From 0c1d5e351fe6934562253d2e4aff30a6eeeef7da Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Tue, 22 Oct 2024 21:29:21 +0900 Subject: [PATCH 1/7] Add unittest to expertiment seccomp programs (#2956) * add test code Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> * separate unittest code by arch Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> * rm blank line Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --------- Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- experiment/seccomp/src/instruction/arch.rs | 21 +++++++++ experiment/seccomp/src/instruction/consts.rs | 2 +- experiment/seccomp/src/seccomp.rs | 46 ++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) diff --git a/experiment/seccomp/src/instruction/arch.rs b/experiment/seccomp/src/instruction/arch.rs index 2883f5daa..f19d56499 100644 --- a/experiment/seccomp/src/instruction/arch.rs +++ b/experiment/seccomp/src/instruction/arch.rs @@ -18,3 +18,24 @@ pub fn gen_validate(arc: &Arch) -> Vec { Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS), ] } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_gen_validate_x86() { + let bpf_prog = gen_validate(&Arch::X86); + assert_eq!(bpf_prog[0], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, seccomp_data_arch_offset() as u32)); + assert_eq!(bpf_prog[1], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 1, 0, AUDIT_ARCH_X86_64)); + assert_eq!(bpf_prog[2], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } + + #[test] + fn test_gen_validate_aarch64() { + let bpf_prog = gen_validate(&Arch::AArch64); + assert_eq!(bpf_prog[0], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, seccomp_data_arch_offset() as u32)); + assert_eq!(bpf_prog[1], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 1, 0, AUDIT_ARCH_AARCH64)); + assert_eq!(bpf_prog[2], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } +} \ No newline at end of file diff --git a/experiment/seccomp/src/instruction/consts.rs b/experiment/seccomp/src/instruction/consts.rs index 4bd199363..da37651f2 100644 --- a/experiment/seccomp/src/instruction/consts.rs +++ b/experiment/seccomp/src/instruction/consts.rs @@ -95,7 +95,7 @@ mod tests { #[test] fn test_seccomp_data_arg_size_offset() { if cfg!(target_arch = "x86_64") { - assert_eq!(seccomp_data_arg_size_offset(), 8); + assert_eq!(seccomp_data_arg_size(), 8); } } diff --git a/experiment/seccomp/src/seccomp.rs b/experiment/seccomp/src/seccomp.rs index f5a83cf45..0ac2a871b 100644 --- a/experiment/seccomp/src/seccomp.rs +++ b/experiment/seccomp/src/seccomp.rs @@ -274,3 +274,49 @@ impl Rule { bpf_prog } } + +#[cfg(test)] +mod tests { + use syscalls::syscall_args; + use super::*; + + #[test] + fn test_get_syscall_number_x86() { + let sys_num = get_syscall_number(&Arch::X86, "read"); + assert_eq!(sys_num.unwrap(), 0); + } + + #[test] + fn test_get_syscall_number_aarch64() { + let sys_num = get_syscall_number(&Arch::AArch64, "read"); + assert_eq!(sys_num.unwrap(), 63); + } + + #[test] + fn test_to_instruction_x86() { + let rule = Rule::new("getcwd".parse().unwrap(), 0, syscall_args!(), false); + let inst = Rule::to_instruction(&Arch::X86, SECCOMP_RET_KILL_PROCESS, &rule); + let bpf_prog = gen_validate(&Arch::X86); + assert_eq!(inst[0], bpf_prog[0]); + assert_eq!(inst[1], bpf_prog[1]); + assert_eq!(inst[2], bpf_prog[2]); + assert_eq!(inst[3], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, 0)); + assert_eq!(inst[4], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 0, 1, + get_syscall_number(&Arch::X86, "getcwd").unwrap() as c_uint)); + assert_eq!(inst[5], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } + + #[test] + fn test_to_instruction_aarch64() { + let rule = Rule::new("getcwd".parse().unwrap(), 0, syscall_args!(), false); + let inst = Rule::to_instruction(&Arch::AArch64, SECCOMP_RET_KILL_PROCESS, &rule); + let bpf_prog = gen_validate(&Arch::AArch64); + assert_eq!(inst[0], bpf_prog[0]); + assert_eq!(inst[1], bpf_prog[1]); + assert_eq!(inst[2], bpf_prog[2]); + assert_eq!(inst[3], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, 0)); + assert_eq!(inst[4], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 0, 1, + get_syscall_number(&Arch::AArch64, "getcwd").unwrap() as c_uint)); + assert_eq!(inst[5], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } +} \ No newline at end of file From e6093bf46d4be77c3511d5a656f097ea3dbbb82c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 00:29:50 +0000 Subject: [PATCH 2/7] Bump the patch group with 3 updates Bumps the patch group with 3 updates: [serde](https://github.com/serde-rs/serde), [thiserror](https://github.com/dtolnay/thiserror) and [anyhow](https://github.com/dtolnay/anyhow). Updates `serde` from 1.0.210 to 1.0.213 - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.210...v1.0.213) Updates `thiserror` from 1.0.64 to 1.0.65 - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.64...1.0.65) Updates `anyhow` from 1.0.90 to 1.0.91 - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.90...1.0.91) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 80 ++++++++++++------------- crates/libcgroups/Cargo.toml | 2 +- crates/libcontainer/Cargo.toml | 2 +- crates/youki/Cargo.toml | 4 +- tests/contest/test_framework/Cargo.toml | 2 +- 5 files changed, 45 insertions(+), 45 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2565100d5..93b9f30ca 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -141,9 +141,9 @@ checksum = "70033777eb8b5124a81a1889416543dddef2de240019b674c81285a2635a7e1e" [[package]] name = "anyhow" -version = "1.0.90" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37bf3594c4c988a53154954629820791dde498571819ae4ca50ca811e060cc95" +checksum = "c042108f3ed77fd83760a5fd79b53be043192bb3b9dba91d8c574c0ada7850c8" [[package]] name = "arbitrary" @@ -165,7 +165,7 @@ checksum = "a507401cad91ec6a857ed5513a2073c82a9b9048762b885bb98655b306964681" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -256,7 +256,7 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -512,7 +512,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -970,7 +970,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.10.0", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -992,7 +992,7 @@ checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f" dependencies = [ "darling_core 0.20.8", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1076,7 +1076,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1096,7 +1096,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4abae7035bf79b9877b779505d8cf3749285b80c43941eda66604841889451dc" dependencies = [ "derive_builder_core 0.20.1", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1221,7 +1221,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1465,7 +1465,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2274,7 +2274,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2494,7 +2494,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2630,7 +2630,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2659,7 +2659,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2813,9 +2813,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" dependencies = [ "unicode-ident", ] @@ -3467,9 +3467,9 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.210" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" +checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1" dependencies = [ "serde_derive", ] @@ -3497,13 +3497,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.210" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" +checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -3586,7 +3586,7 @@ checksum = "82fe9db325bcef1fbcde82e078a5cc4efdf787e96b3b9cf45b50b529f2083d67" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -3843,7 +3843,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -3859,9 +3859,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.58" +version = "2.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" +checksum = "83540f837a8afc019423a8edb95b52a8effe46957ee402287f4292fae35be021" dependencies = [ "proc-macro2", "quote", @@ -4000,22 +4000,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.64" +version = "1.0.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" +checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.64" +version = "1.0.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" +checksum = "ae71770322cbd277e69d762a16c444af02aa0575ac0d174f0b9562d3b37f8602" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -4141,7 +4141,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -4263,7 +4263,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -4798,7 +4798,7 @@ checksum = "dbe80d95a88e9ac87b6aaf7bc9acd1fdfcd92045db2bf41a2262f623e2406a92" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -5219,7 +5219,7 @@ dependencies = [ "anyhow", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", "wasmtime-component-util", "wasmtime-wit-bindgen", "wit-parser", @@ -5350,7 +5350,7 @@ checksum = "09b5575a75e711ca6c36bb9ad647c93541cdc8e34218031acba5da3f35919dd3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -5361,7 +5361,7 @@ checksum = "a4b0c1f76891f778db9602ee3fbb4eb7e9a3f511847d1fb1b69eddbcea28303c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -5528,7 +5528,7 @@ dependencies = [ "proc-macro2", "quote", "shellexpand", - "syn 2.0.58", + "syn 2.0.82", "witx", ] @@ -5540,7 +5540,7 @@ checksum = "6e1c266e16c4b24a29e055ec651e27fce1389c886bb00fbe78b8924a253a439b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", "wiggle-generate", ] @@ -5943,7 +5943,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml index e316afe80..7a38fa3ef 100644 --- a/crates/libcgroups/Cargo.toml +++ b/crates/libcgroups/Cargo.toml @@ -29,7 +29,7 @@ rbpf = { version = "0.3.0", optional = true } libbpf-sys = { version = "1.4.5", optional = true } errno = { version = "0.3.9", optional = true } libc = { version = "0.2.161", optional = true } -thiserror = "1.0.64" +thiserror = "1.0.65" tracing = { version = "0.1.40", features = ["attributes"] } [dev-dependencies] diff --git a/crates/libcontainer/Cargo.toml b/crates/libcontainer/Cargo.toml index 994dffdda..7093f627b 100644 --- a/crates/libcontainer/Cargo.toml +++ b/crates/libcontainer/Cargo.toml @@ -47,7 +47,7 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" rust-criu = "0.4.0" regex = { version = "1.10.6", default-features = false, features = ["std", "unicode-perl"] } -thiserror = "1.0.64" +thiserror = "1.0.65" tracing = { version = "0.1.40", features = ["attributes"] } safe-path = "0.1.0" nc = "0.9.5" diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index 70f26d9cd..f9d467d5d 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -28,7 +28,7 @@ default-features = false features = ["std", "suggestions", "derive", "cargo", "help", "usage", "error-context"] [dependencies] -anyhow = "1.0.90" +anyhow = "1.0.91" chrono = { version = "0.4", default-features = false, features = ["clock", "serde"] } libcgroups = { path = "../libcgroups", default-features = false, version = "0.4.1" } # MARK: Version libcontainer = { path = "../libcontainer", default-features = false, version = "0.4.1" } # MARK: Version @@ -55,5 +55,5 @@ tempfile = "3" scopeguard = "1.2.0" [build-dependencies] -anyhow = "1.0.90" +anyhow = "1.0.91" vergen-gitcl = { version = "1.0.1", features = ["build"] } diff --git a/tests/contest/test_framework/Cargo.toml b/tests/contest/test_framework/Cargo.toml index 926f4323a..cd337b863 100644 --- a/tests/contest/test_framework/Cargo.toml +++ b/tests/contest/test_framework/Cargo.toml @@ -6,5 +6,5 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -anyhow = "1.0.90" +anyhow = "1.0.91" crossbeam = "0.8.4" From eee6c3197a8d3c2e35fedf3db64c9e047f4773df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 00:52:35 +0000 Subject: [PATCH 3/7] Bump wasmtime from 25.0.2 to 26.0.0 Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 25.0.2 to 26.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/contributing-release-process.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v25.0.2...v26.0.0) --- updated-dependencies: - dependency-name: wasmtime dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Cargo.lock | 392 ++++++++++++++++++++++++++++------------ crates/youki/Cargo.toml | 2 +- 2 files changed, 274 insertions(+), 120 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 93b9f30ca..51c4ab67c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,11 +13,11 @@ dependencies = [ [[package]] name = "addr2line" -version = "0.22.0" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" +checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" dependencies = [ - "gimli 0.29.0", + "gimli 0.31.1", ] [[package]] @@ -650,11 +650,11 @@ dependencies = [ [[package]] name = "cranelift-bforest" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b765ed4349e66bedd9b88c7691da42e24c7f62067a6be17ddffa949367b6e17" +checksum = "8ea5e7afe85cadb55c4c1176268a2ac046fdff8dfaeca39e18581b9dc319ca9e" dependencies = [ - "cranelift-entity 0.112.2", + "cranelift-entity 0.113.0", ] [[package]] @@ -667,6 +667,16 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "cranelift-bitset" +version = "0.113.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ab25ef3be935a80680e393183e1f94ef507e93a24a8369494d2c6818aedb3e3" +dependencies = [ + "serde", + "serde_derive", +] + [[package]] name = "cranelift-codegen" version = "0.91.1" @@ -690,19 +700,19 @@ dependencies = [ [[package]] name = "cranelift-codegen" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "351824439e59d42f0e4fa5aac1d13deded155120043565769e55cd4ad3ca8ed9" +checksum = "900a19b84545924f1851cbfe386962edfc4ecbc3366a254825cf1ecbcda8ba08" dependencies = [ "bumpalo", - "cranelift-bforest 0.112.2", - "cranelift-bitset", - "cranelift-codegen-meta 0.112.2", - "cranelift-codegen-shared 0.112.2", + "cranelift-bforest 0.113.0", + "cranelift-bitset 0.113.0", + "cranelift-codegen-meta 0.113.0", + "cranelift-codegen-shared 0.113.0", "cranelift-control", - "cranelift-entity 0.112.2", - "cranelift-isle 0.112.2", - "gimli 0.29.0", + "cranelift-entity 0.113.0", + "cranelift-isle 0.113.0", + "gimli 0.31.1", "hashbrown 0.14.3", "log", "regalloc2 0.10.2", @@ -722,11 +732,11 @@ dependencies = [ [[package]] name = "cranelift-codegen-meta" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a0ce0273d7a493ef8f31f606849a4e931c19187a4923f5f87fc1f2b13109981" +checksum = "08c73b2395ffe9e7b4fdf7e2ebc052e7e27af13f68a964985346be4da477a5fc" dependencies = [ - "cranelift-codegen-shared 0.112.2", + "cranelift-codegen-shared 0.113.0", ] [[package]] @@ -737,15 +747,15 @@ checksum = "278e52e29c53fcf32431ef08406c295699a70306d05a0715c5b1bf50e33a9ab7" [[package]] name = "cranelift-codegen-shared" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f72016ac35579051913f4f07f6b36c509ed69412d852fd44c8e1d7b7fa6d92a" +checksum = "7d9ed0854e96a4ff0879bff39d078de8dea7f002721c9494c1fdb4e1baa86ccc" [[package]] name = "cranelift-control" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db28951d21512c4fd0554ef179bfb11e4eb6815062957a9173824eee5de0c46c" +checksum = "b4aca921dd422e781409de0129c255768fec5dec1dae83239b497fb9138abb89" dependencies = [ "arbitrary", ] @@ -776,7 +786,18 @@ version = "0.112.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14ebe592a2f81af9237cf9be29dd3854ecb72108cfffa59e85ef12389bf939e3" dependencies = [ - "cranelift-bitset", + "cranelift-bitset 0.112.2", + "serde", + "serde_derive", +] + +[[package]] +name = "cranelift-entity" +version = "0.113.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2d770e6605eccee15b49decdd82cd26f2b6404767802471459ea49c57379a98" +dependencies = [ + "cranelift-bitset 0.113.0", "serde", "serde_derive", ] @@ -795,11 +816,11 @@ dependencies = [ [[package]] name = "cranelift-frontend" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4437db9d60c7053ac91ded0802740c2ccf123ee6d6898dd906c34f8c530cd119" +checksum = "29268711cb889cb39215b10faf88b9087d4c9e1d2633581e4f722a2bf4bb4ef9" dependencies = [ - "cranelift-codegen 0.112.2", + "cranelift-codegen 0.113.0", "log", "smallvec", "target-lexicon", @@ -813,37 +834,21 @@ checksum = "393bc73c451830ff8dbb3a07f61843d6cb41a084f9996319917c0b291ed785bb" [[package]] name = "cranelift-isle" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "230cb33572b9926e210f2ca28145f2bc87f389e1456560932168e2591feb65c1" +checksum = "dc65156f010aed1985767ad1bff0eb8d186743b7b03e23d0c17604a253e3f356" [[package]] name = "cranelift-native" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "364524ac7aef7070b1141478724abebeec297d4ea1e87ad8b8986465e91146d9" +checksum = "d8bf9b361eaf5a7627647270fabf1dc910d993edbeaf272a652c107861ebe9c2" dependencies = [ - "cranelift-codegen 0.112.2", + "cranelift-codegen 0.113.0", "libc", "target-lexicon", ] -[[package]] -name = "cranelift-wasm" -version = "0.112.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0572cbd9d136a62c0f39837b6bce3b0978b96b8586794042bec0c214668fd6f5" -dependencies = [ - "cranelift-codegen 0.112.2", - "cranelift-entity 0.112.2", - "cranelift-frontend 0.112.2", - "itertools", - "log", - "smallvec", - "wasmparser 0.217.0", - "wasmtime-types", -] - [[package]] name = "crc32fast" version = "1.4.0" @@ -1577,6 +1582,12 @@ name = "gimli" version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" + +[[package]] +name = "gimli" +version = "0.31.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" dependencies = [ "fallible-iterator 0.3.0", "indexmap 2.2.6", @@ -2937,6 +2948,17 @@ dependencies = [ "unicase", ] +[[package]] +name = "pulley-interpreter" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d68c610ff29655a42eeef41a5b5346e714586971a7d927739477e552fe7e23e3" +dependencies = [ + "cranelift-bitset 0.113.0", + "log", + "sptr", +] + [[package]] name = "quickcheck" version = "1.0.3" @@ -4683,7 +4705,7 @@ dependencies = [ "system-interface", "thiserror", "tracing", - "wasmtime", + "wasmtime 25.0.2", "wiggle", "windows-sys 0.52.0", ] @@ -4779,13 +4801,23 @@ checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" [[package]] name = "wasm-encoder" -version = "0.217.0" +version = "0.218.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b88b0814c9a2b323a9b46c687e726996c255ac8b64aa237dd11c81ed4854760" +checksum = "22b896fa8ceb71091ace9bcb81e853f54043183a1c9667cf93422c40252ffa0a" dependencies = [ "leb128", ] +[[package]] +name = "wasm-encoder" +version = "0.219.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29cbbd772edcb8e7d524a82ee8cef8dd046fc14033796a754c3ad246d019fa54" +dependencies = [ + "leb128", + "wasmparser 0.219.1", +] + [[package]] name = "wasm-sample" version = "0.1.0" @@ -5105,15 +5137,39 @@ dependencies = [ "serde", ] +[[package]] +name = "wasmparser" +version = "0.218.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b09e46c7fceceaa72b2dd1a8a137ea7fd8f93dfaa69806010a709918e496c5dc" +dependencies = [ + "ahash 0.8.11", + "bitflags 2.6.0", + "hashbrown 0.14.3", + "indexmap 2.2.6", + "semver 1.0.22", + "serde", +] + +[[package]] +name = "wasmparser" +version = "0.219.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c771866898879073c53b565a6c7b49953795159836714ac56a5befb581227c5" +dependencies = [ + "bitflags 2.6.0", + "indexmap 2.2.6", +] + [[package]] name = "wasmprinter" -version = "0.217.0" +version = "0.218.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50dc568b3e0d47e8f96ea547c90790cfa783f0205160c40de894a427114185ce" +checksum = "0ace089155491837b75f474bf47c99073246d1b737393fe722d6dee311595ddc" dependencies = [ "anyhow", "termcolor", - "wasmparser 0.217.0", + "wasmparser 0.218.0", ] [[package]] @@ -5122,7 +5178,45 @@ version = "25.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef01f9cb9636ed42a7ec5a09d785c0643590199dc7372dc22c7e2ba7a31a97d4" dependencies = [ - "addr2line 0.22.0", + "anyhow", + "bitflags 2.6.0", + "bumpalo", + "cc", + "cfg-if", + "hashbrown 0.14.3", + "indexmap 2.2.6", + "libc", + "libm", + "log", + "mach2", + "memfd", + "object 0.36.0", + "once_cell", + "paste", + "postcard", + "psm", + "rustix", + "serde", + "serde_derive", + "smallvec", + "sptr", + "target-lexicon", + "wasmparser 0.217.0", + "wasmtime-asm-macros 25.0.2", + "wasmtime-environ 25.0.2", + "wasmtime-jit-icache-coherence 25.0.2", + "wasmtime-slab 25.0.2", + "wasmtime-versioned-export-macros 25.0.2", + "windows-sys 0.52.0", +] + +[[package]] +name = "wasmtime" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ffa3230b9ba1ab6568d116df21bf4ca55ed2bfac87723d910471d30d9656ea1" +dependencies = [ + "addr2line 0.24.2", "anyhow", "async-trait", "bitflags 2.6.0", @@ -5131,7 +5225,7 @@ dependencies = [ "cfg-if", "encoding_rs", "fxprof-processed-profile", - "gimli 0.29.0", + "gimli 0.31.1", "hashbrown 0.14.3", "indexmap 2.2.6", "ittapi", @@ -5145,6 +5239,7 @@ dependencies = [ "paste", "postcard", "psm", + "pulley-interpreter", "rayon", "rustix", "semver 1.0.22", @@ -5154,22 +5249,22 @@ dependencies = [ "smallvec", "sptr", "target-lexicon", - "wasm-encoder", - "wasmparser 0.217.0", - "wasmtime-asm-macros 25.0.2", + "wasm-encoder 0.218.0", + "wasmparser 0.218.0", + "wasmtime-asm-macros 26.0.0", "wasmtime-cache", "wasmtime-component-macro", "wasmtime-component-util", "wasmtime-cranelift", - "wasmtime-environ", + "wasmtime-environ 26.0.0", "wasmtime-fiber", "wasmtime-jit-debug", - "wasmtime-jit-icache-coherence", - "wasmtime-slab", - "wasmtime-versioned-export-macros 25.0.2", + "wasmtime-jit-icache-coherence 26.0.0", + "wasmtime-slab 26.0.0", + "wasmtime-versioned-export-macros 26.0.0", "wasmtime-winch", "wat", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -5190,11 +5285,20 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "wasmtime-asm-macros" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef15fad08bbaa0e5c5539b76fa5965ca25e24f17a584f83a40b43ba9a2b36f44" +dependencies = [ + "cfg-if", +] + [[package]] name = "wasmtime-cache" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "272d5939e989c5b54e3fa83ef420e4a6dba3995c3065626066428b2f73ad1e06" +checksum = "da608e953b6ec54afe99dd0b5cdfefff220acb8378dbd72bf846c3745e2f20ed" dependencies = [ "anyhow", "base64", @@ -5206,15 +5310,15 @@ dependencies = [ "serde_derive", "sha2", "toml 0.8.12", - "windows-sys 0.52.0", + "windows-sys 0.59.0", "zstd", ] [[package]] name = "wasmtime-component-macro" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26593c4b18c76ca3c3fbdd813d6692256537b639b851d8a6fe827e3d6966fc01" +checksum = "23fb4e179f424260d0739c09d3bc83d34347a55d291d10dcb5244686a75c7733" dependencies = [ "anyhow", "proc-macro2", @@ -5227,33 +5331,33 @@ dependencies = [ [[package]] name = "wasmtime-component-util" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2ed562fbb0cbed20a56c369c8de146c1de06a48c19e26ed9aa45f073514ee60" +checksum = "cfe3c27d64af5f584014db9381c081223d27a57e1dce2f6280bbafea37575619" [[package]] name = "wasmtime-cranelift" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f389b789cbcb53a8499131182135dea21d7d97ad77e7fb66830f69479ef0e68c" +checksum = "eb56d9ee4a093509624bd0861888cd111f6530e16969a68bb12dc7dd7a2be27f" dependencies = [ "anyhow", "cfg-if", - "cranelift-codegen 0.112.2", + "cranelift-codegen 0.113.0", "cranelift-control", - "cranelift-entity 0.112.2", - "cranelift-frontend 0.112.2", + "cranelift-entity 0.113.0", + "cranelift-frontend 0.113.0", "cranelift-native", - "cranelift-wasm", - "gimli 0.29.0", + "gimli 0.31.1", + "itertools", "log", "object 0.36.0", "smallvec", "target-lexicon", "thiserror", - "wasmparser 0.217.0", - "wasmtime-environ", - "wasmtime-versioned-export-macros 25.0.2", + "wasmparser 0.218.0", + "wasmtime-environ 26.0.0", + "wasmtime-versioned-export-macros 26.0.0", ] [[package]] @@ -5263,51 +5367,72 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "84b72debe8899f19bedf66f7071310f06ef62de943a1369ba9b373613e77dd3d" dependencies = [ "anyhow", - "cpp_demangle", - "cranelift-bitset", + "cranelift-bitset 0.112.2", "cranelift-entity 0.112.2", "gimli 0.29.0", "indexmap 2.2.6", "log", "object 0.36.0", "postcard", + "serde", + "serde_derive", + "target-lexicon", + "wasmparser 0.217.0", + "wasmtime-types", +] + +[[package]] +name = "wasmtime-environ" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3444c1759d5b906ff76a3cab073dd92135bdd06e5d1f46635ec40a58207d314" +dependencies = [ + "anyhow", + "cpp_demangle", + "cranelift-bitset 0.113.0", + "cranelift-entity 0.113.0", + "gimli 0.31.1", + "indexmap 2.2.6", + "log", + "object 0.36.0", + "postcard", "rustc-demangle", "semver 1.0.22", "serde", "serde_derive", + "smallvec", "target-lexicon", - "wasm-encoder", - "wasmparser 0.217.0", + "wasm-encoder 0.218.0", + "wasmparser 0.218.0", "wasmprinter", "wasmtime-component-util", - "wasmtime-types", ] [[package]] name = "wasmtime-fiber" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92b8d4d504266ee598204f9e69cea8714499cc7c5aeddaa9b3f76aaace8b0680" +checksum = "ae2ab757170bf183944ae494cd607bf2f028744414fed7440a39930194bfb869" dependencies = [ "anyhow", "cc", "cfg-if", "rustix", - "wasmtime-asm-macros 25.0.2", - "wasmtime-versioned-export-macros 25.0.2", - "windows-sys 0.52.0", + "wasmtime-asm-macros 26.0.0", + "wasmtime-versioned-export-macros 26.0.0", + "windows-sys 0.59.0", ] [[package]] name = "wasmtime-jit-debug" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48ed7f0bbb9da3252c252b05fcd5fd42672db161e6276aa96e92059500247d8c" +checksum = "077d8382176594ded9e7d837db2f320b45915d40b99f4319b2bd1061bbdf5f4f" dependencies = [ "object 0.36.0", "once_cell", "rustix", - "wasmtime-versioned-export-macros 25.0.2", + "wasmtime-versioned-export-macros 26.0.0", ] [[package]] @@ -5322,12 +5447,30 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "wasmtime-jit-icache-coherence" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e458e6a1a010a53f86ac8d75837c0c6b2ce3e54b7503b2f1dc5629a4a541f5a" +dependencies = [ + "anyhow", + "cfg-if", + "libc", + "windows-sys 0.59.0", +] + [[package]] name = "wasmtime-slab" version = "25.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "055a181b8d03998511294faea14798df436503f14d7fd20edcf7370ec583e80a" +[[package]] +name = "wasmtime-slab" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339c9a2a62b989a3184baff31be3a5b5256ad52629634eb432f9ccf0ab251f83" + [[package]] name = "wasmtime-types" version = "25.0.2" @@ -5364,31 +5507,42 @@ dependencies = [ "syn 2.0.82", ] +[[package]] +name = "wasmtime-versioned-export-macros" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abe01058e422966659e1af00af833147d54658b07c7e74606d73ca9af3f1690a" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.82", +] + [[package]] name = "wasmtime-winch" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a702ff5eff3b37c11453ec8b54ec444bb9f2c689c7a7af382766c52df86b1e9b" +checksum = "3b65e7d7676280ff58e417053ef8435fd7d0b5c5c4372428d13d47aee00a26bf" dependencies = [ "anyhow", - "cranelift-codegen 0.112.2", - "gimli 0.29.0", + "cranelift-codegen 0.113.0", + "gimli 0.31.1", "object 0.36.0", "target-lexicon", - "wasmparser 0.217.0", + "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ", + "wasmtime-environ 26.0.0", "winch-codegen", ] [[package]] name = "wasmtime-wit-bindgen" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2fca2cbb5bb390f65d4434c19bf8d9873dfc60f10802918ebcd6f819a38d703" +checksum = "1c9e85935a1199e96b73e7fcd27a127035d2082265720a67d59268a24892d567" dependencies = [ "anyhow", - "heck 0.4.1", + "heck 0.5.0", "indexmap 2.2.6", "wit-parser", ] @@ -5404,24 +5558,24 @@ dependencies = [ [[package]] name = "wast" -version = "217.0.0" +version = "219.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79004ecebded92d3c710d4841383368c7f04b63d0992ddd6b0c7d5029b7629b7" +checksum = "4f79a9d9df79986a68689a6b40bcc8d5d40d807487b235bebc2ac69a242b54a1" dependencies = [ "bumpalo", "leb128", "memchr", "unicode-width", - "wasm-encoder", + "wasm-encoder 0.219.1", ] [[package]] name = "wat" -version = "1.217.0" +version = "1.219.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c126271c3d92ca0f7c63e4e462e40c69cca52fd4245fcda730d1cf558fb55088" +checksum = "8bc3cf014fb336883a411cd662f987abf6a1d2a27f2f0008616a0070bbf6bd0d" dependencies = [ - "wast 217.0.0", + "wast 219.0.1", ] [[package]] @@ -5513,7 +5667,7 @@ dependencies = [ "bitflags 2.6.0", "thiserror", "tracing", - "wasmtime", + "wasmtime 25.0.2", "wiggle-macro", ] @@ -5577,19 +5731,19 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "winch-codegen" -version = "0.23.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d716f7c87db8ea79f1dc69f7344354b6256451bccca422ac4c3e0d607d144532" +checksum = "d24d6742c41dcde6860c4b83569264b9cd4549d440a4d2488fed0eace33b92fc" dependencies = [ "anyhow", - "cranelift-codegen 0.112.2", - "gimli 0.29.0", + "cranelift-codegen 0.113.0", + "gimli 0.31.1", "regalloc2 0.10.2", "smallvec", "target-lexicon", - "wasmparser 0.217.0", + "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ", + "wasmtime-environ 26.0.0", ] [[package]] @@ -5838,9 +5992,9 @@ dependencies = [ [[package]] name = "wit-parser" -version = "0.217.0" +version = "0.218.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb893dcd6d370cfdf19a0d9adfcd403efb8e544e1a0ea3a8b81a21fe392eaa78" +checksum = "0d3d1066ab761b115f97fef2b191090faabcb0f37b555b758d3caf42d4ed9e55" dependencies = [ "anyhow", "id-arena", @@ -5851,7 +6005,7 @@ dependencies = [ "serde_derive", "serde_json", "unicode-xid", - "wasmparser 0.217.0", + "wasmparser 0.218.0", ] [[package]] @@ -5923,7 +6077,7 @@ dependencies = [ "wasmedge-sdk", "wasmer", "wasmer-wasix", - "wasmtime", + "wasmtime 26.0.0", ] [[package]] diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index f9d467d5d..c93e8b2d8 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -43,7 +43,7 @@ caps = "0.5.5" wasmer = { version = "4.0.0", optional = true } wasmer-wasix = { version = "0.9.0", optional = true } wasmedge-sdk = { version = "0.14.0", optional = true } -wasmtime = { version = "25.0.2", optional = true } +wasmtime = { version = "26.0.0", optional = true } wasi-common = { version = "25.0.2", optional = true } tracing = { version = "0.1.40", features = ["attributes"] } tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] } From c2216cd4832284a7eb9a768cbcbab2f93fea453f Mon Sep 17 00:00:00 2001 From: Yashodhan Joshi Date: Mon, 28 Oct 2024 10:51:01 +0530 Subject: [PATCH 4/7] deps: update wasi-common to 26.0.0 Signed-off-by: Yashodhan Joshi --- Cargo.lock | 224 ++++++---------------------------------- crates/youki/Cargo.toml | 2 +- 2 files changed, 34 insertions(+), 192 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 51c4ab67c..8c218e614 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -337,9 +337,9 @@ dependencies = [ [[package]] name = "cap-fs-ext" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "769f8cd02eb04d57f14e2e371ebb533f96817f9b2525d73a5c72b61ca7973747" +checksum = "712695628f77a28acd7c9135b9f05f9c1563f8eb91b317f63876bac550032403" dependencies = [ "cap-primitives", "cap-std", @@ -349,9 +349,9 @@ dependencies = [ [[package]] name = "cap-primitives" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90a0b44fc796b1a84535a63753d50ba3972c4db55c7255c186f79140e63d56d0" +checksum = "ff5bcbaf57897c8f14098cc9ad48a78052930a9948119eea01b80ca224070fa6" dependencies = [ "ambient-authority", "fs-set-times", @@ -366,9 +366,9 @@ dependencies = [ [[package]] name = "cap-rand" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4327f08daac33a99bb03c54ae18c8f32c3ba31c728a33ddf683c6c6a5043de68" +checksum = "e7c780812948b31f362c3bab82d23b902529c26705d0e094888bc7fdb9656908" dependencies = [ "ambient-authority", "rand", @@ -376,9 +376,9 @@ dependencies = [ [[package]] name = "cap-std" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266626ce180cf9709f317d0bf9754e3a5006359d87f4bf792f06c9c5f1b63c0f" +checksum = "e6cf1a22e6eab501e025a9953532b1e95efb8a18d6364bf8a4a7547b30c49186" dependencies = [ "cap-primitives", "io-extras", @@ -388,9 +388,9 @@ dependencies = [ [[package]] name = "cap-time-ext" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1353421ba83c19da60726e35db0a89abef984b3be183ff6f58c5b8084fcd0c5" +checksum = "1e1547a95cd071db92382c649260bcc6721879ef5d1f0f442af33bff75003dd7" dependencies = [ "ambient-authority", "cap-primitives", @@ -657,16 +657,6 @@ dependencies = [ "cranelift-entity 0.113.0", ] -[[package]] -name = "cranelift-bitset" -version = "0.112.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eaa2aece6237198afd32bff57699e08d4dccb8d3902c214fc1e6ba907247ca4" -dependencies = [ - "serde", - "serde_derive", -] - [[package]] name = "cranelift-bitset" version = "0.113.0" @@ -706,7 +696,7 @@ checksum = "900a19b84545924f1851cbfe386962edfc4ecbc3366a254825cf1ecbcda8ba08" dependencies = [ "bumpalo", "cranelift-bforest 0.113.0", - "cranelift-bitset 0.113.0", + "cranelift-bitset", "cranelift-codegen-meta 0.113.0", "cranelift-codegen-shared 0.113.0", "cranelift-control", @@ -780,24 +770,13 @@ version = "0.91.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a59bcbca89c3f1b70b93ab3cbba5e5e0cbf3e63dadb23c7525cb142e21a9d4c" -[[package]] -name = "cranelift-entity" -version = "0.112.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14ebe592a2f81af9237cf9be29dd3854ecb72108cfffa59e85ef12389bf939e3" -dependencies = [ - "cranelift-bitset 0.112.2", - "serde", - "serde_derive", -] - [[package]] name = "cranelift-entity" version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2d770e6605eccee15b49decdd82cd26f2b6404767802471459ea49c57379a98" dependencies = [ - "cranelift-bitset 0.113.0", + "cranelift-bitset", "serde", "serde_derive", ] @@ -1577,12 +1556,6 @@ version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" -[[package]] -name = "gimli" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" - [[package]] name = "gimli" version = "0.31.1" @@ -1675,12 +1648,6 @@ dependencies = [ "unicode-segmentation", ] -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - [[package]] name = "heck" version = "0.5.0" @@ -2954,7 +2921,7 @@ version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d68c610ff29655a42eeef41a5b5346e714586971a7d927739477e552fe7e23e3" dependencies = [ - "cranelift-bitset 0.113.0", + "cranelift-bitset", "log", "sptr", ] @@ -4686,9 +4653,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasi-common" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f1e63f999ecfdd96d64d35b39d0577318d9d2eae2d41603d4befda3b3dfe252" +checksum = "30736986c56db528f8086cc81e56abcde4d0c682084cfd9ea37c7237adccde14" dependencies = [ "anyhow", "bitflags 2.6.0", @@ -4705,9 +4672,9 @@ dependencies = [ "system-interface", "thiserror", "tracing", - "wasmtime 25.0.2", + "wasmtime", "wiggle", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -5123,20 +5090,6 @@ dependencies = [ "url", ] -[[package]] -name = "wasmparser" -version = "0.217.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca917a21307d3adf2b9857b94dd05ebf8496bdcff4437a9b9fb3899d3e6c74e7" -dependencies = [ - "ahash 0.8.11", - "bitflags 2.6.0", - "hashbrown 0.14.3", - "indexmap 2.2.6", - "semver 1.0.22", - "serde", -] - [[package]] name = "wasmparser" version = "0.218.0" @@ -5172,44 +5125,6 @@ dependencies = [ "wasmparser 0.218.0", ] -[[package]] -name = "wasmtime" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef01f9cb9636ed42a7ec5a09d785c0643590199dc7372dc22c7e2ba7a31a97d4" -dependencies = [ - "anyhow", - "bitflags 2.6.0", - "bumpalo", - "cc", - "cfg-if", - "hashbrown 0.14.3", - "indexmap 2.2.6", - "libc", - "libm", - "log", - "mach2", - "memfd", - "object 0.36.0", - "once_cell", - "paste", - "postcard", - "psm", - "rustix", - "serde", - "serde_derive", - "smallvec", - "sptr", - "target-lexicon", - "wasmparser 0.217.0", - "wasmtime-asm-macros 25.0.2", - "wasmtime-environ 25.0.2", - "wasmtime-jit-icache-coherence 25.0.2", - "wasmtime-slab 25.0.2", - "wasmtime-versioned-export-macros 25.0.2", - "windows-sys 0.52.0", -] - [[package]] name = "wasmtime" version = "26.0.0" @@ -5256,11 +5171,11 @@ dependencies = [ "wasmtime-component-macro", "wasmtime-component-util", "wasmtime-cranelift", - "wasmtime-environ 26.0.0", + "wasmtime-environ", "wasmtime-fiber", "wasmtime-jit-debug", - "wasmtime-jit-icache-coherence 26.0.0", - "wasmtime-slab 26.0.0", + "wasmtime-jit-icache-coherence", + "wasmtime-slab", "wasmtime-versioned-export-macros 26.0.0", "wasmtime-winch", "wat", @@ -5276,15 +5191,6 @@ dependencies = [ "cfg-if", ] -[[package]] -name = "wasmtime-asm-macros" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba5b20797419d6baf2296db2354f864e8bb3447cacca9d151ce7700ae08b4460" -dependencies = [ - "cfg-if", -] - [[package]] name = "wasmtime-asm-macros" version = "26.0.0" @@ -5356,31 +5262,10 @@ dependencies = [ "target-lexicon", "thiserror", "wasmparser 0.218.0", - "wasmtime-environ 26.0.0", + "wasmtime-environ", "wasmtime-versioned-export-macros 26.0.0", ] -[[package]] -name = "wasmtime-environ" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84b72debe8899f19bedf66f7071310f06ef62de943a1369ba9b373613e77dd3d" -dependencies = [ - "anyhow", - "cranelift-bitset 0.112.2", - "cranelift-entity 0.112.2", - "gimli 0.29.0", - "indexmap 2.2.6", - "log", - "object 0.36.0", - "postcard", - "serde", - "serde_derive", - "target-lexicon", - "wasmparser 0.217.0", - "wasmtime-types", -] - [[package]] name = "wasmtime-environ" version = "26.0.0" @@ -5389,7 +5274,7 @@ checksum = "f3444c1759d5b906ff76a3cab073dd92135bdd06e5d1f46635ec40a58207d314" dependencies = [ "anyhow", "cpp_demangle", - "cranelift-bitset 0.113.0", + "cranelift-bitset", "cranelift-entity 0.113.0", "gimli 0.31.1", "indexmap 2.2.6", @@ -5435,18 +5320,6 @@ dependencies = [ "wasmtime-versioned-export-macros 26.0.0", ] -[[package]] -name = "wasmtime-jit-icache-coherence" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d930bc1325bc0448be6a11754156d770f56f6c3a61f440e9567f36cd2ea3065" -dependencies = [ - "anyhow", - "cfg-if", - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "wasmtime-jit-icache-coherence" version = "26.0.0" @@ -5459,32 +5332,12 @@ dependencies = [ "windows-sys 0.59.0", ] -[[package]] -name = "wasmtime-slab" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "055a181b8d03998511294faea14798df436503f14d7fd20edcf7370ec583e80a" - [[package]] name = "wasmtime-slab" version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "339c9a2a62b989a3184baff31be3a5b5256ad52629634eb432f9ccf0ab251f83" -[[package]] -name = "wasmtime-types" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8340d976673ac3fdacac781f2afdc4933920c1adc738c3409e825dab3955399" -dependencies = [ - "anyhow", - "cranelift-entity 0.112.2", - "serde", - "serde_derive", - "smallvec", - "wasmparser 0.217.0", -] - [[package]] name = "wasmtime-versioned-export-macros" version = "14.0.4" @@ -5496,17 +5349,6 @@ dependencies = [ "syn 2.0.82", ] -[[package]] -name = "wasmtime-versioned-export-macros" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4b0c1f76891f778db9602ee3fbb4eb7e9a3f511847d1fb1b69eddbcea28303c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.82", -] - [[package]] name = "wasmtime-versioned-export-macros" version = "26.0.0" @@ -5531,7 +5373,7 @@ dependencies = [ "target-lexicon", "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ 26.0.0", + "wasmtime-environ", "winch-codegen", ] @@ -5658,27 +5500,27 @@ dependencies = [ [[package]] name = "wiggle" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4ebee2be6b561d1fe91b37e960c02baa94cdee29af863f5f26a0637f344f27a" +checksum = "c62986dac93e6de4e542c9861e0bfb375a796e880938bb2f5833a7dfaed07352" dependencies = [ "anyhow", "async-trait", "bitflags 2.6.0", "thiserror", "tracing", - "wasmtime 25.0.2", + "wasmtime", "wiggle-macro", ] [[package]] name = "wiggle-generate" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97c4a32959189041ccb260e6dfa7fcf907e665166e755a6a681c32423c90e45f" +checksum = "0b7602686d5d43b23ae28ad5d730921064b634ae6a9d78e8dbdc595326319232" dependencies = [ "anyhow", - "heck 0.4.1", + "heck 0.5.0", "proc-macro2", "quote", "shellexpand", @@ -5688,9 +5530,9 @@ dependencies = [ [[package]] name = "wiggle-macro" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e1c266e16c4b24a29e055ec651e27fce1389c886bb00fbe78b8924a253a439b" +checksum = "a376173abfaaa6cebf8aedd03366fcd528db2b8f5ccc3f422102a3f4014c3855" dependencies = [ "proc-macro2", "quote", @@ -5743,7 +5585,7 @@ dependencies = [ "target-lexicon", "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ 26.0.0", + "wasmtime-environ", ] [[package]] @@ -6077,7 +5919,7 @@ dependencies = [ "wasmedge-sdk", "wasmer", "wasmer-wasix", - "wasmtime 26.0.0", + "wasmtime", ] [[package]] diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index c93e8b2d8..f3dbcf265 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -44,7 +44,7 @@ wasmer = { version = "4.0.0", optional = true } wasmer-wasix = { version = "0.9.0", optional = true } wasmedge-sdk = { version = "0.14.0", optional = true } wasmtime = { version = "26.0.0", optional = true } -wasi-common = { version = "25.0.2", optional = true } +wasi-common = { version = "26.0.0", optional = true } tracing = { version = "0.1.40", features = ["attributes"] } tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] } tracing-journald = "0.3.0" From 860fba699d95cf2b49670ab0df4cd1a68749502b Mon Sep 17 00:00:00 2001 From: Yashodhan Joshi Date: Mon, 28 Oct 2024 11:18:50 +0530 Subject: [PATCH 5/7] print "unknown" instead of defaults if we cannot get kernel config Signed-off-by: Yashodhan Joshi --- crates/youki/src/commands/info.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crates/youki/src/commands/info.rs b/crates/youki/src/commands/info.rs index 4a92b1ac4..f9e1c7869 100644 --- a/crates/youki/src/commands/info.rs +++ b/crates/youki/src/commands/info.rs @@ -59,6 +59,8 @@ pub fn print_os() { println!("{:<18}{}", "Operating System", os); } else if let Some(os) = try_read_os_from("/usr/lib/os-release") { println!("{:<18}{}", "Operating System", os); + } else { + println!("{:<18}UNKNOWN", "Operating System"); } } @@ -204,6 +206,9 @@ pub fn print_namespaces() { println!("{:<18}disabled", "Namespaces"); return; } + } else { + println!("{:<18}UNKNOWN", "Namespaces"); + // we don't return as we can atleast try and see if anything is enabled } // mount namespace is always enabled if namespaces are enabled @@ -266,7 +271,7 @@ fn print_feature_status(config: &str, feature: &str, display: FeatureDisplay) { println!(" {:<16}{}", display.name, status); } else { - println!(" {:<16}{}", display.name, display.disabled); + println!(" {:<16}UNKNOWN", display.name); } } From e3e15404448b9d662d2aa9aa6560b7d22018ff5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 00:25:23 +0000 Subject: [PATCH 6/7] Bump serde from 1.0.213 to 1.0.214 in the patch group Bumps the patch group with 1 update: [serde](https://github.com/serde-rs/serde). Updates `serde` from 1.0.213 to 1.0.214 - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.213...v1.0.214) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8c218e614..cbb9f372b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3456,9 +3456,9 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.213" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1" +checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" dependencies = [ "serde_derive", ] @@ -3486,9 +3486,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.213" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5" +checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" dependencies = [ "proc-macro2", "quote", From d07159691ded12b00000418cbbc1800fb558ac1a Mon Sep 17 00:00:00 2001 From: AngrySean Date: Tue, 29 Oct 2024 12:23:05 +0800 Subject: [PATCH 7/7] fix(libcontainer) no_pivot args is not used (#2923) * Support setting no_pivot_root for create and run command Signed-off-by: Vanient * fix: mount move before choot Move the rootfs to the root of the host filesystem before chrooting, this is equivalent to pivot_root, if don't move mount first, we will not see the new rootfs when exec into the container Signed-off-by: xujihui1985 * fix(chroot): ensure mount occurs before chroot to mimic pivot_root behavior Move the mount operation to occur before calling chroot to better simulate the effect of pivot_root. Add a check to confirm if the current process is running inside an isolated mount namespace, ensuring proper mount handling. Signed-off-by: xujihui1985 * implement intergration test for no-pivot Signed-off-by: xujihui1985 * fix: add comments to no-pivot related code Signed-off-by: xujihui1985 * fix(lint): fix format Signed-off-by: xujihui1985 --------- Signed-off-by: Vanient Signed-off-by: xujihui1985 Co-authored-by: Vanient --- .../src/container/builder_impl.rs | 3 + .../src/container/init_builder.rs | 8 ++ .../src/container/tenant_builder.rs | 1 + crates/libcontainer/src/process/args.rs | 2 + .../src/process/container_init_process.rs | 85 +++++++++++-- crates/libcontainer/src/syscall/linux.rs | 5 + crates/libcontainer/src/syscall/syscall.rs | 3 +- crates/libcontainer/src/syscall/test.rs | 28 +++- crates/youki/src/commands/create.rs | 1 + crates/youki/src/commands/run.rs | 1 + tests/contest/contest/src/main.rs | 3 + tests/contest/contest/src/tests/mod.rs | 1 + .../contest/contest/src/tests/no_pivot/mod.rs | 29 +++++ tests/contest/contest/src/utils/test_utils.rs | 120 +++++++++++++++++- tests/contest/runtimetest/src/main.rs | 1 + tests/contest/runtimetest/src/tests.rs | 34 +++++ 16 files changed, 304 insertions(+), 21 deletions(-) create mode 100644 tests/contest/contest/src/tests/no_pivot/mod.rs diff --git a/crates/libcontainer/src/container/builder_impl.rs b/crates/libcontainer/src/container/builder_impl.rs index ed2cd07dd..0a9e43f52 100644 --- a/crates/libcontainer/src/container/builder_impl.rs +++ b/crates/libcontainer/src/container/builder_impl.rs @@ -49,6 +49,8 @@ pub(super) struct ContainerBuilderImpl { pub detached: bool, /// Default executes the specified execution of a generic command pub executor: Box, + /// If do not use pivot root to jail process inside rootfs + pub no_pivot: bool, } impl ContainerBuilderImpl { @@ -154,6 +156,7 @@ impl ContainerBuilderImpl { cgroup_config, detached: self.detached, executor: self.executor.clone(), + no_pivot: self.no_pivot, }; let (init_pid, need_to_clean_up_intel_rdt_dir) = diff --git a/crates/libcontainer/src/container/init_builder.rs b/crates/libcontainer/src/container/init_builder.rs index 2230acc60..4ac2104de 100644 --- a/crates/libcontainer/src/container/init_builder.rs +++ b/crates/libcontainer/src/container/init_builder.rs @@ -20,6 +20,7 @@ pub struct InitContainerBuilder { bundle: PathBuf, use_systemd: bool, detached: bool, + no_pivot: bool, } impl InitContainerBuilder { @@ -31,6 +32,7 @@ impl InitContainerBuilder { bundle, use_systemd: true, detached: true, + no_pivot: false, } } @@ -45,6 +47,11 @@ impl InitContainerBuilder { self } + pub fn with_no_pivot(mut self, no_pivot: bool) -> Self { + self.no_pivot = no_pivot; + self + } + /// Creates a new container pub fn build(self) -> Result { let spec = self.load_spec()?; @@ -95,6 +102,7 @@ impl InitContainerBuilder { preserve_fds: self.base.preserve_fds, detached: self.detached, executor: self.base.executor, + no_pivot: self.no_pivot, }; builder_impl.create()?; diff --git a/crates/libcontainer/src/container/tenant_builder.rs b/crates/libcontainer/src/container/tenant_builder.rs index 1ebddd76b..e54a22cca 100644 --- a/crates/libcontainer/src/container/tenant_builder.rs +++ b/crates/libcontainer/src/container/tenant_builder.rs @@ -142,6 +142,7 @@ impl TenantContainerBuilder { preserve_fds: self.base.preserve_fds, detached: self.detached, executor: self.base.executor, + no_pivot: false, }; let pid = builder_impl.create()?; diff --git a/crates/libcontainer/src/process/args.rs b/crates/libcontainer/src/process/args.rs index a4451dd85..1c7d0c395 100644 --- a/crates/libcontainer/src/process/args.rs +++ b/crates/libcontainer/src/process/args.rs @@ -42,4 +42,6 @@ pub struct ContainerArgs { pub detached: bool, /// Manage the functions that actually run on the container pub executor: Box, + /// If do not use pivot root to jail process inside rootfs + pub no_pivot: bool, } diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs index 64182c1c7..8d30b74b4 100644 --- a/crates/libcontainer/src/process/container_init_process.rs +++ b/crates/libcontainer/src/process/container_init_process.rs @@ -4,7 +4,7 @@ use std::path::{Path, PathBuf}; use std::{env, fs, mem}; use nc; -use nix::mount::MsFlags; +use nix::mount::{MntFlags, MsFlags}; use nix::sched::CloneFlags; use nix::sys::stat::Mode; use nix::unistd::{self, setsid, Gid, Uid}; @@ -270,6 +270,76 @@ fn reopen_dev_null() -> Result<()> { Ok(()) } +// umount or hide the target path. If the target path is mounted +// try to unmount it first if the unmount operation fails with EINVAL +// then mount a tmpfs with size 0k to hide the target path. +fn unmount_or_hide(syscall: &dyn Syscall, target: impl AsRef) -> Result<()> { + let target_path = target.as_ref(); + match syscall.umount2(target_path, MntFlags::MNT_DETACH) { + Ok(_) => Ok(()), + Err(SyscallError::Nix(nix::errno::Errno::EINVAL)) => syscall + .mount( + None, + target_path, + Some("tmpfs"), + MsFlags::MS_RDONLY, + Some("size=0k"), + ) + .map_err(InitProcessError::SyscallOther), + Err(err) => Err(InitProcessError::SyscallOther(err)), + } +} + +fn move_root(syscall: &dyn Syscall, rootfs: &Path) -> Result<()> { + unistd::chdir(rootfs).map_err(InitProcessError::NixOther)?; + // umount /sys and /proc if they are mounted, the purpose is to + // unmount or hide the /sys and /proc filesystems before the process changes its + // root to the new rootfs. thus ensure that the /sys and /proc filesystems are not + // accessible in the new rootfs. the logic is borrowed from crun + // https://github.com/containers/crun/blob/53cd1c1c697d7351d0cad23708d29bf4a7980a3a/src/libcrun/linux.c#L2780 + unmount_or_hide(syscall, "/sys")?; + unmount_or_hide(syscall, "/proc")?; + syscall + .mount(Some(rootfs), Path::new("/"), None, MsFlags::MS_MOVE, None) + .map_err(|err| { + tracing::error!(?err, ?rootfs, "failed to mount ms_move"); + InitProcessError::SyscallOther(err) + })?; + + syscall.chroot(Path::new(".")).map_err(|err| { + tracing::error!(?err, ?rootfs, "failed to chroot"); + InitProcessError::SyscallOther(err) + })?; + + unistd::chdir("/").map_err(InitProcessError::NixOther)?; + + Ok(()) +} + +fn do_pivot_root( + syscall: &dyn Syscall, + namespaces: &Namespaces, + no_pivot: bool, + rootfs: impl AsRef, +) -> Result<()> { + let rootfs_path = rootfs.as_ref(); + + let handle_error = |err: SyscallError, msg: &str| -> InitProcessError { + tracing::error!(?err, ?rootfs_path, msg); + InitProcessError::SyscallOther(err) + }; + + match namespaces.get(LinuxNamespaceType::Mount)? { + Some(_) if no_pivot => move_root(syscall, rootfs_path), + Some(_) => syscall + .pivot_rootfs(rootfs.as_ref()) + .map_err(|err| handle_error(err, "failed to pivot root")), + None => syscall + .chroot(rootfs_path) + .map_err(|err| handle_error(err, "failed to chroot")), + } +} + // Some variables are unused in the case where libseccomp feature is not enabled. #[allow(unused_variables)] pub fn container_init_process( @@ -343,18 +413,7 @@ pub fn container_init_process( // we use pivot_root, but if we are on the host mount namespace, we will // use simple chroot. Scary things will happen if you try to pivot_root // in the host mount namespace... - if namespaces.get(LinuxNamespaceType::Mount)?.is_some() { - // change the root of filesystem of the process to the rootfs - syscall.pivot_rootfs(rootfs_path).map_err(|err| { - tracing::error!(?err, ?rootfs_path, "failed to pivot root"); - InitProcessError::SyscallOther(err) - })?; - } else { - syscall.chroot(rootfs_path).map_err(|err| { - tracing::error!(?err, ?rootfs_path, "failed to chroot"); - InitProcessError::SyscallOther(err) - })?; - } + do_pivot_root(syscall.as_ref(), &namespaces, args.no_pivot, rootfs_path)?; // As we have changed the root mount, from here on // logs are no longer visible in journalctl diff --git a/crates/libcontainer/src/syscall/linux.rs b/crates/libcontainer/src/syscall/linux.rs index 9bc2f13de..ed68e104a 100644 --- a/crates/libcontainer/src/syscall/linux.rs +++ b/crates/libcontainer/src/syscall/linux.rs @@ -574,6 +574,11 @@ impl Syscall for LinuxSyscall { }?; Ok(()) } + + fn umount2(&self, target: &Path, flags: MntFlags) -> Result<()> { + umount2(target, flags)?; + Ok(()) + } } #[cfg(test)] diff --git a/crates/libcontainer/src/syscall/syscall.rs b/crates/libcontainer/src/syscall/syscall.rs index 6868a180e..e886aef7a 100644 --- a/crates/libcontainer/src/syscall/syscall.rs +++ b/crates/libcontainer/src/syscall/syscall.rs @@ -8,7 +8,7 @@ use std::sync::Arc; use caps::{CapSet, CapsHashSet}; use libc; -use nix::mount::MsFlags; +use nix::mount::{MntFlags, MsFlags}; use nix::sched::CloneFlags; use nix::sys::stat::{Mode, SFlag}; use nix::unistd::{Gid, Uid}; @@ -54,6 +54,7 @@ pub trait Syscall { size: libc::size_t, ) -> Result<()>; fn set_io_priority(&self, class: i64, priority: i64) -> Result<()>; + fn umount2(&self, target: &Path, flags: MntFlags) -> Result<()>; } #[derive(Clone, Copy)] diff --git a/crates/libcontainer/src/syscall/test.rs b/crates/libcontainer/src/syscall/test.rs index 4b5cc0d44..6e2e01977 100644 --- a/crates/libcontainer/src/syscall/test.rs +++ b/crates/libcontainer/src/syscall/test.rs @@ -6,7 +6,7 @@ use std::path::{Path, PathBuf}; use std::sync::Arc; use caps::{CapSet, CapsHashSet}; -use nix::mount::MsFlags; +use nix::mount::{MntFlags, MsFlags}; use nix::sched::CloneFlags; use nix::sys::stat::{Mode, SFlag}; use nix::unistd::{Gid, Uid}; @@ -44,6 +44,12 @@ pub struct IoPriorityArgs { pub priority: i64, } +#[derive(Clone, PartialEq, Eq, Debug)] +pub struct UMount2Args { + pub target: PathBuf, + pub flags: MntFlags, +} + #[derive(Default)] struct Mock { values: Vec>, @@ -64,6 +70,7 @@ pub enum ArgName { Groups, Capability, IoPriority, + UMount2, } impl ArgName { @@ -259,6 +266,16 @@ impl Syscall for TestHelperSyscall { Box::new(IoPriorityArgs { class, priority }), ) } + + fn umount2(&self, target: &Path, flags: MntFlags) -> Result<()> { + self.mocks.act( + ArgName::UMount2, + Box::new(UMount2Args { + target: target.to_owned(), + flags, + }), + ) + } } impl TestHelperSyscall { @@ -369,4 +386,13 @@ impl TestHelperSyscall { .map(|x| x.downcast_ref::().unwrap().clone()) .collect::>() } + + pub fn get_umount_args(&self) -> Vec { + self.mocks + .fetch(ArgName::UMount2) + .values + .iter() + .map(|x| x.downcast_ref::().unwrap().clone()) + .collect::>() + } } diff --git a/crates/youki/src/commands/create.rs b/crates/youki/src/commands/create.rs index dca591fb2..41eda151a 100644 --- a/crates/youki/src/commands/create.rs +++ b/crates/youki/src/commands/create.rs @@ -24,6 +24,7 @@ pub fn create(args: Create, root_path: PathBuf, systemd_cgroup: bool) -> Result< .as_init(&args.bundle) .with_systemd(systemd_cgroup) .with_detach(true) + .with_no_pivot(args.no_pivot) .build()?; Ok(()) diff --git a/crates/youki/src/commands/run.rs b/crates/youki/src/commands/run.rs index f297903f9..2f6d1812e 100644 --- a/crates/youki/src/commands/run.rs +++ b/crates/youki/src/commands/run.rs @@ -22,6 +22,7 @@ pub fn run(args: Run, root_path: PathBuf, systemd_cgroup: bool) -> Result { .as_init(&args.bundle) .with_systemd(systemd_cgroup) .with_detach(args.detach) + .with_no_pivot(args.no_pivot) .build()?; container diff --git a/tests/contest/contest/src/main.rs b/tests/contest/contest/src/main.rs index 8049457c0..e0d3a4a02 100644 --- a/tests/contest/contest/src/main.rs +++ b/tests/contest/contest/src/main.rs @@ -19,6 +19,7 @@ use crate::tests::io_priority::get_io_priority_test; use crate::tests::lifecycle::{ContainerCreate, ContainerLifecycle}; use crate::tests::linux_ns_itype::get_ns_itype_tests; use crate::tests::mounts_recursive::get_mounts_recursive_test; +use crate::tests::no_pivot::get_no_pivot_test; use crate::tests::pidfile::get_pidfile_test; use crate::tests::readonly_paths::get_ro_paths_test; use crate::tests::scheduler::get_scheduler_test; @@ -113,6 +114,7 @@ fn main() -> Result<()> { let scheduler = get_scheduler_test(); let io_priority_test = get_io_priority_test(); let devices = get_devices_test(); + let no_pivot = get_no_pivot_test(); tm.add_test_group(Box::new(cl)); tm.add_test_group(Box::new(cc)); @@ -136,6 +138,7 @@ fn main() -> Result<()> { tm.add_test_group(Box::new(sysctl)); tm.add_test_group(Box::new(scheduler)); tm.add_test_group(Box::new(devices)); + tm.add_test_group(Box::new(no_pivot)); tm.add_test_group(Box::new(io_priority_test)); tm.add_cleanup(Box::new(cgroups::cleanup_v1)); diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index 1fee606b1..7a742d384 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -9,6 +9,7 @@ pub mod io_priority; pub mod lifecycle; pub mod linux_ns_itype; pub mod mounts_recursive; +pub mod no_pivot; pub mod pidfile; pub mod readonly_paths; pub mod scheduler; diff --git a/tests/contest/contest/src/tests/no_pivot/mod.rs b/tests/contest/contest/src/tests/no_pivot/mod.rs new file mode 100644 index 000000000..8540a058a --- /dev/null +++ b/tests/contest/contest/src/tests/no_pivot/mod.rs @@ -0,0 +1,29 @@ +use anyhow::{Context, Result}; +use oci_spec::runtime::{ProcessBuilder, Spec, SpecBuilder}; +use test_framework::{test_result, Test, TestGroup, TestResult}; + +use crate::utils::test_utils::test_inside_container_with_no_pivot; + +fn create_spec() -> Result { + SpecBuilder::default() + .process( + ProcessBuilder::default() + .args(vec!["runtimetest".to_string(), "no_pivot".to_string()]) + .build()?, + ) + .build() + .context("failed to create spec") +} + +fn no_pivot_test() -> TestResult { + let spec = test_result!(create_spec()); + test_inside_container_with_no_pivot(spec, &|_| Ok(())) +} + +pub fn get_no_pivot_test() -> TestGroup { + let mut test_group = TestGroup::new("no_pivot"); + let no_pivot_test = Test::new("no_pivot_test", Box::new(no_pivot_test)); + test_group.add(vec![Box::new(no_pivot_test)]); + + test_group +} diff --git a/tests/contest/contest/src/utils/test_utils.rs b/tests/contest/contest/src/utils/test_utils.rs index c72cd8f0d..ceb31262e 100644 --- a/tests/contest/contest/src/utils/test_utils.rs +++ b/tests/contest/contest/src/utils/test_utils.rs @@ -42,11 +42,9 @@ pub struct ContainerData { pub create_result: std::io::Result, } -/// Starts the runtime with given directory as root directory -pub fn create_container>(id: &str, dir: P) -> Result { - let res = Command::new(get_runtime_path()) - // set stdio so that we can get o/p of runtimetest - // in test_inside_container function +fn create_container_command>(id: &str, dir: P, with_pivot_root: bool) -> Command { + let mut command = Command::new(get_runtime_path()); + command .stdout(Stdio::piped()) .stderr(Stdio::piped()) .arg("--root") @@ -54,7 +52,23 @@ pub fn create_container>(id: &str, dir: P) -> Result { .arg("create") .arg(id) .arg("--bundle") - .arg(dir.as_ref().join("bundle")) + .arg(dir.as_ref().join("bundle")); + if with_pivot_root { + command.arg("--no-pivot"); + } + command +} + +/// Starts the runtime with given directory as root directory +pub fn create_container>(id: &str, dir: P) -> Result { + let res = create_container_command(id, dir, false) + .spawn() + .context("could not create container")?; + Ok(res) +} + +pub fn create_container_no_pivot>(id: &str, dir: P) -> Result { + let res = create_container_command(id, dir, true) .spawn() .context("could not create container")?; Ok(res) @@ -232,6 +246,100 @@ pub fn test_inside_container( TestResult::Passed } +// just copy-pasted from test_inside_container for now, but with no pivot root +// need to refactor this to avoid duplication +pub fn test_inside_container_with_no_pivot( + spec: Spec, + setup_for_test: &dyn Fn(&Path) -> Result<()>, +) -> TestResult { + let id = generate_uuid(); + let id_str = id.to_string(); + let bundle = prepare_bundle().unwrap(); + + // This will do the required setup for the test + test_result!(setup_for_test( + &bundle.as_ref().join("bundle").join("rootfs") + )); + + set_config(&bundle, &spec).unwrap(); + // as we have to run runtimetest inside the container, and is expects + // the config.json to be at path /config.json we save it there + let path = bundle + .as_ref() + .join("bundle") + .join("rootfs") + .join("config.json"); + spec.save(path).unwrap(); + + let runtimetest_path = get_runtimetest_path(); + // The config will directly use runtime as the command to be run, so we have to + // save the runtimetest binary at its /bin + std::fs::copy( + runtimetest_path, + bundle + .as_ref() + .join("bundle") + .join("rootfs") + .join("bin") + .join("runtimetest"), + ) + .unwrap(); + let create_process = create_container_no_pivot(&id_str, &bundle).unwrap(); + // here we do not wait for the process by calling wait() as in the test_outside_container + // function because we need the output of the runtimetest. If we call wait, it will return + // and we won't have an easy way of getting the stdio of the runtimetest. + // Thus to make sure the container is created, we just wait for sometime, and + // assume that the create command was successful. If it wasn't we can catch that error + // in the start_container, as we can not start a non-created container anyways + std::thread::sleep(std::time::Duration::from_millis(1000)); + match start_container(&id_str, &bundle) + .unwrap() + .wait_with_output() + { + Ok(c) => c, + Err(e) => return TestResult::Failed(anyhow!("container start failed : {:?}", e)), + }; + + let create_output = create_process + .wait_with_output() + .context("getting output after starting the container failed") + .unwrap(); + + let stdout = String::from_utf8_lossy(&create_output.stdout); + if !stdout.is_empty() { + println!( + "{:?}", + anyhow!("container stdout was not empty, found : {}", stdout) + ) + } + let stderr = String::from_utf8_lossy(&create_output.stderr); + if !stderr.is_empty() { + return TestResult::Failed(anyhow!( + "container stderr was not empty, found : {}", + stderr + )); + } + + let (out, err) = get_state(&id_str, &bundle).unwrap(); + if !err.is_empty() { + return TestResult::Failed(anyhow!( + "error in getting state after starting the container : {}", + err + )); + } + + let state: State = match serde_json::from_str(&out) { + Ok(v) => v, + Err(e) => return TestResult::Failed(anyhow!("error in parsing state of container after start in test_inside_container : stdout : {}, parse error : {}",out,e)), + }; + if state.status != "stopped" { + return TestResult::Failed(anyhow!("error : unexpected container status in test_inside_runtime : expected stopped, got {}, container state : {:?}",state.status,state)); + } + kill_container(&id_str, &bundle).unwrap().wait().unwrap(); + delete_container(&id_str, &bundle).unwrap().wait().unwrap(); + TestResult::Passed +} + pub fn check_container_created(data: &ContainerData) -> Result<()> { match &data.create_result { Ok(exit_status) => { diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index 95780bd48..486495a8b 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -44,6 +44,7 @@ fn main() { "io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe), "io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle), "devices" => tests::validate_devices(&spec), + "no_pivot" => tests::validate_rootfs(), _ => eprintln!("error due to unexpected execute test name: {execute_test}"), } } diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 40f5ad29c..dec34dee3 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -545,3 +545,37 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { eprintln!("error ioprio_get expected priority {expected_priority:?}, got {priority}") } } + +// the validate_rootfs function is used to validate the rootfs of the container is +// as expected. This function is used in the no_pivot test to validate the rootfs +pub fn validate_rootfs() { + // list the first level directories in the rootfs + let mut entries = fs::read_dir("/") + .unwrap() + .filter_map(|entry| { + entry.ok().and_then(|e| { + let path = e.path(); + if path.is_dir() { + path.file_name() + .and_then(|name| name.to_str().map(|s| s.to_owned())) + } else { + None + } + }) + }) + .collect::>(); + // sort the entries to make the test deterministic + entries.sort(); + + // this is the list of directories that we expect to find in the rootfs + let mut expected = vec![ + "bin", "dev", "etc", "home", "proc", "root", "sys", "tmp", "usr", "var", + ]; + // sort the expected entries to make the test deterministic + expected.sort(); + + // compare the expected entries with the actual entries + if entries != expected { + eprintln!("error due to rootfs want {expected:?}, got {entries:?}"); + } +}