* seperate the channel for each process communication.
* separate messages for intermediate and init ready.
* stop sending a pid from init to intermediate as they are not needed.
* Fix entering into user namespace correctly
1. Allow entering user namespace when calling process is root.
Previously, only when calling process is non-root, will the rootless
condition be triggered.
2. Move the creation to the NotifyListener into main process. Once the
container init process enter into user namespace, we can't bind to a
unix domain socket where the parent directory is owned by root.
* Now we pass 2 more namespace tests
This adds a few missing types and synchronizes them with the
implementation in containrs. Optional types are now not required any
more which means that all necessary code paths in youki needs to be
adapted as well.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
author yihuaf <yihuaf@unkies.org> 1627609965 +0200
committer yihuaf <yihuaf@unkies.org> 1627665696 +0200
Group the args of container_init into a struct
We now generalize and document the OCI `Spec` root structure. This means
that some fields have been added and other are now optional.
All corresponding usages of the new spec format have been changed and
tests have been adapted.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
As Linux has Deafult trait, all occurrences of spec.linux would always unwrap it,
and not having linux present is a fetal error in youki, there is no need to keep it
in an Option wrapper.
The current monolithic builder provides options that should only be called
during init and not when creating a tenant and vice versa. This puts the
burden on the user of the builder to know which methods are safe to call.
Now the ContainerBuilder can be used to specify options that are common to
both scenarios and afterwards as_init/as_tenant can be called to provide
scenario specific options. This also simplifies the whole "if init then else"
branching logic during container build.