mirror of
https://github.com/containers/youki
synced 2024-05-25 08:56:07 +02:00
Compare commits
6 Commits
04843f39cb
...
f4864d6ab2
Author | SHA1 | Date | |
---|---|---|---|
Jerome Gravel-Niquet | f4864d6ab2 | ||
dependabot[bot] | cd9bfd8d79 | ||
Jerome Gravel-Niquet | 68973b6605 | ||
Jerome Gravel-Niquet | f535c45bde | ||
Jerome Gravel-Niquet | 56056e543c | ||
Jerome Gravel-Niquet | 9e0951b3c2 |
|
@ -185,7 +185,7 @@ dependencies = [
|
|||
"cfg-if",
|
||||
"libc",
|
||||
"miniz_oxide",
|
||||
"object",
|
||||
"object 0.32.2",
|
||||
"rustc-demangle",
|
||||
]
|
||||
|
||||
|
@ -610,11 +610,11 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-bforest"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3b57d4f3ffc28bbd6ef1ca7b50b20126717232f97487efe027d135d9d87eb29c"
|
||||
checksum = "79b27922a6879b5b5361d0a084cb0b1941bf109a98540addcb932da13b68bed4"
|
||||
dependencies = [
|
||||
"cranelift-entity 0.106.2",
|
||||
"cranelift-entity 0.107.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -640,17 +640,17 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-codegen"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d1f7d0ac7fd53f2c29db3ff9a063f6ff5a8be2abaa8f6942aceb6e1521e70df7"
|
||||
checksum = "304c455b28bf56372729acb356afbb55d622f2b0f2f7837aa5e57c138acaac4d"
|
||||
dependencies = [
|
||||
"bumpalo",
|
||||
"cranelift-bforest 0.106.2",
|
||||
"cranelift-codegen-meta 0.106.2",
|
||||
"cranelift-codegen-shared 0.106.2",
|
||||
"cranelift-bforest 0.107.0",
|
||||
"cranelift-codegen-meta 0.107.0",
|
||||
"cranelift-codegen-shared 0.107.0",
|
||||
"cranelift-control",
|
||||
"cranelift-entity 0.106.2",
|
||||
"cranelift-isle 0.106.2",
|
||||
"cranelift-entity 0.107.0",
|
||||
"cranelift-isle 0.107.0",
|
||||
"gimli 0.28.1",
|
||||
"hashbrown 0.14.3",
|
||||
"log",
|
||||
|
@ -670,11 +670,11 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-codegen-meta"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b40bf21460a600178956cb7fd900a7408c6587fbb988a8063f7215361801a1da"
|
||||
checksum = "1653c56b99591d07f67c5ca7f9f25888948af3f4b97186bff838d687d666f613"
|
||||
dependencies = [
|
||||
"cranelift-codegen-shared 0.106.2",
|
||||
"cranelift-codegen-shared 0.107.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -685,15 +685,15 @@ checksum = "278e52e29c53fcf32431ef08406c295699a70306d05a0715c5b1bf50e33a9ab7"
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-codegen-shared"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d792ecc1243b7ebec4a7f77d9ed428ef27456eeb1f8c780587a6f5c38841be19"
|
||||
checksum = "f5b6a9cf6b6eb820ee3f973a0db313c05dc12d370f37b4fe9630286e1672573f"
|
||||
|
||||
[[package]]
|
||||
name = "cranelift-control"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cea2808043df964b73ad7582e09afbbe06a31f3fb9db834d53e74b4e16facaeb"
|
||||
checksum = "d9d06e6bf30075fb6bed9e034ec046475093392eea1aff90eb5c44c4a033d19a"
|
||||
dependencies = [
|
||||
"arbitrary",
|
||||
]
|
||||
|
@ -720,9 +720,9 @@ checksum = "9a59bcbca89c3f1b70b93ab3cbba5e5e0cbf3e63dadb23c7525cb142e21a9d4c"
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-entity"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f1930946836da6f514da87625cd1a0331f3908e0de454628c24a0b97b130c4d4"
|
||||
checksum = "29be04f931b73cdb9694874a295027471817f26f26d2f0ebe5454153176b6e3a"
|
||||
dependencies = [
|
||||
"serde",
|
||||
"serde_derive",
|
||||
|
@ -742,11 +742,11 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-frontend"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5482a5fcdf98f2f31b21093643bdcfe9030866b8be6481117022e7f52baa0f2b"
|
||||
checksum = "a07fd7393041d7faa2f37426f5dc7fc04003b70988810e8c063beefeff1cd8f9"
|
||||
dependencies = [
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-codegen 0.107.0",
|
||||
"log",
|
||||
"smallvec",
|
||||
"target-lexicon",
|
||||
|
@ -760,34 +760,34 @@ checksum = "393bc73c451830ff8dbb3a07f61843d6cb41a084f9996319917c0b291ed785bb"
|
|||
|
||||
[[package]]
|
||||
name = "cranelift-isle"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6f6e1869b6053383bdb356900e42e33555b4c9ebee05699469b7c53cdafc82ea"
|
||||
checksum = "f341d7938caa6dff8149dac05bb2b53fc680323826b83b4cf175ab9f5139a3c9"
|
||||
|
||||
[[package]]
|
||||
name = "cranelift-native"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a91446e8045f1c4bc164b7bba68e2419c623904580d4b730877a663c6da38964"
|
||||
checksum = "82af6066e6448d26eeabb7aa26a43f7ff79f8217b06bade4ee6ef230aecc8880"
|
||||
dependencies = [
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-codegen 0.107.0",
|
||||
"libc",
|
||||
"target-lexicon",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "cranelift-wasm"
|
||||
version = "0.106.2"
|
||||
version = "0.107.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f8b17979b862d3b0d52de6ae3294ffe4d86c36027b56ad0443a7c8c8f921d14f"
|
||||
checksum = "2766fab7284a914a7f17f90ebe865c86453225fb8637ac31f123f5028fee69cd"
|
||||
dependencies = [
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-entity 0.106.2",
|
||||
"cranelift-frontend 0.106.2",
|
||||
"cranelift-codegen 0.107.0",
|
||||
"cranelift-entity 0.107.0",
|
||||
"cranelift-frontend 0.107.0",
|
||||
"itertools",
|
||||
"log",
|
||||
"smallvec",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmparser 0.202.0",
|
||||
"wasmtime-types",
|
||||
]
|
||||
|
||||
|
@ -1979,7 +1979,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||
checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"windows-targets 0.48.5",
|
||||
"windows-targets 0.52.4",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -2351,6 +2351,15 @@ name = "object"
|
|||
version = "0.32.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
|
||||
dependencies = [
|
||||
"memchr",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "object"
|
||||
version = "0.33.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d8dd6c0cdf9429bce006e1362bfce61fa1bfd8c898a643ed8d2b471934701d3d"
|
||||
dependencies = [
|
||||
"crc32fast",
|
||||
"hashbrown 0.14.3",
|
||||
|
@ -4465,9 +4474,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
|
|||
|
||||
[[package]]
|
||||
name = "wasi-common"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ce39d43366511a954708a80e9e2e1245bf2fed4e37385cc49f8686d7a9c094dc"
|
||||
checksum = "63255d85e10627b07325d7cf4e5fe5a40fa4ff183569a0a67931be26d50ede07"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"bitflags 2.5.0",
|
||||
|
@ -4578,15 +4587,6 @@ version = "0.2.84"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
|
||||
|
||||
[[package]]
|
||||
name = "wasm-encoder"
|
||||
version = "0.201.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b9c7d2731df60006819b013f64ccc2019691deccf6e11a1804bc850cd6748f1a"
|
||||
dependencies = [
|
||||
"leb128",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasm-encoder"
|
||||
version = "0.202.0"
|
||||
|
@ -4899,9 +4899,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmparser"
|
||||
version = "0.201.0"
|
||||
version = "0.202.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "84e5df6dba6c0d7fafc63a450f1738451ed7a0b52295d83e868218fa286bf708"
|
||||
checksum = "d6998515d3cf3f8b980ef7c11b29a9b1017d4cf86b99ae93b546992df9931413"
|
||||
dependencies = [
|
||||
"bitflags 2.5.0",
|
||||
"indexmap 2.2.6",
|
||||
|
@ -4910,19 +4910,19 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmprinter"
|
||||
version = "0.201.0"
|
||||
version = "0.202.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a67e66da702706ba08729a78e3c0079085f6bfcb1a62e4799e97bbf728c2c265"
|
||||
checksum = "ab1cc9508685eef9502e787f4d4123745f5651a1e29aec047645d3cac1e2da7a"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmparser 0.202.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4e300c0e3f19dc9064e3b17ce661088646c70dbdde36aab46470ed68ba58db7d"
|
||||
checksum = "5a5990663c28d81015ddbb02a068ac1bf396a4ea296eba7125b2dfc7c00cb52e"
|
||||
dependencies = [
|
||||
"addr2line",
|
||||
"anyhow",
|
||||
|
@ -4937,7 +4937,7 @@ dependencies = [
|
|||
"ittapi",
|
||||
"libc",
|
||||
"log",
|
||||
"object",
|
||||
"object 0.33.0",
|
||||
"once_cell",
|
||||
"paste",
|
||||
"rayon",
|
||||
|
@ -4947,8 +4947,8 @@ dependencies = [
|
|||
"serde_derive",
|
||||
"serde_json",
|
||||
"target-lexicon",
|
||||
"wasm-encoder 0.201.0",
|
||||
"wasmparser 0.201.0",
|
||||
"wasm-encoder",
|
||||
"wasmparser 0.202.0",
|
||||
"wasmtime-cache",
|
||||
"wasmtime-component-macro",
|
||||
"wasmtime-component-util",
|
||||
|
@ -4966,18 +4966,18 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-asm-macros"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "110aa598e02a136fb095ca70fa96367fc16bab55256a131e66f9b58f16c73daf"
|
||||
checksum = "625ee94c72004f3ea0228989c9506596e469517d7d0ed66f7300d1067bdf1ca9"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-cache"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c4e660537b0ac2fc76917fb0cc9d403d2448b6983a84e59c51f7fea7b7dae024"
|
||||
checksum = "98534bf28de232299e83eab33984a7a6c40c69534d6bd0ea216150b63d41a83a"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"base64",
|
||||
|
@ -4995,9 +4995,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-component-macro"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "091f32ce586251ac4d07019388fb665b010d9518ffe47be1ddbabb162eed6007"
|
||||
checksum = "64f84414a25ee3a624c8b77550f3fe7b5d8145bd3405ca58886ee6900abb6dc2"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"proc-macro2",
|
||||
|
@ -5010,72 +5010,55 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-component-util"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0dd17dc1ebc0b28fd24b6b9d07638f55b82ae908918ff08fd221f8b0fefa9125"
|
||||
checksum = "78580bdb4e04c7da3bf98088559ca1d29382668536e4d5c7f2f966d79c390307"
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-cranelift"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e923262451a4b5b39fe02f69f1338d56356db470e289ea1887346b9c7f592738"
|
||||
checksum = "b60df0ee08c6a536c765f69e9e8205273435b66d02dd401e938769a2622a6c1a"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"cfg-if",
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-codegen 0.107.0",
|
||||
"cranelift-control",
|
||||
"cranelift-entity 0.106.2",
|
||||
"cranelift-frontend 0.106.2",
|
||||
"cranelift-entity 0.107.0",
|
||||
"cranelift-frontend 0.107.0",
|
||||
"cranelift-native",
|
||||
"cranelift-wasm",
|
||||
"gimli 0.28.1",
|
||||
"log",
|
||||
"object",
|
||||
"object 0.33.0",
|
||||
"target-lexicon",
|
||||
"thiserror",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmtime-cranelift-shared",
|
||||
"wasmparser 0.202.0",
|
||||
"wasmtime-environ",
|
||||
"wasmtime-versioned-export-macros",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-cranelift-shared"
|
||||
version = "19.0.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "508898cbbea0df81a5d29cfc1c7c72431a1bc4c9e89fd9514b4c868474c05c7a"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-control",
|
||||
"cranelift-native",
|
||||
"gimli 0.28.1",
|
||||
"object",
|
||||
"target-lexicon",
|
||||
"wasmtime-environ",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-environ"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d7e3f2aa72dbb64c19708646e1ff97650f34e254598b82bad5578ea9c80edd30"
|
||||
checksum = "64ffc1613db69ee47c96738861534f9a405e422a5aa00224fbf5d410b03fb445"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"bincode",
|
||||
"cpp_demangle",
|
||||
"cranelift-entity 0.106.2",
|
||||
"cranelift-entity 0.107.0",
|
||||
"gimli 0.28.1",
|
||||
"indexmap 2.2.6",
|
||||
"log",
|
||||
"object",
|
||||
"object 0.33.0",
|
||||
"rustc-demangle",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"target-lexicon",
|
||||
"thiserror",
|
||||
"wasm-encoder 0.201.0",
|
||||
"wasmparser 0.201.0",
|
||||
"wasm-encoder",
|
||||
"wasmparser 0.202.0",
|
||||
"wasmprinter",
|
||||
"wasmtime-component-util",
|
||||
"wasmtime-types",
|
||||
|
@ -5083,9 +5066,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-fiber"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9235b643527bcbac808216ed342e1fba324c95f14a62762acfa6f2e6ca5edbd6"
|
||||
checksum = "f043514a23792761c5765f8ba61a4aa7d67f260c0c37494caabceb41d8ae81de"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"cc",
|
||||
|
@ -5098,11 +5081,11 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-jit-debug"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "92de34217bf7f0464262adf391a9950eba440f9dfc7d3b0e3209302875c6f65f"
|
||||
checksum = "9c0ca2ad8f5d2b37f507ef1c935687a690e84e9f325f5a2af9639440b43c1f0e"
|
||||
dependencies = [
|
||||
"object",
|
||||
"object 0.33.0",
|
||||
"once_cell",
|
||||
"rustix",
|
||||
"wasmtime-versioned-export-macros",
|
||||
|
@ -5110,9 +5093,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-jit-icache-coherence"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c22ca2ef4d87b23d400660373453e274b2251bc2d674e3102497f690135e04b0"
|
||||
checksum = "7a9f93a3289057b26dc75eb84d6e60d7694f7d169c7c09597495de6e016a13ff"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"libc",
|
||||
|
@ -5121,9 +5104,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-runtime"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1806ee242ca4fd183309b7406e4e83ae7739b7569f395d56700de7c7ef9f5eb8"
|
||||
checksum = "c6332a2b0af4224c3ea57c857ad39acd2780ccc2b0c99ba1baa01864d90d7c94"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"cc",
|
||||
|
@ -5132,47 +5115,47 @@ dependencies = [
|
|||
"indexmap 2.2.6",
|
||||
"libc",
|
||||
"log",
|
||||
"mach",
|
||||
"mach2",
|
||||
"memfd",
|
||||
"memoffset 0.9.1",
|
||||
"paste",
|
||||
"psm",
|
||||
"rustix",
|
||||
"sptr",
|
||||
"wasm-encoder 0.201.0",
|
||||
"wasm-encoder",
|
||||
"wasmtime-asm-macros",
|
||||
"wasmtime-environ",
|
||||
"wasmtime-fiber",
|
||||
"wasmtime-jit-debug",
|
||||
"wasmtime-slab",
|
||||
"wasmtime-versioned-export-macros",
|
||||
"wasmtime-wmemcheck",
|
||||
"windows-sys 0.52.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-slab"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "20c58bef9ce877fd06acb58f08d003af17cb05cc51225b455e999fbad8e584c0"
|
||||
checksum = "8b3655075824a374c536a2b2cc9283bb765fcdf3d58b58587862c48571ad81ef"
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-types"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cebe297aa063136d9d2e5b347c1528868aa43c2c8d0e1eb0eec144567e38fe0f"
|
||||
checksum = "b98cf64a242b0b9257604181ca28b28a5fcaa4c9ea1d396f76d1d2d1c5b40eef"
|
||||
dependencies = [
|
||||
"cranelift-entity 0.106.2",
|
||||
"cranelift-entity 0.107.0",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"thiserror",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmparser 0.202.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-versioned-export-macros"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ffaafa5c12355b1a9ee068e9295d50c4ca0a400c721950cdae4f5b54391a2da5"
|
||||
checksum = "8561d9e2920db2a175213d557d71c2ac7695831ab472bbfafb9060cd1034684f"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
|
@ -5181,26 +5164,26 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wasmtime-winch"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d618b4e90d3f259b1b77411ce573c9f74aade561957102132e169918aabdc863"
|
||||
checksum = "a06b573d14ac846a0fb8c541d8fca6a64acf9a1d176176982472274ab1d2fa5d"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-codegen 0.107.0",
|
||||
"gimli 0.28.1",
|
||||
"object",
|
||||
"object 0.33.0",
|
||||
"target-lexicon",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmtime-cranelift-shared",
|
||||
"wasmparser 0.202.0",
|
||||
"wasmtime-cranelift",
|
||||
"wasmtime-environ",
|
||||
"winch-codegen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-wit-bindgen"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7c7a253c8505edd7493603e548bff3af937b0b7dbf2b498bd5ff2131b651af72"
|
||||
checksum = "595bc7bb3b0ff4aa00fab718c323ea552c3034d77abc821a35112552f2ea487a"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"heck 0.4.1",
|
||||
|
@ -5208,12 +5191,6 @@ dependencies = [
|
|||
"wit-parser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmtime-wmemcheck"
|
||||
version = "19.0.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c9a8c62e9df8322b2166d2a6f096fbec195ddb093748fd74170dcf25ef596769"
|
||||
|
||||
[[package]]
|
||||
name = "wast"
|
||||
version = "35.0.2"
|
||||
|
@ -5233,7 +5210,7 @@ dependencies = [
|
|||
"leb128",
|
||||
"memchr",
|
||||
"unicode-width",
|
||||
"wasm-encoder 0.202.0",
|
||||
"wasm-encoder",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -5325,9 +5302,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wiggle"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "899d3fe5fbacd02f114cacdaa1cca9040280c4153c71833a77b9609c60ccf72b"
|
||||
checksum = "1b6552dda951239e219c329e5a768393664e8d120c5e0818487ac2633f173b1f"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"async-trait",
|
||||
|
@ -5340,9 +5317,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wiggle-generate"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2df5887f452cff44ffe1e1aba69b7fafe812deed38498446fa7a46b55e962cd5"
|
||||
checksum = "da64cb31e0bfe8b1d2d13956ef9fd5c77545756a1a6ef0e6cfd44e8f1f207aed"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"heck 0.4.1",
|
||||
|
@ -5355,9 +5332,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wiggle-macro"
|
||||
version = "19.0.2"
|
||||
version = "20.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "acdb12de36507498abaa3a042f895a43ee00a2f6125b6901b9a27edf72bfdbe7"
|
||||
checksum = "900b2416ef2ff2903ded6cf55d4a941fed601bf56a8c4874856d7a77c1891994"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
|
@ -5398,17 +5375,18 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
|
|||
|
||||
[[package]]
|
||||
name = "winch-codegen"
|
||||
version = "0.17.2"
|
||||
version = "0.18.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2d15869abc9e3bb29c017c003dbe007a08e9910e8ff9023a962aa13c1b2ee6af"
|
||||
checksum = "fb23450977f9d4a23c02439cf6899340b2d68887b19465c5682740d9cc37d52e"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"cranelift-codegen 0.106.2",
|
||||
"cranelift-codegen 0.107.0",
|
||||
"gimli 0.28.1",
|
||||
"regalloc2 0.9.3",
|
||||
"smallvec",
|
||||
"target-lexicon",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmparser 0.202.0",
|
||||
"wasmtime-cranelift",
|
||||
"wasmtime-environ",
|
||||
]
|
||||
|
||||
|
@ -5642,9 +5620,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "wit-parser"
|
||||
version = "0.201.0"
|
||||
version = "0.202.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "196d3ecfc4b759a8573bf86a9b3f8996b304b3732e4c7de81655f875f6efdca6"
|
||||
checksum = "744237b488352f4f27bca05a10acb79474415951c450e52ebd0da784c1df2bcc"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"id-arena",
|
||||
|
@ -5655,7 +5633,7 @@ dependencies = [
|
|||
"serde_derive",
|
||||
"serde_json",
|
||||
"unicode-xid",
|
||||
"wasmparser 0.201.0",
|
||||
"wasmparser 0.202.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
use crate::error::{ErrInvalidID, LibcontainerError};
|
||||
use crate::stdio::{Fd, Stdio};
|
||||
use crate::syscall::syscall::SyscallType;
|
||||
use crate::utils::PathBufExt;
|
||||
use crate::workload::{self, Executor};
|
||||
|
@ -23,6 +24,8 @@ pub struct ContainerBuilder {
|
|||
/// The function that actually runs on the container init process. Default
|
||||
/// is to execute the specified command in the oci spec.
|
||||
pub(super) executor: Box<dyn Executor>,
|
||||
/// Stdio file descriptors to dup inside the container's namespace
|
||||
pub(super) fds: [Fd; 3],
|
||||
}
|
||||
|
||||
/// Builder that can be used to configure the common properties of
|
||||
|
@ -69,6 +72,8 @@ impl ContainerBuilder {
|
|||
console_socket: None,
|
||||
preserve_fds: 0,
|
||||
executor: workload::default::get_executor(),
|
||||
// by default, inherit stdio
|
||||
fds: [Fd::Inherit, Fd::Inherit, Fd::Inherit],
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -237,6 +242,25 @@ impl ContainerBuilder {
|
|||
self.preserve_fds = preserved_fds;
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets STDIN within the container
|
||||
pub fn with_stdin(mut self, stdio: Stdio) -> Self {
|
||||
self.fds[0] = stdio.to_fd(false);
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets STDOUT within the container
|
||||
pub fn with_stdout(mut self, stdio: Stdio) -> Self {
|
||||
self.fds[1] = stdio.to_fd(true);
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets STDERR within the container
|
||||
pub fn with_stderr(mut self, stdio: Stdio) -> Self {
|
||||
self.fds[2] = stdio.to_fd(true);
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets the number of additional file descriptors which will be passed into
|
||||
/// the container process.
|
||||
/// # Example
|
||||
|
|
|
@ -1,22 +1,35 @@
|
|||
use super::{Container, ContainerStatus};
|
||||
use super::{stdio::StdioFds, Container, ContainerStatus};
|
||||
use crate::{
|
||||
error::{LibcontainerError, MissingSpecError},
|
||||
hooks,
|
||||
notify_socket::NotifyListener,
|
||||
pipe::{Pipe, PipeError, PipeHolder},
|
||||
process::{
|
||||
self,
|
||||
args::{ContainerArgs, ContainerType},
|
||||
intel_rdt::delete_resctrl_subdirectory,
|
||||
},
|
||||
stdio::{Closing, Fd},
|
||||
syscall::syscall::SyscallType,
|
||||
user_ns::UserNamespaceConfig,
|
||||
utils,
|
||||
workload::Executor,
|
||||
};
|
||||
use libcgroups::common::CgroupManager;
|
||||
use nix::unistd::Pid;
|
||||
use nix::{
|
||||
fcntl::{fcntl, FcntlArg, OFlag},
|
||||
sys::stat::Mode,
|
||||
unistd::Pid,
|
||||
};
|
||||
use oci_spec::runtime::Spec;
|
||||
use std::{fs, io::Write, os::unix::prelude::RawFd, path::PathBuf, rc::Rc};
|
||||
use std::{
|
||||
collections::HashMap,
|
||||
fs,
|
||||
io::Write,
|
||||
os::{fd::AsRawFd, unix::prelude::RawFd},
|
||||
path::{Path, PathBuf},
|
||||
rc::Rc,
|
||||
};
|
||||
|
||||
pub(super) struct ContainerBuilderImpl {
|
||||
/// Flag indicating if an init or a tenant container should be created
|
||||
|
@ -48,12 +61,14 @@ pub(super) struct ContainerBuilderImpl {
|
|||
pub detached: bool,
|
||||
/// Default executes the specified execution of a generic command
|
||||
pub executor: Box<dyn Executor>,
|
||||
/// Stdio file descriptors to dup inside the container's namespace
|
||||
pub fds: [Fd; 3],
|
||||
}
|
||||
|
||||
impl ContainerBuilderImpl {
|
||||
pub(super) fn create(&mut self) -> Result<Pid, LibcontainerError> {
|
||||
pub(super) fn create(&mut self) -> Result<(Pid, StdioFds), LibcontainerError> {
|
||||
match self.run_container() {
|
||||
Ok(pid) => Ok(pid),
|
||||
Ok(ret) => Ok(ret),
|
||||
Err(outer) => {
|
||||
// Only the init container should be cleaned up in the case of
|
||||
// an error.
|
||||
|
@ -66,7 +81,7 @@ impl ContainerBuilderImpl {
|
|||
}
|
||||
}
|
||||
|
||||
fn run_container(&mut self) -> Result<Pid, LibcontainerError> {
|
||||
fn run_container(&mut self) -> Result<(Pid, StdioFds), LibcontainerError> {
|
||||
let linux = self.spec.linux().as_ref().ok_or(MissingSpecError::Linux)?;
|
||||
let cgroups_path = utils::get_cgroup_path(
|
||||
linux.cgroups_path(),
|
||||
|
@ -137,6 +152,12 @@ impl ContainerBuilderImpl {
|
|||
})?;
|
||||
}
|
||||
|
||||
// Prepare the stdio file descriptors for `dup`-ing inside the container
|
||||
// namespace. Determines which ones needs closing on drop.
|
||||
let mut stdio_descs = prepare_stdio_descriptors(&self.fds)?;
|
||||
// Extract `StdioFds` from the prepared fds, for use by client
|
||||
let stdio_fds = (&mut stdio_descs).into();
|
||||
|
||||
// This container_args will be passed to the container processes,
|
||||
// therefore we will have to move all the variable by value. Since self
|
||||
// is a shared reference, we have to clone these variables here.
|
||||
|
@ -153,6 +174,7 @@ impl ContainerBuilderImpl {
|
|||
cgroup_config,
|
||||
detached: self.detached,
|
||||
executor: self.executor.clone(),
|
||||
fds: stdio_descs.inner,
|
||||
};
|
||||
|
||||
let (init_pid, need_to_clean_up_intel_rdt_dir) =
|
||||
|
@ -181,7 +203,7 @@ impl ContainerBuilderImpl {
|
|||
.save()?;
|
||||
}
|
||||
|
||||
Ok(init_pid)
|
||||
Ok((init_pid, stdio_fds))
|
||||
}
|
||||
|
||||
fn cleanup_container(&self) -> Result<(), LibcontainerError> {
|
||||
|
@ -231,3 +253,89 @@ impl ContainerBuilderImpl {
|
|||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
struct StdioDescriptors {
|
||||
inner: HashMap<RawFd, RawFd>,
|
||||
outer: HashMap<RawFd, PipeHolder>,
|
||||
_guards: Vec<Closing>,
|
||||
}
|
||||
|
||||
impl From<&mut StdioDescriptors> for StdioFds {
|
||||
fn from(value: &mut StdioDescriptors) -> Self {
|
||||
StdioFds {
|
||||
stdin: value.outer.remove(&0).and_then(|x| match x {
|
||||
PipeHolder::Writer(x) => Some(x),
|
||||
_ => None,
|
||||
}),
|
||||
stdout: value.outer.remove(&1).and_then(|x| match x {
|
||||
PipeHolder::Reader(x) => Some(x),
|
||||
_ => None,
|
||||
}),
|
||||
stderr: value.outer.remove(&2).and_then(|x| match x {
|
||||
PipeHolder::Reader(x) => Some(x),
|
||||
_ => None,
|
||||
}),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fn prepare_stdio_descriptors(fds: &[Fd; 3]) -> Result<StdioDescriptors, LibcontainerError> {
|
||||
let mut inner = HashMap::new();
|
||||
let mut outer = HashMap::new();
|
||||
let mut guards = Vec::new();
|
||||
for (idx, fdkind) in fds.iter().enumerate() {
|
||||
let dest_fd = idx as i32;
|
||||
let mut fd = match fdkind {
|
||||
Fd::ReadPipe => {
|
||||
let (rd, wr) = Pipe::new()?.split();
|
||||
let fd = rd.into_fd();
|
||||
guards.push(Closing::new(fd));
|
||||
outer.insert(dest_fd, PipeHolder::Writer(wr));
|
||||
fd
|
||||
}
|
||||
Fd::WritePipe => {
|
||||
let (rd, wr) = Pipe::new()?.split();
|
||||
let fd = wr.into_fd();
|
||||
guards.push(Closing::new(fd));
|
||||
outer.insert(dest_fd, PipeHolder::Reader(rd));
|
||||
fd
|
||||
}
|
||||
Fd::ReadNull => {
|
||||
// Need to keep fd with cloexec, until we are in child
|
||||
let fd = nix::fcntl::open(
|
||||
Path::new("/dev/null"),
|
||||
OFlag::O_CLOEXEC | OFlag::O_RDONLY,
|
||||
Mode::empty(),
|
||||
)
|
||||
.map_err(PipeError::Open)?;
|
||||
guards.push(Closing::new(fd));
|
||||
fd
|
||||
}
|
||||
Fd::WriteNull => {
|
||||
// Need to keep fd with cloexec, until we are in child
|
||||
let fd = nix::fcntl::open(
|
||||
Path::new("/dev/null"),
|
||||
OFlag::O_CLOEXEC | OFlag::O_WRONLY,
|
||||
Mode::empty(),
|
||||
)
|
||||
.map_err(PipeError::Open)?;
|
||||
guards.push(Closing::new(fd));
|
||||
fd
|
||||
}
|
||||
Fd::Inherit => dest_fd,
|
||||
Fd::Fd(ref x) => x.as_raw_fd(),
|
||||
};
|
||||
// The descriptor must not clobber the descriptors that are passed to
|
||||
// a child
|
||||
while fd != dest_fd && fd < 3 {
|
||||
fd = fcntl(fd, FcntlArg::F_DUPFD_CLOEXEC(3)).map_err(PipeError::Dup)?;
|
||||
guards.push(Closing::new(fd));
|
||||
}
|
||||
inner.insert(dest_fd, fd);
|
||||
}
|
||||
Ok(StdioDescriptors {
|
||||
inner,
|
||||
outer,
|
||||
_guards: guards,
|
||||
})
|
||||
}
|
||||
|
|
|
@ -17,7 +17,8 @@ use crate::{
|
|||
};
|
||||
|
||||
use super::{
|
||||
builder::ContainerBuilder, builder_impl::ContainerBuilderImpl, Container, ContainerStatus,
|
||||
builder::ContainerBuilder, builder_impl::ContainerBuilderImpl, stdio::StdioFds, Container,
|
||||
ContainerStatus,
|
||||
};
|
||||
|
||||
// Builder that can be used to configure the properties of a new container
|
||||
|
@ -52,7 +53,7 @@ impl InitContainerBuilder {
|
|||
}
|
||||
|
||||
/// Creates a new container
|
||||
pub fn build(self) -> Result<Container, LibcontainerError> {
|
||||
pub fn build(self) -> Result<(Container, StdioFds), LibcontainerError> {
|
||||
let spec = self.load_spec()?;
|
||||
let container_dir = self.create_container_dir()?;
|
||||
|
||||
|
@ -109,13 +110,14 @@ impl InitContainerBuilder {
|
|||
preserve_fds: self.base.preserve_fds,
|
||||
detached: self.detached,
|
||||
executor: self.base.executor,
|
||||
fds: self.base.fds,
|
||||
};
|
||||
|
||||
builder_impl.create()?;
|
||||
let (_, stdio_fds) = builder_impl.create()?;
|
||||
|
||||
container.refresh_state()?;
|
||||
|
||||
Ok(container)
|
||||
Ok((container, stdio_fds))
|
||||
}
|
||||
|
||||
fn create_container_dir(&self) -> Result<PathBuf, LibcontainerError> {
|
||||
|
|
|
@ -17,6 +17,7 @@ mod container_resume;
|
|||
mod container_start;
|
||||
pub mod init_builder;
|
||||
pub mod state;
|
||||
pub mod stdio;
|
||||
pub mod tenant_builder;
|
||||
pub use container::CheckpointOptions;
|
||||
pub use container::Container;
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
use crate::pipe::{PipeReader, PipeWriter};
|
||||
|
||||
pub struct StdioFds {
|
||||
pub stdin: Option<PipeWriter>,
|
||||
pub stdout: Option<PipeReader>,
|
||||
pub stderr: Option<PipeReader>,
|
||||
}
|
|
@ -25,6 +25,7 @@ use crate::process::args::ContainerType;
|
|||
use crate::{capabilities::CapabilityExt, container::builder_impl::ContainerBuilderImpl};
|
||||
use crate::{notify_socket::NotifySocket, tty, user_ns::UserNamespaceConfig, utils};
|
||||
|
||||
use super::stdio::StdioFds;
|
||||
use super::{builder::ContainerBuilder, Container};
|
||||
|
||||
const NAMESPACE_TYPES: &[&str] = &["ipc", "uts", "net", "pid", "mnt", "cgroup"];
|
||||
|
@ -100,14 +101,12 @@ impl TenantContainerBuilder {
|
|||
}
|
||||
|
||||
/// Joins an existing container
|
||||
pub fn build(self) -> Result<Pid, LibcontainerError> {
|
||||
pub fn build(self) -> Result<(Pid, StdioFds), LibcontainerError> {
|
||||
let container_dir = self.lookup_container_dir()?;
|
||||
let container = self.load_container_state(container_dir.clone())?;
|
||||
let mut spec = self.load_init_spec(&container)?;
|
||||
self.adapt_spec_for_tenant(&mut spec, &container)?;
|
||||
|
||||
tracing::debug!("{:#?}", spec);
|
||||
|
||||
unistd::chdir(&container_dir).map_err(LibcontainerError::OtherSyscall)?;
|
||||
let notify_path = Self::setup_notify_listener(&container_dir)?;
|
||||
// convert path of root file system of the container to absolute path
|
||||
|
@ -141,6 +140,7 @@ impl TenantContainerBuilder {
|
|||
preserve_fds: self.base.preserve_fds,
|
||||
detached: self.detached,
|
||||
executor: self.base.executor,
|
||||
fds: self.base.fds,
|
||||
};
|
||||
|
||||
let pid = builder_impl.create()?;
|
||||
|
|
|
@ -37,6 +37,8 @@ pub enum LibcontainerError {
|
|||
#[error(transparent)]
|
||||
Tty(#[from] crate::tty::TTYError),
|
||||
#[error(transparent)]
|
||||
Pipe(#[from] crate::pipe::PipeError),
|
||||
#[error(transparent)]
|
||||
UserNamespace(#[from] crate::user_ns::UserNamespaceError),
|
||||
#[error(transparent)]
|
||||
NotifyListener(#[from] crate::notify_socket::NotifyListenerError),
|
||||
|
|
|
@ -7,11 +7,13 @@ pub mod error;
|
|||
pub mod hooks;
|
||||
pub mod namespaces;
|
||||
pub mod notify_socket;
|
||||
pub mod pipe;
|
||||
pub mod process;
|
||||
pub mod rootfs;
|
||||
#[cfg(feature = "libseccomp")]
|
||||
pub mod seccomp;
|
||||
pub mod signal;
|
||||
pub mod stdio;
|
||||
pub mod syscall;
|
||||
pub mod test_utils;
|
||||
pub mod tty;
|
||||
|
|
|
@ -0,0 +1,115 @@
|
|||
use std::io;
|
||||
use std::mem;
|
||||
use std::os::unix::io::RawFd;
|
||||
|
||||
use libc;
|
||||
use libc::{c_void, size_t};
|
||||
use nix::fcntl::OFlag;
|
||||
use nix::unistd::pipe2;
|
||||
|
||||
/// A pipe used to communicate with subprocess
|
||||
#[derive(Debug)]
|
||||
pub struct Pipe(RawFd, RawFd);
|
||||
|
||||
/// A reading end of `Pipe` object after `Pipe::split`
|
||||
#[derive(Debug)]
|
||||
pub struct PipeReader(RawFd);
|
||||
|
||||
/// A writing end of `Pipe` object after `Pipe::split`
|
||||
#[derive(Debug)]
|
||||
pub struct PipeWriter(RawFd);
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum PipeHolder {
|
||||
Reader(PipeReader),
|
||||
Writer(PipeWriter),
|
||||
}
|
||||
|
||||
#[derive(Debug, thiserror::Error)]
|
||||
pub enum PipeError {
|
||||
#[error("failed to create pipe: {0}")]
|
||||
Create(nix::Error),
|
||||
#[error("failed to open fd: {0}")]
|
||||
Open(nix::Error),
|
||||
#[error("failed to dup fd: {0}")]
|
||||
Dup(nix::Error),
|
||||
}
|
||||
|
||||
impl Pipe {
|
||||
pub fn new() -> Result<Pipe, PipeError> {
|
||||
let (rd, wr) = pipe2(OFlag::O_CLOEXEC).map_err(PipeError::Create)?;
|
||||
Ok(Pipe(rd, wr))
|
||||
}
|
||||
pub fn split(self) -> (PipeReader, PipeWriter) {
|
||||
let Pipe(rd, wr) = self;
|
||||
mem::forget(self);
|
||||
(PipeReader(rd), PipeWriter(wr))
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for Pipe {
|
||||
fn drop(&mut self) {
|
||||
let Pipe(x, y) = *self;
|
||||
unsafe {
|
||||
libc::close(x);
|
||||
libc::close(y);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl PipeReader {
|
||||
/// Extract file descriptor from pipe reader without closing
|
||||
// TODO(tailhook) implement IntoRawFd here
|
||||
pub fn into_fd(self) -> RawFd {
|
||||
let PipeReader(fd) = self;
|
||||
mem::forget(self);
|
||||
fd
|
||||
}
|
||||
}
|
||||
|
||||
impl PipeWriter {
|
||||
/// Extract file descriptor from pipe reader without closing
|
||||
// TODO(tailhook) implement IntoRawFd her
|
||||
pub fn into_fd(self) -> RawFd {
|
||||
let PipeWriter(fd) = self;
|
||||
mem::forget(self);
|
||||
fd
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for PipeReader {
|
||||
fn drop(&mut self) {
|
||||
unsafe { libc::close(self.0) };
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for PipeWriter {
|
||||
fn drop(&mut self) {
|
||||
unsafe { libc::close(self.0) };
|
||||
}
|
||||
}
|
||||
|
||||
impl io::Read for PipeReader {
|
||||
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
|
||||
let ret =
|
||||
unsafe { libc::read(self.0, buf.as_mut_ptr() as *mut c_void, buf.len() as size_t) };
|
||||
if ret < 0 {
|
||||
return Err(io::Error::last_os_error());
|
||||
}
|
||||
Ok(ret as usize)
|
||||
}
|
||||
}
|
||||
|
||||
impl io::Write for PipeWriter {
|
||||
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
|
||||
let ret =
|
||||
unsafe { libc::write(self.0, buf.as_ptr() as *const c_void, buf.len() as size_t) };
|
||||
if ret < 0 {
|
||||
return Err(io::Error::last_os_error());
|
||||
}
|
||||
Ok(ret as usize)
|
||||
}
|
||||
fn flush(&mut self) -> io::Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
use libcgroups::common::CgroupConfig;
|
||||
use oci_spec::runtime::Spec;
|
||||
use std::collections::HashMap;
|
||||
use std::os::unix::prelude::RawFd;
|
||||
use std::path::PathBuf;
|
||||
use std::rc::Rc;
|
||||
|
@ -41,4 +42,6 @@ pub struct ContainerArgs {
|
|||
pub detached: bool,
|
||||
/// Manage the functions that actually run on the container
|
||||
pub executor: Box<dyn Executor>,
|
||||
|
||||
pub fds: HashMap<RawFd, RawFd>,
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ use crate::{
|
|||
capabilities, hooks, namespaces::Namespaces, process::channel, rootfs::RootFS, tty,
|
||||
user_ns::UserNamespaceConfig, utils,
|
||||
};
|
||||
use libc::{FD_CLOEXEC, F_GETFD, F_SETFD};
|
||||
use nc;
|
||||
use nix::mount::MsFlags;
|
||||
use nix::sched::CloneFlags;
|
||||
|
@ -50,6 +51,8 @@ pub enum InitProcessError {
|
|||
MissingSpec(#[from] crate::error::MissingSpecError),
|
||||
#[error("failed to setup tty")]
|
||||
Tty(#[source] tty::TTYError),
|
||||
#[error("failed to setup stdio")]
|
||||
Stdio(#[source] std::io::Error),
|
||||
#[error("failed to run hooks")]
|
||||
Hooks(#[from] hooks::HookError),
|
||||
#[error("failed to prepare rootfs")]
|
||||
|
@ -305,6 +308,32 @@ pub fn container_init_process(
|
|||
tracing::error!(?err, "failed to set up tty");
|
||||
InitProcessError::Tty(err)
|
||||
})?;
|
||||
} else {
|
||||
unsafe {
|
||||
for (dest_fd, src_fd) in args.fds.iter() {
|
||||
if src_fd == dest_fd {
|
||||
let flags = libc::fcntl(*src_fd, F_GETFD);
|
||||
if flags < 0 {
|
||||
return Err(InitProcessError::Stdio(std::io::Error::from_raw_os_error(
|
||||
flags,
|
||||
)));
|
||||
}
|
||||
let ret = libc::fcntl(*src_fd, F_SETFD, flags & !FD_CLOEXEC);
|
||||
if ret < 0 {
|
||||
return Err(InitProcessError::Stdio(std::io::Error::from_raw_os_error(
|
||||
ret,
|
||||
)));
|
||||
}
|
||||
} else {
|
||||
let ret = libc::dup2(*src_fd, *dest_fd);
|
||||
if ret < 0 {
|
||||
return Err(InitProcessError::Stdio(std::io::Error::from_raw_os_error(
|
||||
ret,
|
||||
)));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
apply_rest_namespaces(&namespaces, spec, syscall.as_ref())?;
|
||||
|
@ -531,7 +560,7 @@ pub fn container_init_process(
|
|||
}
|
||||
}
|
||||
#[cfg(not(feature = "libseccomp"))]
|
||||
if proc.no_new_privileges().is_none() {
|
||||
if proc.no_new_privileges().unwrap_or_default() {
|
||||
tracing::warn!("seccomp not available, unable to enforce no_new_privileges!")
|
||||
}
|
||||
|
||||
|
@ -592,7 +621,7 @@ pub fn container_init_process(
|
|||
}
|
||||
}
|
||||
#[cfg(not(feature = "libseccomp"))]
|
||||
if proc.no_new_privileges().is_some() {
|
||||
if proc.no_new_privileges().unwrap_or_default() {
|
||||
tracing::warn!("seccomp not available, unable to set seccomp privileges!")
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,146 @@
|
|||
// Code mostly copied from the `unshare` crate.
|
||||
|
||||
use std::io;
|
||||
use std::os::unix::io::{AsRawFd, IntoRawFd, RawFd};
|
||||
|
||||
use nix::fcntl::{fcntl, FcntlArg};
|
||||
|
||||
/// An enumeration that is used to configure stdio file descritors
|
||||
///
|
||||
/// The enumeration members might be non-stable, it's better to use
|
||||
/// one of the constructors to create an instance
|
||||
#[derive(Default)]
|
||||
pub enum Stdio {
|
||||
/// This fd will be inherited from the parent application
|
||||
#[default]
|
||||
Inherit,
|
||||
/// This fd will use pipe to/from the appliation
|
||||
Pipe,
|
||||
/// This fd will open /dev/null in read or write mode
|
||||
Null,
|
||||
/// This is fd passed by application (and closed by `unshare`)
|
||||
Fd(Closing),
|
||||
}
|
||||
|
||||
/// An enumeration that is used to configure non-stdio file descriptors. It
|
||||
/// differs from stdio one because we must differentiate from readable and
|
||||
/// writable file descriptors for things open by the library
|
||||
///
|
||||
/// The enumeration members might be non-stable, it's better to use
|
||||
/// one of the constructors to create an instance
|
||||
pub enum Fd {
|
||||
/// This fd is a reading end of a pipe
|
||||
ReadPipe,
|
||||
/// This fd is a writing end of a pipe
|
||||
WritePipe,
|
||||
/// This fd is inherited from parent (current) process
|
||||
Inherit,
|
||||
/// This fd is redirected from `/dev/null`
|
||||
ReadNull,
|
||||
/// This fd is redirected to `/dev/null`
|
||||
WriteNull,
|
||||
/// This is fd passed by application (and closed by `unshare`)
|
||||
Fd(Closing),
|
||||
}
|
||||
|
||||
pub struct Closing(RawFd);
|
||||
|
||||
pub fn dup_file_cloexec<F: AsRawFd>(file: &F) -> io::Result<Closing> {
|
||||
match fcntl(file.as_raw_fd(), FcntlArg::F_DUPFD_CLOEXEC(3)) {
|
||||
Ok(fd) => Ok(Closing::new(fd)),
|
||||
Err(errno) => Err(io::Error::from_raw_os_error(errno as i32)),
|
||||
}
|
||||
}
|
||||
|
||||
impl Stdio {
|
||||
/// Pipe is created for child process
|
||||
pub fn piped() -> Stdio {
|
||||
Stdio::Pipe
|
||||
}
|
||||
/// The child inherits file descriptor from the parent process
|
||||
pub fn inherit() -> Stdio {
|
||||
Stdio::Inherit
|
||||
}
|
||||
/// Stream is attached to `/dev/null`
|
||||
pub fn null() -> Stdio {
|
||||
Stdio::Null
|
||||
}
|
||||
/// Converts stdio definition to file descriptor definition
|
||||
/// (mostly needed internally)
|
||||
pub fn to_fd(self, write: bool) -> Fd {
|
||||
match (self, write) {
|
||||
(Stdio::Fd(x), _) => Fd::Fd(x),
|
||||
(Stdio::Pipe, false) => Fd::ReadPipe,
|
||||
(Stdio::Pipe, true) => Fd::WritePipe,
|
||||
(Stdio::Inherit, _) => Fd::Inherit,
|
||||
(Stdio::Null, false) => Fd::ReadNull,
|
||||
(Stdio::Null, true) => Fd::WriteNull,
|
||||
}
|
||||
}
|
||||
/// A simpler helper method for `from_raw_fd`, that does dup of file
|
||||
/// descriptor, so is actually safe to use (but can fail)
|
||||
pub fn dup_file<F: AsRawFd>(file: &F) -> io::Result<Stdio> {
|
||||
dup_file_cloexec(file).map(Stdio::Fd)
|
||||
}
|
||||
/// A simpler helper method for `from_raw_fd`, that consumes file
|
||||
///
|
||||
/// Note: we assume that file descriptor **already has** the `CLOEXEC`
|
||||
/// flag. This is by default for all files opened by rust.
|
||||
pub fn from_file<F: IntoRawFd>(file: F) -> Stdio {
|
||||
Stdio::Fd(Closing(file.into_raw_fd()))
|
||||
}
|
||||
}
|
||||
|
||||
impl Fd {
|
||||
/// Create a pipe so that child can read from it
|
||||
pub fn piped_read() -> Fd {
|
||||
Fd::ReadPipe
|
||||
}
|
||||
/// Create a pipe so that child can write to it
|
||||
pub fn piped_write() -> Fd {
|
||||
Fd::WritePipe
|
||||
}
|
||||
/// Inherit the child descriptor from parent
|
||||
///
|
||||
/// Not very useful for custom file descriptors better use `from_file()`
|
||||
pub fn inherit() -> Fd {
|
||||
Fd::Inherit
|
||||
}
|
||||
/// Create a readable pipe that always has end of file condition
|
||||
pub fn read_null() -> Fd {
|
||||
Fd::ReadNull
|
||||
}
|
||||
/// Create a writable pipe that ignores all the input
|
||||
pub fn write_null() -> Fd {
|
||||
Fd::WriteNull
|
||||
}
|
||||
/// A simpler helper method for `from_raw_fd`, that does dup of file
|
||||
/// descriptor, so is actually safe to use (but can fail)
|
||||
pub fn dup_file<F: AsRawFd>(file: &F) -> io::Result<Fd> {
|
||||
dup_file_cloexec(file).map(Fd::Fd)
|
||||
}
|
||||
/// A simpler helper method for `from_raw_fd`, that consumes file
|
||||
pub fn from_file<F: IntoRawFd>(file: F) -> Fd {
|
||||
Fd::Fd(Closing(file.into_raw_fd()))
|
||||
}
|
||||
}
|
||||
|
||||
impl Closing {
|
||||
pub fn new(fd: RawFd) -> Closing {
|
||||
Closing(fd)
|
||||
}
|
||||
}
|
||||
|
||||
impl AsRawFd for Closing {
|
||||
fn as_raw_fd(&self) -> RawFd {
|
||||
self.0
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for Closing {
|
||||
fn drop(&mut self) {
|
||||
unsafe {
|
||||
libc::close(self.0);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -57,52 +57,55 @@ impl Executor for DefaultExecutor {
|
|||
))?;
|
||||
|
||||
if let Some(args) = proc.args() {
|
||||
let envs: Vec<String> = proc.env().as_ref().unwrap_or(&vec![]).clone();
|
||||
let path_vars: Vec<&String> = envs.iter().filter(|&e| e.starts_with("PATH=")).collect();
|
||||
if path_vars.is_empty() {
|
||||
tracing::error!("PATH environment variable is not set");
|
||||
Err(ExecutorValidationError::ArgValidationError(
|
||||
"PATH environment variable is not set".into(),
|
||||
))?;
|
||||
}
|
||||
let path_var = path_vars[0].trim_start_matches("PATH=");
|
||||
match get_executable_path(&args[0], path_var) {
|
||||
None => {
|
||||
tracing::error!(
|
||||
executable = ?args[0],
|
||||
"executable for container process not found in PATH",
|
||||
);
|
||||
Err(ExecutorValidationError::ArgValidationError(format!(
|
||||
"executable '{}' not found in $PATH",
|
||||
args[0]
|
||||
)))?;
|
||||
if !args[0].contains('/') {
|
||||
let envs: Vec<String> = proc.env().as_ref().unwrap_or(&vec![]).clone();
|
||||
let path_vars: Vec<&String> =
|
||||
envs.iter().filter(|&e| e.starts_with("PATH=")).collect();
|
||||
if path_vars.is_empty() {
|
||||
tracing::error!("PATH environment variable is not set");
|
||||
Err(ExecutorValidationError::ArgValidationError(
|
||||
"PATH environment variable is not set".into(),
|
||||
))?;
|
||||
}
|
||||
Some(path) => match is_executable(&path) {
|
||||
Ok(true) => {
|
||||
tracing::debug!(executable = ?path, "found executable in executor");
|
||||
}
|
||||
Ok(false) => {
|
||||
let path_var = path_vars[0].trim_start_matches("PATH=");
|
||||
match get_executable_path(&args[0], path_var) {
|
||||
None => {
|
||||
tracing::error!(
|
||||
executable = ?path,
|
||||
"executable does not have the correct permission set",
|
||||
executable = ?args[0],
|
||||
"executable for container process not found in PATH",
|
||||
);
|
||||
Err(ExecutorValidationError::ArgValidationError(format!(
|
||||
"executable '{}' at path '{:?}' does not have correct permissions",
|
||||
args[0], path
|
||||
"executable '{}' not found in $PATH",
|
||||
args[0]
|
||||
)))?;
|
||||
}
|
||||
Err(err) => {
|
||||
tracing::error!(
|
||||
executable = ?path,
|
||||
?err,
|
||||
"failed to check permissions for executable",
|
||||
);
|
||||
Err(ExecutorValidationError::ArgValidationError(format!(
|
||||
Some(path) => match is_executable(&path) {
|
||||
Ok(true) => {
|
||||
tracing::debug!(executable = ?path, "found executable in executor");
|
||||
}
|
||||
Ok(false) => {
|
||||
tracing::error!(
|
||||
executable = ?path,
|
||||
"executable does not have the correct permission set",
|
||||
);
|
||||
Err(ExecutorValidationError::ArgValidationError(format!(
|
||||
"executable '{}' at path '{:?}' does not have correct permissions",
|
||||
args[0], path
|
||||
)))?;
|
||||
}
|
||||
Err(err) => {
|
||||
tracing::error!(
|
||||
executable = ?path,
|
||||
?err,
|
||||
"failed to check permissions for executable",
|
||||
);
|
||||
Err(ExecutorValidationError::ArgValidationError(format!(
|
||||
"failed to check permissions for executable '{}' at path '{:?}' : {}",
|
||||
args[0], path, err
|
||||
)))?;
|
||||
}
|
||||
},
|
||||
}
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -44,8 +44,8 @@ caps = "0.5.5"
|
|||
wasmer = { version = "4.0.0", optional = true }
|
||||
wasmer-wasix = { version = "0.9.0", optional = true }
|
||||
wasmedge-sdk = { version = "0.13.2", optional = true }
|
||||
wasmtime = { version = "19.0.2", optional = true }
|
||||
wasi-common = { version = "19.0.2", optional = true }
|
||||
wasmtime = { version = "20.0.0", optional = true }
|
||||
wasi-common = { version = "20.0.0", optional = true }
|
||||
tracing = { version = "0.1.40", features = ["attributes"] }
|
||||
tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] }
|
||||
tracing-journald = "0.3.0"
|
||||
|
|
|
@ -8,7 +8,7 @@ use liboci_cli::Exec;
|
|||
use crate::workload::executor::default_executor;
|
||||
|
||||
pub fn exec(args: Exec, root_path: PathBuf) -> Result<i32> {
|
||||
let pid = ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
|
||||
let (pid, _) = ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
|
||||
.with_executor(default_executor())
|
||||
.with_root_path(root_path)?
|
||||
.with_console_socket(args.console_socket.as_ref())
|
||||
|
|
|
@ -15,17 +15,18 @@ use nix::{
|
|||
use crate::workload::executor::default_executor;
|
||||
|
||||
pub fn run(args: Run, root_path: PathBuf, systemd_cgroup: bool) -> Result<i32> {
|
||||
let mut container = ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
|
||||
.with_executor(default_executor())
|
||||
.with_pid_file(args.pid_file.as_ref())?
|
||||
.with_console_socket(args.console_socket.as_ref())
|
||||
.with_root_path(root_path)?
|
||||
.with_preserved_fds(args.preserve_fds)
|
||||
.validate_id()?
|
||||
.as_init(&args.bundle)
|
||||
.with_systemd(systemd_cgroup)
|
||||
.with_detach(args.detach)
|
||||
.build()?;
|
||||
let (mut container, _) =
|
||||
ContainerBuilder::new(args.container_id.clone(), SyscallType::default())
|
||||
.with_executor(default_executor())
|
||||
.with_pid_file(args.pid_file.as_ref())?
|
||||
.with_console_socket(args.console_socket.as_ref())
|
||||
.with_root_path(root_path)?
|
||||
.with_preserved_fds(args.preserve_fds)
|
||||
.validate_id()?
|
||||
.as_init(&args.bundle)
|
||||
.with_systemd(systemd_cgroup)
|
||||
.with_detach(args.detach)
|
||||
.build()?;
|
||||
|
||||
container
|
||||
.start()
|
||||
|
|
Loading…
Reference in New Issue