mirror/youki
1
0
Fork 0
mirror of https://github.com/containers/youki synced 2024-11-26 06:08:07 +01:00
Code Issues

Merge pull request #2787 from jprendes/rustfmt

Browse Source 
Add `rustfmt.toml` to standardize formatting
This commit is contained in:
Toru Komatsu 2024-05-16 21:45:44 +09:00 committed by GitHub
commit 2b86907b29
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
162 changed files with 995 additions and 990 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.git-blame-ignore-revs Normal file
View File

@ -0,0 +1,6 @@
# Ignore commits in the blame view
# see:
# https://docs.github.com/en/repositories/working-with-files/using-files/viewing-a-file#ignore-commits-in-the-blame-view
# Bulk apply formatting
13a3fd516e9904d5cd7ef20ead76dd70cd172fe7

4
.github/workflows/basic.yml vendored
View File

@ -44,7 +44,9 @@ jobs:
- name: Setup Rust toolchain and cache
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: rustfmt, clippy
components: clippy
- name: Install nightly rustfmt
run: rustup toolchain install nightly --component rustfmt --profile minimal --no-self-update
- name: typos-action
uses: crate-ci/typos@v1.14.12
- name: Install just

12
crates/libcgroups/examples/bpf.rs
View File

@ -2,19 +2,15 @@ use anyhow::Result;
#[cfg(feature = "cgroupsv2_devices")]
mod bpf {
use anyhow::{bail, Result};
use clap::Arg;
use clap::Command;
use oci_spec::runtime::LinuxDeviceCgroup;
use std::os::unix::io::AsRawFd;
use std::path::Path;
use anyhow::{bail, Result};
use clap::{Arg, Command};
use libcgroups::v2::devices::{bpf, emulator, program};
use nix::fcntl::OFlag;
use nix::sys::stat::Mode;
use libcgroups::v2::devices::bpf;
use libcgroups::v2::devices::emulator;
use libcgroups::v2::devices::program;
use oci_spec::runtime::LinuxDeviceCgroup;
const LICENSE: &str = "Apache";
fn cli() -> Command {

23
crates/libcgroups/src/common.rs
View File

@ -1,26 +1,19 @@
use std::{
fmt::{Debug, Display},
fs::{self, File},
io::{BufRead, BufReader, Write},
path::{Path, PathBuf, StripPrefixError},
time::Duration,
};
use std::fmt::{Debug, Display};
use std::fs::{self, File};
use std::io::{BufRead, BufReader, Write};
use std::path::{Path, PathBuf, StripPrefixError};
use std::time::Duration;
use nix::{
sys::statfs::{statfs, CGROUP2_SUPER_MAGIC, TMPFS_MAGIC},
unistd::Pid,
};
use nix::sys::statfs::{statfs, CGROUP2_SUPER_MAGIC, TMPFS_MAGIC};
use nix::unistd::Pid;
use oci_spec::runtime::LinuxResources;
#[cfg(any(feature = "cgroupsv2_devices", feature = "v1"))]
use oci_spec::runtime::{
LinuxDevice, LinuxDeviceBuilder, LinuxDeviceCgroup, LinuxDeviceCgroupBuilder, LinuxDeviceType,
};
use super::systemd;
use super::v1;
use super::v2;
use super::stats::Stats;
use super::{systemd, v1, v2};
pub const CGROUP_PROCS: &str = "cgroup.procs";
pub const DEFAULT_CGROUP_ROOT: &str = "/sys/fs/cgroup";

19
crates/libcgroups/src/stats.rs
View File

@ -1,15 +1,13 @@
use serde::Serialize;
use std::{
collections::HashMap,
fmt::Display,
fs,
num::ParseIntError,
path::{Path, PathBuf},
};
use std::collections::HashMap;
use std::fmt::Display;
use std::fs;
use std::num::ParseIntError;
use std::path::{Path, PathBuf};
use crate::common::{WrapIoResult, WrappedIoError};
use serde::Serialize;
use super::common;
use crate::common::{WrapIoResult, WrappedIoError};
pub(crate) trait StatsProvider {
type Error;
@ -475,9 +473,8 @@ fn parse_psi(stat_line: &str, path: &Path) -> Result<PSIData, WrappedIoError> {
#[cfg(test)]
mod tests {
use crate::test::set_fixture;
use super::*;
use crate::test::set_fixture;
#[test]
fn test_supported_page_sizes_gigabyte() {

1
crates/libcgroups/src/systemd/controller.rs
View File

@ -1,7 +1,6 @@
use std::collections::HashMap;
use super::dbus_native::serialize::Variant;
use crate::common::ControllerOpt;
pub(super) trait Controller {

5
crates/libcgroups/src/systemd/cpu.rs
View File

@ -1,9 +1,9 @@
use std::collections::HashMap;
use super::dbus_native::serialize::Variant;
use oci_spec::runtime::LinuxCpu;
use super::controller::Controller;
use super::dbus_native::serialize::Variant;
use crate::common::ControllerOpt;
pub const CPU_WEIGHT: &str = "CPUWeight";
@ -95,9 +95,8 @@ mod tests {
use oci_spec::runtime::LinuxCpuBuilder;
use super::super::dbus_native::serialize::DbusSerialize;
use crate::recast;
use super::*;
use crate::recast;
#[test]
fn test_set_shares() -> Result<()> {

8
crates/libcgroups/src/systemd/cpuset.rs
View File

@ -1,12 +1,11 @@
use std::collections::HashMap;
use super::dbus_native::serialize::Variant;
use fixedbitset::FixedBitSet;
use oci_spec::runtime::LinuxCpu;
use crate::common::ControllerOpt;
use super::controller::Controller;
use super::dbus_native::serialize::Variant;
use crate::common::ControllerOpt;
pub const ALLOWED_CPUS: &str = "AllowedCPUs";
pub const ALLOWED_NODES: &str = "AllowedMemoryNodes";
@ -139,9 +138,8 @@ mod tests {
use oci_spec::runtime::LinuxCpuBuilder;
use super::super::dbus_native::serialize::DbusSerialize;
use crate::recast;
use super::*;
use crate::recast;
#[test]
fn to_bitmask_single_value() -> Result<()> {

4
crates/libcgroups/src/systemd/dbus_native/client.rs
View File

@ -1,7 +1,9 @@
use super::{serialize::Variant, utils::SystemdClientError};
use std::collections::HashMap;
use std::path::PathBuf;
use super::serialize::Variant;
use super::utils::SystemdClientError;
pub trait SystemdClient {
fn is_system(&self) -> bool;

18
crates/libcgroups/src/systemd/dbus_native/dbus.rs
View File

@ -1,16 +1,17 @@
use crate::systemd::dbus_native::serialize::{DbusSerialize, Structure, Variant};
use super::client::SystemdClient;
use super::message::*;
use super::proxy::Proxy;
use super::utils::{DbusError, Result, SystemdClientError};
use nix::sys::socket;
use std::collections::HashMap;
use std::io::{IoSlice, IoSliceMut};
use std::os::fd::AsRawFd;
use std::path::PathBuf;
use std::sync::atomic::{AtomicU32, Ordering};
use nix::sys::socket;
use super::client::SystemdClient;
use super::message::*;
use super::proxy::Proxy;
use super::utils::{DbusError, Result, SystemdClientError};
use crate::systemd::dbus_native::serialize::{DbusSerialize, Structure, Variant};
const REPLY_BUF_SIZE: usize = 128; // seems good enough tradeoff between extra size and repeated calls
/// NOTE that this is meant for a single-threaded use, and concurrent
@ -461,9 +462,10 @@ impl SystemdClient for DbusConnection {
#[cfg(test)]
mod tests {
use nix::unistd::getuid;
use super::super::utils::Result;
use super::{uid_to_hex_str, DbusConnection, SystemdClientError};
use nix::unistd::getuid;
#[test]
fn test_uid_to_hex_str() {

6
crates/libcgroups/src/systemd/dbus_native/message.rs
View File

@ -489,11 +489,9 @@ impl Message {
#[cfg(test)]
mod tests {
use crate::systemd::dbus_native::serialize::{Structure, Variant};
use super::super::serialize::DbusSerialize;
use super::{Header, HeaderKind, HeaderValue, MessageType};
use super::{Message, Result};
use super::{Header, HeaderKind, HeaderValue, Message, MessageType, Result};
use crate::systemd::dbus_native::serialize::{Structure, Variant};
// The hardcoded serialized values are captured from
// original dbus library communication
// and manually decoded.

60
crates/libcgroups/src/systemd/manager.rs
View File

@ -1,32 +1,30 @@
use std::{
collections::HashMap,
convert::Infallible,
fmt::{Debug, Display},
fs::{self},
path::Component::RootDir,
};
use nix::{unistd::Pid, NixPath};
use std::collections::HashMap;
use std::convert::Infallible;
use std::fmt::{Debug, Display};
use std::fs::{self};
use std::path::Component::RootDir;
use std::path::{Path, PathBuf};
use super::{
controller::Controller,
controller_type::{ControllerType, CONTROLLER_TYPES},
cpu::Cpu,
cpuset::CpuSet,
dbus_native::{client::SystemdClient, dbus::DbusConnection, utils::SystemdClientError},
memory::Memory,
pids::Pids,
use nix::unistd::Pid;
use nix::NixPath;
use super::controller::Controller;
use super::controller_type::{ControllerType, CONTROLLER_TYPES};
use super::cpu::Cpu;
use super::cpuset::CpuSet;
use super::dbus_native::client::SystemdClient;
use super::dbus_native::dbus::DbusConnection;
use super::dbus_native::utils::SystemdClientError;
use super::memory::Memory;
use super::pids::Pids;
use crate::common::{
self, AnyCgroupManager, CgroupManager, ControllerOpt, FreezerState, JoinSafelyError,
PathBufExt, WrapIoResult, WrappedIoError,
};
use crate::{
common::{
self, AnyCgroupManager, CgroupManager, ControllerOpt, FreezerState, JoinSafelyError,
PathBufExt, WrapIoResult, WrappedIoError,
},
systemd::{dbus_native::serialize::Variant, unified::Unified},
v2::manager::V2ManagerError,
};
use crate::{stats::Stats, v2::manager::Manager as FsManager};
use crate::stats::Stats;
use crate::systemd::dbus_native::serialize::Variant;
use crate::systemd::unified::Unified;
use crate::v2::manager::{Manager as FsManager, V2ManagerError};
const CGROUP_CONTROLLERS: &str = "cgroup.controllers";
const CGROUP_SUBTREE_CONTROL: &str = "cgroup.subtree_control";
@ -436,12 +434,10 @@ mod tests {
use anyhow::{Context, Result};
use super::*;
use crate::{
common::DEFAULT_CGROUP_ROOT,
systemd::dbus_native::{
client::SystemdClient, serialize::Variant, utils::SystemdClientError,
},
};
use crate::common::DEFAULT_CGROUP_ROOT;
use crate::systemd::dbus_native::client::SystemdClient;
use crate::systemd::dbus_native::serialize::Variant;
use crate::systemd::dbus_native::utils::SystemdClientError;
struct TestSystemdClient {}

8
crates/libcgroups/src/systemd/memory.rs
View File

@ -1,11 +1,10 @@
use std::collections::HashMap;
use super::dbus_native::serialize::Variant;
use oci_spec::runtime::LinuxMemory;
use crate::common::ControllerOpt;
use super::controller::Controller;
use super::dbus_native::serialize::Variant;
use crate::common::ControllerOpt;
pub const MEMORY_MIN: &str = "MemoryMin";
pub const MEMORY_LOW: &str = "MemoryLow";
@ -118,9 +117,8 @@ mod tests {
use oci_spec::runtime::LinuxMemoryBuilder;
use super::super::dbus_native::serialize::DbusSerialize;
use crate::recast;
use super::*;
use crate::recast;
#[test]
fn test_set_valid_memory_low() -> Result<()> {

16
crates/libcgroups/src/systemd/pids.rs
View File

@ -1,11 +1,11 @@
use std::{collections::HashMap, convert::Infallible};
use std::collections::HashMap;
use std::convert::Infallible;
use super::dbus_native::serialize::Variant;
use oci_spec::runtime::LinuxPids;
use crate::common::ControllerOpt;
use super::controller::Controller;
use super::dbus_native::serialize::Variant;
use crate::common::ControllerOpt;
pub const TASKS_MAX: &str = "TasksMax";
@ -43,13 +43,13 @@ impl Pids {
#[cfg(test)]
mod tests {
use super::super::dbus_native::serialize::DbusSerialize;
use crate::recast;
use super::*;
use anyhow::{anyhow, Context, Result};
use oci_spec::runtime::{LinuxPidsBuilder, LinuxResources, LinuxResourcesBuilder};
use super::super::dbus_native::serialize::DbusSerialize;
use super::*;
use crate::recast;
fn setup(resources: &LinuxResources) -> (ControllerOpt, HashMap<&str, Variant>) {
let properties = HashMap::new();
let options = ControllerOpt {

20
crates/libcgroups/src/systemd/unified.rs
View File

@ -1,12 +1,11 @@
use super::dbus_native::serialize::Variant;
use std::{collections::HashMap, num::ParseIntError};
use std::collections::HashMap;
use std::num::ParseIntError;
use super::{
controller::Controller,
cpu::{self, convert_shares_to_cgroup2},
cpuset::{self, to_bitmask, BitmaskError},
memory, pids,
};
use super::controller::Controller;
use super::cpu::{self, convert_shares_to_cgroup2};
use super::cpuset::{self, to_bitmask, BitmaskError};
use super::dbus_native::serialize::Variant;
use super::{memory, pids};
use crate::common::ControllerOpt;
#[derive(thiserror::Error, Debug)]
@ -155,12 +154,11 @@ impl Unified {
#[cfg(test)]
mod tests {
use super::super::dbus_native::serialize::DbusSerialize;
use anyhow::{Context, Result};
use crate::recast;
use super::super::dbus_native::serialize::DbusSerialize;
use super::*;
use crate::recast;
#[test]
fn test_set() -> Result<()> {

7
crates/libcgroups/src/test.rs
View File

@ -1,10 +1,9 @@
#![cfg(test)]
use std::io::Write;
use std::path::{Path, PathBuf};
use anyhow::{Context, Result};
use std::{
io::Write,
path::{Path, PathBuf},
};
pub fn setup(cgroup_file: &str) -> (tempfile::TempDir, PathBuf) {
let tmp = tempfile::tempdir().expect("create temp directory for test");

9
crates/libcgroups/src/test_manager.rs
View File

@ -1,11 +1,10 @@
use std::{cell::RefCell, convert::Infallible};
use std::cell::RefCell;
use std::convert::Infallible;
use nix::unistd::Pid;
use crate::{
common::{CgroupManager, ControllerOpt, FreezerState},
stats::Stats,
};
use crate::common::{CgroupManager, ControllerOpt, FreezerState};
use crate::stats::Stats;
#[derive(Debug)]
pub struct TestManager {

17
crates/libcgroups/src/v1/blkio.rs
View File

@ -1,16 +1,11 @@
use std::{
num::ParseIntError,
path::{Path, PathBuf},
};
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{self, BlkioDeviceStat, BlkioStats, ParseDeviceNumberError, StatsProvider},
};
use std::num::ParseIntError;
use std::path::{Path, PathBuf};
use oci_spec::runtime::LinuxBlockIo;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{self, BlkioDeviceStat, BlkioStats, ParseDeviceNumberError, StatsProvider};
// Throttling/upper limit policy
// ---------------------------------------
@ -259,11 +254,11 @@ impl Blkio {
mod tests {
use std::fs;
use oci_spec::runtime::{LinuxBlockIoBuilder, LinuxThrottleDeviceBuilder};
use super::*;
use crate::test::{set_fixture, setup};
use oci_spec::runtime::{LinuxBlockIoBuilder, LinuxThrottleDeviceBuilder};
#[test]
fn test_set_blkio_weight() {
for cgroup_file in &[BLKIO_WEIGHT, BLKIO_BFQ_WEIGHT] {

3
crates/libcgroups/src/v1/controller.rs
View File

@ -1,4 +1,5 @@
use std::{fs, path::Path};
use std::fs;
use std::path::Path;
use nix::unistd::Pid;

13
crates/libcgroups/src/v1/cpu.rs
View File

@ -2,12 +2,9 @@ use std::path::{Path, PathBuf};
use oci_spec::runtime::LinuxCpu;
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{parse_flat_keyed_data, CpuThrottling, ParseFlatKeyedDataError, StatsProvider},
};
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{parse_flat_keyed_data, CpuThrottling, ParseFlatKeyedDataError, StatsProvider};
const CGROUP_CPU_SHARES: &str = "cpu.shares";
const CGROUP_CPU_QUOTA: &str = "cpu.cfs_quota_us";
@ -135,10 +132,12 @@ impl Cpu {
#[cfg(test)]
mod tests {
use std::fs;
use oci_spec::runtime::LinuxCpuBuilder;
use super::*;
use crate::test::{set_fixture, setup};
use oci_spec::runtime::LinuxCpuBuilder;
use std::fs;
#[test]
fn test_set_shares() {

19
crates/libcgroups/src/v1/cpuacct.rs
View File

@ -1,14 +1,9 @@
use std::{
num::ParseIntError,
path::{Path, PathBuf},
};
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{parse_flat_keyed_data, CpuUsage, ParseFlatKeyedDataError, StatsProvider},
};
use std::num::ParseIntError;
use std::path::{Path, PathBuf};
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{parse_flat_keyed_data, CpuUsage, ParseFlatKeyedDataError, StatsProvider};
// Contains user mode and kernel mode cpu consumption
const CGROUP_CPUACCT_STAT: &str = "cpuacct.stat";
@ -151,10 +146,8 @@ mod tests {
use tempfile::TempDir;
use super::*;
use crate::{
common::CGROUP_PROCS,
test::{set_fixture, setup},
};
use crate::common::CGROUP_PROCS;
use crate::test::{set_fixture, setup};
fn setup_total_cpu(stat_content: &str, usage_content: &str) -> TempDir {
let tmp = tempfile::tempdir().unwrap();

18
crates/libcgroups/src/v1/cpuset.rs
View File

@ -1,20 +1,15 @@
use std::{
fs,
path::{Path, PathBuf, StripPrefixError},
};
use std::fs;
use std::path::{Path, PathBuf, StripPrefixError};
use nix::unistd;
use oci_spec::runtime::LinuxCpu;
use unistd::Pid;
use super::controller::Controller;
use super::util::{self, V1MountPointError};
use super::ControllerType;
use crate::common::{self, ControllerOpt, WrapIoResult, WrappedIoError, CGROUP_PROCS};
use super::{
controller::Controller,
util::{self, V1MountPointError},
ControllerType,
};
const CGROUP_CPUSET_CPUS: &str = "cpuset.cpus";
const CGROUP_CPUSET_MEMS: &str = "cpuset.mems";
@ -122,9 +117,10 @@ impl CpuSet {
mod tests {
use std::fs;
use oci_spec::runtime::LinuxCpuBuilder;
use super::*;
use crate::test::setup;
use oci_spec::runtime::LinuxCpuBuilder;
#[test]
fn test_set_cpus() {

9
crates/libcgroups/src/v1/devices.rs
View File

@ -1,8 +1,9 @@
use std::path::Path;
use oci_spec::runtime::LinuxDeviceCgroup;
use super::controller::Controller;
use crate::common::{self, default_allow_devices, default_devices, ControllerOpt, WrappedIoError};
use oci_spec::runtime::LinuxDeviceCgroup;
pub struct Devices {}
@ -52,10 +53,12 @@ impl Devices {
#[cfg(test)]
mod tests {
use std::fs::read_to_string;
use oci_spec::runtime::{LinuxDeviceCgroupBuilder, LinuxDeviceType};
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::{LinuxDeviceCgroupBuilder, LinuxDeviceType};
use std::fs::read_to_string;
#[test]
fn test_set_default_devices() {

13
crates/libcgroups/src/v1/freezer.rs
View File

@ -1,10 +1,10 @@
use std::fs::OpenOptions;
use std::io::Read;
use std::{fs::OpenOptions, path::Path, thread, time};
use crate::common::{self, WrapIoResult, WrappedIoError};
use crate::common::{ControllerOpt, FreezerState};
use std::path::Path;
use std::{thread, time};
use super::controller::Controller;
use crate::common::{self, ControllerOpt, FreezerState, WrapIoResult, WrappedIoError};
const CGROUP_FREEZER_STATE: &str = "freezer.state";
const FREEZER_STATE_THAWED: &str = "THAWED";
@ -130,11 +130,12 @@ impl Freezer {
#[cfg(test)]
mod tests {
use nix::unistd::Pid;
use oci_spec::runtime::LinuxResourcesBuilder;
use super::*;
use crate::common::{FreezerState, CGROUP_PROCS};
use crate::test::set_fixture;
use nix::unistd::Pid;
use oci_spec::runtime::LinuxResourcesBuilder;
#[test]
fn test_set_freezer_state() {

19
crates/libcgroups/src/v1/hugetlb.rs
View File

@ -1,13 +1,14 @@
use crate::{
common::{self, ControllerOpt, EitherError, MustBePowerOfTwo, WrappedIoError},
stats::{supported_page_sizes, HugeTlbStats, StatsProvider, SupportedPageSizesError},
};
use std::{collections::HashMap, num::ParseIntError, path::Path};
use std::collections::HashMap;
use std::num::ParseIntError;
use std::path::Path;
use crate::common::read_cgroup_file;
use oci_spec::runtime::LinuxHugepageLimit;
use super::controller::Controller;
use crate::common::{
self, read_cgroup_file, ControllerOpt, EitherError, MustBePowerOfTwo, WrappedIoError,
};
use crate::stats::{supported_page_sizes, HugeTlbStats, StatsProvider, SupportedPageSizesError};
#[derive(thiserror::Error, Debug)]
pub enum V1HugeTlbControllerError {
@ -153,10 +154,12 @@ impl HugeTlb {
#[cfg(test)]
mod tests {
use std::fs::read_to_string;
use oci_spec::runtime::LinuxHugepageLimitBuilder;
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::LinuxHugepageLimitBuilder;
use std::fs::read_to_string;
#[test]
fn test_set_hugetlb() {

34
crates/libcgroups/src/v1/manager.rs
View File

@ -1,28 +1,28 @@
use std::collections::HashMap;
use std::fs;
use std::path::Path;
use std::path::{Path, PathBuf};
use std::time::Duration;
use std::{collections::HashMap, path::PathBuf};
use nix::unistd::Pid;
use procfs::process::Process;
use procfs::ProcError;
use super::blkio::V1BlkioStatsError;
use super::cpu::V1CpuStatsError;
use super::cpuacct::V1CpuAcctStatsError;
use super::cpuset::V1CpuSetControllerError;
use super::freezer::V1FreezerControllerError;
use super::hugetlb::{V1HugeTlbControllerError, V1HugeTlbStatsError};
use super::memory::{V1MemoryControllerError, V1MemoryStatsError};
use super::blkio::{Blkio, V1BlkioStatsError};
use super::controller::Controller;
use super::controller_type::CONTROLLERS;
use super::cpu::{Cpu, V1CpuStatsError};
use super::cpuacct::{CpuAcct, V1CpuAcctStatsError};
use super::cpuset::{CpuSet, V1CpuSetControllerError};
use super::devices::Devices;
use super::freezer::{Freezer, V1FreezerControllerError};
use super::hugetlb::{HugeTlb, V1HugeTlbControllerError, V1HugeTlbStatsError};
use super::memory::{Memory, V1MemoryControllerError, V1MemoryStatsError};
use super::network_classifier::NetworkClassifier;
use super::network_priority::NetworkPriority;
use super::perf_event::PerfEvent;
use super::pids::Pids;
use super::util::V1MountPointError;
use super::{
blkio::Blkio, controller::Controller, controller_type::CONTROLLERS, cpu::Cpu, cpuacct::CpuAcct,
cpuset::CpuSet, devices::Devices, freezer::Freezer, hugetlb::HugeTlb, memory::Memory,
network_classifier::NetworkClassifier, network_priority::NetworkPriority,
perf_event::PerfEvent, pids::Pids, util, ControllerType as CtrlType,
};
use super::{util, ControllerType as CtrlType};
use crate::common::{
self, AnyCgroupManager, CgroupManager, ControllerOpt, FreezerState, JoinSafelyError,
PathBufExt, WrapIoResult, WrappedIoError, CGROUP_PROCS,

16
crates/libcgroups/src/v1/memory.rs
View File

@ -1,21 +1,20 @@
use std::collections::HashMap;
use std::fmt::Display;
use std::io::{prelude::*, Write};
use std::fs::OpenOptions;
use std::io::prelude::*;
use std::io::Write;
use std::num::ParseIntError;
use std::path::PathBuf;
use std::{fs::OpenOptions, path::Path};
use std::path::{Path, PathBuf};
use nix::errno::Errno;
use oci_spec::runtime::LinuxMemory;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrapIoResult, WrappedIoError};
use crate::stats::{
self, parse_single_value, MemoryData, MemoryStats, ParseFlatKeyedDataError, StatsProvider,
};
use oci_spec::runtime::LinuxMemory;
use super::controller::Controller;
const CGROUP_MEMORY_SWAP_LIMIT: &str = "memory.memsw.limit_in_bytes";
const CGROUP_MEMORY_LIMIT: &str = "memory.limit_in_bytes";
const CGROUP_MEMORY_USAGE: &str = "memory.usage_in_bytes";
@ -409,10 +408,11 @@ impl Memory {
#[cfg(test)]
mod tests {
use oci_spec::runtime::{LinuxMemoryBuilder, LinuxResourcesBuilder};
use super::*;
use crate::common::CGROUP_PROCS;
use crate::test::set_fixture;
use oci_spec::runtime::{LinuxMemoryBuilder, LinuxResourcesBuilder};
#[test]
fn test_set_memory() {

5
crates/libcgroups/src/v1/network_classifier.rs
View File

@ -1,9 +1,9 @@
use std::path::Path;
use crate::common::{self, ControllerOpt, WrappedIoError};
use oci_spec::runtime::LinuxNetwork;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
pub struct NetworkClassifier {}
@ -38,9 +38,10 @@ impl NetworkClassifier {
#[cfg(test)]
mod tests {
use oci_spec::runtime::LinuxNetworkBuilder;
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::LinuxNetworkBuilder;
#[test]
fn test_apply_network_classifier() {

5
crates/libcgroups/src/v1/network_priority.rs
View File

@ -1,9 +1,9 @@
use std::path::Path;
use crate::common::{self, ControllerOpt, WrappedIoError};
use oci_spec::runtime::LinuxNetwork;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
pub struct NetworkPriority {}
@ -39,9 +39,10 @@ impl NetworkPriority {
#[cfg(test)]
mod tests {
use oci_spec::runtime::{LinuxInterfacePriorityBuilder, LinuxNetworkBuilder};
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::{LinuxInterfacePriorityBuilder, LinuxNetworkBuilder};
#[test]
fn test_apply_network_priorites() {

5
crates/libcgroups/src/v1/perf_event.rs
View File

@ -1,7 +1,7 @@
use crate::common::{ControllerOpt, WrappedIoError};
use std::path::Path;
use super::controller::Controller;
use crate::common::{ControllerOpt, WrappedIoError};
pub struct PerfEvent {}
@ -25,7 +25,8 @@ mod tests {
use nix::unistd::Pid;
use super::*;
use crate::{common::CGROUP_PROCS, test::setup};
use crate::common::CGROUP_PROCS;
use crate::test::setup;
#[test]
fn test_add_task() {

9
crates/libcgroups/src/v1/pids.rs
View File

@ -1,12 +1,10 @@
use std::path::Path;
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{self, PidStats, PidStatsError, StatsProvider},
};
use oci_spec::runtime::LinuxPids;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{self, PidStats, PidStatsError, StatsProvider};
// Contains the maximum allowed number of active pids
const CGROUP_PIDS_MAX: &str = "pids.max";
@ -56,9 +54,10 @@ impl Pids {
#[cfg(test)]
mod tests {
use oci_spec::runtime::LinuxPidsBuilder;
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::LinuxPidsBuilder;
// Contains the current number of active pids
const CGROUP_PIDS_CURRENT: &str = "pids.current";

9
crates/libcgroups/src/v1/util.rs
View File

@ -1,8 +1,11 @@
use std::{collections::HashMap, path::PathBuf};
use std::collections::HashMap;
use std::path::PathBuf;
use procfs::{process::Process, ProcError};
use procfs::process::Process;
use procfs::ProcError;
use super::{controller_type::CONTROLLERS, ControllerType};
use super::controller_type::CONTROLLERS;
use super::ControllerType;
#[derive(thiserror::Error, Debug)]
pub enum V1MountPointError {

25
crates/libcgroups/src/v2/cpu.rs
View File

@ -1,16 +1,11 @@
use std::{
borrow::Cow,
path::{Path, PathBuf},
};
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{self, CpuStats, ParseFlatKeyedDataError, StatsProvider},
};
use std::borrow::Cow;
use std::path::{Path, PathBuf};
use oci_spec::runtime::LinuxCpu;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{self, CpuStats, ParseFlatKeyedDataError, StatsProvider};
const CGROUP_CPU_WEIGHT: &str = "cpu.weight";
const CGROUP_CPU_MAX: &str = "cpu.max";
@ -168,14 +163,14 @@ impl Cpu {
#[cfg(test)]
mod tests {
use super::*;
use crate::{
stats::{CpuThrottling, CpuUsage},
test::{set_fixture, setup},
};
use oci_spec::runtime::LinuxCpuBuilder;
use std::fs;
use oci_spec::runtime::LinuxCpuBuilder;
use super::*;
use crate::stats::{CpuThrottling, CpuUsage};
use crate::test::{set_fixture, setup};
#[test]
fn test_set_valid_shares() {
// arrange

5
crates/libcgroups/src/v2/cpuset.rs
View File

@ -1,9 +1,9 @@
use std::path::Path;
use crate::common::{self, ControllerOpt, WrappedIoError};
use oci_spec::runtime::LinuxCpu;
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
const CGROUP_CPUSET_CPUS: &str = "cpuset.cpus";
const CGROUP_CPUSET_MEMS: &str = "cpuset.mems";
@ -40,9 +40,10 @@ impl CpuSet {
mod tests {
use std::fs;
use oci_spec::runtime::LinuxCpuBuilder;
use super::*;
use crate::test::setup;
use oci_spec::runtime::LinuxCpuBuilder;
#[test]
fn test_set_cpus() {

27
crates/libcgroups/src/v2/devices/bpf.rs
View File

@ -14,29 +14,28 @@ pub enum BpfError {
#[cfg_attr(test, automock)]
pub mod prog {
use super::ProgramInfo;
use std::os::unix::io::RawFd;
use std::ptr;
use libbpf_sys::{bpf_insn, BPF_CGROUP_DEVICE, BPF_F_ALLOW_MULTI, BPF_PROG_TYPE_CGROUP_DEVICE};
use libc::{rlimit, ENOSPC, RLIMIT_MEMLOCK};
// mocks
// TODO: consider use of #[mockall_double]
#[cfg(test)]
use crate::v2::devices::mocks::mock_libc::setrlimit;
#[cfg(not(test))]
use libbpf_sys::{
bpf_prog_attach, bpf_prog_detach2, bpf_prog_get_fd_by_id, bpf_prog_load, bpf_prog_query,
};
#[cfg(not(test))]
use libc::setrlimit;
use libc::{rlimit, ENOSPC, RLIMIT_MEMLOCK};
use super::ProgramInfo;
// TODO: consider use of #[mockall_double]
#[cfg(test)]
use crate::v2::devices::mocks::mock_libbpf_sys::{
bpf_prog_attach, bpf_prog_detach2, bpf_prog_get_fd_by_id, bpf_prog_load, bpf_prog_query,
};
#[cfg(not(test))]
use libbpf_sys::{
bpf_prog_attach, bpf_prog_detach2, bpf_prog_get_fd_by_id, bpf_prog_load, bpf_prog_query,
};
// mocks
// TODO: consider use of #[mockall_double]
#[cfg(test)]
use crate::v2::devices::mocks::mock_libc::setrlimit;
pub fn load(license: &str, insns: &[u8]) -> Result<RawFd, super::BpfError> {
let insns_cnt = insns.len() / std::mem::size_of::<bpf_insn>();
@ -154,13 +153,13 @@ pub mod prog {
#[cfg(test)]
mod tests {
use super::prog;
use crate::v2::devices::mocks::{mock_libbpf_sys, mock_libc};
use errno::{set_errno, Errno};
use libc::{ENOSPC, ENOSYS};
use serial_test::serial;
use super::prog;
use crate::v2::devices::mocks::{mock_libbpf_sys, mock_libc};
#[test]
#[serial(libbpf_sys)] // mock contexts are shared
fn test_bpf_load() {

26
crates/libcgroups/src/v2/devices/controller.rs
View File

@ -1,22 +1,20 @@
use std::os::unix::io::AsRawFd;
use std::path::Path;
use super::bpf::BpfError;
use super::program::ProgramError;
use super::*;
#[cfg(test)]
use bpf::mock_prog as bpf_prog;
#[cfg(not(test))]
use bpf::prog as bpf_prog;
use nix::fcntl::OFlag;
use nix::sys::stat::Mode;
use oci_spec::runtime::LinuxDeviceCgroup;
use super::bpf::BpfError;
use super::program::ProgramError;
use super::*;
use crate::common::{default_allow_devices, default_devices, ControllerOpt};
use crate::v2::controller::Controller;
#[cfg(test)]
use bpf::mock_prog as bpf_prog;
#[cfg(not(test))]
use bpf::prog as bpf_prog;
const LICENSE: &str = "Apache";
pub struct Devices {}
@ -116,14 +114,14 @@ impl Devices {
#[cfg(test)]
mod tests {
use super::*;
use crate::test::setup;
use serial_test::serial;
use oci_spec::runtime::{LinuxDeviceCgroupBuilder, LinuxDeviceType};
use std::os::unix::io::RawFd;
use bpf::mock_prog;
use oci_spec::runtime::{LinuxDeviceCgroupBuilder, LinuxDeviceType};
use serial_test::serial;
use super::*;
use crate::test::setup;
#[test]
#[serial(bpf)] // mock contexts are shared

3
crates/libcgroups/src/v2/devices/emulator.rs
View File

@ -53,9 +53,10 @@ impl Emulator {
#[cfg(test)]
mod tests {
use super::*;
use oci_spec::runtime::LinuxDeviceCgroupBuilder;
use super::*;
#[test]
fn test_with_default_allow() {
// act

7
crates/libcgroups/src/v2/devices/program.rs
View File

@ -1,8 +1,6 @@
use oci_spec::runtime::*;
use rbpf::disassembler::disassemble;
use rbpf::insn_builder::Arch as RbpfArch;
use rbpf::insn_builder::*;
use rbpf::insn_builder::{Arch as RbpfArch, *};
pub struct Program {
prog: BpfCode,
@ -259,10 +257,11 @@ fn bpf_cgroup_dev_ctx(
#[cfg(test)]
mod tests {
use super::*;
use anyhow::Result;
use oci_spec::runtime::LinuxDeviceCgroupBuilder;
use super::*;
fn build_bpf_program(rules: &Option<Vec<LinuxDeviceCgroup>>) -> Result<Program> {
let mut em = crate::v2::devices::emulator::Emulator::with_default_allow(false);
if let Some(rules) = rules {

20
crates/libcgroups/src/v2/freezer.rs
View File

@ -1,15 +1,12 @@
use std::{
fs::OpenOptions,
io::{BufRead, BufReader, Read, Seek, Write},
path::Path,
str::{self, Utf8Error},
thread,
time::Duration,
};
use crate::common::{ControllerOpt, FreezerState, WrapIoResult, WrappedIoError};
use std::fs::OpenOptions;
use std::io::{BufRead, BufReader, Read, Seek, Write};
use std::path::Path;
use std::str::{self, Utf8Error};
use std::thread;
use std::time::Duration;
use super::controller::Controller;
use crate::common::{ControllerOpt, FreezerState, WrapIoResult, WrappedIoError};
const CGROUP_FREEZE: &str = "cgroup.freeze";
const CGROUP_EVENTS: &str = "cgroup.events";
@ -147,10 +144,11 @@ impl Freezer {
#[cfg(test)]
mod tests {
use std::sync::Arc;
use super::*;
use crate::common::FreezerState;
use crate::test::set_fixture;
use std::sync::Arc;
#[test]
fn test_set_freezer_state() {

30
crates/libcgroups/src/v2/hugetlb.rs
View File

@ -1,20 +1,16 @@
use std::{
collections::HashMap,
num::ParseIntError,
path::{Path, PathBuf},
};
use std::collections::HashMap;
use std::num::ParseIntError;
use std::path::{Path, PathBuf};
use oci_spec::runtime::LinuxHugepageLimit;
use super::controller::Controller;
use crate::{
common::{self, ControllerOpt, EitherError, MustBePowerOfTwo, WrappedIoError},
stats::{
parse_single_value, supported_page_sizes, HugeTlbStats, StatsProvider,
SupportedPageSizesError,
},
use crate::common::{
self, read_cgroup_file, ControllerOpt, EitherError, MustBePowerOfTwo, WrappedIoError,
};
use crate::stats::{
parse_single_value, supported_page_sizes, HugeTlbStats, StatsProvider, SupportedPageSizesError,
};
use crate::common::read_cgroup_file;
use oci_spec::runtime::LinuxHugepageLimit;
#[derive(thiserror::Error, Debug)]
pub enum V2HugeTlbControllerError {
@ -151,10 +147,12 @@ impl HugeTlb {
#[cfg(test)]
mod tests {
use std::fs::read_to_string;
use oci_spec::runtime::LinuxHugepageLimitBuilder;
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::LinuxHugepageLimitBuilder;
use std::fs::read_to_string;
#[test]
fn test_set_hugetlb() {

27
crates/libcgroups/src/v2/io.rs
View File

@ -1,18 +1,14 @@
use std::{
num::ParseIntError,
path::{Path, PathBuf},
};
use std::num::ParseIntError;
use std::path::{Path, PathBuf};
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{
self, psi_stats, BlkioDeviceStat, BlkioStats, ParseDeviceNumberError,
ParseNestedKeyedDataError, StatsProvider,
},
};
use oci_spec::runtime::LinuxBlockIo;
use super::controller::Controller;
use oci_spec::runtime::LinuxBlockIo;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{
self, psi_stats, BlkioDeviceStat, BlkioStats, ParseDeviceNumberError,
ParseNestedKeyedDataError, StatsProvider,
};
const CGROUP_BFQ_IO_WEIGHT: &str = "io.bfq.weight";
const CGROUP_IO_WEIGHT: &str = "io.weight";
@ -197,13 +193,14 @@ impl Io {
}
#[cfg(test)]
mod test {
use super::*;
use crate::test::{set_fixture, setup};
use std::fs;
use oci_spec::runtime::{
LinuxBlockIoBuilder, LinuxThrottleDeviceBuilder, LinuxWeightDeviceBuilder,
};
use std::fs;
use super::*;
use crate::test::{set_fixture, setup};
#[test]
fn test_set_io_read_bps() {

49
crates/libcgroups/src/v2/manager.rs
View File

@ -1,36 +1,31 @@
use std::{
fs::{self},
os::unix::fs::PermissionsExt,
path::{Component::RootDir, Path, PathBuf},
time::Duration,
};
use std::fs::{self};
use std::os::unix::fs::PermissionsExt;
use std::path::Component::RootDir;
use std::path::{Path, PathBuf};
use std::time::Duration;
use nix::unistd::Pid;
use super::controller::Controller;
use super::controller_type::{
ControllerType, PseudoControllerType, CONTROLLER_TYPES, PSEUDO_CONTROLLER_TYPES,
};
use super::cpu::{Cpu, V2CpuControllerError, V2CpuStatsError};
use super::cpuset::CpuSet;
#[cfg(feature = "cgroupsv2_devices")]
use super::devices::Devices;
use super::{
controller::Controller,
controller_type::{
ControllerType, PseudoControllerType, CONTROLLER_TYPES, PSEUDO_CONTROLLER_TYPES,
},
cpu::{Cpu, V2CpuControllerError, V2CpuStatsError},
cpuset::CpuSet,
freezer::{Freezer, V2FreezerError},
hugetlb::{HugeTlb, V2HugeTlbControllerError, V2HugeTlbStatsError},
io::{Io, V2IoControllerError, V2IoStatsError},
memory::{Memory, V2MemoryControllerError, V2MemoryStatsError},
pids::Pids,
unified::{Unified, V2UnifiedError},
util::{self, V2UtilError, CGROUP_SUBTREE_CONTROL},
};
use crate::{
common::{
self, AnyCgroupManager, CgroupManager, ControllerOpt, FreezerState, JoinSafelyError,
PathBufExt, WrapIoResult, WrappedIoError, CGROUP_PROCS,
},
stats::{PidStatsError, Stats, StatsProvider},
use super::freezer::{Freezer, V2FreezerError};
use super::hugetlb::{HugeTlb, V2HugeTlbControllerError, V2HugeTlbStatsError};
use super::io::{Io, V2IoControllerError, V2IoStatsError};
use super::memory::{Memory, V2MemoryControllerError, V2MemoryStatsError};
use super::pids::Pids;
use super::unified::{Unified, V2UnifiedError};
use super::util::{self, V2UtilError, CGROUP_SUBTREE_CONTROL};
use crate::common::{
self, AnyCgroupManager, CgroupManager, ControllerOpt, FreezerState, JoinSafelyError,
PathBufExt, WrapIoResult, WrappedIoError, CGROUP_PROCS,
};
use crate::stats::{PidStatsError, Stats, StatsProvider};
pub const CGROUP_KILL: &str = "cgroup.kill";

13
crates/libcgroups/src/v2/memory.rs
View File

@ -2,12 +2,9 @@ use std::path::Path;
use oci_spec::runtime::LinuxMemory;
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{self, MemoryData, MemoryStats, ParseFlatKeyedDataError, StatsProvider},
};
use super::controller::Controller;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{self, MemoryData, MemoryStats, ParseFlatKeyedDataError, StatsProvider};
const CGROUP_MEMORY_SWAP: &str = "memory.swap.max";
const CGROUP_MEMORY_MAX: &str = "memory.max";
@ -166,10 +163,12 @@ impl Memory {
#[cfg(test)]
mod tests {
use std::fs::read_to_string;
use oci_spec::runtime::LinuxMemoryBuilder;
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::LinuxMemoryBuilder;
use std::fs::read_to_string;
#[test]
fn test_set_memory() {

11
crates/libcgroups/src/v2/pids.rs
View File

@ -1,12 +1,10 @@
use std::path::Path;
use crate::{
common::{self, ControllerOpt, WrappedIoError},
stats::{self, PidStats, PidStatsError, StatsProvider},
};
use oci_spec::runtime::LinuxPids;
use super::controller::Controller;
use oci_spec::runtime::LinuxPids;
use crate::common::{self, ControllerOpt, WrappedIoError};
use crate::stats::{self, PidStats, PidStatsError, StatsProvider};
pub struct Pids {}
@ -47,9 +45,10 @@ impl Pids {
#[cfg(test)]
mod tests {
use oci_spec::runtime::LinuxPidsBuilder;
use super::*;
use crate::test::set_fixture;
use oci_spec::runtime::LinuxPidsBuilder;
#[test]
fn test_set_pids() {

6
crates/libcgroups/src/v2/unified.rs
View File

@ -1,4 +1,5 @@
use std::{collections::HashMap, path::Path};
use std::collections::HashMap;
use std::path::Path;
use super::controller_type::ControllerType;
use crate::common::{self, ControllerOpt, WrappedIoError};
@ -61,11 +62,10 @@ mod tests {
use oci_spec::runtime::LinuxResourcesBuilder;
use super::*;
use crate::test::set_fixture;
use crate::v2::controller_type::ControllerType;
use super::*;
#[test]
fn test_set_unified() {
// arrange

6
crates/libcgroups/src/v2/util.rs
View File

@ -1,10 +1,10 @@
use std::path::{Path, PathBuf};
use procfs::{process::Process, ProcError};
use crate::common::{self, WrappedIoError};
use procfs::process::Process;
use procfs::ProcError;
use super::controller_type::ControllerType;
use crate::common::{self, WrappedIoError};
pub const CGROUP_CONTROLLERS: &str = "cgroup.controllers";
pub const CGROUP_SUBTREE_CONTROL: &str = "cgroup.subtree_control";

7
crates/libcontainer/src/apparmor.rs
View File

@ -1,8 +1,7 @@
use std::fs::{self};
use std::path::Path;
use crate::utils;
use std::{
fs::{self},
path::Path,
};
#[derive(Debug, thiserror::Error)]
pub enum AppArmorError {

10
crates/libcontainer/src/capabilities.rs
View File

@ -1,10 +1,9 @@
//! Handles Management of Capabilities
use crate::syscall::{Syscall, SyscallError};
use caps::Capability as CapsCapability;
use caps::*;
use caps::{Capability as CapsCapability, *};
use oci_spec::runtime::{Capabilities, Capability as SpecCapability, LinuxCapabilities};
use crate::syscall::{Syscall, SyscallError};
/// Converts a list of capability types to capabilities has set
fn to_set(caps: &Capabilities) -> CapsHashSet {
let mut capabilities = CapsHashSet::new();
@ -165,9 +164,10 @@ pub fn drop_privileges<S: Syscall + ?Sized>(
#[cfg(test)]
mod tests {
use oci_spec::runtime::LinuxCapabilitiesBuilder;
use std::collections::HashSet;
use oci_spec::runtime::LinuxCapabilitiesBuilder;
use super::*;
use crate::syscall::test::TestHelperSyscall;

16
crates/libcontainer/src/channel.rs
View File

@ -1,13 +1,11 @@
use nix::{
sys::socket::{self, UnixAddr},
unistd::{self},
};
use std::io::{IoSlice, IoSliceMut};
use std::marker::PhantomData;
use std::os::fd::AsRawFd;
use std::os::unix::prelude::RawFd;
use nix::sys::socket::{self, UnixAddr};
use nix::unistd::{self};
use serde::{Deserialize, Serialize};
use std::{
io::{IoSlice, IoSliceMut},
marker::PhantomData,
os::{fd::AsRawFd, unix::prelude::RawFd},
};
#[derive(Debug, thiserror::Error)]
pub enum ChannelError {

15
crates/libcontainer/src/config.rs
View File

@ -1,11 +1,11 @@
use crate::utils;
use std::fs;
use std::io::{BufReader, BufWriter, Write};
use std::path::{Path, PathBuf};
use oci_spec::runtime::{Hooks, Spec};
use serde::{Deserialize, Serialize};
use std::{
fs,
io::{BufReader, BufWriter, Write},
path::{Path, PathBuf},
};
use crate::utils;
#[derive(Debug, thiserror::Error)]
pub enum ConfigError {
@ -98,9 +98,10 @@ impl<'a> YoukiConfig {
#[cfg(test)]
mod tests {
use super::*;
use anyhow::Result;
use super::*;
#[test]
fn test_config_from_spec() -> Result<()> {
let container_id = "sample";

14
crates/libcontainer/src/container/builder.rs
View File

@ -1,10 +1,11 @@
use std::path::PathBuf;
use super::init_builder::InitContainerBuilder;
use super::tenant_builder::TenantContainerBuilder;
use crate::error::{ErrInvalidID, LibcontainerError};
use crate::syscall::syscall::SyscallType;
use crate::utils::PathBufExt;
use crate::workload::{self, Executor};
use std::path::PathBuf;
use super::{init_builder::InitContainerBuilder, tenant_builder::TenantContainerBuilder};
pub struct ContainerBuilder {
/// Id of the container
@ -260,10 +261,13 @@ impl ContainerBuilder {
#[cfg(test)]
mod tests {
use crate::{container::builder::ContainerBuilder, syscall::syscall::SyscallType};
use anyhow::{Context, Result};
use std::path::PathBuf;
use anyhow::{Context, Result};
use crate::container::builder::ContainerBuilder;
use crate::syscall::syscall::SyscallType;
#[test]
fn test_failable_functions() -> Result<()> {
let root_path_temp_dir = tempfile::tempdir().context("failed to create temp dir")?;

29
crates/libcontainer/src/container/builder_impl.rs
View File

@ -1,24 +1,23 @@
use std::{fs, io::Write, os::unix::prelude::RawFd, path::PathBuf, rc::Rc};
use std::fs;
use std::io::Write;
use std::os::unix::prelude::RawFd;
use std::path::PathBuf;
use std::rc::Rc;
use libcgroups::common::CgroupManager;
use nix::unistd::Pid;
use oci_spec::runtime::Spec;
use super::{Container, ContainerStatus};
use crate::{
error::{LibcontainerError, MissingSpecError},
hooks,
notify_socket::NotifyListener,
process::{
self,
args::{ContainerArgs, ContainerType},
intel_rdt::delete_resctrl_subdirectory,
},
syscall::syscall::SyscallType,
user_ns::UserNamespaceConfig,
utils,
workload::Executor,
};
use crate::error::{LibcontainerError, MissingSpecError};
use crate::notify_socket::NotifyListener;
use crate::process::args::{ContainerArgs, ContainerType};
use crate::process::intel_rdt::delete_resctrl_subdirectory;
use crate::process::{self};
use crate::syscall::syscall::SyscallType;
use crate::user_ns::UserNamespaceConfig;
use crate::workload::Executor;
use crate::{hooks, utils};
pub(super) struct ContainerBuilderImpl {
/// Flag indicating if an init or a tenant container should be created

25
crates/libcontainer/src/container/container.rs
View File

@ -1,18 +1,17 @@
use crate::config::YoukiConfig;
use crate::container::{ContainerStatus, State};
use crate::error::LibcontainerError;
use crate::syscall::syscall::create_syscall;
use chrono::DateTime;
use chrono::Utc;
use nix::unistd::Pid;
use procfs::process::Process;
use std::collections::HashMap;
use std::ffi::OsString;
use std::fs;
use std::path::{Path, PathBuf};
use chrono::{DateTime, Utc};
use nix::unistd::Pid;
use procfs::process::Process;
use crate::config::YoukiConfig;
use crate::container::{ContainerStatus, State};
use crate::error::LibcontainerError;
use crate::syscall::syscall::create_syscall;
/// Structure representing the container data
#[derive(Debug, Clone)]
pub struct Container {
@ -228,11 +227,11 @@ pub struct CheckpointOptions {
#[cfg(test)]
mod tests {
use super::*;
use anyhow::Context;
use anyhow::Result;
use anyhow::{Context, Result};
use serial_test::serial;
use super::*;
#[test]
fn test_get_set_pid() {
let mut container = Container::default();

13
crates/libcontainer/src/container/container_checkpoint.rs
View File

@ -1,14 +1,15 @@
use super::{Container, ContainerStatus};
use crate::container::container::CheckpointOptions;
use crate::error::LibcontainerError;
use std::fs::{self, File};
use std::io::Write;
use std::os::unix::io::AsRawFd;
use libcgroups::common::CgroupSetup::{Hybrid, Legacy};
#[cfg(feature = "v1")]
use libcgroups::common::DEFAULT_CGROUP_ROOT;
use oci_spec::runtime::Spec;
use std::fs::{self, File};
use std::io::Write;
use std::os::unix::io::AsRawFd;
use super::{Container, ContainerStatus};
use crate::container::container::CheckpointOptions;
use crate::error::LibcontainerError;
const CRIU_CHECKPOINT_LOG_FILE: &str = "dump.log";
const DESCRIPTORS_JSON: &str = "descriptors.json";

12
crates/libcontainer/src/container/container_delete.rs
View File

@ -1,10 +1,14 @@
use std::fs;
use libcgroups::common::CgroupManager;
use libcgroups::{self};
use nix::sys::signal;
use super::{Container, ContainerStatus};
use crate::config::YoukiConfig;
use crate::error::LibcontainerError;
use crate::hooks;
use crate::process::intel_rdt::delete_resctrl_subdirectory;
use crate::{config::YoukiConfig, error::LibcontainerError};
use libcgroups::{self, common::CgroupManager};
use nix::sys::signal;
use std::fs;
impl Container {
/// Deletes the container

7
crates/libcontainer/src/container/container_events.rs
View File

@ -1,9 +1,10 @@
use std::{thread, time::Duration};
use std::thread;
use std::time::Duration;
use crate::error::LibcontainerError;
use libcgroups::common::CgroupManager;
use super::{Container, ContainerStatus};
use libcgroups::common::CgroupManager;
use crate::error::LibcontainerError;
impl Container {
/// Displays container events

6
crates/libcontainer/src/container/container_kill.rs
View File

@ -1,8 +1,10 @@
use super::{Container, ContainerStatus};
use crate::{error::LibcontainerError, signal::Signal};
use libcgroups::common::{get_cgroup_setup, CgroupManager};
use nix::sys::signal::{self};
use super::{Container, ContainerStatus};
use crate::error::LibcontainerError;
use crate::signal::Signal;
impl Container {
/// Sends the specified signal to the container init process
///

4
crates/libcontainer/src/container/container_pause.rs
View File

@ -1,7 +1,7 @@
use crate::error::LibcontainerError;
use libcgroups::common::{CgroupManager, FreezerState};
use super::{Container, ContainerStatus};
use libcgroups::common::{CgroupManager, FreezerState};
use crate::error::LibcontainerError;
impl Container {
/// Suspends all processes within the container

5
crates/libcontainer/src/container/container_resume.rs
View File

@ -1,8 +1,7 @@
use crate::error::LibcontainerError;
use libcgroups::common::{CgroupManager, FreezerState};
use super::{Container, ContainerStatus};
use libcgroups::common::{CgroupManager, FreezerState};
use crate::error::LibcontainerError;
impl Container {
/// Resumes all processes within the container

10
crates/libcontainer/src/container/container_start.rs
View File

@ -1,12 +1,10 @@
use nix::sys::signal;
use super::{Container, ContainerStatus};
use crate::{
config::YoukiConfig,
error::LibcontainerError,
hooks,
notify_socket::{NotifySocket, NOTIFY_FILE},
};
use crate::config::YoukiConfig;
use crate::error::LibcontainerError;
use crate::hooks;
use crate::notify_socket::{NotifySocket, NOTIFY_FILE};
impl Container {
/// Starts a previously created container

29
crates/libcontainer/src/container/init_builder.rs
View File

@ -1,23 +1,18 @@
use std::fs;
use std::path::{Path, PathBuf};
use std::rc::Rc;
use oci_spec::runtime::Spec;
use std::{
fs,
path::{Path, PathBuf},
rc::Rc,
};
use user_ns::UserNamespaceConfig;
use crate::{
apparmor,
config::YoukiConfig,
error::{ErrInvalidSpec, LibcontainerError, MissingSpecError},
notify_socket::NOTIFY_FILE,
process::args::ContainerType,
tty, user_ns, utils,
};
use super::{
builder::ContainerBuilder, builder_impl::ContainerBuilderImpl, Container, ContainerStatus,
};
use super::builder::ContainerBuilder;
use super::builder_impl::ContainerBuilderImpl;
use super::{Container, ContainerStatus};
use crate::config::YoukiConfig;
use crate::error::{ErrInvalidSpec, LibcontainerError, MissingSpecError};
use crate::notify_socket::NOTIFY_FILE;
use crate::process::args::ContainerType;
use crate::{apparmor, tty, user_ns, utils};
// Builder that can be used to configure the properties of a new container
pub struct InitContainerBuilder {

3
crates/libcontainer/src/container/mod.rs
View File

@ -18,7 +18,6 @@ mod container_start;
pub mod init_builder;
pub mod state;
pub mod tenant_builder;
pub use container::CheckpointOptions;
pub use container::Container;
pub use container::{CheckpointOptions, Container};
pub use container_checkpoint::CheckpointError;
pub use state::{ContainerProcessState, ContainerStatus, State};

4
crates/libcontainer/src/container/state.rs
View File

@ -2,9 +2,9 @@
use std::collections::HashMap;
use std::fmt::Display;
use std::fs;
use std::fs::File;
use std::io::{BufReader, BufWriter, Write};
use std::path::PathBuf;
use std::{fs::File, path::Path};
use std::path::{Path, PathBuf};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};

33
crates/libcontainer/src/container/tenant_builder.rs
View File

@ -1,3 +1,13 @@
use std::collections::HashMap;
use std::convert::TryFrom;
use std::ffi::{OsStr, OsString};
use std::fs;
use std::io::BufReader;
use std::os::unix::prelude::RawFd;
use std::path::{Path, PathBuf};
use std::rc::Rc;
use std::str::FromStr;
use caps::Capability;
use nix::fcntl::OFlag;
use nix::unistd::{close, pipe2, read, Pid};
@ -8,24 +18,15 @@ use oci_spec::runtime::{
};
use procfs::process::Namespace;
use std::rc::Rc;
use std::{
collections::HashMap,
convert::TryFrom,
ffi::{OsStr, OsString},
fs,
io::BufReader,
os::unix::prelude::RawFd,
path::{Path, PathBuf},
str::FromStr,
};
use super::builder::ContainerBuilder;
use super::Container;
use crate::capabilities::CapabilityExt;
use crate::container::builder_impl::ContainerBuilderImpl;
use crate::error::{ErrInvalidSpec, LibcontainerError, MissingSpecError};
use crate::notify_socket::NotifySocket;
use crate::process::args::ContainerType;
use crate::{capabilities::CapabilityExt, container::builder_impl::ContainerBuilderImpl};
use crate::{notify_socket::NotifySocket, tty, user_ns::UserNamespaceConfig, utils};
use super::{builder::ContainerBuilder, Container};
use crate::user_ns::UserNamespaceConfig;
use crate::{tty, utils};
const NAMESPACE_TYPES: &[&str] = &["ipc", "uts", "net", "pid", "mnt", "cgroup"];
const TENANT_NOTIFY: &str = "tenant-notify-";

24
crates/libcontainer/src/hooks.rs
View File

@ -1,15 +1,15 @@
use std::{
collections::HashMap,
io::{ErrorKind, Write},
os::unix::prelude::CommandExt,
path::Path,
process, thread, time,
};
use std::collections::HashMap;
use std::io::{ErrorKind, Write};
use std::os::unix::prelude::CommandExt;
use std::path::Path;
use std::{process, thread, time};
use nix::{sys::signal, unistd::Pid};
use nix::sys::signal;
use nix::unistd::Pid;
use oci_spec::runtime::Hook;
use crate::{container::Container, utils};
use crate::container::Container;
use crate::utils;
#[derive(Debug, thiserror::Error)]
pub enum HookError {
@ -144,11 +144,13 @@ pub fn run_hooks(
#[cfg(test)]
mod test {
use super::*;
use std::{env, fs};
use anyhow::{bail, Context, Result};
use oci_spec::runtime::HookBuilder;
use serial_test::serial;
use std::{env, fs};
use super::*;
fn is_command_in_path(program: &str) -> bool {
if let Ok(path) = env::var("PATH") {

16
crates/libcontainer/src/namespaces.rs
View File

@ -7,11 +7,16 @@
//! UTS (hostname and domain information, processes will think they're running on servers with different names),
//! Cgroup (Resource limits, execution priority etc.)
use crate::syscall::{syscall::create_syscall, Syscall};
use nix::{fcntl, sched::CloneFlags, sys::stat, unistd};
use oci_spec::runtime::{LinuxNamespace, LinuxNamespaceType};
use std::collections;
use nix::sched::CloneFlags;
use nix::sys::stat;
use nix::{fcntl, unistd};
use oci_spec::runtime::{LinuxNamespace, LinuxNamespaceType};
use crate::syscall::syscall::create_syscall;
use crate::syscall::Syscall;
type Result<T> = std::result::Result<T, NamespaceError>;
#[derive(Debug, thiserror::Error)]
@ -135,11 +140,12 @@ impl Namespaces {
#[cfg(test)]
mod tests {
use super::*;
use crate::syscall::test::TestHelperSyscall;
use oci_spec::runtime::{LinuxNamespaceBuilder, LinuxNamespaceType};
use serial_test::serial;
use super::*;
use crate::syscall::test::TestHelperSyscall;
fn gen_sample_linux_namespaces() -> Vec<LinuxNamespace> {
vec![
LinuxNamespaceBuilder::default()

3
crates/libcontainer/src/notify_socket.rs
View File

@ -1,4 +1,3 @@
use nix::unistd::{self, close};
use std::env;
use std::io::prelude::*;
use std::os::fd::FromRawFd;
@ -6,6 +5,8 @@ use std::os::unix::io::AsRawFd;
use std::os::unix::net::{UnixListener, UnixStream};
use std::path::{Path, PathBuf};
use nix::unistd::{self, close};
pub const NOTIFY_FILE: &str = "notify.sock";
#[derive(Debug, thiserror::Error)]

5
crates/libcontainer/src/process/args.rs
View File

@ -1,9 +1,10 @@
use libcgroups::common::CgroupConfig;
use oci_spec::runtime::Spec;
use std::os::unix::prelude::RawFd;
use std::path::PathBuf;
use std::rc::Rc;
use libcgroups::common::CgroupConfig;
use oci_spec::runtime::Spec;
use crate::container::Container;
use crate::notify_socket::NotifyListener;
use crate::syscall::syscall::SyscallType;

9
crates/libcontainer/src/process/channel.rs
View File

@ -1,7 +1,9 @@
use std::os::unix::prelude::{AsRawFd, RawFd};
use nix::unistd::Pid;
use crate::channel::{channel, Receiver, Sender};
use crate::process::message::Message;
use nix::unistd::Pid;
use std::os::unix::prelude::{AsRawFd, RawFd};
#[derive(Debug, thiserror::Error)]
pub enum ChannelError {
@ -308,12 +310,13 @@ impl InitReceiver {
#[cfg(test)]
mod tests {
use super::*;
use anyhow::{Context, Result};
use nix::sys::wait;
use nix::unistd;
use serial_test::serial;
use super::*;
// Note: due to cargo test by default runs tests in parallel using a single
// process, these tests should not be running in parallel with other tests.
// Because we run tests in the same process, other tests may decide to close

62
crates/libcontainer/src/process/container_init_process.rs
View File

@ -1,41 +1,29 @@
use std::{
collections::HashMap,
env, fs, mem,
os::unix::io::AsRawFd,
path::{Path, PathBuf},
};
use super::args::{ContainerArgs, ContainerType};
#[cfg(feature = "libseccomp")]
use crate::seccomp;
use crate::{
apparmor, capabilities,
error::MissingSpecError,
hooks,
namespaces::{NamespaceError, Namespaces},
notify_socket,
process::channel,
rootfs,
rootfs::RootFS,
syscall::{Syscall, SyscallError},
tty,
user_ns::UserNamespaceConfig,
utils, workload,
};
use std::collections::HashMap;
use std::os::unix::io::AsRawFd;
use std::path::{Path, PathBuf};
use std::{env, fs, mem};
use nc;
use nix::{
mount::MsFlags,
sched::CloneFlags,
sys::stat::Mode,
unistd::setsid,
unistd::{self, Gid, Uid},
};
use nix::mount::MsFlags;
use nix::sched::CloneFlags;
use nix::sys::stat::Mode;
use nix::unistd::{self, setsid, Gid, Uid};
use oci_spec::runtime::{
IOPriorityClass, LinuxIOPriority, LinuxNamespaceType, LinuxSchedulerFlag, LinuxSchedulerPolicy,
Scheduler, Spec, User,
};
use super::args::{ContainerArgs, ContainerType};
use crate::error::MissingSpecError;
use crate::namespaces::{NamespaceError, Namespaces};
use crate::process::channel;
use crate::rootfs::RootFS;
#[cfg(feature = "libseccomp")]
use crate::seccomp;
use crate::syscall::{Syscall, SyscallError};
use crate::user_ns::UserNamespaceConfig;
use crate::{apparmor, capabilities, hooks, notify_socket, rootfs, tty, utils, workload};
#[derive(Debug, thiserror::Error)]
pub enum InitProcessError {
#[error("failed to set sysctl")]
@ -879,18 +867,18 @@ fn verify_cwd() -> Result<()> {
#[cfg(test)]
mod tests {
use super::*;
use crate::syscall::{
syscall::create_syscall,
test::{ArgName, IoPriorityArgs, MountArgs, TestHelperSyscall},
};
use std::fs;
use anyhow::Result;
#[cfg(feature = "libseccomp")]
use nix::unistd;
use oci_spec::runtime::{LinuxNamespaceBuilder, SpecBuilder, UserBuilder};
#[cfg(feature = "libseccomp")]
use serial_test::serial;
use std::fs;
use super::*;
use crate::syscall::syscall::create_syscall;
use crate::syscall::test::{ArgName, IoPriorityArgs, MountArgs, TestHelperSyscall};
#[test]
fn test_readonly_path() -> Result<()> {

11
crates/libcontainer/src/process/container_intermediate_process.rs
View File

@ -1,8 +1,5 @@
use crate::error::MissingSpecError;
use crate::{namespaces::Namespaces, process::channel, process::fork};
use libcgroups::common::CgroupManager;
use nix::unistd::{close, write};
use nix::unistd::{Gid, Pid, Uid};
use nix::unistd::{close, write, Gid, Pid, Uid};
use oci_spec::runtime::{LinuxNamespace, LinuxNamespaceType, LinuxResources};
use procfs::process::Process;
@ -10,6 +7,9 @@ use super::args::{ContainerArgs, ContainerType};
use super::channel::{IntermediateReceiver, MainSender};
use super::container_init_process::container_init_process;
use super::fork::CloneCb;
use crate::error::MissingSpecError;
use crate::namespaces::Namespaces;
use crate::process::{channel, fork};
#[derive(Debug, thiserror::Error)]
pub enum IntermediateProcessError {
@ -261,13 +261,14 @@ fn apply_cgroups<
#[cfg(test)]
mod tests {
use super::*;
use anyhow::Result;
use libcgroups::test_manager::TestManager;
use nix::unistd::Pid;
use oci_spec::runtime::LinuxResources;
use procfs::process::Process;
use super::*;
#[test]
fn apply_cgroup_init() -> Result<()> {
// arrange

33
crates/libcontainer/src/process/container_main_process.rs
View File

@ -1,16 +1,13 @@
use crate::{
process::{
args::ContainerArgs,
channel, container_intermediate_process,
fork::{self, CloneCb},
intel_rdt::setup_intel_rdt,
},
syscall::SyscallError,
user_ns::UserNamespaceConfig,
};
use nix::sys::wait::{waitpid, WaitStatus};
use nix::unistd::Pid;
use crate::process::args::ContainerArgs;
use crate::process::fork::{self, CloneCb};
use crate::process::intel_rdt::setup_intel_rdt;
use crate::process::{channel, container_intermediate_process};
use crate::syscall::SyscallError;
use crate::user_ns::UserNamespaceConfig;
#[derive(Debug, thiserror::Error)]
pub enum ProcessError {
#[error(transparent)]
@ -231,17 +228,17 @@ fn setup_mapping(config: &UserNamespaceConfig, pid: Pid) -> Result<()> {
#[cfg(test)]
mod tests {
use std::fs;
use anyhow::Result;
use nix::sched::{unshare, CloneFlags};
use nix::unistd::{self, getgid, getuid};
use oci_spec::runtime::LinuxIdMappingBuilder;
use serial_test::serial;
use super::*;
use crate::process::channel::{intermediate_channel, main_channel};
use crate::user_ns::UserNamespaceIDMapper;
use anyhow::Result;
use nix::{
sched::{unshare, CloneFlags},
unistd::{self, getgid, getuid},
};
use oci_spec::runtime::LinuxIdMappingBuilder;
use serial_test::serial;
use std::fs;
#[test]
#[serial]

19
crates/libcontainer/src/process/fork.rs
View File

@ -1,10 +1,10 @@
use std::{ffi::c_int, fs::File, num::NonZeroUsize};
use std::ffi::c_int;
use std::fs::File;
use std::num::NonZeroUsize;
use libc::SIGCHLD;
use nix::{
sys::{mman, resource},
unistd::Pid,
};
use nix::sys::{mman, resource};
use nix::unistd::Pid;
#[derive(Debug, thiserror::Error)]
pub enum CloneError {
@ -243,13 +243,13 @@ fn clone(cb: CloneCb, flags: u64, exit_signal: Option<u64>) -> Result<Pid, Clone
#[cfg(test)]
mod test {
use crate::channel::channel;
use super::*;
use anyhow::{bail, Context, Result};
use nix::sys::wait::{waitpid, WaitStatus};
use nix::unistd;
use super::*;
use crate::channel::channel;
#[test]
fn test_container_fork() -> Result<()> {
let pid = container_clone(Box::new(|| 0))?;
@ -331,11 +331,12 @@ mod test {
#[cfg(feature = "libseccomp")]
#[test]
fn test_clone_fallback() -> Result<()> {
use crate::test_utils::TestCallbackError;
use oci_spec::runtime::{
Arch, LinuxSeccompAction, LinuxSeccompBuilder, LinuxSyscallBuilder,
};
use crate::test_utils::TestCallbackError;
fn has_clone3() -> bool {
// We use the probe syscall to check if the kernel supports clone3 or
// seccomp has successfully blocked clone3.

13
crates/libcontainer/src/process/intel_rdt.rs
View File

@ -1,15 +1,13 @@
use once_cell::sync::Lazy;
use regex::Regex;
use std::collections::HashMap;
use std::fs::{self, OpenOptions};
use std::io::Write;
use std::{
fs::{self, OpenOptions},
path::{Path, PathBuf},
};
use std::path::{Path, PathBuf};
use nix::unistd::Pid;
use oci_spec::runtime::LinuxIntelRdt;
use once_cell::sync::Lazy;
use procfs::process::Process;
use regex::Regex;
#[derive(Debug, thiserror::Error)]
pub enum IntelRdtError {
@ -410,9 +408,10 @@ pub fn setup_intel_rdt(
#[cfg(test)]
mod test {
use super::*;
use anyhow::Result;
use super::*;
#[test]
fn test_combine_schemas() -> Result<()> {
let res = combine_l3_cache_and_mem_bw_schemas(&None, &None);

1
crates/libcontainer/src/process/message.rs
View File

@ -1,4 +1,5 @@
use core::fmt;
use serde::{Deserialize, Serialize};
/// Used as a wrapper for messages to be sent between child and parent processes

22
crates/libcontainer/src/process/seccomp_listener.rs
View File

@ -1,13 +1,14 @@
use crate::container::ContainerProcessState;
use crate::seccomp;
use nix::{
sys::socket::{self, UnixAddr},
unistd,
};
use std::io::IoSlice;
use std::os::fd::AsRawFd;
use std::path::Path;
use nix::sys::socket::{self, UnixAddr};
use nix::unistd;
use oci_spec::runtime;
use std::{io::IoSlice, os::fd::AsRawFd, path::Path};
use super::channel;
use crate::container::ContainerProcessState;
use crate::seccomp;
#[derive(Debug, thiserror::Error)]
pub enum SeccompListenerError {
@ -109,13 +110,14 @@ fn sync_seccomp_send_msg(listener_path: &Path, msg: &[u8], fd: i32) -> Result<()
#[cfg(test)]
mod tests {
use crate::{container::ContainerProcessState, process::channel};
use super::*;
use anyhow::Result;
use oci_spec::runtime::{LinuxSeccompAction, LinuxSeccompBuilder, LinuxSyscallBuilder};
use serial_test::serial;
use super::*;
use crate::container::ContainerProcessState;
use crate::process::channel;
#[test]
#[serial]
fn test_sync_seccomp() -> Result<()> {

35
crates/libcontainer/src/rootfs/device.rs
View File

@ -1,15 +1,16 @@
use super::utils::to_sflag;
use crate::syscall::{syscall::create_syscall, Syscall};
use crate::utils::PathBufExt;
use nix::{
fcntl::{open, OFlag},
mount::MsFlags,
sys::stat::{umask, Mode},
unistd::{close, Gid, Uid},
};
use oci_spec::runtime::LinuxDevice;
use std::path::{Path, PathBuf};
use nix::fcntl::{open, OFlag};
use nix::mount::MsFlags;
use nix::sys::stat::{umask, Mode};
use nix::unistd::{close, Gid, Uid};
use oci_spec::runtime::LinuxDevice;
use super::utils::to_sflag;
use crate::syscall::syscall::create_syscall;
use crate::syscall::Syscall;
use crate::utils::PathBufExt;
#[derive(Debug, thiserror::Error)]
pub enum DeviceError {
#[error("{0:?} is not a valid device path")]
@ -194,15 +195,15 @@ fn create_container_dev_path(rootfs: &Path, dev: &LinuxDevice) -> Result<PathBuf
#[cfg(test)]
mod tests {
use std::path::PathBuf;
use anyhow::Result;
use nix::sys::stat::SFlag;
use nix::unistd::{Gid, Uid};
use oci_spec::runtime::{LinuxDeviceBuilder, LinuxDeviceType};
use super::*;
use crate::syscall::test::{ChownArgs, MknodArgs, MountArgs, TestHelperSyscall};
use anyhow::Result;
use nix::{
sys::stat::SFlag,
unistd::{Gid, Uid},
};
use oci_spec::runtime::{LinuxDeviceBuilder, LinuxDeviceType};
use std::path::PathBuf;
#[test]
fn test_bind_dev() -> Result<()> {

46
crates/libcontainer/src/rootfs/mount.rs
View File

@ -1,20 +1,3 @@
#[cfg(feature = "v1")]
use super::symlink::Symlink;
use super::{
symlink::SymlinkError,
utils::{parse_mount, MountOptionConfig},
};
use crate::{
syscall::{linux, syscall::create_syscall, Syscall, SyscallError},
utils::PathBufExt,
};
use libcgroups::common::CgroupSetup::{Hybrid, Legacy, Unified};
#[cfg(feature = "v1")]
use libcgroups::common::DEFAULT_CGROUP_ROOT;
use nix::{dir::Dir, errno::Errno, fcntl::OFlag, mount::MsFlags, sys::stat::Mode, NixPath};
use oci_spec::runtime::{Mount as SpecMount, MountBuilder as SpecMountBuilder};
use procfs::process::{MountInfo, MountOptFields, Process};
use safe_path;
use std::fs::{canonicalize, create_dir_all, OpenOptions};
use std::mem;
use std::os::unix::io::AsRawFd;
@ -22,6 +5,27 @@ use std::path::{Path, PathBuf};
#[cfg(feature = "v1")]
use std::{borrow::Cow, collections::HashMap};
use libcgroups::common::CgroupSetup::{Hybrid, Legacy, Unified};
#[cfg(feature = "v1")]
use libcgroups::common::DEFAULT_CGROUP_ROOT;
use nix::dir::Dir;
use nix::errno::Errno;
use nix::fcntl::OFlag;
use nix::mount::MsFlags;
use nix::sys::stat::Mode;
use nix::NixPath;
use oci_spec::runtime::{Mount as SpecMount, MountBuilder as SpecMountBuilder};
use procfs::process::{MountInfo, MountOptFields, Process};
use safe_path;
#[cfg(feature = "v1")]
use super::symlink::Symlink;
use super::symlink::SymlinkError;
use super::utils::{parse_mount, MountOptionConfig};
use crate::syscall::syscall::create_syscall;
use crate::syscall::{linux, Syscall, SyscallError};
use crate::utils::PathBufExt;
#[derive(Debug, thiserror::Error)]
pub enum MountError {
#[error("no source in mount spec")]
@ -624,12 +628,14 @@ pub fn find_parent_mount(
#[cfg(test)]
mod tests {
use super::*;
use crate::syscall::test::{MountArgs, TestHelperSyscall};
use anyhow::{Context, Ok, Result};
#[cfg(feature = "v1")]
use std::fs;
use anyhow::{Context, Ok, Result};
use super::*;
use crate::syscall::test::{MountArgs, TestHelperSyscall};
#[test]
fn test_mount_to_container() -> Result<()> {
let tmp_dir = tempfile::tempdir()?;

24
crates/libcontainer/src/rootfs/rootfs.rs
View File

@ -1,17 +1,17 @@
use super::{
device::Device,
mount::{Mount, MountOptions},
symlink::Symlink,
utils::default_devices,
Result, RootfsError,
};
use crate::{
error::MissingSpecError,
syscall::{syscall::create_syscall, Syscall},
};
use std::collections::HashSet;
use std::path::Path;
use nix::mount::MsFlags;
use oci_spec::runtime::{Linux, Spec};
use std::{collections::HashSet, path::Path};
use super::device::Device;
use super::mount::{Mount, MountOptions};
use super::symlink::Symlink;
use super::utils::default_devices;
use super::{Result, RootfsError};
use crate::error::MissingSpecError;
use crate::syscall::syscall::create_syscall;
use crate::syscall::Syscall;
/// Holds information about rootfs
pub struct RootFS {

22
crates/libcontainer/src/rootfs/symlink.rs
View File

@ -1,7 +1,9 @@
use crate::syscall::{syscall::create_syscall, Syscall};
use std::fs::remove_file;
use std::path::Path;
use crate::syscall::syscall::create_syscall;
use crate::syscall::Syscall;
#[derive(Debug, thiserror::Error)]
pub enum SymlinkError {
#[error("syscall failed")]
@ -108,19 +110,19 @@ impl Symlink {
#[cfg(test)]
mod tests {
#[cfg(feature = "v1")]
use std::fs;
use std::path::PathBuf;
#[cfg(feature = "v1")]
use anyhow::{Context, Result};
use nix::fcntl::{open, OFlag};
use nix::sys::stat::Mode;
use super::*;
#[cfg(feature = "v1")]
use crate::syscall::linux::LinuxSyscall;
use crate::syscall::test::TestHelperSyscall;
#[cfg(feature = "v1")]
use anyhow::{Context, Result};
use nix::{
fcntl::{open, OFlag},
sys::stat::Mode,
};
#[cfg(feature = "v1")]
use std::fs;
use std::path::PathBuf;
#[test]
fn test_setup_ptmx() {

16
crates/libcontainer/src/rootfs/utils.rs
View File

@ -1,9 +1,12 @@
use crate::syscall::linux::{self, MountAttrOption};
use nix::{mount::MsFlags, sys::stat::SFlag};
use std::path::PathBuf;
use std::str::FromStr;
use nix::mount::MsFlags;
use nix::sys::stat::SFlag;
use oci_spec::runtime::{LinuxDevice, LinuxDeviceBuilder, LinuxDeviceType, Mount};
use std::{path::PathBuf, str::FromStr};
use super::mount::MountError;
use crate::syscall::linux::{self, MountAttrOption};
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct MountOptionConfig {
@ -186,13 +189,12 @@ pub fn parse_mount(m: &Mount) -> std::result::Result<MountOptionConfig, MountErr
#[cfg(test)]
mod tests {
use crate::syscall::linux::MountAttr;
use super::*;
use anyhow::Result;
use oci_spec::runtime::MountBuilder;
use super::*;
use crate::syscall::linux::MountAttr;
#[test]
fn test_to_sflag() {
assert_eq!(

29
crates/libcontainer/src/seccomp/mod.rs
View File

@ -1,17 +1,13 @@
use libseccomp::ScmpAction;
use libseccomp::ScmpArch;
use libseccomp::ScmpArgCompare;
use libseccomp::ScmpCompareOp;
use libseccomp::ScmpFilterContext;
use libseccomp::ScmpSyscall;
use oci_spec::runtime::Arch;
use oci_spec::runtime::LinuxSeccomp;
use oci_spec::runtime::LinuxSeccompAction;
use oci_spec::runtime::LinuxSeccompFilterFlag;
use oci_spec::runtime::LinuxSeccompOperator;
use std::num::TryFromIntError;
use std::os::unix::io;
use libseccomp::{
ScmpAction, ScmpArch, ScmpArgCompare, ScmpCompareOp, ScmpFilterContext, ScmpSyscall,
};
use oci_spec::runtime::{
Arch, LinuxSeccomp, LinuxSeccompAction, LinuxSeccompFilterFlag, LinuxSeccompOperator,
};
#[derive(Debug, thiserror::Error)]
pub enum SeccompError {
#[error("failed to translate trace action due to failed to convert errno {errno} into i16")]
@ -287,13 +283,14 @@ pub fn is_notify(seccomp: &LinuxSeccomp) -> bool {
#[cfg(test)]
mod tests {
use std::path;
use anyhow::{Context, Result};
use oci_spec::runtime::{Arch, LinuxSeccompBuilder, LinuxSyscallBuilder};
use serial_test::serial;
use super::*;
use crate::test_utils::{self, TestCallbackError};
use anyhow::{Context, Result};
use oci_spec::runtime::Arch;
use oci_spec::runtime::{LinuxSeccompBuilder, LinuxSyscallBuilder};
use serial_test::serial;
use std::path;
#[test]
#[serial]

9
crates/libcontainer/src/signal.rs
View File

@ -1,8 +1,9 @@
//! Returns *nix signal enum value from passed string
use nix::sys::signal::Signal as NixSignal;
use std::convert::TryFrom;
use nix::sys::signal::Signal as NixSignal;
/// POSIX Signal
#[derive(Debug)]
pub struct Signal(NixSignal);
@ -80,10 +81,12 @@ impl Signal {
#[cfg(test)]
mod tests {
use super::*;
use nix::sys::signal::Signal::*;
use std::collections::HashMap;
use nix::sys::signal::Signal::*;
use super::*;
#[test]
fn test_conversion_from_string() {
let mut test_sets = HashMap::new();

32
crates/libcontainer/src/syscall/linux.rs
View File

@ -1,24 +1,24 @@
//! Implements Command trait for Linux systems
use caps::{CapSet, CapsHashSet};
use libc::{c_char, setdomainname, uid_t};
use nix::fcntl;
use nix::{
fcntl::{open, OFlag},
mount::{mount, umount2, MntFlags, MsFlags},
sched::{unshare, CloneFlags},
sys::stat::{mknod, Mode, SFlag},
unistd::{chown, chroot, fchdir, pivot_root, sethostname, Gid, Uid},
};
use oci_spec::runtime::LinuxRlimit;
use std::any::Any;
use std::ffi::{CStr, CString, OsStr};
use std::fs;
use std::os::fd::BorrowedFd;
use std::os::unix::ffi::OsStrExt;
use std::os::unix::fs::symlink;
use std::os::unix::io::RawFd;
use std::path::Path;
use std::str::FromStr;
use std::sync::Arc;
use std::{any::Any, mem, path::Path, ptr};
use std::{fs, mem, ptr};
use caps::{CapSet, CapsHashSet};
use libc::{c_char, setdomainname, uid_t};
use nix::fcntl;
use nix::fcntl::{open, OFlag};
use nix::mount::{mount, umount2, MntFlags, MsFlags};
use nix::sched::{unshare, CloneFlags};
use nix::sys::stat::{mknod, Mode, SFlag};
use nix::unistd::{chown, chroot, fchdir, pivot_root, sethostname, Gid, Uid};
use oci_spec::runtime::LinuxRlimit;
use super::{Result, Syscall, SyscallError};
use crate::{capabilities, utils};
@ -604,15 +604,15 @@ mod tests {
// cleanup_file_descriptors test is especially evil when running with other
// tests because it would ran around close down different fds.
use std::{fs, os::unix::prelude::AsRawFd};
use std::fs;
use std::os::unix::prelude::AsRawFd;
use anyhow::{bail, Context, Result};
use nix::{fcntl, sys, unistd};
use serial_test::serial;
use crate::syscall::Syscall;
use super::LinuxSyscall;
use crate::syscall::Syscall;
#[test]
#[serial]

25
crates/libcontainer/src/syscall/syscall.rs
View File

@ -1,23 +1,22 @@
//! An interface trait so that rest of Youki can call
//! necessary functions without having to worry about their
//! implementation details
use std::any::Any;
use std::ffi::OsStr;
use std::path::Path;
use std::sync::Arc;
use caps::{CapSet, CapsHashSet};
use libc;
use nix::{
mount::MsFlags,
sched::CloneFlags,
sys::stat::{Mode, SFlag},
unistd::{Gid, Uid},
};
use std::{any::Any, ffi::OsStr, path::Path, sync::Arc};
use nix::mount::MsFlags;
use nix::sched::CloneFlags;
use nix::sys::stat::{Mode, SFlag};
use nix::unistd::{Gid, Uid};
use oci_spec::runtime::LinuxRlimit;
use crate::syscall::{
linux::{LinuxSyscall, MountAttr},
test::TestHelperSyscall,
Result,
};
use crate::syscall::linux::{LinuxSyscall, MountAttr};
use crate::syscall::test::TestHelperSyscall;
use crate::syscall::Result;
/// This specifies various kernel/other functionalities required for
/// container management

25
crates/libcontainer/src/syscall/test.rs
View File

@ -1,20 +1,15 @@
use std::{
any::Any,
cell::{Ref, RefCell, RefMut},
collections::HashMap,
ffi::{OsStr, OsString},
path::{Path, PathBuf},
sync::Arc,
};
use std::any::Any;
use std::cell::{Ref, RefCell, RefMut};
use std::collections::HashMap;
use std::ffi::{OsStr, OsString};
use std::path::{Path, PathBuf};
use std::sync::Arc;
use caps::{CapSet, CapsHashSet};
use nix::{
mount::MsFlags,
sched::CloneFlags,
sys::stat::{Mode, SFlag},
unistd::{Gid, Uid},
};
use nix::mount::MsFlags;
use nix::sched::CloneFlags;
use nix::sys::stat::{Mode, SFlag};
use nix::unistd::{Gid, Uid};
use oci_spec::runtime::LinuxRlimit;
use super::{linux, Result, Syscall};

3
crates/libcontainer/src/test_utils.rs
View File

@ -111,9 +111,10 @@ where
mod tests {
use core::panic;
use super::*;
use anyhow::{bail, Result};
use super::*;
#[test]
fn test_child_process() -> Result<()> {
if test_in_child_process(|| Err(TestCallbackError::Custom("test error".to_string())))

15
crates/libcontainer/src/tty.rs
View File

@ -1,15 +1,15 @@
//! tty (teletype) for user-system interaction
use nix::errno::Errno;
use nix::sys::socket::{self, UnixAddr};
use nix::unistd::close;
use nix::unistd::dup2;
use std::io::IoSlice;
use std::os::unix::fs::symlink;
use std::os::unix::io::AsRawFd;
use std::os::unix::prelude::RawFd;
use std::path::{Path, PathBuf};
use nix::errno::Errno;
use nix::sys::socket::{self, UnixAddr};
use nix::unistd::{close, dup2};
#[derive(Debug)]
pub enum StdIO {
Stdin = 0,
@ -163,12 +163,13 @@ fn connect_stdio(stdin: &RawFd, stdout: &RawFd, stderr: &RawFd) -> Result<()> {
#[cfg(test)]
mod tests {
use super::*;
use std::fs::File;
use std::os::unix::net::UnixListener;
use anyhow::{Ok, Result};
use serial_test::serial;
use std::fs::File;
use std::os::unix::net::UnixListener;
use super::*;
const CONSOLE_SOCKET: &str = "console-socket";

16
crates/libcontainer/src/user_ns.rs
View File

@ -1,12 +1,13 @@
use std::path::{Path, PathBuf};
use std::process::Command;
use std::{env, fs};
use nix::unistd::Pid;
use oci_spec::runtime::{Linux, LinuxIdMapping, LinuxNamespace, LinuxNamespaceType, Mount, Spec};
use crate::error::MissingSpecError;
use crate::namespaces::{NamespaceError, Namespaces};
use crate::utils;
use nix::unistd::Pid;
use oci_spec::runtime::{Linux, LinuxIdMapping, LinuxNamespace, LinuxNamespaceType, Mount, Spec};
use std::fs;
use std::path::Path;
use std::process::Command;
use std::{env, path::PathBuf};
// Wrap the uid/gid path function into a struct for dependency injection. This
// allows us to mock the id mapping logic in unit tests by using a different
@ -446,7 +447,6 @@ fn write_id_mapping(
mod tests {
use std::fs;
use super::*;
use anyhow::Result;
use nix::unistd::getpid;
use oci_spec::runtime::{
@ -455,6 +455,8 @@ mod tests {
use rand::Rng;
use serial_test::serial;
use super::*;
fn gen_u32() -> u32 {
rand::thread_rng().gen()
}

5
crates/libcontainer/src/utils.rs
View File

@ -287,11 +287,12 @@ pub fn validate_spec_for_new_user_ns(spec: &Spec) -> Result<(), LibcontainerErro
#[cfg(test)]
mod tests {
use super::*;
use crate::test_utils;
use anyhow::{bail, Result};
use serial_test::serial;
use super::*;
use crate::test_utils;
#[test]
pub fn test_get_unix_user() {
let user = get_unix_user(Uid::from_raw(0));

6
crates/libcontainer/src/workload/default.rs
View File

@ -1,7 +1,5 @@
use std::{
ffi::CString,
path::{Path, PathBuf},
};
use std::ffi::CString;
use std::path::{Path, PathBuf};
use nix::unistd;
use oci_spec::runtime::Spec;

3
crates/liboci-cli/src/checkpoint.rs
View File

@ -1,6 +1,7 @@
use clap::Parser;
use std::path::PathBuf;
use clap::Parser;
/// Checkpoint a running container
/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-checkpoint.8.md
#[derive(Parser, Debug)]

3
crates/liboci-cli/src/create.rs
View File

@ -1,7 +1,8 @@
//! Handles the creation of a new container
use clap::Parser;
use std::path::PathBuf;
use clap::Parser;
/// Create a container
/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-create.8.md
#[derive(Parser, Debug)]

21
crates/liboci-cli/src/lib.rs
View File

@ -11,7 +11,11 @@ mod kill;
mod start;
mod state;
pub use {create::Create, delete::Delete, kill::Kill, start::Start, state::State};
pub use create::Create;
pub use delete::Delete;
pub use kill::Kill;
pub use start::Start;
pub use state::State;
// Other common subcommands that aren't specified in the document
mod checkpoint;
@ -26,10 +30,17 @@ mod run;
mod spec;
mod update;
pub use {
checkpoint::Checkpoint, events::Events, exec::Exec, features::Features, list::List,
pause::Pause, ps::Ps, resume::Resume, run::Run, spec::Spec, update::Update,
};
pub use checkpoint::Checkpoint;
pub use events::Events;
pub use exec::Exec;
pub use features::Features;
pub use list::List;
pub use pause::Pause;
pub use ps::Ps;
pub use resume::Resume;
pub use run::Run;
pub use spec::Spec;
pub use update::Update;
// Subcommands parsed by liboci-cli, based on the [OCI
// runtime-spec](https://github.com/opencontainers/runtime-spec/blob/master/runtime.md)

3
crates/liboci-cli/src/run.rs
View File

@ -1,6 +1,7 @@
use clap::Parser;
use std::path::PathBuf;
use clap::Parser;
/// Create a container and immediately start it
#[derive(Parser, Debug)]
pub struct Run {

3
crates/liboci-cli/src/spec.rs
View File

@ -1,6 +1,7 @@
use clap::Parser;
use std::path::PathBuf;
use clap::Parser;
/// Command generates a config.json
#[derive(Parser, Debug)]
pub struct Spec {

3
crates/liboci-cli/src/update.rs
View File

@ -1,6 +1,7 @@
use clap::Parser;
use std::path::PathBuf;
use clap::Parser;
/// Update running container resource constraints
#[derive(Parser, Debug)]
pub struct Update {

4
crates/youki/src/commands/checkpoint.rs
View File

@ -1,11 +1,11 @@
//! Contains functionality of pause container command
use crate::commands::load_container;
use std::path::PathBuf;
use anyhow::{Context, Result};
use liboci_cli::Checkpoint;
use crate::commands::load_container;
pub fn checkpoint(args: Checkpoint, root_path: PathBuf) -> Result<()> {
tracing::debug!("start checkpointing container {}", args.container_id);
let mut container = load_container(root_path, &args.container_id)?;

4
crates/youki/src/commands/completion.rs
View File

@ -1,8 +1,8 @@
use std::io;
use anyhow::Result;
use clap::{Command, Parser};
use clap_complete::{generate, Shell};
use std::io;
#[derive(Debug, Parser)]
/// Generate scripts for shell completion

5
crates/youki/src/commands/create.rs
View File

@ -1,8 +1,9 @@
//! Handles the creation of a new container
use anyhow::Result;
use std::path::PathBuf;
use libcontainer::{container::builder::ContainerBuilder, syscall::syscall::SyscallType};
use anyhow::Result;
use libcontainer::container::builder::ContainerBuilder;
use libcontainer::syscall::syscall::SyscallType;
use liboci_cli::Create;
use crate::workload::executor::default_executor;

Some files were not shown because too many files have changed in this diff Show More