diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 790d7de7..38b0d050 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,8 +30,8 @@ jobs: - run: cargo clippy --all-targets -- -D warnings - run: cargo clippy --all-targets --all-features -- -D warnings - - # the shim has sync code that is not covered when running with --all-features + + # the shim has sync code that is not covered when running with --all-features - run: cargo clippy -p containerd-shim --all-targets -- -D warnings - run: cargo doc --no-deps --features docs @@ -49,10 +49,10 @@ jobs: - run: ./scripts/install-protobuf.sh shell: bash - run: cargo check --examples --tests -p containerd-shim -p containerd-shim-protos -p containerd-client - + - run: rustup toolchain install nightly --component rustfmt - run: cargo +nightly fmt -p containerd-shim -p containerd-shim-protos -p containerd-client -- --check --files-with-diff - + - run: cargo clippy -p containerd-shim -p containerd-shim-protos -- -D warnings - run: cargo doc --no-deps -p containerd-shim -p containerd-shim-protos -p containerd-client env: @@ -76,8 +76,8 @@ jobs: mkdir -p /tmp/dummy-xdr sudo -E $(command -v cargo) test sudo -E $(command -v cargo) test --all-features - - # the shim has sync code that is not covered when running with --all-features + + # the shim has sync code that is not covered when running with --all-features sudo -E $(command -v cargo) test -p containerd-shim if: ${{ !contains(matrix.os, 'windows') }} env: @@ -171,7 +171,7 @@ jobs: run: | sudo -E PATH=$PATH make integration working-directory: src/github.com/containerd/containerd - + windows-integration: name: Windows Integration runs-on: ${{ matrix.os }} @@ -217,11 +217,11 @@ jobs: $ErrorActionPreference = "Stop" get-service containerd - $env:TTRPC_ADDRESS="\\.\pipe\containerd-containerd.ttrpc" + $env:TTRPC_ADDRESS="\\.\pipe\containerd-containerd.ttrpc" - # run the example - cargo run -p containerd-shim --example skeleton -- -namespace default -id 1234 -address "\\.\pipe\containerd-containerd" -publish-binary ./bin/containerd start - ps skeleton + # run the example + cargo run -p containerd-shim --example skeleton -- -namespace default -id 1234 -address "\\.\pipe\containerd-containerd" -publish-binary ./bin/containerd start + ps skeleton cargo run -p containerd-shim-protos --example shim-proto-connect \\.\pipe\containerd-shim-17630016127144989388-pipe $skeleton = get-process skeleton -ErrorAction SilentlyContinue if ($skeleton) { exit 1 } diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 95afa588..1dd6ecef 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -68,4 +68,3 @@ jobs: run: | git tag $TAG git push origin $TAG - diff --git a/Cargo.toml b/Cargo.toml index d51d9819..d9d076fb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,6 +25,8 @@ edition = "2021" # Common dependencies for all crates [workspace.dependencies] async-trait = "0.1.52" +cgroups-rs = "0.3.4" +crossbeam = "0.8.1" futures = "0.3.19" libc = "0.2.112" log = {version = "0.4.2", features=["kv_unstable"]} @@ -37,6 +39,8 @@ prost-build = "0.12" prost-types = "0.12" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" +simple_logger = { version = "5.0", default-features = false } +tempfile = "3.6" thiserror = "1.0" time = { version = "0.3.29", features = ["serde", "std", "formatting"] } tokio = "1.26" diff --git a/crates/client/examples/container_spec.json b/crates/client/examples/container_spec.json index ea26e4fc..db3ecfd1 100644 --- a/crates/client/examples/container_spec.json +++ b/crates/client/examples/container_spec.json @@ -155,4 +155,4 @@ "/proc/sysrq-trigger" ] } -} \ No newline at end of file +} diff --git a/crates/client/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto b/crates/client/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto index f27f1912..d3db015d 100644 --- a/crates/client/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto +++ b/crates/client/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto @@ -110,4 +110,4 @@ message DeprecationWarning { string id = 1; string message = 2; google.protobuf.Timestamp last_occurrence = 3; -} \ No newline at end of file +} diff --git a/crates/runc-shim/Cargo.toml b/crates/runc-shim/Cargo.toml index 2d2a67c5..adf18a34 100644 --- a/crates/runc-shim/Cargo.toml +++ b/crates/runc-shim/Cargo.toml @@ -26,7 +26,7 @@ doc = false [dependencies] containerd-shim = { path = "../shim", version = "0.7.1", features = ["async"] } -crossbeam = "0.8.1" +crossbeam.workspace = true libc.workspace = true log.workspace = true nix = { workspace = true, features = ["socket", "uio", "term"] } @@ -44,5 +44,5 @@ futures.workspace = true tokio = { workspace = true, features = ["full"] } [target.'cfg(target_os = "linux")'.dependencies] -cgroups-rs = "0.3.3" -nix = { workspace = true, features = ["event"] } \ No newline at end of file +cgroups-rs.workspace = true +nix = { workspace = true, features = ["event"] } diff --git a/crates/runc-shim/README.md b/crates/runc-shim/README.md index d8a9585d..e9717b72 100644 --- a/crates/runc-shim/README.md +++ b/crates/runc-shim/README.md @@ -42,4 +42,4 @@ In addition, we also run 100 pods and collect the total memory overhead. | :----------------------------------------------------------- | :----------------- | :---------------- | | containerd-shim-runc-v2 | 11.02MB | 1106.52MB | | containerd-shim-runc-v2-rs(sync) | 3.45MB | 345.39MB | - | containerd-shim-runc-v2-rs(async, limited to 2 work threads) | 3.90MB | 396.83MB | \ No newline at end of file + | containerd-shim-runc-v2-rs(async, limited to 2 work threads) | 3.90MB | 396.83MB | diff --git a/crates/runc-shim/src/cgroup_memory.rs b/crates/runc-shim/src/cgroup_memory.rs index 304b07cf..0ab407f0 100644 --- a/crates/runc-shim/src/cgroup_memory.rs +++ b/crates/runc-shim/src/cgroup_memory.rs @@ -112,7 +112,7 @@ pub async fn register_memory_event( let mut eventfd_file = unsafe { File::from_raw_fd(eventfd.as_raw_fd()) }; loop { match eventfd_file.read(&mut buf).await { - Ok(bytes_read) if bytes_read == 0 => return, + Ok(0) => return, Err(_) => return, _ => (), } diff --git a/crates/runc-shim/src/main.rs b/crates/runc-shim/src/main.rs index 887c4e35..492d3422 100644 --- a/crates/runc-shim/src/main.rs +++ b/crates/runc-shim/src/main.rs @@ -17,6 +17,7 @@ use std::env; use containerd_shim::{asynchronous::run, parse}; +use tokio::runtime::Builder; mod cgroup_memory; mod common; @@ -43,8 +44,21 @@ fn parse_version() { } } -#[tokio::main] -async fn main() { +fn main() { + let num_threads = std::env::var("RUSTMAXPROCS") + .map(|v| v.parse::().unwrap_or(2)) + .unwrap_or(2); + + let rt = Builder::new_multi_thread() + .worker_threads(num_threads) + .enable_all() + .build() + .expect("Failed to build Tokio runtime"); + + rt.block_on(async_main()); +} + +async fn async_main() { parse_version(); run::("io.containerd.runc.v2-rs", None).await; } diff --git a/crates/runc-shim/src/runc.rs b/crates/runc-shim/src/runc.rs index 92bb0f23..d8698b38 100644 --- a/crates/runc-shim/src/runc.rs +++ b/crates/runc-shim/src/runc.rs @@ -456,6 +456,9 @@ impl ProcessLifecycle for RuncExecLifecycle { } async fn delete(&self, p: &mut ExecProcess) -> Result<()> { + if p.state == Status::RUNNING { + return Err(Error::Other("cannot delete a running process".to_string())); + } self.exit_signal.signal(); let exec_pid_path = Path::new(self.bundle.as_str()).join(format!("{}.pid", p.id)); remove_file(exec_pid_path).await.unwrap_or_default(); diff --git a/crates/runc/Cargo.toml b/crates/runc/Cargo.toml index b945c079..389b98be 100644 --- a/crates/runc/Cargo.toml +++ b/crates/runc/Cargo.toml @@ -23,10 +23,10 @@ oci-spec.workspace = true os_pipe.workspace = true path-absolutize = "3.0.11" prctl.workspace = true -rand = "0.8.4" +rand = "0.8.5" serde.workspace = true serde_json.workspace = true -tempfile = "3.6.0" +tempfile.workspace = true thiserror.workspace = true time.workspace = true uuid.workspace = true diff --git a/crates/runc/README.md b/crates/runc/README.md index a54799ba..54b0292d 100644 --- a/crates/runc/README.md +++ b/crates/runc/README.md @@ -5,7 +5,7 @@ [![Crates.io](https://img.shields.io/crates/l/containerd-shim)](https://github.com/containerd/rust-extensions/blob/main/LICENSE) [![CI](https://github.com/containerd/rust-extensions/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/containerd/rust-extensions/actions/workflows/ci.yml) -A crate for consuming the runc binary in your Rust applications, similar to [go-runc](https://github.com/containerd/go-runc) for Go. +A crate for consuming the runc binary in your Rust applications, similar to [go-runc](https://github.com/containerd/go-runc) for Go. This crate is based on archived [rust-runc](https://github.com/pwFoo/rust-runc). ## Usage @@ -29,7 +29,7 @@ async fn main() { let opts = runc::options::CreateOpts::new() .pid_file("/path/to/pid/file") .no_pivot(true); - + client.create("container-id", "path/to/bundle", Some(&opts)).unwrap(); } ``` diff --git a/crates/shim-protos/Cargo.toml b/crates/shim-protos/Cargo.toml index 5742c9b0..bf4a49dd 100644 --- a/crates/shim-protos/Cargo.toml +++ b/crates/shim-protos/Cargo.toml @@ -48,7 +48,7 @@ path = "examples/connect-async.rs" required-features = ["async"] [dependencies] -async-trait = { version = "0.1.48", optional = true } +async-trait = { workspace = true, optional = true } protobuf = "=3.1" ttrpc = "0.8" @@ -58,11 +58,9 @@ ttrpc-codegen = "0.4" [dev-dependencies] ctrlc = { version = "3.0", features = ["termination"] } log.workspace = true -simple_logger = { version = "5.0", default-features = false, features = [ - "stderr", -] } +simple_logger = { workspace = true, features = ["stderr"] } tokio = { workspace = true, features = ["full"] } -crossbeam = "0.8.0" # Used by create_ttrpc_context() +crossbeam.workspace = true # Used by create_ttrpc_context() [package.metadata.docs.rs] features = ["docs"] diff --git a/crates/shim-protos/vendor/README.md b/crates/shim-protos/vendor/README.md index ac214994..806ad4df 100644 --- a/crates/shim-protos/vendor/README.md +++ b/crates/shim-protos/vendor/README.md @@ -7,4 +7,4 @@ Proto files are copy-pasted directly from upstream repos: + https://github.com/protocolbuffers/protobuf + https://github.com/gogo/protobuf + https://github.com/containerd/cgroups -+ https://github.com/microsoft/hcsshim \ No newline at end of file ++ https://github.com/microsoft/hcsshim diff --git a/crates/shim-protos/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto b/crates/shim-protos/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto index 32a2d3fb..b3f6cc37 100644 --- a/crates/shim-protos/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto +++ b/crates/shim-protos/vendor/github.com/containerd/cgroups/stats/v1/metrics.proto @@ -155,4 +155,4 @@ message CgroupStats { uint64 nr_uninterruptible = 4; // number of tasks waiting on IO uint64 nr_io_wait = 5; -} \ No newline at end of file +} diff --git a/crates/shim/Cargo.toml b/crates/shim/Cargo.toml index 7da30c95..b6c0159a 100644 --- a/crates/shim/Cargo.toml +++ b/crates/shim/Cargo.toml @@ -49,7 +49,7 @@ nix = { workspace = true, features = [ ] } oci-spec.workspace = true page_size = "0.6.0" -prctl = "1.0.0" +prctl.workspace = true signal-hook = "0.3.13" serde.workspace = true serde_json.workspace = true @@ -68,7 +68,7 @@ signal-hook-tokio = { version = "0.3.1", optional = true, features = [ tokio = { workspace = true, features = ["full"], optional = true } [target.'cfg(target_os = "linux")'.dependencies] -cgroups-rs = "0.3.4" +cgroups-rs.workspace = true [target.'cfg(unix)'.dependencies] command-fds = "0.3.0" @@ -87,7 +87,7 @@ windows-sys = { version = "0.52.0", features = [ ] } [dev-dependencies] -tempfile = "3.6" +tempfile.workspace = true [package.metadata.docs.rs] features = ["docs"] diff --git a/crates/shim/src/asynchronous/monitor.rs b/crates/shim/src/asynchronous/monitor.rs index 41ba6034..7ed8c0a2 100644 --- a/crates/shim/src/asynchronous/monitor.rs +++ b/crates/shim/src/asynchronous/monitor.rs @@ -87,10 +87,7 @@ impl Monitor { }; self.subscribers.insert(id, subscriber); - self.topic_subs - .entry(topic) - .or_insert_with(Vec::new) - .push(id); + self.topic_subs.entry(topic).or_default().push(id); Ok(Subscription { id, rx }) } diff --git a/crates/shim/src/synchronous/monitor.rs b/crates/shim/src/synchronous/monitor.rs index 9a8c6fde..e36730a1 100644 --- a/crates/shim/src/synchronous/monitor.rs +++ b/crates/shim/src/synchronous/monitor.rs @@ -83,10 +83,7 @@ impl Monitor { topic: topic.clone(), }; self.subscribers.insert(id, subscriber); - self.topic_subs - .entry(topic) - .or_insert_with(Vec::new) - .push(id); + self.topic_subs.entry(topic).or_default().push(id); Ok(Subscription { id, rx }) } diff --git a/crates/snapshots/Cargo.toml b/crates/snapshots/Cargo.toml index f8c58c40..faae436b 100644 --- a/crates/snapshots/Cargo.toml +++ b/crates/snapshots/Cargo.toml @@ -30,10 +30,9 @@ tokio = { workspace = true, features = ["sync"] } tokio-stream = "0.1.8" [dev-dependencies] -async-stream = "0.3.2" futures.workspace = true log.workspace = true -simple_logger = { version = "5.0", default-features = false } +simple_logger.workspace = true [build-dependencies] tonic-build.workspace = true diff --git a/crates/snapshots/README.md b/crates/snapshots/README.md index f2a75681..3696c22a 100644 --- a/crates/snapshots/README.md +++ b/crates/snapshots/README.md @@ -87,4 +87,4 @@ Server::builder() .serve_with_incoming(incoming) .await .expect("Serve failed"); -``` \ No newline at end of file +``` diff --git a/deny.toml b/deny.toml index 95517879..87b610c6 100644 --- a/deny.toml +++ b/deny.toml @@ -58,7 +58,7 @@ ignore = [ # * Medium - CVSS Score 4.0 - 6.9 # * High - CVSS Score 7.0 - 8.9 # * Critical - CVSS Score 9.0 - 10.0 -#severity-threshold = +#severity-threshold = # This section is considered when running `cargo deny check licenses` # More documentation for the licenses section can be found here: @@ -72,6 +72,7 @@ unlicensed = "deny" allow = [ "MIT", "Apache-2.0", + "BSD-2-Clause", "BSD-3-Clause", ] # List of explictly disallowed licenses @@ -170,8 +171,8 @@ deny = [ skip = [ #{ name = "ansi_term", version = "=0.11.0" }, ] -# Similarly to `skip` allows you to skip certain crates during duplicate -# detection. Unlike skip, it also includes the entire tree of transitive +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Unlike skip, it also includes the entire tree of transitive # dependencies starting at the specified crate, up to a certain depth, which is # by default infinite skip-tree = [ diff --git a/rust-toolchain.toml b/rust-toolchain.toml index 009863aa..23dbc5c8 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,3 +1,3 @@ [toolchain] -channel = "1.71" +channel = "1.74" components = ["rustfmt", "clippy", "llvm-tools"]