From 470d065415e00e6bebd63f1b0e8f55d40707cb0e Mon Sep 17 00:00:00 2001 From: Yuan-Zhuo Date: Sat, 9 Sep 2023 13:56:43 +0800 Subject: [PATCH] agent: optimize the code of systemd cgroup manager 1. Directly support CgroupManager::freeze through systemd API. 2. Avoid always passing unit_name by storing it into DBusClient. 3. Realize CgroupManager::destroy more accurately by killing systemd unit rather than stop it. 4. Ignore no such unit error when destroying systemd unit. 5. Update zbus version and corresponding interface file. Acknowledgement: error handling for no such systemd unit error refers to Fixes: #7080, #7142, #7143, #7166 Signed-off-by: Yuan-Zhuo Signed-off-by: Yohei Ueda --- src/agent/Cargo.lock | 538 ++++++++++++++---- src/agent/rustjail/Cargo.toml | 2 +- .../rustjail/src/cgroups/systemd/common.rs | 5 +- .../src/cgroups/systemd/dbus_client.rs | 141 +++-- .../src/cgroups/systemd/interface/system.rs | 142 +++-- .../rustjail/src/cgroups/systemd/manager.rs | 23 +- 6 files changed, 587 insertions(+), 264 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 34e8eaa31e..027e4000de 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -10,9 +10,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aho-corasick" -version = "0.7.18" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +checksum = "0c378d78423fdad8089616f827526ee33c19f2fddbd5de1629152c9593ba4783" dependencies = [ "memchr", ] @@ -49,13 +49,12 @@ checksum = "c5d78ce20460b82d3fa150275ed9d55e21064fc7951177baacf86a145c4a4b1f" [[package]] name = "async-broadcast" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d26004fe83b2d1cd3a97609b21e39f9a31535822210fe83205d2ce48866ea61" +checksum = "7c48ccdbf6ca6b121e0f586cbc0e73ae440e56c67c30fa0873b4e110d9c26d2b" dependencies = [ "event-listener", "futures-core", - "parking_lot 0.12.1", ] [[package]] @@ -64,54 +63,84 @@ version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28" dependencies = [ - "concurrent-queue", + "concurrent-queue 1.2.4", "event-listener", "futures-core", ] [[package]] name = "async-executor" -version = "1.4.1" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "871f9bb5e0a22eeb7e8cf16641feb87c9dc67032ccf8ff49e772eb9941d3a965" +checksum = "6fa3dc5f2a8564f07759c008b9109dc0d39de92a88d5588b8a5036d286383afb" dependencies = [ + "async-lock", "async-task", - "concurrent-queue", + "concurrent-queue 2.2.0", "fastrand", "futures-lite", - "once_cell", "slab", ] +[[package]] +name = "async-fs" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "279cf904654eeebfa37ac9bb1598880884924aab82e290aa65c9e77a0e142e06" +dependencies = [ + "async-lock", + "autocfg", + "blocking", + "futures-lite", +] + [[package]] name = "async-io" -version = "1.9.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83e21f3a490c72b3b0cf44962180e60045de2925d8dff97918f7ee43c8f637c7" +checksum = "0fc5b45d93ef0529756f812ca52e44c221b35341892d3dcc34132ac02f3dd2af" dependencies = [ + "async-lock", "autocfg", - "concurrent-queue", + "cfg-if 1.0.0", + "concurrent-queue 2.2.0", "futures-lite", - "libc", "log", - "once_cell", "parking", "polling", + "rustix", "slab", "socket2", "waker-fn", - "winapi", ] [[package]] name = "async-lock" -version = "2.5.0" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e97a171d191782fba31bb902b14ad94e24a68145032b7eedf871ab0bc0d077b6" +checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b" dependencies = [ "event-listener", ] +[[package]] +name = "async-process" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a9d28b1d97e08915212e2e45310d47854eafa69600756fc735fb788f75199c9" +dependencies = [ + "async-io", + "async-lock", + "autocfg", + "blocking", + "cfg-if 1.0.0", + "event-listener", + "futures-lite", + "rustix", + "signal-hook", + "windows-sys 0.48.0", +] + [[package]] name = "async-recursion" version = "0.3.2" @@ -120,7 +149,18 @@ checksum = "d7d78656ba01f1b93024b7c3a0467f1608e4be67d725749fdcd7d2c7678fd7a2" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", +] + +[[package]] +name = "async-recursion" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fd55a5ba1179988837d24ab4c7cc8ed6efdeff578ede0416b4225a5fca35bd0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.16", ] [[package]] @@ -131,22 +171,28 @@ checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524" [[package]] name = "async-trait" -version = "0.1.56" +version = "0.1.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96cf8829f67d2eab0b2dfa42c5d0ef737e0724e4a82b01b3e292456202b19716" +checksum = "7b2d0f03b3640e3a630367e40c468cb7f309529c708ed1d88597047b0e7c6ef7" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 2.0.16", ] +[[package]] +name = "atomic-waker" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3" + [[package]] name = "atty" version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" dependencies = [ - "hermit-abi", + "hermit-abi 0.1.19", "libc", "winapi", ] @@ -197,7 +243,31 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd9e32d7420c85055e8107e5b2463c4eeefeaac18b52359fe9f9c08a18f342b2" dependencies = [ "quote", - "syn 1.0.98", + "syn 1.0.109", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "blocking" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +dependencies = [ + "async-channel", + "async-lock", + "async-task", + "atomic-waker", + "fastrand", + "futures-lite", + "log", ] [[package]] @@ -257,7 +327,7 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61bf7211aad104ce2769ec05efcdfabf85ee84ac92461d142f22cf8badd0e54c" dependencies = [ - "errno", + "errno 0.2.8", "libc", "thiserror", ] @@ -338,7 +408,7 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -365,6 +435,15 @@ dependencies = [ "cache-padded", ] +[[package]] +name = "concurrent-queue" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62ec6771ecfa0762d24683ee5a32ad78487a3d3afdc0fb8cae19d2c5deb50b7c" +dependencies = [ + "crossbeam-utils", +] + [[package]] name = "core-foundation" version = "0.9.3" @@ -381,6 +460,15 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" +[[package]] +name = "cpufeatures" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +dependencies = [ + "libc", +] + [[package]] name = "crc32fast" version = "1.3.2" @@ -402,12 +490,21 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.10" +version = "0.8.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d82ee10ce34d7bc12c2122495e7593a9c41347ecdd64185af4ecf72cb1a7f83" +checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" dependencies = [ "cfg-if 1.0.0", - "once_cell", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", ] [[package]] @@ -418,7 +515,7 @@ checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -429,16 +526,17 @@ checksum = "3418329ca0ad70234b9735dc4ceed10af4df60eff9c8e7b06cb5e520d92c3535" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] -name = "dirs" -version = "4.0.0" +name = "digest" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "dirs-sys", + "block-buffer", + "crypto-common", ] [[package]] @@ -451,17 +549,6 @@ dependencies = [ "dirs-sys-next", ] -[[package]] -name = "dirs-sys" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6" -dependencies = [ - "libc", - "redox_users", - "winapi", -] - [[package]] name = "dirs-sys-next" version = "0.1.2" @@ -490,9 +577,9 @@ dependencies = [ [[package]] name = "enumflags2" -version = "0.7.5" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e75d4cd21b95383444831539909fbb14b9dc3fdceb2a6f5d36577329a1f55ccb" +checksum = "c041f5090df68b32bcd905365fd51769c8b9d553fe87fde0b683534f10c01bd2" dependencies = [ "enumflags2_derive", "serde", @@ -500,13 +587,13 @@ dependencies = [ [[package]] name = "enumflags2_derive" -version = "0.7.4" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f58dc3c5e468259f19f2d46304a6b28f1c3d034442e14b322d2b850e36f6d5ae" +checksum = "5e9a1f9f7d83e59740248a6e14ecf93929ade55027844dfcea78beafccc15745" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 2.0.16", ] [[package]] @@ -520,6 +607,17 @@ dependencies = [ "winapi", ] +[[package]] +name = "errno" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +dependencies = [ + "errno-dragonfly", + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "errno-dragonfly" version = "0.1.2" @@ -620,9 +718,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3083ce4b914124575708913bca19bfe887522d6e2e6d0952943f5eac4a74010" +checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" dependencies = [ "futures-core", "futures-sink", @@ -630,9 +728,9 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3" +checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" [[package]] name = "futures-executor" @@ -647,9 +745,9 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc4045962a5a5e935ee2fdedaa4e08284547402885ab326734432bed5d12966b" +checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" [[package]] name = "futures-lite" @@ -668,32 +766,32 @@ dependencies = [ [[package]] name = "futures-macro" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33c1e13800337f4d4d7a316bf45a567dbcb6ffe087f16424852d97e97a91f512" +checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 2.0.16", ] [[package]] name = "futures-sink" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21163e139fa306126e6eedaf49ecdb4588f939600f0b1e770f4205ee4b7fa868" +checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e" [[package]] name = "futures-task" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57c66a976bf5909d801bbef33416c41372779507e7a6b3a5e25e4749c58f776a" +checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" [[package]] name = "futures-util" -version = "0.3.21" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8b7abd5d659d9b90c8cba917f6ec750a74e2dc23902ef9cd4cc8c8b22e6036a" +checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" dependencies = [ "futures-channel", "futures-core", @@ -707,6 +805,16 @@ dependencies = [ "slab", ] +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + [[package]] name = "getrandom" version = "0.2.7" @@ -773,6 +881,12 @@ dependencies = [ "libc", ] +[[package]] +name = "hermit-abi" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" + [[package]] name = "hex" version = "0.4.3" @@ -915,6 +1029,17 @@ dependencies = [ "cfg-if 1.0.0", ] +[[package]] +name = "io-lifetimes" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +dependencies = [ + "hermit-abi 0.3.2", + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "iovec" version = "0.1.4" @@ -968,7 +1093,7 @@ name = "kata-agent" version = "0.1.0" dependencies = [ "anyhow", - "async-recursion", + "async-recursion 0.3.2", "async-trait", "capctl", "cfg-if 1.0.0", @@ -1096,6 +1221,12 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a7cbbd4ad467251987c6e5b47d53b11a5a05add08f2447a9e2d70aef1e0d138" +[[package]] +name = "linux-raw-sys" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" + [[package]] name = "lock_api" version = "0.4.7" @@ -1133,7 +1264,7 @@ version = "0.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f099785f7595cc4b4553a174ce30dd7589ef93391ff414dbb67f62392b9e0ce1" dependencies = [ - "regex-automata", + "regex-automata 0.1.10", ] [[package]] @@ -1157,6 +1288,15 @@ dependencies = [ "autocfg", ] +[[package]] +name = "memoffset" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4" +dependencies = [ + "autocfg", +] + [[package]] name = "mime" version = "0.3.17" @@ -1283,7 +1423,7 @@ dependencies = [ "cc", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -1296,7 +1436,7 @@ dependencies = [ "cc", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -1308,7 +1448,7 @@ dependencies = [ "bitflags", "cfg-if 1.0.0", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -1323,6 +1463,18 @@ dependencies = [ "libc", ] +[[package]] +name = "nix" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "598beaf3cc6fdd9a5dfb1630c2800c7acd31df7aaf0f565796fba2b53ca1af1b" +dependencies = [ + "bitflags", + "cfg-if 1.0.0", + "libc", + "memoffset 0.7.1", +] + [[package]] name = "num-integer" version = "0.1.45" @@ -1348,7 +1500,7 @@ version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19e64526ebdee182341572e50e9ad03965aa510cd94427a4549448f285e957a1" dependencies = [ - "hermit-abi", + "hermit-abi 0.1.19", "libc", ] @@ -1453,9 +1605,9 @@ dependencies = [ [[package]] name = "ordered-stream" -version = "0.0.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44630c059eacfd6e08bdaa51b1db2ce33119caa4ddc1235e923109aa5f25ccb1" +checksum = "9aa2b01e1d916879f73a53d01d1d6cee68adbb31d6d9177a8cfce093cced1d50" dependencies = [ "futures-core", "pin-project-lite", @@ -1579,7 +1731,7 @@ checksum = "744b6f092ba29c3650faf274db506afd39944f48420f6c86b17cfe0ee1cb36bb" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -1640,7 +1792,7 @@ dependencies = [ "proc-macro-error-attr", "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", "version_check", ] @@ -1734,7 +1886,7 @@ dependencies = [ "itertools", "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -1887,13 +2039,14 @@ dependencies = [ [[package]] name = "regex" -version = "1.5.6" +version = "1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1" +checksum = "12de2eff854e5fa4b1295edd650e227e9d8fb0c9e90b12e7f36d6a6811791a29" dependencies = [ "aho-corasick", "memchr", - "regex-syntax", + "regex-automata 0.3.7", + "regex-syntax 0.7.5", ] [[package]] @@ -1902,7 +2055,18 @@ version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" dependencies = [ - "regex-syntax", + "regex-syntax 0.6.26", +] + +[[package]] +name = "regex-automata" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49530408a136e16e5b486e883fbb6ba058e8e4e8ae6621a77b048b314336e629" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax 0.7.5", ] [[package]] @@ -1911,6 +2075,12 @@ version = "0.6.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64" +[[package]] +name = "regex-syntax" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" + [[package]] name = "remove_dir_all" version = "0.5.3" @@ -1981,6 +2151,20 @@ dependencies = [ "tokio", ] +[[package]] +name = "rustix" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62b24138615de35e32031d041a09032ef3487a616d901ca4db224e7d557efae2" +dependencies = [ + "bitflags", + "errno 0.3.3", + "io-lifetimes", + "libc", + "linux-raw-sys", + "windows-sys 0.45.0", +] + [[package]] name = "rustjail" version = "0.1.0" @@ -2103,7 +2287,7 @@ checksum = "1f26faba0c3959972377d3b2d306ee9f71faee9714294e41bb777f83f88578be" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -2125,7 +2309,7 @@ checksum = "1fe39d9fbb0ebf5eb2c7cb7e2a47e4f462fad1379f1166b8ae49ad9eae89a7ca" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -2159,24 +2343,20 @@ checksum = "b2acd6defeddb41eb60bb468f8825d0cfd0c2a76bc03bfd235b6a1dc4f6a1ad5" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] name = "sha1" -version = "0.6.1" +version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" +checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" dependencies = [ - "sha1_smol", + "cfg-if 1.0.0", + "cpufeatures", + "digest", ] -[[package]] -name = "sha1_smol" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" - [[package]] name = "sharded-slab" version = "0.1.4" @@ -2186,6 +2366,16 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "signal-hook" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" +dependencies = [ + "libc", + "signal-hook-registry", +] + [[package]] name = "signal-hook-registry" version = "1.4.0" @@ -2312,9 +2502,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.98" +version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c50aef8a904de4c23c788f104b7dddc7d6f79c647c7c8ce4cc8f73eb0ca773dd" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ "proc-macro2", "quote", @@ -2402,7 +2592,7 @@ checksum = "0396bc89e626244658bef819e22d0cc459e795a5ebe878e6ec336d1674a8d79a" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", ] [[package]] @@ -2567,9 +2757,9 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" -version = "0.1.35" +version = "0.1.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a400e31aa60b9d44a52a8ee0343b5b18566b03a8321e0d321f695cf56e940160" +checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" dependencies = [ "cfg-if 1.0.0", "pin-project-lite", @@ -2579,20 +2769,20 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.21" +version = "0.1.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc6b8ad3567499f98a1db7a752b07a7c8c7c7c34c332ec00effb2b0027974b7c" +checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 2.0.16", ] [[package]] name = "tracing-core" -version = "0.1.28" +version = "0.1.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b7358be39f2f274f322d2aaed611acc57f382e8eb1e5b48cb9ae30933495ce7" +checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" dependencies = [ "once_cell", "valuable", @@ -2706,6 +2896,12 @@ dependencies = [ "tempfile", ] +[[package]] +name = "typenum" +version = "1.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" + [[package]] name = "uds_windows" version = "1.0.2" @@ -2847,7 +3043,7 @@ dependencies = [ "log", "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", "wasm-bindgen-shared", ] @@ -2881,7 +3077,7 @@ checksum = "7d94ac45fcf608c1f45ef53e748d35660f168490c10b23704c7779ab8f5c3048" dependencies = [ "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2966,13 +3162,37 @@ dependencies = [ "windows_x86_64_msvc 0.36.1", ] +[[package]] +name = "windows-sys" +version = "0.45.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +dependencies = [ + "windows-targets 0.42.2", +] + [[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.0", +] + +[[package]] +name = "windows-targets" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +dependencies = [ + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", ] [[package]] @@ -2981,15 +3201,21 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5" dependencies = [ - "windows_aarch64_gnullvm", + "windows_aarch64_gnullvm 0.48.0", "windows_aarch64_msvc 0.48.0", "windows_i686_gnu 0.48.0", "windows_i686_msvc 0.48.0", "windows_x86_64_gnu 0.48.0", - "windows_x86_64_gnullvm", + "windows_x86_64_gnullvm 0.48.0", "windows_x86_64_msvc 0.48.0", ] +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" + [[package]] name = "windows_aarch64_gnullvm" version = "0.48.0" @@ -3002,6 +3228,12 @@ version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47" +[[package]] +name = "windows_aarch64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" + [[package]] name = "windows_aarch64_msvc" version = "0.48.0" @@ -3014,6 +3246,12 @@ version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6" +[[package]] +name = "windows_i686_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" + [[package]] name = "windows_i686_gnu" version = "0.48.0" @@ -3026,6 +3264,12 @@ version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024" +[[package]] +name = "windows_i686_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" + [[package]] name = "windows_i686_msvc" version = "0.48.0" @@ -3038,12 +3282,24 @@ version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1" +[[package]] +name = "windows_x86_64_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" + [[package]] name = "windows_x86_64_gnu" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.0" @@ -3056,6 +3312,12 @@ version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" +[[package]] +name = "windows_x86_64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + [[package]] name = "windows_x86_64_msvc" version = "0.48.0" @@ -3081,30 +3343,40 @@ dependencies = [ ] [[package]] -name = "zbus" -version = "2.3.2" +name = "xdg-home" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d8f1a037b2c4a67d9654dc7bdfa8ff2e80555bbefdd3c1833c1d1b27c963a6b" +checksum = "2769203cd13a0c6015d515be729c526d041e9cf2c0cc478d57faee85f40c6dcd" +dependencies = [ + "nix 0.26.4", + "winapi", +] + +[[package]] +name = "zbus" +version = "3.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31de390a2d872e4cd04edd71b425e29853f786dc99317ed72d73d6fcf5ebb948" dependencies = [ "async-broadcast", - "async-channel", "async-executor", + "async-fs", "async-io", "async-lock", - "async-recursion", + "async-process", + "async-recursion 1.0.5", "async-task", "async-trait", + "blocking", "byteorder", "derivative", - "dirs", "enumflags2", "event-listener", "futures-core", "futures-sink", "futures-util", "hex", - "lazy_static", - "nix 0.23.1", + "nix 0.26.4", "once_cell", "ordered-stream", "rand", @@ -3115,6 +3387,7 @@ dependencies = [ "tracing", "uds_windows", "winapi", + "xdg-home", "zbus_macros", "zbus_names", "zvariant", @@ -3122,22 +3395,23 @@ dependencies = [ [[package]] name = "zbus_macros" -version = "2.3.2" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f8fb5186d1c87ae88cf234974c240671238b4a679158ad3b94ec465237349a6" +checksum = "41d1794a946878c0e807f55a397187c11fc7a038ba5d868e7db4f3bd7760bc9d" dependencies = [ "proc-macro-crate", "proc-macro2", "quote", "regex", - "syn 1.0.98", + "syn 1.0.109", + "zvariant_utils", ] [[package]] name = "zbus_names" -version = "2.2.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41a408fd8a352695690f53906dc7fd036be924ec51ea5e05666ff42685ed0af5" +checksum = "fb80bb776dbda6e23d705cf0123c3b95df99c4ebeaec6c2599d4a5419902b4a9" dependencies = [ "serde", "static_assertions", @@ -3146,9 +3420,9 @@ dependencies = [ [[package]] name = "zvariant" -version = "3.7.1" +version = "3.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b794fb7f59af4105697b0449ba31731ee5dbb3e773a17dbdf3d36206ea1b1644" +checksum = "44b291bee0d960c53170780af148dca5fa260a63cdd24f1962fa82e03e53338c" dependencies = [ "byteorder", "enumflags2", @@ -3160,12 +3434,24 @@ dependencies = [ [[package]] name = "zvariant_derive" -version = "3.7.1" +version = "3.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd58d4b6c8e26d3dd2149c8c40c6613ef6451b9885ff1296d1ac86c388351a54" +checksum = "934d7a7dfc310d6ee06c87ffe88ef4eca7d3e37bb251dece2ef93da8f17d8ecd" dependencies = [ "proc-macro-crate", "proc-macro2", "quote", - "syn 1.0.98", + "syn 1.0.109", + "zvariant_utils", +] + +[[package]] +name = "zvariant_utils" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7234f0d811589db492d16893e3f21e8e2fd282e6d01b0cddee310322062cc200" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", ] diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml index 3113ac6437..231fa353ab 100644 --- a/src/agent/rustjail/Cargo.toml +++ b/src/agent/rustjail/Cargo.toml @@ -34,7 +34,7 @@ futures = "0.3.17" async-trait = "0.1.31" inotify = "0.9.2" libseccomp = { version = "0.3.0", optional = true } -zbus = "2.3.0" +zbus = "3.12.0" bit-vec= "0.6.3" xattr = "0.2.3" diff --git a/src/agent/rustjail/src/cgroups/systemd/common.rs b/src/agent/rustjail/src/cgroups/systemd/common.rs index a39e41c7c2..ec82b40c23 100644 --- a/src/agent/rustjail/src/cgroups/systemd/common.rs +++ b/src/agent/rustjail/src/cgroups/systemd/common.rs @@ -6,7 +6,10 @@ pub const DEFAULT_SLICE: &str = "system.slice"; pub const SLICE_SUFFIX: &str = ".slice"; pub const SCOPE_SUFFIX: &str = ".scope"; -pub const UNIT_MODE: &str = "replace"; +pub const WHO_ENUM_ALL: &str = "all"; +pub const SIGNAL_KILL: i32 = nix::sys::signal::SIGKILL as i32; +pub const UNIT_MODE_REPLACE: &str = "replace"; +pub const NO_SUCH_UNIT_ERROR: &str = "org.freedesktop.systemd1.NoSuchUnit"; pub type Properties<'a> = Vec<(&'a str, zbus::zvariant::Value<'a>)>; diff --git a/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs b/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs index 0ff606930a..3e1e3275c7 100644 --- a/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs +++ b/src/agent/rustjail/src/cgroups/systemd/dbus_client.rs @@ -1,56 +1,50 @@ -// Copyright 2021-2022 Kata Contributors +// Copyright 2021-2023 Kata Contributors // // SPDX-License-Identifier: Apache-2.0 // use std::vec; -use super::common::CgroupHierarchy; -use super::common::{Properties, SLICE_SUFFIX, UNIT_MODE}; +use super::common::{ + CgroupHierarchy, Properties, NO_SUCH_UNIT_ERROR, SIGNAL_KILL, SLICE_SUFFIX, UNIT_MODE_REPLACE, + WHO_ENUM_ALL, +}; use super::interface::system::ManagerProxyBlocking as SystemManager; -use anyhow::{Context, Result}; +use anyhow::{anyhow, Context, Result}; use zbus::zvariant::Value; pub trait SystemdInterface { - fn start_unit( - &self, - pid: i32, - parent: &str, - unit_name: &str, - cg_hierarchy: &CgroupHierarchy, - ) -> Result<()>; - - fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()>; - - fn stop_unit(&self, unit_name: &str) -> Result<()>; - + fn start_unit(&self, pid: i32, parent: &str, cg_hierarchy: &CgroupHierarchy) -> Result<()>; + fn set_properties(&self, properties: &Properties) -> Result<()>; + fn kill_unit(&self) -> Result<()>; + fn freeze_unit(&self) -> Result<()>; + fn thaw_unit(&self) -> Result<()>; + fn add_process(&self, pid: i32) -> Result<()>; fn get_version(&self) -> Result; - - fn unit_exists(&self, unit_name: &str) -> Result; - - fn add_process(&self, pid: i32, unit_name: &str) -> Result<()>; + fn unit_exists(&self) -> Result; } #[derive(Serialize, Deserialize, Debug, Clone)] -pub struct DBusClient {} +pub struct DBusClient { + unit_name: String, +} impl DBusClient { + pub fn new(unit_name: String) -> Self { + Self { unit_name } + } + fn build_proxy(&self) -> Result> { let connection = zbus::blocking::Connection::system().context("Establishing a D-Bus connection")?; let proxy = SystemManager::new(&connection).context("Building a D-Bus proxy manager")?; + Ok(proxy) } } impl SystemdInterface for DBusClient { - fn start_unit( - &self, - pid: i32, - parent: &str, - unit_name: &str, - cg_hierarchy: &CgroupHierarchy, - ) -> Result<()> { + fn start_unit(&self, pid: i32, parent: &str, cg_hierarchy: &CgroupHierarchy) -> Result<()> { let proxy = self.build_proxy()?; // enable CPUAccounting & MemoryAccounting & (Block)IOAccounting by default @@ -68,7 +62,7 @@ impl SystemdInterface for DBusClient { CgroupHierarchy::Unified => properties.push(("BlockIOAccounting", Value::Bool(true))), } - if unit_name.ends_with(SLICE_SUFFIX) { + if self.unit_name.ends_with(SLICE_SUFFIX) { properties.push(("Wants", Value::Str(parent.into()))); } else { properties.push(("Slice", Value::Str(parent.into()))); @@ -76,27 +70,57 @@ impl SystemdInterface for DBusClient { } proxy - .start_transient_unit(unit_name, UNIT_MODE, &properties, &[]) - .with_context(|| format!("failed to start transient unit {}", unit_name))?; - Ok(()) - } - - fn set_properties(&self, unit_name: &str, properties: &Properties) -> Result<()> { - let proxy = self.build_proxy()?; - - proxy - .set_unit_properties(unit_name, true, properties) - .with_context(|| format!("failed to set unit properties {}", unit_name))?; + .start_transient_unit(&self.unit_name, UNIT_MODE_REPLACE, &properties, &[]) + .context(format!("failed to start transient unit {}", self.unit_name))?; Ok(()) } - fn stop_unit(&self, unit_name: &str) -> Result<()> { + fn set_properties(&self, properties: &Properties) -> Result<()> { let proxy = self.build_proxy()?; proxy - .stop_unit(unit_name, UNIT_MODE) - .with_context(|| format!("failed to stop unit {}", unit_name))?; + .set_unit_properties(&self.unit_name, true, properties) + .context(format!("failed to set unit {} properties", self.unit_name))?; + + Ok(()) + } + + fn kill_unit(&self) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .kill_unit(&self.unit_name, WHO_ENUM_ALL, SIGNAL_KILL) + .or_else(|e| match e { + zbus::Error::MethodError(error_name, _, _) + if error_name.as_str() == NO_SUCH_UNIT_ERROR => + { + Ok(()) + } + _ => Err(e), + }) + .context(format!("failed to kill unit {}", self.unit_name))?; + + Ok(()) + } + + fn freeze_unit(&self) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .freeze_unit(&self.unit_name) + .context(format!("failed to freeze unit {}", self.unit_name))?; + + Ok(()) + } + + fn thaw_unit(&self) -> Result<()> { + let proxy = self.build_proxy()?; + + proxy + .thaw_unit(&self.unit_name) + .context(format!("failed to thaw unit {}", self.unit_name))?; + Ok(()) } @@ -105,24 +129,37 @@ impl SystemdInterface for DBusClient { let systemd_version = proxy .version() - .with_context(|| "failed to get systemd version".to_string())?; + .context("failed to get systemd version".to_string())?; + Ok(systemd_version) } - fn unit_exists(&self, unit_name: &str) -> Result { - let proxy = self - .build_proxy() - .with_context(|| format!("Checking if systemd unit {} exists", unit_name))?; + fn unit_exists(&self) -> Result { + let proxy = self.build_proxy()?; - Ok(proxy.get_unit(unit_name).is_ok()) + match proxy.get_unit(&self.unit_name) { + Ok(_) => Ok(true), + Err(zbus::Error::MethodError(error_name, _, _)) + if error_name.as_str() == NO_SUCH_UNIT_ERROR => + { + Ok(false) + } + Err(e) => Err(anyhow!(format!( + "failed to check if unit {} exists: {:?}", + self.unit_name, e + ))), + } } - fn add_process(&self, pid: i32, unit_name: &str) -> Result<()> { + fn add_process(&self, pid: i32) -> Result<()> { let proxy = self.build_proxy()?; proxy - .attach_processes_to_unit(unit_name, "/", &[pid as u32]) - .with_context(|| format!("failed to add process {}", unit_name))?; + .attach_processes_to_unit(&self.unit_name, "/", &[pid as u32]) + .context(format!( + "failed to add process into unit {}", + self.unit_name + ))?; Ok(()) } diff --git a/src/agent/rustjail/src/cgroups/systemd/interface/system.rs b/src/agent/rustjail/src/cgroups/systemd/interface/system.rs index 7a4ef199e5..a61563eaba 100644 --- a/src/agent/rustjail/src/cgroups/systemd/interface/system.rs +++ b/src/agent/rustjail/src/cgroups/systemd/interface/system.rs @@ -1,4 +1,4 @@ -// Copyright 2021-2022 Kata Contributors +// Copyright 2021-2023 Kata Contributors // // SPDX-License-Identifier: Apache-2.0 // @@ -8,7 +8,7 @@ //! # DBus interface proxy for: `org.freedesktop.systemd1.Manager` //! -//! This code was generated by `zbus-xmlgen` `2.0.1` from DBus introspection data. +//! This code was generated by `zbus-xmlgen` `3.1.1` from DBus introspection data. //! Source: `Interface '/org/freedesktop/systemd1' from service 'org.freedesktop.systemd1' on system bus`. //! //! You may prefer to adapt it, instead of using it verbatim. @@ -189,12 +189,14 @@ trait Manager { ) -> zbus::Result; /// GetUnitByInvocationID method + #[dbus_proxy(name = "GetUnitByInvocationID")] fn get_unit_by_invocation_id( &self, invocation_id: &[u8], ) -> zbus::Result; /// GetUnitByPID method + #[dbus_proxy(name = "GetUnitByPID")] fn get_unit_by_pid(&self, pid: u32) -> zbus::Result; /// GetUnitFileLinks method @@ -210,6 +212,7 @@ trait Manager { fn halt(&self) -> zbus::Result<()>; /// KExec method + #[dbus_proxy(name = "KExec")] fn kexec(&self) -> zbus::Result<()>; /// KillUnit method @@ -330,6 +333,7 @@ trait Manager { fn lookup_dynamic_user_by_name(&self, name: &str) -> zbus::Result; /// LookupDynamicUserByUID method + #[dbus_proxy(name = "LookupDynamicUserByUID")] fn lookup_dynamic_user_by_uid(&self, uid: u32) -> zbus::Result; /// MaskUnitFiles method @@ -571,139 +575,139 @@ trait Manager { fn ctrl_alt_del_burst_action(&self) -> zbus::Result; /// DefaultBlockIOAccounting property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultBlockIOAccounting")] fn default_block_ioaccounting(&self) -> zbus::Result; /// DefaultCPUAccounting property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultCPUAccounting")] fn default_cpuaccounting(&self) -> zbus::Result; /// DefaultLimitAS property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitAS")] fn default_limit_as(&self) -> zbus::Result; /// DefaultLimitASSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitASSoft")] fn default_limit_assoft(&self) -> zbus::Result; /// DefaultLimitCORE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCORE")] fn default_limit_core(&self) -> zbus::Result; /// DefaultLimitCORESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCORESoft")] fn default_limit_coresoft(&self) -> zbus::Result; /// DefaultLimitCPU property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCPU")] fn default_limit_cpu(&self) -> zbus::Result; /// DefaultLimitCPUSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitCPUSoft")] fn default_limit_cpusoft(&self) -> zbus::Result; /// DefaultLimitDATA property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitDATA")] fn default_limit_data(&self) -> zbus::Result; /// DefaultLimitDATASoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitDATASoft")] fn default_limit_datasoft(&self) -> zbus::Result; /// DefaultLimitFSIZE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitFSIZE")] fn default_limit_fsize(&self) -> zbus::Result; /// DefaultLimitFSIZESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitFSIZESoft")] fn default_limit_fsizesoft(&self) -> zbus::Result; /// DefaultLimitLOCKS property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitLOCKS")] fn default_limit_locks(&self) -> zbus::Result; /// DefaultLimitLOCKSSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitLOCKSSoft")] fn default_limit_lockssoft(&self) -> zbus::Result; /// DefaultLimitMEMLOCK property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMEMLOCK")] fn default_limit_memlock(&self) -> zbus::Result; /// DefaultLimitMEMLOCKSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMEMLOCKSoft")] fn default_limit_memlocksoft(&self) -> zbus::Result; /// DefaultLimitMSGQUEUE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMSGQUEUE")] fn default_limit_msgqueue(&self) -> zbus::Result; /// DefaultLimitMSGQUEUESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitMSGQUEUESoft")] fn default_limit_msgqueuesoft(&self) -> zbus::Result; /// DefaultLimitNICE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNICE")] fn default_limit_nice(&self) -> zbus::Result; /// DefaultLimitNICESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNICESoft")] fn default_limit_nicesoft(&self) -> zbus::Result; /// DefaultLimitNOFILE property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNOFILE")] fn default_limit_nofile(&self) -> zbus::Result; /// DefaultLimitNOFILESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNOFILESoft")] fn default_limit_nofilesoft(&self) -> zbus::Result; /// DefaultLimitNPROC property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNPROC")] fn default_limit_nproc(&self) -> zbus::Result; /// DefaultLimitNPROCSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitNPROCSoft")] fn default_limit_nprocsoft(&self) -> zbus::Result; /// DefaultLimitRSS property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRSS")] fn default_limit_rss(&self) -> zbus::Result; /// DefaultLimitRSSSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRSSSoft")] fn default_limit_rsssoft(&self) -> zbus::Result; /// DefaultLimitRTPRIO property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTPRIO")] fn default_limit_rtprio(&self) -> zbus::Result; /// DefaultLimitRTPRIOSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTPRIOSoft")] fn default_limit_rtpriosoft(&self) -> zbus::Result; /// DefaultLimitRTTIME property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTTIME")] fn default_limit_rttime(&self) -> zbus::Result; /// DefaultLimitRTTIMESoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitRTTIMESoft")] fn default_limit_rttimesoft(&self) -> zbus::Result; /// DefaultLimitSIGPENDING property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSIGPENDING")] fn default_limit_sigpending(&self) -> zbus::Result; /// DefaultLimitSIGPENDINGSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSIGPENDINGSoft")] fn default_limit_sigpendingsoft(&self) -> zbus::Result; /// DefaultLimitSTACK property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSTACK")] fn default_limit_stack(&self) -> zbus::Result; /// DefaultLimitSTACKSoft property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultLimitSTACKSoft")] fn default_limit_stacksoft(&self) -> zbus::Result; /// DefaultMemoryAccounting property @@ -711,11 +715,11 @@ trait Manager { fn default_memory_accounting(&self) -> zbus::Result; /// DefaultOOMPolicy property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultOOMPolicy")] fn default_oompolicy(&self) -> zbus::Result; /// DefaultRestartUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultRestartUSec")] fn default_restart_usec(&self) -> zbus::Result; /// DefaultStandardError property @@ -731,7 +735,7 @@ trait Manager { fn default_start_limit_burst(&self) -> zbus::Result; /// DefaultStartLimitIntervalUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultStartLimitIntervalUSec")] fn default_start_limit_interval_usec(&self) -> zbus::Result; /// DefaultTasksAccounting property @@ -743,19 +747,19 @@ trait Manager { fn default_tasks_max(&self) -> zbus::Result; /// DefaultTimeoutAbortUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimeoutAbortUSec")] fn default_timeout_abort_usec(&self) -> zbus::Result; /// DefaultTimeoutStartUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimeoutStartUSec")] fn default_timeout_start_usec(&self) -> zbus::Result; /// DefaultTimeoutStopUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimeoutStopUSec")] fn default_timeout_stop_usec(&self) -> zbus::Result; /// DefaultTimerAccuracyUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "DefaultTimerAccuracyUSec")] fn default_timer_accuracy_usec(&self) -> zbus::Result; /// Environment property @@ -803,65 +807,64 @@ trait Manager { fn generators_start_timestamp_monotonic(&self) -> zbus::Result; /// InitRDGeneratorsFinishTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsFinishTimestamp")] fn init_rdgenerators_finish_timestamp(&self) -> zbus::Result; /// InitRDGeneratorsFinishTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsFinishTimestampMonotonic")] fn init_rdgenerators_finish_timestamp_monotonic(&self) -> zbus::Result; /// InitRDGeneratorsStartTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsStartTimestamp")] fn init_rdgenerators_start_timestamp(&self) -> zbus::Result; /// InitRDGeneratorsStartTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDGeneratorsStartTimestampMonotonic")] fn init_rdgenerators_start_timestamp_monotonic(&self) -> zbus::Result; /// InitRDSecurityFinishTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityFinishTimestamp")] fn init_rdsecurity_finish_timestamp(&self) -> zbus::Result; /// InitRDSecurityFinishTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityFinishTimestampMonotonic")] fn init_rdsecurity_finish_timestamp_monotonic(&self) -> zbus::Result; /// InitRDSecurityStartTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityStartTimestamp")] fn init_rdsecurity_start_timestamp(&self) -> zbus::Result; /// InitRDSecurityStartTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDSecurityStartTimestampMonotonic")] fn init_rdsecurity_start_timestamp_monotonic(&self) -> zbus::Result; /// InitRDTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDTimestamp")] fn init_rdtimestamp(&self) -> zbus::Result; /// InitRDTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDTimestampMonotonic")] fn init_rdtimestamp_monotonic(&self) -> zbus::Result; /// InitRDUnitsLoadFinishTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadFinishTimestamp")] fn init_rdunits_load_finish_timestamp(&self) -> zbus::Result; /// InitRDUnitsLoadFinishTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadFinishTimestampMonotonic")] fn init_rdunits_load_finish_timestamp_monotonic(&self) -> zbus::Result; /// InitRDUnitsLoadStartTimestamp property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadStartTimestamp")] fn init_rdunits_load_start_timestamp(&self) -> zbus::Result; /// InitRDUnitsLoadStartTimestampMonotonic property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "InitRDUnitsLoadStartTimestampMonotonic")] fn init_rdunits_load_start_timestamp_monotonic(&self) -> zbus::Result; /// KExecWatchdogUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "KExecWatchdogUSec")] fn kexec_watchdog_usec(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_kexec_watchdog_usec(&self, value: u64) -> zbus::Result<()>; /// KernelTimestamp property @@ -883,33 +886,31 @@ trait Manager { /// LogLevel property #[dbus_proxy(property)] fn log_level(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_log_level(&self, value: &str) -> zbus::Result<()>; /// LogTarget property #[dbus_proxy(property)] fn log_target(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_log_target(&self, value: &str) -> zbus::Result<()>; /// NFailedJobs property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NFailedJobs")] fn nfailed_jobs(&self) -> zbus::Result; /// NFailedUnits property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NFailedUnits")] fn nfailed_units(&self) -> zbus::Result; /// NInstalledJobs property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NInstalledJobs")] fn ninstalled_jobs(&self) -> zbus::Result; /// NJobs property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NJobs")] fn njobs(&self) -> zbus::Result; /// NNames property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "NNames")] fn nnames(&self) -> zbus::Result; /// Progress property @@ -917,15 +918,13 @@ trait Manager { fn progress(&self) -> zbus::Result; /// RebootWatchdogUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "RebootWatchdogUSec")] fn reboot_watchdog_usec(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_reboot_watchdog_usec(&self, value: u64) -> zbus::Result<()>; /// RuntimeWatchdogUSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "RuntimeWatchdogUSec")] fn runtime_watchdog_usec(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_runtime_watchdog_usec(&self, value: u64) -> zbus::Result<()>; /// SecurityFinishTimestamp property @@ -947,7 +946,6 @@ trait Manager { /// ServiceWatchdogs property #[dbus_proxy(property)] fn service_watchdogs(&self) -> zbus::Result; - #[dbus_proxy(property)] fn set_service_watchdogs(&self, value: bool) -> zbus::Result<()>; /// ShowStatus property @@ -963,7 +961,7 @@ trait Manager { fn tainted(&self) -> zbus::Result; /// TimerSlackNSec property - #[dbus_proxy(property)] + #[dbus_proxy(property, name = "TimerSlackNSec")] fn timer_slack_nsec(&self) -> zbus::Result; /// UnitPath property diff --git a/src/agent/rustjail/src/cgroups/systemd/manager.rs b/src/agent/rustjail/src/cgroups/systemd/manager.rs index dcbc65a2cf..19be1c9610 100644 --- a/src/agent/rustjail/src/cgroups/systemd/manager.rs +++ b/src/agent/rustjail/src/cgroups/systemd/manager.rs @@ -5,7 +5,7 @@ use crate::cgroups::Manager as CgroupManager; use crate::protocols::agent::CgroupStats; -use anyhow::Result; +use anyhow::{anyhow, Result}; use cgroups::freezer::FreezerState; use libc::{self, pid_t}; use oci::LinuxResources; @@ -29,7 +29,6 @@ pub struct Manager { pub mounts: HashMap, pub cgroups_path: CgroupsPath, pub cpath: String, - pub unit_name: String, // dbus client for set properties dbus_client: DBusClient, // fs manager for get properties @@ -40,14 +39,12 @@ pub struct Manager { impl CgroupManager for Manager { fn apply(&self, pid: pid_t) -> Result<()> { - let unit_name = self.unit_name.as_str(); - if self.dbus_client.unit_exists(unit_name)? { - self.dbus_client.add_process(pid, self.unit_name.as_str())?; + if self.dbus_client.unit_exists()? { + self.dbus_client.add_process(pid)?; } else { self.dbus_client.start_unit( (pid as u32).try_into().unwrap(), self.cgroups_path.slice.as_str(), - self.unit_name.as_str(), &self.cg_hierarchy, )?; } @@ -66,8 +63,7 @@ impl CgroupManager for Manager { Pids::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; CpuSet::apply(r, &mut properties, &self.cg_hierarchy, systemd_version_str)?; - self.dbus_client - .set_properties(self.unit_name.as_str(), &properties)?; + self.dbus_client.set_properties(&properties)?; Ok(()) } @@ -77,11 +73,15 @@ impl CgroupManager for Manager { } fn freeze(&self, state: FreezerState) -> Result<()> { - self.fs_manager.freeze(state) + match state { + FreezerState::Thawed => self.dbus_client.thaw_unit(), + FreezerState::Frozen => self.dbus_client.freeze_unit(), + _ => Err(anyhow!("Invalid FreezerState")), + } } fn destroy(&mut self) -> Result<()> { - self.dbus_client.stop_unit(self.unit_name.as_str())?; + self.dbus_client.kill_unit()?; self.fs_manager.destroy() } @@ -120,8 +120,7 @@ impl Manager { mounts: fs_manager.mounts.clone(), cgroups_path, cpath, - unit_name, - dbus_client: DBusClient {}, + dbus_client: DBusClient::new(unit_name), fs_manager, cg_hierarchy: if cgroups::hierarchies::is_cgroup2_unified_mode() { CgroupHierarchy::Unified