Merge 68973b6605 into cd9bfd8d79

Bump wasmtime and wasi-common from 19.0.2 to 20.0.0 (#2771 )
* Bump wasi-common from 19.0.2 to 20.0.0 Bumps [wasi-common](https://github.com/bytecodealliance/wasmtime) from 19.0.2 to 20.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: wasi-common dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump wasmtime from 19.0.2 to 20.0.0 Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 19.0.2 to 20.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: wasmtime dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yashodhan Joshi <yjdoc2@gmail.com>
2024-05-11 18:16:12 +02:00 · 2024-04-24 20:52:14 +09:00 · 2024-04-24 05:36:17 +00:00 · 2024-04-09 11:07:26 -04:00 · 2024-04-09 11:07:26 -04:00 · 2024-04-09 11:07:26 -04:00
17 changed files with 630 additions and 209 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -185,7 +185,7 @@ dependencies = [
 "cfg-if",
 "libc",
 "miniz_oxide",
- "object",
+ "object 0.32.2",
 "rustc-demangle",
 ]

@ -610,11 +610,11 @@ dependencies = [

 [[package]]
 name = "cranelift-bforest"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b57d4f3ffc28bbd6ef1ca7b50b20126717232f97487efe027d135d9d87eb29c"
+checksum = "79b27922a6879b5b5361d0a084cb0b1941bf109a98540addcb932da13b68bed4"
 dependencies = [
- "cranelift-entity 0.106.2",
+ "cranelift-entity 0.107.0",
 ]

 [[package]]
@ -640,17 +640,17 @@ dependencies = [

 [[package]]
 name = "cranelift-codegen"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1f7d0ac7fd53f2c29db3ff9a063f6ff5a8be2abaa8f6942aceb6e1521e70df7"
+checksum = "304c455b28bf56372729acb356afbb55d622f2b0f2f7837aa5e57c138acaac4d"
 dependencies = [
 "bumpalo",
- "cranelift-bforest 0.106.2",
- "cranelift-codegen-meta 0.106.2",
- "cranelift-codegen-shared 0.106.2",
+ "cranelift-bforest 0.107.0",
+ "cranelift-codegen-meta 0.107.0",
+ "cranelift-codegen-shared 0.107.0",
 "cranelift-control",
- "cranelift-entity 0.106.2",
- "cranelift-isle 0.106.2",
+ "cranelift-entity 0.107.0",
+ "cranelift-isle 0.107.0",
 "gimli 0.28.1",
 "hashbrown 0.14.3",
 "log",
@ -670,11 +670,11 @@ dependencies = [

 [[package]]
 name = "cranelift-codegen-meta"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b40bf21460a600178956cb7fd900a7408c6587fbb988a8063f7215361801a1da"
+checksum = "1653c56b99591d07f67c5ca7f9f25888948af3f4b97186bff838d687d666f613"
 dependencies = [
- "cranelift-codegen-shared 0.106.2",
+ "cranelift-codegen-shared 0.107.0",
 ]

 [[package]]
@ -685,15 +685,15 @@ checksum = "278e52e29c53fcf32431ef08406c295699a70306d05a0715c5b1bf50e33a9ab7"

 [[package]]
 name = "cranelift-codegen-shared"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d792ecc1243b7ebec4a7f77d9ed428ef27456eeb1f8c780587a6f5c38841be19"
+checksum = "f5b6a9cf6b6eb820ee3f973a0db313c05dc12d370f37b4fe9630286e1672573f"

 [[package]]
 name = "cranelift-control"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cea2808043df964b73ad7582e09afbbe06a31f3fb9db834d53e74b4e16facaeb"
+checksum = "d9d06e6bf30075fb6bed9e034ec046475093392eea1aff90eb5c44c4a033d19a"
 dependencies = [
 "arbitrary",
 ]
@ -720,9 +720,9 @@ checksum = "9a59bcbca89c3f1b70b93ab3cbba5e5e0cbf3e63dadb23c7525cb142e21a9d4c"

 [[package]]
 name = "cranelift-entity"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1930946836da6f514da87625cd1a0331f3908e0de454628c24a0b97b130c4d4"
+checksum = "29be04f931b73cdb9694874a295027471817f26f26d2f0ebe5454153176b6e3a"
 dependencies = [
 "serde",
 "serde_derive",
@ -742,11 +742,11 @@ dependencies = [

 [[package]]
 name = "cranelift-frontend"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5482a5fcdf98f2f31b21093643bdcfe9030866b8be6481117022e7f52baa0f2b"
+checksum = "a07fd7393041d7faa2f37426f5dc7fc04003b70988810e8c063beefeff1cd8f9"
 dependencies = [
- "cranelift-codegen 0.106.2",
+ "cranelift-codegen 0.107.0",
 "log",
 "smallvec",
 "target-lexicon",
@ -760,34 +760,34 @@ checksum = "393bc73c451830ff8dbb3a07f61843d6cb41a084f9996319917c0b291ed785bb"

 [[package]]
 name = "cranelift-isle"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f6e1869b6053383bdb356900e42e33555b4c9ebee05699469b7c53cdafc82ea"
+checksum = "f341d7938caa6dff8149dac05bb2b53fc680323826b83b4cf175ab9f5139a3c9"

 [[package]]
 name = "cranelift-native"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a91446e8045f1c4bc164b7bba68e2419c623904580d4b730877a663c6da38964"
+checksum = "82af6066e6448d26eeabb7aa26a43f7ff79f8217b06bade4ee6ef230aecc8880"
 dependencies = [
- "cranelift-codegen 0.106.2",
+ "cranelift-codegen 0.107.0",
 "libc",
 "target-lexicon",
 ]

 [[package]]
 name = "cranelift-wasm"
-version = "0.106.2"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8b17979b862d3b0d52de6ae3294ffe4d86c36027b56ad0443a7c8c8f921d14f"
+checksum = "2766fab7284a914a7f17f90ebe865c86453225fb8637ac31f123f5028fee69cd"
 dependencies = [
- "cranelift-codegen 0.106.2",
- "cranelift-entity 0.106.2",
- "cranelift-frontend 0.106.2",
+ "cranelift-codegen 0.107.0",
+ "cranelift-entity 0.107.0",
+ "cranelift-frontend 0.107.0",
 "itertools",
 "log",
 "smallvec",
- "wasmparser 0.201.0",
+ "wasmparser 0.202.0",
 "wasmtime-types",
 ]

@ -1979,7 +1979,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
 dependencies = [
 "cfg-if",
- "windows-targets 0.48.5",
+ "windows-targets 0.52.4",
 ]

 [[package]]
@ -2351,6 +2351,15 @@ name = "object"
 version = "0.32.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "object"
+version = "0.33.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8dd6c0cdf9429bce006e1362bfce61fa1bfd8c898a643ed8d2b471934701d3d"
 dependencies = [
 "crc32fast",
 "hashbrown 0.14.3",
@ -4465,9 +4474,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"

 [[package]]
 name = "wasi-common"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce39d43366511a954708a80e9e2e1245bf2fed4e37385cc49f8686d7a9c094dc"
+checksum = "63255d85e10627b07325d7cf4e5fe5a40fa4ff183569a0a67931be26d50ede07"
 dependencies = [
 "anyhow",
 "bitflags 2.5.0",
@ -4578,15 +4587,6 @@ version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"

-[[package]]
-name = "wasm-encoder"
-version = "0.201.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9c7d2731df60006819b013f64ccc2019691deccf6e11a1804bc850cd6748f1a"
-dependencies = [
- "leb128",
-]
-
 [[package]]
 name = "wasm-encoder"
 version = "0.202.0"
@ -4899,9 +4899,9 @@ dependencies = [

 [[package]]
 name = "wasmparser"
-version = "0.201.0"
+version = "0.202.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "84e5df6dba6c0d7fafc63a450f1738451ed7a0b52295d83e868218fa286bf708"
+checksum = "d6998515d3cf3f8b980ef7c11b29a9b1017d4cf86b99ae93b546992df9931413"
 dependencies = [
 "bitflags 2.5.0",
 "indexmap 2.2.6",
@ -4910,19 +4910,19 @@ dependencies = [

 [[package]]
 name = "wasmprinter"
-version = "0.201.0"
+version = "0.202.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a67e66da702706ba08729a78e3c0079085f6bfcb1a62e4799e97bbf728c2c265"
+checksum = "ab1cc9508685eef9502e787f4d4123745f5651a1e29aec047645d3cac1e2da7a"
 dependencies = [
 "anyhow",
- "wasmparser 0.201.0",
+ "wasmparser 0.202.0",
 ]

 [[package]]
 name = "wasmtime"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e300c0e3f19dc9064e3b17ce661088646c70dbdde36aab46470ed68ba58db7d"
+checksum = "5a5990663c28d81015ddbb02a068ac1bf396a4ea296eba7125b2dfc7c00cb52e"
 dependencies = [
 "addr2line",
 "anyhow",
@ -4937,7 +4937,7 @@ dependencies = [
 "ittapi",
 "libc",
 "log",
- "object",
+ "object 0.33.0",
 "once_cell",
 "paste",
 "rayon",
@ -4947,8 +4947,8 @@ dependencies = [
 "serde_derive",
 "serde_json",
 "target-lexicon",
- "wasm-encoder 0.201.0",
- "wasmparser 0.201.0",
+ "wasm-encoder",
+ "wasmparser 0.202.0",
 "wasmtime-cache",
 "wasmtime-component-macro",
 "wasmtime-component-util",
@ -4966,18 +4966,18 @@ dependencies = [

 [[package]]
 name = "wasmtime-asm-macros"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "110aa598e02a136fb095ca70fa96367fc16bab55256a131e66f9b58f16c73daf"
+checksum = "625ee94c72004f3ea0228989c9506596e469517d7d0ed66f7300d1067bdf1ca9"
 dependencies = [
 "cfg-if",
 ]

 [[package]]
 name = "wasmtime-cache"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4e660537b0ac2fc76917fb0cc9d403d2448b6983a84e59c51f7fea7b7dae024"
+checksum = "98534bf28de232299e83eab33984a7a6c40c69534d6bd0ea216150b63d41a83a"
 dependencies = [
 "anyhow",
 "base64",
@ -4995,9 +4995,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-component-macro"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "091f32ce586251ac4d07019388fb665b010d9518ffe47be1ddbabb162eed6007"
+checksum = "64f84414a25ee3a624c8b77550f3fe7b5d8145bd3405ca58886ee6900abb6dc2"
 dependencies = [
 "anyhow",
 "proc-macro2",
@ -5010,72 +5010,55 @@ dependencies = [

 [[package]]
 name = "wasmtime-component-util"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dd17dc1ebc0b28fd24b6b9d07638f55b82ae908918ff08fd221f8b0fefa9125"
+checksum = "78580bdb4e04c7da3bf98088559ca1d29382668536e4d5c7f2f966d79c390307"

 [[package]]
 name = "wasmtime-cranelift"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e923262451a4b5b39fe02f69f1338d56356db470e289ea1887346b9c7f592738"
+checksum = "b60df0ee08c6a536c765f69e9e8205273435b66d02dd401e938769a2622a6c1a"
 dependencies = [
 "anyhow",
 "cfg-if",
- "cranelift-codegen 0.106.2",
+ "cranelift-codegen 0.107.0",
 "cranelift-control",
- "cranelift-entity 0.106.2",
- "cranelift-frontend 0.106.2",
+ "cranelift-entity 0.107.0",
+ "cranelift-frontend 0.107.0",
 "cranelift-native",
 "cranelift-wasm",
 "gimli 0.28.1",
 "log",
- "object",
+ "object 0.33.0",
 "target-lexicon",
 "thiserror",
- "wasmparser 0.201.0",
- "wasmtime-cranelift-shared",
+ "wasmparser 0.202.0",
 "wasmtime-environ",
 "wasmtime-versioned-export-macros",
 ]

-[[package]]
-name = "wasmtime-cranelift-shared"
-version = "19.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "508898cbbea0df81a5d29cfc1c7c72431a1bc4c9e89fd9514b4c868474c05c7a"
-dependencies = [
- "anyhow",
- "cranelift-codegen 0.106.2",
- "cranelift-control",
- "cranelift-native",
- "gimli 0.28.1",
- "object",
- "target-lexicon",
- "wasmtime-environ",
-]
-
 [[package]]
 name = "wasmtime-environ"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7e3f2aa72dbb64c19708646e1ff97650f34e254598b82bad5578ea9c80edd30"
+checksum = "64ffc1613db69ee47c96738861534f9a405e422a5aa00224fbf5d410b03fb445"
 dependencies = [
 "anyhow",
 "bincode",
 "cpp_demangle",
- "cranelift-entity 0.106.2",
+ "cranelift-entity 0.107.0",
 "gimli 0.28.1",
 "indexmap 2.2.6",
 "log",
- "object",
+ "object 0.33.0",
 "rustc-demangle",
 "serde",
 "serde_derive",
 "target-lexicon",
 "thiserror",
- "wasm-encoder 0.201.0",
- "wasmparser 0.201.0",
+ "wasm-encoder",
+ "wasmparser 0.202.0",
 "wasmprinter",
 "wasmtime-component-util",
 "wasmtime-types",
@ -5083,9 +5066,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-fiber"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9235b643527bcbac808216ed342e1fba324c95f14a62762acfa6f2e6ca5edbd6"
+checksum = "f043514a23792761c5765f8ba61a4aa7d67f260c0c37494caabceb41d8ae81de"
 dependencies = [
 "anyhow",
 "cc",
@ -5098,11 +5081,11 @@ dependencies = [

 [[package]]
 name = "wasmtime-jit-debug"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92de34217bf7f0464262adf391a9950eba440f9dfc7d3b0e3209302875c6f65f"
+checksum = "9c0ca2ad8f5d2b37f507ef1c935687a690e84e9f325f5a2af9639440b43c1f0e"
 dependencies = [
- "object",
+ "object 0.33.0",
 "once_cell",
 "rustix",
 "wasmtime-versioned-export-macros",
@ -5110,9 +5093,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-jit-icache-coherence"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c22ca2ef4d87b23d400660373453e274b2251bc2d674e3102497f690135e04b0"
+checksum = "7a9f93a3289057b26dc75eb84d6e60d7694f7d169c7c09597495de6e016a13ff"
 dependencies = [
 "cfg-if",
 "libc",
@ -5121,9 +5104,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-runtime"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1806ee242ca4fd183309b7406e4e83ae7739b7569f395d56700de7c7ef9f5eb8"
+checksum = "c6332a2b0af4224c3ea57c857ad39acd2780ccc2b0c99ba1baa01864d90d7c94"
 dependencies = [
 "anyhow",
 "cc",
@ -5132,47 +5115,47 @@ dependencies = [
 "indexmap 2.2.6",
 "libc",
 "log",
- "mach",
+ "mach2",
 "memfd",
 "memoffset 0.9.1",
 "paste",
 "psm",
 "rustix",
 "sptr",
- "wasm-encoder 0.201.0",
+ "wasm-encoder",
 "wasmtime-asm-macros",
 "wasmtime-environ",
 "wasmtime-fiber",
 "wasmtime-jit-debug",
+ "wasmtime-slab",
 "wasmtime-versioned-export-macros",
- "wasmtime-wmemcheck",
 "windows-sys 0.52.0",
 ]

 [[package]]
 name = "wasmtime-slab"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20c58bef9ce877fd06acb58f08d003af17cb05cc51225b455e999fbad8e584c0"
+checksum = "8b3655075824a374c536a2b2cc9283bb765fcdf3d58b58587862c48571ad81ef"

 [[package]]
 name = "wasmtime-types"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cebe297aa063136d9d2e5b347c1528868aa43c2c8d0e1eb0eec144567e38fe0f"
+checksum = "b98cf64a242b0b9257604181ca28b28a5fcaa4c9ea1d396f76d1d2d1c5b40eef"
 dependencies = [
- "cranelift-entity 0.106.2",
+ "cranelift-entity 0.107.0",
 "serde",
 "serde_derive",
 "thiserror",
- "wasmparser 0.201.0",
+ "wasmparser 0.202.0",
 ]

 [[package]]
 name = "wasmtime-versioned-export-macros"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffaafa5c12355b1a9ee068e9295d50c4ca0a400c721950cdae4f5b54391a2da5"
+checksum = "8561d9e2920db2a175213d557d71c2ac7695831ab472bbfafb9060cd1034684f"
 dependencies = [
 "proc-macro2",
 "quote",
@ -5181,26 +5164,26 @@ dependencies = [

 [[package]]
 name = "wasmtime-winch"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d618b4e90d3f259b1b77411ce573c9f74aade561957102132e169918aabdc863"
+checksum = "a06b573d14ac846a0fb8c541d8fca6a64acf9a1d176176982472274ab1d2fa5d"
 dependencies = [
 "anyhow",
- "cranelift-codegen 0.106.2",
+ "cranelift-codegen 0.107.0",
 "gimli 0.28.1",
- "object",
+ "object 0.33.0",
 "target-lexicon",
- "wasmparser 0.201.0",
- "wasmtime-cranelift-shared",
+ "wasmparser 0.202.0",
+ "wasmtime-cranelift",
 "wasmtime-environ",
 "winch-codegen",
 ]

 [[package]]
 name = "wasmtime-wit-bindgen"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c7a253c8505edd7493603e548bff3af937b0b7dbf2b498bd5ff2131b651af72"
+checksum = "595bc7bb3b0ff4aa00fab718c323ea552c3034d77abc821a35112552f2ea487a"
 dependencies = [
 "anyhow",
 "heck 0.4.1",
@ -5208,12 +5191,6 @@ dependencies = [
 "wit-parser",
 ]

-[[package]]
-name = "wasmtime-wmemcheck"
-version = "19.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9a8c62e9df8322b2166d2a6f096fbec195ddb093748fd74170dcf25ef596769"
-
 [[package]]
 name = "wast"
 version = "35.0.2"
@ -5233,7 +5210,7 @@ dependencies = [
 "leb128",
 "memchr",
 "unicode-width",
- "wasm-encoder 0.202.0",
+ "wasm-encoder",
 ]

 [[package]]
@ -5325,9 +5302,9 @@ dependencies = [

 [[package]]
 name = "wiggle"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "899d3fe5fbacd02f114cacdaa1cca9040280c4153c71833a77b9609c60ccf72b"
+checksum = "1b6552dda951239e219c329e5a768393664e8d120c5e0818487ac2633f173b1f"
 dependencies = [
 "anyhow",
 "async-trait",
@ -5340,9 +5317,9 @@ dependencies = [

 [[package]]
 name = "wiggle-generate"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2df5887f452cff44ffe1e1aba69b7fafe812deed38498446fa7a46b55e962cd5"
+checksum = "da64cb31e0bfe8b1d2d13956ef9fd5c77545756a1a6ef0e6cfd44e8f1f207aed"
 dependencies = [
 "anyhow",
 "heck 0.4.1",
@ -5355,9 +5332,9 @@ dependencies = [

 [[package]]
 name = "wiggle-macro"
-version = "19.0.2"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "acdb12de36507498abaa3a042f895a43ee00a2f6125b6901b9a27edf72bfdbe7"
+checksum = "900b2416ef2ff2903ded6cf55d4a941fed601bf56a8c4874856d7a77c1891994"
 dependencies = [
 "proc-macro2",
 "quote",
@ -5398,17 +5375,18 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"

 [[package]]
 name = "winch-codegen"
-version = "0.17.2"
+version = "0.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d15869abc9e3bb29c017c003dbe007a08e9910e8ff9023a962aa13c1b2ee6af"
+checksum = "fb23450977f9d4a23c02439cf6899340b2d68887b19465c5682740d9cc37d52e"
 dependencies = [
 "anyhow",
- "cranelift-codegen 0.106.2",
+ "cranelift-codegen 0.107.0",
 "gimli 0.28.1",
 "regalloc2 0.9.3",
 "smallvec",
 "target-lexicon",
- "wasmparser 0.201.0",
+ "wasmparser 0.202.0",
+ "wasmtime-cranelift",
 "wasmtime-environ",
 ]

@ -5642,9 +5620,9 @@ dependencies = [

 [[package]]
 name = "wit-parser"
-version = "0.201.0"
+version = "0.202.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "196d3ecfc4b759a8573bf86a9b3f8996b304b3732e4c7de81655f875f6efdca6"
+checksum = "744237b488352f4f27bca05a10acb79474415951c450e52ebd0da784c1df2bcc"
 dependencies = [
 "anyhow",
 "id-arena",
@ -5655,7 +5633,7 @@ dependencies = [
 "serde_derive",
 "serde_json",
 "unicode-xid",
- "wasmparser 0.201.0",
+ "wasmparser 0.202.0",
 ]

 [[package]]
--- a/crates/libcontainer/src/container/builder.rs
+++ b/crates/libcontainer/src/container/builder.rs
@ -1,4 +1,5 @@
 use crate::error::{ErrInvalidID, LibcontainerError};
+use crate::stdio::{Fd, Stdio};
 use crate::syscall::syscall::SyscallType;
 use crate::utils::PathBufExt;
 use crate::workload::{self, Executor};
@ -23,6 +24,8 @@ pub struct ContainerBuilder {
    /// The function that actually runs on the container init process. Default
    /// is to execute the specified command in the oci spec.
    pub(super) executor: Box<dyn Executor>,
+    /// Stdio file descriptors to dup inside the container's namespace
+    pub(super) fds: [Fd; 3],
 }

 /// Builder that can be used to configure the common properties of
@ -69,6 +72,8 @@ impl ContainerBuilder {
            console_socket: None,
            preserve_fds: 0,
            executor: workload::default::get_executor(),
+            // by default, inherit stdio
+            fds: [Fd::Inherit, Fd::Inherit, Fd::Inherit],
        }
    }

@ -237,6 +242,25 @@ impl ContainerBuilder {
        self.preserve_fds = preserved_fds;
        self
    }
+
+    /// Sets STDIN within the container
+    pub fn with_stdin(mut self, stdio: Stdio) -> Self {
+        self.fds[0] = stdio.to_fd(false);
+        self
+    }
+
+    /// Sets STDOUT within the container
+    pub fn with_stdout(mut self, stdio: Stdio) -> Self {
+        self.fds[1] = stdio.to_fd(true);
+        self
+    }
+
+    /// Sets STDERR within the container
+    pub fn with_stderr(mut self, stdio: Stdio) -> Self {
+        self.fds[2] = stdio.to_fd(true);
+        self
+    }
+
    /// Sets the number of additional file descriptors which will be passed into
    /// the container process.
    /// # Example
--- a/crates/libcontainer/src/container/builder_impl.rs
+++ b/crates/libcontainer/src/container/builder_impl.rs
@ -1,22 +1,35 @@
-use super::{Container, ContainerStatus};
+use super::{stdio::StdioFds, Container, ContainerStatus};
 use crate::{
    error::{LibcontainerError, MissingSpecError},
    hooks,
    notify_socket::NotifyListener,
+    pipe::{Pipe, PipeError, PipeHolder},
    process::{
        self,
        args::{ContainerArgs, ContainerType},
        intel_rdt::delete_resctrl_subdirectory,
    },
+    stdio::{Closing, Fd},
    syscall::syscall::SyscallType,
    user_ns::UserNamespaceConfig,
    utils,
    workload::Executor,
 };
 use libcgroups::common::CgroupManager;
-use nix::unistd::Pid;
+use nix::{
+    fcntl::{fcntl, FcntlArg, OFlag},
+    sys::stat::Mode,
+    unistd::Pid,
+};
 use oci_spec::runtime::Spec;
-use std::{fs, io::Write, os::unix::prelude::RawFd, path::PathBuf, rc::Rc};
+use std::{
+    collections::HashMap,
+    fs,
+    io::Write,
+    os::{fd::AsRawFd, unix::prelude::RawFd},
+    path::{Path, PathBuf},
+    rc::Rc,
+};

 pub(super) struct ContainerBuilderImpl {
    /// Flag indicating if an init or a tenant container should be created
@ -48,12 +61,14 @@ pub(super) struct ContainerBuilderImpl {
    pub detached: bool,
    /// Default executes the specified execution of a generic command
    pub executor: Box<dyn Executor>,
+    /// Stdio file descriptors to dup inside the container's namespace
+    pub fds: [Fd; 3],
 }

 impl ContainerBuilderImpl {
-    pub(super) fn create(&mut self) -> Result<Pid, LibcontainerError> {
+    pub(super) fn create(&mut self) -> Result<(Pid, StdioFds), LibcontainerError> {
        match self.run_container() {
-            Ok(pid) => Ok(pid),
+            Ok(ret) => Ok(ret),
            Err(outer) => {
                // Only the init container should be cleaned up in the case of
                // an error.
@ -66,7 +81,7 @@ impl ContainerBuilderImpl {
        }
    }

-    fn run_container(&mut self) -> Result<Pid, LibcontainerError> {
+    fn run_container(&mut self) -> Result<(Pid, StdioFds), LibcontainerError> {
        let linux = self.spec.linux().as_ref().ok_or(MissingSpecError::Linux)?;
        let cgroups_path = utils::get_cgroup_path(
            linux.cgroups_path(),
@ -137,6 +152,12 @@ impl ContainerBuilderImpl {
            })?;
        }

+        // Prepare the stdio file descriptors for `dup`-ing inside the container
+        // namespace. Determines which ones needs closing on drop.
+        let mut stdio_descs = prepare_stdio_descriptors(&self.fds)?;
+        // Extract `StdioFds` from the prepared fds, for use by client
+        let stdio_fds = (&mut stdio_descs).into();
+
        // This container_args will be passed to the container processes,
        // therefore we will have to move all the variable by value. Since self
        // is a shared reference, we have to clone these variables here.
@ -153,6 +174,7 @@ impl ContainerBuilderImpl {
            cgroup_config,
            detached: self.detached,
            executor: self.executor.clone(),
+            fds: stdio_descs.inner,
        };

        let (init_pid, need_to_clean_up_intel_rdt_dir) =
@ -181,7 +203,7 @@ impl ContainerBuilderImpl {
                .save()?;
        }

-        Ok(init_pid)
+        Ok((init_pid, stdio_fds))
    }

    fn cleanup_container(&self) -> Result<(), LibcontainerError> {
@ -231,3 +253,89 @@ impl ContainerBuilderImpl {
        Ok(())
    }
 }
+
+struct StdioDescriptors {
+    inner: HashMap<RawFd, RawFd>,
+    outer: HashMap<RawFd, PipeHolder>,
+    _guards: Vec<Closing>,
+}
+
+impl From<&mut StdioDescriptors> for StdioFds {
+    fn from(value: &mut StdioDescriptors) -> Self {
+        StdioFds {
+            stdin: value.outer.remove(&0).and_then(|x| match x {
+                PipeHolder::Writer(x) => Some(x),
+                _ => None,
+            }),
+            stdout: value.outer.remove(&1).and_then(|x| match x {
+                PipeHolder::Reader(x) => Some(x),
+                _ => None,
+            }),
+            stderr: value.outer.remove(&2).and_then(|x| match x {
+                PipeHolder::Reader(x) => Some(x),
+                _ => None,
+            }),
+        }
+    }
+}
+
+fn prepare_stdio_descriptors(fds: &[Fd; 3]) -> Result<StdioDescriptors, LibcontainerError> {
+    let mut inner = HashMap::new();
+    let mut outer = HashMap::new();
+    let mut guards = Vec::new();
+    for (idx, fdkind) in fds.iter().enumerate() {
+        let dest_fd = idx as i32;
+        let mut fd = match fdkind {
+            Fd::ReadPipe => {
+                let (rd, wr) = Pipe::new()?.split();
+                let fd = rd.into_fd();
+                guards.push(Closing::new(fd));
+                outer.insert(dest_fd, PipeHolder::Writer(wr));
+                fd
+            }
+            Fd::WritePipe => {
+                let (rd, wr) = Pipe::new()?.split();
+                let fd = wr.into_fd();
+                guards.push(Closing::new(fd));
+                outer.insert(dest_fd, PipeHolder::Reader(rd));
+                fd
+            }
+            Fd::ReadNull => {
+                // Need to keep fd with cloexec, until we are in child
+                let fd = nix::fcntl::open(
+                    Path::new("/dev/null"),
+                    OFlag::O_CLOEXEC | OFlag::O_RDONLY,
+                    Mode::empty(),
+                )
+                .map_err(PipeError::Open)?;
+                guards.push(Closing::new(fd));
+                fd
+            }
+            Fd::WriteNull => {
+                // Need to keep fd with cloexec, until we are in child
+                let fd = nix::fcntl::open(
+                    Path::new("/dev/null"),
+                    OFlag::O_CLOEXEC | OFlag::O_WRONLY,
+                    Mode::empty(),
+                )
+                .map_err(PipeError::Open)?;
+                guards.push(Closing::new(fd));
+                fd
+            }
+            Fd::Inherit => dest_fd,
+            Fd::Fd(ref x) => x.as_raw_fd(),
+        };
+        // The descriptor must not clobber the descriptors that are passed to
+        // a child
+        while fd != dest_fd && fd < 3 {
+            fd = fcntl(fd, FcntlArg::F_DUPFD_CLOEXEC(3)).map_err(PipeError::Dup)?;
+            guards.push(Closing::new(fd));
+        }
+        inner.insert(dest_fd, fd);
+    }
+    Ok(StdioDescriptors {
+        inner,
+        outer,
+        _guards: guards,
+    })
+}
--- a/crates/libcontainer/src/container/init_builder.rs
+++ b/crates/libcontainer/src/container/init_builder.rs
@ -17,7 +17,8 @@ use crate::{
 };

 use super::{
-    builder::ContainerBuilder, builder_impl::ContainerBuilderImpl, Container, ContainerStatus,
+    builder::ContainerBuilder, builder_impl::ContainerBuilderImpl, stdio::StdioFds, Container,
+    ContainerStatus,
 };

 // Builder that can be used to configure the properties of a new container
@ -52,7 +53,7 @@ impl InitContainerBuilder {
    }

    /// Creates a new container
-    pub fn build(self) -> Result<Container, LibcontainerError> {
+    pub fn build(self) -> Result<(Container, StdioFds), LibcontainerError> {
        let spec = self.load_spec()?;
        let container_dir = self.create_container_dir()?;

@ -109,13 +110,14 @@ impl InitContainerBuilder {
            preserve_fds: self.base.preserve_fds,
            detached: self.detached,
            executor: self.base.executor,
+            fds: self.base.fds,
        };

-        builder_impl.create()?;
+        let (_, stdio_fds) = builder_impl.create()?;

        container.refresh_state()?;

-        Ok(container)
+        Ok((container, stdio_fds))
    }

    fn create_container_dir(&self) -> Result<PathBuf, LibcontainerError> {
--- a/crates/libcontainer/src/container/mod.rs
+++ b/crates/libcontainer/src/container/mod.rs
@ -17,6 +17,7 @@ mod container_resume;
 mod container_start;
 pub mod init_builder;
 pub mod state;
+pub mod stdio;
 pub mod tenant_builder;
 pub use container::CheckpointOptions;
 pub use container::Container;
--- a/crates/libcontainer/src/container/stdio.rs
+++ b/crates/libcontainer/src/container/stdio.rs
@ -0,0 +1,7 @@
+use crate::pipe::{PipeReader, PipeWriter};
+
+pub struct StdioFds {
+    pub stdin: Option<PipeWriter>,
+    pub stdout: Option<PipeReader>,
+    pub stderr: Option<PipeReader>,
+}
--- a/crates/libcontainer/src/container/tenant_builder.rs
+++ b/crates/libcontainer/src/container/tenant_builder.rs
@ -25,6 +25,7 @@ use crate::process::args::ContainerType;
 use crate::{capabilities::CapabilityExt, container::builder_impl::ContainerBuilderImpl};
 use crate::{notify_socket::NotifySocket, tty, user_ns::UserNamespaceConfig, utils};

+use super::stdio::StdioFds;
 use super::{builder::ContainerBuilder, Container};

 const NAMESPACE_TYPES: &[&str] = &["ipc", "uts", "net", "pid", "mnt", "cgroup"];
@ -100,14 +101,12 @@ impl TenantContainerBuilder {
    }

    /// Joins an existing container
-    pub fn build(self) -> Result<Pid, LibcontainerError> {
+    pub fn build(self) -> Result<(Pid, StdioFds), LibcontainerError> {
        let container_dir = self.lookup_container_dir()?;
        let container = self.load_container_state(container_dir.clone())?;
        let mut spec = self.load_init_spec(&container)?;
        self.adapt_spec_for_tenant(&mut spec, &container)?;

-        tracing::debug!("{:#?}", spec);
-
        unistd::chdir(&container_dir).map_err(LibcontainerError::OtherSyscall)?;
        let notify_path = Self::setup_notify_listener(&container_dir)?;
        // convert path of root file system of the container to absolute path
@ -141,6 +140,7 @@ impl TenantContainerBuilder {
            preserve_fds: self.base.preserve_fds,
            detached: self.detached,
            executor: self.base.executor,
+            fds: self.base.fds,
        };

        let pid = builder_impl.create()?;
--- a/crates/libcontainer/src/error.rs
+++ b/crates/libcontainer/src/error.rs
@ -37,6 +37,8 @@ pub enum LibcontainerError {
    #[error(transparent)]
    Tty(#[from] crate::tty::TTYError),
    #[error(transparent)]
+    Pipe(#[from] crate::pipe::PipeError),
+    #[error(transparent)]
    UserNamespace(#[from] crate::user_ns::UserNamespaceError),
    #[error(transparent)]
    NotifyListener(#[from] crate::notify_socket::NotifyListenerError),
--- a/crates/libcontainer/src/lib.rs
+++ b/crates/libcontainer/src/lib.rs
@ -7,11 +7,13 @@ pub mod error;
 pub mod hooks;
 pub mod namespaces;
 pub mod notify_socket;
+pub mod pipe;
 pub mod process;
 pub mod rootfs;
 #[cfg(feature = "libseccomp")]
 pub mod seccomp;
 pub mod signal;
+pub mod stdio;
 pub mod syscall;
 pub mod test_utils;
 pub mod tty;
--- a/crates/libcontainer/src/pipe.rs
+++ b/crates/libcontainer/src/pipe.rs
@ -0,0 +1,115 @@
+use std::io;
+use std::mem;
+use std::os::unix::io::RawFd;
+
+use libc;
+use libc::{c_void, size_t};
+use nix::fcntl::OFlag;
+use nix::unistd::pipe2;
+
+/// A pipe used to communicate with subprocess
+#[derive(Debug)]
+pub struct Pipe(RawFd, RawFd);
+
+/// A reading end of `Pipe` object after `Pipe::split`
+#[derive(Debug)]
+pub struct PipeReader(RawFd);
+
+/// A writing end of `Pipe` object after `Pipe::split`
+#[derive(Debug)]
+pub struct PipeWriter(RawFd);
+
+#[derive(Debug)]
+pub enum PipeHolder {
+    Reader(PipeReader),
+    Writer(PipeWriter),
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum PipeError {
+    #[error("failed to create pipe: {0}")]
+    Create(nix::Error),
+    #[error("failed to open fd: {0}")]
+    Open(nix::Error),
+    #[error("failed to dup fd: {0}")]
+    Dup(nix::Error),
+}
+
+impl Pipe {
+    pub fn new() -> Result<Pipe, PipeError> {
+        let (rd, wr) = pipe2(OFlag::O_CLOEXEC).map_err(PipeError::Create)?;
+        Ok(Pipe(rd, wr))
+    }
+    pub fn split(self) -> (PipeReader, PipeWriter) {
+        let Pipe(rd, wr) = self;
+        mem::forget(self);
+        (PipeReader(rd), PipeWriter(wr))
+    }
+}
+
+impl Drop for Pipe {
+    fn drop(&mut self) {
+        let Pipe(x, y) = *self;
+        unsafe {
+            libc::close(x);
+            libc::close(y);
+        }
+    }
+}
+
+impl PipeReader {
+    /// Extract file descriptor from pipe reader without closing
+    // TODO(tailhook) implement IntoRawFd here
+    pub fn into_fd(self) -> RawFd {
+        let PipeReader(fd) = self;
+        mem::forget(self);
+        fd
+    }
+}
+
+impl PipeWriter {
+    /// Extract file descriptor from pipe reader without closing
+    // TODO(tailhook) implement IntoRawFd her
+    pub fn into_fd(self) -> RawFd {
+        let PipeWriter(fd) = self;
+        mem::forget(self);
+        fd
+    }
+}
+
+impl Drop for PipeReader {
+    fn drop(&mut self) {
+        unsafe { libc::close(self.0) };
+    }
+}
+
+impl Drop for PipeWriter {
+    fn drop(&mut self) {
+        unsafe { libc::close(self.0) };
+    }
+}
+
+impl io::Read for PipeReader {
+    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
+        let ret =
+            unsafe { libc::read(self.0, buf.as_mut_ptr() as *mut c_void, buf.len() as size_t) };
+        if ret < 0 {
+            return Err(io::Error::last_os_error());
+        }
+        Ok(ret as usize)
+    }
+}
+
+impl io::Write for PipeWriter {
+    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
+        let ret =
+            unsafe { libc::write(self.0, buf.as_ptr() as *const c_void, buf.len() as size_t) };
+        if ret < 0 {
+            return Err(io::Error::last_os_error());
+        }
+        Ok(ret as usize)
+    }
+    fn flush(&mut self) -> io::Result<()> {
+        Ok(())
+    }
+}
--- a/crates/libcontainer/src/process/args.rs
+++ b/crates/libcontainer/src/process/args.rs
@ -1,5 +1,6 @@
 use libcgroups::common::CgroupConfig;
 use oci_spec::runtime::Spec;
+use std::collections::HashMap;
 use std::os::unix::prelude::RawFd;
 use std::path::PathBuf;
 use std::rc::Rc;
@ -41,4 +42,6 @@ pub struct ContainerArgs {
    pub detached: bool,
    /// Manage the functions that actually run on the container
    pub executor: Box<dyn Executor>,
+
+    pub fds: HashMap<RawFd, RawFd>,
 }
--- a/crates/libcontainer/src/process/container_init_process.rs
+++ b/crates/libcontainer/src/process/container_init_process.rs
@ -7,6 +7,7 @@ use crate::{
    capabilities, hooks, namespaces::Namespaces, process::channel, rootfs::RootFS, tty,
    user_ns::UserNamespaceConfig, utils,
 };
+use libc::{FD_CLOEXEC, F_GETFD, F_SETFD};
 use nc;
 use nix::mount::MsFlags;
 use nix::sched::CloneFlags;
@ -50,6 +51,8 @@ pub enum InitProcessError {
    MissingSpec(#[from] crate::error::MissingSpecError),
    #[error("failed to setup tty")]
    Tty(#[source] tty::TTYError),
+    #[error("failed to setup stdio")]
+    Stdio(#[source] std::io::Error),
    #[error("failed to run hooks")]
    Hooks(#[from] hooks::HookError),
    #[error("failed to prepare rootfs")]
@ -305,6 +308,32 @@ pub fn container_init_process(
            tracing::error!(?err, "failed to set up tty");
            InitProcessError::Tty(err)
        })?;
+    } else {
+        unsafe {
+            for (dest_fd, src_fd) in args.fds.iter() {
+                if src_fd == dest_fd {
+                    let flags = libc::fcntl(*src_fd, F_GETFD);
+                    if flags < 0 {
+                        return Err(InitProcessError::Stdio(std::io::Error::from_raw_os_error(
+                            flags,
+                        )));
+                    }
+                    let ret = libc::fcntl(*src_fd, F_SETFD, flags & !FD_CLOEXEC);
+                    if ret < 0 {
+                        return Err(InitProcessError::Stdio(std::io::Error::from_raw_os_error(
+                            ret,
+                        )));
+                    }
+                } else {
+                    let ret = libc::dup2(*src_fd, *dest_fd);
+                    if ret < 0 {
+                        return Err(InitProcessError::Stdio(std::io::Error::from_raw_os_error(
+                            ret,
+                        )));
+                    }
+                }
+            }
+        }
    }

    apply_rest_namespaces(&namespaces, spec, syscall.as_ref())?;
@ -531,7 +560,7 @@ pub fn container_init_process(
        }
    }
    #[cfg(not(feature = "libseccomp"))]
-    if proc.no_new_privileges().is_none() {
+    if proc.no_new_privileges().unwrap_or_default() {
        tracing::warn!("seccomp not available, unable to enforce no_new_privileges!")
    }

@ -592,7 +621,7 @@ pub fn container_init_process(
        }
    }
    #[cfg(not(feature = "libseccomp"))]
-    if proc.no_new_privileges().is_some() {
+    if proc.no_new_privileges().unwrap_or_default() {
        tracing::warn!("seccomp not available, unable to set seccomp privileges!")
    }

--- a/crates/libcontainer/src/stdio.rs
+++ b/crates/libcontainer/src/stdio.rs
@ -0,0 +1,146 @@
+// Code mostly copied from the `unshare` crate.
+
+use std::io;
+use std::os::unix::io::{AsRawFd, IntoRawFd, RawFd};
+
+use nix::fcntl::{fcntl, FcntlArg};
+
+/// An enumeration that is used to configure stdio file descritors
+///
+/// The enumeration members might be non-stable, it's better to use
+/// one of the constructors to create an instance
+#[derive(Default)]
+pub enum Stdio {
+    /// This fd will be inherited from the parent application
+    #[default]
+    Inherit,
+    /// This fd will use pipe to/from the appliation
+    Pipe,
+    /// This fd will open /dev/null in read or write mode
+    Null,
+    /// This is fd passed by application (and closed by `unshare`)
+    Fd(Closing),
+}
+
+/// An enumeration that is used to configure non-stdio file descriptors. It
+/// differs from stdio one because we must differentiate from readable and
+/// writable file descriptors for things open by the library
+///
+/// The enumeration members might be non-stable, it's better to use
+/// one of the constructors to create an instance
+pub enum Fd {
+    /// This fd is a reading end of a pipe
+    ReadPipe,
+    /// This fd is a writing end of a pipe
+    WritePipe,
+    /// This fd is inherited from parent (current) process
+    Inherit,
+    /// This fd is redirected from `/dev/null`
+    ReadNull,
+    /// This fd is redirected to `/dev/null`
+    WriteNull,
+    /// This is fd passed by application (and closed by `unshare`)
+    Fd(Closing),
+}
+
+pub struct Closing(RawFd);
+
+pub fn dup_file_cloexec<F: AsRawFd>(file: &F) -> io::Result<Closing> {
+    match fcntl(file.as_raw_fd(), FcntlArg::F_DUPFD_CLOEXEC(3)) {
+        Ok(fd) => Ok(Closing::new(fd)),
+        Err(errno) => Err(io::Error::from_raw_os_error(errno as i32)),
+    }
+}
+
+impl Stdio {
+    /// Pipe is created for child process
+    pub fn piped() -> Stdio {
+        Stdio::Pipe
+    }
+    /// The child inherits file descriptor from the parent process
+    pub fn inherit() -> Stdio {
+        Stdio::Inherit
+    }
+    /// Stream is attached to `/dev/null`
+    pub fn null() -> Stdio {
+        Stdio::Null
+    }
+    /// Converts stdio definition to file descriptor definition
+    /// (mostly needed internally)
+    pub fn to_fd(self, write: bool) -> Fd {
+        match (self, write) {
+            (Stdio::Fd(x), _) => Fd::Fd(x),
+            (Stdio::Pipe, false) => Fd::ReadPipe,
+            (Stdio::Pipe, true) => Fd::WritePipe,
+            (Stdio::Inherit, _) => Fd::Inherit,
+            (Stdio::Null, false) => Fd::ReadNull,
+            (Stdio::Null, true) => Fd::WriteNull,
+        }
+    }
+    /// A simpler helper method for `from_raw_fd`, that does dup of file
+    /// descriptor, so is actually safe to use (but can fail)
+    pub fn dup_file<F: AsRawFd>(file: &F) -> io::Result<Stdio> {
+        dup_file_cloexec(file).map(Stdio::Fd)
+    }
+    /// A simpler helper method for `from_raw_fd`, that consumes file
+    ///
+    /// Note: we assume that file descriptor **already has** the `CLOEXEC`
+    /// flag. This is by default for all files opened by rust.
+    pub fn from_file<F: IntoRawFd>(file: F) -> Stdio {
+        Stdio::Fd(Closing(file.into_raw_fd()))
+    }
+}
+
+impl Fd {
+    /// Create a pipe so that child can read from it
+    pub fn piped_read() -> Fd {
+        Fd::ReadPipe
+    }
+    /// Create a pipe so that child can write to it
+    pub fn piped_write() -> Fd {
+        Fd::WritePipe
+    }
+    /// Inherit the child descriptor from parent
+    ///
+    /// Not very useful for custom file descriptors better use `from_file()`
+    pub fn inherit() -> Fd {
+        Fd::Inherit
+    }
+    /// Create a readable pipe that always has end of file condition
+    pub fn read_null() -> Fd {
+        Fd::ReadNull
+    }
+    /// Create a writable pipe that ignores all the input
+    pub fn write_null() -> Fd {
+        Fd::WriteNull
+    }
+    /// A simpler helper method for `from_raw_fd`, that does dup of file
+    /// descriptor, so is actually safe to use (but can fail)
+    pub fn dup_file<F: AsRawFd>(file: &F) -> io::Result<Fd> {
+        dup_file_cloexec(file).map(Fd::Fd)
+    }
+    /// A simpler helper method for `from_raw_fd`, that consumes file
+    pub fn from_file<F: IntoRawFd>(file: F) -> Fd {
+        Fd::Fd(Closing(file.into_raw_fd()))
+    }
+}
+
+impl Closing {
+    pub fn new(fd: RawFd) -> Closing {
+        Closing(fd)
+    }
+}
+
+impl AsRawFd for Closing {
+    fn as_raw_fd(&self) -> RawFd {
+        self.0
+    }
+}
+
+impl Drop for Closing {
+    fn drop(&mut self) {
+        unsafe {
+            libc::close(self.0);
+        }
+    }
+}
--- a/crates/libcontainer/src/workload/default.rs
+++ b/crates/libcontainer/src/workload/default.rs
@ -57,52 +57,55 @@ impl Executor for DefaultExecutor {
            ))?;

        if let Some(args) = proc.args() {
-            let envs: Vec<String> = proc.env().as_ref().unwrap_or(&vec![]).clone();
-            let path_vars: Vec<&String> = envs.iter().filter(|&e| e.starts_with("PATH=")).collect();
-            if path_vars.is_empty() {
-                tracing::error!("PATH environment variable is not set");
-                Err(ExecutorValidationError::ArgValidationError(
-                    "PATH environment variable is not set".into(),
-                ))?;
-            }
-            let path_var = path_vars[0].trim_start_matches("PATH=");
-            match get_executable_path(&args[0], path_var) {
-                None => {
-                    tracing::error!(
-                        executable = ?args[0],
-                        "executable for container process not found in PATH",
-                    );
-                    Err(ExecutorValidationError::ArgValidationError(format!(
-                        "executable '{}' not found in $PATH",
-                        args[0]
-                    )))?;
+            if !args[0].contains('/') {
+                let envs: Vec<String> = proc.env().as_ref().unwrap_or(&vec![]).clone();
+                let path_vars: Vec<&String> =
+                    envs.iter().filter(|&e| e.starts_with("PATH=")).collect();
+                if path_vars.is_empty() {
+                    tracing::error!("PATH environment variable is not set");
+                    Err(ExecutorValidationError::ArgValidationError(
+                        "PATH environment variable is not set".into(),
+                    ))?;
                }
-                Some(path) => match is_executable(&path) {
-                    Ok(true) => {
-                        tracing::debug!(executable = ?path, "found executable in executor");
-                    }
-                    Ok(false) => {
+                let path_var = path_vars[0].trim_start_matches("PATH=");
+                match get_executable_path(&args[0], path_var) {
+                    None => {
                        tracing::error!(
-                            executable = ?path,
-                            "executable does not have the correct permission set",
+                            executable = ?args[0],
+                            "executable for container process not found in PATH",
                        );
                        Err(ExecutorValidationError::ArgValidationError(format!(
-                            "executable '{}' at path '{:?}' does not have correct permissions",
-                            args[0], path
+                            "executable '{}' not found in $PATH",
+                            args[0]
                        )))?;
                    }
-                    Err(err) => {
-                        tracing::error!(
-                            executable = ?path,
-                            ?err,
-                            "failed to check permissions for executable",
-                        );
-                        Err(ExecutorValidationError::ArgValidationError(format!(
+                    Some(path) => match is_executable(&path) {
+                        Ok(true) => {
+                            tracing::debug!(executable = ?path, "found executable in executor");
+                        }
+                        Ok(false) => {
+                            tracing::error!(
+                                executable = ?path,
+                                "executable does not have the correct permission set",
+                            );
+                            Err(ExecutorValidationError::ArgValidationError(format!(
+                                "executable '{}' at path '{:?}' does not have correct permissions",
+                                args[0], path
+                            )))?;
+                        }
+                        Err(err) => {
+                            tracing::error!(
+                                executable = ?path,
+                                ?err,
+                                "failed to check permissions for executable",
+                            );
+                            Err(ExecutorValidationError::ArgValidationError(format!(
                            "failed to check permissions for executable '{}' at path '{:?}' : {}",
                            args[0], path, err
                        )))?;
-                    }
-                },
+                        }
+                    },
+                }
            }
        }

--- a/crates/youki/Cargo.toml
+++ b/crates/youki/Cargo.toml
@ -44,8 +44,8 @@ caps = "0.5.5"
 wasmer = { version = "4.0.0", optional = true }
 wasmer-wasix = { version = "0.9.0", optional = true }
 wasmedge-sdk = { version = "0.13.2", optional = true }
-wasmtime = { version = "19.0.2", optional = true }
-wasi-common = { version = "19.0.2", optional = true }
+wasmtime = { version = "20.0.0", optional = true }
+wasi-common = { version = "20.0.0", optional = true }
 tracing = { version = "0.1.40", features = ["attributes"] }
 tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] }
 tracing-journald = "0.3.0"
--- a/crates/youki/src/commands/exec.rs
+++ b/crates/youki/src/commands/exec.rs
@ -8,7 +8,7 @@ use liboci_cli::Exec;
 use crate::workload::executor::default_executor;

 pub fn exec(args: Exec, root_path: PathBuf) -> Result<i32> {
-    let pid = ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
+    let (pid, _) = ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
        .with_executor(default_executor())
        .with_root_path(root_path)?
        .with_console_socket(args.console_socket.as_ref())
--- a/crates/youki/src/commands/run.rs
+++ b/crates/youki/src/commands/run.rs
@ -15,17 +15,18 @@ use nix::{
 use crate::workload::executor::default_executor;

 pub fn run(args: Run, root_path: PathBuf, systemd_cgroup: bool) -> Result<i32> {
-    let mut container = ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
-        .with_executor(default_executor())
-        .with_pid_file(args.pid_file.as_ref())?
-        .with_console_socket(args.console_socket.as_ref())
-        .with_root_path(root_path)?
-        .with_preserved_fds(args.preserve_fds)
-        .validate_id()?
-        .as_init(&args.bundle)
-        .with_systemd(systemd_cgroup)
-        .with_detach(args.detach)
-        .build()?;
+    let (mut container, _) =
+        ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
+            .with_executor(default_executor())
+            .with_pid_file(args.pid_file.as_ref())?
+            .with_console_socket(args.console_socket.as_ref())
+            .with_root_path(root_path)?
+            .with_preserved_fds(args.preserve_fds)
+            .validate_id()?
+            .as_init(&args.bundle)
+            .with_systemd(systemd_cgroup)
+            .with_detach(args.detach)
+            .build()?;

    container
        .start()
Author	SHA1	Message	Date
Jerome Gravel-Niquet	f4864d6ab2	Merge `68973b6605` into `cd9bfd8d79`	2024-04-24 20:52:14 +09:00
dependabot[bot]	cd9bfd8d79	Bump wasmtime and wasi-common from 19.0.2 to 20.0.0 (#2771 ) * Bump wasi-common from 19.0.2 to 20.0.0 Bumps [wasi-common](https://github.com/bytecodealliance/wasmtime) from 19.0.2 to 20.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: wasi-common dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump wasmtime from 19.0.2 to 20.0.0 Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 19.0.2 to 20.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: wasmtime dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yashodhan Joshi <yjdoc2@gmail.com>	2024-04-24 05:36:17 +00:00
Jerome Gravel-Niquet	68973b6605	don't warn about seccomp if no_new_privileges is not Some(true) Signed-off-by: Jerome Gravel-Niquet <jeromegn@gmail.com>	2024-04-09 11:07:26 -04:00
Jerome Gravel-Niquet	f535c45bde	remove debug log Signed-off-by: Jerome Gravel-Niquet <jeromegn@gmail.com>	2024-04-09 11:07:26 -04:00
Jerome Gravel-Niquet	56056e543c	clearer errors, don't try to allocate more than 3 fds Signed-off-by: Jerome Gravel-Niquet <jeromegn@gmail.com>	2024-04-09 11:07:26 -04:00
Jerome Gravel-Niquet	9e0951b3c2	support setting stdin, stdout and stderr Signed-off-by: Jerome Gravel-Niquet <jeromegn@gmail.com>	2024-04-09 11:07:26 -04:00