Development

src/libcontainer/mount.zig

@@ -18,9 +18,9 @@ const mountOptions = struct {
     data: []u8,
 };
 
-pub fn mountToContainer(pid: i32, rootfs: []const u8, m: ocispec.runtime.Mount) !void {
+pub fn mountToContainer(pid: i32, rootfs: []const u8, mdstinfo: ocispec.runtime.Mount) !void {
     const gpa = std.heap.page_allocator;
-    const minfo = try prepareMountPoint(pid, rootfs, m.destination);
+    const minfo = try prepareMountPoint(pid, rootfs, mdstinfo);
 
     std.log.debug("pid {} mounting {s}", .{ pid, minfo.destZ });
 

src/libcontainer/process.zig

@@ -103,7 +103,7 @@ pub fn processInit(opts: *runtime.RuntimeOptions) void {
     };
 
     // prepare rootfs and mount points
-    rootfs.setupContainerRootfs(pid, opts.rootfs, opts.runtimeSpec.mounts) catch |err| {
+    rootfs.setupRootfs(pid, opts.rootfs, opts.runtimeSpec.mounts) catch |err| {
         std.log.err("pid {} setup rootfs error: {any}", .{ pid, err });
 
         unreachable;
@@ -125,14 +125,14 @@ pub fn processInit(opts: *runtime.RuntimeOptions) void {
     }
 
     // set masked path
-    rootfs.setContainerMaskedPath(pid, opts.runtimeSpec) catch |err| {
+    rootfs.setMaskedPath(pid, opts.runtimeSpec) catch |err| {
         std.log.err("pid {}: {any}", .{ pid, err });
 
         // unreachable;
     };
 
     // set readonly path
-    rootfs.setContainerReadOnlyPath(pid, opts.runtimeSpec) catch |err| {
+    rootfs.setReadOnlyPath(pid, opts.runtimeSpec) catch |err| {
         std.log.err("pid {}: {any}", .{ pid, err });
 
         // unreachable;
@@ -162,7 +162,7 @@ pub fn processInit(opts: *runtime.RuntimeOptions) void {
     }
 
     // execute CMD and set ENV paths
-    switch (linux.E.init(linux.execve("/bin/sh", &.{ "/bin/sh", "-c", "ls -l /dev", null }, &.{null}))) {
+    switch (linux.E.init(linux.execve("/bin/sh", &.{ "/bin/sh", "-c", "mount", null }, &.{null}))) {
         .SUCCESS => {},
         else => |err| {
             std.log.debug("pid {} execve error: {any}", .{ pid, err });

src/libcontainer/rootfs.zig

@@ -8,7 +8,10 @@ const linux = std.os.linux;
 
 const DEFAULT_OLD_ROOT_PATH: []const u8 = "/.oldroot";
 
-pub fn setupContainerRootfs(pid: i32, rootfs: []const u8, mounts: ?[]ocispec.runtime.Mount) !void {
+const DEFAULT_SYMLINKS_SRC = [_][]const u8{ "/proc/self/fd", "/proc/self/fd/0", "/proc/self/fd/1", "/proc/self/fd/2" };
+const DEFAULT_SYMLINKS_DEST = [_][]const u8{ "dev/fd", "dev/stdin", "dev/stdout", "dev/stderr" };
+
+pub fn setupRootfs(pid: i32, rootfs: []const u8, mounts: ?[]ocispec.runtime.Mount) !void {
     const gpa = std.heap.page_allocator;
 
     std.log.debug("pid {} setup rootfs: {s}", .{ pid, rootfs });
@@ -29,7 +32,7 @@ pub fn setupContainerRootfs(pid: i32, rootfs: []const u8, mounts: ?[]ocispec.run
 
     const mount_result = linux.mount(rootfs_source, &rootfs_dir, null, linux.MS.BIND | linux.MS.REC | linux.MS.PRIVATE, 0);
     switch (linux.E.init(mount_result)) {
-        .SUCCESS => return,
+        .SUCCESS => {},
         else => |err| {
             std.log.err("pid {} mount rootfs error: {any}", .{ pid, err });
 
@@ -45,11 +48,14 @@ pub fn setupContainerRootfs(pid: i32, rootfs: []const u8, mounts: ?[]ocispec.run
             try mount.mountToContainer(pid, rootfs, mountPoint);
         }
     }
+
+    // setup default symlink
+    // try setDefaultSymlinks(pid, rootfs);
 }
 
 // for files bind mounts devtmpfs over top of path
 // for directories bind tmpfs over top of path
-pub fn setContainerMaskedPath(pid: i32, spec: ocispec.runtime.Spec) !void {
+pub fn setMaskedPath(pid: i32, spec: ocispec.runtime.Spec) !void {
     if (spec.linux) |slinux| {
         if (slinux.maskedPaths) |maskedPaths| {
             const cwd = std.fs.cwd();
@@ -82,7 +88,7 @@ pub fn setContainerMaskedPath(pid: i32, spec: ocispec.runtime.Spec) !void {
     }
 }
 
-pub fn setContainerReadOnlyPath(pid: i32, spec: ocispec.runtime.Spec) !void {
+pub fn setReadOnlyPath(pid: i32, spec: ocispec.runtime.Spec) !void {
     if (spec.linux) |slinux| {
         if (slinux.readonlyPaths) |readonlyPaths| {
             for (readonlyPaths) |rpath| {
@@ -109,14 +115,14 @@ pub fn setContainerReadOnlyPath(pid: i32, spec: ocispec.runtime.Spec) !void {
 }
 
 pub fn setPivotRootFs(pid: i32, rootfs: []const u8) !void {
-    std.log.debug("pid {} rootfs using pivot_root", .{pid});
+    std.log.debug("pid {} using pivot_root", .{pid});
 
     const rootfs_dir = try std.fmt.allocPrintZ(std.heap.page_allocator, "{s}", .{rootfs});
 
     const old_root_fs = try std.mem.concat(std.heap.page_allocator, u8, &.{ rootfs, DEFAULT_OLD_ROOT_PATH });
 
-    std.log.debug("pid {} rootfs set: {s}", .{ pid, rootfs });
-    std.log.debug("pid {} rootfs set old: {s}", .{ pid, old_root_fs });
+    std.log.debug("pid {} pivot_root set: {s}", .{ pid, rootfs });
+    std.log.debug("pid {} pivot_root set old: {s}", .{ pid, old_root_fs });
 
     const old_rootfs_dir = try std.fmt.allocPrintZ(std.heap.page_allocator, "{s}", .{old_root_fs});
 
@@ -139,16 +145,15 @@ pub fn setPivotRootFs(pid: i32, rootfs: []const u8) !void {
 }
 
 pub fn setChrootRootFs(pid: i32, rootfs: []const u8) !void {
-    std.log.debug("pid {} rootfs using chroot", .{pid});
-    std.log.debug("pid {} rootfs set: {s}", .{ pid, rootfs });
+    std.log.debug("pid {} using chroot", .{pid});
+    std.log.debug("pid {} chroot set: {s}", .{ pid, rootfs });
 
     const rootfs_dir = posix.toPosixPath(rootfs) catch |err| {
-        std.log.debug("pid {} mount rootfs to posix path error: {any}", .{ pid, err });
+        std.log.debug("pid {} mount chroot to posix path error: {any}", .{ pid, err });
 
         return errors.Error.ContainerChrootError;
     };
 
-    std.log.debug("pid {} performing chroot", .{pid});
     switch (linux.E.init(linux.chroot(&rootfs_dir))) {
         .SUCCESS => {
             std.log.debug("pid {} perform chroot change directory to /", .{pid});
@@ -165,3 +170,19 @@ pub fn setChrootRootFs(pid: i32, rootfs: []const u8) !void {
         },
     }
 }
+
+pub fn setDefaultSymlinks(pid: i32, rootfs: []const u8) !void {
+    const gpa = std.heap.page_allocator;
+
+    for (DEFAULT_SYMLINKS_SRC, 0..) |src, index| {
+        const dest = try std.fs.path.join(gpa, &[_][]const u8{ rootfs, DEFAULT_SYMLINKS_DEST[index] });
+
+        std.log.debug("pid {} setting default symlink src={s} dest={s}", .{ pid, src, dest });
+
+        posix.symlink(src, dest) catch |err| {
+            std.log.err("pid {} set symlink failed src={s} dest={s}: {any}", .{ pid, src, dest, err });
+
+            return err;
+        };
+    }
+}