* move the validation logic into executor
To allow more flexibility for the executor, we move the validate logic into the executor.
The validate runs in the `create` step before workloads are executed.
Instead of implementing the validation in the `exec`, to maintain
backward competiability, we have to introduce an extra step. The exec is
too late to fail if the spec is not validated.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Update the migration guide
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Add a comment explaining when the validate step runs.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Implement different error types for validate
Signed-off-by: yihuaf <yihuaf@unkies.org>
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Refactored the Executor interface yet again
I apologize having to refactor this interface yet again. Previously, we
introduced the executor to be a function pointer. This works out nicely
because the function pointer in rust can be clone-ed without hassel.
However, I realized that using function pointer is way to restrictive
for our users. The executor may wish to include additional context when
calling the exec function. The function pointer limited the input only
`oci spec`.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* fix spell check
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Fix doc test
Signed-off-by: yihuaf <yihuaf@unkies.org>
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
For a number of reasons, platforms can choose to block clone3 and force
return ENOSYS. We implement a clone fallback in the case that we can't
use clone3.
Also, clone3 has no libc wrapper at this point. The current
implementation calls the kernel version of the syscall directly. There
are undefined behaviors potentially when we create process bypassing the
libc. However, we have not observed any issue with our tests. This is
likely because `youki` runs short lived process and calls exec or exit
in the end. Nonetheless, we should have a backup plan and this change is
our way out in the case that we discover clone3 has issue as the default
code path.
Remove the use of the clone3 crate. We use `clone3` is a very specific
way to create a process. We don't have to support the many other flags
and usecases of the `clone3` call. So it is simpler for us to use the
libc crate directly for the syscall. This avoids an extra dependency and
reduces our binary size.
Signed-off-by: yihuaf <yihuaf@unkies.org>
Make the container_args clone-able and remove the use of references.
Container_args is passed to the intermediate and init process, so we
need to make sure it can across the clone process boundry safely by
allowing passing of the container_args ownership to the new process.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* refactored executor and executor manager
Refactored the executor and executor manager to be clone-able and more
ergonomics.
Removed the use of executor manager with a vector of executor. Instead
we favor composing executors into a new executor. Composing also allows
the implementer to be precise about the execution orders. The old
executor manager with its vector implementation is not explicit enough
about the order when multiple executor is involved.
Re-implement the executor to be a function pointer instead of the Fn
family traits. Traits will type erase and difficult to deal with when
implementing clone.
Refactored the wasm related exectors to use the new scheme.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Add comments and address the reviews
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Add a section in executor
Signed-off-by: yihuaf <yihuaf@unkies.org>
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
* fix notify_listener
- fix the name to notify listener
- fix the structure to be clone-able
Signed-off-by: yihuaf <yihuaf@unkies.org>
* changed the libcgroup creation interface
Changed the libcgroup creation interface to use config struct rather
than variables. The creation will also own/consume the config struct.
In this way, we don't have to create the cgroup manager upfront.
Instead, we can delay the creation of cgroup manager in the process when
it is needed.
Signed-off-by: yihuaf <yihuaf@unkies.org>
* Add a notify listener test
Signed-off-by: yihuaf <yihuaf@unkies.org>
* fix clippy
Signed-off-by: yihuaf <yihuaf@unkies.org>
* fix spellcheck
Signed-off-by: yihuaf <yihuaf@unkies.org>
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
* reworked the justfile to be explicit with path
Signed-off-by: yihuaf <yihuaf@unkies.org>
* fix the feature tests
Signed-off-by: yihuaf <yihuaf@unkies.org>
* add the musl test
Signed-off-by: yihuaf <yihuaf@unkies.org>
* moving all stub into a single dir
Signed-off-by: yihuaf <yihuaf@unkies.org>
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
For example, it is more likely that the /etc/hosts file already exists. In that case, it fails because it tries to open the file with write permission while it is RO.
Signed-off-by: utam0k <k0ma@utam0k.jp>
Currently reset_effective tries to acquire all know capabilities from a hardcoded list.
According to https://man7.org/linux/man-pages/man7/capabilities.7.html only capabilities in the permitted set can be acquired.
Trying to acquire a capability beyond those in the permitted set will result in EPERM (see https://man7.org/linux/man-pages/man2/capset.2.html).
This change modifies reset_effective so that it only acquires the capabilities in the permitted set.
Signed-off-by: Jorge Prendes <jorge.prendes@gmail.com>
* do not log error for mount in specific cases
* clean up the logs in the syscall module
* update toolchain to rust 1.70
---------
Signed-off-by: yihuaf <yihuaf@unkies.org>
