runtime-rs: Introduce kata-sys-util library crate #3306
Conversation
fidencio
changed the title
jiangliu
force-pushed
the
sys-util
branch
7 times, most recently
from
ad0cff6
to
61b5f83
Compare
jiangliu
force-pushed
the
sys-util
branch
2 times, most recently
from
f1aca2e
to
c540afc
Compare
jiangliu
force-pushed
the
sys-util
branch
13 times, most recently
from
98f12a9
to
d16bcf8
Compare
|
A head's up that may affect your PR. In the Architecture Committee meeting from January 25th, 2022, the Architecture Committee has agreed on using the "Dismiss stale pull request approvals when new commits are pushed" configuration from GitHub. It basically means that if your PR has been rebased or updated, the approvals given will be erased. In order to minimize traumas due to the new approach, please, consider adding a note on the changes done before the rebase / force-push, and also pinging the reviewers for a subsequent round of reviews. Thanks for your understanding! Related issue: kata-containers/community#249 |
There was a problem hiding this comment.
Thanks @jiangliu. The only blocking comment I have is the missing wait() call in handle_exit_status().
| } | ||
| executor.execute_and_wait(&mut popen)?; | ||
| info!(sl!(), "hook {} finished", hook.path); | ||
| self.states.insert(hook.into(), HookState::Done); |
There was a problem hiding this comment.
Idea: How about logging how long the hook took to run (since random hooks could have a huge impact on performance)?
|
Hi @jiangliu - any update on this? |
Back to work now, will update it soon:) |
@jodh-intel @dgibson @lifupan @liubin Sorry for delay, I have updated the PR according to review comments:) |
There was a problem hiding this comment.
lgtm! @dgibson @jodh-intel Do you have more comments on the PR?
|
Hi @jodh-intel @dgibson @fidencio , do you guys have any comments? |
| info!(sl!(), "hook {} exec stdout: {}", self.hook.path, out); | ||
| } | ||
| } | ||
| self.timeout = 1; |
There was a problem hiding this comment.
Add a comment
// Give a grace period for `execute_and_wait()`.
src/libs/kata-sys-util/src/hooks.rs
Outdated
| }; | ||
| let key1 = HookKey::from(&hook); | ||
|
|
||
| let hook = oci::Hook { |
There was a problem hiding this comment.
These tests would be clearer and more consistent if you used the table based approach.
| pub fn create_mount_destination<S: AsRef<Path>, D: AsRef<Path>, R: AsRef<Path>>( | ||
| src: S, | ||
| dst: D, | ||
| _root: R, |
| /// To ensure security, the `create_mount_destination()` function takes an extra parameter `root`, | ||
| /// which is used to ensure that `dst` is within the specified directory. And a safe version of | ||
| /// `PathBuf` is returned to avoid TOCTTOU type of flaws. | ||
| pub fn create_mount_destination<S: AsRef<Path>, D: AsRef<Path>, R: AsRef<Path>>( |
There was a problem hiding this comment.
For safety, shouldn't this function require that all specified paths are absolute?
There was a problem hiding this comment.
it's designed to support the container rootfs mount scenario and simplify the caller:)
The kata-sys-util crate is a collection of modules that provides helpers and utilities used by multiple Kata Containers components. Fixes: kata-containers#3305 Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Add some wrappers for mount and fs syscall. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Bin Liu <bin@hyper.sh> Signed-off-by: Fupan Li <lifupan@gmail.com> Signed-off-by: Huamin Tang <huamin.thm@alibaba-inc.com> Signed-off-by: Lei Wang <wllenyj@linux.alibaba.com> Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
Add utilities to manipulate cgroup, currently only v1 is supported. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: He Rongguang <herongguang@linux.alibaba.com> Signed-off-by: Jiahuan Chao <jhchao@linux.alibaba.com> Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com> Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com> Signed-off-by: Tim Zhang <tim@hyper.sh>
Add utilities to parse NUMA information. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com> Signed-off-by: Simon Guo <wei.guo.simon@linux.alibaba.com>
Implement reflink_copy() to copy file by reflink, and fallback to normal file copy. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
Introduce get_devid() to get major/minor number of a block device. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
Add function to detect and update K8s emptyDir volume. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
Provide functions to execute OCI hooks. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Bin Liu <bin@hyper.sh> Signed-off-by: Huamin Tang <huamin.thm@alibaba-inc.com> Signed-off-by: Lei Wang <wllenyj@linux.alibaba.com> Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
With the runtime-rs related work, there will be code shared by multiple Kata Containers components, or even some crates may be published and consumed by other projects. So introduce kata-types and kata-sys-util to crates to host shared data structures and common code to access system services.