Introduce seccomp feature for libcontainer with musl

[krisnova]

This is a better PR than #1472

This pull request introduces the following Cargo feature to libcontainer:

[features]
default = ["systemd", "v2", "v1", "libseccomp"]
libseccomp = ["dep:libseccomp"]

And turns on libseccomp dependency by default.

For situations such as building with musl we can remove libseccomp dependeny and log a warn!() during privileged operations where seccomp is not available.

We can address the seccomp dependency with musl libc in a follow up pull request, I do not believe that warn!() is secure, however that can be an additional feature.

Signed-off-by: Kris Nóva kris@nivenly.com

[YJDoc2]

Hey @krisnova can I ask you to add tests for this similar to others in https://github.com/containers/youki/blob/main/scripts/features_test.sh ?

[codecov-commenter]

Codecov Report

Merging #1484 (0b08bf0) into main (3f3c052) will decrease coverage by 0.11%.
The diff coverage is 0.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1484      +/-   ##
==========================================
- Coverage   68.78%   68.68%   -0.11%     
==========================================
  Files         120      120              
  Lines       13082    13101      +19     
==========================================
- Hits         8999     8998       -1     
- Misses       4083     4103      +20     

[krisnova]

can I ask you to add tests for this similar to others in

Hey @YJDoc2! Yes I will add tests. Give me some time to send a follow up commit. Thank you.

[krisnova]

I have pushed more commits, can we please check this approach?

[utam0k]

I left one nit comment, but the code itself looks good to me.

[krisnova]

Yes I will update shortly with the requested changes. Please give me some time to send updated changes from your requests.

For further validation I am able to compile Aurae runtime project with this branch and create a single static binary with musl which can be used to run aurae/youki recursively inside of itself. https://github.com/aurae-runtime/aurae/blob/pod-impl/auraed/Cargo.toml#L56

libcontainer = { git = "https://github.com/krisnova/youki", branch = "musl-libcontainer", features = ["v2"], default-features = false }

[utam0k]

@krisnova May ask you to add your signature to each commit and rebase from the main branch?

[yihuaf]

Fixes #382

[yihuaf]

I would like to see this merged. @krisnova May I have your permission to pick this PR up and continue the work to make sure this gets merged soon?

[krisnova]

Hey @yihuaf its all yours! Please make any changes you see best fit and lets get it merged.