates/liboci-cli/README.md @@ -16,6 +16,7 @@ Interface](https://github.com/opencontainers/runtime-tools/blob/master/docs/comm | checkpoint | | | ✅ | ✅ | | | events | ✅ | | ✅ | | ✅ | | exec | ✅ | | ✅ | ✅ | ✅ | +| features | ✅ | | 🏴 | | | | list | ✅ | | ✅ | ✅ | ✅ | | pause | ✅ | | ✅ | ✅ | ✅ | | ps | ✅ | | ✅ | ✅ | ✅ | @@ -24,3 +25,6 @@ Interface](https://github.com/opencontainers/runtime-tools/blob/master/docs/comm | run | ✅ | | ✅ | ✅ | ✅ | | spec | ✅ | | ✅ | ✅ | ✅ | | update | | | ✅ | ✅ | | + +🏴 The `features` subcommand is [implemented](https://github.com/opencontainers/runc/pull/3296) +in `runc`, but not documented. From e2dc2831b18724fb464d41257eb0f5506677164c Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Sat, 4 Mar 2023 00:12:38 +0100 Subject: [PATCH 09/14] list: Add missing command-line options Add the command-line options documented in https://github.com/opencontainers/runc/blob/main/man/runc-list.8.md Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/list.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crates/liboci-cli/src/list.rs b/crates/liboci-cli/src/list.rs index 44a2ad2d1..acb49eb8a 100644 --- a/crates/liboci-cli/src/list.rs +++ b/crates/liboci-cli/src/list.rs @@ -2,4 +2,12 @@ use clap::Parser; /// List created containers #[derive(Parser, Debug)] -pub struct List {} +pub struct List { + /// Specify the format (default or table) + #[clap(long, default_value = "table")] + pub format: String, + + /// Only display container IDs + #[clap(long, short)] + pub quiet: bool, +} From d258324a89196d71de9d193f00787b40ac483cf8 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Fri, 3 Mar 2023 23:37:25 +0100 Subject: [PATCH 10/14] ociplex: Change order of exec subcommand to match documentation We have to pick an order for the command-line options. Let's just use the same order as in the runc documentation (since this will also be the order shown by the command-line help) Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/exec.rs | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/crates/liboci-cli/src/exec.rs b/crates/liboci-cli/src/exec.rs index eb9df44b9..2e53d57b1 100644 --- a/crates/liboci-cli/src/exec.rs +++ b/crates/liboci-cli/src/exec.rs @@ -10,38 +10,38 @@ pub struct Exec { /// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal #[clap(long)] pub console_socket: Option, - #[clap(short, long)] - pub tty: bool, #[clap(long)] /// Current working directory of the container pub cwd: Option, - #[clap(long)] - /// The file to which the pid of the container process should be written to - pub pid_file: Option, /// Environment variables that should be set in the container #[clap(short, long, value_parser = parse_key_val::, number_of_values = 1)] pub env: Vec<(String, String)>, + #[clap(short, long)] + pub tty: bool, /// Run the command as a user #[clap(short, long, value_parser = parse_colon_separated_pair::)] pub user: Option<(u32, Option)>, /// Add additional group IDs. Can be specified multiple times #[clap(long, short = 'g', number_of_values = 1)] pub additional_gids: Vec, - /// Prevent the process from gaining additional privileges - #[clap(long)] - pub no_new_privs: bool, /// Path to process.json #[clap(short, long)] pub process: Option, /// Detach from the container process #[clap(short, long)] pub detach: bool, + #[clap(long)] + /// The file to which the pid of the container process should be written to + pub pid_file: Option, /// Set the asm process label for the process commonly used with selinux #[clap(long)] pub process_label: Option, /// Set the apparmor profile for the process #[clap(long)] pub apparmor: Option, + /// Prevent the process from gaining additional privileges + #[clap(long)] + pub no_new_privs: bool, /// Add a capability to the bounding set for the process #[clap(long, number_of_values = 1)] pub cap: Vec, @@ -54,9 +54,11 @@ pub struct Exec { /// Execute a process in a sub-cgroup #[clap(long)] pub cgroup: Option, + /// Identifier of the container #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)] pub container_id: String, + /// Command that should be executed in the container #[clap(required = false)] pub command: Vec, From a3ac34a46432ace43e3289c67d61c8326eb3c008 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Mon, 10 Jul 2023 10:49:28 +0200 Subject: [PATCH 11/14] Document the `features` subcommand. The `features` subcommand is now officially documented. Update the links to the documentation. Signed-off-by: Christophe de Dinechin Suggested-by: Toru Komatsu --- crates/liboci-cli/README.md | 5 +---- crates/liboci-cli/src/features.rs | 4 +++- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/crates/liboci-cli/README.md b/crates/liboci-cli/README.md index a322836ee..bd0b5c2f6 100644 --- a/crates/liboci-cli/README.md +++ b/crates/liboci-cli/README.md @@ -16,7 +16,7 @@ Interface](https://github.com/opencontainers/runtime-tools/blob/master/docs/comm | checkpoint | | | ✅ | ✅ | | | events | ✅ | | ✅ | | ✅ | | exec | ✅ | | ✅ | ✅ | ✅ | -| features | ✅ | | 🏴 | | | +| features | ✅ | | ✅ | | | | list | ✅ | | ✅ | ✅ | ✅ | | pause | ✅ | | ✅ | ✅ | ✅ | | ps | ✅ | | ✅ | ✅ | ✅ | @@ -25,6 +25,3 @@ Interface](https://github.com/opencontainers/runtime-tools/blob/master/docs/comm | run | ✅ | | ✅ | ✅ | ✅ | | spec | ✅ | | ✅ | ✅ | ✅ | | update | | | ✅ | ✅ | | - -🏴 The `features` subcommand is [implemented](https://github.com/opencontainers/runc/pull/3296) -in `runc`, but not documented. diff --git a/crates/liboci-cli/src/features.rs b/crates/liboci-cli/src/features.rs index 109d54c17..384a2953d 100644 --- a/crates/liboci-cli/src/features.rs +++ b/crates/liboci-cli/src/features.rs @@ -1,7 +1,9 @@ use clap::Parser; /// Return the features list for a container -/// This is not a documented subcommand of runc yet, but it was introduced by +/// This subcommand was introduced in runc by /// https://github.com/opencontainers/runc/pull/3296 +/// It is documented here: +/// https://github.com/opencontainers/runtime-spec/blob/main/features-linux.md #[derive(Parser, Debug)] pub struct Features {} From 3b13f73cedd3ddeac2e5104f16e44f47d8be0e04 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Mon, 10 Jul 2023 11:15:25 +0200 Subject: [PATCH 12/14] Rename `parse_key_val` and `parse_colon_separated_pair` It is better to describe the intent of the parsing than how it is done. Signed-off-by: Christophe de Dinechin Suggested-by: Eric Fang --- crates/liboci-cli/src/exec.rs | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/crates/liboci-cli/src/exec.rs b/crates/liboci-cli/src/exec.rs index 2e53d57b1..8212d2196 100644 --- a/crates/liboci-cli/src/exec.rs +++ b/crates/liboci-cli/src/exec.rs @@ -14,12 +14,12 @@ pub struct Exec { /// Current working directory of the container pub cwd: Option, /// Environment variables that should be set in the container - #[clap(short, long, value_parser = parse_key_val::, number_of_values = 1)] + #[clap(short, long, value_parser = parse_env::, number_of_values = 1)] pub env: Vec<(String, String)>, #[clap(short, long)] pub tty: bool, /// Run the command as a user - #[clap(short, long, value_parser = parse_colon_separated_pair::)] + #[clap(short, long, value_parser = parse_user::)] pub user: Option<(u32, Option)>, /// Add additional group IDs. Can be specified multiple times #[clap(long, short = 'g', number_of_values = 1)] @@ -64,7 +64,7 @@ pub struct Exec { pub command: Vec, } -fn parse_key_val(s: &str) -> Result<(T, U), Box> +fn parse_env(s: &str) -> Result<(T, U), Box> where T: std::str::FromStr, T::Err: Error + Send + Sync + 'static, @@ -73,13 +73,11 @@ where { let pos = s .find('=') - .ok_or_else(|| format!("invalid KEY=value: no `=` found in `{s}`"))?; + .ok_or_else(|| format!("invalid VAR=value: no `=` found in `{s}`"))?; Ok((s[..pos].parse()?, s[pos + 1..].parse()?)) } -fn parse_colon_separated_pair( - s: &str, -) -> Result<(T, Option), Box> +fn parse_user(s: &str) -> Result<(T, Option), Box> where T: std::str::FromStr, T::Err: Error + Send + Sync + 'static, From bcabc067f538c497bdfb5c506353b11bea411242 Mon Sep 17 00:00:00 2001 From: Christophe de Dinechin Date: Wed, 12 Jul 2023 11:24:47 +0200 Subject: [PATCH 13/14] exec: Box the Exec structure The `Exec` structure is large compared to the others. This causes `just lint` to complain: ``` error: large size difference between variants --> crates/youki/src/main.rs:48:1 | 48 | / enum SubCommand { 49 | | // Standard and common commands handled by the liboci_cli crate 50 | | #[clap(flatten)] 51 | | Standard(liboci_cli::StandardCmd), | | --------------------------------- the second-largest variant contains at least 104 bytes 52 | | #[clap(flatten)] 53 | | Common(liboci_cli::CommonCmd), | | ----------------------------- the largest variant contains at least 320 bytes ... | 57 | | Completion(commands::completion::Completion), 58 | | } | |_^ the entire enum is at least 320 bytes | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#large_enum_variant = note: `-D clippy::large-enum-variant` implied by `-D warnings` help: consider boxing the large fields to reduce the total size of the enum | 53 | Common(Box), | ~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` Boxing the `Exec` variant prevents this problem from happening. Signed-off-by: Christophe de Dinechin --- crates/liboci-cli/src/lib.rs | 2 +- crates/youki/src/main.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/liboci-cli/src/lib.rs b/crates/liboci-cli/src/lib.rs index 89c48a6d4..6dafaf44a 100644 --- a/crates/liboci-cli/src/lib.rs +++ b/crates/liboci-cli/src/lib.rs @@ -52,7 +52,7 @@ pub enum StandardCmd { pub enum CommonCmd { Checkpointt(Checkpoint), Events(Events), - Exec(Exec), + Exec(Box), Features(Features), List(List), Pause(Pause), diff --git a/crates/youki/src/main.rs b/crates/youki/src/main.rs index 77d4ec269..09374a415 100644 --- a/crates/youki/src/main.rs +++ b/crates/youki/src/main.rs @@ -120,7 +120,7 @@ fn main() -> Result<()> { commands::checkpoint::checkpoint(checkpoint, root_path) } CommonCmd::Events(events) => commands::events::events(events, root_path), - CommonCmd::Exec(exec) => match commands::exec::exec(exec, root_path) { + CommonCmd::Exec(exec) => match commands::exec::exec(*exec, root_path) { Ok(exit_code) => std::process::exit(exit_code), Err(e) => { eprintln!("exec failed : {e}"); From cdb860d2ecd58894ab3bfe0e89c02b602a1d7d3a Mon Sep 17 00:00:00 2001 From: yihuaf Date: Wed, 12 Jul 2023 15:35:29 -0700 Subject: [PATCH 14/14] box up commands enum to avoid lints Signed-off-by: yihuaf --- crates/liboci-cli/src/lib.rs | 2 +- crates/youki/src/main.rs | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crates/liboci-cli/src/lib.rs b/crates/liboci-cli/src/lib.rs index 6dafaf44a..89c48a6d4 100644 --- a/crates/liboci-cli/src/lib.rs +++ b/crates/liboci-cli/src/lib.rs @@ -52,7 +52,7 @@ pub enum StandardCmd { pub enum CommonCmd { Checkpointt(Checkpoint), Events(Events), - Exec(Box), + Exec(Exec), Features(Features), List(List), Pause(Pause), diff --git a/crates/youki/src/main.rs b/crates/youki/src/main.rs index 09374a415..6a92be8d0 100644 --- a/crates/youki/src/main.rs +++ b/crates/youki/src/main.rs @@ -48,9 +48,9 @@ struct Opts { enum SubCommand { // Standard and common commands handled by the liboci_cli crate #[clap(flatten)] - Standard(liboci_cli::StandardCmd), + Standard(Box), #[clap(flatten)] - Common(liboci_cli::CommonCmd), + Common(Box), // Youki specific extensions Info(info::Info), @@ -106,7 +106,7 @@ fn main() -> Result<()> { let systemd_cgroup = opts.global.systemd_cgroup; let cmd_result = match opts.subcmd { - SubCommand::Standard(cmd) => match cmd { + SubCommand::Standard(cmd) => match *cmd { StandardCmd::Create(create) => { commands::create::create(create, root_path, systemd_cgroup) } @@ -115,12 +115,12 @@ fn main() -> Result<()> { StandardCmd::Delete(delete) => commands::delete::delete(delete, root_path), StandardCmd::State(state) => commands::state::state(state, root_path), }, - SubCommand::Common(cmd) => match cmd { + SubCommand::Common(cmd) => match *cmd { CommonCmd::Checkpointt(checkpoint) => { commands::checkpoint::checkpoint(checkpoint, root_path) } CommonCmd::Events(events) => commands::events::events(events, root_path), - CommonCmd::Exec(exec) => match commands::exec::exec(*exec, root_path) { + CommonCmd::Exec(exec) => match commands::exec::exec(exec, root_path) { Ok(exit_code) => std::process::exit(exit_code), Err(e) => { eprintln!("exec failed : {e}");