diff --git a/pkg/logging/src/lib.rs b/pkg/logging/src/lib.rs index d22fd59e0..670852964 100644 --- a/pkg/logging/src/lib.rs +++ b/pkg/logging/src/lib.rs @@ -182,12 +182,6 @@ impl RuntimeLevelFilter { level: Mutex::new(level), } } - - fn set_level(&self, level: slog::Level) { - let mut log_level = self.level.lock().unwrap(); - - *log_level = level; - } } impl Drain for RuntimeLevelFilter diff --git a/src/agent/Makefile b/src/agent/Makefile index b98b9510e..8b97439e8 100644 --- a/src/agent/Makefile +++ b/src/agent/Makefile @@ -106,10 +106,10 @@ default: $(TARGET) show-header $(TARGET): $(GENERATED_CODE) $(TARGET_PATH) $(TARGET_PATH): $(SOURCES) | show-summary - @cargo build --target $(TRIPLE) --$(BUILD_TYPE) + @RUSTFLAGS="--deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE) optimize: $(SOURCES) | show-summary show-header - @RUSTFLAGS='-C link-arg=-s' cargo build --target $(TRIPLE) --$(BUILD_TYPE) + @RUSTFLAGS='-C link-arg=-s --deny-warnings' cargo build --target $(TRIPLE) --$(BUILD_TYPE) show-header: @printf "%s - version %s (commit %s)\n\n" "$(TARGET)" "$(VERSION)" "$(COMMIT_MSG)" diff --git a/src/agent/rustjail/src/cgroups/fs/mod.rs b/src/agent/rustjail/src/cgroups/fs/mod.rs index 1685ac4a3..1b70a28ed 100644 --- a/src/agent/rustjail/src/cgroups/fs/mod.rs +++ b/src/agent/rustjail/src/cgroups/fs/mod.rs @@ -3,7 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 // -use cgroups::blkio::{BlkIo, BlkIoController, BlkIoData, IoService}; +use cgroups::blkio::{BlkIoController, BlkIoData, IoService}; use cgroups::cpu::CpuController; use cgroups::cpuacct::CpuAcctController; use cgroups::cpuset::CpuSetController; @@ -15,18 +15,18 @@ use cgroups::memory::MemController; use cgroups::pid::PidController; use cgroups::{ BlkIoDeviceResource, BlkIoDeviceThrottleResource, Cgroup, CgroupPid, Controller, - DeviceResource, DeviceResources, HugePageResource, MaxValue, NetworkPriority, + DeviceResource, HugePageResource, MaxValue, NetworkPriority, }; use crate::cgroups::Manager as CgroupManager; use crate::container::DEFAULT_DEVICES; -use anyhow::{anyhow, Context, Error, Result}; +use anyhow::{anyhow, Context, Result}; use lazy_static; use libc::{self, pid_t}; use nix::errno::Errno; use oci::{ LinuxBlockIO, LinuxCPU, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory, - LinuxNetwork, LinuxPids, LinuxResources, LinuxThrottleDevice, LinuxWeightDevice, + LinuxNetwork, LinuxPids, LinuxResources, }; use protobuf::{CachedSize, RepeatedField, SingularPtrField, UnknownFields}; @@ -34,7 +34,6 @@ use protocols::agent::{ BlkioStats, BlkioStatsEntry, CgroupStats, CpuStats, CpuUsage, HugetlbStats, MemoryData, MemoryStats, PidsStats, ThrottlingData, }; -use regex::Regex; use std::collections::HashMap; use std::fs; use std::path::Path; @@ -91,7 +90,7 @@ impl CgroupManager for Manager { let h = cgroups::hierarchies::auto(); let h = Box::new(&*h); let cg = load_or_create(h, &self.cpath); - cg.add_task(CgroupPid::from(pid as u64)); + cg.add_task(CgroupPid::from(pid as u64))?; Ok(()) } @@ -194,10 +193,10 @@ impl CgroupManager for Manager { let freezer_controller: &FreezerController = cg.controller_of().unwrap(); match state { FreezerState::Thawed => { - freezer_controller.thaw(); + freezer_controller.thaw()?; } FreezerState::Frozen => { - freezer_controller.freeze(); + freezer_controller.freeze()?; } _ => { return Err(nix::Error::Sys(Errno::EINVAL).into()); @@ -230,7 +229,7 @@ impl CgroupManager for Manager { } fn set_network_resources( - cg: &cgroups::Cgroup, + _cg: &cgroups::Cgroup, network: &LinuxNetwork, res: &mut cgroups::Resources, ) -> Result<()> { @@ -259,7 +258,7 @@ fn set_network_resources( } fn set_devices_resources( - cg: &cgroups::Cgroup, + _cg: &cgroups::Cgroup, device_resources: &Vec, res: &mut cgroups::Resources, ) -> Result<()> { @@ -288,7 +287,7 @@ fn set_devices_resources( } fn set_hugepages_resources( - cg: &cgroups::Cgroup, + _cg: &cgroups::Cgroup, hugepage_limits: &Vec, res: &mut cgroups::Resources, ) -> Result<()> { @@ -363,11 +362,11 @@ fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> { let cpuset_controller: &CpuSetController = cg.controller_of().unwrap(); if !cpu.cpus.is_empty() { - cpuset_controller.set_cpus(&cpu.cpus); + cpuset_controller.set_cpus(&cpu.cpus)?; } if !cpu.mems.is_empty() { - cpuset_controller.set_mems(&cpu.mems); + cpuset_controller.set_mems(&cpu.mems)?; } let cpu_controller: &CpuController = cg.controller_of().unwrap(); @@ -379,11 +378,12 @@ fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> { shares }; if shares != 0 { - cpu_controller.set_shares(shares); + cpu_controller.set_shares(shares)?; } } - cpu_controller.set_cfs_quota_and_period(cpu.quota, cpu.period); + set_resource!(cpu_controller, set_cfs_quota, cpu, quota); + set_resource!(cpu_controller, set_cfs_period, cpu, period); set_resource!(cpu_controller, set_rt_runtime, cpu, realtime_runtime); set_resource!(cpu_controller, set_rt_period_us, cpu, realtime_period); @@ -468,7 +468,7 @@ fn build_blk_io_device_throttle_resource( fn linux_device_to_cgroup_device(d: &LinuxDevice) -> DeviceResource { let dev_type = DeviceType::from_char(d.r#type.chars().next()).unwrap(); - let mut permissions = vec![ + let permissions = vec![ DevicePermissions::Read, DevicePermissions::Write, DevicePermissions::MkNod, @@ -518,7 +518,7 @@ fn lines_to_map(content: &str) -> HashMap { .lines() .map(|x| x.split_whitespace().collect::>()) .filter(|x| x.len() == 2 && x[1].parse::().is_ok()) - .fold(HashMap::new(), |mut hm, mut x| { + .fold(HashMap::new(), |mut hm, x| { hm.insert(x[0].to_string(), x[1].parse::().unwrap()); hm }) @@ -1059,7 +1059,7 @@ impl Manager { info!(sl!(), "updating cpuset for path {:?}", &r_path); let cg = load_or_create(h, &r_path); let cpuset_controller: &CpuSetController = cg.controller_of().unwrap(); - cpuset_controller.set_cpus(cpuset_cpus); + cpuset_controller.set_cpus(cpuset_cpus)?; } Ok(()) diff --git a/src/agent/rustjail/src/cgroups/mod.rs b/src/agent/rustjail/src/cgroups/mod.rs index 0e6052542..c99ef469a 100644 --- a/src/agent/rustjail/src/cgroups/mod.rs +++ b/src/agent/rustjail/src/cgroups/mod.rs @@ -7,7 +7,6 @@ use anyhow::{anyhow, Result}; use oci::LinuxResources; use protocols::agent::CgroupStats; -use std::collections::HashMap; use cgroups::freezer::FreezerState; diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index 35ddb71e3..e30f4d420 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -19,7 +19,7 @@ use libc::pid_t; use oci::{LinuxDevice, LinuxIDMapping}; use std::clone::Clone; use std::fmt::Display; -use std::process::{Child, Command}; +use std::process::Command; use cgroups::freezer::FreezerState; @@ -30,7 +30,7 @@ use crate::specconv::CreateOpts; use crate::sync::*; // use crate::stats::Stats; use crate::capabilities::{self, CAPSMAP}; -use crate::cgroups::fs::{self as fscgroup, Manager as FsManager}; +use crate::cgroups::fs::Manager as FsManager; use crate::cgroups::Manager; use crate::{mount, validator}; @@ -55,7 +55,7 @@ use std::io::BufRead; use std::io::BufReader; use std::os::unix::io::FromRawFd; -use slog::{debug, info, o, Logger}; +use slog::{info, o, Logger}; const STATE_FILENAME: &'static str = "state.json"; const EXEC_FIFO_FILENAME: &'static str = "exec.fifo"; @@ -70,6 +70,17 @@ const CLOG_FD: &str = "CLOG_FD"; const FIFO_FD: &str = "FIFO_FD"; const HOME_ENV_KEY: &str = "HOME"; +#[macro_export] +macro_rules! check { + ($what:expr, $where:expr) => ({ + if let Err(e) = $what { + let subsystem = $where; + let logger = slog_scope::logger().new(o!("subsystem" => subsystem)); + warn!(logger, "{:?}", e); + } + }) +} + #[derive(PartialEq, Clone, Copy)] pub enum Status { CREATED, @@ -336,7 +347,10 @@ pub fn init_child() { Ok(_) => (), Err(e) => { log_child!(cfd_log, "child exit: {:?}", e); - write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()); + check!( + write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()), + "write_sync in init_child()" + ); return; } } @@ -364,7 +378,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { let buf = read_sync(crfd)?; let process_str = std::str::from_utf8(&buf)?; - let mut oci_process: oci::Process = serde_json::from_str(process_str)?; + let oci_process: oci::Process = serde_json::from_str(process_str)?; log_child!(cfd_log, "notify parent to send cgroup manager"); write_sync(cwfd, SYNC_SUCCESS, "")?; @@ -471,11 +485,17 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { if let Err(e) = sched::setns(fd, s) { if s == CloneFlags::CLONE_NEWUSER { if e.as_errno().unwrap() != Errno::EINVAL { - write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()); + check!( + write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()), + "write_sync for CLONE_NEWUSER" + ); return Err(e.into()); } } else { - write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()); + check!( + write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()), + "write_sync for sched::setns" + ); return Err(e.into()); } } @@ -550,10 +570,13 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { if guser.additional_gids.len() > 0 { setgroups(guser.additional_gids.as_slice()).map_err(|e| { - write_sync( - cwfd, - SYNC_FAILED, - format!("setgroups failed: {:?}", e).as_str(), + check!( + write_sync( + cwfd, + SYNC_FAILED, + format!("setgroups failed: {:?}", e).as_str() + ), + "write_sync for setgroups" ); e })?; @@ -622,9 +645,9 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { // notify parent that the child's ready to start write_sync(cwfd, SYNC_SUCCESS, "")?; log_child!(cfd_log, "ready to run exec"); - unistd::close(cfd_log); - unistd::close(crfd); - unistd::close(cwfd); + check!(unistd::close(cfd_log), "closing cfd log"); + check!(unistd::close(crfd), "closing crfd"); + check!(unistd::close(cwfd), "closing cwfd"); if oci_process.terminal { unistd::setsid()?; @@ -762,7 +785,10 @@ impl BaseContainer for LinuxContainer { let st = self.oci_state()?; let (pfd_log, cfd_log) = unistd::pipe().context("failed to create pipe")?; - fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)); + check!( + fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)), + "fcntl pfd log FD_CLOEXEC" + ); let child_logger = logger.new(o!("action" => "child process log")); let log_handler = thread::spawn(move || { @@ -791,34 +817,43 @@ impl BaseContainer for LinuxContainer { info!(logger, "exec fifo opened!"); let (prfd, cwfd) = unistd::pipe().context("failed to create pipe")?; let (crfd, pwfd) = unistd::pipe().context("failed to create pipe")?; - fcntl::fcntl(prfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)); - fcntl::fcntl(pwfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)); + check!( + fcntl::fcntl(prfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)), + "fcntl prfd FD_CLOEXEC" + ); + check!( + fcntl::fcntl(pwfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)), + "fcntl pwfd FD_COLEXEC" + ); defer!({ - unistd::close(prfd); - unistd::close(pwfd); + check!(unistd::close(prfd), "close prfd"); + check!(unistd::close(pwfd), "close pwfd"); }); - let mut child_stdin = std::process::Stdio::null(); - let mut child_stdout = std::process::Stdio::null(); - let mut child_stderr = std::process::Stdio::null(); - let mut stdin = -1; - let mut stdout = -1; - let mut stderr = -1; + let child_stdin: std::process::Stdio; + let child_stdout: std::process::Stdio; + let child_stderr: std::process::Stdio; if tty { - let pseduo = pty::openpty(None, None)?; - p.term_master = Some(pseduo.master); - fcntl::fcntl(pseduo.master, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)); - fcntl::fcntl(pseduo.slave, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)); + let pseudo = pty::openpty(None, None)?; + p.term_master = Some(pseudo.master); + check!( + fcntl::fcntl(pseudo.master, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)), + "fnctl pseudo.master" + ); + check!( + fcntl::fcntl(pseudo.slave, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)), + "fcntl pseudo.slave" + ); - child_stdin = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) }; - child_stdout = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) }; - child_stderr = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) }; + child_stdin = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) }; + child_stdout = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) }; + child_stderr = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) }; } else { - stdin = p.stdin.unwrap(); - stdout = p.stdout.unwrap(); - stderr = p.stderr.unwrap(); + let stdin = p.stdin.unwrap(); + let stdout = p.stdout.unwrap(); + let stderr = p.stderr.unwrap(); child_stdin = unsafe { std::process::Stdio::from_raw_fd(stdin) }; child_stdout = unsafe { std::process::Stdio::from_raw_fd(stdout) }; child_stderr = unsafe { std::process::Stdio::from_raw_fd(stderr) }; @@ -837,8 +872,11 @@ impl BaseContainer for LinuxContainer { //restore the parent's process's pid namespace. defer!({ - sched::setns(old_pid_ns, CloneFlags::CLONE_NEWPID); - unistd::close(old_pid_ns); + check!( + sched::setns(old_pid_ns, CloneFlags::CLONE_NEWPID), + "settns CLONE_NEWPID" + ); + check!(unistd::close(old_pid_ns), "close old pid namespace"); }); let pidns = get_pid_namespace(&self.logger, linux)?; @@ -868,7 +906,7 @@ impl BaseContainer for LinuxContainer { child = child.env(FIFO_FD, format!("{}", fifofd)); } - let mut child = child.spawn()?; + let child = child.spawn()?; unistd::close(crfd)?; unistd::close(cwfd)?; @@ -880,7 +918,7 @@ impl BaseContainer for LinuxContainer { } if p.init { - unistd::close(fifofd); + check!(unistd::close(fifofd), "close fifofd"); } info!(logger, "child pid: {}", p.pid); @@ -891,7 +929,6 @@ impl BaseContainer for LinuxContainer { &p, self.cgroup_manager.as_ref().unwrap(), &st, - &mut child, pwfd, prfd, ) { @@ -899,7 +936,10 @@ impl BaseContainer for LinuxContainer { Err(e) => { error!(logger, "create container process error {:?}", e); // kill the child process. - signal::kill(Pid::from_raw(p.pid), Some(Signal::SIGKILL)); + check!( + signal::kill(Pid::from_raw(p.pid), Some(Signal::SIGKILL)), + "signal::kill joining namespaces" + ); return Err(e); } }; @@ -912,7 +952,10 @@ impl BaseContainer for LinuxContainer { let (exit_pipe_r, exit_pipe_w) = unistd::pipe2(OFlag::O_CLOEXEC) .context("failed to create pipe") .map_err(|e| { - signal::kill(Pid::from_raw(child.id() as i32), Some(Signal::SIGKILL)); + check!( + signal::kill(Pid::from_raw(child.id() as i32), Some(Signal::SIGKILL)), + "signal::kill creating pipe" + ); e })?; @@ -926,7 +969,7 @@ impl BaseContainer for LinuxContainer { self.processes.insert(p.pid, p); info!(logger, "wait on child log handler"); - log_handler.join(); + check!(log_handler.join(), "joining log handler"); info!(logger, "create process completed"); return Ok(()); } @@ -1042,8 +1085,9 @@ fn do_exec(args: &[String]) -> ! { } fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Result<()> { + info!(logger, "updating namespaces"); let linux = match spec.linux.as_mut() { - None => return Err(anyhow!("Spec didn't container linux field")), + None => return Err(anyhow!("Spec didn't contain linux field")), Some(l) => l, }; @@ -1120,7 +1164,6 @@ fn join_namespaces( p: &Process, cm: &FsManager, st: &OCIState, - _child: &mut Child, pwfd: RawFd, prfd: RawFd, ) -> Result<()> { @@ -1428,7 +1471,6 @@ fn set_sysctls(sysctls: &HashMap) -> Result<()> { Ok(()) } -use std::error::Error as StdError; use std::io::Read; use std::os::unix::process::ExitStatusExt; use std::process::Stdio; @@ -1549,7 +1591,7 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> { info!( logger, "wait child error: {} {}", - e.description(), + e, e.raw_os_error().unwrap() ); diff --git a/src/agent/rustjail/src/lib.rs b/src/agent/rustjail/src/lib.rs index e71b7c643..d04440847 100644 --- a/src/agent/rustjail/src/lib.rs +++ b/src/agent/rustjail/src/lib.rs @@ -15,7 +15,6 @@ #[macro_use] #[cfg(test)] extern crate serial_test; -#[macro_use] extern crate serde; extern crate serde_json; #[macro_use] @@ -37,13 +36,6 @@ extern crate oci; extern crate path_absolutize; extern crate regex; -// Convenience macro to obtain the scope logger -macro_rules! sl { - () => { - slog_scope::logger().new(o!("subsystem" => "rustjail")) - }; -} - pub mod capabilities; pub mod cgroups; pub mod container; @@ -77,7 +69,6 @@ use protocols::oci::{ Root as grpcRoot, Spec as grpcSpec, }; use std::collections::HashMap; -use std::mem::MaybeUninit; pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess { let console_size = if p.ConsoleSize.is_some() { @@ -99,7 +90,12 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess { username: u.Username.clone(), } } else { - unsafe { MaybeUninit::zeroed().assume_init() } + ociUser { + uid: 0, + gid: 0, + additional_gids: vec![], + username: String::from(""), + } }; let capabilities = if p.Capabilities.is_some() { @@ -144,11 +140,6 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess { } } -fn process_oci_to_grpc(_p: ociProcess) -> grpcProcess { - // dont implement it for now - unsafe { MaybeUninit::zeroed().assume_init() } -} - fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot { ociRoot { path: root.Path.clone(), @@ -156,10 +147,6 @@ fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot { } } -fn root_oci_to_grpc(_root: &ociRoot) -> grpcRoot { - unsafe { MaybeUninit::zeroed().assume_init() } -} - fn mount_grpc_to_oci(m: &grpcMount) -> ociMount { ociMount { destination: m.destination.clone(), @@ -169,10 +156,6 @@ fn mount_grpc_to_oci(m: &grpcMount) -> ociMount { } } -fn mount_oci_to_grpc(_m: &ociMount) -> grpcMount { - unsafe { MaybeUninit::zeroed().assume_init() } -} - use oci::Hook as ociHook; use protocols::oci::Hook as grpcHook; @@ -203,10 +186,6 @@ fn hooks_grpc_to_oci(h: &grpcHooks) -> ociHooks { } } -fn hooks_oci_to_grpc(_h: &ociHooks) -> grpcHooks { - unsafe { MaybeUninit::zeroed().assume_init() } -} - use oci::{ LinuxDevice as ociLinuxDevice, LinuxIDMapping as ociLinuxIDMapping, LinuxIntelRdt as ociLinuxIntelRdt, LinuxNamespace as ociLinuxNamespace, @@ -573,10 +552,6 @@ pub fn grpc_to_oci(grpc: &grpcSpec) -> ociSpec { } } -pub fn oci_to_grpc(_oci: &ociSpec) -> grpcSpec { - unsafe { MaybeUninit::zeroed().assume_init() } -} - #[cfg(test)] mod tests { #[test] diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs index 34d4ae188..4256a9832 100644 --- a/src/agent/rustjail/src/mount.rs +++ b/src/agent/rustjail/src/mount.rs @@ -7,7 +7,9 @@ use anyhow::{anyhow, bail, Context, Error, Result}; use libc::uid_t; use nix::errno::Errno; use nix::fcntl::{self, OFlag}; -use nix::mount::{self, MntFlags, MsFlags}; +#[cfg(not(test))] +use nix::mount; +use nix::mount::{MntFlags, MsFlags}; use nix::sys::stat::{self, Mode, SFlag}; use nix::unistd::{self, Gid, Uid}; use nix::NixPath; @@ -111,6 +113,7 @@ lazy_static! { } #[inline(always)] +#[allow(unused_variables)] fn mount( source: Option<&P1>, target: &P2, @@ -125,6 +128,7 @@ fn mount( target: &P, flags: MntFlags, @@ -421,6 +425,7 @@ fn mount_cgroups( Ok(()) } +#[allow(unused_variables)] fn pivot_root( new_root: &P1, put_old: &P2, @@ -553,6 +558,7 @@ fn parse_mount_table() -> Result> { } #[inline(always)] +#[allow(unused_variables)] fn chroot(path: &P) -> Result<(), nix::Error> { #[cfg(not(test))] return unistd::chroot(path); @@ -1004,8 +1010,8 @@ mod tests { // there is no spec.mounts, but should pass let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true); assert!(ret.is_ok(), "Should pass. Got: {:?}", ret); - let ret = fs::remove_dir_all(rootfs.path().join("dev")); - let ret = fs::create_dir(rootfs.path().join("dev")); + let _ = fs::remove_dir_all(rootfs.path().join("dev")); + let _ = fs::create_dir(rootfs.path().join("dev")); // Adding bad mount point to spec.mounts spec.mounts.push(oci::Mount { @@ -1023,8 +1029,8 @@ mod tests { ret ); spec.mounts.pop(); - let ret = fs::remove_dir_all(rootfs.path().join("dev")); - let ret = fs::create_dir(rootfs.path().join("dev")); + let _ = fs::remove_dir_all(rootfs.path().join("dev")); + let _ = fs::create_dir(rootfs.path().join("dev")); // mounting a cgroup spec.mounts.push(oci::Mount { @@ -1037,8 +1043,8 @@ mod tests { let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true); assert!(ret.is_ok(), "Should pass. Got: {:?}", ret); spec.mounts.pop(); - let ret = fs::remove_dir_all(rootfs.path().join("dev")); - let ret = fs::create_dir(rootfs.path().join("dev")); + let _ = fs::remove_dir_all(rootfs.path().join("dev")); + let _ = fs::create_dir(rootfs.path().join("dev")); // mounting /dev spec.mounts.push(oci::Mount { @@ -1179,8 +1185,8 @@ mod tests { let tempdir = tempdir().unwrap(); let olddir = unistd::getcwd().unwrap(); - defer!(unistd::chdir(&olddir);); - unistd::chdir(tempdir.path()); + defer!(let _ = unistd::chdir(&olddir);); + let _ = unistd::chdir(tempdir.path()); let dev = oci::LinuxDevice { path: "/fifo".to_string(), diff --git a/src/agent/rustjail/src/process.rs b/src/agent/rustjail/src/process.rs index 665bd8d07..f27c4cda0 100644 --- a/src/agent/rustjail/src/process.rs +++ b/src/agent/rustjail/src/process.rs @@ -15,12 +15,10 @@ use std::sync::mpsc::Sender; use nix::fcntl::{fcntl, FcntlArg, OFlag}; use nix::sys::signal::{self, Signal}; -use nix::sys::socket::{self, AddressFamily, SockFlag, SockType}; use nix::sys::wait::{self, WaitStatus}; use nix::unistd::{self, Pid}; use nix::Result; -use nix::Error; use oci::Process as OCIProcess; use slog::Logger; @@ -151,11 +149,11 @@ mod tests { #[test] fn test_create_extended_pipe() { // Test the default - let (r, w) = create_extended_pipe(OFlag::O_CLOEXEC, 0).unwrap(); + let (_r, _w) = create_extended_pipe(OFlag::O_CLOEXEC, 0).unwrap(); // Test setting to the max size let max_size = get_pipe_max_size(); - let (r, w) = create_extended_pipe(OFlag::O_CLOEXEC, max_size).unwrap(); + let (_, w) = create_extended_pipe(OFlag::O_CLOEXEC, max_size).unwrap(); let actual_size = get_pipe_size(w); assert_eq!(max_size, actual_size); } diff --git a/src/agent/rustjail/src/sync.rs b/src/agent/rustjail/src/sync.rs index 20bf7b470..8ce43b270 100644 --- a/src/agent/rustjail/src/sync.rs +++ b/src/agent/rustjail/src/sync.rs @@ -23,7 +23,8 @@ macro_rules! log_child { let lfd = $fd; let mut log_str = format_args!($($arg)+).to_string(); log_str.push('\n'); - write_count(lfd, log_str.as_bytes(), log_str.len()); + // Ignore error writing to the logger, not much we can do + let _ = write_count(lfd, log_str.as_bytes(), log_str.len()); }) } diff --git a/src/agent/rustjail/src/validator.rs b/src/agent/rustjail/src/validator.rs index 14ffef1bd..deaf7c14a 100644 --- a/src/agent/rustjail/src/validator.rs +++ b/src/agent/rustjail/src/validator.rs @@ -8,7 +8,6 @@ use anyhow::{anyhow, Result}; use lazy_static; use nix::errno::Errno; use oci::{LinuxIDMapping, LinuxNamespace, Spec}; -use protobuf::RepeatedField; use std::collections::HashMap; use std::path::{Component, PathBuf}; diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs index 946adefaa..0dc8667f8 100644 --- a/src/agent/src/main.rs +++ b/src/agent/src/main.rs @@ -25,7 +25,6 @@ extern crate scopeguard; #[macro_use] extern crate slog; -#[macro_use] extern crate netlink; use crate::netlink::{RtnlHandle, NETLINK_ROUTE}; @@ -129,7 +128,6 @@ fn main() -> Result<()> { // support vsock log let (rfd, wfd) = unistd::pipe2(OFlag::O_CLOEXEC)?; - let writer = unsafe { File::from_raw_fd(wfd) }; let agentConfig = AGENT_CONFIG.clone(); @@ -638,8 +636,6 @@ fn run_debug_console_shell(logger: &Logger, shell: &str, socket_fd: RawFd) -> Re #[cfg(test)] mod tests { use super::*; - use std::fs::File; - use std::io::Write; use tempfile::tempdir; #[test] diff --git a/src/agent/src/mount.rs b/src/agent/src/mount.rs index 2d8ade82b..a85d5c3a5 100644 --- a/src/agent/src/mount.rs +++ b/src/agent/src/mount.rs @@ -1088,7 +1088,7 @@ mod tests { #[test] fn test_get_cgroup_v2_mounts() { - let dir = tempdir().expect("failed to create tmpdir"); + let _ = tempdir().expect("failed to create tmpdir"); let drain = slog::Discard; let logger = slog::Logger::root(drain, o!()); let result = get_cgroup_mounts(&logger, "", true); diff --git a/src/agent/src/network.rs b/src/agent/src/network.rs index 01a088dac..1fccf5eee 100644 --- a/src/agent/src/network.rs +++ b/src/agent/src/network.rs @@ -3,15 +3,13 @@ // SPDX-License-Identifier: Apache-2.0 // -use anyhow::{anyhow, Context, Result}; -use nix::mount::{self, MntFlags, MsFlags}; +use anyhow::{anyhow, Result}; +use nix::mount::{self, MsFlags}; use protocols::types::{Interface, Route}; use slog::Logger; use std::collections::HashMap; use std::fs; -use crate::Sandbox; - const KATA_GUEST_SANDBOX_DNS_FILE: &str = "/run/kata-containers/sandbox/resolv.conf"; const GUEST_DNS_FILE: &str = "/etc/resolv.conf"; diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index c1351e636..ed7140274 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -4,7 +4,7 @@ // use std::path::Path; -use std::sync::mpsc::{channel, Sender}; +use std::sync::mpsc::channel; use std::sync::{Arc, Mutex}; use ttrpc; @@ -40,7 +40,6 @@ use crate::metrics::get_metrics; use crate::mount::{add_storages, remove_mounts, BareMount, STORAGEHANDLERLIST}; use crate::namespace::{NSTYPEIPC, NSTYPEPID, NSTYPEUTS}; use crate::network::setup_guest_dns; -use crate::network::Network; use crate::random; use crate::sandbox::Sandbox; use crate::version::{AGENT_VERSION, API_VERSION}; @@ -790,7 +789,7 @@ impl protocols::agent_ttrpc::AgentService for agentService { fn pause_container( &self, - ctx: &ttrpc::TtrpcContext, + _ctx: &ttrpc::TtrpcContext, req: protocols::agent::PauseContainerRequest, ) -> ttrpc::Result { let cid = req.get_container_id(); @@ -816,7 +815,7 @@ impl protocols::agent_ttrpc::AgentService for agentService { fn resume_container( &self, - ctx: &ttrpc::TtrpcContext, + _ctx: &ttrpc::TtrpcContext, req: protocols::agent::ResumeContainerRequest, ) -> ttrpc::Result { let cid = req.get_container_id(); @@ -1160,7 +1159,7 @@ impl protocols::agent_ttrpc::AgentService for agentService { }; match setup_guest_dns(sl!(), req.dns.to_vec()) { - Ok(dns_list) => { + Ok(_) => { let sandbox = self.sandbox.clone(); let mut s = sandbox.lock().unwrap(); let _ = req @@ -1447,7 +1446,7 @@ fn get_agent_details() -> AgentDetails { detail.set_version(AGENT_VERSION.to_string()); detail.set_supports_seccomp(false); - detail.init_daemon = { unistd::getpid() == Pid::from_raw(1) }; + detail.init_daemon = unistd::getpid() == Pid::from_raw(1); detail.device_handlers = RepeatedField::new(); detail.storage_handlers = RepeatedField::from_vec( diff --git a/src/agent/src/sandbox.rs b/src/agent/src/sandbox.rs index 8c5eacbe4..f871d3ef7 100644 --- a/src/agent/src/sandbox.rs +++ b/src/agent/src/sandbox.rs @@ -7,10 +7,8 @@ use crate::linux_abi::*; use crate::mount::{get_mount_fs_type, remove_mounts, TYPEROOTFS}; use crate::namespace::Namespace; -use crate::namespace::NSTYPEPID; use crate::network::Network; use anyhow::{anyhow, Context, Result}; -use cgroups; use libc::pid_t; use netlink::{RtnlHandle, NETLINK_ROUTE}; use oci::{Hook, Hooks}; diff --git a/src/trace-forwarder/Makefile b/src/trace-forwarder/Makefile index e02aef397..ae7332592 100644 --- a/src/trace-forwarder/Makefile +++ b/src/trace-forwarder/Makefile @@ -6,7 +6,7 @@ default: build build: - cargo build -v + RUSTFLAGS="--deny warnings" cargo build -v clean: cargo clean diff --git a/tools/agent-ctl/Cargo.lock b/tools/agent-ctl/Cargo.lock index 276379c06..ea06728c3 100644 --- a/tools/agent-ctl/Cargo.lock +++ b/tools/agent-ctl/Cargo.lock @@ -1,20 +1,5 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -[[package]] -name = "addr2line" -version = "0.12.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "602d785912f476e480434627e8732e6766b760c045bbf897d9dfaa9f4fbd399c" -dependencies = [ - "gimli", -] - -[[package]] -name = "adler32" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "567b077b825e468cc974f0020d4082ee6e03132512f207ef1a02fd5d00d1f32d" - [[package]] name = "aho-corasick" version = "0.7.13" @@ -35,9 +20,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.31" +version = "1.0.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85bb70cc08ec97ca5450e6eba421deeea5f172c0fc61f78b5357b2a8e8be195f" +checksum = "6b602bfe940d21c130f3895acd65221e8a61270debe89d628b9cb4e3ccb8569b" [[package]] name = "arc-swap" @@ -74,20 +59,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d" -[[package]] -name = "backtrace" -version = "0.3.49" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05100821de9e028f12ae3d189176b41ee198341eb8f369956407fea2f5cc666c" -dependencies = [ - "addr2line", - "cfg-if", - "libc", - "miniz_oxide", - "object", - "rustc-demangle", -] - [[package]] name = "base64" version = "0.11.0" @@ -240,7 +211,6 @@ version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d371106cc88ffdfb1eabd7111e432da544f16f3e2d7bf1dfe8bf575f1df045cd" dependencies = [ - "backtrace", "version_check", ] @@ -267,12 +237,6 @@ dependencies = [ "wasi", ] -[[package]] -name = "gimli" -version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcc8e0c9bce37868955864dbecd2b1ab2bdf967e6f28066d65aaac620444b65c" - [[package]] name = "hermit-abi" version = "0.1.14" @@ -361,15 +325,6 @@ version = "2.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400" -[[package]] -name = "miniz_oxide" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791daaae1ed6889560f8c4359194f56648355540573244a5448a83ba1ecc7435" -dependencies = [ - "adler32", -] - [[package]] name = "nix" version = "0.16.1" @@ -415,12 +370,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "object" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ab52be62400ca80aa00285d25253d7f7c437b7375c4de678f5405d3afe82ca5" - [[package]] name = "oci" version = "0.1.0" @@ -606,19 +555,13 @@ dependencies = [ "crossbeam-utils", ] -[[package]] -name = "rustc-demangle" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783" - [[package]] name = "rustjail" version = "0.1.0" dependencies = [ + "anyhow", "caps", "dirs", - "error-chain", "lazy_static", "libc", "nix 0.17.0", diff --git a/tools/agent-ctl/Makefile b/tools/agent-ctl/Makefile index e02aef397..ae7332592 100644 --- a/tools/agent-ctl/Makefile +++ b/tools/agent-ctl/Makefile @@ -6,7 +6,7 @@ default: build build: - cargo build -v + RUSTFLAGS="--deny warnings" cargo build -v clean: cargo clean diff --git a/tools/agent-ctl/src/utils.rs b/tools/agent-ctl/src/utils.rs index 686484760..7dff5d8cb 100644 --- a/tools/agent-ctl/src/utils.rs +++ b/tools/agent-ctl/src/utils.rs @@ -8,8 +8,7 @@ use anyhow::{anyhow, Result}; use oci::{Process as ociProcess, Root as ociRoot, Spec as ociSpec}; use protocols::oci::{ Box as grpcBox, Linux as grpcLinux, LinuxCapabilities as grpcLinuxCapabilities, - POSIXRlimit as grpcPOSIXRlimit, Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec, - User as grpcUser, + Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec, User as grpcUser, }; use rand::Rng; use slog::{debug, warn};