chore: ongoing work

README.md

@@ -184,6 +184,7 @@ Tests are run on every build in [this Github Action](https://github.com/nixpig/b
 - [x] linux_devices
 - [x] linux_masked_paths
 - [x] linux_mount_label
+- [x] linux_ns_itype
 - [x] linux_readonly_paths
 - [x] linux_rootfs_propagation
 - [x] linux_sysctl
@@ -203,21 +204,6 @@ Tests are run on every build in [this Github Action](https://github.com/nixpig/b
 - [ ] hooks
 - [ ] hooks_stdin
 - [ ] killsig
-- [ ] linux_cgroups_blkio
-- [ ] linux_cgroups_cpus
-- [ ] linux_cgroups_devices
-- [ ] linux_cgroups_hugetlb
-- [ ] linux_cgroups_memory
-- [ ] linux_cgroups_network
-- [ ] linux_cgroups_pids
-- [ ] linux_cgroups_relative_blkio
-- [ ] linux_cgroups_relative_cpus
-- [ ] linux_cgroups_relative_devices
-- [ ] linux_cgroups_relative_hugetlb
-- [ ] linux_cgroups_relative_memory
-- [ ] linux_cgroups_relative_network
-- [ ] linux_cgroups_relative_pids
-- [ ] linux_ns_itype
 - [ ] linux_ns_nopath
 - [ ] linux_ns_path
 - [ ] linux_ns_path_type
@@ -236,6 +222,25 @@ Tests are run on every build in [this Github Action](https://github.com/nixpig/b
 - [ ] process_user
 - [ ] root_readonly_true
 
+### Unsupported tests
+
+The OCI Runtime Spec test suite provided by opencontainers [appears not to support cgroupv2](https://github.com/opencontainers/runtime-tools/blob/6c9570a1678f3bc7eb6ef1caa9099920b7f17383/cgroups/cgroups.go#L73), thus the following tests 'fail'.
+
+- [ ] linux_cgroups_blkio
+- [ ] linux_cgroups_cpus
+- [ ] linux_cgroups_devices
+- [ ] linux_cgroups_hugetlb
+- [ ] linux_cgroups_memory
+- [ ] linux_cgroups_network
+- [ ] linux_cgroups_pids
+- [ ] linux_cgroups_relative_blkio
+- [ ] linux_cgroups_relative_cpus
+- [ ] linux_cgroups_relative_devices
+- [ ] linux_cgroups_relative_hugetlb
+- [ ] linux_cgroups_relative_memory
+- [ ] linux_cgroups_relative_network
+- [ ] linux_cgroups_relative_pids
+
 ## Contributing
 
 Given this is an exploratory personal project, I'm not interested in taking code contributions. However, if you have any comments/suggestions/feedback, do feel free to leave them in [issues](https://github.com/nixpig/brownie/issues).

container/container_init.go

@@ -25,9 +25,6 @@ func (c *Container) Init(reexec string, arg string) error {
 	}
 
 	initSockAddr := filepath.Join(c.Bundle(), initSockFilename)
-	if err := os.RemoveAll(initSockAddr); err != nil {
-		return fmt.Errorf("remove existing init socket: %w", err)
-	}
 
 	var err error
 	c.initIPC.ch, c.initIPC.closer, err = ipc.NewReceiver(initSockAddr)
@@ -100,7 +97,7 @@ func (c *Container) Init(reexec string, arg string) error {
 	reexecCmd.SysProcAttr = &syscall.SysProcAttr{
 		AmbientCaps:                ambientCapsFlags,
 		Cloneflags:                 cloneFlags,
-		Unshareflags:               unshareFlags | syscall.CLONE_NEWNS,
+		Unshareflags:               unshareFlags,
 		GidMappingsEnableSetgroups: false,
 		UidMappings:                uidMappings,
 		GidMappings:                gidMappings,

internal/cli/cli.go

@@ -30,6 +30,11 @@ func RootCmd(log *zerolog.Logger, db *database.DB, logfile string) *cobra.Comman
 		reexecCmd(log, db),
 	)
 
+	// TODO: implement these flags for Docker
+	root.PersistentFlags().BoolP("systemd-cgroup", "", false, "placeholder")
+	root.PersistentFlags().StringP("root", "", "", "placeholder")
+	root.PersistentFlags().StringP("log-format", "", "", "placeholder")
+
 	root.CompletionOptions.HiddenDefaultCmd = true
 
 	root.PersistentFlags().StringP(

internal/ipc/ipc.go

@@ -1,6 +1,7 @@
 package ipc
 
 import (
+	"fmt"
 	"net"
 	"runtime"
 )
@@ -30,7 +31,7 @@ func NewReceiver(sockAddr string) (chan []byte, closer, error) {
 
 	listener, err := net.Listen("unix", sockAddr)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("listen (%s): %w", sockAddr, err)
 	}
 
 	go func() {

main.go

@@ -72,7 +72,7 @@ func main() {
 	// exec root
 	if err := cli.RootCmd(log, db, logPath).Execute(); err != nil {
 		log.Error().Err(err).Msg("failed to exec cmd")
-		fmt.Println(err)
+		fmt.Println(fmt.Errorf("ERROR: %s, %w", os.Args, err))
 		os.Exit(1)
 	}
 

oci.sh

@@ -34,7 +34,7 @@ tests=(
   "linux_devices"
   "linux_masked_paths"
   "linux_mount_label"
-# "linux_ns_itype" # ???
+  "linux_ns_itype"
 # "linux_ns_nopath"
 # "linux_ns_path"
 # "linux_ns_path_type"