From 0c1d5e351fe6934562253d2e4aff30a6eeeef7da Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Tue, 22 Oct 2024 21:29:21 +0900 Subject: [PATCH 01/10] Add unittest to expertiment seccomp programs (#2956) * add test code Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> * separate unittest code by arch Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> * rm blank line Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --------- Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- experiment/seccomp/src/instruction/arch.rs | 21 +++++++++ experiment/seccomp/src/instruction/consts.rs | 2 +- experiment/seccomp/src/seccomp.rs | 46 ++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) diff --git a/experiment/seccomp/src/instruction/arch.rs b/experiment/seccomp/src/instruction/arch.rs index 2883f5daa..f19d56499 100644 --- a/experiment/seccomp/src/instruction/arch.rs +++ b/experiment/seccomp/src/instruction/arch.rs @@ -18,3 +18,24 @@ pub fn gen_validate(arc: &Arch) -> Vec { Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS), ] } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_gen_validate_x86() { + let bpf_prog = gen_validate(&Arch::X86); + assert_eq!(bpf_prog[0], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, seccomp_data_arch_offset() as u32)); + assert_eq!(bpf_prog[1], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 1, 0, AUDIT_ARCH_X86_64)); + assert_eq!(bpf_prog[2], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } + + #[test] + fn test_gen_validate_aarch64() { + let bpf_prog = gen_validate(&Arch::AArch64); + assert_eq!(bpf_prog[0], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, seccomp_data_arch_offset() as u32)); + assert_eq!(bpf_prog[1], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 1, 0, AUDIT_ARCH_AARCH64)); + assert_eq!(bpf_prog[2], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } +} \ No newline at end of file diff --git a/experiment/seccomp/src/instruction/consts.rs b/experiment/seccomp/src/instruction/consts.rs index 4bd199363..da37651f2 100644 --- a/experiment/seccomp/src/instruction/consts.rs +++ b/experiment/seccomp/src/instruction/consts.rs @@ -95,7 +95,7 @@ mod tests { #[test] fn test_seccomp_data_arg_size_offset() { if cfg!(target_arch = "x86_64") { - assert_eq!(seccomp_data_arg_size_offset(), 8); + assert_eq!(seccomp_data_arg_size(), 8); } } diff --git a/experiment/seccomp/src/seccomp.rs b/experiment/seccomp/src/seccomp.rs index f5a83cf45..0ac2a871b 100644 --- a/experiment/seccomp/src/seccomp.rs +++ b/experiment/seccomp/src/seccomp.rs @@ -274,3 +274,49 @@ impl Rule { bpf_prog } } + +#[cfg(test)] +mod tests { + use syscalls::syscall_args; + use super::*; + + #[test] + fn test_get_syscall_number_x86() { + let sys_num = get_syscall_number(&Arch::X86, "read"); + assert_eq!(sys_num.unwrap(), 0); + } + + #[test] + fn test_get_syscall_number_aarch64() { + let sys_num = get_syscall_number(&Arch::AArch64, "read"); + assert_eq!(sys_num.unwrap(), 63); + } + + #[test] + fn test_to_instruction_x86() { + let rule = Rule::new("getcwd".parse().unwrap(), 0, syscall_args!(), false); + let inst = Rule::to_instruction(&Arch::X86, SECCOMP_RET_KILL_PROCESS, &rule); + let bpf_prog = gen_validate(&Arch::X86); + assert_eq!(inst[0], bpf_prog[0]); + assert_eq!(inst[1], bpf_prog[1]); + assert_eq!(inst[2], bpf_prog[2]); + assert_eq!(inst[3], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, 0)); + assert_eq!(inst[4], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 0, 1, + get_syscall_number(&Arch::X86, "getcwd").unwrap() as c_uint)); + assert_eq!(inst[5], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } + + #[test] + fn test_to_instruction_aarch64() { + let rule = Rule::new("getcwd".parse().unwrap(), 0, syscall_args!(), false); + let inst = Rule::to_instruction(&Arch::AArch64, SECCOMP_RET_KILL_PROCESS, &rule); + let bpf_prog = gen_validate(&Arch::AArch64); + assert_eq!(inst[0], bpf_prog[0]); + assert_eq!(inst[1], bpf_prog[1]); + assert_eq!(inst[2], bpf_prog[2]); + assert_eq!(inst[3], Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, 0)); + assert_eq!(inst[4], Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 0, 1, + get_syscall_number(&Arch::AArch64, "getcwd").unwrap() as c_uint)); + assert_eq!(inst[5], Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)); + } +} \ No newline at end of file From e6093bf46d4be77c3511d5a656f097ea3dbbb82c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 00:29:50 +0000 Subject: [PATCH 02/10] Bump the patch group with 3 updates Bumps the patch group with 3 updates: [serde](https://github.com/serde-rs/serde), [thiserror](https://github.com/dtolnay/thiserror) and [anyhow](https://github.com/dtolnay/anyhow). Updates `serde` from 1.0.210 to 1.0.213 - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.210...v1.0.213) Updates `thiserror` from 1.0.64 to 1.0.65 - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.64...1.0.65) Updates `anyhow` from 1.0.90 to 1.0.91 - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.90...1.0.91) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 80 ++++++++++++------------- crates/libcgroups/Cargo.toml | 2 +- crates/libcontainer/Cargo.toml | 2 +- crates/youki/Cargo.toml | 4 +- tests/contest/test_framework/Cargo.toml | 2 +- 5 files changed, 45 insertions(+), 45 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2565100d5..93b9f30ca 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -141,9 +141,9 @@ checksum = "70033777eb8b5124a81a1889416543dddef2de240019b674c81285a2635a7e1e" [[package]] name = "anyhow" -version = "1.0.90" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37bf3594c4c988a53154954629820791dde498571819ae4ca50ca811e060cc95" +checksum = "c042108f3ed77fd83760a5fd79b53be043192bb3b9dba91d8c574c0ada7850c8" [[package]] name = "arbitrary" @@ -165,7 +165,7 @@ checksum = "a507401cad91ec6a857ed5513a2073c82a9b9048762b885bb98655b306964681" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -256,7 +256,7 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -512,7 +512,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -970,7 +970,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.10.0", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -992,7 +992,7 @@ checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f" dependencies = [ "darling_core 0.20.8", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1076,7 +1076,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1096,7 +1096,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4abae7035bf79b9877b779505d8cf3749285b80c43941eda66604841889451dc" dependencies = [ "derive_builder_core 0.20.1", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1221,7 +1221,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -1465,7 +1465,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2274,7 +2274,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2494,7 +2494,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2630,7 +2630,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2659,7 +2659,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -2813,9 +2813,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" dependencies = [ "unicode-ident", ] @@ -3467,9 +3467,9 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.210" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" +checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1" dependencies = [ "serde_derive", ] @@ -3497,13 +3497,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.210" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" +checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -3586,7 +3586,7 @@ checksum = "82fe9db325bcef1fbcde82e078a5cc4efdf787e96b3b9cf45b50b529f2083d67" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -3843,7 +3843,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -3859,9 +3859,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.58" +version = "2.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" +checksum = "83540f837a8afc019423a8edb95b52a8effe46957ee402287f4292fae35be021" dependencies = [ "proc-macro2", "quote", @@ -4000,22 +4000,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.64" +version = "1.0.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" +checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.64" +version = "1.0.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" +checksum = "ae71770322cbd277e69d762a16c444af02aa0575ac0d174f0b9562d3b37f8602" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -4141,7 +4141,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -4263,7 +4263,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -4798,7 +4798,7 @@ checksum = "dbe80d95a88e9ac87b6aaf7bc9acd1fdfcd92045db2bf41a2262f623e2406a92" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -5219,7 +5219,7 @@ dependencies = [ "anyhow", "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", "wasmtime-component-util", "wasmtime-wit-bindgen", "wit-parser", @@ -5350,7 +5350,7 @@ checksum = "09b5575a75e711ca6c36bb9ad647c93541cdc8e34218031acba5da3f35919dd3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -5361,7 +5361,7 @@ checksum = "a4b0c1f76891f778db9602ee3fbb4eb7e9a3f511847d1fb1b69eddbcea28303c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] @@ -5528,7 +5528,7 @@ dependencies = [ "proc-macro2", "quote", "shellexpand", - "syn 2.0.58", + "syn 2.0.82", "witx", ] @@ -5540,7 +5540,7 @@ checksum = "6e1c266e16c4b24a29e055ec651e27fce1389c886bb00fbe78b8924a253a439b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", "wiggle-generate", ] @@ -5943,7 +5943,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn 2.0.82", ] [[package]] diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml index e316afe80..7a38fa3ef 100644 --- a/crates/libcgroups/Cargo.toml +++ b/crates/libcgroups/Cargo.toml @@ -29,7 +29,7 @@ rbpf = { version = "0.3.0", optional = true } libbpf-sys = { version = "1.4.5", optional = true } errno = { version = "0.3.9", optional = true } libc = { version = "0.2.161", optional = true } -thiserror = "1.0.64" +thiserror = "1.0.65" tracing = { version = "0.1.40", features = ["attributes"] } [dev-dependencies] diff --git a/crates/libcontainer/Cargo.toml b/crates/libcontainer/Cargo.toml index 994dffdda..7093f627b 100644 --- a/crates/libcontainer/Cargo.toml +++ b/crates/libcontainer/Cargo.toml @@ -47,7 +47,7 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" rust-criu = "0.4.0" regex = { version = "1.10.6", default-features = false, features = ["std", "unicode-perl"] } -thiserror = "1.0.64" +thiserror = "1.0.65" tracing = { version = "0.1.40", features = ["attributes"] } safe-path = "0.1.0" nc = "0.9.5" diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index 70f26d9cd..f9d467d5d 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -28,7 +28,7 @@ default-features = false features = ["std", "suggestions", "derive", "cargo", "help", "usage", "error-context"] [dependencies] -anyhow = "1.0.90" +anyhow = "1.0.91" chrono = { version = "0.4", default-features = false, features = ["clock", "serde"] } libcgroups = { path = "../libcgroups", default-features = false, version = "0.4.1" } # MARK: Version libcontainer = { path = "../libcontainer", default-features = false, version = "0.4.1" } # MARK: Version @@ -55,5 +55,5 @@ tempfile = "3" scopeguard = "1.2.0" [build-dependencies] -anyhow = "1.0.90" +anyhow = "1.0.91" vergen-gitcl = { version = "1.0.1", features = ["build"] } diff --git a/tests/contest/test_framework/Cargo.toml b/tests/contest/test_framework/Cargo.toml index 926f4323a..cd337b863 100644 --- a/tests/contest/test_framework/Cargo.toml +++ b/tests/contest/test_framework/Cargo.toml @@ -6,5 +6,5 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -anyhow = "1.0.90" +anyhow = "1.0.91" crossbeam = "0.8.4" From eee6c3197a8d3c2e35fedf3db64c9e047f4773df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 00:52:35 +0000 Subject: [PATCH 03/10] Bump wasmtime from 25.0.2 to 26.0.0 Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 25.0.2 to 26.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/contributing-release-process.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v25.0.2...v26.0.0) --- updated-dependencies: - dependency-name: wasmtime dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Cargo.lock | 392 ++++++++++++++++++++++++++++------------ crates/youki/Cargo.toml | 2 +- 2 files changed, 274 insertions(+), 120 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 93b9f30ca..51c4ab67c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,11 +13,11 @@ dependencies = [ [[package]] name = "addr2line" -version = "0.22.0" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" +checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" dependencies = [ - "gimli 0.29.0", + "gimli 0.31.1", ] [[package]] @@ -650,11 +650,11 @@ dependencies = [ [[package]] name = "cranelift-bforest" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b765ed4349e66bedd9b88c7691da42e24c7f62067a6be17ddffa949367b6e17" +checksum = "8ea5e7afe85cadb55c4c1176268a2ac046fdff8dfaeca39e18581b9dc319ca9e" dependencies = [ - "cranelift-entity 0.112.2", + "cranelift-entity 0.113.0", ] [[package]] @@ -667,6 +667,16 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "cranelift-bitset" +version = "0.113.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ab25ef3be935a80680e393183e1f94ef507e93a24a8369494d2c6818aedb3e3" +dependencies = [ + "serde", + "serde_derive", +] + [[package]] name = "cranelift-codegen" version = "0.91.1" @@ -690,19 +700,19 @@ dependencies = [ [[package]] name = "cranelift-codegen" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "351824439e59d42f0e4fa5aac1d13deded155120043565769e55cd4ad3ca8ed9" +checksum = "900a19b84545924f1851cbfe386962edfc4ecbc3366a254825cf1ecbcda8ba08" dependencies = [ "bumpalo", - "cranelift-bforest 0.112.2", - "cranelift-bitset", - "cranelift-codegen-meta 0.112.2", - "cranelift-codegen-shared 0.112.2", + "cranelift-bforest 0.113.0", + "cranelift-bitset 0.113.0", + "cranelift-codegen-meta 0.113.0", + "cranelift-codegen-shared 0.113.0", "cranelift-control", - "cranelift-entity 0.112.2", - "cranelift-isle 0.112.2", - "gimli 0.29.0", + "cranelift-entity 0.113.0", + "cranelift-isle 0.113.0", + "gimli 0.31.1", "hashbrown 0.14.3", "log", "regalloc2 0.10.2", @@ -722,11 +732,11 @@ dependencies = [ [[package]] name = "cranelift-codegen-meta" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a0ce0273d7a493ef8f31f606849a4e931c19187a4923f5f87fc1f2b13109981" +checksum = "08c73b2395ffe9e7b4fdf7e2ebc052e7e27af13f68a964985346be4da477a5fc" dependencies = [ - "cranelift-codegen-shared 0.112.2", + "cranelift-codegen-shared 0.113.0", ] [[package]] @@ -737,15 +747,15 @@ checksum = "278e52e29c53fcf32431ef08406c295699a70306d05a0715c5b1bf50e33a9ab7" [[package]] name = "cranelift-codegen-shared" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f72016ac35579051913f4f07f6b36c509ed69412d852fd44c8e1d7b7fa6d92a" +checksum = "7d9ed0854e96a4ff0879bff39d078de8dea7f002721c9494c1fdb4e1baa86ccc" [[package]] name = "cranelift-control" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db28951d21512c4fd0554ef179bfb11e4eb6815062957a9173824eee5de0c46c" +checksum = "b4aca921dd422e781409de0129c255768fec5dec1dae83239b497fb9138abb89" dependencies = [ "arbitrary", ] @@ -776,7 +786,18 @@ version = "0.112.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14ebe592a2f81af9237cf9be29dd3854ecb72108cfffa59e85ef12389bf939e3" dependencies = [ - "cranelift-bitset", + "cranelift-bitset 0.112.2", + "serde", + "serde_derive", +] + +[[package]] +name = "cranelift-entity" +version = "0.113.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2d770e6605eccee15b49decdd82cd26f2b6404767802471459ea49c57379a98" +dependencies = [ + "cranelift-bitset 0.113.0", "serde", "serde_derive", ] @@ -795,11 +816,11 @@ dependencies = [ [[package]] name = "cranelift-frontend" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4437db9d60c7053ac91ded0802740c2ccf123ee6d6898dd906c34f8c530cd119" +checksum = "29268711cb889cb39215b10faf88b9087d4c9e1d2633581e4f722a2bf4bb4ef9" dependencies = [ - "cranelift-codegen 0.112.2", + "cranelift-codegen 0.113.0", "log", "smallvec", "target-lexicon", @@ -813,37 +834,21 @@ checksum = "393bc73c451830ff8dbb3a07f61843d6cb41a084f9996319917c0b291ed785bb" [[package]] name = "cranelift-isle" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "230cb33572b9926e210f2ca28145f2bc87f389e1456560932168e2591feb65c1" +checksum = "dc65156f010aed1985767ad1bff0eb8d186743b7b03e23d0c17604a253e3f356" [[package]] name = "cranelift-native" -version = "0.112.2" +version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "364524ac7aef7070b1141478724abebeec297d4ea1e87ad8b8986465e91146d9" +checksum = "d8bf9b361eaf5a7627647270fabf1dc910d993edbeaf272a652c107861ebe9c2" dependencies = [ - "cranelift-codegen 0.112.2", + "cranelift-codegen 0.113.0", "libc", "target-lexicon", ] -[[package]] -name = "cranelift-wasm" -version = "0.112.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0572cbd9d136a62c0f39837b6bce3b0978b96b8586794042bec0c214668fd6f5" -dependencies = [ - "cranelift-codegen 0.112.2", - "cranelift-entity 0.112.2", - "cranelift-frontend 0.112.2", - "itertools", - "log", - "smallvec", - "wasmparser 0.217.0", - "wasmtime-types", -] - [[package]] name = "crc32fast" version = "1.4.0" @@ -1577,6 +1582,12 @@ name = "gimli" version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" + +[[package]] +name = "gimli" +version = "0.31.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" dependencies = [ "fallible-iterator 0.3.0", "indexmap 2.2.6", @@ -2937,6 +2948,17 @@ dependencies = [ "unicase", ] +[[package]] +name = "pulley-interpreter" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d68c610ff29655a42eeef41a5b5346e714586971a7d927739477e552fe7e23e3" +dependencies = [ + "cranelift-bitset 0.113.0", + "log", + "sptr", +] + [[package]] name = "quickcheck" version = "1.0.3" @@ -4683,7 +4705,7 @@ dependencies = [ "system-interface", "thiserror", "tracing", - "wasmtime", + "wasmtime 25.0.2", "wiggle", "windows-sys 0.52.0", ] @@ -4779,13 +4801,23 @@ checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" [[package]] name = "wasm-encoder" -version = "0.217.0" +version = "0.218.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b88b0814c9a2b323a9b46c687e726996c255ac8b64aa237dd11c81ed4854760" +checksum = "22b896fa8ceb71091ace9bcb81e853f54043183a1c9667cf93422c40252ffa0a" dependencies = [ "leb128", ] +[[package]] +name = "wasm-encoder" +version = "0.219.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29cbbd772edcb8e7d524a82ee8cef8dd046fc14033796a754c3ad246d019fa54" +dependencies = [ + "leb128", + "wasmparser 0.219.1", +] + [[package]] name = "wasm-sample" version = "0.1.0" @@ -5105,15 +5137,39 @@ dependencies = [ "serde", ] +[[package]] +name = "wasmparser" +version = "0.218.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b09e46c7fceceaa72b2dd1a8a137ea7fd8f93dfaa69806010a709918e496c5dc" +dependencies = [ + "ahash 0.8.11", + "bitflags 2.6.0", + "hashbrown 0.14.3", + "indexmap 2.2.6", + "semver 1.0.22", + "serde", +] + +[[package]] +name = "wasmparser" +version = "0.219.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c771866898879073c53b565a6c7b49953795159836714ac56a5befb581227c5" +dependencies = [ + "bitflags 2.6.0", + "indexmap 2.2.6", +] + [[package]] name = "wasmprinter" -version = "0.217.0" +version = "0.218.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50dc568b3e0d47e8f96ea547c90790cfa783f0205160c40de894a427114185ce" +checksum = "0ace089155491837b75f474bf47c99073246d1b737393fe722d6dee311595ddc" dependencies = [ "anyhow", "termcolor", - "wasmparser 0.217.0", + "wasmparser 0.218.0", ] [[package]] @@ -5122,7 +5178,45 @@ version = "25.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef01f9cb9636ed42a7ec5a09d785c0643590199dc7372dc22c7e2ba7a31a97d4" dependencies = [ - "addr2line 0.22.0", + "anyhow", + "bitflags 2.6.0", + "bumpalo", + "cc", + "cfg-if", + "hashbrown 0.14.3", + "indexmap 2.2.6", + "libc", + "libm", + "log", + "mach2", + "memfd", + "object 0.36.0", + "once_cell", + "paste", + "postcard", + "psm", + "rustix", + "serde", + "serde_derive", + "smallvec", + "sptr", + "target-lexicon", + "wasmparser 0.217.0", + "wasmtime-asm-macros 25.0.2", + "wasmtime-environ 25.0.2", + "wasmtime-jit-icache-coherence 25.0.2", + "wasmtime-slab 25.0.2", + "wasmtime-versioned-export-macros 25.0.2", + "windows-sys 0.52.0", +] + +[[package]] +name = "wasmtime" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ffa3230b9ba1ab6568d116df21bf4ca55ed2bfac87723d910471d30d9656ea1" +dependencies = [ + "addr2line 0.24.2", "anyhow", "async-trait", "bitflags 2.6.0", @@ -5131,7 +5225,7 @@ dependencies = [ "cfg-if", "encoding_rs", "fxprof-processed-profile", - "gimli 0.29.0", + "gimli 0.31.1", "hashbrown 0.14.3", "indexmap 2.2.6", "ittapi", @@ -5145,6 +5239,7 @@ dependencies = [ "paste", "postcard", "psm", + "pulley-interpreter", "rayon", "rustix", "semver 1.0.22", @@ -5154,22 +5249,22 @@ dependencies = [ "smallvec", "sptr", "target-lexicon", - "wasm-encoder", - "wasmparser 0.217.0", - "wasmtime-asm-macros 25.0.2", + "wasm-encoder 0.218.0", + "wasmparser 0.218.0", + "wasmtime-asm-macros 26.0.0", "wasmtime-cache", "wasmtime-component-macro", "wasmtime-component-util", "wasmtime-cranelift", - "wasmtime-environ", + "wasmtime-environ 26.0.0", "wasmtime-fiber", "wasmtime-jit-debug", - "wasmtime-jit-icache-coherence", - "wasmtime-slab", - "wasmtime-versioned-export-macros 25.0.2", + "wasmtime-jit-icache-coherence 26.0.0", + "wasmtime-slab 26.0.0", + "wasmtime-versioned-export-macros 26.0.0", "wasmtime-winch", "wat", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -5190,11 +5285,20 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "wasmtime-asm-macros" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef15fad08bbaa0e5c5539b76fa5965ca25e24f17a584f83a40b43ba9a2b36f44" +dependencies = [ + "cfg-if", +] + [[package]] name = "wasmtime-cache" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "272d5939e989c5b54e3fa83ef420e4a6dba3995c3065626066428b2f73ad1e06" +checksum = "da608e953b6ec54afe99dd0b5cdfefff220acb8378dbd72bf846c3745e2f20ed" dependencies = [ "anyhow", "base64", @@ -5206,15 +5310,15 @@ dependencies = [ "serde_derive", "sha2", "toml 0.8.12", - "windows-sys 0.52.0", + "windows-sys 0.59.0", "zstd", ] [[package]] name = "wasmtime-component-macro" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26593c4b18c76ca3c3fbdd813d6692256537b639b851d8a6fe827e3d6966fc01" +checksum = "23fb4e179f424260d0739c09d3bc83d34347a55d291d10dcb5244686a75c7733" dependencies = [ "anyhow", "proc-macro2", @@ -5227,33 +5331,33 @@ dependencies = [ [[package]] name = "wasmtime-component-util" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2ed562fbb0cbed20a56c369c8de146c1de06a48c19e26ed9aa45f073514ee60" +checksum = "cfe3c27d64af5f584014db9381c081223d27a57e1dce2f6280bbafea37575619" [[package]] name = "wasmtime-cranelift" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f389b789cbcb53a8499131182135dea21d7d97ad77e7fb66830f69479ef0e68c" +checksum = "eb56d9ee4a093509624bd0861888cd111f6530e16969a68bb12dc7dd7a2be27f" dependencies = [ "anyhow", "cfg-if", - "cranelift-codegen 0.112.2", + "cranelift-codegen 0.113.0", "cranelift-control", - "cranelift-entity 0.112.2", - "cranelift-frontend 0.112.2", + "cranelift-entity 0.113.0", + "cranelift-frontend 0.113.0", "cranelift-native", - "cranelift-wasm", - "gimli 0.29.0", + "gimli 0.31.1", + "itertools", "log", "object 0.36.0", "smallvec", "target-lexicon", "thiserror", - "wasmparser 0.217.0", - "wasmtime-environ", - "wasmtime-versioned-export-macros 25.0.2", + "wasmparser 0.218.0", + "wasmtime-environ 26.0.0", + "wasmtime-versioned-export-macros 26.0.0", ] [[package]] @@ -5263,51 +5367,72 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "84b72debe8899f19bedf66f7071310f06ef62de943a1369ba9b373613e77dd3d" dependencies = [ "anyhow", - "cpp_demangle", - "cranelift-bitset", + "cranelift-bitset 0.112.2", "cranelift-entity 0.112.2", "gimli 0.29.0", "indexmap 2.2.6", "log", "object 0.36.0", "postcard", + "serde", + "serde_derive", + "target-lexicon", + "wasmparser 0.217.0", + "wasmtime-types", +] + +[[package]] +name = "wasmtime-environ" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3444c1759d5b906ff76a3cab073dd92135bdd06e5d1f46635ec40a58207d314" +dependencies = [ + "anyhow", + "cpp_demangle", + "cranelift-bitset 0.113.0", + "cranelift-entity 0.113.0", + "gimli 0.31.1", + "indexmap 2.2.6", + "log", + "object 0.36.0", + "postcard", "rustc-demangle", "semver 1.0.22", "serde", "serde_derive", + "smallvec", "target-lexicon", - "wasm-encoder", - "wasmparser 0.217.0", + "wasm-encoder 0.218.0", + "wasmparser 0.218.0", "wasmprinter", "wasmtime-component-util", - "wasmtime-types", ] [[package]] name = "wasmtime-fiber" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92b8d4d504266ee598204f9e69cea8714499cc7c5aeddaa9b3f76aaace8b0680" +checksum = "ae2ab757170bf183944ae494cd607bf2f028744414fed7440a39930194bfb869" dependencies = [ "anyhow", "cc", "cfg-if", "rustix", - "wasmtime-asm-macros 25.0.2", - "wasmtime-versioned-export-macros 25.0.2", - "windows-sys 0.52.0", + "wasmtime-asm-macros 26.0.0", + "wasmtime-versioned-export-macros 26.0.0", + "windows-sys 0.59.0", ] [[package]] name = "wasmtime-jit-debug" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48ed7f0bbb9da3252c252b05fcd5fd42672db161e6276aa96e92059500247d8c" +checksum = "077d8382176594ded9e7d837db2f320b45915d40b99f4319b2bd1061bbdf5f4f" dependencies = [ "object 0.36.0", "once_cell", "rustix", - "wasmtime-versioned-export-macros 25.0.2", + "wasmtime-versioned-export-macros 26.0.0", ] [[package]] @@ -5322,12 +5447,30 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "wasmtime-jit-icache-coherence" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e458e6a1a010a53f86ac8d75837c0c6b2ce3e54b7503b2f1dc5629a4a541f5a" +dependencies = [ + "anyhow", + "cfg-if", + "libc", + "windows-sys 0.59.0", +] + [[package]] name = "wasmtime-slab" version = "25.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "055a181b8d03998511294faea14798df436503f14d7fd20edcf7370ec583e80a" +[[package]] +name = "wasmtime-slab" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339c9a2a62b989a3184baff31be3a5b5256ad52629634eb432f9ccf0ab251f83" + [[package]] name = "wasmtime-types" version = "25.0.2" @@ -5364,31 +5507,42 @@ dependencies = [ "syn 2.0.82", ] +[[package]] +name = "wasmtime-versioned-export-macros" +version = "26.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abe01058e422966659e1af00af833147d54658b07c7e74606d73ca9af3f1690a" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.82", +] + [[package]] name = "wasmtime-winch" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a702ff5eff3b37c11453ec8b54ec444bb9f2c689c7a7af382766c52df86b1e9b" +checksum = "3b65e7d7676280ff58e417053ef8435fd7d0b5c5c4372428d13d47aee00a26bf" dependencies = [ "anyhow", - "cranelift-codegen 0.112.2", - "gimli 0.29.0", + "cranelift-codegen 0.113.0", + "gimli 0.31.1", "object 0.36.0", "target-lexicon", - "wasmparser 0.217.0", + "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ", + "wasmtime-environ 26.0.0", "winch-codegen", ] [[package]] name = "wasmtime-wit-bindgen" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2fca2cbb5bb390f65d4434c19bf8d9873dfc60f10802918ebcd6f819a38d703" +checksum = "1c9e85935a1199e96b73e7fcd27a127035d2082265720a67d59268a24892d567" dependencies = [ "anyhow", - "heck 0.4.1", + "heck 0.5.0", "indexmap 2.2.6", "wit-parser", ] @@ -5404,24 +5558,24 @@ dependencies = [ [[package]] name = "wast" -version = "217.0.0" +version = "219.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79004ecebded92d3c710d4841383368c7f04b63d0992ddd6b0c7d5029b7629b7" +checksum = "4f79a9d9df79986a68689a6b40bcc8d5d40d807487b235bebc2ac69a242b54a1" dependencies = [ "bumpalo", "leb128", "memchr", "unicode-width", - "wasm-encoder", + "wasm-encoder 0.219.1", ] [[package]] name = "wat" -version = "1.217.0" +version = "1.219.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c126271c3d92ca0f7c63e4e462e40c69cca52fd4245fcda730d1cf558fb55088" +checksum = "8bc3cf014fb336883a411cd662f987abf6a1d2a27f2f0008616a0070bbf6bd0d" dependencies = [ - "wast 217.0.0", + "wast 219.0.1", ] [[package]] @@ -5513,7 +5667,7 @@ dependencies = [ "bitflags 2.6.0", "thiserror", "tracing", - "wasmtime", + "wasmtime 25.0.2", "wiggle-macro", ] @@ -5577,19 +5731,19 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "winch-codegen" -version = "0.23.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d716f7c87db8ea79f1dc69f7344354b6256451bccca422ac4c3e0d607d144532" +checksum = "d24d6742c41dcde6860c4b83569264b9cd4549d440a4d2488fed0eace33b92fc" dependencies = [ "anyhow", - "cranelift-codegen 0.112.2", - "gimli 0.29.0", + "cranelift-codegen 0.113.0", + "gimli 0.31.1", "regalloc2 0.10.2", "smallvec", "target-lexicon", - "wasmparser 0.217.0", + "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ", + "wasmtime-environ 26.0.0", ] [[package]] @@ -5838,9 +5992,9 @@ dependencies = [ [[package]] name = "wit-parser" -version = "0.217.0" +version = "0.218.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb893dcd6d370cfdf19a0d9adfcd403efb8e544e1a0ea3a8b81a21fe392eaa78" +checksum = "0d3d1066ab761b115f97fef2b191090faabcb0f37b555b758d3caf42d4ed9e55" dependencies = [ "anyhow", "id-arena", @@ -5851,7 +6005,7 @@ dependencies = [ "serde_derive", "serde_json", "unicode-xid", - "wasmparser 0.217.0", + "wasmparser 0.218.0", ] [[package]] @@ -5923,7 +6077,7 @@ dependencies = [ "wasmedge-sdk", "wasmer", "wasmer-wasix", - "wasmtime", + "wasmtime 26.0.0", ] [[package]] diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index f9d467d5d..c93e8b2d8 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -43,7 +43,7 @@ caps = "0.5.5" wasmer = { version = "4.0.0", optional = true } wasmer-wasix = { version = "0.9.0", optional = true } wasmedge-sdk = { version = "0.14.0", optional = true } -wasmtime = { version = "25.0.2", optional = true } +wasmtime = { version = "26.0.0", optional = true } wasi-common = { version = "25.0.2", optional = true } tracing = { version = "0.1.40", features = ["attributes"] } tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] } From c2216cd4832284a7eb9a768cbcbab2f93fea453f Mon Sep 17 00:00:00 2001 From: Yashodhan Joshi Date: Mon, 28 Oct 2024 10:51:01 +0530 Subject: [PATCH 04/10] deps: update wasi-common to 26.0.0 Signed-off-by: Yashodhan Joshi --- Cargo.lock | 224 ++++++---------------------------------- crates/youki/Cargo.toml | 2 +- 2 files changed, 34 insertions(+), 192 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 51c4ab67c..8c218e614 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -337,9 +337,9 @@ dependencies = [ [[package]] name = "cap-fs-ext" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "769f8cd02eb04d57f14e2e371ebb533f96817f9b2525d73a5c72b61ca7973747" +checksum = "712695628f77a28acd7c9135b9f05f9c1563f8eb91b317f63876bac550032403" dependencies = [ "cap-primitives", "cap-std", @@ -349,9 +349,9 @@ dependencies = [ [[package]] name = "cap-primitives" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90a0b44fc796b1a84535a63753d50ba3972c4db55c7255c186f79140e63d56d0" +checksum = "ff5bcbaf57897c8f14098cc9ad48a78052930a9948119eea01b80ca224070fa6" dependencies = [ "ambient-authority", "fs-set-times", @@ -366,9 +366,9 @@ dependencies = [ [[package]] name = "cap-rand" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4327f08daac33a99bb03c54ae18c8f32c3ba31c728a33ddf683c6c6a5043de68" +checksum = "e7c780812948b31f362c3bab82d23b902529c26705d0e094888bc7fdb9656908" dependencies = [ "ambient-authority", "rand", @@ -376,9 +376,9 @@ dependencies = [ [[package]] name = "cap-std" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266626ce180cf9709f317d0bf9754e3a5006359d87f4bf792f06c9c5f1b63c0f" +checksum = "e6cf1a22e6eab501e025a9953532b1e95efb8a18d6364bf8a4a7547b30c49186" dependencies = [ "cap-primitives", "io-extras", @@ -388,9 +388,9 @@ dependencies = [ [[package]] name = "cap-time-ext" -version = "3.0.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1353421ba83c19da60726e35db0a89abef984b3be183ff6f58c5b8084fcd0c5" +checksum = "1e1547a95cd071db92382c649260bcc6721879ef5d1f0f442af33bff75003dd7" dependencies = [ "ambient-authority", "cap-primitives", @@ -657,16 +657,6 @@ dependencies = [ "cranelift-entity 0.113.0", ] -[[package]] -name = "cranelift-bitset" -version = "0.112.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eaa2aece6237198afd32bff57699e08d4dccb8d3902c214fc1e6ba907247ca4" -dependencies = [ - "serde", - "serde_derive", -] - [[package]] name = "cranelift-bitset" version = "0.113.0" @@ -706,7 +696,7 @@ checksum = "900a19b84545924f1851cbfe386962edfc4ecbc3366a254825cf1ecbcda8ba08" dependencies = [ "bumpalo", "cranelift-bforest 0.113.0", - "cranelift-bitset 0.113.0", + "cranelift-bitset", "cranelift-codegen-meta 0.113.0", "cranelift-codegen-shared 0.113.0", "cranelift-control", @@ -780,24 +770,13 @@ version = "0.91.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a59bcbca89c3f1b70b93ab3cbba5e5e0cbf3e63dadb23c7525cb142e21a9d4c" -[[package]] -name = "cranelift-entity" -version = "0.112.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14ebe592a2f81af9237cf9be29dd3854ecb72108cfffa59e85ef12389bf939e3" -dependencies = [ - "cranelift-bitset 0.112.2", - "serde", - "serde_derive", -] - [[package]] name = "cranelift-entity" version = "0.113.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2d770e6605eccee15b49decdd82cd26f2b6404767802471459ea49c57379a98" dependencies = [ - "cranelift-bitset 0.113.0", + "cranelift-bitset", "serde", "serde_derive", ] @@ -1577,12 +1556,6 @@ version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" -[[package]] -name = "gimli" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" - [[package]] name = "gimli" version = "0.31.1" @@ -1675,12 +1648,6 @@ dependencies = [ "unicode-segmentation", ] -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - [[package]] name = "heck" version = "0.5.0" @@ -2954,7 +2921,7 @@ version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d68c610ff29655a42eeef41a5b5346e714586971a7d927739477e552fe7e23e3" dependencies = [ - "cranelift-bitset 0.113.0", + "cranelift-bitset", "log", "sptr", ] @@ -4686,9 +4653,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasi-common" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f1e63f999ecfdd96d64d35b39d0577318d9d2eae2d41603d4befda3b3dfe252" +checksum = "30736986c56db528f8086cc81e56abcde4d0c682084cfd9ea37c7237adccde14" dependencies = [ "anyhow", "bitflags 2.6.0", @@ -4705,9 +4672,9 @@ dependencies = [ "system-interface", "thiserror", "tracing", - "wasmtime 25.0.2", + "wasmtime", "wiggle", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -5123,20 +5090,6 @@ dependencies = [ "url", ] -[[package]] -name = "wasmparser" -version = "0.217.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca917a21307d3adf2b9857b94dd05ebf8496bdcff4437a9b9fb3899d3e6c74e7" -dependencies = [ - "ahash 0.8.11", - "bitflags 2.6.0", - "hashbrown 0.14.3", - "indexmap 2.2.6", - "semver 1.0.22", - "serde", -] - [[package]] name = "wasmparser" version = "0.218.0" @@ -5172,44 +5125,6 @@ dependencies = [ "wasmparser 0.218.0", ] -[[package]] -name = "wasmtime" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef01f9cb9636ed42a7ec5a09d785c0643590199dc7372dc22c7e2ba7a31a97d4" -dependencies = [ - "anyhow", - "bitflags 2.6.0", - "bumpalo", - "cc", - "cfg-if", - "hashbrown 0.14.3", - "indexmap 2.2.6", - "libc", - "libm", - "log", - "mach2", - "memfd", - "object 0.36.0", - "once_cell", - "paste", - "postcard", - "psm", - "rustix", - "serde", - "serde_derive", - "smallvec", - "sptr", - "target-lexicon", - "wasmparser 0.217.0", - "wasmtime-asm-macros 25.0.2", - "wasmtime-environ 25.0.2", - "wasmtime-jit-icache-coherence 25.0.2", - "wasmtime-slab 25.0.2", - "wasmtime-versioned-export-macros 25.0.2", - "windows-sys 0.52.0", -] - [[package]] name = "wasmtime" version = "26.0.0" @@ -5256,11 +5171,11 @@ dependencies = [ "wasmtime-component-macro", "wasmtime-component-util", "wasmtime-cranelift", - "wasmtime-environ 26.0.0", + "wasmtime-environ", "wasmtime-fiber", "wasmtime-jit-debug", - "wasmtime-jit-icache-coherence 26.0.0", - "wasmtime-slab 26.0.0", + "wasmtime-jit-icache-coherence", + "wasmtime-slab", "wasmtime-versioned-export-macros 26.0.0", "wasmtime-winch", "wat", @@ -5276,15 +5191,6 @@ dependencies = [ "cfg-if", ] -[[package]] -name = "wasmtime-asm-macros" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba5b20797419d6baf2296db2354f864e8bb3447cacca9d151ce7700ae08b4460" -dependencies = [ - "cfg-if", -] - [[package]] name = "wasmtime-asm-macros" version = "26.0.0" @@ -5356,31 +5262,10 @@ dependencies = [ "target-lexicon", "thiserror", "wasmparser 0.218.0", - "wasmtime-environ 26.0.0", + "wasmtime-environ", "wasmtime-versioned-export-macros 26.0.0", ] -[[package]] -name = "wasmtime-environ" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84b72debe8899f19bedf66f7071310f06ef62de943a1369ba9b373613e77dd3d" -dependencies = [ - "anyhow", - "cranelift-bitset 0.112.2", - "cranelift-entity 0.112.2", - "gimli 0.29.0", - "indexmap 2.2.6", - "log", - "object 0.36.0", - "postcard", - "serde", - "serde_derive", - "target-lexicon", - "wasmparser 0.217.0", - "wasmtime-types", -] - [[package]] name = "wasmtime-environ" version = "26.0.0" @@ -5389,7 +5274,7 @@ checksum = "f3444c1759d5b906ff76a3cab073dd92135bdd06e5d1f46635ec40a58207d314" dependencies = [ "anyhow", "cpp_demangle", - "cranelift-bitset 0.113.0", + "cranelift-bitset", "cranelift-entity 0.113.0", "gimli 0.31.1", "indexmap 2.2.6", @@ -5435,18 +5320,6 @@ dependencies = [ "wasmtime-versioned-export-macros 26.0.0", ] -[[package]] -name = "wasmtime-jit-icache-coherence" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d930bc1325bc0448be6a11754156d770f56f6c3a61f440e9567f36cd2ea3065" -dependencies = [ - "anyhow", - "cfg-if", - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "wasmtime-jit-icache-coherence" version = "26.0.0" @@ -5459,32 +5332,12 @@ dependencies = [ "windows-sys 0.59.0", ] -[[package]] -name = "wasmtime-slab" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "055a181b8d03998511294faea14798df436503f14d7fd20edcf7370ec583e80a" - [[package]] name = "wasmtime-slab" version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "339c9a2a62b989a3184baff31be3a5b5256ad52629634eb432f9ccf0ab251f83" -[[package]] -name = "wasmtime-types" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8340d976673ac3fdacac781f2afdc4933920c1adc738c3409e825dab3955399" -dependencies = [ - "anyhow", - "cranelift-entity 0.112.2", - "serde", - "serde_derive", - "smallvec", - "wasmparser 0.217.0", -] - [[package]] name = "wasmtime-versioned-export-macros" version = "14.0.4" @@ -5496,17 +5349,6 @@ dependencies = [ "syn 2.0.82", ] -[[package]] -name = "wasmtime-versioned-export-macros" -version = "25.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4b0c1f76891f778db9602ee3fbb4eb7e9a3f511847d1fb1b69eddbcea28303c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.82", -] - [[package]] name = "wasmtime-versioned-export-macros" version = "26.0.0" @@ -5531,7 +5373,7 @@ dependencies = [ "target-lexicon", "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ 26.0.0", + "wasmtime-environ", "winch-codegen", ] @@ -5658,27 +5500,27 @@ dependencies = [ [[package]] name = "wiggle" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4ebee2be6b561d1fe91b37e960c02baa94cdee29af863f5f26a0637f344f27a" +checksum = "c62986dac93e6de4e542c9861e0bfb375a796e880938bb2f5833a7dfaed07352" dependencies = [ "anyhow", "async-trait", "bitflags 2.6.0", "thiserror", "tracing", - "wasmtime 25.0.2", + "wasmtime", "wiggle-macro", ] [[package]] name = "wiggle-generate" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97c4a32959189041ccb260e6dfa7fcf907e665166e755a6a681c32423c90e45f" +checksum = "0b7602686d5d43b23ae28ad5d730921064b634ae6a9d78e8dbdc595326319232" dependencies = [ "anyhow", - "heck 0.4.1", + "heck 0.5.0", "proc-macro2", "quote", "shellexpand", @@ -5688,9 +5530,9 @@ dependencies = [ [[package]] name = "wiggle-macro" -version = "25.0.2" +version = "26.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e1c266e16c4b24a29e055ec651e27fce1389c886bb00fbe78b8924a253a439b" +checksum = "a376173abfaaa6cebf8aedd03366fcd528db2b8f5ccc3f422102a3f4014c3855" dependencies = [ "proc-macro2", "quote", @@ -5743,7 +5585,7 @@ dependencies = [ "target-lexicon", "wasmparser 0.218.0", "wasmtime-cranelift", - "wasmtime-environ 26.0.0", + "wasmtime-environ", ] [[package]] @@ -6077,7 +5919,7 @@ dependencies = [ "wasmedge-sdk", "wasmer", "wasmer-wasix", - "wasmtime 26.0.0", + "wasmtime", ] [[package]] diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index c93e8b2d8..f3dbcf265 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -44,7 +44,7 @@ wasmer = { version = "4.0.0", optional = true } wasmer-wasix = { version = "0.9.0", optional = true } wasmedge-sdk = { version = "0.14.0", optional = true } wasmtime = { version = "26.0.0", optional = true } -wasi-common = { version = "25.0.2", optional = true } +wasi-common = { version = "26.0.0", optional = true } tracing = { version = "0.1.40", features = ["attributes"] } tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] } tracing-journald = "0.3.0" From 860fba699d95cf2b49670ab0df4cd1a68749502b Mon Sep 17 00:00:00 2001 From: Yashodhan Joshi Date: Mon, 28 Oct 2024 11:18:50 +0530 Subject: [PATCH 05/10] print "unknown" instead of defaults if we cannot get kernel config Signed-off-by: Yashodhan Joshi --- crates/youki/src/commands/info.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crates/youki/src/commands/info.rs b/crates/youki/src/commands/info.rs index 4a92b1ac4..f9e1c7869 100644 --- a/crates/youki/src/commands/info.rs +++ b/crates/youki/src/commands/info.rs @@ -59,6 +59,8 @@ pub fn print_os() { println!("{:<18}{}", "Operating System", os); } else if let Some(os) = try_read_os_from("/usr/lib/os-release") { println!("{:<18}{}", "Operating System", os); + } else { + println!("{:<18}UNKNOWN", "Operating System"); } } @@ -204,6 +206,9 @@ pub fn print_namespaces() { println!("{:<18}disabled", "Namespaces"); return; } + } else { + println!("{:<18}UNKNOWN", "Namespaces"); + // we don't return as we can atleast try and see if anything is enabled } // mount namespace is always enabled if namespaces are enabled @@ -266,7 +271,7 @@ fn print_feature_status(config: &str, feature: &str, display: FeatureDisplay) { println!(" {:<16}{}", display.name, status); } else { - println!(" {:<16}{}", display.name, display.disabled); + println!(" {:<16}UNKNOWN", display.name); } } From e3e15404448b9d662d2aa9aa6560b7d22018ff5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 00:25:23 +0000 Subject: [PATCH 06/10] Bump serde from 1.0.213 to 1.0.214 in the patch group Bumps the patch group with 1 update: [serde](https://github.com/serde-rs/serde). Updates `serde` from 1.0.213 to 1.0.214 - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.213...v1.0.214) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8c218e614..cbb9f372b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3456,9 +3456,9 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.213" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1" +checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" dependencies = [ "serde_derive", ] @@ -3486,9 +3486,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.213" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5" +checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" dependencies = [ "proc-macro2", "quote", From d07159691ded12b00000418cbbc1800fb558ac1a Mon Sep 17 00:00:00 2001 From: AngrySean Date: Tue, 29 Oct 2024 12:23:05 +0800 Subject: [PATCH 07/10] fix(libcontainer) no_pivot args is not used (#2923) * Support setting no_pivot_root for create and run command Signed-off-by: Vanient * fix: mount move before choot Move the rootfs to the root of the host filesystem before chrooting, this is equivalent to pivot_root, if don't move mount first, we will not see the new rootfs when exec into the container Signed-off-by: xujihui1985 * fix(chroot): ensure mount occurs before chroot to mimic pivot_root behavior Move the mount operation to occur before calling chroot to better simulate the effect of pivot_root. Add a check to confirm if the current process is running inside an isolated mount namespace, ensuring proper mount handling. Signed-off-by: xujihui1985 * implement intergration test for no-pivot Signed-off-by: xujihui1985 * fix: add comments to no-pivot related code Signed-off-by: xujihui1985 * fix(lint): fix format Signed-off-by: xujihui1985 --------- Signed-off-by: Vanient Signed-off-by: xujihui1985 Co-authored-by: Vanient --- .../src/container/builder_impl.rs | 3 + .../src/container/init_builder.rs | 8 ++ .../src/container/tenant_builder.rs | 1 + crates/libcontainer/src/process/args.rs | 2 + .../src/process/container_init_process.rs | 85 +++++++++++-- crates/libcontainer/src/syscall/linux.rs | 5 + crates/libcontainer/src/syscall/syscall.rs | 3 +- crates/libcontainer/src/syscall/test.rs | 28 +++- crates/youki/src/commands/create.rs | 1 + crates/youki/src/commands/run.rs | 1 + tests/contest/contest/src/main.rs | 3 + tests/contest/contest/src/tests/mod.rs | 1 + .../contest/contest/src/tests/no_pivot/mod.rs | 29 +++++ tests/contest/contest/src/utils/test_utils.rs | 120 +++++++++++++++++- tests/contest/runtimetest/src/main.rs | 1 + tests/contest/runtimetest/src/tests.rs | 34 +++++ 16 files changed, 304 insertions(+), 21 deletions(-) create mode 100644 tests/contest/contest/src/tests/no_pivot/mod.rs diff --git a/crates/libcontainer/src/container/builder_impl.rs b/crates/libcontainer/src/container/builder_impl.rs index ed2cd07dd..0a9e43f52 100644 --- a/crates/libcontainer/src/container/builder_impl.rs +++ b/crates/libcontainer/src/container/builder_impl.rs @@ -49,6 +49,8 @@ pub(super) struct ContainerBuilderImpl { pub detached: bool, /// Default executes the specified execution of a generic command pub executor: Box, + /// If do not use pivot root to jail process inside rootfs + pub no_pivot: bool, } impl ContainerBuilderImpl { @@ -154,6 +156,7 @@ impl ContainerBuilderImpl { cgroup_config, detached: self.detached, executor: self.executor.clone(), + no_pivot: self.no_pivot, }; let (init_pid, need_to_clean_up_intel_rdt_dir) = diff --git a/crates/libcontainer/src/container/init_builder.rs b/crates/libcontainer/src/container/init_builder.rs index 2230acc60..4ac2104de 100644 --- a/crates/libcontainer/src/container/init_builder.rs +++ b/crates/libcontainer/src/container/init_builder.rs @@ -20,6 +20,7 @@ pub struct InitContainerBuilder { bundle: PathBuf, use_systemd: bool, detached: bool, + no_pivot: bool, } impl InitContainerBuilder { @@ -31,6 +32,7 @@ impl InitContainerBuilder { bundle, use_systemd: true, detached: true, + no_pivot: false, } } @@ -45,6 +47,11 @@ impl InitContainerBuilder { self } + pub fn with_no_pivot(mut self, no_pivot: bool) -> Self { + self.no_pivot = no_pivot; + self + } + /// Creates a new container pub fn build(self) -> Result { let spec = self.load_spec()?; @@ -95,6 +102,7 @@ impl InitContainerBuilder { preserve_fds: self.base.preserve_fds, detached: self.detached, executor: self.base.executor, + no_pivot: self.no_pivot, }; builder_impl.create()?; diff --git a/crates/libcontainer/src/container/tenant_builder.rs b/crates/libcontainer/src/container/tenant_builder.rs index 1ebddd76b..e54a22cca 100644 --- a/crates/libcontainer/src/container/tenant_builder.rs +++ b/crates/libcontainer/src/container/tenant_builder.rs @@ -142,6 +142,7 @@ impl TenantContainerBuilder { preserve_fds: self.base.preserve_fds, detached: self.detached, executor: self.base.executor, + no_pivot: false, }; let pid = builder_impl.create()?; diff --git a/crates/libcontainer/src/process/args.rs b/crates/libcontainer/src/process/args.rs index a4451dd85..1c7d0c395 100644 --- a/crates/libcontainer/src/process/args.rs +++ b/crates/libcontainer/src/process/args.rs @@ -42,4 +42,6 @@ pub struct ContainerArgs { pub detached: bool, /// Manage the functions that actually run on the container pub executor: Box, + /// If do not use pivot root to jail process inside rootfs + pub no_pivot: bool, } diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs index 64182c1c7..8d30b74b4 100644 --- a/crates/libcontainer/src/process/container_init_process.rs +++ b/crates/libcontainer/src/process/container_init_process.rs @@ -4,7 +4,7 @@ use std::path::{Path, PathBuf}; use std::{env, fs, mem}; use nc; -use nix::mount::MsFlags; +use nix::mount::{MntFlags, MsFlags}; use nix::sched::CloneFlags; use nix::sys::stat::Mode; use nix::unistd::{self, setsid, Gid, Uid}; @@ -270,6 +270,76 @@ fn reopen_dev_null() -> Result<()> { Ok(()) } +// umount or hide the target path. If the target path is mounted +// try to unmount it first if the unmount operation fails with EINVAL +// then mount a tmpfs with size 0k to hide the target path. +fn unmount_or_hide(syscall: &dyn Syscall, target: impl AsRef) -> Result<()> { + let target_path = target.as_ref(); + match syscall.umount2(target_path, MntFlags::MNT_DETACH) { + Ok(_) => Ok(()), + Err(SyscallError::Nix(nix::errno::Errno::EINVAL)) => syscall + .mount( + None, + target_path, + Some("tmpfs"), + MsFlags::MS_RDONLY, + Some("size=0k"), + ) + .map_err(InitProcessError::SyscallOther), + Err(err) => Err(InitProcessError::SyscallOther(err)), + } +} + +fn move_root(syscall: &dyn Syscall, rootfs: &Path) -> Result<()> { + unistd::chdir(rootfs).map_err(InitProcessError::NixOther)?; + // umount /sys and /proc if they are mounted, the purpose is to + // unmount or hide the /sys and /proc filesystems before the process changes its + // root to the new rootfs. thus ensure that the /sys and /proc filesystems are not + // accessible in the new rootfs. the logic is borrowed from crun + // https://github.com/containers/crun/blob/53cd1c1c697d7351d0cad23708d29bf4a7980a3a/src/libcrun/linux.c#L2780 + unmount_or_hide(syscall, "/sys")?; + unmount_or_hide(syscall, "/proc")?; + syscall + .mount(Some(rootfs), Path::new("/"), None, MsFlags::MS_MOVE, None) + .map_err(|err| { + tracing::error!(?err, ?rootfs, "failed to mount ms_move"); + InitProcessError::SyscallOther(err) + })?; + + syscall.chroot(Path::new(".")).map_err(|err| { + tracing::error!(?err, ?rootfs, "failed to chroot"); + InitProcessError::SyscallOther(err) + })?; + + unistd::chdir("/").map_err(InitProcessError::NixOther)?; + + Ok(()) +} + +fn do_pivot_root( + syscall: &dyn Syscall, + namespaces: &Namespaces, + no_pivot: bool, + rootfs: impl AsRef, +) -> Result<()> { + let rootfs_path = rootfs.as_ref(); + + let handle_error = |err: SyscallError, msg: &str| -> InitProcessError { + tracing::error!(?err, ?rootfs_path, msg); + InitProcessError::SyscallOther(err) + }; + + match namespaces.get(LinuxNamespaceType::Mount)? { + Some(_) if no_pivot => move_root(syscall, rootfs_path), + Some(_) => syscall + .pivot_rootfs(rootfs.as_ref()) + .map_err(|err| handle_error(err, "failed to pivot root")), + None => syscall + .chroot(rootfs_path) + .map_err(|err| handle_error(err, "failed to chroot")), + } +} + // Some variables are unused in the case where libseccomp feature is not enabled. #[allow(unused_variables)] pub fn container_init_process( @@ -343,18 +413,7 @@ pub fn container_init_process( // we use pivot_root, but if we are on the host mount namespace, we will // use simple chroot. Scary things will happen if you try to pivot_root // in the host mount namespace... - if namespaces.get(LinuxNamespaceType::Mount)?.is_some() { - // change the root of filesystem of the process to the rootfs - syscall.pivot_rootfs(rootfs_path).map_err(|err| { - tracing::error!(?err, ?rootfs_path, "failed to pivot root"); - InitProcessError::SyscallOther(err) - })?; - } else { - syscall.chroot(rootfs_path).map_err(|err| { - tracing::error!(?err, ?rootfs_path, "failed to chroot"); - InitProcessError::SyscallOther(err) - })?; - } + do_pivot_root(syscall.as_ref(), &namespaces, args.no_pivot, rootfs_path)?; // As we have changed the root mount, from here on // logs are no longer visible in journalctl diff --git a/crates/libcontainer/src/syscall/linux.rs b/crates/libcontainer/src/syscall/linux.rs index 9bc2f13de..ed68e104a 100644 --- a/crates/libcontainer/src/syscall/linux.rs +++ b/crates/libcontainer/src/syscall/linux.rs @@ -574,6 +574,11 @@ impl Syscall for LinuxSyscall { }?; Ok(()) } + + fn umount2(&self, target: &Path, flags: MntFlags) -> Result<()> { + umount2(target, flags)?; + Ok(()) + } } #[cfg(test)] diff --git a/crates/libcontainer/src/syscall/syscall.rs b/crates/libcontainer/src/syscall/syscall.rs index 6868a180e..e886aef7a 100644 --- a/crates/libcontainer/src/syscall/syscall.rs +++ b/crates/libcontainer/src/syscall/syscall.rs @@ -8,7 +8,7 @@ use std::sync::Arc; use caps::{CapSet, CapsHashSet}; use libc; -use nix::mount::MsFlags; +use nix::mount::{MntFlags, MsFlags}; use nix::sched::CloneFlags; use nix::sys::stat::{Mode, SFlag}; use nix::unistd::{Gid, Uid}; @@ -54,6 +54,7 @@ pub trait Syscall { size: libc::size_t, ) -> Result<()>; fn set_io_priority(&self, class: i64, priority: i64) -> Result<()>; + fn umount2(&self, target: &Path, flags: MntFlags) -> Result<()>; } #[derive(Clone, Copy)] diff --git a/crates/libcontainer/src/syscall/test.rs b/crates/libcontainer/src/syscall/test.rs index 4b5cc0d44..6e2e01977 100644 --- a/crates/libcontainer/src/syscall/test.rs +++ b/crates/libcontainer/src/syscall/test.rs @@ -6,7 +6,7 @@ use std::path::{Path, PathBuf}; use std::sync::Arc; use caps::{CapSet, CapsHashSet}; -use nix::mount::MsFlags; +use nix::mount::{MntFlags, MsFlags}; use nix::sched::CloneFlags; use nix::sys::stat::{Mode, SFlag}; use nix::unistd::{Gid, Uid}; @@ -44,6 +44,12 @@ pub struct IoPriorityArgs { pub priority: i64, } +#[derive(Clone, PartialEq, Eq, Debug)] +pub struct UMount2Args { + pub target: PathBuf, + pub flags: MntFlags, +} + #[derive(Default)] struct Mock { values: Vec>, @@ -64,6 +70,7 @@ pub enum ArgName { Groups, Capability, IoPriority, + UMount2, } impl ArgName { @@ -259,6 +266,16 @@ impl Syscall for TestHelperSyscall { Box::new(IoPriorityArgs { class, priority }), ) } + + fn umount2(&self, target: &Path, flags: MntFlags) -> Result<()> { + self.mocks.act( + ArgName::UMount2, + Box::new(UMount2Args { + target: target.to_owned(), + flags, + }), + ) + } } impl TestHelperSyscall { @@ -369,4 +386,13 @@ impl TestHelperSyscall { .map(|x| x.downcast_ref::().unwrap().clone()) .collect::>() } + + pub fn get_umount_args(&self) -> Vec { + self.mocks + .fetch(ArgName::UMount2) + .values + .iter() + .map(|x| x.downcast_ref::().unwrap().clone()) + .collect::>() + } } diff --git a/crates/youki/src/commands/create.rs b/crates/youki/src/commands/create.rs index dca591fb2..41eda151a 100644 --- a/crates/youki/src/commands/create.rs +++ b/crates/youki/src/commands/create.rs @@ -24,6 +24,7 @@ pub fn create(args: Create, root_path: PathBuf, systemd_cgroup: bool) -> Result< .as_init(&args.bundle) .with_systemd(systemd_cgroup) .with_detach(true) + .with_no_pivot(args.no_pivot) .build()?; Ok(()) diff --git a/crates/youki/src/commands/run.rs b/crates/youki/src/commands/run.rs index f297903f9..2f6d1812e 100644 --- a/crates/youki/src/commands/run.rs +++ b/crates/youki/src/commands/run.rs @@ -22,6 +22,7 @@ pub fn run(args: Run, root_path: PathBuf, systemd_cgroup: bool) -> Result { .as_init(&args.bundle) .with_systemd(systemd_cgroup) .with_detach(args.detach) + .with_no_pivot(args.no_pivot) .build()?; container diff --git a/tests/contest/contest/src/main.rs b/tests/contest/contest/src/main.rs index 8049457c0..e0d3a4a02 100644 --- a/tests/contest/contest/src/main.rs +++ b/tests/contest/contest/src/main.rs @@ -19,6 +19,7 @@ use crate::tests::io_priority::get_io_priority_test; use crate::tests::lifecycle::{ContainerCreate, ContainerLifecycle}; use crate::tests::linux_ns_itype::get_ns_itype_tests; use crate::tests::mounts_recursive::get_mounts_recursive_test; +use crate::tests::no_pivot::get_no_pivot_test; use crate::tests::pidfile::get_pidfile_test; use crate::tests::readonly_paths::get_ro_paths_test; use crate::tests::scheduler::get_scheduler_test; @@ -113,6 +114,7 @@ fn main() -> Result<()> { let scheduler = get_scheduler_test(); let io_priority_test = get_io_priority_test(); let devices = get_devices_test(); + let no_pivot = get_no_pivot_test(); tm.add_test_group(Box::new(cl)); tm.add_test_group(Box::new(cc)); @@ -136,6 +138,7 @@ fn main() -> Result<()> { tm.add_test_group(Box::new(sysctl)); tm.add_test_group(Box::new(scheduler)); tm.add_test_group(Box::new(devices)); + tm.add_test_group(Box::new(no_pivot)); tm.add_test_group(Box::new(io_priority_test)); tm.add_cleanup(Box::new(cgroups::cleanup_v1)); diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index 1fee606b1..7a742d384 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -9,6 +9,7 @@ pub mod io_priority; pub mod lifecycle; pub mod linux_ns_itype; pub mod mounts_recursive; +pub mod no_pivot; pub mod pidfile; pub mod readonly_paths; pub mod scheduler; diff --git a/tests/contest/contest/src/tests/no_pivot/mod.rs b/tests/contest/contest/src/tests/no_pivot/mod.rs new file mode 100644 index 000000000..8540a058a --- /dev/null +++ b/tests/contest/contest/src/tests/no_pivot/mod.rs @@ -0,0 +1,29 @@ +use anyhow::{Context, Result}; +use oci_spec::runtime::{ProcessBuilder, Spec, SpecBuilder}; +use test_framework::{test_result, Test, TestGroup, TestResult}; + +use crate::utils::test_utils::test_inside_container_with_no_pivot; + +fn create_spec() -> Result { + SpecBuilder::default() + .process( + ProcessBuilder::default() + .args(vec!["runtimetest".to_string(), "no_pivot".to_string()]) + .build()?, + ) + .build() + .context("failed to create spec") +} + +fn no_pivot_test() -> TestResult { + let spec = test_result!(create_spec()); + test_inside_container_with_no_pivot(spec, &|_| Ok(())) +} + +pub fn get_no_pivot_test() -> TestGroup { + let mut test_group = TestGroup::new("no_pivot"); + let no_pivot_test = Test::new("no_pivot_test", Box::new(no_pivot_test)); + test_group.add(vec![Box::new(no_pivot_test)]); + + test_group +} diff --git a/tests/contest/contest/src/utils/test_utils.rs b/tests/contest/contest/src/utils/test_utils.rs index c72cd8f0d..ceb31262e 100644 --- a/tests/contest/contest/src/utils/test_utils.rs +++ b/tests/contest/contest/src/utils/test_utils.rs @@ -42,11 +42,9 @@ pub struct ContainerData { pub create_result: std::io::Result, } -/// Starts the runtime with given directory as root directory -pub fn create_container>(id: &str, dir: P) -> Result { - let res = Command::new(get_runtime_path()) - // set stdio so that we can get o/p of runtimetest - // in test_inside_container function +fn create_container_command>(id: &str, dir: P, with_pivot_root: bool) -> Command { + let mut command = Command::new(get_runtime_path()); + command .stdout(Stdio::piped()) .stderr(Stdio::piped()) .arg("--root") @@ -54,7 +52,23 @@ pub fn create_container>(id: &str, dir: P) -> Result { .arg("create") .arg(id) .arg("--bundle") - .arg(dir.as_ref().join("bundle")) + .arg(dir.as_ref().join("bundle")); + if with_pivot_root { + command.arg("--no-pivot"); + } + command +} + +/// Starts the runtime with given directory as root directory +pub fn create_container>(id: &str, dir: P) -> Result { + let res = create_container_command(id, dir, false) + .spawn() + .context("could not create container")?; + Ok(res) +} + +pub fn create_container_no_pivot>(id: &str, dir: P) -> Result { + let res = create_container_command(id, dir, true) .spawn() .context("could not create container")?; Ok(res) @@ -232,6 +246,100 @@ pub fn test_inside_container( TestResult::Passed } +// just copy-pasted from test_inside_container for now, but with no pivot root +// need to refactor this to avoid duplication +pub fn test_inside_container_with_no_pivot( + spec: Spec, + setup_for_test: &dyn Fn(&Path) -> Result<()>, +) -> TestResult { + let id = generate_uuid(); + let id_str = id.to_string(); + let bundle = prepare_bundle().unwrap(); + + // This will do the required setup for the test + test_result!(setup_for_test( + &bundle.as_ref().join("bundle").join("rootfs") + )); + + set_config(&bundle, &spec).unwrap(); + // as we have to run runtimetest inside the container, and is expects + // the config.json to be at path /config.json we save it there + let path = bundle + .as_ref() + .join("bundle") + .join("rootfs") + .join("config.json"); + spec.save(path).unwrap(); + + let runtimetest_path = get_runtimetest_path(); + // The config will directly use runtime as the command to be run, so we have to + // save the runtimetest binary at its /bin + std::fs::copy( + runtimetest_path, + bundle + .as_ref() + .join("bundle") + .join("rootfs") + .join("bin") + .join("runtimetest"), + ) + .unwrap(); + let create_process = create_container_no_pivot(&id_str, &bundle).unwrap(); + // here we do not wait for the process by calling wait() as in the test_outside_container + // function because we need the output of the runtimetest. If we call wait, it will return + // and we won't have an easy way of getting the stdio of the runtimetest. + // Thus to make sure the container is created, we just wait for sometime, and + // assume that the create command was successful. If it wasn't we can catch that error + // in the start_container, as we can not start a non-created container anyways + std::thread::sleep(std::time::Duration::from_millis(1000)); + match start_container(&id_str, &bundle) + .unwrap() + .wait_with_output() + { + Ok(c) => c, + Err(e) => return TestResult::Failed(anyhow!("container start failed : {:?}", e)), + }; + + let create_output = create_process + .wait_with_output() + .context("getting output after starting the container failed") + .unwrap(); + + let stdout = String::from_utf8_lossy(&create_output.stdout); + if !stdout.is_empty() { + println!( + "{:?}", + anyhow!("container stdout was not empty, found : {}", stdout) + ) + } + let stderr = String::from_utf8_lossy(&create_output.stderr); + if !stderr.is_empty() { + return TestResult::Failed(anyhow!( + "container stderr was not empty, found : {}", + stderr + )); + } + + let (out, err) = get_state(&id_str, &bundle).unwrap(); + if !err.is_empty() { + return TestResult::Failed(anyhow!( + "error in getting state after starting the container : {}", + err + )); + } + + let state: State = match serde_json::from_str(&out) { + Ok(v) => v, + Err(e) => return TestResult::Failed(anyhow!("error in parsing state of container after start in test_inside_container : stdout : {}, parse error : {}",out,e)), + }; + if state.status != "stopped" { + return TestResult::Failed(anyhow!("error : unexpected container status in test_inside_runtime : expected stopped, got {}, container state : {:?}",state.status,state)); + } + kill_container(&id_str, &bundle).unwrap().wait().unwrap(); + delete_container(&id_str, &bundle).unwrap().wait().unwrap(); + TestResult::Passed +} + pub fn check_container_created(data: &ContainerData) -> Result<()> { match &data.create_result { Ok(exit_status) => { diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index 95780bd48..486495a8b 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -44,6 +44,7 @@ fn main() { "io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe), "io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle), "devices" => tests::validate_devices(&spec), + "no_pivot" => tests::validate_rootfs(), _ => eprintln!("error due to unexpected execute test name: {execute_test}"), } } diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 40f5ad29c..dec34dee3 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -545,3 +545,37 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { eprintln!("error ioprio_get expected priority {expected_priority:?}, got {priority}") } } + +// the validate_rootfs function is used to validate the rootfs of the container is +// as expected. This function is used in the no_pivot test to validate the rootfs +pub fn validate_rootfs() { + // list the first level directories in the rootfs + let mut entries = fs::read_dir("/") + .unwrap() + .filter_map(|entry| { + entry.ok().and_then(|e| { + let path = e.path(); + if path.is_dir() { + path.file_name() + .and_then(|name| name.to_str().map(|s| s.to_owned())) + } else { + None + } + }) + }) + .collect::>(); + // sort the entries to make the test deterministic + entries.sort(); + + // this is the list of directories that we expect to find in the rootfs + let mut expected = vec![ + "bin", "dev", "etc", "home", "proc", "root", "sys", "tmp", "usr", "var", + ]; + // sort the expected entries to make the test deterministic + expected.sort(); + + // compare the expected entries with the actual entries + if entries != expected { + eprintln!("error due to rootfs want {expected:?}, got {entries:?}"); + } +} From c722c62dbe639cae5550908bf3f479ad1c62b9db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:05:26 +0530 Subject: [PATCH 08/10] Bump thiserror from 1.0.65 to 1.0.66 in the patch group (#2970) Bumps the patch group with 1 update: [thiserror](https://github.com/dtolnay/thiserror). Updates `thiserror` from 1.0.65 to 1.0.66 - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.65...1.0.66) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 64 +++++++++++++++++----------------- crates/libcgroups/Cargo.toml | 2 +- crates/libcontainer/Cargo.toml | 2 +- 3 files changed, 34 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cbb9f372b..faba79e43 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -165,7 +165,7 @@ checksum = "a507401cad91ec6a857ed5513a2073c82a9b9048762b885bb98655b306964681" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -256,7 +256,7 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -512,7 +512,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -954,7 +954,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.10.0", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -976,7 +976,7 @@ checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f" dependencies = [ "darling_core 0.20.8", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -1060,7 +1060,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -1080,7 +1080,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4abae7035bf79b9877b779505d8cf3749285b80c43941eda66604841889451dc" dependencies = [ "derive_builder_core 0.20.1", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -1205,7 +1205,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -1449,7 +1449,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -2252,7 +2252,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -2472,7 +2472,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -2608,7 +2608,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -2637,7 +2637,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -3492,7 +3492,7 @@ checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -3575,7 +3575,7 @@ checksum = "82fe9db325bcef1fbcde82e078a5cc4efdf787e96b3b9cf45b50b529f2083d67" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -3832,7 +3832,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -3848,9 +3848,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.82" +version = "2.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83540f837a8afc019423a8edb95b52a8effe46957ee402287f4292fae35be021" +checksum = "e89275301d38033efb81a6e60e3497e734dfcc62571f2854bf4b16690398824c" dependencies = [ "proc-macro2", "quote", @@ -3989,22 +3989,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.65" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5" +checksum = "5d171f59dbaa811dbbb1aee1e73db92ec2b122911a48e1390dfe327a821ddede" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.65" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae71770322cbd277e69d762a16c444af02aa0575ac0d174f0b9562d3b37f8602" +checksum = "b08be0f17bd307950653ce45db00cd31200d82b624b36e181337d9c7d92765b5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -4130,7 +4130,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -4252,7 +4252,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -4797,7 +4797,7 @@ checksum = "dbe80d95a88e9ac87b6aaf7bc9acd1fdfcd92045db2bf41a2262f623e2406a92" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -5229,7 +5229,7 @@ dependencies = [ "anyhow", "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", "wasmtime-component-util", "wasmtime-wit-bindgen", "wit-parser", @@ -5346,7 +5346,7 @@ checksum = "09b5575a75e711ca6c36bb9ad647c93541cdc8e34218031acba5da3f35919dd3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -5357,7 +5357,7 @@ checksum = "abe01058e422966659e1af00af833147d54658b07c7e74606d73ca9af3f1690a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] @@ -5524,7 +5524,7 @@ dependencies = [ "proc-macro2", "quote", "shellexpand", - "syn 2.0.82", + "syn 2.0.86", "witx", ] @@ -5536,7 +5536,7 @@ checksum = "a376173abfaaa6cebf8aedd03366fcd528db2b8f5ccc3f422102a3f4014c3855" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", "wiggle-generate", ] @@ -5939,7 +5939,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.82", + "syn 2.0.86", ] [[package]] diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml index 7a38fa3ef..0176ed54d 100644 --- a/crates/libcgroups/Cargo.toml +++ b/crates/libcgroups/Cargo.toml @@ -29,7 +29,7 @@ rbpf = { version = "0.3.0", optional = true } libbpf-sys = { version = "1.4.5", optional = true } errno = { version = "0.3.9", optional = true } libc = { version = "0.2.161", optional = true } -thiserror = "1.0.65" +thiserror = "1.0.66" tracing = { version = "0.1.40", features = ["attributes"] } [dev-dependencies] diff --git a/crates/libcontainer/Cargo.toml b/crates/libcontainer/Cargo.toml index 7093f627b..7f5711390 100644 --- a/crates/libcontainer/Cargo.toml +++ b/crates/libcontainer/Cargo.toml @@ -47,7 +47,7 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" rust-criu = "0.4.0" regex = { version = "1.10.6", default-features = false, features = ["std", "unicode-perl"] } -thiserror = "1.0.65" +thiserror = "1.0.66" tracing = { version = "0.1.40", features = ["attributes"] } safe-path = "0.1.0" nc = "0.9.5" From d29ffd39c866171dcd2ddd0982c892fd038fd361 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 15:37:00 +0000 Subject: [PATCH 09/10] Bump libbpf-sys from 1.4.5+v1.4.5 to 1.5.0+v1.5.0 Bumps [libbpf-sys](https://github.com/libbpf/libbpf-sys) from 1.4.5+v1.4.5 to 1.5.0+v1.5.0. - [Release notes](https://github.com/libbpf/libbpf-sys/releases) - [Commits](https://github.com/libbpf/libbpf-sys/compare/1.4.3+v1.4.5...v1.5.0+v1.5.0) --- updated-dependencies: - dependency-name: libbpf-sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- crates/libcgroups/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index faba79e43..0d298367b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1946,9 +1946,9 @@ dependencies = [ [[package]] name = "libbpf-sys" -version = "1.4.5+v1.4.5" +version = "1.5.0+v1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cabee52b6f7e73308d6fd4f8e6bbbdcb97670f49f6e581c5897e4d2410b6019" +checksum = "2d8306b516a70a129cb6afed17c1e51e162d35aadfcc6339364addcebe32de90" dependencies = [ "cc", "nix 0.29.0", diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml index 0176ed54d..a9cad30c8 100644 --- a/crates/libcgroups/Cargo.toml +++ b/crates/libcgroups/Cargo.toml @@ -26,7 +26,7 @@ oci-spec = { version = "~0.7.0", features = ["runtime"] } fixedbitset = "0.5.7" serde = { version = "1.0", features = ["derive"] } rbpf = { version = "0.3.0", optional = true } -libbpf-sys = { version = "1.4.5", optional = true } +libbpf-sys = { version = "1.5.0", optional = true } errno = { version = "0.3.9", optional = true } libc = { version = "0.2.161", optional = true } thiserror = "1.0.66" From 6e1a8cf5e5e8bdcaee72feb6371a4f2aa17db8b6 Mon Sep 17 00:00:00 2001 From: Tanjil Date: Sun, 3 Nov 2024 12:38:55 +0000 Subject: [PATCH 10/10] docs: update github pages links (#2969) * Update Cargo.toml * Update Cargo.toml * Update Cargo.toml * Update Cargo.toml * Update documentation_mdbook.md * Update Cargo.toml * Update Cargo.toml * Update README.md * Update README.md * Update README.md Co-authored-by: Paul "TBBle" Hampson * Update README.md Co-authored-by: Paul "TBBle" Hampson * Update README.md Co-authored-by: Paul "TBBle" Hampson * Update docs/src/developer/documentation_mdbook.md Co-authored-by: Paul "TBBle" Hampson * Update tools/wasm-sample/README.md Co-authored-by: Paul "TBBle" Hampson --------- Co-authored-by: Paul "TBBle" Hampson --- README.md | 6 +++--- crates/libcgroups/Cargo.toml | 2 +- crates/libcontainer/Cargo.toml | 2 +- crates/liboci-cli/Cargo.toml | 2 +- crates/youki/Cargo.toml | 2 +- docs/src/developer/documentation_mdbook.md | 2 +- experiment/seccomp/Cargo.toml | 2 +- experiment/selinux/Cargo.toml | 2 +- tools/wasm-sample/README.md | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 1098c4898..4d1329ea8 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ youki is named after the Japanese word 'youki', which means 'a container'. In Ja > $ sudo podman run --cgroup-manager=cgroupfs --runtime /workspaces/youki/youki hello-world > ``` -[User Documentation](https://containers.github.io/youki/user/basic_setup.html#quick-install) +[User Documentation](https://youki-dev.github.io/youki/user/basic_setup.html#quick-install) # 🎯 Motivation @@ -96,7 +96,7 @@ We have [our roadmap](https://github.com/orgs/containers/projects/15). # 🎨 Design and implementation of youki -The User and Developer Documentation for youki is hosted at [https://containers.github.io/youki/](https://containers.github.io/youki/) +The User and Developer Documentation for youki is hosted at [https://youki-dev.github.io/youki/](https://youki-dev.github.io/youki/) ![Architecture](docs/.drawio.svg) @@ -277,7 +277,7 @@ just youki-dev # or youki-release # 👥 Community and Contributing -Please refer to [our community page](https://containers.github.io/youki/community/introduction.html). +Please refer to [our community page](https://youki-dev.github.io/youki/community/introduction.html). Thanks to all the people who already contributed! diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml index a9cad30c8..3bf99dd3d 100644 --- a/crates/libcgroups/Cargo.toml +++ b/crates/libcgroups/Cargo.toml @@ -4,7 +4,7 @@ version = "0.4.1" # MARK: Version description = "Library for cgroup" license-file = "../../LICENSE" repository = "https://github.com/containers/youki" -homepage = "https://containers.github.io/youki" +homepage = "https://youki-dev.github.io/youki/" readme = "README.md" authors = ["youki team"] edition = "2021" diff --git a/crates/libcontainer/Cargo.toml b/crates/libcontainer/Cargo.toml index 7f5711390..950e00ca3 100644 --- a/crates/libcontainer/Cargo.toml +++ b/crates/libcontainer/Cargo.toml @@ -4,7 +4,7 @@ version = "0.4.1" # MARK: Version description = "Library for container control" license-file = "../../LICENSE" repository = "https://github.com/containers/youki" -homepage = "https://containers.github.io/youki" +homepage = "https://youki-dev.github.io/youki/" readme = "README.md" authors = ["youki team"] edition = "2021" diff --git a/crates/liboci-cli/Cargo.toml b/crates/liboci-cli/Cargo.toml index 99fcb8c99..9835a45b7 100644 --- a/crates/liboci-cli/Cargo.toml +++ b/crates/liboci-cli/Cargo.toml @@ -4,7 +4,7 @@ version = "0.4.1" # MARK: Version description = "Parse command line arguments for OCI container runtimes" license-file = "../../LICENSE" repository = "https://github.com/containers/youki" -homepage = "https://containers.github.io/youki" +homepage = "https://youki-dev.github.io/youki/" readme = "README.md" authors = ["youki team"] edition = "2021" diff --git a/crates/youki/Cargo.toml b/crates/youki/Cargo.toml index f3dbcf265..411a46fd9 100644 --- a/crates/youki/Cargo.toml +++ b/crates/youki/Cargo.toml @@ -4,7 +4,7 @@ version = "0.4.1" # MARK: Version description = "A container runtime written in Rust" license-file = "../../LICENSE" repository = "https://github.com/containers/youki" -homepage = "https://containers.github.io/youki" +homepage = "https://youki-dev.github.io/youki/" readme = "../../README.md" authors = ["youki team"] edition = "2021" diff --git a/docs/src/developer/documentation_mdbook.md b/docs/src/developer/documentation_mdbook.md index 65b2d3507..fc76e3044 100644 --- a/docs/src/developer/documentation_mdbook.md +++ b/docs/src/developer/documentation_mdbook.md @@ -4,7 +4,7 @@ This documentation is created using mdbook and aims to provide a concise referen Please make sure that you update this documentation along with newly added features and resources that you found helpful while developing, so that it will be helpful for newcomers. -Currently this documentation is hosted at [https://containers.github.io/youki/](https://containers.github.io/youki/), using GitHub pages. GitHub CI actions are used to automatically check if any files are changed in /docs on each push / PR merge to main branch, and if there are any changes, the mdbook is build and deployed to gh-pages. We use [https://github.com/peaceiris/actions-mdbook](https://github.com/peaceiris/actions-mdbook) to build and then [https://github.com/peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) GitHub action to deploy the mdbook. +Currently this documentation is hosted at [https://youki-dev.github.io/youki/](https://youki-dev.github.io/youki/), using GitHub pages. GitHub CI actions are used to automatically check if any files are changed in /docs on each push / PR merge to main branch, and if there are any changes, the mdbook is build and deployed to gh-pages. We use [https://github.com/peaceiris/actions-mdbook](https://github.com/peaceiris/actions-mdbook) to build and then [https://github.com/peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) GitHub action to deploy the mdbook. When testing locally you can manually test the changes by running `mdbook serve` in the docs directory (after installing mdbook), which will temporarily serve the mdbook at `localhost:3000` by default. You can check the mdbook documentation for more information. diff --git a/experiment/seccomp/Cargo.toml b/experiment/seccomp/Cargo.toml index 0b5bbc8e2..dd44c72cf 100644 --- a/experiment/seccomp/Cargo.toml +++ b/experiment/seccomp/Cargo.toml @@ -4,7 +4,7 @@ version = "0.0.0" description = "Library for seccomp" license-file = "../../LICENSE" repository = "https://github.com/containers/youki" -homepage = "https://containers.github.io/youki" +homepage = "https://youki-dev.github.io/youki/" readme = "README.md" authors = ["youki team"] edition = "2021" diff --git a/experiment/selinux/Cargo.toml b/experiment/selinux/Cargo.toml index 35107f76a..d02d4a6bd 100644 --- a/experiment/selinux/Cargo.toml +++ b/experiment/selinux/Cargo.toml @@ -4,7 +4,7 @@ version = "0.1.0" description = "Library for selinux" license-file = "../../LICENSE" repository = "https://github.com/containers/youki" -homepage = "https://containers.github.io/youki" +homepage = "https://youki-dev.github.io/youki/" readme = "README.md" authors = ["youki team"] edition = "2021" diff --git a/tools/wasm-sample/README.md b/tools/wasm-sample/README.md index 3485ef03f..1800471d0 100644 --- a/tools/wasm-sample/README.md +++ b/tools/wasm-sample/README.md @@ -4,7 +4,7 @@ This is a simple wasm module for testing purposes. It prints out the arguments g cargo build --target wasm32-wasi ``` -If you want youki to execute the module you must copy it to the root file system of the container and reference it in the args of the config.json. You must also ensure that the annotations contain `"run.oci.handler": "wasm"` and that youki has been compiled with one of the supported wasm runtimes. For further information please check the [documentation](https://containers.github.io/youki/user/webassembly.html). +If you want youki to execute the module you must copy it to the root file system of the container and reference it in the args of the config.json. You must also ensure that the annotations contain `"run.oci.handler": "wasm"` and that youki has been compiled with one of the supported wasm runtimes. For further information please check the [documentation](https://youki-dev.github.io/youki/user/webassembly.html). ``` "ociVersion": "1.0.2-dev",