mirror of
https://github.com/containers/youki
synced 2024-05-24 00:16:08 +02:00
commit
3cffe18944
|
@ -708,9 +708,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "procfs"
|
name = "procfs"
|
||||||
version = "0.9.1"
|
version = "0.10.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "ab8809e0c18450a2db0f236d2a44ec0b4c1412d0eb936233579f0990faa5d5cd"
|
checksum = "95e344cafeaeefe487300c361654bcfc85db3ac53619eeccced29f5ea18c4c70"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"bitflags",
|
"bitflags",
|
||||||
"byteorder",
|
"byteorder",
|
||||||
|
|
|
@ -16,7 +16,7 @@ features = ["std", "suggestions", "derive", "cargo"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
nix = "0.22.0"
|
nix = "0.22.0"
|
||||||
procfs = "0.9.1"
|
procfs = "0.10.1"
|
||||||
# Waiting for new caps release, replace git with version on release
|
# Waiting for new caps release, replace git with version on release
|
||||||
caps = { git = "https://github.com/lucab/caps-rs", rev = "cb54844", features = ["serde_support"] }
|
caps = { git = "https://github.com/lucab/caps-rs", rev = "cb54844", features = ["serde_support"] }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
|
|
|
@ -11,7 +11,7 @@ cgroupsv2_devices = ["rbpf", "libbpf-sys", "errno", "libc"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
nix = "0.22.0"
|
nix = "0.22.0"
|
||||||
procfs = "0.9.1"
|
procfs = "0.10.1"
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
anyhow = "1.0"
|
anyhow = "1.0"
|
||||||
oci_spec = { git = "https://github.com/containers/oci-spec-rs", rev = "e0de21b89dc1e65f69a5f45a08bbe426787c7fa1"}
|
oci_spec = { git = "https://github.com/containers/oci-spec-rs", rev = "e0de21b89dc1e65f69a5f45a08bbe426787c7fa1"}
|
||||||
|
|
|
@ -2,13 +2,13 @@ use anyhow::{bail, Context, Result};
|
||||||
use caps::Capability;
|
use caps::Capability;
|
||||||
use nix::unistd;
|
use nix::unistd;
|
||||||
use oci_spec::{LinuxCapabilities, LinuxNamespace, LinuxNamespaceType, Process, Spec};
|
use oci_spec::{LinuxCapabilities, LinuxNamespace, LinuxNamespaceType, Process, Spec};
|
||||||
|
use procfs::process::Namespace;
|
||||||
|
|
||||||
use std::{
|
use std::{
|
||||||
collections::HashMap,
|
collections::HashMap,
|
||||||
convert::TryFrom,
|
convert::TryFrom,
|
||||||
ffi::{CString, OsString},
|
|
||||||
fs,
|
fs,
|
||||||
os::unix::prelude::{OsStrExt, RawFd},
|
os::unix::prelude::{RawFd},
|
||||||
path::{Path, PathBuf},
|
path::{Path, PathBuf},
|
||||||
str::FromStr,
|
str::FromStr,
|
||||||
};
|
};
|
||||||
|
@ -353,62 +353,3 @@ impl TenantContainerBuilder {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Can be removed once https://github.com/eminence/procfs/pull/135 is available
|
|
||||||
trait GetNamespace {
|
|
||||||
fn namespaces(&self) -> Result<Vec<Namespace>>;
|
|
||||||
}
|
|
||||||
|
|
||||||
impl GetNamespace for procfs::process::Process {
|
|
||||||
/// Describes namespaces to which the process with the corresponding PID belongs.
|
|
||||||
/// Doc reference: https://man7.org/linux/man-pages/man7/namespaces.7.html
|
|
||||||
fn namespaces(&self) -> Result<Vec<Namespace>> {
|
|
||||||
let proc_path = PathBuf::from(format!("/proc/{}", self.pid()));
|
|
||||||
let ns = proc_path.join("ns");
|
|
||||||
let mut namespaces = Vec::new();
|
|
||||||
for entry in fs::read_dir(ns)? {
|
|
||||||
let entry = entry?;
|
|
||||||
let path = entry.path();
|
|
||||||
let ns_type = entry.file_name();
|
|
||||||
let cstr = CString::new(path.as_os_str().as_bytes()).unwrap();
|
|
||||||
|
|
||||||
let mut stat = unsafe { std::mem::zeroed() };
|
|
||||||
if unsafe { libc::stat(cstr.as_ptr(), &mut stat) } != 0 {
|
|
||||||
bail!("Unable to stat {:?}", path);
|
|
||||||
}
|
|
||||||
|
|
||||||
namespaces.push(Namespace {
|
|
||||||
ns_type,
|
|
||||||
path,
|
|
||||||
identifier: stat.st_ino,
|
|
||||||
device_id: stat.st_dev,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(namespaces)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Information about a namespace
|
|
||||||
///
|
|
||||||
/// See also the [Process::namespaces()] method
|
|
||||||
#[derive(Debug, Clone)]
|
|
||||||
pub struct Namespace {
|
|
||||||
/// Namespace type
|
|
||||||
pub ns_type: OsString,
|
|
||||||
/// Handle to the namespace
|
|
||||||
pub path: PathBuf,
|
|
||||||
/// Namespace identifier (inode number)
|
|
||||||
pub identifier: u64,
|
|
||||||
/// Device id of the namespace
|
|
||||||
pub device_id: u64,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl PartialEq for Namespace {
|
|
||||||
fn eq(&self, other: &Self) -> bool {
|
|
||||||
// see https://lore.kernel.org/lkml/87poky5ca9.fsf@xmission.com/
|
|
||||||
self.identifier == other.identifier && self.device_id == other.device_id
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Eq for Namespace {}
|
|
||||||
|
|
Loading…
Reference in New Issue