mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-07-06 03:56:34 +00:00
Merge pull request #1701 from dgibson/clippy
Assorted clippy fixes for Rust agent
This commit is contained in:
commit
e91591fff2
@ -58,7 +58,7 @@ pub struct Spec {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub windows: Option<Windows<String>>,
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub vm: Option<VM>,
|
||||
pub vm: Option<Vm>,
|
||||
}
|
||||
|
||||
impl Spec {
|
||||
@ -71,7 +71,7 @@ impl Spec {
|
||||
}
|
||||
}
|
||||
|
||||
pub type LinuxRlimit = POSIXRlimit;
|
||||
pub type LinuxRlimit = PosixRlimit;
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct Process {
|
||||
@ -93,7 +93,7 @@ pub struct Process {
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub capabilities: Option<LinuxCapabilities>,
|
||||
#[serde(default, skip_serializing_if = "Vec::is_empty")]
|
||||
pub rlimits: Vec<POSIXRlimit>,
|
||||
pub rlimits: Vec<PosixRlimit>,
|
||||
#[serde(default, rename = "noNewPrivileges")]
|
||||
pub no_new_privileges: bool,
|
||||
#[serde(
|
||||
@ -199,9 +199,9 @@ pub struct Hooks {
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct Linux {
|
||||
#[serde(default, rename = "uidMappings", skip_serializing_if = "Vec::is_empty")]
|
||||
pub uid_mappings: Vec<LinuxIDMapping>,
|
||||
pub uid_mappings: Vec<LinuxIdMapping>,
|
||||
#[serde(default, rename = "gidMappings", skip_serializing_if = "Vec::is_empty")]
|
||||
pub gid_mappings: Vec<LinuxIDMapping>,
|
||||
pub gid_mappings: Vec<LinuxIdMapping>,
|
||||
#[serde(default, skip_serializing_if = "HashMap::is_empty")]
|
||||
pub sysctl: HashMap<String, String>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
@ -261,7 +261,7 @@ pub const UTSNAMESPACE: &str = "uts";
|
||||
pub const CGROUPNAMESPACE: &str = "cgroup";
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct LinuxIDMapping {
|
||||
pub struct LinuxIdMapping {
|
||||
#[serde(default, rename = "containerID")]
|
||||
pub container_id: u32,
|
||||
#[serde(default, rename = "hostID")]
|
||||
@ -271,7 +271,7 @@ pub struct LinuxIDMapping {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct POSIXRlimit {
|
||||
pub struct PosixRlimit {
|
||||
#[serde(default)]
|
||||
pub r#type: String,
|
||||
#[serde(default)]
|
||||
@ -297,7 +297,7 @@ pub struct LinuxInterfacePriority {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct LinuxBlockIODevice {
|
||||
pub struct LinuxBlockIoDevice {
|
||||
#[serde(default)]
|
||||
pub major: i64,
|
||||
#[serde(default)]
|
||||
@ -307,7 +307,7 @@ pub struct LinuxBlockIODevice {
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct LinuxWeightDevice {
|
||||
#[serde(flatten)]
|
||||
pub blk: LinuxBlockIODevice,
|
||||
pub blk: LinuxBlockIoDevice,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub weight: Option<u16>,
|
||||
#[serde(
|
||||
@ -321,13 +321,13 @@ pub struct LinuxWeightDevice {
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct LinuxThrottleDevice {
|
||||
#[serde(flatten)]
|
||||
pub blk: LinuxBlockIODevice,
|
||||
pub blk: LinuxBlockIoDevice,
|
||||
#[serde(default)]
|
||||
pub rate: u64,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct LinuxBlockIO {
|
||||
pub struct LinuxBlockIo {
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub weight: Option<u16>,
|
||||
#[serde(
|
||||
@ -391,7 +391,7 @@ pub struct LinuxMemory {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct LinuxCPU {
|
||||
pub struct LinuxCpu {
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub shares: Option<u64>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
@ -453,11 +453,11 @@ pub struct LinuxResources {
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub memory: Option<LinuxMemory>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub cpu: Option<LinuxCPU>,
|
||||
pub cpu: Option<LinuxCpu>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub pids: Option<LinuxPids>,
|
||||
#[serde(skip_serializing_if = "Option::is_none", rename = "blockIO")]
|
||||
pub block_io: Option<LinuxBlockIO>,
|
||||
pub block_io: Option<LinuxBlockIo>,
|
||||
#[serde(
|
||||
default,
|
||||
skip_serializing_if = "Vec::is_empty",
|
||||
@ -517,7 +517,7 @@ pub struct Solaris {
|
||||
#[serde(default, skip_serializing_if = "Vec::is_empty")]
|
||||
pub anet: Vec<SolarisAnet>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "cappedCPU")]
|
||||
pub capped_cpu: Option<SolarisCappedCPU>,
|
||||
pub capped_cpu: Option<SolarisCappedCpu>,
|
||||
#[serde(
|
||||
default,
|
||||
skip_serializing_if = "Option::is_none",
|
||||
@ -527,7 +527,7 @@ pub struct Solaris {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct SolarisCappedCPU {
|
||||
pub struct SolarisCappedCpu {
|
||||
#[serde(default, skip_serializing_if = "String::is_empty")]
|
||||
pub ncpus: String,
|
||||
}
|
||||
@ -605,7 +605,7 @@ pub struct WindowsResources {
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub memory: Option<WindowsMemoryResources>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub cpu: Option<WindowsCPUResources>,
|
||||
pub cpu: Option<WindowsCpuResources>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub storage: Option<WindowsStorageResources>,
|
||||
}
|
||||
@ -617,7 +617,7 @@ pub struct WindowsMemoryResources {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct WindowsCPUResources {
|
||||
pub struct WindowsCpuResources {
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
pub count: Option<u64>,
|
||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
||||
@ -675,14 +675,14 @@ pub struct WindowsHyperV {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct VM {
|
||||
pub hypervisor: VMHypervisor,
|
||||
pub kernel: VMKernel,
|
||||
pub image: VMImage,
|
||||
pub struct Vm {
|
||||
pub hypervisor: VmHypervisor,
|
||||
pub kernel: VmKernel,
|
||||
pub image: VmImage,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct VMHypervisor {
|
||||
pub struct VmHypervisor {
|
||||
#[serde(default)]
|
||||
pub path: String,
|
||||
#[serde(default, skip_serializing_if = "String::is_empty")]
|
||||
@ -690,7 +690,7 @@ pub struct VMHypervisor {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct VMKernel {
|
||||
pub struct VmKernel {
|
||||
#[serde(default)]
|
||||
pub path: String,
|
||||
#[serde(default, skip_serializing_if = "String::is_empty")]
|
||||
@ -700,7 +700,7 @@ pub struct VMKernel {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq)]
|
||||
pub struct VMImage {
|
||||
pub struct VmImage {
|
||||
#[serde(default)]
|
||||
pub path: String,
|
||||
#[serde(default)]
|
||||
@ -801,11 +801,11 @@ pub struct LinuxIntelRdt {
|
||||
#[derive(Debug, Serialize, Deserialize, Copy, Clone, PartialEq)]
|
||||
#[serde(rename_all = "lowercase")]
|
||||
pub enum ContainerState {
|
||||
CREATING,
|
||||
CREATED,
|
||||
RUNNING,
|
||||
STOPPED,
|
||||
PAUSED,
|
||||
Creating,
|
||||
Created,
|
||||
Running,
|
||||
Stopped,
|
||||
Paused,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
|
||||
@ -846,7 +846,7 @@ mod tests {
|
||||
let expected = State {
|
||||
version: "0.2.0".to_string(),
|
||||
id: "oci-container1".to_string(),
|
||||
status: ContainerState::RUNNING,
|
||||
status: ContainerState::Running,
|
||||
pid: 4422,
|
||||
bundle: "/containers/redis".to_string(),
|
||||
annotations: [("myKey".to_string(), "myValue".to_string())]
|
||||
@ -1271,12 +1271,12 @@ mod tests {
|
||||
ambient: vec!["CAP_NET_BIND_SERVICE".to_string()],
|
||||
}),
|
||||
rlimits: vec![
|
||||
crate::POSIXRlimit {
|
||||
crate::PosixRlimit {
|
||||
r#type: "RLIMIT_CORE".to_string(),
|
||||
hard: 1024,
|
||||
soft: 1024,
|
||||
},
|
||||
crate::POSIXRlimit {
|
||||
crate::PosixRlimit {
|
||||
r#type: "RLIMIT_NOFILE".to_string(),
|
||||
hard: 1024,
|
||||
soft: 1024,
|
||||
@ -1408,12 +1408,12 @@ mod tests {
|
||||
.cloned()
|
||||
.collect(),
|
||||
linux: Some(crate::Linux {
|
||||
uid_mappings: vec![crate::LinuxIDMapping {
|
||||
uid_mappings: vec![crate::LinuxIdMapping {
|
||||
container_id: 0,
|
||||
host_id: 1000,
|
||||
size: 32000,
|
||||
}],
|
||||
gid_mappings: vec![crate::LinuxIDMapping {
|
||||
gid_mappings: vec![crate::LinuxIdMapping {
|
||||
container_id: 0,
|
||||
host_id: 1000,
|
||||
size: 32000,
|
||||
@ -1458,7 +1458,7 @@ mod tests {
|
||||
swappiness: Some(0),
|
||||
disable_oom_killer: Some(false),
|
||||
}),
|
||||
cpu: Some(crate::LinuxCPU {
|
||||
cpu: Some(crate::LinuxCpu {
|
||||
shares: Some(1024),
|
||||
quota: Some(1000000),
|
||||
period: Some(500000),
|
||||
@ -1468,17 +1468,17 @@ mod tests {
|
||||
mems: "0-7".to_string(),
|
||||
}),
|
||||
pids: Some(crate::LinuxPids { limit: 32771 }),
|
||||
block_io: Some(crate::LinuxBlockIO {
|
||||
block_io: Some(crate::LinuxBlockIo {
|
||||
weight: Some(10),
|
||||
leaf_weight: Some(10),
|
||||
weight_device: vec![
|
||||
crate::LinuxWeightDevice {
|
||||
blk: crate::LinuxBlockIODevice { major: 8, minor: 0 },
|
||||
blk: crate::LinuxBlockIoDevice { major: 8, minor: 0 },
|
||||
weight: Some(500),
|
||||
leaf_weight: Some(300),
|
||||
},
|
||||
crate::LinuxWeightDevice {
|
||||
blk: crate::LinuxBlockIODevice {
|
||||
blk: crate::LinuxBlockIoDevice {
|
||||
major: 8,
|
||||
minor: 16,
|
||||
},
|
||||
@ -1487,13 +1487,13 @@ mod tests {
|
||||
},
|
||||
],
|
||||
throttle_read_bps_device: vec![crate::LinuxThrottleDevice {
|
||||
blk: crate::LinuxBlockIODevice { major: 8, minor: 0 },
|
||||
blk: crate::LinuxBlockIoDevice { major: 8, minor: 0 },
|
||||
rate: 600,
|
||||
}],
|
||||
throttle_write_bps_device: vec![],
|
||||
throttle_read_iops_device: vec![],
|
||||
throttle_write_iops_device: vec![crate::LinuxThrottleDevice {
|
||||
blk: crate::LinuxBlockIODevice {
|
||||
blk: crate::LinuxBlockIoDevice {
|
||||
major: 8,
|
||||
minor: 16,
|
||||
},
|
||||
|
@ -24,7 +24,7 @@ use anyhow::{anyhow, Context, Result};
|
||||
use libc::{self, pid_t};
|
||||
use nix::errno::Errno;
|
||||
use oci::{
|
||||
LinuxBlockIO, LinuxCPU, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory,
|
||||
LinuxBlockIo, LinuxCpu, LinuxDevice, LinuxDeviceCgroup, LinuxHugepageLimit, LinuxMemory,
|
||||
LinuxNetwork, LinuxPids, LinuxResources,
|
||||
};
|
||||
|
||||
@ -272,7 +272,7 @@ fn set_hugepages_resources(
|
||||
|
||||
fn set_block_io_resources(
|
||||
_cg: &cgroups::Cgroup,
|
||||
blkio: &LinuxBlockIO,
|
||||
blkio: &LinuxBlockIo,
|
||||
res: &mut cgroups::Resources,
|
||||
) {
|
||||
info!(sl!(), "cgroup manager set block io");
|
||||
@ -302,7 +302,7 @@ fn set_block_io_resources(
|
||||
build_blk_io_device_throttle_resource(&blkio.throttle_write_iops_device);
|
||||
}
|
||||
|
||||
fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCPU) -> Result<()> {
|
||||
fn set_cpu_resources(cg: &cgroups::Cgroup, cpu: &LinuxCpu) -> Result<()> {
|
||||
info!(sl!(), "cgroup manager set cpu");
|
||||
|
||||
let cpuset_controller: &CpuSetController = cg.controller_of().unwrap();
|
||||
@ -489,63 +489,61 @@ lazy_static! {
|
||||
};
|
||||
|
||||
pub static ref DEFAULT_ALLOWED_DEVICES: Vec<LinuxDeviceCgroup> = {
|
||||
let mut v = Vec::new();
|
||||
vec![
|
||||
// all mknod to all char devices
|
||||
LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(WILDCARD),
|
||||
minor: Some(WILDCARD),
|
||||
access: "m".to_string(),
|
||||
},
|
||||
|
||||
// all mknod to all char devices
|
||||
v.push(LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(WILDCARD),
|
||||
minor: Some(WILDCARD),
|
||||
access: "m".to_string(),
|
||||
});
|
||||
// all mknod to all block devices
|
||||
LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "b".to_string(),
|
||||
major: Some(WILDCARD),
|
||||
minor: Some(WILDCARD),
|
||||
access: "m".to_string(),
|
||||
},
|
||||
|
||||
// all mknod to all block devices
|
||||
v.push(LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "b".to_string(),
|
||||
major: Some(WILDCARD),
|
||||
minor: Some(WILDCARD),
|
||||
access: "m".to_string(),
|
||||
});
|
||||
// all read/write/mknod to char device /dev/console
|
||||
LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(5),
|
||||
minor: Some(1),
|
||||
access: "rwm".to_string(),
|
||||
},
|
||||
|
||||
// all read/write/mknod to char device /dev/console
|
||||
v.push(LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(5),
|
||||
minor: Some(1),
|
||||
access: "rwm".to_string(),
|
||||
});
|
||||
// all read/write/mknod to char device /dev/pts/<N>
|
||||
LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(136),
|
||||
minor: Some(WILDCARD),
|
||||
access: "rwm".to_string(),
|
||||
},
|
||||
|
||||
// all read/write/mknod to char device /dev/pts/<N>
|
||||
v.push(LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(136),
|
||||
minor: Some(WILDCARD),
|
||||
access: "rwm".to_string(),
|
||||
});
|
||||
// all read/write/mknod to char device /dev/ptmx
|
||||
LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(5),
|
||||
minor: Some(2),
|
||||
access: "rwm".to_string(),
|
||||
},
|
||||
|
||||
// all read/write/mknod to char device /dev/ptmx
|
||||
v.push(LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(5),
|
||||
minor: Some(2),
|
||||
access: "rwm".to_string(),
|
||||
});
|
||||
|
||||
// all read/write/mknod to char device /dev/net/tun
|
||||
v.push(LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(10),
|
||||
minor: Some(200),
|
||||
access: "rwm".to_string(),
|
||||
});
|
||||
|
||||
v
|
||||
// all read/write/mknod to char device /dev/net/tun
|
||||
LinuxDeviceCgroup {
|
||||
allow: true,
|
||||
r#type: "c".to_string(),
|
||||
major: Some(10),
|
||||
minor: Some(200),
|
||||
access: "rwm".to_string(),
|
||||
},
|
||||
]
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -8,7 +8,7 @@ use eventfd::{eventfd, EfdFlags};
|
||||
use nix::sys::eventfd;
|
||||
use std::fs::{self, File};
|
||||
use std::os::unix::io::{AsRawFd, FromRawFd};
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::path::Path;
|
||||
|
||||
use crate::pipestream::PipeStream;
|
||||
use futures::StreamExt as _;
|
||||
@ -35,7 +35,7 @@ pub async fn notify_oom(cid: &str, cg_dir: String) -> Result<Receiver<String>> {
|
||||
// Flat keyed file format:
|
||||
// KEY0 VAL0\n
|
||||
// KEY1 VAL1\n
|
||||
fn get_value_from_cgroup(path: &PathBuf, key: &str) -> Result<i64> {
|
||||
fn get_value_from_cgroup(path: &Path, key: &str) -> Result<i64> {
|
||||
let content = fs::read_to_string(path)?;
|
||||
info!(
|
||||
sl!(),
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
use anyhow::{anyhow, Context, Result};
|
||||
use libc::pid_t;
|
||||
use oci::{ContainerState, LinuxDevice, LinuxIDMapping};
|
||||
use oci::{ContainerState, LinuxDevice, LinuxIdMapping};
|
||||
use oci::{Hook, Linux, LinuxNamespace, LinuxResources, Spec};
|
||||
use std::clone::Clone;
|
||||
use std::ffi::{CStr, CString};
|
||||
@ -83,8 +83,8 @@ pub struct ContainerStatus {
|
||||
impl ContainerStatus {
|
||||
fn new() -> Self {
|
||||
ContainerStatus {
|
||||
pre_status: ContainerState::CREATED,
|
||||
cur_status: ContainerState::CREATED,
|
||||
pre_status: ContainerState::Created,
|
||||
cur_status: ContainerState::Created,
|
||||
}
|
||||
}
|
||||
|
||||
@ -132,62 +132,62 @@ lazy_static! {
|
||||
};
|
||||
|
||||
pub static ref DEFAULT_DEVICES: Vec<LinuxDevice> = {
|
||||
let mut v = Vec::new();
|
||||
v.push(LinuxDevice {
|
||||
path: "/dev/null".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 3,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
});
|
||||
v.push(LinuxDevice {
|
||||
path: "/dev/zero".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 5,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
});
|
||||
v.push(LinuxDevice {
|
||||
path: "/dev/full".to_string(),
|
||||
r#type: String::from("c"),
|
||||
major: 1,
|
||||
minor: 7,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
});
|
||||
v.push(LinuxDevice {
|
||||
path: "/dev/tty".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 5,
|
||||
minor: 0,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
});
|
||||
v.push(LinuxDevice {
|
||||
path: "/dev/urandom".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 9,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
});
|
||||
v.push(LinuxDevice {
|
||||
path: "/dev/random".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 8,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
});
|
||||
v
|
||||
vec![
|
||||
LinuxDevice {
|
||||
path: "/dev/null".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 3,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
},
|
||||
LinuxDevice {
|
||||
path: "/dev/zero".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 5,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
},
|
||||
LinuxDevice {
|
||||
path: "/dev/full".to_string(),
|
||||
r#type: String::from("c"),
|
||||
major: 1,
|
||||
minor: 7,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
},
|
||||
LinuxDevice {
|
||||
path: "/dev/tty".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 5,
|
||||
minor: 0,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
},
|
||||
LinuxDevice {
|
||||
path: "/dev/urandom".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 9,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
},
|
||||
LinuxDevice {
|
||||
path: "/dev/random".to_string(),
|
||||
r#type: "c".to_string(),
|
||||
major: 1,
|
||||
minor: 8,
|
||||
file_mode: Some(0o666),
|
||||
uid: Some(0xffffffff),
|
||||
gid: Some(0xffffffff),
|
||||
},
|
||||
]
|
||||
};
|
||||
}
|
||||
|
||||
@ -255,7 +255,7 @@ pub struct State {
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Clone)]
|
||||
pub struct SyncPC {
|
||||
pub struct SyncPc {
|
||||
#[serde(default)]
|
||||
pid: pid_t,
|
||||
}
|
||||
@ -268,7 +268,7 @@ pub trait Container: BaseContainer {
|
||||
impl Container for LinuxContainer {
|
||||
fn pause(&mut self) -> Result<()> {
|
||||
let status = self.status();
|
||||
if status != ContainerState::RUNNING && status != ContainerState::CREATED {
|
||||
if status != ContainerState::Running && status != ContainerState::Created {
|
||||
return Err(anyhow!(
|
||||
"failed to pause container: current status is: {:?}",
|
||||
status
|
||||
@ -281,7 +281,7 @@ impl Container for LinuxContainer {
|
||||
.unwrap()
|
||||
.freeze(FreezerState::Frozen)?;
|
||||
|
||||
self.status.transition(ContainerState::PAUSED);
|
||||
self.status.transition(ContainerState::Paused);
|
||||
return Ok(());
|
||||
}
|
||||
Err(anyhow!("failed to get container's cgroup manager"))
|
||||
@ -289,7 +289,7 @@ impl Container for LinuxContainer {
|
||||
|
||||
fn resume(&mut self) -> Result<()> {
|
||||
let status = self.status();
|
||||
if status != ContainerState::PAUSED {
|
||||
if status != ContainerState::Paused {
|
||||
return Err(anyhow!("container status is: {:?}, not paused", status));
|
||||
}
|
||||
|
||||
@ -299,7 +299,7 @@ impl Container for LinuxContainer {
|
||||
.unwrap()
|
||||
.freeze(FreezerState::Thawed)?;
|
||||
|
||||
self.status.transition(ContainerState::RUNNING);
|
||||
self.status.transition(ContainerState::Running);
|
||||
return Ok(());
|
||||
}
|
||||
Err(anyhow!("failed to get container's cgroup manager"))
|
||||
@ -734,7 +734,7 @@ impl BaseContainer for LinuxContainer {
|
||||
};
|
||||
|
||||
let status = self.status();
|
||||
let pid = if status != ContainerState::STOPPED {
|
||||
let pid = if status != ContainerState::Stopped {
|
||||
self.init_process_pid
|
||||
} else {
|
||||
0
|
||||
@ -984,7 +984,7 @@ impl BaseContainer for LinuxContainer {
|
||||
|
||||
if init {
|
||||
self.exec()?;
|
||||
self.status.transition(ContainerState::RUNNING);
|
||||
self.status.transition(ContainerState::Running);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
@ -1006,7 +1006,7 @@ impl BaseContainer for LinuxContainer {
|
||||
}
|
||||
}
|
||||
|
||||
self.status.transition(ContainerState::STOPPED);
|
||||
self.status.transition(ContainerState::Stopped);
|
||||
mount::umount2(
|
||||
spec.root.as_ref().unwrap().path.as_str(),
|
||||
MntFlags::MNT_DETACH,
|
||||
@ -1042,7 +1042,7 @@ impl BaseContainer for LinuxContainer {
|
||||
.unwrap()
|
||||
.as_secs();
|
||||
|
||||
self.status.transition(ContainerState::RUNNING);
|
||||
self.status.transition(ContainerState::Running);
|
||||
unistd::close(fd)?;
|
||||
|
||||
Ok(())
|
||||
@ -1289,7 +1289,7 @@ async fn join_namespaces(
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn write_mappings(logger: &Logger, path: &str, maps: &[LinuxIDMapping]) -> Result<()> {
|
||||
fn write_mappings(logger: &Logger, path: &str, maps: &[LinuxIdMapping]) -> Result<()> {
|
||||
let data = maps
|
||||
.iter()
|
||||
.filter(|m| m.size != 0)
|
||||
@ -1515,28 +1515,23 @@ async fn execute_hook(logger: &Logger, h: &Hook, st: &OCIState) -> Result<()> {
|
||||
|
||||
match child.wait().await {
|
||||
Ok(exit) => {
|
||||
let code = match exit.code() {
|
||||
Some(c) => c,
|
||||
None => {
|
||||
return Err(anyhow!("hook exit status has no status code"));
|
||||
}
|
||||
};
|
||||
let code = exit
|
||||
.code()
|
||||
.ok_or_else(|| anyhow!("hook exit status has no status code"))?;
|
||||
|
||||
if code == 0 {
|
||||
debug!(logger, "hook {} exit status is 0", &path);
|
||||
return Ok(());
|
||||
} else {
|
||||
if code != 0 {
|
||||
error!(logger, "hook {} exit status is {}", &path, code);
|
||||
return Err(anyhow!(nix::Error::from_errno(Errno::UnknownErrno)));
|
||||
}
|
||||
|
||||
debug!(logger, "hook {} exit status is 0", &path);
|
||||
Ok(())
|
||||
}
|
||||
Err(e) => {
|
||||
return Err(anyhow!(
|
||||
"wait child error: {} {}",
|
||||
e,
|
||||
e.raw_os_error().unwrap()
|
||||
));
|
||||
}
|
||||
Err(e) => Err(anyhow!(
|
||||
"wait child error: {} {}",
|
||||
e,
|
||||
e.raw_os_error().unwrap()
|
||||
)),
|
||||
}
|
||||
});
|
||||
|
||||
@ -1575,7 +1570,7 @@ mod tests {
|
||||
&OCIState {
|
||||
version: "1.2.3".to_string(),
|
||||
id: "321".to_string(),
|
||||
status: ContainerState::RUNNING,
|
||||
status: ContainerState::Running,
|
||||
pid: 2,
|
||||
bundle: "".to_string(),
|
||||
annotations: Default::default(),
|
||||
@ -1598,7 +1593,7 @@ mod tests {
|
||||
&OCIState {
|
||||
version: "1.2.3".to_string(),
|
||||
id: "321".to_string(),
|
||||
status: ContainerState::RUNNING,
|
||||
status: ContainerState::Running,
|
||||
pid: 2,
|
||||
bundle: "".to_string(),
|
||||
annotations: Default::default(),
|
||||
@ -1617,10 +1612,10 @@ mod tests {
|
||||
fn test_status_transtition() {
|
||||
let mut status = ContainerStatus::new();
|
||||
let status_table: [ContainerState; 4] = [
|
||||
ContainerState::CREATED,
|
||||
ContainerState::RUNNING,
|
||||
ContainerState::PAUSED,
|
||||
ContainerState::STOPPED,
|
||||
ContainerState::Created,
|
||||
ContainerState::Running,
|
||||
ContainerState::Paused,
|
||||
ContainerState::Stopped,
|
||||
];
|
||||
|
||||
for s in status_table.iter() {
|
||||
@ -1757,7 +1752,7 @@ mod tests {
|
||||
fn test_linuxcontainer_pause_bad_status() {
|
||||
let ret = new_linux_container_and_then(|mut c: LinuxContainer| {
|
||||
// Change state to pause, c.pause() should fail
|
||||
c.status.transition(ContainerState::PAUSED);
|
||||
c.status.transition(ContainerState::Paused);
|
||||
c.pause().map_err(|e| anyhow!(e))
|
||||
});
|
||||
|
||||
@ -1789,7 +1784,7 @@ mod tests {
|
||||
fn test_linuxcontainer_resume_bad_status() {
|
||||
let ret = new_linux_container_and_then(|mut c: LinuxContainer| {
|
||||
// Change state to created, c.resume() should fail
|
||||
c.status.transition(ContainerState::CREATED);
|
||||
c.status.transition(ContainerState::Created);
|
||||
c.resume().map_err(|e| anyhow!(e))
|
||||
});
|
||||
|
||||
@ -1800,7 +1795,7 @@ mod tests {
|
||||
#[test]
|
||||
fn test_linuxcontainer_resume_cgroupmgr_is_none() {
|
||||
let ret = new_linux_container_and_then(|mut c: LinuxContainer| {
|
||||
c.status.transition(ContainerState::PAUSED);
|
||||
c.status.transition(ContainerState::Paused);
|
||||
c.cgroup_manager = None;
|
||||
c.resume().map_err(|e| anyhow!(e))
|
||||
});
|
||||
@ -1813,7 +1808,7 @@ mod tests {
|
||||
let ret = new_linux_container_and_then(|mut c: LinuxContainer| {
|
||||
c.cgroup_manager = FsManager::new("").ok();
|
||||
// Change status to paused, this way we can resume it
|
||||
c.status.transition(ContainerState::PAUSED);
|
||||
c.status.transition(ContainerState::Paused);
|
||||
c.resume().map_err(|e| anyhow!(e))
|
||||
});
|
||||
|
||||
|
@ -58,24 +58,16 @@ pub mod validator;
|
||||
// pub mod user;
|
||||
//pub mod intelrdt;
|
||||
|
||||
// construtc ociSpec from grpcSpec, which is needed for hook
|
||||
// execution. since hooks read config.json
|
||||
|
||||
use oci::{
|
||||
Box as ociBox, Hooks as ociHooks, Linux as ociLinux, LinuxCapabilities as ociLinuxCapabilities,
|
||||
Mount as ociMount, POSIXRlimit as ociPOSIXRlimit, Process as ociProcess, Root as ociRoot,
|
||||
Spec as ociSpec, User as ociUser,
|
||||
};
|
||||
use protocols::oci::{
|
||||
Hooks as grpcHooks, Linux as grpcLinux, Mount as grpcMount, Process as grpcProcess,
|
||||
Root as grpcRoot, Spec as grpcSpec,
|
||||
};
|
||||
use std::collections::HashMap;
|
||||
|
||||
pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
|
||||
use protocols::oci as grpc;
|
||||
|
||||
// construct ociSpec from grpc::Spec, which is needed for hook
|
||||
// execution. since hooks read config.json
|
||||
pub fn process_grpc_to_oci(p: &grpc::Process) -> oci::Process {
|
||||
let console_size = if p.ConsoleSize.is_some() {
|
||||
let c = p.ConsoleSize.as_ref().unwrap();
|
||||
Some(ociBox {
|
||||
Some(oci::Box {
|
||||
height: c.Height,
|
||||
width: c.Width,
|
||||
})
|
||||
@ -85,14 +77,14 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
|
||||
|
||||
let user = if p.User.is_some() {
|
||||
let u = p.User.as_ref().unwrap();
|
||||
ociUser {
|
||||
oci::User {
|
||||
uid: u.UID,
|
||||
gid: u.GID,
|
||||
additional_gids: u.AdditionalGids.clone(),
|
||||
username: u.Username.clone(),
|
||||
}
|
||||
} else {
|
||||
ociUser {
|
||||
oci::User {
|
||||
uid: 0,
|
||||
gid: 0,
|
||||
additional_gids: vec![],
|
||||
@ -103,7 +95,7 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
|
||||
let capabilities = if p.Capabilities.is_some() {
|
||||
let cap = p.Capabilities.as_ref().unwrap();
|
||||
|
||||
Some(ociLinuxCapabilities {
|
||||
Some(oci::LinuxCapabilities {
|
||||
bounding: cap.Bounding.clone().into_vec(),
|
||||
effective: cap.Effective.clone().into_vec(),
|
||||
inheritable: cap.Inheritable.clone().into_vec(),
|
||||
@ -117,7 +109,7 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
|
||||
let rlimits = {
|
||||
let mut r = Vec::new();
|
||||
for lm in p.Rlimits.iter() {
|
||||
r.push(ociPOSIXRlimit {
|
||||
r.push(oci::PosixRlimit {
|
||||
r#type: lm.Type.clone(),
|
||||
hard: lm.Hard,
|
||||
soft: lm.Soft,
|
||||
@ -126,7 +118,7 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
|
||||
r
|
||||
};
|
||||
|
||||
ociProcess {
|
||||
oci::Process {
|
||||
terminal: p.Terminal,
|
||||
console_size,
|
||||
user,
|
||||
@ -142,15 +134,15 @@ pub fn process_grpc_to_oci(p: &grpcProcess) -> ociProcess {
|
||||
}
|
||||
}
|
||||
|
||||
fn root_grpc_to_oci(root: &grpcRoot) -> ociRoot {
|
||||
ociRoot {
|
||||
fn root_grpc_to_oci(root: &grpc::Root) -> oci::Root {
|
||||
oci::Root {
|
||||
path: root.Path.clone(),
|
||||
readonly: root.Readonly,
|
||||
}
|
||||
}
|
||||
|
||||
fn mount_grpc_to_oci(m: &grpcMount) -> ociMount {
|
||||
ociMount {
|
||||
fn mount_grpc_to_oci(m: &grpc::Mount) -> oci::Mount {
|
||||
oci::Mount {
|
||||
destination: m.destination.clone(),
|
||||
r#type: m.field_type.clone(),
|
||||
source: m.source.clone(),
|
||||
@ -158,13 +150,12 @@ fn mount_grpc_to_oci(m: &grpcMount) -> ociMount {
|
||||
}
|
||||
}
|
||||
|
||||
use oci::Hook as ociHook;
|
||||
use protocols::oci::Hook as grpcHook;
|
||||
|
||||
fn hook_grpc_to_oci(h: &[grpcHook]) -> Vec<ociHook> {
|
||||
fn hook_grpc_to_oci(h: &[grpcHook]) -> Vec<oci::Hook> {
|
||||
let mut r = Vec::new();
|
||||
for e in h.iter() {
|
||||
r.push(ociHook {
|
||||
r.push(oci::Hook {
|
||||
path: e.Path.clone(),
|
||||
args: e.Args.clone().into_vec(),
|
||||
env: e.Env.clone().into_vec(),
|
||||
@ -174,39 +165,29 @@ fn hook_grpc_to_oci(h: &[grpcHook]) -> Vec<ociHook> {
|
||||
r
|
||||
}
|
||||
|
||||
fn hooks_grpc_to_oci(h: &grpcHooks) -> ociHooks {
|
||||
fn hooks_grpc_to_oci(h: &grpc::Hooks) -> oci::Hooks {
|
||||
let prestart = hook_grpc_to_oci(h.Prestart.as_ref());
|
||||
|
||||
let poststart = hook_grpc_to_oci(h.Poststart.as_ref());
|
||||
|
||||
let poststop = hook_grpc_to_oci(h.Poststop.as_ref());
|
||||
|
||||
ociHooks {
|
||||
oci::Hooks {
|
||||
prestart,
|
||||
poststart,
|
||||
poststop,
|
||||
}
|
||||
}
|
||||
|
||||
use oci::{
|
||||
LinuxDevice as ociLinuxDevice, LinuxIDMapping as ociLinuxIDMapping,
|
||||
LinuxIntelRdt as ociLinuxIntelRdt, LinuxNamespace as ociLinuxNamespace,
|
||||
LinuxResources as ociLinuxResources, LinuxSeccomp as ociLinuxSeccomp,
|
||||
};
|
||||
use protocols::oci::{
|
||||
LinuxIDMapping as grpcLinuxIDMapping, LinuxResources as grpcLinuxResources,
|
||||
LinuxSeccomp as grpcLinuxSeccomp,
|
||||
};
|
||||
|
||||
fn idmap_grpc_to_oci(im: &grpcLinuxIDMapping) -> ociLinuxIDMapping {
|
||||
ociLinuxIDMapping {
|
||||
fn idmap_grpc_to_oci(im: &grpc::LinuxIDMapping) -> oci::LinuxIdMapping {
|
||||
oci::LinuxIdMapping {
|
||||
container_id: im.ContainerID,
|
||||
host_id: im.HostID,
|
||||
size: im.Size,
|
||||
}
|
||||
}
|
||||
|
||||
fn idmaps_grpc_to_oci(ims: &[grpcLinuxIDMapping]) -> Vec<ociLinuxIDMapping> {
|
||||
fn idmaps_grpc_to_oci(ims: &[grpc::LinuxIDMapping]) -> Vec<oci::LinuxIdMapping> {
|
||||
let mut r = Vec::new();
|
||||
for im in ims.iter() {
|
||||
r.push(idmap_grpc_to_oci(im));
|
||||
@ -214,24 +195,13 @@ fn idmaps_grpc_to_oci(ims: &[grpcLinuxIDMapping]) -> Vec<ociLinuxIDMapping> {
|
||||
r
|
||||
}
|
||||
|
||||
use oci::{
|
||||
LinuxBlockIO as ociLinuxBlockIO, LinuxBlockIODevice as ociLinuxBlockIODevice,
|
||||
LinuxCPU as ociLinuxCPU, LinuxDeviceCgroup as ociLinuxDeviceCgroup,
|
||||
LinuxHugepageLimit as ociLinuxHugepageLimit,
|
||||
LinuxInterfacePriority as ociLinuxInterfacePriority, LinuxMemory as ociLinuxMemory,
|
||||
LinuxNetwork as ociLinuxNetwork, LinuxPids as ociLinuxPids,
|
||||
LinuxThrottleDevice as ociLinuxThrottleDevice, LinuxWeightDevice as ociLinuxWeightDevice,
|
||||
};
|
||||
use protocols::oci::{
|
||||
LinuxBlockIO as grpcLinuxBlockIO, LinuxThrottleDevice as grpcLinuxThrottleDevice,
|
||||
LinuxWeightDevice as grpcLinuxWeightDevice,
|
||||
};
|
||||
|
||||
fn throttle_devices_grpc_to_oci(tds: &[grpcLinuxThrottleDevice]) -> Vec<ociLinuxThrottleDevice> {
|
||||
fn throttle_devices_grpc_to_oci(
|
||||
tds: &[grpc::LinuxThrottleDevice],
|
||||
) -> Vec<oci::LinuxThrottleDevice> {
|
||||
let mut r = Vec::new();
|
||||
for td in tds.iter() {
|
||||
r.push(ociLinuxThrottleDevice {
|
||||
blk: ociLinuxBlockIODevice {
|
||||
r.push(oci::LinuxThrottleDevice {
|
||||
blk: oci::LinuxBlockIoDevice {
|
||||
major: td.Major,
|
||||
minor: td.Minor,
|
||||
},
|
||||
@ -241,11 +211,11 @@ fn throttle_devices_grpc_to_oci(tds: &[grpcLinuxThrottleDevice]) -> Vec<ociLinux
|
||||
r
|
||||
}
|
||||
|
||||
fn weight_devices_grpc_to_oci(wds: &[grpcLinuxWeightDevice]) -> Vec<ociLinuxWeightDevice> {
|
||||
fn weight_devices_grpc_to_oci(wds: &[grpc::LinuxWeightDevice]) -> Vec<oci::LinuxWeightDevice> {
|
||||
let mut r = Vec::new();
|
||||
for wd in wds.iter() {
|
||||
r.push(ociLinuxWeightDevice {
|
||||
blk: ociLinuxBlockIODevice {
|
||||
r.push(oci::LinuxWeightDevice {
|
||||
blk: oci::LinuxBlockIoDevice {
|
||||
major: wd.Major,
|
||||
minor: wd.Minor,
|
||||
},
|
||||
@ -256,7 +226,7 @@ fn weight_devices_grpc_to_oci(wds: &[grpcLinuxWeightDevice]) -> Vec<ociLinuxWeig
|
||||
r
|
||||
}
|
||||
|
||||
fn blockio_grpc_to_oci(blk: &grpcLinuxBlockIO) -> ociLinuxBlockIO {
|
||||
fn blockio_grpc_to_oci(blk: &grpc::LinuxBlockIO) -> oci::LinuxBlockIo {
|
||||
let weight_device = weight_devices_grpc_to_oci(blk.WeightDevice.as_ref());
|
||||
let throttle_read_bps_device = throttle_devices_grpc_to_oci(blk.ThrottleReadBpsDevice.as_ref());
|
||||
let throttle_write_bps_device =
|
||||
@ -266,7 +236,7 @@ fn blockio_grpc_to_oci(blk: &grpcLinuxBlockIO) -> ociLinuxBlockIO {
|
||||
let throttle_write_iops_device =
|
||||
throttle_devices_grpc_to_oci(blk.ThrottleWriteIOPSDevice.as_ref());
|
||||
|
||||
ociLinuxBlockIO {
|
||||
oci::LinuxBlockIo {
|
||||
weight: Some(blk.Weight as u16),
|
||||
leaf_weight: Some(blk.LeafWeight as u16),
|
||||
weight_device,
|
||||
@ -277,7 +247,7 @@ fn blockio_grpc_to_oci(blk: &grpcLinuxBlockIO) -> ociLinuxBlockIO {
|
||||
}
|
||||
}
|
||||
|
||||
pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
pub fn resources_grpc_to_oci(res: &grpc::LinuxResources) -> oci::LinuxResources {
|
||||
let devices = {
|
||||
let mut d = Vec::new();
|
||||
for dev in res.Devices.iter() {
|
||||
@ -292,7 +262,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
} else {
|
||||
Some(dev.Minor)
|
||||
};
|
||||
d.push(ociLinuxDeviceCgroup {
|
||||
d.push(oci::LinuxDeviceCgroup {
|
||||
allow: dev.Allow,
|
||||
r#type: dev.Type.clone(),
|
||||
major,
|
||||
@ -305,7 +275,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
|
||||
let memory = if res.Memory.is_some() {
|
||||
let mem = res.Memory.as_ref().unwrap();
|
||||
Some(ociLinuxMemory {
|
||||
Some(oci::LinuxMemory {
|
||||
limit: Some(mem.Limit),
|
||||
reservation: Some(mem.Reservation),
|
||||
swap: Some(mem.Swap),
|
||||
@ -320,7 +290,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
|
||||
let cpu = if res.CPU.is_some() {
|
||||
let c = res.CPU.as_ref().unwrap();
|
||||
Some(ociLinuxCPU {
|
||||
Some(oci::LinuxCpu {
|
||||
shares: Some(c.Shares),
|
||||
quota: Some(c.Quota),
|
||||
period: Some(c.Period),
|
||||
@ -335,7 +305,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
|
||||
let pids = if res.Pids.is_some() {
|
||||
let p = res.Pids.as_ref().unwrap();
|
||||
Some(ociLinuxPids { limit: p.Limit })
|
||||
Some(oci::LinuxPids { limit: p.Limit })
|
||||
} else {
|
||||
None
|
||||
};
|
||||
@ -351,7 +321,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
let hugepage_limits = {
|
||||
let mut r = Vec::new();
|
||||
for hl in res.HugepageLimits.iter() {
|
||||
r.push(ociLinuxHugepageLimit {
|
||||
r.push(oci::LinuxHugepageLimit {
|
||||
page_size: hl.Pagesize.clone(),
|
||||
limit: hl.Limit,
|
||||
});
|
||||
@ -364,14 +334,14 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
let priorities = {
|
||||
let mut r = Vec::new();
|
||||
for pr in net.Priorities.iter() {
|
||||
r.push(ociLinuxInterfacePriority {
|
||||
r.push(oci::LinuxInterfacePriority {
|
||||
name: pr.Name.clone(),
|
||||
priority: pr.Priority,
|
||||
});
|
||||
}
|
||||
r
|
||||
};
|
||||
Some(ociLinuxNetwork {
|
||||
Some(oci::LinuxNetwork {
|
||||
class_id: Some(net.ClassID),
|
||||
priorities,
|
||||
})
|
||||
@ -379,7 +349,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
None
|
||||
};
|
||||
|
||||
ociLinuxResources {
|
||||
oci::LinuxResources {
|
||||
devices,
|
||||
memory,
|
||||
cpu,
|
||||
@ -391,9 +361,7 @@ pub fn resources_grpc_to_oci(res: &grpcLinuxResources) -> ociLinuxResources {
|
||||
}
|
||||
}
|
||||
|
||||
use oci::{LinuxSeccompArg as ociLinuxSeccompArg, LinuxSyscall as ociLinuxSyscall};
|
||||
|
||||
fn seccomp_grpc_to_oci(sec: &grpcLinuxSeccomp) -> ociLinuxSeccomp {
|
||||
fn seccomp_grpc_to_oci(sec: &grpc::LinuxSeccomp) -> oci::LinuxSeccomp {
|
||||
let syscalls = {
|
||||
let mut r = Vec::new();
|
||||
|
||||
@ -401,7 +369,7 @@ fn seccomp_grpc_to_oci(sec: &grpcLinuxSeccomp) -> ociLinuxSeccomp {
|
||||
let mut args = Vec::new();
|
||||
|
||||
for arg in sys.Args.iter() {
|
||||
args.push(ociLinuxSeccompArg {
|
||||
args.push(oci::LinuxSeccompArg {
|
||||
index: arg.Index as u32,
|
||||
value: arg.Value,
|
||||
value_two: arg.ValueTwo,
|
||||
@ -409,7 +377,7 @@ fn seccomp_grpc_to_oci(sec: &grpcLinuxSeccomp) -> ociLinuxSeccomp {
|
||||
});
|
||||
}
|
||||
|
||||
r.push(ociLinuxSyscall {
|
||||
r.push(oci::LinuxSyscall {
|
||||
names: sys.Names.clone().into_vec(),
|
||||
action: sys.Action.clone(),
|
||||
errno_ret: sys.ErrnoRet,
|
||||
@ -419,7 +387,7 @@ fn seccomp_grpc_to_oci(sec: &grpcLinuxSeccomp) -> ociLinuxSeccomp {
|
||||
r
|
||||
};
|
||||
|
||||
ociLinuxSeccomp {
|
||||
oci::LinuxSeccomp {
|
||||
default_action: sec.DefaultAction.clone(),
|
||||
architectures: sec.Architectures.clone().into_vec(),
|
||||
flags: sec.Flags.clone().into_vec(),
|
||||
@ -427,7 +395,7 @@ fn seccomp_grpc_to_oci(sec: &grpcLinuxSeccomp) -> ociLinuxSeccomp {
|
||||
}
|
||||
}
|
||||
|
||||
fn linux_grpc_to_oci(l: &grpcLinux) -> ociLinux {
|
||||
fn linux_grpc_to_oci(l: &grpc::Linux) -> oci::Linux {
|
||||
let uid_mappings = idmaps_grpc_to_oci(l.UIDMappings.as_ref());
|
||||
let gid_mappings = idmaps_grpc_to_oci(l.GIDMappings.as_ref());
|
||||
|
||||
@ -447,7 +415,7 @@ fn linux_grpc_to_oci(l: &grpcLinux) -> ociLinux {
|
||||
let mut r = Vec::new();
|
||||
|
||||
for ns in l.Namespaces.iter() {
|
||||
r.push(ociLinuxNamespace {
|
||||
r.push(oci::LinuxNamespace {
|
||||
r#type: ns.Type.clone(),
|
||||
path: ns.Path.clone(),
|
||||
});
|
||||
@ -459,7 +427,7 @@ fn linux_grpc_to_oci(l: &grpcLinux) -> ociLinux {
|
||||
let mut r = Vec::new();
|
||||
|
||||
for d in l.Devices.iter() {
|
||||
r.push(ociLinuxDevice {
|
||||
r.push(oci::LinuxDevice {
|
||||
path: d.Path.clone(),
|
||||
r#type: d.Type.clone(),
|
||||
major: d.Major,
|
||||
@ -475,14 +443,14 @@ fn linux_grpc_to_oci(l: &grpcLinux) -> ociLinux {
|
||||
let intel_rdt = if l.IntelRdt.is_some() {
|
||||
let rdt = l.IntelRdt.as_ref().unwrap();
|
||||
|
||||
Some(ociLinuxIntelRdt {
|
||||
Some(oci::LinuxIntelRdt {
|
||||
l3_cache_schema: rdt.L3CacheSchema.clone(),
|
||||
})
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
ociLinux {
|
||||
oci::Linux {
|
||||
uid_mappings,
|
||||
gid_mappings,
|
||||
sysctl: l.Sysctl.clone(),
|
||||
@ -499,11 +467,11 @@ fn linux_grpc_to_oci(l: &grpcLinux) -> ociLinux {
|
||||
}
|
||||
}
|
||||
|
||||
fn linux_oci_to_grpc(_l: &ociLinux) -> grpcLinux {
|
||||
grpcLinux::default()
|
||||
fn linux_oci_to_grpc(_l: &oci::Linux) -> grpc::Linux {
|
||||
grpc::Linux::default()
|
||||
}
|
||||
|
||||
pub fn grpc_to_oci(grpc: &grpcSpec) -> ociSpec {
|
||||
pub fn grpc_to_oci(grpc: &grpc::Spec) -> oci::Spec {
|
||||
// process
|
||||
let process = if grpc.Process.is_some() {
|
||||
Some(process_grpc_to_oci(grpc.Process.as_ref().unwrap()))
|
||||
@ -541,7 +509,7 @@ pub fn grpc_to_oci(grpc: &grpcSpec) -> ociSpec {
|
||||
None
|
||||
};
|
||||
|
||||
ociSpec {
|
||||
oci::Spec {
|
||||
version: grpc.Version.clone(),
|
||||
process,
|
||||
root,
|
||||
|
@ -6,7 +6,7 @@
|
||||
use crate::container::Config;
|
||||
use anyhow::{anyhow, Context, Error, Result};
|
||||
use nix::errno::Errno;
|
||||
use oci::{Linux, LinuxIDMapping, LinuxNamespace, Spec};
|
||||
use oci::{Linux, LinuxIdMapping, LinuxNamespace, Spec};
|
||||
use std::collections::HashMap;
|
||||
use std::path::{Component, PathBuf};
|
||||
|
||||
@ -107,7 +107,7 @@ fn security(oci: &Spec) -> Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn idmapping(maps: &[LinuxIDMapping]) -> Result<()> {
|
||||
fn idmapping(maps: &[LinuxIdMapping]) -> Result<()> {
|
||||
for map in maps {
|
||||
if map.size > 0 {
|
||||
return Ok(());
|
||||
@ -238,7 +238,7 @@ fn rootless_euid_mapping(oci: &Spec) -> Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn has_idmapping(maps: &[LinuxIDMapping], id: u32) -> bool {
|
||||
fn has_idmapping(maps: &[LinuxIdMapping], id: u32) -> bool {
|
||||
for map in maps {
|
||||
if id >= map.container_id && id < map.container_id + map.size {
|
||||
return true;
|
||||
@ -441,7 +441,7 @@ mod tests {
|
||||
usernamespace(&spec).unwrap();
|
||||
|
||||
let mut linux = Linux::default();
|
||||
linux.uid_mappings = vec![LinuxIDMapping {
|
||||
linux.uid_mappings = vec![LinuxIdMapping {
|
||||
container_id: 0,
|
||||
host_id: 1000,
|
||||
size: 0,
|
||||
@ -450,7 +450,7 @@ mod tests {
|
||||
usernamespace(&spec).unwrap_err();
|
||||
|
||||
let mut linux = Linux::default();
|
||||
linux.uid_mappings = vec![LinuxIDMapping {
|
||||
linux.uid_mappings = vec![LinuxIdMapping {
|
||||
container_id: 0,
|
||||
host_id: 1000,
|
||||
size: 100,
|
||||
@ -497,12 +497,12 @@ mod tests {
|
||||
path: "/sys/cgroups/user".to_owned(),
|
||||
},
|
||||
];
|
||||
linux.uid_mappings = vec![LinuxIDMapping {
|
||||
linux.uid_mappings = vec![LinuxIdMapping {
|
||||
container_id: 0,
|
||||
host_id: 1000,
|
||||
size: 1000,
|
||||
}];
|
||||
linux.gid_mappings = vec![LinuxIDMapping {
|
||||
linux.gid_mappings = vec![LinuxIdMapping {
|
||||
container_id: 0,
|
||||
host_id: 1000,
|
||||
size: 1000,
|
||||
|
@ -273,12 +273,12 @@ fn get_string_value(param: &str) -> Result<String> {
|
||||
}
|
||||
|
||||
// We need name (but the value can be blank)
|
||||
if fields[0] == "" {
|
||||
if fields[0].is_empty() {
|
||||
return Err(anyhow!(ERR_INVALID_GET_VALUE_NO_NAME));
|
||||
}
|
||||
|
||||
let value = fields[1..].join("=");
|
||||
if value == "" {
|
||||
if value.is_empty() {
|
||||
return Err(anyhow!(ERR_INVALID_GET_VALUE_NO_VALUE));
|
||||
}
|
||||
|
||||
|
@ -96,10 +96,10 @@ struct ScsiBlockMatcher {
|
||||
}
|
||||
|
||||
impl ScsiBlockMatcher {
|
||||
fn new(scsi_addr: &str) -> Result<ScsiBlockMatcher> {
|
||||
fn new(scsi_addr: &str) -> ScsiBlockMatcher {
|
||||
let search = format!(r"/0:0:{}/block/", scsi_addr);
|
||||
|
||||
Ok(ScsiBlockMatcher { search })
|
||||
ScsiBlockMatcher { search }
|
||||
}
|
||||
}
|
||||
|
||||
@ -113,7 +113,7 @@ pub async fn get_scsi_device_name(
|
||||
sandbox: &Arc<Mutex<Sandbox>>,
|
||||
scsi_addr: &str,
|
||||
) -> Result<String> {
|
||||
let matcher = ScsiBlockMatcher::new(scsi_addr)?;
|
||||
let matcher = ScsiBlockMatcher::new(scsi_addr);
|
||||
|
||||
scan_scsi_bus(scsi_addr)?;
|
||||
let uev = wait_for_uevent(sandbox, matcher).await?;
|
||||
@ -126,12 +126,12 @@ struct VirtioBlkPciMatcher {
|
||||
}
|
||||
|
||||
impl VirtioBlkPciMatcher {
|
||||
fn new(relpath: &str) -> Result<VirtioBlkPciMatcher> {
|
||||
fn new(relpath: &str) -> VirtioBlkPciMatcher {
|
||||
let root_bus = create_pci_root_bus_path();
|
||||
let re = format!(r"^{}{}/virtio[0-9]+/block/", root_bus, relpath);
|
||||
Ok(VirtioBlkPciMatcher {
|
||||
VirtioBlkPciMatcher {
|
||||
rex: Regex::new(&re).unwrap(),
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -147,7 +147,7 @@ pub async fn get_virtio_blk_pci_device_name(
|
||||
) -> Result<String> {
|
||||
let root_bus_sysfs = format!("{}{}", SYSFS_DIR, create_pci_root_bus_path());
|
||||
let sysfs_rel_path = pcipath_to_sysfs(&root_bus_sysfs, pcipath)?;
|
||||
let matcher = VirtioBlkPciMatcher::new(&sysfs_rel_path)?;
|
||||
let matcher = VirtioBlkPciMatcher::new(&sysfs_rel_path);
|
||||
|
||||
rescan_pci_bus()?;
|
||||
|
||||
@ -161,10 +161,10 @@ struct PmemBlockMatcher {
|
||||
}
|
||||
|
||||
impl PmemBlockMatcher {
|
||||
fn new(devname: &str) -> Result<PmemBlockMatcher> {
|
||||
fn new(devname: &str) -> PmemBlockMatcher {
|
||||
let suffix = format!(r"/block/{}", devname);
|
||||
|
||||
Ok(PmemBlockMatcher { suffix })
|
||||
PmemBlockMatcher { suffix }
|
||||
}
|
||||
}
|
||||
|
||||
@ -188,7 +188,7 @@ pub async fn wait_for_pmem_device(sandbox: &Arc<Mutex<Sandbox>>, devpath: &str)
|
||||
}
|
||||
};
|
||||
|
||||
let matcher = PmemBlockMatcher::new(devname)?;
|
||||
let matcher = PmemBlockMatcher::new(devname);
|
||||
let uev = wait_for_uevent(sandbox, matcher).await?;
|
||||
if uev.devname != devname {
|
||||
return Err(anyhow!(
|
||||
@ -822,7 +822,7 @@ mod tests {
|
||||
sandbox: &Arc<Mutex<Sandbox>>,
|
||||
relpath: &str,
|
||||
) -> Result<String> {
|
||||
let matcher = VirtioBlkPciMatcher::new(relpath)?;
|
||||
let matcher = VirtioBlkPciMatcher::new(relpath);
|
||||
|
||||
let uev = wait_for_uevent(sandbox, matcher).await?;
|
||||
|
||||
@ -875,12 +875,12 @@ mod tests {
|
||||
uev_a.subsystem = "block".to_string();
|
||||
uev_a.devname = devname.to_string();
|
||||
uev_a.devpath = format!("{}{}/virtio4/block/{}", root_bus, relpath_a, devname);
|
||||
let matcher_a = VirtioBlkPciMatcher::new(&relpath_a).unwrap();
|
||||
let matcher_a = VirtioBlkPciMatcher::new(&relpath_a);
|
||||
|
||||
let mut uev_b = uev_a.clone();
|
||||
let relpath_b = "/0000:00:0a.0/0000:00:0b.0";
|
||||
uev_b.devpath = format!("{}{}/virtio0/block/{}", root_bus, relpath_b, devname);
|
||||
let matcher_b = VirtioBlkPciMatcher::new(&relpath_b).unwrap();
|
||||
let matcher_b = VirtioBlkPciMatcher::new(&relpath_b);
|
||||
|
||||
assert!(matcher_a.is_match(&uev_a));
|
||||
assert!(matcher_b.is_match(&uev_b));
|
||||
@ -902,7 +902,7 @@ mod tests {
|
||||
"{}/0000:00:00.0/virtio0/host0/target0:0:0/0:0:{}/block/sda",
|
||||
root_bus, addr_a
|
||||
);
|
||||
let matcher_a = ScsiBlockMatcher::new(&addr_a).unwrap();
|
||||
let matcher_a = ScsiBlockMatcher::new(&addr_a);
|
||||
|
||||
let mut uev_b = uev_a.clone();
|
||||
let addr_b = "2:0";
|
||||
@ -910,7 +910,7 @@ mod tests {
|
||||
"{}/0000:00:00.0/virtio0/host0/target0:0:2/0:0:{}/block/sdb",
|
||||
root_bus, addr_b
|
||||
);
|
||||
let matcher_b = ScsiBlockMatcher::new(&addr_b).unwrap();
|
||||
let matcher_b = ScsiBlockMatcher::new(&addr_b);
|
||||
|
||||
assert!(matcher_a.is_match(&uev_a));
|
||||
assert!(matcher_b.is_match(&uev_b));
|
||||
|
@ -45,18 +45,18 @@ impl Namespace {
|
||||
logger: logger.clone(),
|
||||
path: String::from(""),
|
||||
persistent_ns_dir: String::from(PERSISTENT_NS_DIR),
|
||||
ns_type: NamespaceType::IPC,
|
||||
ns_type: NamespaceType::Ipc,
|
||||
hostname: None,
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_ipc(mut self) -> Self {
|
||||
self.ns_type = NamespaceType::IPC;
|
||||
self.ns_type = NamespaceType::Ipc;
|
||||
self
|
||||
}
|
||||
|
||||
pub fn get_uts(mut self, hostname: &str) -> Self {
|
||||
self.ns_type = NamespaceType::UTS;
|
||||
self.ns_type = NamespaceType::Uts;
|
||||
if !hostname.is_empty() {
|
||||
self.hostname = Some(String::from(hostname));
|
||||
}
|
||||
@ -64,7 +64,7 @@ impl Namespace {
|
||||
}
|
||||
|
||||
pub fn get_pid(mut self) -> Self {
|
||||
self.ns_type = NamespaceType::PID;
|
||||
self.ns_type = NamespaceType::Pid;
|
||||
self
|
||||
}
|
||||
|
||||
@ -81,7 +81,7 @@ impl Namespace {
|
||||
|
||||
let ns_path = PathBuf::from(&self.persistent_ns_dir);
|
||||
let ns_type = self.ns_type;
|
||||
if ns_type == NamespaceType::PID {
|
||||
if ns_type == NamespaceType::Pid {
|
||||
return Err(anyhow!("Cannot persist namespace of PID type"));
|
||||
}
|
||||
let logger = self.logger.clone();
|
||||
@ -104,7 +104,7 @@ impl Namespace {
|
||||
|
||||
unshare(cf)?;
|
||||
|
||||
if ns_type == NamespaceType::UTS && hostname.is_some() {
|
||||
if ns_type == NamespaceType::Uts && hostname.is_some() {
|
||||
nix::unistd::sethostname(hostname.unwrap())?;
|
||||
}
|
||||
// Bind mount the new namespace from the current thread onto the mount point to persist it.
|
||||
@ -147,27 +147,27 @@ impl Namespace {
|
||||
/// Represents the Namespace type.
|
||||
#[derive(Clone, Copy, PartialEq)]
|
||||
enum NamespaceType {
|
||||
IPC,
|
||||
UTS,
|
||||
PID,
|
||||
Ipc,
|
||||
Uts,
|
||||
Pid,
|
||||
}
|
||||
|
||||
impl NamespaceType {
|
||||
/// Get the string representation of the namespace type.
|
||||
pub fn get(&self) -> &str {
|
||||
match *self {
|
||||
Self::IPC => "ipc",
|
||||
Self::UTS => "uts",
|
||||
Self::PID => "pid",
|
||||
Self::Ipc => "ipc",
|
||||
Self::Uts => "uts",
|
||||
Self::Pid => "pid",
|
||||
}
|
||||
}
|
||||
|
||||
/// Get the associate flags with the namespace type.
|
||||
pub fn get_flags(&self) -> CloneFlags {
|
||||
match *self {
|
||||
Self::IPC => CloneFlags::CLONE_NEWIPC,
|
||||
Self::UTS => CloneFlags::CLONE_NEWUTS,
|
||||
Self::PID => CloneFlags::CLONE_NEWPID,
|
||||
Self::Ipc => CloneFlags::CLONE_NEWIPC,
|
||||
Self::Uts => CloneFlags::CLONE_NEWUTS,
|
||||
Self::Pid => CloneFlags::CLONE_NEWPID,
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -178,12 +178,6 @@ impl fmt::Debug for NamespaceType {
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for NamespaceType {
|
||||
fn default() -> Self {
|
||||
NamespaceType::IPC
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::{Namespace, NamespaceType};
|
||||
@ -234,15 +228,15 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn test_namespace_type() {
|
||||
let ipc = NamespaceType::IPC;
|
||||
let ipc = NamespaceType::Ipc;
|
||||
assert_eq!("ipc", ipc.get());
|
||||
assert_eq!(CloneFlags::CLONE_NEWIPC, ipc.get_flags());
|
||||
|
||||
let uts = NamespaceType::UTS;
|
||||
let uts = NamespaceType::Uts;
|
||||
assert_eq!("uts", uts.get());
|
||||
assert_eq!(CloneFlags::CLONE_NEWUTS, uts.get_flags());
|
||||
|
||||
let pid = NamespaceType::PID;
|
||||
let pid = NamespaceType::Pid;
|
||||
assert_eq!("pid", pid.get());
|
||||
assert_eq!(CloneFlags::CLONE_NEWPID, pid.get_flags());
|
||||
}
|
||||
|
@ -542,12 +542,10 @@ impl Handle {
|
||||
ntype: NDA_UNSPEC as u8,
|
||||
},
|
||||
nlas: {
|
||||
let mut nlas = vec![];
|
||||
|
||||
nlas.push(Nla::Destination(match ip {
|
||||
let mut nlas = vec![Nla::Destination(match ip {
|
||||
IpAddr::V4(v4) => v4.octets().to_vec(),
|
||||
IpAddr::V6(v6) => v6.octets().to_vec(),
|
||||
}));
|
||||
})];
|
||||
|
||||
if !neigh.lladdr.is_empty() {
|
||||
nlas.push(Nla::LinkLocalAddress(
|
||||
|
@ -245,11 +245,13 @@ mod tests {
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_wait_for_uevent() {
|
||||
let mut uev = crate::uevent::Uevent::default();
|
||||
uev.action = crate::linux_abi::U_EVENT_ACTION_ADD.to_string();
|
||||
uev.subsystem = "test".to_string();
|
||||
uev.devpath = "/test/sysfs/path".to_string();
|
||||
uev.devname = "testdevname".to_string();
|
||||
let uev = Uevent {
|
||||
action: crate::linux_abi::U_EVENT_ACTION_ADD.to_string(),
|
||||
subsystem: "test".to_string(),
|
||||
devpath: "/test/sysfs/path".to_string(),
|
||||
devname: "testdevname".to_string(),
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
let matcher = AlwaysMatch();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user