From 84ee8aa8b2fbaa4bfe8a24d74a6e140fc22bc58e Mon Sep 17 00:00:00 2001 From: bin Date: Fri, 30 Apr 2021 18:52:30 +0800 Subject: [PATCH 1/3] agent: delete not used functions In file src/agent/rustjail/src/validator.rs, these two functions are not used: - get_namespace_path - check_host_ns Fixes: #1783 Signed-off-by: bin --- src/agent/rustjail/src/validator.rs | 54 ----------------------------- 1 file changed, 54 deletions(-) diff --git a/src/agent/rustjail/src/validator.rs b/src/agent/rustjail/src/validator.rs index 9dbbd19ddb..358cceddf0 100644 --- a/src/agent/rustjail/src/validator.rs +++ b/src/agent/rustjail/src/validator.rs @@ -28,16 +28,6 @@ fn contain_namespace(nses: &[LinuxNamespace], key: &str) -> bool { false } -fn get_namespace_path(nses: &[LinuxNamespace], key: &str) -> Result { - for ns in nses { - if ns.r#type.as_str() == key { - return Ok(ns.path.clone()); - } - } - - Err(einval()) -} - fn rootfs(root: &str) -> Result<()> { let path = PathBuf::from(root); // not absolute path or not exists @@ -166,31 +156,6 @@ lazy_static! { }; } -fn check_host_ns(path: &str) -> Result<()> { - let cpath = PathBuf::from(path); - let hpath = PathBuf::from("/proc/self/ns/net"); - - let real_hpath = hpath - .read_link() - .context(format!("read link {:?}", hpath))?; - let meta = cpath - .symlink_metadata() - .context(format!("symlink metadata {:?}", cpath))?; - let file_type = meta.file_type(); - - if !file_type.is_symlink() { - return Ok(()); - } - let real_cpath = cpath - .read_link() - .context(format!("read link {:?}", cpath))?; - if real_cpath == real_hpath { - return Err(einval()); - } - - Ok(()) -} - fn sysctl(oci: &Spec) -> Result<()> { let linux = get_linux(oci)?; @@ -334,19 +299,6 @@ mod tests { assert_eq!(contain_namespace(&namespaces, ""), false); assert_eq!(contain_namespace(&namespaces, "Net"), false); assert_eq!(contain_namespace(&namespaces, "ipc"), false); - - assert_eq!( - get_namespace_path(&namespaces, "net").unwrap(), - "/sys/cgroups/net" - ); - assert_eq!( - get_namespace_path(&namespaces, "uts").unwrap(), - "/sys/cgroups/uts" - ); - - get_namespace_path(&namespaces, "").unwrap_err(); - get_namespace_path(&namespaces, "Uts").unwrap_err(); - get_namespace_path(&namespaces, "ipc").unwrap_err(); } #[test] @@ -528,12 +480,6 @@ mod tests { rootless_euid(&spec).unwrap(); } - #[test] - fn test_check_host_ns() { - check_host_ns("/proc/self/ns/net").unwrap_err(); - check_host_ns("/proc/sys/net/ipv4/tcp_sack").unwrap(); - } - #[test] fn test_sysctl() { let mut spec = Spec::default(); From 6038da19034652fcc9245f8ac1653775b60af583 Mon Sep 17 00:00:00 2001 From: bin Date: Fri, 30 Apr 2021 19:09:04 +0800 Subject: [PATCH 2/3] agent: delete rustjail/src/configs directory This directory is not used anymore. Fixes: #1783 Signed-off-by: bin --- src/agent/rustjail/src/configs/device.rs | 56 --- src/agent/rustjail/src/configs/mod.rs | 372 ------------------- src/agent/rustjail/src/configs/namespaces.rs | 46 --- src/agent/rustjail/src/configs/validator.rs | 23 -- 4 files changed, 497 deletions(-) delete mode 100644 src/agent/rustjail/src/configs/device.rs delete mode 100644 src/agent/rustjail/src/configs/mod.rs delete mode 100644 src/agent/rustjail/src/configs/namespaces.rs delete mode 100644 src/agent/rustjail/src/configs/validator.rs diff --git a/src/agent/rustjail/src/configs/device.rs b/src/agent/rustjail/src/configs/device.rs deleted file mode 100644 index 0c59f6affe..0000000000 --- a/src/agent/rustjail/src/configs/device.rs +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright (c) 2019 Ant Financial -// -// SPDX-License-Identifier: Apache-2.0 -// - -use libc::*; -use serde; -#[macro_use] -use serde_derive; -use serde_json; - -#[derive(Serialize, Deserialize, Debug)] -pub struct Device { - #[serde(default)] - r#type: char, - #[serde(default)] - path: String, - #[serde(default)] - major: i64, - #[serde(default)] - minor: i64, - #[serde(default)] - permissions: String, - #[serde(default)] - file_mode: mode_t, - #[serde(default)] - uid: i32, - #[serde(default)] - gid: i32, - #[serde(default)] - allow: bool, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct BlockIODevice { - #[serde(default)] - major: i64, - #[serde(default)] - minor: i64, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct WeightDevice { - block: BlockIODevice, - #[serde(default)] - weight: u16, - #[serde(default, rename = "leafWeight")] - leaf_weight: u16, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct ThrottleDevice { - block: BlockIODevice, - #[serde(default)] - rate: u64, -} diff --git a/src/agent/rustjail/src/configs/mod.rs b/src/agent/rustjail/src/configs/mod.rs deleted file mode 100644 index c7e680d1a9..0000000000 --- a/src/agent/rustjail/src/configs/mod.rs +++ /dev/null @@ -1,372 +0,0 @@ -// Copyright (c) 2019 Ant Financial -// -// SPDX-License-Identifier: Apache-2.0 -// - -use serde; -#[macro_use] -use serde_derive; -use serde_json; - -use protocols::oci::State as OCIState; - -use std::collections::HashMap; -use std::fmt; -use std::path::PathBuf; -use std::time::Duration; - -use nix::unistd; - -use self::device::{Device, ThrottleDevice, WeightDevice}; -use self::namespaces::Namespaces; -use crate::specconv::CreateOpts; - -pub mod device; -pub mod namespaces; -pub mod validator; - -#[derive(Serialize, Deserialize, Debug)] -pub struct Rlimit { - #[serde(default)] - r#type: i32, - #[serde(default)] - hard: i32, - #[serde(default)] - soft: i32, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct IDMap { - #[serde(default)] - container_id: i32, - #[serde(default)] - host_id: i32, - #[serde(default)] - size: i32, -} - -type Action = i32; - -#[derive(Serialize, Deserialize, Debug)] -pub struct Seccomp { - #[serde(default)] - default_action: Action, - #[serde(default)] - architectures: Vec, - #[serde(default)] - flags: Vec, - #[serde(default)] - syscalls: Vec, -} - -type Operator = i32; - -#[derive(Serialize, Deserialize, Debug)] -pub struct Arg { - #[serde(default)] - index: u32, - #[serde(default)] - value: u64, - #[serde(default)] - value_two: u64, - #[serde(default)] - op: Operator, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Syscall { - #[serde(default, skip_serializing_if = "String::is_empty")] - names: String, - #[serde(default)] - action: Action, - #[serde(default, rename = "errnoRet")] - errno_ret: u32, - #[serde(default, skip_serializing_if = "Vec::is_empty")] - args: Vec, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Config<'a> { - #[serde(default)] - no_pivot_root: bool, - #[serde(default)] - parent_death_signal: i32, - #[serde(default)] - rootfs: String, - #[serde(default)] - readonlyfs: bool, - #[serde(default, rename = "rootPropagation")] - root_propagation: i32, - #[serde(default)] - mounts: Vec, - #[serde(default)] - devices: Vec, - #[serde(default)] - mount_label: String, - #[serde(default)] - hostname: String, - #[serde(default)] - namespaces: Namespaces, - #[serde(default)] - capabilities: Option, - #[serde(default)] - networks: Vec, - #[serde(default)] - routes: Vec, - #[serde(default)] - cgroups: Option>, - #[serde(default, skip_serializing_if = "String::is_empty")] - apparmor_profile: String, - #[serde(default, skip_serializing_if = "String::is_empty")] - process_label: String, - #[serde(default, skip_serializing_if = "Vec::is_empty")] - rlimits: Vec, - #[serde(default)] - oom_score_adj: Option, - #[serde(default)] - uid_mappings: Vec, - #[serde(default)] - gid_mappings: Vec, - #[serde(default)] - mask_paths: Vec, - #[serde(default)] - readonly_paths: Vec, - #[serde(default)] - sysctl: HashMap, - #[serde(default)] - seccomp: Option, - #[serde(default)] - no_new_privileges: bool, - hooks: Option, - #[serde(default)] - version: String, - #[serde(default)] - labels: Vec, - #[serde(default)] - no_new_keyring: bool, - #[serde(default)] - intel_rdt: Option, - #[serde(default)] - rootless_euid: bool, - #[serde(default)] - rootless_cgroups: bool, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Hooks { - prestart: Vec>, - poststart: Vec>, - poststop: Vec>, -} -#[derive(Serialize, Deserialize, Debug)] -pub struct Capabilities { - bounding: Vec, - effective: Vec, - inheritable: Vec, - permitted: Vec, - ambient: Vec, -} - -pub trait Hook { - fn run(&self, state: &OCIState) -> Result<()>; -} - -pub struct FuncHook { - // run: fn(&OCIState) -> Result<()>, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Command { - #[serde(default)] - path: String, - #[serde(default)] - args: Vec, - #[serde(default)] - env: Vec, - #[serde(default)] - dir: String, - #[serde(default)] - timeout: Duration, -} - -pub struct CommandHook { - command: Command, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Mount { - #[serde(default)] - source: String, - #[serde(default)] - destination: String, - #[serde(default)] - device: String, - #[serde(default)] - flags: i32, - #[serde(default)] - propagation_flags: Vec, - #[serde(default)] - data: String, - #[serde(default)] - relabel: String, - #[serde(default)] - extensions: i32, - #[serde(default)] - premount_cmds: Vec, - #[serde(default)] - postmount_cmds: Vec, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct HugepageLimit { - #[serde(default)] - page_size: String, - #[serde(default)] - limit: u64, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct IntelRdt { - #[serde(default, skip_serializing_if = "String::is_empty")] - l3_cache_schema: String, - #[serde( - default, - rename = "memBwSchema", - skip_serializing_if = "String::is_empty" - )] - mem_bw_schema: String, -} - -pub type FreezerState = String; - -#[derive(Serialize, Deserialize, Debug)] -pub struct Cgroup<'a> { - #[serde(default, skip_serializing_if = "String::is_empty")] - name: String, - #[serde(default, skip_serializing_if = "String::is_empty")] - parent: String, - #[serde(default)] - path: String, - #[serde(default)] - scope_prefix: String, - paths: HashMap, - resource: &'a Resources<'a>, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Resources<'a> { - #[serde(default)] - allow_all_devices: bool, - #[serde(default, skip_serializing_if = "Vec::is_empty")] - allowed_devices: Vec<&'a Device>, - #[serde(default, skip_serializing_if = "Vec::is_empty")] - denied_devices: Vec<&'a Device>, - #[serde(default)] - devices: Vec<&'a Device>, - #[serde(default)] - memory: i64, - #[serde(default)] - memory_reservation: i64, - #[serde(default)] - memory_swap: i64, - #[serde(default)] - kernel_memory: i64, - #[serde(default)] - kernel_memory_tcp: i64, - #[serde(default)] - cpu_shares: u64, - #[serde(default)] - cpu_quota: i64, - #[serde(default)] - cpu_period: u64, - #[serde(default)] - cpu_rt_quota: i64, - #[serde(default)] - cpu_rt_period: u64, - #[serde(default)] - cpuset_cpus: String, - #[serde(default)] - cpuset_mems: String, - #[serde(default)] - pids_limit: i64, - #[serde(default)] - blkio_weight: u64, - #[serde(default)] - blkio_leaf_weight: u64, - #[serde(default)] - blkio_weight_device: Vec<&'a WeightDevice>, - #[serde(default)] - blkio_throttle_read_bps_device: Vec<&'a ThrottleDevice>, - #[serde(default)] - blkio_throttle_write_bps_device: Vec<&'a ThrottleDevice>, - #[serde(default)] - blkio_throttle_read_iops_device: Vec<&'a ThrottleDevice>, - #[serde(default)] - blkio_throttle_write_iops_device: Vec<&'a ThrottleDevice>, - #[serde(default)] - freezer: FreezerState, - #[serde(default)] - hugetlb_limit: Vec<&'a HugepageLimit>, - #[serde(default)] - oom_kill_disable: bool, - #[serde(default)] - memory_swapiness: u64, - #[serde(default)] - net_prio_ifpriomap: Vec<&'a IfPrioMap>, - #[serde(default)] - net_cls_classid_u: u32, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Network { - #[serde(default)] - r#type: String, - #[serde(default)] - name: String, - #[serde(default)] - bridge: String, - #[serde(default)] - mac_address: String, - #[serde(default)] - address: String, - #[serde(default)] - gateway: String, - #[serde(default)] - ipv6_address: String, - #[serde(default)] - ipv6_gateway: String, - #[serde(default)] - mtu: i32, - #[serde(default)] - txqueuelen: i32, - #[serde(default)] - host_interface_name: String, - #[serde(default)] - hairpin_mode: bool, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct Route { - #[serde(default)] - destination: String, - #[serde(default)] - source: String, - #[serde(default)] - gateway: String, - #[serde(default)] - interface_name: String, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct IfPrioMap { - #[serde(default)] - interface: String, - #[serde(default)] - priority: i32, -} - -impl IfPrioMap { - fn cgroup_string(&self) -> String { - format!("{} {}", self.interface, self.priority) - } -} diff --git a/src/agent/rustjail/src/configs/namespaces.rs b/src/agent/rustjail/src/configs/namespaces.rs deleted file mode 100644 index 547f640e40..0000000000 --- a/src/agent/rustjail/src/configs/namespaces.rs +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright (c) 2019 Ant Financial -// -// SPDX-License-Identifier: Apache-2.0 -// - -use serde; -#[macro_use] -use serde_derive; -use serde_json; - -use std::collections::HashMap; -#[macro_use] -use lazy_static; - -pub type NamespaceType = String; -pub type Namespaces = Vec; - -#[derive(Serialize, Deserialize, Debug)] -pub struct Namespace { - #[serde(default)] - r#type: NamespaceType, - #[serde(default)] - path: String, -} - -pub const NEWNET: &'static str = "NEWNET"; -pub const NEWPID: &'static str = "NEWPID"; -pub const NEWNS: &'static str = "NEWNS"; -pub const NEWUTS: &'static str = "NEWUTS"; -pub const NEWUSER: &'static str = "NEWUSER"; -pub const NEWCGROUP: &'static str = "NEWCGROUP"; -pub const NEWIPC: &'static str = "NEWIPC"; - -lazy_static! { - static ref TYPETONAME: HashMap<&'static str, &'static str> = { - let mut m = HashMap::new(); - m.insert("pid", "pid"); - m.insert("network", "net"); - m.insert("mount", "mnt"); - m.insert("user", "user"); - m.insert("uts", "uts"); - m.insert("ipc", "ipc"); - m.insert("cgroup", "cgroup"); - m - }; -} diff --git a/src/agent/rustjail/src/configs/validator.rs b/src/agent/rustjail/src/configs/validator.rs deleted file mode 100644 index 97e8168716..0000000000 --- a/src/agent/rustjail/src/configs/validator.rs +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright (c) 2019 Ant Financial -// -// SPDX-License-Identifier: Apache-2.0 -// - -use crate::configs::Config; -use std::io::Result; - -pub trait Validator { - fn validate(&self, config: &Config) -> Result<()> { - Ok(()) - } -} - -pub struct ConfigValidator {} - -impl Validator for ConfigValidator {} - -impl ConfigValidator { - fn new() -> Self { - ConfigValidator {} - } -} From d601ae34465f8685fe38ff57824c8cd4a0bae4c7 Mon Sep 17 00:00:00 2001 From: bin Date: Fri, 30 Apr 2021 19:35:01 +0800 Subject: [PATCH 3/3] agent: delete not used comments Delete comments meanless or make people confusion. Fixes: #1783 Signed-off-by: bin --- src/agent/rustjail/src/container.rs | 2 -- src/agent/rustjail/src/lib.rs | 10 ---------- 2 files changed, 12 deletions(-) diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index f45f108aeb..ff03baecdb 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -607,8 +607,6 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { if init { // notify parent to run poststart hooks - // cfd is closed when return from join_namespaces - // should retunr cfile instead of cfd? write_sync(cwfd, SYNC_SUCCESS, "")?; } diff --git a/src/agent/rustjail/src/lib.rs b/src/agent/rustjail/src/lib.rs index e1559d830f..c0c66cb78f 100644 --- a/src/agent/rustjail/src/lib.rs +++ b/src/agent/rustjail/src/lib.rs @@ -47,16 +47,6 @@ pub mod sync; pub mod sync_with_async; pub mod utils; pub mod validator; -// pub mod factory; -//pub mod configs; -// pub mod devices; -// pub mod init; -// pub mod rootfs; -// pub mod capabilities; -// pub mod console; -// pub mod stats; -// pub mod user; -//pub mod intelrdt; use std::collections::HashMap;