New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime-rs: Introduce kata-sys-util library crate #3306
Conversation
ad0cff6
to
61b5f83
Compare
f1aca2e
to
c540afc
Compare
98f12a9
to
d16bcf8
Compare
A head's up that may affect your PR. In the Architecture Committee meeting from January 25th, 2022, the Architecture Committee has agreed on using the "Dismiss stale pull request approvals when new commits are pushed" configuration from GitHub. It basically means that if your PR has been rebased or updated, the approvals given will be erased. In order to minimize traumas due to the new approach, please, consider adding a note on the changes done before the rebase / force-push, and also pinging the reviewers for a subsequent round of reviews. Thanks for your understanding! Related issue: kata-containers/community#249 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @jiangliu. The only blocking comment I have is the missing wait()
call in handle_exit_status()
.
} | ||
executor.execute_and_wait(&mut popen)?; | ||
info!(sl!(), "hook {} finished", hook.path); | ||
self.states.insert(hook.into(), HookState::Done); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Idea: How about logging how long the hook took to run (since random hooks could have a huge impact on performance)?
Hi @jiangliu - any update on this? |
Back to work now, will update it soon:) |
@jodh-intel @dgibson @lifupan @liubin Sorry for delay, I have updated the PR according to review comments:) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm! @dgibson @jodh-intel Do you have more comments on the PR?
Hi @jodh-intel @dgibson @fidencio , do you guys have any comments? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
info!(sl!(), "hook {} exec stdout: {}", self.hook.path, out); | ||
} | ||
} | ||
self.timeout = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a comment
// Give a grace period for `execute_and_wait()`.
src/libs/kata-sys-util/src/hooks.rs
Outdated
}; | ||
let key1 = HookKey::from(&hook); | ||
|
||
let hook = oci::Hook { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These tests would be clearer and more consistent if you used the table based approach.
pub fn create_mount_destination<S: AsRef<Path>, D: AsRef<Path>, R: AsRef<Path>>( | ||
src: S, | ||
dst: D, | ||
_root: R, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this going to be enabled when #3462 lands?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, there are several TODOs in mount.rs, which will be handled after merging #3462.
/// To ensure security, the `create_mount_destination()` function takes an extra parameter `root`, | ||
/// which is used to ensure that `dst` is within the specified directory. And a safe version of | ||
/// `PathBuf` is returned to avoid TOCTTOU type of flaws. | ||
pub fn create_mount_destination<S: AsRef<Path>, D: AsRef<Path>, R: AsRef<Path>>( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For safety, shouldn't this function require that all specified paths are absolute?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's designed to support the container rootfs mount scenario and simplify the caller:)
The kata-sys-util crate is a collection of modules that provides helpers and utilities used by multiple Kata Containers components. Fixes: kata-containers#3305 Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Add some wrappers for mount and fs syscall. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Bin Liu <bin@hyper.sh> Signed-off-by: Fupan Li <lifupan@gmail.com> Signed-off-by: Huamin Tang <huamin.thm@alibaba-inc.com> Signed-off-by: Lei Wang <wllenyj@linux.alibaba.com> Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
Add utilities to manipulate cgroup, currently only v1 is supported. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: He Rongguang <herongguang@linux.alibaba.com> Signed-off-by: Jiahuan Chao <jhchao@linux.alibaba.com> Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com> Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com> Signed-off-by: Tim Zhang <tim@hyper.sh>
Add utilities to parse NUMA information. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com> Signed-off-by: Simon Guo <wei.guo.simon@linux.alibaba.com>
Implement reflink_copy() to copy file by reflink, and fallback to normal file copy. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
Introduce get_devid() to get major/minor number of a block device. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
Add function to detect and update K8s emptyDir volume. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Qingyuan Hou <qingyuan.hou@linux.alibaba.com>
Provide functions to execute OCI hooks. Signed-off-by: Liu Jiang <gerry@linux.alibaba.com> Signed-off-by: Bin Liu <bin@hyper.sh> Signed-off-by: Huamin Tang <huamin.thm@alibaba-inc.com> Signed-off-by: Lei Wang <wllenyj@linux.alibaba.com> Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @jiangliu.
lgtm
With the runtime-rs related work, there will be code shared by multiple Kata Containers components, or even some crates may be published and consumed by other projects. So introduce kata-types and kata-sys-util to crates to host shared data structures and common code to access system services.