diff --git a/.codecov.yml b/.codecov.yml index 3579097d..9f7bbbd3 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -13,6 +13,3 @@ comment: layout: "header, diff" behavior: default require_changes: false - -ignore: - - "crates/integration_test" diff --git a/.github/workflows/benchmark_execution_time.yml b/.github/workflows/benchmark_execution_time.yml index 2971acb6..f22fddeb 100644 --- a/.github/workflows/benchmark_execution_time.yml +++ b/.github/workflows/benchmark_execution_time.yml @@ -134,7 +134,7 @@ jobs: # since the GITHUB_TOKEN is needed to let the bot commit messages in the PR # but right now it is controlled by the organization. # TODO: change back to use this when the permission granted - # - name: Writting report to PR comment + # - name: Writing report to PR comment # uses: marocchino/sticky-pull-request-comment@v2 # with: # append: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bab3d94a..3055c300 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -93,7 +93,7 @@ jobs: run: | cargo llvm-cov clean --workspace cargo llvm-cov --no-report - cargo llvm-cov --no-run --lcov --output-path ./coverage.lcov + cargo llvm-cov --no-run --lcov --ignore-filename-regex "libseccomp/src|integration_test/src|test_framework/src|systemd_api.rs" --output-path ./coverage.lcov - name: Upload Youki Code Coverage Results uses: codecov/codecov-action@v2 with: diff --git a/Cargo.lock b/Cargo.lock index 23217e50..1362962e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -407,9 +407,9 @@ dependencies = [ [[package]] name = "fixedbitset" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "398ea4fabe40b9b0d885340a2a991a44c8a645624075ad966d21f88688e2b69e" +checksum = "279fb028e20b3c4c320317955b77c5e0c9701f05a1d309905d6fc702cdc5053e" [[package]] name = "flate2" @@ -657,7 +657,7 @@ dependencies = [ "log", "nix", "num_cpus", - "oci-spec 0.5.2 (git+https://github.com/containers/oci-spec-rs?rev=54c5e386f01ab37c9305cc4a83404eb157e42440)", + "oci-spec 0.5.2", "once_cell", "pnet", "procfs", @@ -702,9 +702,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libbpf-sys" -version = "0.6.0-1" +version = "0.6.1-1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2cd400737426f2a92b5b41071a0a63c9b493b7c67ff3e428967fded73af0668" +checksum = "1b1cbfb63e05a1ddea29411862a04f70824e8f37a6514ebcd338fb3a8c4d44a2" dependencies = [ "cc", "pkg-config", @@ -730,7 +730,7 @@ dependencies = [ "libc", "log", "nix", - "oci-spec 0.5.2 (git+https://github.com/containers/oci-spec-rs?rev=12dcd858543db0e7bfb1ef053d1b748f2fda74ee)", + "oci-spec 0.5.3", "procfs", "quickcheck", "rbpf", @@ -755,7 +755,7 @@ dependencies = [ "log", "mio", "nix", - "oci-spec 0.5.2 (git+https://github.com/containers/oci-spec-rs?rev=12dcd858543db0e7bfb1ef053d1b748f2fda74ee)", + "oci-spec 0.5.3", "path-clean", "prctl", "procfs", @@ -938,11 +938,10 @@ dependencies = [ [[package]] name = "oci-spec" version = "0.5.2" -source = "git+https://github.com/containers/oci-spec-rs?rev=12dcd858543db0e7bfb1ef053d1b748f2fda74ee#12dcd858543db0e7bfb1ef053d1b748f2fda74ee" +source = "git+https://github.com/containers/oci-spec-rs?rev=54c5e386f01ab37c9305cc4a83404eb157e42440#54c5e386f01ab37c9305cc4a83404eb157e42440" dependencies = [ "derive_builder", "getset", - "quickcheck", "serde", "serde_json", "thiserror", @@ -950,11 +949,13 @@ dependencies = [ [[package]] name = "oci-spec" -version = "0.5.2" -source = "git+https://github.com/containers/oci-spec-rs?rev=54c5e386f01ab37c9305cc4a83404eb157e42440#54c5e386f01ab37c9305cc4a83404eb157e42440" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8057bb0f33d7ecdf1f0f7cc74ea5cced7c6c694245e2a8d14700507c3bde32e3" dependencies = [ "derive_builder", "getset", + "quickcheck", "serde", "serde_json", "thiserror", @@ -1024,9 +1025,9 @@ checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" [[package]] name = "pin-project-lite" -version = "0.2.7" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d31d11c69a6b52a174b42bdc0c30e5e11670f90788b2c471c31c1d17d449443" +checksum = "e280fbe77cc62c91527259e9442153f4688736748d24660126286329742b4c6c" [[package]] name = "pin-utils" @@ -1325,18 +1326,18 @@ checksum = "568a8e6258aa33c13358f81fd834adb854c6f7c9468520910a9b1e8fac068012" [[package]] name = "serde" -version = "1.0.132" +version = "1.0.133" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9875c23cf305cd1fd7eb77234cbb705f21ea6a72c637a5c6db5fe4b8e7f008" +checksum = "97565067517b60e2d1ea8b268e59ce036de907ac523ad83a0475da04e818989a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.132" +version = "1.0.133" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc0db5cb2556c0e558887d9bbdcf6ac4471e83ff66cf696e5419024d1606276" +checksum = "ed201699328568d8d08208fdd080e3ff594e6c422e438b6705905da01005d537" dependencies = [ "proc-macro2", "quote", @@ -1345,9 +1346,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.73" +version = "1.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5" +checksum = "ee2bb9cd061c5865d345bb02ca49fcef1391741b672b54a0bf7b679badec3142" dependencies = [ "itoa", "ryu", @@ -1396,9 +1397,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "syn" -version = "1.0.84" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecb2e6da8ee5eb9a61068762a32fa9619cc591ceb055b3687f4cd4051ec2e06b" +checksum = "a684ac3dcd8913827e18cd09a68384ee66c1de24157e3c556c9ab16d85695fb7" dependencies = [ "proc-macro2", "quote", @@ -1671,7 +1672,7 @@ dependencies = [ "liboci-cli", "log", "nix", - "oci-spec 0.5.2 (git+https://github.com/containers/oci-spec-rs?rev=12dcd858543db0e7bfb1ef053d1b748f2fda74ee)", + "oci-spec 0.5.3", "once_cell", "pentacle", "procfs", diff --git a/README.md b/README.md index 1ecba6df..a494e64f 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Here is why we are writing a new container runtime in Rust. ```console $ hyperfine --prepare 'sudo sync; echo 3 | sudo tee /proc/sys/vm/drop_caches' --warmup 10 --min-runs 100 'sudo ./youki create -b tutorial a && sudo ./youki start a && sudo ./youki delete -f a' ``` - - Enviroment + - Environment ```console $ ./youki info Version 0.0.1 diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml index 21aee55b..ccdb4959 100644 --- a/crates/libcgroups/Cargo.toml +++ b/crates/libcgroups/Cargo.toml @@ -16,17 +16,17 @@ nix = "0.23.1" procfs = "0.12.0" log = "0.4" anyhow = "1.0" -oci-spec = { git = "https://github.com/containers/oci-spec-rs", rev = "12dcd858543db0e7bfb1ef053d1b748f2fda74ee" } +oci-spec = "0.5.3" dbus = { version = "0.9.5", optional = true } -fixedbitset = "0.4.0" +fixedbitset = "0.4.1" serde = { version = "1.0", features = ["derive"] } rbpf = {version = "0.1.0", optional = true } -libbpf-sys = { version = "0.6.0-1", optional = true } +libbpf-sys = { version = "0.6.1-1", optional = true } errno = { version = "0.2.8", optional = true } libc = { version = "0.2.112", optional = true } [dev-dependencies] -oci-spec = { git = "https://github.com/containers/oci-spec-rs", rev = "12dcd858543db0e7bfb1ef053d1b748f2fda74ee", features = ["proptests"] } +oci-spec = { version = "0.5.3", features = ["proptests"] } quickcheck = "1" clap = "3.0.0-beta.5" serde = { version = "1.0", features = ["derive"] } diff --git a/crates/libcgroups/src/stats.rs b/crates/libcgroups/src/stats.rs index 46f1d3e1..89f8a392 100644 --- a/crates/libcgroups/src/stats.rs +++ b/crates/libcgroups/src/stats.rs @@ -106,7 +106,7 @@ pub struct PidStats { /// Reports block io stats for a cgroup #[derive(Debug, Default, PartialEq, Eq, Serialize)] pub struct BlkioStats { - // Number of bytes transfered to/from a device by the cgroup + // Number of bytes transferred to/from a device by the cgroup pub service_bytes: Vec, // Number of I/O operations performed on a device by the cgroup pub serviced: Vec, diff --git a/crates/libcgroups/src/systemd/memory.rs b/crates/libcgroups/src/systemd/memory.rs index afc6e83c..ed8e7f1f 100644 --- a/crates/libcgroups/src/systemd/memory.rs +++ b/crates/libcgroups/src/systemd/memory.rs @@ -82,7 +82,7 @@ impl Memory { // as memory limit would be either bigger (invariant violation) or zero which would // leave the container with no memory and no swap. // if swap is greater than zero and memory limit is unspecified swap cannot be - // calulated. If memory limit is zero the container would have only swap. If + // calculated. If memory limit is zero the container would have only swap. If // memory is unlimited it would be bigger than swap. (_, Some(0)) | (None | Some(0) | Some(-1), Some(1..=i64::MAX)) => bail!( "cgroup v2 swap value cannot be calculated from swap of {} and limit of {}", diff --git a/crates/libcgroups/src/v1/blkio.rs b/crates/libcgroups/src/v1/blkio.rs index 43c3bda6..18e0ee15 100644 --- a/crates/libcgroups/src/v1/blkio.rs +++ b/crates/libcgroups/src/v1/blkio.rs @@ -26,7 +26,7 @@ const BLKIO_THROTTLE_WRITE_IOPS: &str = "blkio.throttle.write_iops_device"; // Number of I/O operations performed on a device by the cgroup // Format: Major:Minor Type Ops const BLKIO_THROTTLE_IO_SERVICED: &str = "blkio.throttle.io_serviced"; -// Number of bytes transfered to/from a device by the cgroup +// Number of bytes transferred to/from a device by the cgroup // Format: Major:Minor Type Bytes const BLKIO_THROTTLE_IO_SERVICE_BYTES: &str = "blkio.throttle.io_service_bytes"; @@ -54,7 +54,7 @@ const BLKIO_TIME: &str = "blkio.time_recursive"; // Number of sectors transferred to/from a device by the cgroup // Format: Major:Minor Sectors const BLKIO_SECTORS: &str = "blkio.sectors_recursive"; -// Number of bytes transfered to/from a device by the cgroup +// Number of bytes transferred to/from a device by the cgroup /// Format: Major:Minor Type Bytes const BLKIO_IO_SERVICE_BYTES: &str = "blkio.io_service_bytes_recursive"; // Number of I/O operations performed on a device by the cgroup diff --git a/crates/libcgroups/src/v1/manager.rs b/crates/libcgroups/src/v1/manager.rs index 498683a8..a6036331 100644 --- a/crates/libcgroups/src/v1/manager.rs +++ b/crates/libcgroups/src/v1/manager.rs @@ -88,7 +88,7 @@ impl Manager { if let Some(subsystem_path) = self.subsystems.get(controller) { required_controllers.insert(controller, subsystem_path); } else { - bail!("cgroup {} is required to fullfill the request, but is not supported by this system", controller); + bail!("cgroup {} is required to fulfill the request, but is not supported by this system", controller); } } } diff --git a/crates/libcgroups/src/v2/devices/emulator.rs b/crates/libcgroups/src/v2/devices/emulator.rs index 62eb79ba..36c7336b 100644 --- a/crates/libcgroups/src/v2/devices/emulator.rs +++ b/crates/libcgroups/src/v2/devices/emulator.rs @@ -1,7 +1,7 @@ use anyhow::Result; use oci_spec::runtime::{LinuxDeviceCgroup, LinuxDeviceType}; -// For cgroup v1 compatiblity, runc implements a device emulator to caculate the final rules given +// For cgroup v1 compatibility, runc implements a device emulator to caculate the final rules given // a list of user-defined rules. // https://github.com/opencontainers/runc/commit/2353ffec2bb670a200009dc7a54a56b93145f141 // diff --git a/crates/libcgroups/src/v2/hugetlb.rs b/crates/libcgroups/src/v2/hugetlb.rs index d3b1dc5d..b2cca397 100644 --- a/crates/libcgroups/src/v2/hugetlb.rs +++ b/crates/libcgroups/src/v2/hugetlb.rs @@ -55,7 +55,7 @@ impl HugeTlb { } common::write_cgroup_file( - root_path.join(format!("hugetlb.{}.limit_in_bytes", hugetlb.page_size())), + root_path.join(format!("hugetlb.{}.max", hugetlb.page_size())), hugetlb.limit(), )?; Ok(()) @@ -93,7 +93,7 @@ mod tests { #[test] fn test_set_hugetlb() { - let page_file_name = "hugetlb.2MB.limit_in_bytes"; + let page_file_name = "hugetlb.2MB.max"; let tmp = create_temp_dir("test_set_hugetlbv2").expect("create temp directory for test"); set_fixture(&tmp, page_file_name, "0").expect("Set fixture for 2 MB page size"); @@ -127,7 +127,7 @@ mod tests { quickcheck! { fn property_test_set_hugetlb(hugetlb: LinuxHugepageLimit) -> bool { - let page_file_name = format!("hugetlb.{:?}.limit_in_bytes", hugetlb.page_size()); + let page_file_name = format!("hugetlb.{:?}.max", hugetlb.page_size()); let tmp = create_temp_dir("property_test_set_hugetlbv2").expect("create temp directory for test"); set_fixture(&tmp, &page_file_name, "0").expect("Set fixture for page size"); let result = HugeTlb::apply(&tmp, &hugetlb); diff --git a/crates/libcontainer/Cargo.toml b/crates/libcontainer/Cargo.toml index aa8ac269..c896a84e 100644 --- a/crates/libcontainer/Cargo.toml +++ b/crates/libcontainer/Cargo.toml @@ -18,7 +18,7 @@ libc = "0.2.112" log = "0.4" mio = { version = "0.8.0", features = ["os-ext", "os-poll"] } nix = "0.23.1" -oci-spec = { git = "https://github.com/containers/oci-spec-rs", rev = "12dcd858543db0e7bfb1ef053d1b748f2fda74ee" } +oci-spec = "0.5.3" path-clean = "0.1.0" procfs = "0.12.0" prctl = "1.0.0" @@ -28,6 +28,6 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" [dev-dependencies] -oci-spec = { git = "https://github.com/containers/oci-spec-rs", rev = "12dcd858543db0e7bfb1ef053d1b748f2fda74ee", features = ["proptests"] } +oci-spec = { version = "0.5.3", features = ["proptests"] } quickcheck = "1" serial_test = "0.5.1" diff --git a/crates/libcontainer/src/capabilities.rs b/crates/libcontainer/src/capabilities.rs index 0ccda4d6..6c05d341 100644 --- a/crates/libcontainer/src/capabilities.rs +++ b/crates/libcontainer/src/capabilities.rs @@ -544,7 +544,7 @@ mod tests { struct Testcase { name: String, input: LinuxCapabilities, - // be awared of that calling sequence in the drop_privileges function + // be aware that the calling sequence in the drop_privileges function // will affect the output sequence from test_command.get_set_capability_args() want: Vec<(CapSet, Vec)>, } @@ -639,7 +639,7 @@ mod tests { for (i, want) in test.want.iter().enumerate().take(test.want.len()) { // because CapSet has no Eq, PartialEq attributes, - // so using String to do the comparsion. + // so using String to do the comparison. let want_cap_set = format!("{:?}", want.0); let got_cap_set = format!("{:?}", got[i].0); let want_caps = &want.1; diff --git a/crates/libcontainer/src/hooks.rs b/crates/libcontainer/src/hooks.rs index d7e1b4ce..8227ec1a 100644 --- a/crates/libcontainer/src/hooks.rs +++ b/crates/libcontainer/src/hooks.rs @@ -7,7 +7,7 @@ use std::{ }; use crate::{container::Container, utils}; -// A special error used to signal a timeout. We want to differenciate between a +// A special error used to signal a timeout. We want to differentiate between a // timeout vs. other error. #[derive(Debug)] pub struct HookTimeoutError; @@ -28,7 +28,7 @@ pub fn run_hooks(hooks: Option<&Vec>, container: Option<&Container>) -> Re if let Some(hooks) = hooks { for hook in hooks { let mut hook_command = process::Command::new(&hook.path()); - // Based on OCI spec, the first arguement of the args vector is the + // Based on OCI spec, the first argument of the args vector is the // arg0, which can be different from the path. For example, path // may be "/usr/bin/true" and arg0 is set to "true". However, rust // command differenciates arg0 from args, where rust command arg diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs index 5f9c7f7a..738d2483 100644 --- a/crates/libcontainer/src/process/container_init_process.rs +++ b/crates/libcontainer/src/process/container_init_process.rs @@ -51,7 +51,7 @@ fn get_open_fds() -> Result> { // stay open: stdio, stdout, and stderr. We would further preserve the next // "preserve_fds" number of fds. Set the rest of fd with CLOEXEC flag, so they // will be closed after execve into the container payload. We can't close the -// fds immediatly since we at least still need it for the pipe used to wait on +// fds immediately since we at least still need it for the pipe used to wait on // starting the container. fn cleanup_file_descriptors(preserve_fds: i32) -> Result<()> { let open_fds = get_open_fds().with_context(|| "Failed to obtain opened fds")?; @@ -366,7 +366,7 @@ pub fn container_init_process( } }; - // Clean up and handle perserved fds. We only mark the fd as CLOSEXEC, so we + // Clean up and handle preserved fds. We only mark the fd as CLOSEXEC, so we // don't have to worry about when the fd will be closed. cleanup_file_descriptors(preserve_fds).with_context(|| "Failed to clean up extra fds")?; diff --git a/crates/libcontainer/src/process/container_intermediate_process.rs b/crates/libcontainer/src/process/container_intermediate_process.rs index 1f265ab0..ddf6528f 100644 --- a/crates/libcontainer/src/process/container_intermediate_process.rs +++ b/crates/libcontainer/src/process/container_intermediate_process.rs @@ -61,7 +61,7 @@ pub fn container_intermediate_process( // process, We want to make sure continue as the root user inside the // new user namespace. This is required because the process of // configuring the container process will require root, even though the - // root in the user namespace likely is mapped to an non-priviliged user + // root in the user namespace likely is mapped to an non-privileged user // on the parent user namespace. command.set_id(Uid::from_raw(0), Gid::from_raw(0)).context( "failed to configure uid and gid root in the beginning of a new user namespace", diff --git a/crates/libcontainer/src/rootless.rs b/crates/libcontainer/src/rootless.rs index 88240ee9..d4e07a94 100644 --- a/crates/libcontainer/src/rootless.rs +++ b/crates/libcontainer/src/rootless.rs @@ -30,7 +30,7 @@ impl<'a> Rootless<'a> { let user_namespace = namespaces.get(LinuxNamespaceType::User); // If conditions requires us to use rootless, we must either create a new - // user namespace or enter an exsiting. + // user namespace or enter an existing. if rootless_required() && user_namespace.is_none() { bail!("rootless container requires valid user namespace definition"); } diff --git a/crates/libcontainer/src/seccomp/mod.rs b/crates/libcontainer/src/seccomp/mod.rs index 45a9c96a..5e1b7b12 100644 --- a/crates/libcontainer/src/seccomp/mod.rs +++ b/crates/libcontainer/src/seccomp/mod.rs @@ -13,7 +13,7 @@ use std::os::unix::io; #[derive(Debug)] struct Compare { - // The zero-indexed index of the syscall arguement. + // The zero-indexed index of the syscall argument. arg: libc::c_uint, op: Option, datum_a: Option, @@ -299,7 +299,7 @@ pub fn initialize_seccomp(seccomp: &LinuxSeccomp) -> Result> { for syscall in syscalls { let action = translate_action(syscall.action(), syscall.errno_ret()); if action == default_action { - // When the action is the same as the default action, the rule is redundent. We can + // When the action is the same as the default action, the rule is redundant. We can // skip this here to avoid failing when we add the rules. log::warn!( "Detect a seccomp action that is the same as the default action: {:?}", diff --git a/crates/liboci-cli/README.md b/crates/liboci-cli/README.md index 404bf1ca..ea5809ae 100644 --- a/crates/liboci-cli/README.md +++ b/crates/liboci-cli/README.md @@ -2,7 +2,7 @@ This is a crate to parse command line arguments for OCI container runtimes as specified in the [OCI Runtime Command Line -Interface][https://github.com/opencontainers/runtime-tools/blob/master/docs/command-line-interface.md). +Interface](https://github.com/opencontainers/runtime-tools/blob/master/docs/command-line-interface.md). ## Implemented subcommands diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index e3759af2..4c40242c 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -20,7 +20,7 @@ libcontainer = { version = "0.0.1", path = "../libcontainer" } liboci-cli = { version = "0.0.1", path = "../liboci-cli" } log = { version = "0.4", features = ["std"]} nix = "0.23.1" -oci-spec = { git = "https://github.com/containers/oci-spec-rs", rev = "12dcd858543db0e7bfb1ef053d1b748f2fda74ee" } +oci-spec = "0.5.3" once_cell = "1.9.0" pentacle = "1.0.0" procfs = "0.12.0" diff --git a/crates/youki/src/commands/info.rs b/crates/youki/src/commands/info.rs index 67a93f21..69d76f62 100644 --- a/crates/youki/src/commands/info.rs +++ b/crates/youki/src/commands/info.rs @@ -7,7 +7,6 @@ use libcontainer::rootless; use procfs::{CpuInfo, Meminfo}; use libcgroups::{common::CgroupSetup, v2::controller_type::ControllerType}; - /// Show information about the system #[derive(Parser, Debug)] pub struct Info {} @@ -26,6 +25,7 @@ pub fn info(_: Info) -> Result<()> { /// print Version of Youki pub fn print_youki() { println!("{:<18}{}", "Version", env!("CARGO_PKG_VERSION")); + println!("{:<18}{}", "Commit", env!("VERGEN_GIT_SHA_SHORT")); } /// Print Kernel Release, Version and Architecture @@ -100,11 +100,19 @@ pub fn print_hardware() { /// Print cgroups info of system pub fn print_cgroups() { + print_cgroups_setup(); + print_cgroup_mounts(); + print_cgroup_v2_controllers(); +} + +pub fn print_cgroups_setup() { let cgroup_setup = libcgroups::common::get_cgroup_setup(); if let Ok(cgroup_setup) = &cgroup_setup { println!("{:<18}{}", "Cgroup setup", cgroup_setup); } +} +pub fn print_cgroup_mounts() { println!("Cgroup mounts"); if let Ok(v1_mounts) = libcgroups::v1::util::list_supported_mount_points() { let mut v1_mounts: Vec = v1_mounts @@ -122,6 +130,11 @@ pub fn print_cgroups() { if let Ok(mount_point) = &unified { println!(" {:<16}{}", "unified", mount_point.display()); } +} + +pub fn print_cgroup_v2_controllers() { + let cgroup_setup = libcgroups::common::get_cgroup_setup(); + let unified = libcgroups::v2::util::get_unified_mount_point(); if let Ok(cgroup_setup) = cgroup_setup { if let Ok(unified) = &unified { diff --git a/docs/src/developer/libcgroups.md b/docs/src/developer/libcgroups.md index dc26c425..5c3c5083 100644 --- a/docs/src/developer/libcgroups.md +++ b/docs/src/developer/libcgroups.md @@ -9,7 +9,7 @@ This crates exposes several functions and modules that can be used to work with - common traits and functions which are used by both v1 and v2 such as - Trait CgroupManager, this abstracts over the underlying implementation of interacting with specific version of cgroups, and gives functions to add certain process to a certain cgroup, apply resource restrictions, get statistics of a cgroups, freeze a cgroup, remove a cgroup or get list of all processes belonging to a cgroup. v1 and v2 modules both contain a version specific cgroup manager which implements this trait, and thus either can be given to functions or structs which expects a cgroup manager, depending on which cgroups the host system uses. - - Apart from the trait, this also contians functions which help with reading cgroups files, and write data to a cgroup file, which are used throughout this crate. + - Apart from the trait, this also contains functions which help with reading cgroups files, and write data to a cgroup file, which are used throughout this crate. - A function to detect which cgroup setup (v1, v2 or hybrid) is on the host system, as well as a function to get the corresponding cgroups manager. - Functions and structs to get and store the statistics of a cgroups such as diff --git a/docs/src/developer/libcontainer.md b/docs/src/developer/libcontainer.md index 610ce07d..8e89b509 100644 --- a/docs/src/developer/libcontainer.md +++ b/docs/src/developer/libcontainer.md @@ -16,7 +16,7 @@ This crate also provides an interface for Apparmor which is another Linux Kernel - rootfs, which is a ramfs like simple filesystem used by kernel during initialization - hooks, which allow running of specified program at certain points in the container lifecycle, such as before and after creation, start etc. -- singals, which provide a wrapper to convert to and from signal numbers and text representation of signal names +- signals, which provide a wrapper to convert to and from signal numbers and text representation of signal names - capabilities, which has functions related to set and reset specific capabilities, as well as to drop extra privileges - [Simple explanation of capabilities](https://blog.container-solutions.com/linux-capabilities-in-practice) - [man page for capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) diff --git a/docs/src/developer/youki.md b/docs/src/developer/youki.md index e3432b38..ac386547 100644 --- a/docs/src/developer/youki.md +++ b/docs/src/developer/youki.md @@ -1,6 +1,6 @@ # youki -This is the core crate that contains the youki binary itself. This provides the user interface, as well as binds the ther crates together to actually perform the work of creation and management of containers. THus this provides implementation of all the commands supported by youki. +This is the core crate that contains the youki binary itself. This provides the user interface, as well as binds the other crates together to actually perform the work of creation and management of containers. THus this provides implementation of all the commands supported by youki. The simple control flow of youki can be explained as : diff --git a/docs/src/user/basic_setup.md b/docs/src/user/basic_setup.md index 2bc748b1..93bd3817 100644 --- a/docs/src/user/basic_setup.md +++ b/docs/src/user/basic_setup.md @@ -2,7 +2,7 @@ This explains the requirements for compiling Youki as a binary, to use it as a low-level container runtime, or to depend once of its crates as dependency for your own project. -Youki currently only supports Linux Platfrom, and to use it on other platform you will need to use some kind of virtualization. The repo itself provides Vagrantfile that provides basic setup to use Youki on non-Linux system using Vagrant. The last sub-section explains using this vagrantfile. +Youki currently only supports Linux Platform, and to use it on other platform you will need to use some kind of virtualization. The repo itself provides Vagrantfile that provides basic setup to use Youki on non-Linux system using Vagrant. The last sub-section explains using this vagrantfile. Also note that Youki currently only supports and expects systemd as init system, and would not work on other systems. There is currently work on-going to put systemd dependent features behind a feature flag, but till then you will need a systemd enabled system to work with Youki. diff --git a/docs/src/youki.md b/docs/src/youki.md index 6fd7749b..60d0a3ed 100644 --- a/docs/src/youki.md +++ b/docs/src/youki.md @@ -31,7 +31,7 @@ Here is why we are writing a new container runtime in Rust. ```console $ hyperfine --prepare 'sudo sync; echo 3 | sudo tee /proc/sys/vm/drop_caches' --warmup 10 --min-runs 100 'sudo ./youki create -b tutorial a && sudo ./youki start a && sudo ./youki delete -f a' ``` - - Enviroment + - Environment `console $ ./youki info Version 0.0.1 Kernel-Release 5.11.0-41-generic Kernel-Version #45-Ubuntu SMP Fri Nov 5 11:37:01 UTC 2021 Architecture x86_64 Operating System Ubuntu 21.04 Cores 12 Total Memory 32025 Cgroup setup hybrid Cgroup mounts blkio /sys/fs/cgroup/blkio cpu /sys/fs/cgroup/cpu,cpuacct cpuacct /sys/fs/cgroup/cpu,cpuacct cpuset /sys/fs/cgroup/cpuset devices /sys/fs/cgroup/devices freezer /sys/fs/cgroup/freezer hugetlb /sys/fs/cgroup/hugetlb memory /sys/fs/cgroup/memory net_cls /sys/fs/cgroup/net_cls,net_prio net_prio /sys/fs/cgroup/net_cls,net_prio perf_event /sys/fs/cgroup/perf_event pids /sys/fs/cgroup/pids unified /sys/fs/cgroup/unified CGroup v2 controllers cpu detached cpuset detached hugetlb detached io detached memory detached pids detached device attached Namespaces enabled mount enabled uts enabled ipc enabled user enabled pid enabled network enabled cgroup enabled $ ./youki --version youki version 0.0.1 commit: 0.0.1-0-0be33bf $ runc -v runc version 1.0.0-rc93 commit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec spec: 1.0.2-dev go: go1.13.15 libseccomp: 2.5.1 $ crun --version crun version 0.19.1.45-4cc7 commit: 4cc7fa1124cce75dc26e12186d9cbeabded2b710 spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL ` diff --git a/integration_test.sh b/integration_test.sh index caf82e03..8384f274 100755 --- a/integration_test.sh +++ b/integration_test.sh @@ -45,7 +45,7 @@ test_cases=( "linux_ns_nopath/linux_ns_nopath.t" "linux_ns_path/linux_ns_path.t" "linux_ns_path_type/linux_ns_path_type.t" - # This test case requires that an apparmor profile named 'acme_secure_profile' has been installed on the system. It needs to allow the capabilites + # This test case requires that an apparmor profile named 'acme_secure_profile' has been installed on the system. It needs to allow the capabilities # validated by runtime-tools otherwise the test case will fail despite the profile being available. # "linux_process_apparmor_profile/linux_process_apparmor_profile.t" "linux_readonly_paths/linux_readonly_paths.t" @@ -76,7 +76,7 @@ test_cases=( "state/state.t" ) -check_enviroment() { +check_environment() { test_case=$1 if [[ $test_case =~ .*(memory|hugetlb).t ]]; then if [[ ! -e "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes" ]]; then @@ -94,8 +94,8 @@ done for case in "${test_cases[@]}"; do - if ! check_enviroment $case; then - echo "Skip $case bacause your enviroment doesn't support this test case" + if ! check_environment $case; then + echo "Skip $case bacause your environment doesn't support this test case" continue fi