mirror/youki
1
0
Fork 0
mirror of https://github.com/containers/youki synced 2024-09-19 18:37:40 +02:00
Code Issues

Converted linux in spec from Option<Linux> to Linux

Browse Source 
As Linux has Deafult trait, all occurrences of spec.linux would always unwrap it,
and not having linux present is a fetal error in youki, there is no need to keep it
in an Option wrapper.
This commit is contained in:
Yashodhan Joshi 2021-07-24 10:03:49 +05:30
parent 4ae0d9352a
commit 44c682ec09
9 changed files with 43 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@ -121,12 +121,32 @@ Starting the docker daemon.
$ dockerd --experimental --add-runtime="youki=$(pwd)/target/x86_64-unknown-linux-gnu/debug/youki"
```
In case you get an error like :
```
failed to start daemon: pid file found, ensure docker is not running or delete /var/run/docker.pid
```
That means your normal Docker daemon is running, and it needs to be stopped. For that, open a new shell in same directory and run :
```
$ systemctl stop docker # might need root permission
```
Now in the same shell run the first command, which should start the docker daemon.
You can use youki in a different terminal to start the container.
```
$ docker run -it --rm --runtime youki busybox
```
Afterwards, you can close the docker daemon process in other the other terminal. To restart normal docker daemon (if you had stopped it before), run :
```
$ systemctl start docker # might need root permission
```
### Integration test
Go and node-tap are required to run integration test. See the [opencontainers/runtime-tools](https://github.com/opencontainers/runtime-tools) README for details.
@ -137,6 +157,7 @@ $ ./integration_test.sh
```
### Setting up Vagrant
You can try youki on platforms other than linux by using the Vagrantfile we have prepared.
```

5
oci_spec/src/lib.rs
View File

@ -37,7 +37,8 @@ pub struct Spec {
#[serde(default)]
pub annotations: HashMap<String, String>,
// Platform specific config for Linux based containers
pub linux: Option<Linux>,
#[serde(default)]
pub linux: Linux,
}
// This gives a basic boilerplate for Spec that can be used calling Default::default().
@ -56,7 +57,7 @@ impl Default for Spec {
mounts: get_default_mounts(),
// Defaults to empty metadata
annotations: Default::default(),
linux: Some(Default::default()),
linux: Default::default(),
}
}
}

3
src/commands/delete.rs
View File

@ -50,8 +50,7 @@ impl Delete {
log::debug!("remove dir {:?}", container.root);
fs::remove_dir_all(&container.root)?;
let cgroups_path =
utils::get_cgroup_path(&spec.linux.unwrap().cgroups_path, container.id());
let cgroups_path = utils::get_cgroup_path(&spec.linux.cgroups_path, container.id());
// remove the cgroup created for the container
// check https://man7.org/linux/man-pages/man7/cgroups.7.html

7
src/commands/pause.rs
View File

@ -45,12 +45,7 @@ impl Pause {
}
let spec = container.spec()?;
// get cgroup path defined in spec
let path_in_spec = match spec.linux {
Some(linux) => linux.cgroups_path,
None => None,
};
let cgroups_path = utils::get_cgroup_path(&path_in_spec, &self.container_id);
let cgroups_path = utils::get_cgroup_path(&spec.linux.cgroups_path, &self.container_id);
// create cgroup manager structure from the config at the path
let cmanager = cgroups::common::create_cgroup_manager(cgroups_path, systemd_cgroup)?;
// freeze the container

7
src/commands/resume.rs
View File

@ -43,12 +43,7 @@ impl Resume {
}
let spec = container.spec()?;
// get cgroup path defined in spec
let path_in_spec = match spec.linux {
Some(linux) => linux.cgroups_path,
None => None,
};
let cgroups_path = utils::get_cgroup_path(&path_in_spec, &self.container_id);
let cgroups_path = utils::get_cgroup_path(&spec.linux.cgroups_path, &self.container_id);
// create cgroup manager structure from the config at the path
let cmanager = cgroups::common::create_cgroup_manager(cgroups_path, systemd_cgroup)?;
// resume the frozen container

4
src/container/builder_impl.rs
View File

@ -59,7 +59,7 @@ impl ContainerBuilderImpl {
fn run_container(&mut self) -> Result<()> {
prctl::set_dumpable(false).unwrap();
let linux = self.spec.linux.as_ref().unwrap();
let linux = &self.spec.linux;
let cgroups_path = utils::get_cgroup_path(&linux.cgroups_path, &self.container_id);
let cmanager = cgroups::common::create_cgroup_manager(&cgroups_path, self.use_systemd)?;
let namespaces: Namespaces = linux.namespaces.clone().into();
@ -124,7 +124,7 @@ fn container_init(
notify_name: PathBuf,
child: &mut child::ChildProcess,
) -> Result<()> {
let linux = spec.linux.as_ref().unwrap();
let linux = &spec.linux;
let namespaces: Namespaces = linux.namespaces.clone().into();
// need to create the notify socket before we pivot root, since the unix
// domain socket used here is outside of the rootfs of container

2
src/container/tenant_builder.rs
View File

@ -271,7 +271,7 @@ impl TenantContainerBuilder {
}
}
let mut linux = spec.linux.as_mut().unwrap();
let mut linux = &mut spec.linux;
linux.namespaces = tenant_namespaces;
Ok(())
}

21
src/rootfs.rs
View File

@ -21,15 +21,14 @@ use oci_spec::{LinuxDevice, LinuxDeviceType, Mount, Spec};
pub fn prepare_rootfs(spec: &Spec, rootfs: &Path, bind_devices: bool) -> Result<()> {
let mut flags = MsFlags::MS_REC;
match spec.linux {
Some(ref linux) => match linux.rootfs_propagation.as_ref() {
"shared" => flags |= MsFlags::MS_SHARED,
"private" => flags |= MsFlags::MS_PRIVATE,
"slave" | "" => flags |= MsFlags::MS_SLAVE,
_ => panic!(),
},
None => flags |= MsFlags::MS_SLAVE,
};
match spec.linux.rootfs_propagation.as_ref() {
"shared" => flags |= MsFlags::MS_SHARED,
"private" => flags |= MsFlags::MS_PRIVATE,
"slave" | "" => flags |= MsFlags::MS_SLAVE,
_ => panic!(),
}
nix_mount(None::<&str>, "/", None::<&str>, flags, None::<&str>)?;
log::debug!("mount root fs {:?}", rootfs);
@ -43,7 +42,7 @@ pub fn prepare_rootfs(spec: &Spec, rootfs: &Path, bind_devices: bool) -> Result<
for m in spec.mounts.iter() {
let (flags, data) = parse_mount(&m);
let ml = &spec.linux.as_ref().unwrap().mount_label;
let ml = &spec.linux.mount_label;
if m.typ == "cgroup" {
// skip
log::warn!("A feature of cgroup is unimplemented.");
@ -58,7 +57,7 @@ pub fn prepare_rootfs(spec: &Spec, rootfs: &Path, bind_devices: bool) -> Result<
chdir(rootfs)?;
setup_default_symlinks(rootfs)?;
create_devices(&spec.linux.as_ref().unwrap().devices, bind_devices)?;
create_devices(&spec.linux.devices, bind_devices)?;
setup_ptmx(rootfs)?;
chdir(&olddir)?;

8
src/rootless.rs
View File

@ -30,16 +30,14 @@ impl From<&Linux> for Rootless {
}
pub fn detect_rootless(spec: &Spec) -> Result<Option<Rootless>> {
let linux = spec.linux.as_ref().unwrap();
let rootless = if should_use_rootless() {
log::debug!("rootless container should be created");
log::warn!(
"resource constraints and multi id mapping is unimplemented for rootless containers"
);
validate(spec)?;
let mut rootless = Rootless::from(linux);
if let Some((uid_binary, gid_binary)) = lookup_map_binaries(linux)? {
let mut rootless = Rootless::from(&spec.linux);
if let Some((uid_binary, gid_binary)) = lookup_map_binaries(&spec.linux)? {
rootless.newuidmap = Some(uid_binary);
rootless.newgidmap = Some(gid_binary);
}
@ -67,7 +65,7 @@ pub fn should_use_rootless() -> bool {
/// Validates that the spec contains the required information for
/// running in rootless mode
pub fn validate(spec: &Spec) -> Result<()> {
let linux = spec.linux.as_ref().unwrap();
let linux = &spec.linux;
if linux.uid_mappings.is_empty() {
bail!("rootless containers require at least one uid mapping");