runtime-rs: Label system journal log with kata

Route kata-shim logs directly to systemd-journald under 'kata' identifier.

This refactoring enables `kata-shim` logs to be properly attributed to
'kata' in systemd-journald, instead of inheriting the 'containerd'
identifier.

Previously, `kata-shim` logs were challenging to filter and debug as
they
appeared under the `containerd.service` unit.

This commit resolves this by:
1.  Introducing a `LogDestination` enum to explicitly define logging
targets (File or Journal).
2.  Modifying logger creation to set `SYSLOG_IDENTIFIER=kata` when
logging
to Journald.
3.  Ensuring type safety and correct ownership handling for different
logging backends.

This significantly enhances the observability and debuggability of Kata
Containers, making it easier to monitor and troubleshoot Kata-specific
events.

Fixes: #11590

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
Signed-off-by: Alex Lyn <alex.lyn@antgroup.com>

src/runtime-rs/Cargo.lock

@@ -851,6 +851,16 @@ dependencies = [
  "typenum",
 ]
 
+[[package]]
+name = "crypto-mac"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
+dependencies = [
+ "generic-array",
+ "subtle",
+]
+
 [[package]]
 name = "darling"
 version = "0.14.4"
@@ -1787,6 +1797,16 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
+[[package]]
+name = "hmac"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
+dependencies = [
+ "crypto-mac",
+ "digest 0.9.0",
+]
+
 [[package]]
 name = "hmac"
 version = "0.12.1"
@@ -2304,6 +2324,23 @@ version = "0.2.172"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
 
+[[package]]
+name = "libsystemd"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f4f0b5b062ba67aa075e331de778082c09e66b5ef32970ea5a1e9c37c9555d1"
+dependencies = [
+ "hmac 0.11.0",
+ "libc",
+ "log",
+ "nix 0.23.2",
+ "once_cell",
+ "serde",
+ "sha2 0.9.3",
+ "thiserror 1.0.69",
+ "uuid 0.8.2",
+]
+
 [[package]]
 name = "libz-sys"
 version = "1.1.22"
@@ -2390,6 +2427,7 @@ dependencies = [
  "serde_json",
  "slog",
  "slog-async",
+ "slog-journald",
  "slog-json",
  "slog-scope",
  "slog-term",
@@ -2797,7 +2835,7 @@ dependencies = [
  "bitflags 1.3.2",
  "fuse-backend-rs",
  "hex",
- "hmac",
+ "hmac 0.12.1",
  "httpdate",
  "lazy_static",
  "libc",
@@ -4464,6 +4502,16 @@ dependencies = [
  "thread_local",
 ]
 
+[[package]]
+name = "slog-journald"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83e14eb8c2f5d0c8fc9fbac40e6391095e4dc5cb334f7dce99c75cb1919eb39c"
+dependencies = [
+ "libsystemd",
+ "slog",
+]
+
 [[package]]
 name = "slog-json"
 version = "2.6.1"
@@ -4617,9 +4665,9 @@ dependencies = [
 
 [[package]]
 name = "subtle"
-version = "2.5.0"
+version = "2.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
 
 [[package]]
 name = "syn"
@@ -5195,6 +5243,15 @@ dependencies = [
  "rand 0.3.23",
 ]
 
+[[package]]
+name = "uuid"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "uuid"
 version = "1.16.0"

src/runtime-rs/crates/shim/src/logger.rs

@@ -4,31 +4,22 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 
-use std::os::unix::fs::OpenOptionsExt;
-
 use anyhow::{Context, Result};
 
-use crate::Error;
-
-pub(crate) fn set_logger(path: &str, sid: &str, is_debug: bool) -> Result<slog_async::AsyncGuard> {
-    //it's better to open the log pipe file with read & write option,
-    //otherwise, once the containerd reboot and closed the read endpoint,
-    //kata shim would write the log pipe with broken pipe error.
-    let fifo = std::fs::OpenOptions::new()
-        .custom_flags(libc::O_NONBLOCK)
-        .create(true)
-        .read(true)
-        .write(true)
-        .open(path)
-        .context(Error::FileOpen(path.to_string()))?;
-
+pub(crate) fn set_logger(_path: &str, sid: &str, is_debug: bool) -> Result<slog_async::AsyncGuard> {
     let level = if is_debug {
         slog::Level::Debug
     } else {
         slog::Level::Info
     };
 
-    let (logger, async_guard) = logging::create_logger("kata-runtime", sid, level, fifo);
+    // Use journal logger to send logs to systemd journal with "kata" identifier
+    let (logger, async_guard) = logging::create_logger_with_destination(
+        "kata-runtime",
+        sid,
+        level,
+        logging::LogDestination::Journal,
+    );
 
     // not reset global logger when drop
     slog_scope::set_global_logger(logger).cancel_reset();