summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/controller.go39
-rw-r--r--runsc/cmd/chroot.go25
-rw-r--r--runsc/cmd/debug.go8
-rw-r--r--runsc/cmd/gofer.go14
-rw-r--r--runsc/container/container.go6
-rw-r--r--runsc/container/container_test.go82
-rw-r--r--runsc/sandbox/sandbox.go22
7 files changed, 152 insertions, 44 deletions
diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go
index e5b0ec3ae..60b532798 100644
--- a/runsc/boot/controller.go
+++ b/runsc/boot/controller.go
@@ -57,20 +57,12 @@ const (
// ContMgrExecuteAsync executes a command in a container.
ContMgrExecuteAsync = "containerManager.ExecuteAsync"
- // ContMgrPause pauses the sandbox (note that individual containers cannot be
- // paused).
- ContMgrPause = "containerManager.Pause"
-
// ContMgrProcesses lists processes running in a container.
ContMgrProcesses = "containerManager.Processes"
// ContMgrRestore restores a container from a statefile.
ContMgrRestore = "containerManager.Restore"
- // ContMgrResume unpauses the paused sandbox (note that individual containers
- // cannot be resumed).
- ContMgrResume = "containerManager.Resume"
-
// ContMgrSignal sends a signal to a container.
ContMgrSignal = "containerManager.Signal"
@@ -111,6 +103,17 @@ const (
LoggingChange = "Logging.Change"
)
+// Lifecycle related commands (see lifecycle.go for more details).
+const (
+ LifecyclePause = "Lifecycle.Pause"
+ LifecycleResume = "Lifecycle.Resume"
+)
+
+// Filesystem related commands (see fs.go for more details).
+const (
+ FsCat = "Fs.Cat"
+)
+
// ControlSocketAddr generates an abstract unix socket name for the given ID.
func ControlSocketAddr(id string) string {
return fmt.Sprintf("\x00runsc-sandbox.%s", id)
@@ -152,6 +155,8 @@ func newController(fd int, l *Loader) (*controller, error) {
ctrl.srv.Register(&debug{})
ctrl.srv.Register(&control.Logging{})
+ ctrl.srv.Register(&control.Lifecycle{l.k})
+ ctrl.srv.Register(&control.Fs{l.k})
if l.root.conf.ProfileEnable {
ctrl.srv.Register(control.NewProfile(l.k))
@@ -340,17 +345,6 @@ func (cm *containerManager) Checkpoint(o *control.SaveOpts, _ *struct{}) error {
return state.Save(o, nil)
}
-// Pause suspends a sandbox.
-func (cm *containerManager) Pause(_, _ *struct{}) error {
- log.Debugf("containerManager.Pause")
- // TODO(gvisor.dev/issues/6243): save/restore not supported w/ hostinet
- if cm.l.root.conf.Network == config.NetworkHost {
- return errors.New("pause not supported when using hostinet")
- }
- cm.l.k.Pause()
- return nil
-}
-
// RestoreOpts contains options related to restoring a container's file system.
type RestoreOpts struct {
// FilePayload contains the state file to be restored, followed by the
@@ -482,13 +476,6 @@ func (cm *containerManager) Restore(o *RestoreOpts, _ *struct{}) error {
return nil
}
-// Resume unpauses a sandbox.
-func (cm *containerManager) Resume(_, _ *struct{}) error {
- log.Debugf("containerManager.Resume")
- cm.l.k.Unpause()
- return nil
-}
-
// Wait waits for the init process in the given container.
func (cm *containerManager) Wait(cid *string, waitStatus *uint32) error {
log.Debugf("containerManager.Wait, cid: %s", *cid)
diff --git a/runsc/cmd/chroot.go b/runsc/cmd/chroot.go
index 7b11b3367..1fe9c6435 100644
--- a/runsc/cmd/chroot.go
+++ b/runsc/cmd/chroot.go
@@ -59,6 +59,23 @@ func pivotRoot(root string) error {
return nil
}
+func copyFile(dst, src string) error {
+ in, err := os.Open(src)
+ if err != nil {
+ return err
+ }
+ defer in.Close()
+
+ out, err := os.Create(dst)
+ if err != nil {
+ return err
+ }
+ defer out.Close()
+
+ _, err = out.ReadFrom(in)
+ return err
+}
+
// setUpChroot creates an empty directory with runsc mounted at /runsc and proc
// mounted at /proc.
func setUpChroot(pidns bool) error {
@@ -78,6 +95,14 @@ func setUpChroot(pidns bool) error {
return fmt.Errorf("error mounting tmpfs in choot: %v", err)
}
+ if err := os.Mkdir(filepath.Join(chroot, "etc"), 0755); err != nil {
+ return fmt.Errorf("error creating /etc in chroot: %v", err)
+ }
+
+ if err := copyFile(filepath.Join(chroot, "etc/localtime"), "/etc/localtime"); err != nil {
+ log.Warningf("Failed to copy /etc/localtime: %v. UTC timezone will be used.", err)
+ }
+
if pidns {
flags := uint32(unix.MS_NOSUID | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_RDONLY)
if err := mountInChroot(chroot, "proc", "/proc", "proc", flags); err != nil {
diff --git a/runsc/cmd/debug.go b/runsc/cmd/debug.go
index da81cf048..f773ccca0 100644
--- a/runsc/cmd/debug.go
+++ b/runsc/cmd/debug.go
@@ -48,6 +48,7 @@ type Debug struct {
delay time.Duration
duration time.Duration
ps bool
+ cat stringSlice
}
// Name implements subcommands.Command.
@@ -81,6 +82,7 @@ func (d *Debug) SetFlags(f *flag.FlagSet) {
f.StringVar(&d.logLevel, "log-level", "", "The log level to set: warning (0), info (1), or debug (2).")
f.StringVar(&d.logPackets, "log-packets", "", "A boolean value to enable or disable packet logging: true or false.")
f.BoolVar(&d.ps, "ps", false, "lists processes")
+ f.Var(&d.cat, "cat", "reads files and print to standard output")
}
// Execute implements subcommands.Command.Execute.
@@ -367,5 +369,11 @@ func (d *Debug) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
return subcommands.ExitFailure
}
+ if d.cat != nil {
+ if err := c.Cat(d.cat, os.Stdout); err != nil {
+ return Errorf("Cat failed: %v", err)
+ }
+ }
+
return subcommands.ExitSuccess
}
diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index 20e05f141..2193e9040 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -285,16 +285,22 @@ func setupRootFS(spec *specs.Spec, conf *config.Config) error {
// Prepare tree structure for pivot_root(2).
if err := os.Mkdir("/proc/proc", 0755); err != nil {
- Fatalf("%v", err)
+ Fatalf("error creating /proc/proc: %v", err)
}
if err := os.Mkdir("/proc/root", 0755); err != nil {
- Fatalf("%v", err)
+ Fatalf("error creating /proc/root: %v", err)
+ }
+ if err := os.Mkdir("/proc/etc", 0755); err != nil {
+ Fatalf("error creating /proc/etc: %v", err)
}
// This cannot use SafeMount because there's no available procfs. But we
// know that /proc is an empty tmpfs mount, so this is safe.
if err := unix.Mount("runsc-proc", "/proc/proc", "proc", flags|unix.MS_RDONLY, ""); err != nil {
Fatalf("error mounting proc: %v", err)
}
+ if err := copyFile("/proc/etc/localtime", "/etc/localtime"); err != nil {
+ log.Warningf("Failed to copy /etc/localtime: %v. UTC timezone will be used.", err)
+ }
root = "/proc/root"
procPath = "/proc/proc"
}
@@ -409,7 +415,7 @@ func resolveMounts(conf *config.Config, mounts []specs.Mount, root string) ([]sp
panic(fmt.Sprintf("%q could not be made relative to %q: %v", dst, root, err))
}
- opts, err := adjustMountOptions(filepath.Join(root, relDst), m.Options)
+ opts, err := adjustMountOptions(conf, filepath.Join(root, relDst), m.Options)
if err != nil {
return nil, err
}
@@ -475,7 +481,7 @@ func resolveSymlinksImpl(root, base, rel string, followCount uint) (string, erro
}
// adjustMountOptions adds 'overlayfs_stale_read' if mounting over overlayfs.
-func adjustMountOptions(path string, opts []string) ([]string, error) {
+func adjustMountOptions(conf *config.Config, path string, opts []string) ([]string, error) {
rv := make([]string, len(opts))
copy(rv, opts)
diff --git a/runsc/container/container.go b/runsc/container/container.go
index 6a9a07afe..d1f979eb2 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -646,6 +646,12 @@ func (c *Container) Resume() error {
return c.saveLocked()
}
+// Cat prints out the content of the files.
+func (c *Container) Cat(files []string, out *os.File) error {
+ log.Debugf("Cat in container, cid: %s, files: %+v", c.ID, files)
+ return c.Sandbox.Cat(c.ID, files, out)
+}
+
// State returns the metadata of the container.
func (c *Container) State() specs.State {
return specs.State{
diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go
index 5fb4a3672..960c36946 100644
--- a/runsc/container/container_test.go
+++ b/runsc/container/container_test.go
@@ -442,6 +442,11 @@ func configs(t *testing.T, opts ...configOption) map[string]*config.Config {
return all
}
+// sleepSpec generates a spec with sleep 1000 and a conf.
+func sleepSpecConf(t *testing.T) (*specs.Spec, *config.Config) {
+ return testutil.NewSpecWithArgs("sleep", "1000"), testutil.TestConfig(t)
+}
+
// TestLifecycle tests the basic Create/Start/Signal/Destroy container lifecycle.
// It verifies after each step that the container can be loaded from disk, and
// has the correct status.
@@ -455,7 +460,7 @@ func TestLifecycle(t *testing.T) {
t.Run(name, func(t *testing.T) {
// The container will just sleep for a long time. We will kill it before
// it finishes sleeping.
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, _ := sleepSpecConf(t)
rootDir, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
if err != nil {
@@ -903,7 +908,7 @@ func TestExecProcList(t *testing.T) {
for name, conf := range configs(t, all...) {
t.Run(name, func(t *testing.T) {
const uid = 343
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, _ := sleepSpecConf(t)
_, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
if err != nil {
@@ -1422,8 +1427,7 @@ func TestPauseResume(t *testing.T) {
// with calls to pause and resume and that pausing and resuming only
// occurs given the correct state.
func TestPauseResumeStatus(t *testing.T) {
- spec := testutil.NewSpecWithArgs("sleep", "20")
- conf := testutil.TestConfig(t)
+ spec, conf := sleepSpecConf(t)
_, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
if err != nil {
t.Fatalf("error setting up container: %v", err)
@@ -1490,7 +1494,7 @@ func TestCapabilities(t *testing.T) {
for name, conf := range configs(t, all...) {
t.Run(name, func(t *testing.T) {
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, _ := sleepSpecConf(t)
rootDir, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
if err != nil {
t.Fatalf("error setting up container: %v", err)
@@ -1640,7 +1644,7 @@ func TestMountNewDir(t *testing.T) {
func TestReadonlyRoot(t *testing.T) {
for name, conf := range configs(t, all...) {
t.Run(name, func(t *testing.T) {
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, _ := sleepSpecConf(t)
spec.Root.Readonly = true
_, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
@@ -1692,7 +1696,7 @@ func TestReadonlyMount(t *testing.T) {
if err != nil {
t.Fatalf("ioutil.TempDir() failed: %v", err)
}
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, _ := sleepSpecConf(t)
spec.Mounts = append(spec.Mounts, specs.Mount{
Destination: dir,
Source: dir,
@@ -1852,7 +1856,7 @@ func doAbbreviatedIDsTest(t *testing.T, vfs2 bool) {
"baz-" + testutil.RandomContainerID(),
}
for _, cid := range cids {
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, _ := sleepSpecConf(t)
bundleDir, cleanup, err := testutil.SetupBundleDir(spec)
if err != nil {
t.Fatalf("error setting up container: %v", err)
@@ -2229,7 +2233,7 @@ func TestMountPropagation(t *testing.T) {
t.Fatalf("mount(%q, MS_SHARED): %v", srcMnt, err)
}
- spec := testutil.NewSpecWithArgs("sleep", "1000")
+ spec, conf := sleepSpecConf(t)
priv := filepath.Join(tmpDir, "priv")
slave := filepath.Join(tmpDir, "slave")
@@ -2248,7 +2252,6 @@ func TestMountPropagation(t *testing.T) {
},
}
- conf := testutil.TestConfig(t)
_, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
if err != nil {
t.Fatalf("error setting up container: %v", err)
@@ -2563,12 +2566,11 @@ func TestRlimits(t *testing.T) {
// TestRlimitsExec sets limit to number of open files and checks that the limit
// is propagated to exec'd processes.
func TestRlimitsExec(t *testing.T) {
- spec := testutil.NewSpecWithArgs("sleep", "100")
+ spec, conf := sleepSpecConf(t)
spec.Process.Rlimits = []specs.POSIXRlimit{
{Type: "RLIMIT_NOFILE", Hard: 1000, Soft: 100},
}
- conf := testutil.TestConfig(t)
_, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
if err != nil {
t.Fatalf("error setting up container: %v", err)
@@ -2597,3 +2599,59 @@ func TestRlimitsExec(t *testing.T) {
t.Errorf("ulimit result, got: %q, want: %q", got, want)
}
}
+
+// TestCat creates a file and checks that cat generates the expected output.
+func TestCat(t *testing.T) {
+ f, err := ioutil.TempFile(testutil.TmpDir(), "test-case")
+ if err != nil {
+ t.Fatalf("ioutil.TempFile failed: %v", err)
+ }
+ defer os.RemoveAll(f.Name())
+
+ content := "test-cat"
+ if _, err := f.WriteString(content); err != nil {
+ t.Fatalf("f.WriteString(): %v", err)
+ }
+ f.Close()
+
+ spec, conf := sleepSpecConf(t)
+
+ _, bundleDir, cleanup, err := testutil.SetupContainer(spec, conf)
+ if err != nil {
+ t.Fatalf("error setting up container: %v", err)
+ }
+ defer cleanup()
+
+ args := Args{
+ ID: testutil.RandomContainerID(),
+ Spec: spec,
+ BundleDir: bundleDir,
+ }
+
+ cont, err := New(conf, args)
+ if err != nil {
+ t.Fatalf("Creating container: %v", err)
+ }
+ defer cont.Destroy()
+
+ if err := cont.Start(conf); err != nil {
+ t.Fatalf("starting container: %v", err)
+ }
+
+ r, w, err := os.Pipe()
+ if err != nil {
+ t.Fatalf("os.Create(): %v", err)
+ }
+
+ if err := cont.Cat([]string{f.Name()}, w); err != nil {
+ t.Fatalf("error cat from container: %v", err)
+ }
+
+ buf := make([]byte, 1024)
+ if _, err := r.Read(buf); err != nil {
+ t.Fatalf("Read out: %v", err)
+ }
+ if got, want := string(buf), content; !strings.Contains(got, want) {
+ t.Errorf("out got %s, want include %s", buf, want)
+ }
+}
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index 5fb7dc834..b15572a98 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -981,7 +981,7 @@ func (s *Sandbox) Pause(cid string) error {
}
defer conn.Close()
- if err := conn.Call(boot.ContMgrPause, nil, nil); err != nil {
+ if err := conn.Call(boot.LifecyclePause, nil, nil); err != nil {
return fmt.Errorf("pausing container %q: %v", cid, err)
}
return nil
@@ -996,12 +996,30 @@ func (s *Sandbox) Resume(cid string) error {
}
defer conn.Close()
- if err := conn.Call(boot.ContMgrResume, nil, nil); err != nil {
+ if err := conn.Call(boot.LifecycleResume, nil, nil); err != nil {
return fmt.Errorf("resuming container %q: %v", cid, err)
}
return nil
}
+// Cat sends the cat call for a container in the sandbox.
+func (s *Sandbox) Cat(cid string, files []string, out *os.File) error {
+ log.Debugf("Cat sandbox %q", s.ID)
+ conn, err := s.sandboxConnect()
+ if err != nil {
+ return err
+ }
+ defer conn.Close()
+
+ if err := conn.Call(boot.FsCat, &control.CatOpts{
+ Files: files,
+ FilePayload: urpc.FilePayload{Files: []*os.File{out}},
+ }, nil); err != nil {
+ return fmt.Errorf("Cat container %q: %v", cid, err)
+ }
+ return nil
+}
+
// IsRunning returns true if the sandbox or gofer process is running.
func (s *Sandbox) IsRunning() bool {
if s.Pid != 0 {
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 11:43:27 +0000