Merge pull request #795 from c3d/bug/750-warnings

Remove compilation warnings
2025-07-06 12:06:49 +00:00 · 2020-10-09 10:26:08 +08:00 · 2020-10-09 10:26:08 +08:00 · 367e436ff8
commit 367e436ff8
parent a82237a810 0e898c6bc4
19 changed files with 148 additions and 201 deletions
--- a/pkg/logging/src/lib.rs
+++ b/pkg/logging/src/lib.rs
@ -182,12 +182,6 @@ impl<D> RuntimeLevelFilter<D> {
            level: Mutex::new(level),
        }
    }
    fn set_level(&self, level: slog::Level) {
        let mut log_level = self.level.lock().unwrap();
        *log_level = level;
    }
 }
 impl<D> Drain for RuntimeLevelFilter<D>
--- a/src/agent/Makefile
+++ b/src/agent/Makefile
@ -106,10 +106,10 @@ default: $(TARGET) show-header
 $(TARGET): $(GENERATED_CODE) $(TARGET_PATH)
 $(TARGET_PATH): $(SOURCES) | show-summary
-	@cargo build --target $(TRIPLE) --$(BUILD_TYPE)
+	@RUSTFLAGS="--deny warnings" cargo build --target $(TRIPLE) --$(BUILD_TYPE)
 optimize: $(SOURCES) | show-summary show-header
-	@RUSTFLAGS='-C link-arg=-s' cargo build --target $(TRIPLE) --$(BUILD_TYPE)
+	@RUSTFLAGS='-C link-arg=-s --deny-warnings' cargo build --target $(TRIPLE) --$(BUILD_TYPE)
 show-header:
 	@printf "%s - version %s (commit %s)\n\n" "$(TARGET)" "$(VERSION)" "$(COMMIT_MSG)"
--- a/src/agent/rustjail/src/cgroups/fs/mod.rs
+++ b/src/agent/rustjail/src/cgroups/fs/mod.rs
@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 //
-use cgroups::blkio::{BlkIo, BlkIoController, BlkIoData, IoService};
+use cgroups::blkio::{BlkIoController, BlkIoData, IoService};
 use cgroups::cpu::CpuController;
 use cgroups::cpuacct::CpuAcctController;
 use cgroups::cpuset::CpuSetController;
@ -15,18 +15,18 @@ use cgroups::memory::MemController;
 use cgroups::pid::PidController;
 use cgroups::{
    BlkIoDeviceResource, BlkIoDeviceThrottleResource, Cgroup, CgroupPid, Controller,
-    DeviceResource, DeviceResources, HugePageResource, MaxValue, NetworkPriority,
+    DeviceResource, HugePageResource, MaxValue, NetworkPriority,
 };
 use crate::cgroups::Manager as CgroupManager;
 use crate::container::DEFAULT_DEVICES;
-use anyhow::{anyhow, Context, Error, Result};
+use anyhow::{anyhow, Context, Result};
 use lazy_static;
 use libc::{self, pid_t};
 use nix::errno::Errno;
 use oci::{
    LinuxBlockIO, LinuxCPU, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory,
-    LinuxNetwork, LinuxPids, LinuxResources, LinuxThrottleDevice, LinuxWeightDevice,
+    LinuxNetwork, LinuxPids, LinuxResources,
 };
 use protobuf::{CachedSize, RepeatedField, SingularPtrField, UnknownFields};
@ -34,7 +34,6 @@ use protocols::agent::{
    BlkioStats, BlkioStatsEntry, CgroupStats, CpuStats, CpuUsage, HugetlbStats, MemoryData,
    MemoryStats, PidsStats, ThrottlingData,
 };
 use regex::Regex;
 use std::collections::HashMap;
 use std::fs;
 use std::path::Path;
@ -91,7 +90,7 @@ impl CgroupManager for Manager {
        let h = cgroups::hierarchies::auto();
        let h = Box::new(&*h);
        let cg = load_or_create(h, &self.cpath);
-        cg.add_task(CgroupPid::from(pid as u64));
+        cg.add_task(CgroupPid::from(pid as u64))?;
        Ok(())
    }
@ -194,10 +193,10 @@ impl CgroupManager for Manager {
        let freezer_controller: &FreezerController = cg.controller_of().unwrap();
        match state {
            FreezerState::Thawed => {
-                freezer_controller.thaw();
+                freezer_controller.thaw()?;
            }
            FreezerState::Frozen => {
-                freezer_controller.freeze();
+                freezer_controller.freeze()?;
            }
            _ => {
                return Err(nix::Error::Sys(Errno::EINVAL).into());
@ -230,7 +229,7 @@ impl CgroupManager for Manager {
 }
 fn set_network_resources(
-    cg: &cgroups::Cgroup,
+    _cg: &cgroups::Cgroup,
    network: &LinuxNetwork,
    res: &mut cgroups::Resources,
 ) -> Result<()> {
@ -259,7 +258,7 @@ fn set_network_resources(
 }
 fn set_devices_resources(
-    cg: &cgroups::Cgroup,
+    _cg: &cgroups::Cgroup,
    device_resources: &Vec<LinuxDeviceCgroup>,
    res: &mut cgroups::Resources,
 ) -> Result<()> {
@ -288,7 +287,7 @@ fn set_devices_resources(
 }
 fn set_hugepages_resources(
-    cg: &cgroups::Cgroup,
+    _cg: &cgroups::Cgroup,
    hugepage_limits: &Vec<LinuxHugepageLimit>,
    res: &mut cgroups::Resources,
 ) -> Result<()> {
@ -363,11 +362,11 @@ fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> {
    let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
    if !cpu.cpus.is_empty() {
-        cpuset_controller.set_cpus(&cpu.cpus);
+        cpuset_controller.set_cpus(&cpu.cpus)?;
    }
    if !cpu.mems.is_empty() {
-        cpuset_controller.set_mems(&cpu.mems);
+        cpuset_controller.set_mems(&cpu.mems)?;
    }
    let cpu_controller: &CpuController = cg.controller_of().unwrap();
@ -379,11 +378,12 @@ fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> {
            shares
        };
        if shares != 0 {
-            cpu_controller.set_shares(shares);
+            cpu_controller.set_shares(shares)?;
        }
    }
-    cpu_controller.set_cfs_quota_and_period(cpu.quota, cpu.period);
+    set_resource!(cpu_controller, set_cfs_quota, cpu, quota);
    set_resource!(cpu_controller, set_cfs_period, cpu, period);
    set_resource!(cpu_controller, set_rt_runtime, cpu, realtime_runtime);
    set_resource!(cpu_controller, set_rt_period_us, cpu, realtime_period);
@ -468,7 +468,7 @@ fn build_blk_io_device_throttle_resource(
 fn linux_device_to_cgroup_device(d: &LinuxDevice) -> DeviceResource {
    let dev_type = DeviceType::from_char(d.r#type.chars().next()).unwrap();
-    let mut permissions = vec![
+    let permissions = vec![
        DevicePermissions::Read,
        DevicePermissions::Write,
        DevicePermissions::MkNod,
@ -518,7 +518,7 @@ fn lines_to_map(content: &str) -> HashMap<String, u64> {
        .lines()
        .map(|x| x.split_whitespace().collect::<Vec<&str>>())
        .filter(|x| x.len() == 2 && x[1].parse::<u64>().is_ok())
-        .fold(HashMap::new(), |mut hm, mut x| {
+        .fold(HashMap::new(), |mut hm, x| {
            hm.insert(x[0].to_string(), x[1].parse::<u64>().unwrap());
            hm
        })
@ -1059,7 +1059,7 @@ impl Manager {
            info!(sl!(), "updating cpuset for path {:?}", &r_path);
            let cg = load_or_create(h, &r_path);
            let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
-            cpuset_controller.set_cpus(cpuset_cpus);
+            cpuset_controller.set_cpus(cpuset_cpus)?;
        }
        Ok(())
--- a/src/agent/rustjail/src/cgroups/mod.rs
+++ b/src/agent/rustjail/src/cgroups/mod.rs
@ -7,7 +7,6 @@
 use anyhow::{anyhow, Result};
 use oci::LinuxResources;
 use protocols::agent::CgroupStats;
 use std::collections::HashMap;
 use cgroups::freezer::FreezerState;
--- a/src/agent/rustjail/src/container.rs
+++ b/src/agent/rustjail/src/container.rs
@ -19,7 +19,7 @@ use libc::pid_t;
 use oci::{LinuxDevice, LinuxIDMapping};
 use std::clone::Clone;
 use std::fmt::Display;
-use std::process::{Child, Command};
+use std::process::Command;
 use cgroups::freezer::FreezerState;
@ -30,7 +30,7 @@ use crate::specconv::CreateOpts;
 use crate::sync::*;
 // use crate::stats::Stats;
 use crate::capabilities::{self, CAPSMAP};
-use crate::cgroups::fs::{self as fscgroup, Manager as FsManager};
+use crate::cgroups::fs::Manager as FsManager;
 use crate::cgroups::Manager;
 use crate::{mount, validator};
@ -55,7 +55,7 @@ use std::io::BufRead;
 use std::io::BufReader;
 use std::os::unix::io::FromRawFd;
-use slog::{debug, info, o, Logger};
+use slog::{info, o, Logger};
 const STATE_FILENAME: &'static str = "state.json";
 const EXEC_FIFO_FILENAME: &'static str = "exec.fifo";
@ -70,6 +70,17 @@ const CLOG_FD: &str = "CLOG_FD";
 const FIFO_FD: &str = "FIFO_FD";
 const HOME_ENV_KEY: &str = "HOME";
 #[macro_export]
 macro_rules! check {
    ($what:expr, $where:expr) => ({
        if let Err(e) = $what {
            let subsystem = $where;
            let logger = slog_scope::logger().new(o!("subsystem" => subsystem));
            warn!(logger, "{:?}", e);
        }
    })
 }
 #[derive(PartialEq, Clone, Copy)]
 pub enum Status {
    CREATED,
@ -336,7 +347,10 @@ pub fn init_child() {
        Ok(_) => (),
        Err(e) => {
            log_child!(cfd_log, "child exit: {:?}", e);
-            write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
+            check!(
                write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()),
                "write_sync in init_child()"
            );
            return;
        }
    }
@ -364,7 +378,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
    let buf = read_sync(crfd)?;
    let process_str = std::str::from_utf8(&buf)?;
-    let mut oci_process: oci::Process = serde_json::from_str(process_str)?;
+    let oci_process: oci::Process = serde_json::from_str(process_str)?;
    log_child!(cfd_log, "notify parent to send cgroup manager");
    write_sync(cwfd, SYNC_SUCCESS, "")?;
@ -471,11 +485,17 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
        if let Err(e) = sched::setns(fd, s) {
            if s == CloneFlags::CLONE_NEWUSER {
                if e.as_errno().unwrap() != Errno::EINVAL {
-                    write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
+                    check!(
                        write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()),
                        "write_sync for CLONE_NEWUSER"
                    );
                    return Err(e.into());
                }
            } else {
-                write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
+                check!(
                    write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()),
                    "write_sync for sched::setns"
                );
                return Err(e.into());
            }
        }
@ -550,10 +570,13 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
    if guser.additional_gids.len() > 0 {
        setgroups(guser.additional_gids.as_slice()).map_err(|e| {
-            write_sync(
+            check!(
-                cwfd,
+                write_sync(
-                SYNC_FAILED,
+                    cwfd,
-                format!("setgroups failed: {:?}", e).as_str(),
+                    SYNC_FAILED,
                    format!("setgroups failed: {:?}", e).as_str()
                ),
                "write_sync for setgroups"
            );
            e
        })?;
@ -622,9 +645,9 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
    // notify parent that the child's ready to start
    write_sync(cwfd, SYNC_SUCCESS, "")?;
    log_child!(cfd_log, "ready to run exec");
-    unistd::close(cfd_log);
+    check!(unistd::close(cfd_log), "closing cfd log");
-    unistd::close(crfd);
+    check!(unistd::close(crfd), "closing crfd");
-    unistd::close(cwfd);
+    check!(unistd::close(cwfd), "closing cwfd");
    if oci_process.terminal {
        unistd::setsid()?;
@ -762,7 +785,10 @@ impl BaseContainer for LinuxContainer {
        let st = self.oci_state()?;
        let (pfd_log, cfd_log) = unistd::pipe().context("failed to create pipe")?;
-        fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
+        check!(
            fcntl::fcntl(pfd_log, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
            "fcntl pfd log FD_CLOEXEC"
        );
        let child_logger = logger.new(o!("action" => "child process log"));
        let log_handler = thread::spawn(move || {
@ -791,34 +817,43 @@ impl BaseContainer for LinuxContainer {
        info!(logger, "exec fifo opened!");
        let (prfd, cwfd) = unistd::pipe().context("failed to create pipe")?;
        let (crfd, pwfd) = unistd::pipe().context("failed to create pipe")?;
-        fcntl::fcntl(prfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
+        check!(
-        fcntl::fcntl(pwfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
+            fcntl::fcntl(prfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
            "fcntl prfd FD_CLOEXEC"
        );
        check!(
            fcntl::fcntl(pwfd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
            "fcntl pwfd FD_COLEXEC"
        );
        defer!({
-            unistd::close(prfd);
+            check!(unistd::close(prfd), "close prfd");
-            unistd::close(pwfd);
+            check!(unistd::close(pwfd), "close pwfd");
        });
-        let mut child_stdin = std::process::Stdio::null();
+        let child_stdin: std::process::Stdio;
-        let mut child_stdout = std::process::Stdio::null();
+        let child_stdout: std::process::Stdio;
-        let mut child_stderr = std::process::Stdio::null();
+        let child_stderr: std::process::Stdio;
        let mut stdin = -1;
        let mut stdout = -1;
        let mut stderr = -1;
        if tty {
-            let pseduo = pty::openpty(None, None)?;
+            let pseudo = pty::openpty(None, None)?;
-            p.term_master = Some(pseduo.master);
+            p.term_master = Some(pseudo.master);
-            fcntl::fcntl(pseduo.master, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
+            check!(
-            fcntl::fcntl(pseduo.slave, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC));
+                fcntl::fcntl(pseudo.master, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
                "fnctl pseudo.master"
            );
            check!(
                fcntl::fcntl(pseudo.slave, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)),
                "fcntl pseudo.slave"
            );
-            child_stdin = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) };
+            child_stdin = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) };
-            child_stdout = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) };
+            child_stdout = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) };
-            child_stderr = unsafe { std::process::Stdio::from_raw_fd(pseduo.slave) };
+            child_stderr = unsafe { std::process::Stdio::from_raw_fd(pseudo.slave) };
        } else {
-            stdin = p.stdin.unwrap();
+            let stdin = p.stdin.unwrap();
-            stdout = p.stdout.unwrap();
+            let stdout = p.stdout.unwrap();
-            stderr = p.stderr.unwrap();
+            let stderr = p.stderr.unwrap();
            child_stdin = unsafe { std::process::Stdio::from_raw_fd(stdin) };
            child_stdout = unsafe { std::process::Stdio::from_raw_fd(stdout) };
            child_stderr = unsafe { std::process::Stdio::from_raw_fd(stderr) };
@ -837,8 +872,11 @@ impl BaseContainer for LinuxContainer {
        //restore the parent's process's pid namespace.
        defer!({
-            sched::setns(old_pid_ns, CloneFlags::CLONE_NEWPID);
+            check!(
-            unistd::close(old_pid_ns);
+                sched::setns(old_pid_ns, CloneFlags::CLONE_NEWPID),
                "settns CLONE_NEWPID"
            );
            check!(unistd::close(old_pid_ns), "close old pid namespace");
        });
        let pidns = get_pid_namespace(&self.logger, linux)?;
@ -868,7 +906,7 @@ impl BaseContainer for LinuxContainer {
            child = child.env(FIFO_FD, format!("{}", fifofd));
        }
-        let mut child = child.spawn()?;
+        let child = child.spawn()?;
        unistd::close(crfd)?;
        unistd::close(cwfd)?;
@ -880,7 +918,7 @@ impl BaseContainer for LinuxContainer {
        }
        if p.init {
-            unistd::close(fifofd);
+            check!(unistd::close(fifofd), "close fifofd");
        }
        info!(logger, "child pid: {}", p.pid);
@ -891,7 +929,6 @@ impl BaseContainer for LinuxContainer {
            &p,
            self.cgroup_manager.as_ref().unwrap(),
            &st,
            &mut child,
            pwfd,
            prfd,
        ) {
@ -899,7 +936,10 @@ impl BaseContainer for LinuxContainer {
            Err(e) => {
                error!(logger, "create container process error {:?}", e);
                // kill the child process.
-                signal::kill(Pid::from_raw(p.pid), Some(Signal::SIGKILL));
+                check!(
                    signal::kill(Pid::from_raw(p.pid), Some(Signal::SIGKILL)),
                    "signal::kill joining namespaces"
                );
                return Err(e);
            }
        };
@ -912,7 +952,10 @@ impl BaseContainer for LinuxContainer {
        let (exit_pipe_r, exit_pipe_w) = unistd::pipe2(OFlag::O_CLOEXEC)
            .context("failed to create pipe")
            .map_err(|e| {
-                signal::kill(Pid::from_raw(child.id() as i32), Some(Signal::SIGKILL));
+                check!(
                    signal::kill(Pid::from_raw(child.id() as i32), Some(Signal::SIGKILL)),
                    "signal::kill creating pipe"
                );
                e
            })?;
@ -926,7 +969,7 @@ impl BaseContainer for LinuxContainer {
        self.processes.insert(p.pid, p);
        info!(logger, "wait on child log handler");
-        log_handler.join();
+        check!(log_handler.join(), "joining log handler");
        info!(logger, "create process completed");
        return Ok(());
    }
@ -1042,8 +1085,9 @@ fn do_exec(args: &[String]) -> ! {
 }
 fn update_namespaces(logger: &Logger, spec: &mut Spec, init_pid: RawFd) -> Result<()> {
    info!(logger, "updating namespaces");
    let linux = match spec.linux.as_mut() {
-        None => return Err(anyhow!("Spec didn't container linux field")),
+        None => return Err(anyhow!("Spec didn't contain linux field")),
        Some(l) => l,
    };
@ -1120,7 +1164,6 @@ fn join_namespaces(
    p: &Process,
    cm: &FsManager,
    st: &OCIState,
    _child: &mut Child,
    pwfd: RawFd,
    prfd: RawFd,
 ) -> Result<()> {
@ -1428,7 +1471,6 @@ fn set_sysctls(sysctls: &HashMap<String, String>) -> Result<()> {
    Ok(())
 }
 use std::error::Error as StdError;
 use std::io::Read;
 use std::os::unix::process::ExitStatusExt;
 use std::process::Stdio;
@ -1549,7 +1591,7 @@ fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
                        info!(
                            logger,
                            "wait child error: {} {}",
-                            e.description(),
+                            e,
                            e.raw_os_error().unwrap()
                        );
--- a/src/agent/rustjail/src/lib.rs
+++ b/src/agent/rustjail/src/lib.rs
@ -15,7 +15,6 @@
 #[macro_use]
 #[cfg(test)]
 extern crate serial_test;
 #[macro_use]
 extern crate serde;
 extern crate serde_json;
 #[macro_use]
@ -37,13 +36,6 @@ extern crate oci;
 extern crate path_absolutize;
 extern crate regex;
 // Convenience macro to obtain the scope logger
 macro_rules! sl {
    () => {
        slog_scope::logger().new(o!("subsystem" => "rustjail"))
    };
 }
 pub mod capabilities;
 pub mod cgroups;
 pub mod container;
@ -77,7 +69,6 @@ use protocols::oci::{
    Root as grpcRoot, Spec as grpcSpec,
 };
 use std::collections::HashMap;
 use std::mem::MaybeUninit;
 pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
    let console_size = if p.ConsoleSize.is_some() {
@ -99,7 +90,12 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
            username: u.Username.clone(),
        }
    } else {
-        unsafe { MaybeUninit::zeroed().assume_init() }
+        ociUser {
            uid: 0,
            gid: 0,
            additional_gids: vec![],
            username: String::from(""),
        }
    };
    let capabilities = if p.Capabilities.is_some() {
@ -144,11 +140,6 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
    }
 }
 fn process_oci_to_grpc(_p: ociProcess) -> grpcProcess {
    // dont implement it for now
    unsafe { MaybeUninit::zeroed().assume_init() }
 }
 fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot {
    ociRoot {
        path: root.Path.clone(),
@ -156,10 +147,6 @@ fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot {
    }
 }
 fn root_oci_to_grpc(_root: &ociRoot) -> grpcRoot {
    unsafe { MaybeUninit::zeroed().assume_init() }
 }
 fn mount_grpc_to_oci(m: &grpcMount) -> ociMount {
    ociMount {
        destination: m.destination.clone(),
@ -169,10 +156,6 @@ fn mount_grpc_to_oci(m: &grpcMount) -> ociMount {
    }
 }
 fn mount_oci_to_grpc(_m: &ociMount) -> grpcMount {
    unsafe { MaybeUninit::zeroed().assume_init() }
 }
 use oci::Hook as ociHook;
 use protocols::oci::Hook as grpcHook;
@ -203,10 +186,6 @@ fn hooks_grpc_to_oci(h: &grpcHooks) -> ociHooks {
    }
 }
 fn hooks_oci_to_grpc(_h: &ociHooks) -> grpcHooks {
    unsafe { MaybeUninit::zeroed().assume_init() }
 }
 use oci::{
    LinuxDevice as ociLinuxDevice, LinuxIDMapping as ociLinuxIDMapping,
    LinuxIntelRdt as ociLinuxIntelRdt, LinuxNamespace as ociLinuxNamespace,
@ -573,10 +552,6 @@ pub fn grpc_to_oci(grpc: &grpcSpec) -> ociSpec {
    }
 }
 pub fn oci_to_grpc(_oci: &ociSpec) -> grpcSpec {
    unsafe { MaybeUninit::zeroed().assume_init() }
 }
 #[cfg(test)]
 mod tests {
    #[test]
--- a/src/agent/rustjail/src/mount.rs
+++ b/src/agent/rustjail/src/mount.rs
@ -7,7 +7,9 @@ use anyhow::{anyhow, bail, Context, Error, Result};
 use libc::uid_t;
 use nix::errno::Errno;
 use nix::fcntl::{self, OFlag};
-use nix::mount::{self, MntFlags, MsFlags};
+#[cfg(not(test))]
 use nix::mount;
 use nix::mount::{MntFlags, MsFlags};
 use nix::sys::stat::{self, Mode, SFlag};
 use nix::unistd::{self, Gid, Uid};
 use nix::NixPath;
@ -111,6 +113,7 @@ lazy_static! {
 }
 #[inline(always)]
 #[allow(unused_variables)]
 fn mount<P1: ?Sized + NixPath, P2: ?Sized + NixPath, P3: ?Sized + NixPath, P4: ?Sized + NixPath>(
    source: Option<&P1>,
    target: &P2,
@ -125,6 +128,7 @@ fn mount<P1: ?Sized + NixPath, P2: ?Sized + NixPath, P3: ?Sized + NixPath, P4: ?
 }
 #[inline(always)]
 #[allow(unused_variables)]
 fn umount2<P: ?Sized + NixPath>(
    target: &P,
    flags: MntFlags,
@ -421,6 +425,7 @@ fn mount_cgroups(
    Ok(())
 }
 #[allow(unused_variables)]
 fn pivot_root<P1: ?Sized + NixPath, P2: ?Sized + NixPath>(
    new_root: &P1,
    put_old: &P2,
@ -553,6 +558,7 @@ fn parse_mount_table() -> Result<Vec<Info>> {
 }
 #[inline(always)]
 #[allow(unused_variables)]
 fn chroot<P: ?Sized + NixPath>(path: &P) -> Result<(), nix::Error> {
    #[cfg(not(test))]
    return unistd::chroot(path);
@ -1004,8 +1010,8 @@ mod tests {
        // there is no spec.mounts, but should pass
        let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true);
        assert!(ret.is_ok(), "Should pass. Got: {:?}", ret);
-        let ret = fs::remove_dir_all(rootfs.path().join("dev"));
+        let _ = fs::remove_dir_all(rootfs.path().join("dev"));
-        let ret = fs::create_dir(rootfs.path().join("dev"));
+        let _ = fs::create_dir(rootfs.path().join("dev"));
        // Adding bad mount point to spec.mounts
        spec.mounts.push(oci::Mount {
@ -1023,8 +1029,8 @@ mod tests {
            ret
        );
        spec.mounts.pop();
-        let ret = fs::remove_dir_all(rootfs.path().join("dev"));
+        let _ = fs::remove_dir_all(rootfs.path().join("dev"));
-        let ret = fs::create_dir(rootfs.path().join("dev"));
+        let _ = fs::create_dir(rootfs.path().join("dev"));
        // mounting a cgroup
        spec.mounts.push(oci::Mount {
@ -1037,8 +1043,8 @@ mod tests {
        let ret = init_rootfs(stdout_fd, &spec, &cpath, &mounts, true);
        assert!(ret.is_ok(), "Should pass. Got: {:?}", ret);
        spec.mounts.pop();
-        let ret = fs::remove_dir_all(rootfs.path().join("dev"));
+        let _ = fs::remove_dir_all(rootfs.path().join("dev"));
-        let ret = fs::create_dir(rootfs.path().join("dev"));
+        let _ = fs::create_dir(rootfs.path().join("dev"));
        // mounting /dev
        spec.mounts.push(oci::Mount {
@ -1179,8 +1185,8 @@ mod tests {
        let tempdir = tempdir().unwrap();
        let olddir = unistd::getcwd().unwrap();
-        defer!(unistd::chdir(&olddir););
+        defer!(let _ = unistd::chdir(&olddir););
-        unistd::chdir(tempdir.path());
+        let _ = unistd::chdir(tempdir.path());
        let dev = oci::LinuxDevice {
            path: "/fifo".to_string(),
--- a/src/agent/rustjail/src/process.rs
+++ b/src/agent/rustjail/src/process.rs
@ -15,12 +15,10 @@ use std::sync::mpsc::Sender;
 use nix::fcntl::{fcntl, FcntlArg, OFlag};
 use nix::sys::signal::{self, Signal};
 use nix::sys::socket::{self, AddressFamily, SockFlag, SockType};
 use nix::sys::wait::{self, WaitStatus};
 use nix::unistd::{self, Pid};
 use nix::Result;
 use nix::Error;
 use oci::Process as OCIProcess;
 use slog::Logger;
@ -151,11 +149,11 @@ mod tests {
    #[test]
    fn test_create_extended_pipe() {
        // Test the default
-        let (r, w) = create_extended_pipe(OFlag::O_CLOEXEC, 0).unwrap();
+        let (_r, _w) = create_extended_pipe(OFlag::O_CLOEXEC, 0).unwrap();
        // Test setting to the max size
        let max_size = get_pipe_max_size();
-        let (r, w) = create_extended_pipe(OFlag::O_CLOEXEC, max_size).unwrap();
+        let (_, w) = create_extended_pipe(OFlag::O_CLOEXEC, max_size).unwrap();
        let actual_size = get_pipe_size(w);
        assert_eq!(max_size, actual_size);
    }
--- a/src/agent/rustjail/src/sync.rs
+++ b/src/agent/rustjail/src/sync.rs
@ -23,7 +23,8 @@ macro_rules! log_child {
        let lfd = $fd;
        let mut log_str = format_args!($($arg)+).to_string();
        log_str.push('\n');
-        write_count(lfd, log_str.as_bytes(), log_str.len());
+        // Ignore error writing to the logger, not much we can do
        let _ = write_count(lfd, log_str.as_bytes(), log_str.len());
    })
 }
--- a/src/agent/rustjail/src/validator.rs
+++ b/src/agent/rustjail/src/validator.rs
@ -8,7 +8,6 @@ use anyhow::{anyhow, Result};
 use lazy_static;
 use nix::errno::Errno;
 use oci::{LinuxIDMapping, LinuxNamespace, Spec};
 use protobuf::RepeatedField;
 use std::collections::HashMap;
 use std::path::{Component, PathBuf};
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@ -25,7 +25,6 @@ extern crate scopeguard;
 #[macro_use]
 extern crate slog;
 #[macro_use]
 extern crate netlink;
 use crate::netlink::{RtnlHandle, NETLINK_ROUTE};
@ -129,7 +128,6 @@ fn main() -> Result<()> {
    // support vsock log
    let (rfd, wfd) = unistd::pipe2(OFlag::O_CLOEXEC)?;
    let writer = unsafe { File::from_raw_fd(wfd) };
    let agentConfig = AGENT_CONFIG.clone();
@ -638,8 +636,6 @@ fn run_debug_console_shell(logger: &Logger, shell: &str, socket_fd: RawFd) -> Re
 #[cfg(test)]
 mod tests {
    use super::*;
    use std::fs::File;
    use std::io::Write;
    use tempfile::tempdir;
    #[test]
--- a/src/agent/src/mount.rs
+++ b/src/agent/src/mount.rs
@ -1088,7 +1088,7 @@ mod tests {
    #[test]
    fn test_get_cgroup_v2_mounts() {
-        let dir = tempdir().expect("failed to create tmpdir");
+        let _ = tempdir().expect("failed to create tmpdir");
        let drain = slog::Discard;
        let logger = slog::Logger::root(drain, o!());
        let result = get_cgroup_mounts(&logger, "", true);
--- a/src/agent/src/network.rs
+++ b/src/agent/src/network.rs
@ -3,15 +3,13 @@
 // SPDX-License-Identifier: Apache-2.0
 //
-use anyhow::{anyhow, Context, Result};
+use anyhow::{anyhow, Result};
-use nix::mount::{self, MntFlags, MsFlags};
+use nix::mount::{self, MsFlags};
 use protocols::types::{Interface, Route};
 use slog::Logger;
 use std::collections::HashMap;
 use std::fs;
 use crate::Sandbox;
 const KATA_GUEST_SANDBOX_DNS_FILE: &str = "/run/kata-containers/sandbox/resolv.conf";
 const GUEST_DNS_FILE: &str = "/etc/resolv.conf";
--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@ -4,7 +4,7 @@
 //
 use std::path::Path;
-use std::sync::mpsc::{channel, Sender};
+use std::sync::mpsc::channel;
 use std::sync::{Arc, Mutex};
 use ttrpc;
@ -40,7 +40,6 @@ use crate::metrics::get_metrics;
 use crate::mount::{add_storages, remove_mounts, BareMount, STORAGEHANDLERLIST};
 use crate::namespace::{NSTYPEIPC, NSTYPEPID, NSTYPEUTS};
 use crate::network::setup_guest_dns;
 use crate::network::Network;
 use crate::random;
 use crate::sandbox::Sandbox;
 use crate::version::{AGENT_VERSION, API_VERSION};
@ -790,7 +789,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
    fn pause_container(
        &self,
-        ctx: &ttrpc::TtrpcContext,
+        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::PauseContainerRequest,
    ) -> ttrpc::Result<protocols::empty::Empty> {
        let cid = req.get_container_id();
@ -816,7 +815,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
    fn resume_container(
        &self,
-        ctx: &ttrpc::TtrpcContext,
+        _ctx: &ttrpc::TtrpcContext,
        req: protocols::agent::ResumeContainerRequest,
    ) -> ttrpc::Result<protocols::empty::Empty> {
        let cid = req.get_container_id();
@ -1160,7 +1159,7 @@ impl protocols::agent_ttrpc::AgentService for agentService {
        };
        match setup_guest_dns(sl!(), req.dns.to_vec()) {
-            Ok(dns_list) => {
+            Ok(_) => {
                let sandbox = self.sandbox.clone();
                let mut s = sandbox.lock().unwrap();
                let _ = req
@ -1447,7 +1446,7 @@ fn get_agent_details() -> AgentDetails {
    detail.set_version(AGENT_VERSION.to_string());
    detail.set_supports_seccomp(false);
-    detail.init_daemon = { unistd::getpid() == Pid::from_raw(1) };
+    detail.init_daemon = unistd::getpid() == Pid::from_raw(1);
    detail.device_handlers = RepeatedField::new();
    detail.storage_handlers = RepeatedField::from_vec(
--- a/src/agent/src/sandbox.rs
+++ b/src/agent/src/sandbox.rs
@ -7,10 +7,8 @@
 use crate::linux_abi::*;
 use crate::mount::{get_mount_fs_type, remove_mounts, TYPEROOTFS};
 use crate::namespace::Namespace;
 use crate::namespace::NSTYPEPID;
 use crate::network::Network;
 use anyhow::{anyhow, Context, Result};
 use cgroups;
 use libc::pid_t;
 use netlink::{RtnlHandle, NETLINK_ROUTE};
 use oci::{Hook, Hooks};
--- a/src/trace-forwarder/Makefile
+++ b/src/trace-forwarder/Makefile
@ -6,7 +6,7 @@
 default: build
 build:
-	cargo build -v
+	RUSTFLAGS="--deny warnings" cargo build -v
 clean:
 	cargo clean
--- a/tools/agent-ctl/Cargo.lock
+++ b/tools/agent-ctl/Cargo.lock
@ -1,20 +1,5 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
 [[package]]
 name = "addr2line"
 version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "602d785912f476e480434627e8732e6766b760c045bbf897d9dfaa9f4fbd399c"
 dependencies = [
 "gimli",
 ]
 [[package]]
 name = "adler32"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "567b077b825e468cc974f0020d4082ee6e03132512f207ef1a02fd5d00d1f32d"
 [[package]]
 name = "aho-corasick"
 version = "0.7.13"
@ -35,9 +20,9 @@ dependencies = [
 [[package]]
 name = "anyhow"
-version = "1.0.31"
+version = "1.0.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85bb70cc08ec97ca5450e6eba421deeea5f172c0fc61f78b5357b2a8e8be195f"
+checksum = "6b602bfe940d21c130f3895acd65221e8a61270debe89d628b9cb4e3ccb8569b"
 [[package]]
 name = "arc-swap"
@ -74,20 +59,6 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d"
 [[package]]
 name = "backtrace"
 version = "0.3.49"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "05100821de9e028f12ae3d189176b41ee198341eb8f369956407fea2f5cc666c"
 dependencies = [
 "addr2line",
 "cfg-if",
 "libc",
 "miniz_oxide",
 "object",
 "rustc-demangle",
 ]
 [[package]]
 name = "base64"
 version = "0.11.0"
@ -240,7 +211,6 @@ version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d371106cc88ffdfb1eabd7111e432da544f16f3e2d7bf1dfe8bf575f1df045cd"
 dependencies = [
 "backtrace",
 "version_check",
 ]
@ -267,12 +237,6 @@ dependencies = [
 "wasi",
 ]
 [[package]]
 name = "gimli"
 version = "0.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bcc8e0c9bce37868955864dbecd2b1ab2bdf967e6f28066d65aaac620444b65c"
 [[package]]
 name = "hermit-abi"
 version = "0.1.14"
@ -361,15 +325,6 @@ version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"
 [[package]]
 name = "miniz_oxide"
 version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "791daaae1ed6889560f8c4359194f56648355540573244a5448a83ba1ecc7435"
 dependencies = [
 "adler32",
 ]
 [[package]]
 name = "nix"
 version = "0.16.1"
@ -415,12 +370,6 @@ dependencies = [
 "autocfg",
 ]
 [[package]]
 name = "object"
 version = "0.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ab52be62400ca80aa00285d25253d7f7c437b7375c4de678f5405d3afe82ca5"
 [[package]]
 name = "oci"
 version = "0.1.0"
@ -606,19 +555,13 @@ dependencies = [
 "crossbeam-utils",
 ]
 [[package]]
 name = "rustc-demangle"
 version = "0.1.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783"
 [[package]]
 name = "rustjail"
 version = "0.1.0"
 dependencies = [
 "anyhow",
 "caps",
 "dirs",
 "error-chain",
 "lazy_static",
 "libc",
 "nix 0.17.0",
--- a/tools/agent-ctl/Makefile
+++ b/tools/agent-ctl/Makefile
@ -6,7 +6,7 @@
 default: build
 build:
-	cargo build -v
+	RUSTFLAGS="--deny warnings" cargo build -v
 clean:
 	cargo clean
--- a/tools/agent-ctl/src/utils.rs
+++ b/tools/agent-ctl/src/utils.rs
@ -8,8 +8,7 @@ use anyhow::{anyhow, Result};
 use oci::{Process as ociProcess, Root as ociRoot, Spec as ociSpec};
 use protocols::oci::{
    Box as grpcBox, Linux as grpcLinux, LinuxCapabilities as grpcLinuxCapabilities,
-    POSIXRlimit as grpcPOSIXRlimit, Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec,
+    Process as grpcProcess, Root as grpcRoot, Spec as grpcSpec, User as grpcUser,
    User as grpcUser,
 };
 use rand::Rng;
 use slog::{debug, warn};