Add support for file descriptor passing

[mgjm]

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR adds support for file descriptors:

• New StartFdSocket RPC command
• additionalFds passed to the OCI runtime
• leakFds kept open by conmon as long as the container is running

I haven't found a good way to pass file descriptors via SCM_RIGHTS on the existing RPC connection. Therefore an additional socket is created for file descriptor passing. The protocol is documented in conmon-rs/server/src/fd_socket.rs.

RPC level workflow:

• The client calls StartFdSocket to start the fd socket server (if not already running) and gets the socket path
• The client send the file descriptors to the server via SCM_RIGHTS and gets slot numbers in return
• The client needs to keep the fd socket connection open until the fds are used
• The client calls CreateContainer with additionalFds or leakFds
• The client closes the fd socket connection (unused fds get closed at this point, the slot numbers are no longer valid)

GO client workflow:

• The user gets a RemoteFDs instance via the client.RemoteFDs method
• The user sends file descriptors via the remoteFDs.Send method and gets slot numbers in return
• The user calls client.CreateContainer with AdditionalFDs or LeakFDs
• The user calls remoteFDs.Close to close the connection

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

An alternative approach would be to hide the file descriptor logic from the public go client interface and just accept an file descriptor array in CreateContainerConfig and send the file descriptors in the client.CreateContainer method.

This would result in a cleaner API but the current design is simpler and allows reusing the RemoteFDs instance. But we create a new connection for each RPC request anyways, so does that performance improvement even matter?

Does this PR introduce a user-facing change?

Add support for file descriptor passing

[codecov-commenter]

Codecov Report

Merging #1553 (bfc3a05) into main (7214897) will increase coverage by 0.13%.
The diff coverage is 14.28%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1553      +/-   ##
==========================================
+ Coverage   34.30%   34.44%   +0.13%     
==========================================
  Files          13       13              
  Lines        1134     1144      +10     
  Branches      389      392       +3     
==========================================
+ Hits          389      394       +5     
  Misses        493      493              
- Partials      252      257       +5     

[haircommander]

a couple of notes, otherwise LGTM

[haircommander]

@saschagrunert PTAL

[saschagrunert]

We probably should exclude the capnp file from the typos test: https://github.com/containers/conmon-rs/actions/runs/5815034612/job/15765845509?pr=1553

[mgjm]

@saschagrunert Which option to exclude capnp file from the typos test do you prefer? I don't think the typos tool is used outside of CI, therefore I would lean towards option 3.

[saschagrunert]

@saschagrunert Which option to exclude capnp file from the typos test do you prefer? I don't think the typos tool is used outside of CI, therefore I would lean towards option 3.

Yeah I'm happy with the config file (option 3), too!

[haircommander]

option 3 works for me!

[saschagrunert]

/lgtm

[mgjm]

@saschagrunert the integration test finally succeeds. I needed to increase the MAX_RSS and the max allowed diff in the memory leak test

[saschagrunert]

I see, let's get that change in.

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mgjm, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment