github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-05 11:36:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #795 from c3d/bug/750-warnings

Browse Source 
Remove compilation warnings
This commit is contained in:
Peng Tao 2020-10-09 10:26:08 +08:00 committed by GitHub
commit 367e436ff8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 148 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/logging/src/lib.rs
View File

@ -182,12 +182,6 @@ impl<D> RuntimeLevelFilter<D> {
level: Mutex::new(level),
}
}
fn set_level(&self, level: slog::Level) {
let mut log_level = self.level.lock().unwrap();
*log_level = level;
}
}
impl<D> Drain for RuntimeLevelFilter<D>

4
src/agent/Makefile
View File

@ -106,10 +106,10 @@ default: $(TARGET) show-header
$(TARGET): $(GENERATED_CODE) $(TARGET_PATH)
$(TARGET_PATH): $(SOURCES) | show-summary
@cargo build --target $(TRIPLE) --$(BUILD_TYPE)
@RUSTFLAGS="--deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)
optimize: $(SOURCES) | show-summary show-header
@RUSTFLAGS='-C link-arg=-s' cargo build --target $(TRIPLE) --$(BUILD_TYPE)
@RUSTFLAGS='-C link-arg=-s --deny-warnings' cargo build --target $(TRIPLE) --$(BUILD_TYPE)
show-header:
@printf "%s - version %s (commit %s)\n\n" "$(TARGET)" "$(VERSION)" "$(COMMIT_MSG)"

36
src/agent/rustjail/src/cgroups/fs/mod.rs
View File

@ -3,7 +3,7 @@
// SPDX-License-Identifier: Apache-2.0
//
use cgroups::blkio::{BlkIo, BlkIoController, BlkIoData, IoService};
use cgroups::blkio::{BlkIoController, BlkIoData, IoService};
use cgroups::cpu::CpuController;
use cgroups::cpuacct::CpuAcctController;
use cgroups::cpuset::CpuSetController;
@ -15,18 +15,18 @@ use cgroups::memory::MemController;
use cgroups::pid::PidController;
use cgroups::{
BlkIoDeviceResource, BlkIoDeviceThrottleResource, Cgroup, CgroupPid, Controller,
DeviceResource, DeviceResources, HugePageResource, MaxValue, NetworkPriority,
DeviceResource, HugePageResource, MaxValue, NetworkPriority,
};
use crate::cgroups::Manager as CgroupManager;
use crate::container::DEFAULT_DEVICES;
use anyhow::{anyhow, Context, Error, Result};
use anyhow::{anyhow, Context, Result};
use lazy_static;
use libc::{self, pid_t};
use nix::errno::Errno;
use oci::{
LinuxBlockIO, LinuxCPU, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory,
LinuxNetwork, LinuxPids, LinuxResources, LinuxThrottleDevice, LinuxWeightDevice,
LinuxNetwork, LinuxPids, LinuxResources,
};
use protobuf::{CachedSize, RepeatedField, SingularPtrField, UnknownFields};
@ -34,7 +34,6 @@ use protocols::agent::{
BlkioStats, BlkioStatsEntry, CgroupStats, CpuStats, CpuUsage, HugetlbStats, MemoryData,
MemoryStats, PidsStats, ThrottlingData,
};
use regex::Regex;
use std::collections::HashMap;
use std::fs;
use std::path::Path;
@ -91,7 +90,7 @@ impl CgroupManager for Manager {
let h = cgroups::hierarchies::auto();
let h = Box::new(&*h);
let cg = load_or_create(h, &self.cpath);
cg.add_task(CgroupPid::from(pid as u64));
cg.add_task(CgroupPid::from(pid as u64))?;
Ok(())
}
@ -194,10 +193,10 @@ impl CgroupManager for Manager {
let freezer_controller: &FreezerController = cg.controller_of().unwrap();
match state {
FreezerState::Thawed => {
freezer_controller.thaw();
freezer_controller.thaw()?;
}
FreezerState::Frozen => {
freezer_controller.freeze();
freezer_controller.freeze()?;
}
_ => {
return Err(nix::Error::Sys(Errno::EINVAL).into());
@ -230,7 +229,7 @@ impl CgroupManager for Manager {
}
fn set_network_resources(
cg: &cgroups::Cgroup,
_cg: &cgroups::Cgroup,
network: &LinuxNetwork,
res: &mut cgroups::Resources,
) -> Result<()> {
@ -259,7 +258,7 @@ fn set_network_resources(
}
fn set_devices_resources(
cg: &cgroups::Cgroup,
_cg: &cgroups::Cgroup,
device_resources: &Vec<LinuxDeviceCgroup>,
res: &mut cgroups::Resources,
) -> Result<()> {
@ -288,7 +287,7 @@ fn set_devices_resources(
}
fn set_hugepages_resources(
cg: &cgroups::Cgroup,
_cg: &cgroups::Cgroup,
hugepage_limits: &Vec<LinuxHugepageLimit>,
res: &mut cgroups::Resources,
) -> Result<()> {
@ -363,11 +362,11 @@ fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> {
let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
if !cpu.cpus.is_empty() {
cpuset_controller.set_cpus(&cpu.cpus);
cpuset_controller.set_cpus(&cpu.cpus)?;
}
if !cpu.mems.is_empty() {
cpuset_controller.set_mems(&cpu.mems);
cpuset_controller.set_mems(&cpu.mems)?;
}
let cpu_controller: &CpuController = cg.controller_of().unwrap();
@ -379,11 +378,12 @@ fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> {
shares
};
if shares != 0 {
cpu_controller.set_shares(shares);
cpu_controller.set_shares(shares)?;
}
}
cpu_controller.set_cfs_quota_and_period(cpu.quota, cpu.period);
set_resource!(cpu_controller, set_cfs_quota, cpu, quota);
set_resource!(cpu_controller, set_cfs_period, cpu, period);
set_resource!(cpu_controller, set_rt_runtime, cpu, realtime_runtime);
set_resource!(cpu_controller, set_rt_period_us, cpu, realtime_period);
@ -468,7 +468,7 @@ fn build_blk_io_device_throttle_resource(
fn linux_device_to_cgroup_device(d: &LinuxDevice) -> DeviceResource {
let dev_type = DeviceType::from_char(d.r#type.chars().next()).unwrap();
let mut permissions = vec![
let permissions = vec![
DevicePermissions::Read,
DevicePermissions::Write,
DevicePermissions::MkNod,
@ -518,7 +518,7 @@ fn lines_to_map(content: &str) -> HashMap<String, u64> {
.lines()
.map(|x| x.split_whitespace().collect::<Vec<&str>>())
.filter(|x| x.len() == 2 && x[1].parse::<u64>().is_ok())
.fold(HashMap::new(), |mut hm, mut x| {
.fold(HashMap::new(), |mut hm, x| {
hm.insert(x[0].to_string(), x[1].parse::<u64>().unwrap());
hm
})
@ -1059,7 +1059,7 @@ impl Manager {
info!(sl!(), "updating cpuset for path {:?}", &r_path);
let cg = load_or_create(h, &r_path);
let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
cpuset_controller.set_cpus(cpuset_cpus);
cpuset_controller.set_cpus(cpuset_cpus)?;
}
Ok(())

1
src/agent/rustjail/src/cgroups/mod.rs
View File

@ -7,7 +7,6 @@
use anyhow::{anyhow, Result};
use oci::LinuxResources;
use protocols::agent::CgroupStats;
use std::collections::HashMap;
use cgroups::freezer::FreezerState;

136
src/agent/rustjail/src/container.rs
View File

@ -19,7 +19,7 @@ use libc::pid_t;
use oci::{LinuxDevice, LinuxIDMapping};
use std::clone::Clone;
use std::fmt::Display;
use std::process::{Child, Command};
use std::process::Command;
use cgroups::freezer::FreezerState;
@ -30,7 +30,7 @@ use crate::specconv::CreateOpts;
use crate::sync::*;
// use crate::stats::Stats;
use crate::capabilities::{self, CAPSMAP};
use crate::cgroups::fs::{self as fscgroup, Manager as FsManager};
use crate::cgroups::fs::Manager as FsManager;
use crate::cgroups::Manager;
use crate::{mount, validator};
@ -55,7 +55,7 @@ use std::io::BufRead;
use std::io::BufReader;
use std::os::unix::io::FromRawFd;
use slog::{debug, info, o, Logger};
use slog::{info, o, Logger};
const STATE_FILENAME: &'static str = "state.json";
const EXEC_FIFO_FILENAME: &'static str = "exec.fifo";
@ -70,6 +70,17 @@ const CLOG_FD: &str = "CLOG_FD";
const FIFO_FD: &str = "FIFO_FD";
const HOME_ENV_KEY: &str = "HOME";
#[macro_export]
macro_rules! check {
($what:expr, $where:expr) => ({
if let Err(e) = $what {
let subsystem = $where;
let logger = slog_scope::logger().new(o!("subsystem" => subsystem));
warn!(logger, "{:?}", e);
}
})
}
#[derive(PartialEq, Clone, Copy)]
pub enum Status {
CREATED,
@ -336,7 +347,10 @@ pub fn init_child() {
Ok(_) => (),
Err(e) => {
log_child!(cfd_log, "child exit: {:?}", e);
write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
check!(
write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()),
"write_sync in init_child()"
);
return;
}
}
@ -364,7 +378,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
let buf = read_sync(crfd)?;
let process_str = std::str::from_utf8(&buf)?;
let mut oci_process: oci::Process = serde_json::from_str(process_str)?;
let oci_process: oci::Process = serde_json::from_str(process_str)?;
log_child!(cfd_log, "notify parent to send cgroup manager");
write_sync(cwfd, SYNC_SUCCESS, "")?;
@ -471,11 +485,17 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
if let Err(e) = sched::setns(fd, s) {
if s == CloneFlags::CLONE_NEWUSER {
if e.as_errno().unwrap() != Errno::EINVAL {
write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
check!(
write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()),
"write_sync for CLONE_NEWUSER"
);
return Err(e.into());
}
} else {
write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
check!(
write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()),
"write_sync for sched::setns"
);
return Err(e.into());
}
}
@ -550,10 +570,13 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
if guser.additional_gids.len() > 0 {
setgroups(guser.additional_gids.as_slice()).map_err(|e| {
write_sync(
cwfd,
SYNC_FAILED,
format!("setgroups failed: {:?}", e).as_str(),
check!(
write_sync(
cwfd,
SYNC_FAILED,
format!("setgroups failed: {:?}", e).as_str()
),
"write_sync for setgroups"
);
e
})?;
@ -622,9 +645,9 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
// notify parent that the child's ready to start
write_sync(cwfd, SYNC_SUCCESS, "")?;
log_child!(cfd_log, "ready to run exec");
unistd::close(cfd_log);
unistd::close(crfd);
unistd::close(cwfd);
check!(unistd::close(cfd_log), "closing cfd log");
check!(unistd::close(crfd), "closing crfd");
check!(unistd::close(cwfd), "closing cwfd");
if oci_process.terminal {
unistd::setsid()?;
@ -762,7 +785,10 @@ impl BaseContainer for LinuxContainer {
let st = self.oci_state()?;
let (pfd_log, cfd_log) = unistd::pipe().context("failed to create pipe")?;
fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
check!(
fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
"fcntl pfd log FD_CLOEXEC"
);
let child_logger = logger.new(o!("action" => "child process log"));
let log_handler = thread::spawn(move || {
@ -791,34 +817,43 @@ impl BaseContainer for LinuxContainer {
info!(logger, "exec fifo opened!");
let (prfd, cwfd) = unistd::pipe().context("failed to create pipe")?;
let (crfd, pwfd) = unistd::pipe().context("failed to create pipe")?;
fcntl::fcntl(prfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
fcntl::fcntl(pwfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
check!(
fcntl::fcntl(prfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
"fcntl prfd FD_CLOEXEC"
);
check!(
fcntl::fcntl(pwfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
"fcntl pwfd FD_COLEXEC"
);
defer!({
unistd::close(prfd);
unistd::close(pwfd);
check!(unistd::close(prfd), "close prfd");
check!(unistd::close(pwfd), "close pwfd");
});
let mut child_stdin = std::process::Stdio::null();
let mut child_stdout = std::process::Stdio::null();
let mut child_stderr = std::process::Stdio::null();
let mut stdin = -1;
let mut stdout = -1;
let mut stderr = -1;
let child_stdin: std::process::Stdio;
let child_stdout: std::process::Stdio;
let child_stderr: std::process::Stdio;
if tty {
let pseduo = pty::openpty(None, None)?;
p.term_master = Some(pseduo.master);
fcntl::fcntl(pseduo.master, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
fcntl::fcntl(pseduo.slave, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
let pseudo = pty::openpty(None, None)?;
p.term_master = Some(pseudo.master);
check!(
fcntl::fcntl(pseudo.master, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
"fnctl pseudo.master"
);
check!(
fcntl::fcntl(pseudo.slave, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
"fcntl pseudo.slave"
);
child_stdin = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) };
child_stdout = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) };
child_stderr = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) };
child_stdin = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) };
child_stdout = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) };
child_stderr = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) };
} else {
stdin = p.stdin.unwrap();
stdout = p.stdout.unwrap();
stderr = p.stderr.unwrap();
let stdin = p.stdin.unwrap();
let stdout = p.stdout.unwrap();
let stderr = p.stderr.unwrap();
child_stdin = unsafe { std::process::Stdio::from_raw_fd(stdin) };
child_stdout = unsafe { std::process::Stdio::from_raw_fd(stdout) };
child_stderr = unsafe { std::process::Stdio::from_raw_fd(stderr) };
@ -837,8 +872,11 @@ impl BaseContainer for LinuxContainer {
//restore the parent's process's pid namespace.
defer!({
sched::setns(old_pid_ns, CloneFlags::CLONE_NEWPID);
unistd::close(old_pid_ns);
check!(
sched::setns(old_pid_ns, CloneFlags::CLONE_NEWPID),
"settns CLONE_NEWPID"
);
check!(unistd::close(old_pid_ns), "close old pid namespace");
});
let pidns = get_pid_namespace(&self.logger, linux)?;
@ -868,7 +906,7 @@ impl BaseContainer for LinuxContainer {
child = child.env(FIFO_FD, format!("{}", fifofd));
}
let mut child = child.spawn()?;
let child = child.spawn()?;
unistd::close(crfd)?;
unistd::close(cwfd)?;
@ -880,7 +918,7 @@ impl BaseContainer for LinuxContainer {
}
if p.init {
unistd::close(fifofd);
check!(unistd::close(fifofd), "close fifofd");
}
info!(logger, "child pid: {}", p.pid);
@ -891,7 +929,6 @@ impl BaseContainer for LinuxContainer {
&p,
self.cgroup_manager.as_ref().unwrap(),
&st,
&mut child,
pwfd,
prfd,
) {
@ -899,7 +936,10 @@ impl BaseContainer for LinuxContainer {
Err(e) => {
error!(logger, "create container process error {:?}", e);
// kill the child process.
signal::kill(Pid::from_raw(p.pid), Some(Signal::SIGKILL));
check!(
signal::kill(Pid::from_raw(p.pid), Some(Signal::SIGKILL)),
"signal::kill joining namespaces"
);
return Err(e);
}
};
@ -912,7 +952,10 @@ impl BaseContainer for LinuxContainer {
let (exit_pipe_r, exit_pipe_w) = unistd::pipe2(OFlag::O_CLOEXEC)
.context("failed to create pipe")
.map_err(|e| {
signal::kill(Pid::from_raw(child.id() as i32), Some(Signal::SIGKILL));
check!(
signal::kill(Pid::from_raw(child.id() as i32), Some(Signal::SIGKILL)),
"signal::kill creating pipe"
);
e
})?;
@ -926,7 +969,7 @@ impl BaseContainer for LinuxContainer {
self.processes.insert(p.pid, p);
info!(logger, "wait on child log handler");
log_handler.join();
check!(log_handler.join(), "joining log handler");
info!(logger, "create process completed");
return Ok(());
}
@ -1042,8 +1085,9 @@ fn do_exec(args: &[String]) -> ! {
}
fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Result<()> {
info!(logger, "updating namespaces");
let linux = match spec.linux.as_mut() {
None => return Err(anyhow!("Spec didn't container linux field")),
None => return Err(anyhow!("Spec didn't contain linux field")),
Some(l) => l,
};
@ -1120,7 +1164,6 @@ fn join_namespaces(
p: &Process,
cm: &FsManager,
st: &OCIState,
_child: &mut Child,
pwfd: RawFd,
prfd: RawFd,
) -> Result<()> {
@ -1428,7 +1471,6 @@ fn set_sysctls(sysctls: &HashMap<String, String>) -> Result<()> {
Ok(())
}
use std::error::Error as StdError;
use std::io::Read;
use std::os::unix::process::ExitStatusExt;
use std::process::Stdio;
@ -1549,7 +1591,7 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
info!(
logger,
"wait child error: {} {}",
e.description(),
e,
e.raw_os_error().unwrap()
);

37
src/agent/rustjail/src/lib.rs
View File

@ -15,7 +15,6 @@
#[macro_use]
#[cfg(test)]
extern crate serial_test;
#[macro_use]
extern crate serde;
extern crate serde_json;
#[macro_use]
@ -37,13 +36,6 @@ extern crate oci;
extern crate path_absolutize;
extern crate regex;
// Convenience macro to obtain the scope logger
macro_rules! sl {
() => {
slog_scope::logger().new(o!("subsystem" => "rustjail"))
};
}
pub mod capabilities;
pub mod cgroups;
pub mod container;
@ -77,7 +69,6 @@ use protocols::oci::{
Root as grpcRoot, Spec as grpcSpec,
};
use std::collections::HashMap;
use std::mem::MaybeUninit;
pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
let console_size = if p.ConsoleSize.is_some() {
@ -99,7 +90,12 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
username: u.Username.clone(),
}
} else {
unsafe { MaybeUninit::zeroed().assume_init() }
ociUser {
uid: 0,
gid: 0,
additional_gids: vec![],
username: String::from(""),
}
};
let capabilities = if p.Capabilities.is_some() {
@ -144,11 +140,6 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
}
}
fn process_oci_to_grpc(_p: ociProcess) -> grpcProcess {
// dont implement it for now
unsafe { MaybeUninit::zeroed().assume_init() }
}
fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot {
ociRoot {
path: root.Path.clone(),
@ -156,10 +147,6 @@ fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot {
}
}
fn root_oci_to_grpc(_root: &ociRoot) -> grpcRoot {
unsafe { MaybeUninit::zeroed().assume_init() }
}
fn mount_grpc_to_oci(m: &grpcMount) -> ociMount {
ociMount {
destination: m.destination.clone(),
@ -169,10 +156,6 @@ fn mount_grpc_to_oci(m: &grpcMount) -> ociMount {
}
}
fn mount_oci_to_grpc(_m: &ociMount) -> grpcMount {
unsafe { MaybeUninit::zeroed().assume_init() }
}
use oci::Hook as ociHook;
use protocols::oci::Hook as grpcHook;
@ -203,10 +186,6 @@ fn hooks_grpc_to_oci(h: &grpcHooks) -> ociHooks {
}
}
fn hooks_oci_to_grpc(_h: &ociHooks) -> grpcHooks {
unsafe { MaybeUninit::zeroed().assume_init() }
}
use oci::{
LinuxDevice as ociLinuxDevice, LinuxIDMapping as ociLinuxIDMapping,
LinuxIntelRdt as ociLinuxIntelRdt, LinuxNamespace as ociLinuxNamespace,
@ -573,10 +552,6 @@ pub fn grpc_to_oci(grpc: &grpcSpec) -> ociSpec {
}
}
pub fn oci_to_grpc(_oci: &ociSpec) -> grpcSpec {
unsafe { MaybeUninit::zeroed().assume_init() }
}
#[cfg(test)]
mod tests {
#[test]

24
src/agent/rustjail/src/mount.rs
View File

@ -7,7 +7,9 @@ use anyhow::{anyhow, bail, Context, Error, Result};
use libc::uid_t;
use nix::errno::Errno;
use nix::fcntl::{self, OFlag};
use nix::mount::{self, MntFlags, MsFlags};
#[cfg(not(test))]
use nix::mount;
use nix::mount::{MntFlags, MsFlags};
use nix::sys::stat::{self, Mode, SFlag};
use nix::unistd::{self, Gid, Uid};
use nix::NixPath;
@ -111,6 +113,7 @@ lazy_static! {
}
#[inline(always)]
#[allow(unused_variables)]
fn mount<P1: ?Sized + NixPath, P2: ?Sized + NixPath, P3: ?Sized + NixPath, P4: ?Sized + NixPath>(
source: Option<&P1>,
target: &P2,
@ -125,6 +128,7 @@ fn mount<P1: ?Sized + NixPath, P2: ?Sized + NixPath, P3: ?Sized + NixPath, P4: ?
}
#[inline(always)]
#[allow(unused_variables)]
fn umount2<P: ?Sized + NixPath>(
target: &P,
flags: MntFlags,
@ -421,6 +425,7 @@ fn mount_cgroups(
Ok(())
}
#[allow(unused_variables)]
fn pivot_root<P1: ?Sized + NixPath, P2: ?Sized + NixPath>(
new_root: &P1,
put_old: &P2,
@ -553,6 +558,7 @@ fn parse_mount_table() -> Result<Vec<Info>> {
}
#[inline(always)]
#[allow(unused_variables)]
fn chroot<P: ?Sized + NixPath>(path: &P) -> Result<(), nix::Error> {
#[cfg(not(test))]
return unistd::chroot(path);
@ -1004,8 +1010,8 @@ mod tests {
// there is no spec.mounts, but should pass
let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true);
assert!(ret.is_ok(), "Should pass. Got: {:?}", ret);
let ret = fs::remove_dir_all(rootfs.path().join("dev"));
let ret = fs::create_dir(rootfs.path().join("dev"));
let _ = fs::remove_dir_all(rootfs.path().join("dev"));
let _ = fs::create_dir(rootfs.path().join("dev"));
// Adding bad mount point to spec.mounts
spec.mounts.push(oci::Mount {
@ -1023,8 +1029,8 @@ mod tests {
ret
);
spec.mounts.pop();
let ret = fs::remove_dir_all(rootfs.path().join("dev"));
let ret = fs::create_dir(rootfs.path().join("dev"));
let _ = fs::remove_dir_all(rootfs.path().join("dev"));
let _ = fs::create_dir(rootfs.path().join("dev"));
// mounting a cgroup
spec.mounts.push(oci::Mount {
@ -1037,8 +1043,8 @@ mod tests {
let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true);
assert!(ret.is_ok(), "Should pass. Got: {:?}", ret);
spec.mounts.pop();
let ret = fs::remove_dir_all(rootfs.path().join("dev"));
let ret = fs::create_dir(rootfs.path().join("dev"));
let _ = fs::remove_dir_all(rootfs.path().join("dev"));
let _ = fs::create_dir(rootfs.path().join("dev"));
// mounting /dev
spec.mounts.push(oci::Mount {
@ -1179,8 +1185,8 @@ mod tests {
let tempdir = tempdir().unwrap();
let olddir = unistd::getcwd().unwrap();
defer!(unistd::chdir(&olddir););
unistd::chdir(tempdir.path());
defer!(let _ = unistd::chdir(&olddir););
let _ = unistd::chdir(tempdir.path());
let dev = oci::LinuxDevice {
path: "/fifo".to_string(),

6
src/agent/rustjail/src/process.rs
View File

@ -15,12 +15,10 @@ use std::sync::mpsc::Sender;
use nix::fcntl::{fcntl, FcntlArg, OFlag};
use nix::sys::signal::{self, Signal};
use nix::sys::socket::{self, AddressFamily, SockFlag, SockType};
use nix::sys::wait::{self, WaitStatus};
use nix::unistd::{self, Pid};
use nix::Result;
use nix::Error;
use oci::Process as OCIProcess;
use slog::Logger;
@ -151,11 +149,11 @@ mod tests {
#[test]
fn test_create_extended_pipe() {
// Test the default
let (r, w) = create_extended_pipe(OFlag::O_CLOEXEC, 0).unwrap();
let (_r, _w) = create_extended_pipe(OFlag::O_CLOEXEC, 0).unwrap();
// Test setting to the max size
let max_size = get_pipe_max_size();
let (r, w) = create_extended_pipe(OFlag::O_CLOEXEC, max_size).unwrap();
let (_, w) = create_extended_pipe(OFlag::O_CLOEXEC, max_size).unwrap();
let actual_size = get_pipe_size(w);
assert_eq!(max_size, actual_size);
}

3
src/agent/rustjail/src/sync.rs
View File

@ -23,7 +23,8 @@ macro_rules! log_child {
let lfd = $fd;
let mut log_str = format_args!($($arg)+).to_string();
log_str.push('\n');
write_count(lfd, log_str.as_bytes(), log_str.len());
// Ignore error writing to the logger, not much we can do
let _ = write_count(lfd, log_str.as_bytes(), log_str.len());
})
}

1
src/agent/rustjail/src/validator.rs
View File

@ -8,7 +8,6 @@ use anyhow::{anyhow, Result};
use lazy_static;
use nix::errno::Errno;
use oci::{LinuxIDMapping, LinuxNamespace, Spec};
use protobuf::RepeatedField;
use std::collections::HashMap;
use std::path::{Component, PathBuf};

4
src/agent/src/main.rs
View File

@ -25,7 +25,6 @@ extern crate scopeguard;
#[macro_use]
extern crate slog;
#[macro_use]
extern crate netlink;
use crate::netlink::{RtnlHandle, NETLINK_ROUTE};
@ -129,7 +128,6 @@ fn main() -> Result<()> {
// support vsock log
let (rfd, wfd) = unistd::pipe2(OFlag::O_CLOEXEC)?;
let writer = unsafe { File::from_raw_fd(wfd) };
let agentConfig = AGENT_CONFIG.clone();
@ -638,8 +636,6 @@ fn run_debug_console_shell(logger: &Logger, shell: &str, socket_fd: RawFd) -> Re
#[cfg(test)]
mod tests {
use super::*;
use std::fs::File;
use std::io::Write;
use tempfile::tempdir;
#[test]

2
src/agent/src/mount.rs
View File

@ -1088,7 +1088,7 @@ mod tests {
#[test]
fn test_get_cgroup_v2_mounts() {
let dir = tempdir().expect("failed to create tmpdir");
let _ = tempdir().expect("failed to create tmpdir");
let drain = slog::Discard;
let logger = slog::Logger::root(drain, o!());
let result = get_cgroup_mounts(&logger, "", true);

6
src/agent/src/network.rs
View File

@ -3,15 +3,13 @@
// SPDX-License-Identifier: Apache-2.0
//
use anyhow::{anyhow, Context, Result};
use nix::mount::{self, MntFlags, MsFlags};
use anyhow::{anyhow, Result};
use nix::mount::{self, MsFlags};
use protocols::types::{Interface, Route};
use slog::Logger;
use std::collections::HashMap;
use std::fs;
use crate::Sandbox;
const KATA_GUEST_SANDBOX_DNS_FILE: &str = "/run/kata-containers/sandbox/resolv.conf";
const GUEST_DNS_FILE: &str = "/etc/resolv.conf";

11
src/agent/src/rpc.rs
View File

@ -4,7 +4,7 @@
//
use std::path::Path;
use std::sync::mpsc::{channel, Sender};
use std::sync::mpsc::channel;
use std::sync::{Arc, Mutex};
use ttrpc;
@ -40,7 +40,6 @@ use crate::metrics::get_metrics;
use crate::mount::{add_storages, remove_mounts, BareMount, STORAGEHANDLERLIST};
use crate::namespace::{NSTYPEIPC, NSTYPEPID, NSTYPEUTS};
use crate::network::setup_guest_dns;
use crate::network::Network;
use crate::random;
use crate::sandbox::Sandbox;
use crate::version::{AGENT_VERSION, API_VERSION};
@ -790,7 +789,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
fn pause_container(
&self,
ctx: &ttrpc::TtrpcContext,
_ctx: &ttrpc::TtrpcContext,
req: protocols::agent::PauseContainerRequest,
) -> ttrpc::Result<protocols::empty::Empty> {
let cid = req.get_container_id();
@ -816,7 +815,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
fn resume_container(
&self,
ctx: &ttrpc::TtrpcContext,
_ctx: &ttrpc::TtrpcContext,
req: protocols::agent::ResumeContainerRequest,
) -> ttrpc::Result<protocols::empty::Empty> {
let cid = req.get_container_id();
@ -1160,7 +1159,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
};
match setup_guest_dns(sl!(), req.dns.to_vec()) {
Ok(dns_list) => {
Ok(_) => {
let sandbox = self.sandbox.clone();
let mut s = sandbox.lock().unwrap();
let _ = req
@ -1447,7 +1446,7 @@ fn get_agent_details() -> AgentDetails {
detail.set_version(AGENT_VERSION.to_string());
detail.set_supports_seccomp(false);
detail.init_daemon = { unistd::getpid() == Pid::from_raw(1) };
detail.init_daemon = unistd::getpid() == Pid::from_raw(1);
detail.device_handlers = RepeatedField::new();
detail.storage_handlers = RepeatedField::from_vec(

2
src/agent/src/sandbox.rs
View File

@ -7,10 +7,8 @@
use crate::linux_abi::*;
use crate::mount::{get_mount_fs_type, remove_mounts, TYPEROOTFS};
use crate::namespace::Namespace;
use crate::namespace::NSTYPEPID;
use crate::network::Network;
use anyhow::{anyhow, Context, Result};
use cgroups;
use libc::pid_t;
use netlink::{RtnlHandle, NETLINK_ROUTE};
use oci::{Hook, Hooks};

2
src/trace-forwarder/Makefile
View File

@ -6,7 +6,7 @@
default: build
build:
cargo build -v
RUSTFLAGS="--deny warnings" cargo build -v
clean:
cargo clean

63
tools/agent-ctl/Cargo.lock generated
View File

@ -1,20 +1,5 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
[[package]]
name = "addr2line"
version = "0.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "602d785912f476e480434627e8732e6766b760c045bbf897d9dfaa9f4fbd399c"
dependencies = [
"gimli",
]
[[package]]
name = "adler32"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "567b077b825e468cc974f0020d4082ee6e03132512f207ef1a02fd5d00d1f32d"
[[package]]
name = "aho-corasick"
version = "0.7.13"
@ -35,9 +20,9 @@ dependencies = [
[[package]]
name = "anyhow"
version = "1.0.31"
version = "1.0.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85bb70cc08ec97ca5450e6eba421deeea5f172c0fc61f78b5357b2a8e8be195f"
checksum = "6b602bfe940d21c130f3895acd65221e8a61270debe89d628b9cb4e3ccb8569b"
[[package]]
name = "arc-swap"
@ -74,20 +59,6 @@ version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d"
[[package]]
name = "backtrace"
version = "0.3.49"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "05100821de9e028f12ae3d189176b41ee198341eb8f369956407fea2f5cc666c"
dependencies = [
"addr2line",
"cfg-if",
"libc",
"miniz_oxide",
"object",
"rustc-demangle",
]
[[package]]
name = "base64"
version = "0.11.0"
@ -240,7 +211,6 @@ version = "0.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d371106cc88ffdfb1eabd7111e432da544f16f3e2d7bf1dfe8bf575f1df045cd"
dependencies = [
"backtrace",
"version_check",
]
@ -267,12 +237,6 @@ dependencies = [
"wasi",
]
[[package]]
name = "gimli"
version = "0.21.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcc8e0c9bce37868955864dbecd2b1ab2bdf967e6f28066d65aaac620444b65c"
[[package]]
name = "hermit-abi"
version = "0.1.14"
@ -361,15 +325,6 @@ version = "2.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"
[[package]]
name = "miniz_oxide"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "791daaae1ed6889560f8c4359194f56648355540573244a5448a83ba1ecc7435"
dependencies = [
"adler32",
]
[[package]]
name = "nix"
version = "0.16.1"
@ -415,12 +370,6 @@ dependencies = [
"autocfg",
]
[[package]]
name = "object"
version = "0.20.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1ab52be62400ca80aa00285d25253d7f7c437b7375c4de678f5405d3afe82ca5"
[[package]]
name = "oci"
version = "0.1.0"
@ -606,19 +555,13 @@ dependencies = [
"crossbeam-utils",
]
[[package]]
name = "rustc-demangle"
version = "0.1.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783"
[[package]]
name = "rustjail"
version = "0.1.0"
dependencies = [
"anyhow",
"caps",
"dirs",
"error-chain",
"lazy_static",
"libc",
"nix 0.17.0",

2
tools/agent-ctl/Makefile
View File

@ -6,7 +6,7 @@
default: build
build:
cargo build -v
RUSTFLAGS="--deny warnings" cargo build -v
clean:
cargo clean

3
tools/agent-ctl/src/utils.rs
View File

@ -8,8 +8,7 @@ use anyhow::{anyhow, Result};
use oci::{Process as ociProcess, Root as ociRoot, Spec as ociSpec};
use protocols::oci::{
Box as grpcBox, Linux as grpcLinux, LinuxCapabilities as grpcLinuxCapabilities,
POSIXRlimit as grpcPOSIXRlimit, Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec,
User as grpcUser,
Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec, User as grpcUser,
};
use rand::Rng;
use slog::{debug, warn};