github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-15 22:53:43 +00:00
Code Issues Projects Releases Wiki Activity

agent: Upgrade nix version for security fix

Browse Source 
Running `cargo audit` showed that the `nix` package for the agent and
the `rustjail` and `vsock-exporter` local crates need to be updated to
resolve rust security issue
[RUSTSEC-2021-0119](https://rustsec.org/advisories/RUSTSEC-2021-0119).
Hence, bumped `nix` to the latest version (which required changes to
work with the new, simpler `errno` handling).

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This commit is contained in:
James O. D. Hunt 2021-11-25 14:06:15 +00:00
parent 256d5008dc
commit 4a2be13c60
14 changed files with 108 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
src/agent/Cargo.lock generated
View File

@ -107,9 +107,9 @@ dependencies = [
[[package]] [[package]]
name = "bitflags" name = "bitflags"
version = "1.2.1" version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]] [[package]]
name = "bumpalo" name = "bumpalo"
@ -180,13 +180,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]] [[package]]
name = "cgroups-rs" name = "cgroups-rs"
version = "0.2.7" version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "31dc7b58f8b80f0e02202df9fe45fd7432572d8868bab0abcb888656833aeaba" checksum = "5c5c9f6e5c72958dc962baa5f8bb37fb611017854b0d774b8adab4d7416ab445"
dependencies = [ dependencies = [
"libc", "libc",
"log", "log",
"nix 0.20.2", "nix 0.20.0",
"regex", "regex",
] ]
@ -511,7 +511,7 @@ dependencies = [
"logging", "logging",
"netlink-packet-utils", "netlink-packet-utils",
"netlink-sys", "netlink-sys",
"nix 0.21.2", "nix 0.23.0",
"oci", "oci",
"opentelemetry", "opentelemetry",
"procfs", "procfs",
@ -747,6 +747,19 @@ dependencies = [
"tokio", "tokio",
] ]
[[package]]
name = "nix"
version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd0eaf8df8bab402257e0a5c17a254e4cc1f72a93588a1ddfb5d356c801aa7cb"
dependencies = [
"bitflags",
"cc",
"cfg-if 0.1.10",
"libc",
"void",
]
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.17.0" version = "0.17.0"
@ -762,9 +775,33 @@ dependencies = [
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.20.2" version = "0.19.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f5e06129fb611568ef4e868c14b326274959aa70ff7776e9d55323531c374945" checksum = "b2ccba0cfe4fdf15982d1674c69b1fd80bad427d293849982668dfe454bd61f2"
dependencies = [
"bitflags",
"cc",
"cfg-if 1.0.0",
"libc",
]
[[package]]
name = "nix"
version = "0.20.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa9b4819da1bc61c0ea48b63b7bc8604064dd43013e7cc325df098d49cd7c18a"
dependencies = [
"bitflags",
"cc",
"cfg-if 1.0.0",
"libc",
]
[[package]]
name = "nix"
version = "0.22.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1e25ee6b412c2a1e3fcb6a4499a5c1bfe7f43e014bdce9a6b6666e5aa2d187"
dependencies = [ dependencies = [
"bitflags", "bitflags",
"cc", "cc",
@ -775,22 +812,9 @@ dependencies = [
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.21.2" version = "0.23.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77d9f3521ea8e0641a153b3cddaf008dcbf26acd4ed739a2517295e0760d12c7" checksum = "f305c2c2e4c39a82f7bf0bf65fb557f9070ce06781d4f2454295cc34b1c43188"
dependencies = [
"bitflags",
"cc",
"cfg-if 1.0.0",
"libc",
"memoffset",
]
[[package]]
name = "nix"
version = "0.22.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3bb9a13fa32bc5aeb64150cd3f32d6cf4c748f8f8a417cce5d2eb976a8370ba"
dependencies = [ dependencies = [
"bitflags", "bitflags",
"cc", "cc",
@ -1260,7 +1284,7 @@ dependencies = [
"log", "log",
"netlink-packet-route", "netlink-packet-route",
"netlink-proto", "netlink-proto",
"nix 0.22.2", "nix 0.22.0",
"thiserror", "thiserror",
"tokio", "tokio",
] ]
@ -1285,7 +1309,7 @@ dependencies = [
"lazy_static", "lazy_static",
"libc", "libc",
"libseccomp", "libseccomp",
"nix 0.21.2", "nix 0.23.0",
"oci", "oci",
"path-absolutize", "path-absolutize",
"protobuf", "protobuf",
@ -1721,16 +1745,16 @@ dependencies = [
[[package]] [[package]]
name = "ttrpc" name = "ttrpc"
version = "0.5.2" version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "66a973ce6d5eaa20c173635b29ffb660dafbc7ef109172c0015ba44e47a23711" checksum = "004604e91de38bc16cb9c7898187343075388ea414ad24896a21fc4e91a7c861"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"byteorder", "byteorder",
"futures", "futures",
"libc", "libc",
"log", "log",
"nix 0.20.2", "nix 0.16.1",
"protobuf", "protobuf",
"protobuf-codegen-pure", "protobuf-codegen-pure",
"thiserror", "thiserror",
@ -1791,12 +1815,12 @@ checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
[[package]] [[package]]
name = "vsock" name = "vsock"
version = "0.2.5" version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a10cd0a332ca79e7bbde3299ca161ef2860dc72ba0c443b20356c23d48687c99" checksum = "c932be691560e8f3f7b2be5a47df1b8f45387e1d1df40d45b2e62284b9e9150e"
dependencies = [ dependencies = [
"libc", "libc",
"nix 0.22.2", "nix 0.19.1",
] ]
[[package]] [[package]]
@ -1807,7 +1831,7 @@ dependencies = [
"bincode", "bincode",
"byteorder", "byteorder",
"libc", "libc",
"nix 0.21.2", "nix 0.23.0",
"opentelemetry", "opentelemetry",
"serde", "serde",
"slog", "slog",

2
src/agent/Cargo.toml
View File

@ -12,7 +12,7 @@ lazy_static = "1.3.0"
ttrpc = { version = "0.5.0", features = ["async", "protobuf-codec"], default-features = false } ttrpc = { version = "0.5.0", features = ["async", "protobuf-codec"], default-features = false }
protobuf = "=2.14.0" protobuf = "=2.14.0"
libc = "0.2.58" libc = "0.2.58"
nix = "0.21.0" nix = "0.23.0"
capctl = "0.2.0" capctl = "0.2.0"
serde_json = "1.0.39" serde_json = "1.0.39"
scan_fmt = "0.2.3" scan_fmt = "0.2.3"

2
src/agent/rustjail/Cargo.toml
View File

@ -11,7 +11,7 @@ serde_derive = "1.0.91"
oci = { path = "../oci" } oci = { path = "../oci" }
protocols = { path ="../protocols" } protocols = { path ="../protocols" }
caps = "0.5.0" caps = "0.5.0"
nix = "0.21.0" nix = "0.23.0"
scopeguard = "1.0.0" scopeguard = "1.0.0"
capctl = "0.2.0" capctl = "0.2.0"
lazy_static = "1.3.0" lazy_static = "1.3.0"

3
src/agent/rustjail/src/cgroups/fs/mod.rs
View File

@ -22,7 +22,6 @@ use crate::cgroups::Manager as CgroupManager;
use crate::container::DEFAULT_DEVICES; use crate::container::DEFAULT_DEVICES;
use anyhow::{anyhow, Context, Result}; use anyhow::{anyhow, Context, Result};
use libc::{self, pid_t}; use libc::{self, pid_t};
use nix::errno::Errno;
use oci::{ use oci::{
LinuxBlockIo, LinuxCpu, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory, LinuxBlockIo, LinuxCpu, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory,
LinuxNetwork, LinuxPids, LinuxResources, LinuxNetwork, LinuxPids, LinuxResources,
@ -175,7 +174,7 @@ impl CgroupManager for Manager {
freezer_controller.freeze()?; freezer_controller.freeze()?;
} }
_ => { _ => {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
} }
} }

24
src/agent/rustjail/src/container.rs
View File

@ -419,7 +419,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
ns.r#type.clone(), ns.r#type.clone(),
ns.path.clone() ns.path.clone()
); );
log_child!(cfd_log, "error is : {:?}", e.as_errno()); log_child!(cfd_log, "error is : {:?}", e);
e e
})?; })?;
@ -496,7 +496,7 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
log_child!(cfd_log, "join namespace {:?}", s); log_child!(cfd_log, "join namespace {:?}", s);
sched::setns(fd, s).or_else(|e| { sched::setns(fd, s).or_else(|e| {
if s == CloneFlags::CLONE_NEWUSER { if s == CloneFlags::CLONE_NEWUSER {
if e.as_errno().unwrap() != Errno::EINVAL { if e != Errno::EINVAL {
let _ = write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str()); let _ = write_sync(cwfd, SYNC_FAILED, format!("{:?}", e).as_str());
return Err(e); return Err(e);
} }
@ -1108,10 +1108,8 @@ fn do_exec(args: &[String]) -> ! {
.collect(); .collect();
let _ = unistd::execvp(p.as_c_str(), &sa).map_err(|e| match e { let _ = unistd::execvp(p.as_c_str(), &sa).map_err(|e| match e {
nix::Error::Sys(errno) => { nix::Error::UnknownErrno => std::process::exit(-2),
std::process::exit(errno as i32); _ => std::process::exit(e as i32),
}
_ => std::process::exit(-2),
}); });
unreachable!() unreachable!()
@ -1157,7 +1155,7 @@ fn get_pid_namespace(logger: &Logger, linux: &Linux) -> Result<Option<RawFd>> {
ns.r#type.clone(), ns.r#type.clone(),
ns.path.clone() ns.path.clone()
); );
error!(logger, "error is : {:?}", e.as_errno()); error!(logger, "error is : {:?}", e);
e e
})?; })?;
@ -1390,13 +1388,13 @@ impl LinuxContainer {
.context(format!("cannot change onwer of container {} root", id))?; .context(format!("cannot change onwer of container {} root", id))?;
if config.spec.is_none() { if config.spec.is_none() {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
} }
let spec = config.spec.as_ref().unwrap(); let spec = config.spec.as_ref().unwrap();
if spec.linux.is_none() { if spec.linux.is_none() {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
} }
let linux = spec.linux.as_ref().unwrap(); let linux = spec.linux.as_ref().unwrap();
@ -1473,7 +1471,7 @@ async fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
let binary = PathBuf::from(h.path.as_str()); let binary = PathBuf::from(h.path.as_str());
let path = binary.canonicalize()?; let path = binary.canonicalize()?;
if !path.exists() { if !path.exists() {
return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL))); return Err(anyhow!(nix::Error::EINVAL));
} }
let args = h.args.clone(); let args = h.args.clone();
@ -1542,7 +1540,7 @@ async fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
if code != 0 { if code != 0 {
error!(logger, "hook {} exit status is {}", &path, code); error!(logger, "hook {} exit status is {}", &path, code);
return Err(anyhow!(nix::Error::from_errno(Errno::UnknownErrno))); return Err(anyhow!(nix::Error::UnknownErrno));
} }
debug!(logger, "hook {} exit status is 0", &path); debug!(logger, "hook {} exit status is 0", &path);
@ -1558,7 +1556,7 @@ async fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
match tokio::time::timeout(Duration::new(timeout, 0), join_handle).await { match tokio::time::timeout(Duration::new(timeout, 0), join_handle).await {
Ok(r) => r.unwrap(), Ok(r) => r.unwrap(),
Err(_) => Err(anyhow!(nix::Error::from_errno(Errno::ETIMEDOUT))), Err(_) => Err(anyhow!(nix::Error::ETIMEDOUT)),
} }
} }
@ -1664,7 +1662,7 @@ mod tests {
) )
.await; .await;
let expected_err = nix::Error::from_errno(Errno::ETIMEDOUT); let expected_err = nix::Error::ETIMEDOUT;
assert_eq!( assert_eq!(
res.unwrap_err().downcast::<nix::Error>().unwrap(), res.unwrap_err().downcast::<nix::Error>().unwrap(),
expected_err expected_err

60
src/agent/rustjail/src/mount.rs
View File

@ -5,7 +5,6 @@
use anyhow::{anyhow, Context, Result}; use anyhow::{anyhow, Context, Result};
use libc::uid_t; use libc::uid_t;
use nix::errno::Errno;
use nix::fcntl::{self, OFlag}; use nix::fcntl::{self, OFlag};
#[cfg(not(test))] #[cfg(not(test))]
use nix::mount; use nix::mount;
@ -655,7 +654,7 @@ pub fn ms_move_root(rootfs: &str) -> Result<bool> {
None::<&str>, None::<&str>,
)?; )?;
umount2(abs_mount_point, MntFlags::MNT_DETACH).or_else(|e| { umount2(abs_mount_point, MntFlags::MNT_DETACH).or_else(|e| {
if e.ne(&nix::Error::from(Errno::EINVAL)) && e.ne(&nix::Error::from(Errno::EPERM)) { if e.ne(&nix::Error::EINVAL) && e.ne(&nix::Error::EPERM) {
return Err(anyhow!(e)); return Err(anyhow!(e));
} }
@ -798,14 +797,8 @@ fn mount_from(
} }
}; };
let _ = stat::stat(dest.as_str()).map_err(|e| { let _ = stat::stat(dest.as_str())
log_child!( .map_err(|e| log_child!(cfd_log, "dest stat error. {}: {:?}", dest.as_str(), e));
cfd_log,
"dest stat error. {}: {:?}",
dest.as_str(),
e.as_errno()
)
});
mount( mount(
Some(src.as_str()), Some(src.as_str()),
@ -815,7 +808,7 @@ fn mount_from(
Some(d.as_str()), Some(d.as_str()),
) )
.map_err(|e| { .map_err(|e| {
log_child!(cfd_log, "mount error: {:?}", e.as_errno()); log_child!(cfd_log, "mount error: {:?}", e);
e e
})?; })?;
@ -837,7 +830,7 @@ fn mount_from(
None::<&str>, None::<&str>,
) )
.map_err(|e| { .map_err(|e| {
log_child!(cfd_log, "remout {}: {:?}", dest.as_str(), e.as_errno()); log_child!(cfd_log, "remout {}: {:?}", dest.as_str(), e);
e e
})?; })?;
} }
@ -1006,7 +999,7 @@ pub fn finish_rootfs(cfd_log: RawFd, spec: &Spec, process: &Process) -> Result<(
fn mask_path(path: &str) -> Result<()> { fn mask_path(path: &str) -> Result<()> {
if !path.starts_with('/') || path.contains("..") { if !path.starts_with('/') || path.contains("..") {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
} }
match mount( match mount(
@ -1016,49 +1009,30 @@ fn mask_path(path: &str) -> Result<()> {
MsFlags::MS_BIND, MsFlags::MS_BIND,
None::<&str>, None::<&str>,
) { ) {
Err(nix::Error::Sys(e)) => { Err(e) => match e {
if e != Errno::ENOENT && e != Errno::ENOTDIR { nix::Error::ENOENT | nix::Error::ENOTDIR => Ok(()),
//info!("{}: {}", path, e.desc()); _ => Err(e.into()),
return Err(nix::Error::Sys(e).into()); },
Ok(_) => Ok(()),
} }
}
Err(e) => {
return Err(e.into());
}
Ok(_) => {}
}
Ok(())
} }
fn readonly_path(path: &str) -> Result<()> { fn readonly_path(path: &str) -> Result<()> {
if !path.starts_with('/') || path.contains("..") { if !path.starts_with('/') || path.contains("..") {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
} }
match mount( if let Err(e) = mount(
Some(&path[1..]), Some(&path[1..]),
path, path,
None::<&str>, None::<&str>,
MsFlags::MS_BIND | MsFlags::MS_REC, MsFlags::MS_BIND | MsFlags::MS_REC,
None::<&str>, None::<&str>,
) { ) {
Err(nix::Error::Sys(e)) => { match e {
if e == Errno::ENOENT { nix::Error::ENOENT => return Ok(()),
return Ok(()); _ => return Err(e.into()),
} else { };
//info!("{}: {}", path, e.desc());
return Err(nix::Error::Sys(e).into());
}
}
Err(e) => {
return Err(e.into());
}
Ok(_) => {}
} }
mount( mount(

6
src/agent/rustjail/src/pipestream.rs
View File

@ -30,7 +30,7 @@ impl io::Read for &StreamFd {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
match unistd::read(self.0, buf) { match unistd::read(self.0, buf) {
Ok(l) => Ok(l), Ok(l) => Ok(l),
Err(e) => Err(e.as_errno().unwrap().into()), Err(e) => Err(e.into()),
} }
} }
} }
@ -39,7 +39,7 @@ impl io::Write for &StreamFd {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> { fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
match unistd::write(self.0, buf) { match unistd::write(self.0, buf) {
Ok(l) => Ok(l), Ok(l) => Ok(l),
Err(e) => Err(e.as_errno().unwrap().into()), Err(e) => Err(e.into()),
} }
} }
@ -52,7 +52,7 @@ impl StreamFd {
fn close(&mut self) -> io::Result<()> { fn close(&mut self) -> io::Result<()> {
match unistd::close(self.0) { match unistd::close(self.0) {
Ok(()) => Ok(()), Ok(()) => Ok(()),
Err(e) => Err(e.as_errno().unwrap().into()), Err(e) => Err(e.into()),
} }
} }
} }

5
src/agent/rustjail/src/sync.rs
View File

@ -3,7 +3,6 @@
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// //
use nix::errno::Errno;
use nix::unistd; use nix::unistd;
use std::mem; use std::mem;
use std::os::unix::io::RawFd; use std::os::unix::io::RawFd;
@ -41,7 +40,7 @@ pub fn write_count(fd: RawFd, buf: &[u8], count: usize) -> Result<usize> {
} }
Err(e) => { Err(e) => {
if e != nix::Error::from_errno(Errno::EINTR) { if e != nix::Error::EINTR {
return Err(e.into()); return Err(e.into());
} }
} }
@ -65,7 +64,7 @@ fn read_count(fd: RawFd, count: usize) -> Result<Vec<u8>> {
} }
Err(e) => { Err(e) => {
if e != nix::Error::from_errno(Errno::EINTR) { if e != nix::Error::EINTR {
return Err(e.into()); return Err(e.into());
} }
} }

3
src/agent/rustjail/src/validator.rs
View File

@ -5,13 +5,12 @@
use crate::container::Config; use crate::container::Config;
use anyhow::{anyhow, Context, Error, Result}; use anyhow::{anyhow, Context, Error, Result};
use nix::errno::Errno;
use oci::{Linux, LinuxIdMapping, LinuxNamespace, Spec}; use oci::{Linux, LinuxIdMapping, LinuxNamespace, Spec};
use std::collections::HashMap; use std::collections::HashMap;
use std::path::{Component, PathBuf}; use std::path::{Component, PathBuf};
fn einval() -> Error { fn einval() -> Error {
anyhow!(nix::Error::from_errno(Errno::EINVAL)) anyhow!(nix::Error::EINVAL)
} }
fn get_linux(oci: &Spec) -> Result<&Linux> { fn get_linux(oci: &Spec) -> Result<&Linux> {

6
src/agent/src/console.rs
View File

@ -149,10 +149,8 @@ fn run_in_child(slave_fd: libc::c_int, shell: String) -> Result<()> {
// run shell // run shell
let _ = unistd::execvp(cmd.as_c_str(), &args).map_err(|e| match e { let _ = unistd::execvp(cmd.as_c_str(), &args).map_err(|e| match e {
nix::Error::Sys(errno) => { nix::Error::UnknownErrno => std::process::exit(-2),
std::process::exit(errno as i32); _ => std::process::exit(e as i32),
}
_ => std::process::exit(-2),
}); });
Ok(()) Ok(())

9
src/agent/src/netlink.rs
View File

@ -523,7 +523,7 @@ impl Handle {
.as_ref() .as_ref()
.map(|to| to.address.as_str()) // Extract address field .map(|to| to.address.as_str()) // Extract address field
.and_then(|addr| if addr.is_empty() { None } else { Some(addr) }) // Make sure it's not empty .and_then(|addr| if addr.is_empty() { None } else { Some(addr) }) // Make sure it's not empty
.ok_or(nix::Error::Sys(nix::errno::Errno::EINVAL))?; .ok_or(nix::Error::EINVAL)?;
let ip = IpAddr::from_str(ip_address) let ip = IpAddr::from_str(ip_address)
.map_err(|e| anyhow!("Failed to parse IP {}: {:?}", ip_address, e))?; .map_err(|e| anyhow!("Failed to parse IP {}: {:?}", ip_address, e))?;
@ -612,12 +612,7 @@ fn parse_mac_address(addr: &str) -> Result<[u8; 6]> {
// Parse single Mac address block // Parse single Mac address block
let mut parse_next = || -> Result<u8> { let mut parse_next = || -> Result<u8> {
let v = u8::from_str_radix( let v = u8::from_str_radix(split.next().ok_or(nix::Error::EINVAL)?, 16)?;
split
.next()
.ok_or(nix::Error::Sys(nix::errno::Errno::EINVAL))?,
16,
)?;
Ok(v) Ok(v)
}; };

23
src/agent/src/rpc.rs
View File

@ -150,7 +150,7 @@ impl AgentService {
Some(spec) => rustjail::grpc_to_oci(spec), Some(spec) => rustjail::grpc_to_oci(spec),
None => { None => {
error!(sl!(), "no oci spec in the create container request!"); error!(sl!(), "no oci spec in the create container request!");
return Err(anyhow!(nix::Error::from_errno(nix::errno::Errno::EINVAL))); return Err(anyhow!(nix::Error::EINVAL));
} }
}; };
@ -210,7 +210,7 @@ impl AgentService {
Process::new(&sl!(), &p, cid.as_str(), true, pipe_size)? Process::new(&sl!(), &p, cid.as_str(), true, pipe_size)?
} else { } else {
info!(sl!(), "no process configurations!"); info!(sl!(), "no process configurations!");
return Err(anyhow!(nix::Error::from_errno(nix::errno::Errno::EINVAL))); return Err(anyhow!(nix::Error::EINVAL));
}; };
ctr.start(p).await?; ctr.start(p).await?;
s.update_shared_pidns(&ctr)?; s.update_shared_pidns(&ctr)?;
@ -317,13 +317,11 @@ impl AgentService {
.await .await
.is_err() .is_err()
{ {
return Err(anyhow!(nix::Error::from_errno(nix::errno::Errno::ETIME))); return Err(anyhow!(nix::Error::ETIME));
} }
if handle.await.is_err() { if handle.await.is_err() {
return Err(anyhow!(nix::Error::from_errno( return Err(anyhow!(nix::Error::UnknownErrno));
nix::errno::Errno::UnknownErrno
)));
} }
let s = self.sandbox.clone(); let s = self.sandbox.clone();
@ -347,7 +345,7 @@ impl AgentService {
let process = req let process = req
.process .process
.into_option() .into_option()
.ok_or_else(|| anyhow!(nix::Error::from_errno(nix::errno::Errno::EINVAL)))?; .ok_or_else(|| anyhow!(nix::Error::EINVAL))?;
let pipe_size = AGENT_CONFIG.read().await.container_pipe_size; let pipe_size = AGENT_CONFIG.read().await.container_pipe_size;
let ocip = rustjail::process_grpc_to_oci(&process); let ocip = rustjail::process_grpc_to_oci(&process);
@ -527,7 +525,7 @@ impl AgentService {
}; };
if reader.is_none() { if reader.is_none() {
return Err(anyhow!(nix::Error::from_errno(nix::errno::Errno::EINVAL))); return Err(anyhow!(nix::Error::EINVAL));
} }
let reader = reader.ok_or_else(|| anyhow!("cannot get stream reader"))?; let reader = reader.ok_or_else(|| anyhow!("cannot get stream reader"))?;
@ -1311,10 +1309,7 @@ fn get_memory_info(block_size: bool, hotplug: bool) -> Result<(u64, bool)> {
Err(e) => { Err(e) => {
info!(sl!(), "hotplug memory error: {:?}", e); info!(sl!(), "hotplug memory error: {:?}", e);
match e { match e {
nix::Error::Sys(errno) => match errno { nix::Error::ENOENT => plug = false,
Errno::ENOENT => plug = false,
_ => return Err(anyhow!(e)),
},
_ => return Err(anyhow!(e)), _ => return Err(anyhow!(e)),
} }
} }
@ -1531,7 +1526,7 @@ fn do_copy_file(req: &CopyFileRequest) -> Result<()> {
let path = PathBuf::from(req.path.as_str()); let path = PathBuf::from(req.path.as_str());
if !path.starts_with(CONTAINER_BASE) { if !path.starts_with(CONTAINER_BASE) {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
} }
let parent = path.parent(); let parent = path.parent();
@ -1611,7 +1606,7 @@ fn setup_bundle(cid: &str, spec: &mut Spec) -> Result<PathBuf> {
let spec_root = if let Some(sr) = &spec.root { let spec_root = if let Some(sr) = &spec.root {
sr sr
} else { } else {
return Err(nix::Error::Sys(Errno::EINVAL).into()); return Err(nix::Error::EINVAL.into());
}; };
let spec_root_path = Path::new(&spec_root.path); let spec_root_path = Path::new(&spec_root.path);

3
src/agent/src/uevent.rs
View File

@ -11,7 +11,6 @@ use slog::Logger;
use anyhow::{anyhow, Result}; use anyhow::{anyhow, Result};
use netlink_sys::{protocols, SocketAddr, TokioSocket}; use netlink_sys::{protocols, SocketAddr, TokioSocket};
use nix::errno::Errno;
use std::fmt::Debug; use std::fmt::Debug;
use std::os::unix::io::FromRawFd; use std::os::unix::io::FromRawFd;
use std::sync::Arc; use std::sync::Arc;
@ -203,7 +202,7 @@ pub async fn watch_uevents(
Ok((buf, addr)) => { Ok((buf, addr)) => {
if addr.port_number() != 0 { if addr.port_number() != 0 {
// not our netlink message // not our netlink message
let err_msg = format!("{:?}", nix::Error::Sys(Errno::EBADMSG)); let err_msg = format!("{:?}", nix::Error::EBADMSG);
error!(logger, "receive uevent message failed"; "error" => err_msg); error!(logger, "receive uevent message failed"; "error" => err_msg);
continue; continue;
} }

2
src/agent/vsock-exporter/Cargo.toml
View File

@ -7,7 +7,7 @@ edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies] [dependencies]
nix = "0.21.0" nix = "0.23.0"
libc = "0.2.94" libc = "0.2.94"
thiserror = "1.0.26" thiserror = "1.0.26"
opentelemetry = { version = "0.14.0", features=["serialize"] } opentelemetry = { version = "0.14.0", features=["serialize"] }