Add Lifecycle controls

Also change runsc pause/resume cmd to access Lifecycle instead of containerManager. PiperOrigin-RevId: 388534928
author: Chong Cai <chongc@google.com> 2021-08-03 13:46:38 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-08-03 13:49:26 -0700
commit: 8caf231cb14128938a08208a0580e37e20be1fc1 (patch)
tree: 55508c058624fa8dd1fbd84a38916c4897f3bba9
parent: 15d1d9fdfd7ded74d747ab3b9a0fc75688dbd09d (diff)
4 files changed, 46 insertions, 28 deletions
diff --git a/pkg/sentry/control/BUILD b/pkg/sentry/control/BUILD
index deaf5fa23..9fb8a054d 100644
--- a/pkg/sentry/control/BUILD
+++ b/pkg/sentry/control/BUILD
@@ -6,6 +6,7 @@ go_library(
     name = "control",
     srcs = [
         "control.go",
+        "lifecycle.go",
         "logging.go",
         "pprof.go",
         "proc.go",
diff --git a/pkg/sentry/control/lifecycle.go b/pkg/sentry/control/lifecycle.go
new file mode 100644
index 000000000..67abf497d
--- /dev/null
+++ b/pkg/sentry/control/lifecycle.go
@@ -0,0 +1,36 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package control
+
+import (
+	"gvisor.dev/gvisor/pkg/sentry/kernel"
+)
+
+// Lifecycle provides functions related to starting and stopping tasks.
+type Lifecycle struct {
+	Kernel *kernel.Kernel
+}
+
+// Pause pauses all tasks, blocking until they are stopped.
+func (l *Lifecycle) Pause(_, _ *struct{}) error {
+	l.Kernel.Pause()
+	return nil
+}
+
+// Resume resumes all tasks.
+func (l *Lifecycle) Resume(_, _ *struct{}) error {
+	l.Kernel.Unpause()
+	return nil
+}
diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go
index e5b0ec3ae..548797788 100644
--- a/runsc/boot/controller.go
+++ b/runsc/boot/controller.go
@@ -57,20 +57,12 @@ const (
 	// ContMgrExecuteAsync executes a command in a container.
 	ContMgrExecuteAsync = "containerManager.ExecuteAsync"
 
-	// ContMgrPause pauses the sandbox (note that individual containers cannot be
-	// paused).
-	ContMgrPause = "containerManager.Pause"
-
 	// ContMgrProcesses lists processes running in a container.
 	ContMgrProcesses = "containerManager.Processes"
 
 	// ContMgrRestore restores a container from a statefile.
 	ContMgrRestore = "containerManager.Restore"
 
-	// ContMgrResume unpauses the paused sandbox (note that individual containers
-	// cannot be resumed).
-	ContMgrResume = "containerManager.Resume"
-
 	// ContMgrSignal sends a signal to a container.
 	ContMgrSignal = "containerManager.Signal"
 
@@ -111,6 +103,12 @@ const (
 	LoggingChange = "Logging.Change"
 )
 
+// Lifecycle related commands (see lifecycle.go for more details).
+const (
+	LifecyclePause  = "Lifecycle.Pause"
+	LifecycleResume = "Lifecycle.Resume"
+)
+
 // ControlSocketAddr generates an abstract unix socket name for the given ID.
 func ControlSocketAddr(id string) string {
 	return fmt.Sprintf("\x00runsc-sandbox.%s", id)
@@ -152,6 +150,7 @@ func newController(fd int, l *Loader) (*controller, error) {
 
 	ctrl.srv.Register(&debug{})
 	ctrl.srv.Register(&control.Logging{})
+	ctrl.srv.Register(&control.Lifecycle{l.k})
 
 	if l.root.conf.ProfileEnable {
 		ctrl.srv.Register(control.NewProfile(l.k))
@@ -340,17 +339,6 @@ func (cm *containerManager) Checkpoint(o *control.SaveOpts, _ *struct{}) error {
 	return state.Save(o, nil)
 }
 
-// Pause suspends a sandbox.
-func (cm *containerManager) Pause(_, _ *struct{}) error {
-	log.Debugf("containerManager.Pause")
-	// TODO(gvisor.dev/issues/6243): save/restore not supported w/ hostinet
-	if cm.l.root.conf.Network == config.NetworkHost {
-		return errors.New("pause not supported when using hostinet")
-	}
-	cm.l.k.Pause()
-	return nil
-}
-
 // RestoreOpts contains options related to restoring a container's file system.
 type RestoreOpts struct {
 	// FilePayload contains the state file to be restored, followed by the
@@ -482,13 +470,6 @@ func (cm *containerManager) Restore(o *RestoreOpts, _ *struct{}) error {
 	return nil
 }
 
-// Resume unpauses a sandbox.
-func (cm *containerManager) Resume(_, _ *struct{}) error {
-	log.Debugf("containerManager.Resume")
-	cm.l.k.Unpause()
-	return nil
-}
-
 // Wait waits for the init process in the given container.
 func (cm *containerManager) Wait(cid *string, waitStatus *uint32) error {
 	log.Debugf("containerManager.Wait, cid: %s", *cid)
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index 5fb7dc834..822da8c5e 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -981,7 +981,7 @@ func (s *Sandbox) Pause(cid string) error {
 	}
 	defer conn.Close()
 
-	if err := conn.Call(boot.ContMgrPause, nil, nil); err != nil {
+	if err := conn.Call(boot.LifecyclePause, nil, nil); err != nil {
 		return fmt.Errorf("pausing container %q: %v", cid, err)
 	}
 	return nil
@@ -996,7 +996,7 @@ func (s *Sandbox) Resume(cid string) error {
 	}
 	defer conn.Close()
 
-	if err := conn.Call(boot.ContMgrResume, nil, nil); err != nil {
+	if err := conn.Call(boot.LifecycleResume, nil, nil); err != nil {
 		return fmt.Errorf("resuming container %q: %v", cid, err)
 	}
 	return nil
author	Chong Cai <chongc@google.com>	2021-08-03 13:46:38 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-08-03 13:49:26 -0700
commit	8caf231cb14128938a08208a0580e37e20be1fc1 (patch)
tree	55508c058624fa8dd1fbd84a38916c4897f3bba9
parent	15d1d9fdfd7ded74d747ab3b9a0fc75688dbd09d (diff)