fix unsafe code by use nix

Signed-off-by: sat0ken <[email protected]>

tests/contest/runtimetest/src/tests.rs

@@ -1,17 +1,20 @@
+use std::any::Any;
 use std::fs::{self, read_dir};
 use std::mem;
 use std::os::linux::fs::MetadataExt;
 use std::os::unix::fs::{FileTypeExt, PermissionsExt};
 use std::path::Path;
 
 use anyhow::{bail, Result};
-use libc::{__rlimit_resource_t, getrlimit, rlimit};
 use nix::errno::Errno;
 use nix::libc;
+use nix::sys::resource::{getrlimit, Resource};
 use nix::sys::utsname;
 use nix::unistd::getcwd;
 use oci_spec::runtime::IOPriorityClass::{self, IoprioClassBe, IoprioClassIdle, IoprioClassRt};
-use oci_spec::runtime::{LinuxDevice, LinuxDeviceType, LinuxSchedulerPolicy, PosixRlimit, Spec};
+use oci_spec::runtime::{
+    LinuxDevice, LinuxDeviceType, LinuxSchedulerPolicy, PosixRlimit, PosixRlimitType, Spec,
+};
 
 use crate::utils::{self, test_read_access, test_write_access};
 
@@ -553,33 +556,48 @@ pub fn validate_process_rlimits(spec: &Spec) {
     let spec_rlimits: &Vec<PosixRlimit> = process.rlimits().as_ref().unwrap();
 
     for spec_rlimit in spec_rlimits.iter() {
-        let mut limit: rlimit = unsafe { mem::zeroed() };
-
-        let result = unsafe { getrlimit(spec_rlimit.typ() as __rlimit_resource_t, &mut limit) };
-        if result == 0 {
-            if spec_rlimit.hard() != limit.rlim_max {
-                eprintln!(
-                    "error type of {:?} hard rlimit expected {:?} , got {:?}",
-                    spec_rlimit.typ(),
-                    spec_rlimit.hard(),
-                    limit.rlim_max
-                )
-            }
+        let (soft_limit, hard_limit) = getrlimit(change_resource_type(spec_rlimit.typ())).unwrap();
+        if spec_rlimit.hard() != hard_limit {
+            eprintln!(
+                "error type of {:?} hard rlimit expected {:?} , got {:?}",
+                spec_rlimit.typ(),
+                spec_rlimit.hard(),
+                hard_limit
+            )
+        }
 
-            if spec_rlimit.soft() != limit.rlim_cur {
-                eprintln!(
-                    "error type of {:?} soft rlimit expected {:?} , got {:?}",
-                    spec_rlimit.typ(),
-                    spec_rlimit.soft(),
-                    limit.rlim_cur
-                )
-            }
-        } else {
-            eprintln!("Failed to get rlimit");
+        if spec_rlimit.soft() != soft_limit {
+            eprintln!(
+                "error type of {:?} soft rlimit expected {:?} , got {:?}",
+                spec_rlimit.typ(),
+                spec_rlimit.soft(),
+                soft_limit
+            )
         }
     }
 }
 
+fn change_resource_type(resource_type: PosixRlimitType) -> Resource {
+    match resource_type {
+        PosixRlimitType::RlimitCpu => Resource::RLIMIT_CPU,
+        PosixRlimitType::RlimitFsize => Resource::RLIMIT_FSIZE,
+        PosixRlimitType::RlimitData => Resource::RLIMIT_DATA,
+        PosixRlimitType::RlimitStack => Resource::RLIMIT_STACK,
+        PosixRlimitType::RlimitCore => Resource::RLIMIT_CORE,
+        PosixRlimitType::RlimitRss => Resource::RLIMIT_RSS,
+        PosixRlimitType::RlimitNproc => Resource::RLIMIT_NPROC,
+        PosixRlimitType::RlimitNofile => Resource::RLIMIT_NOFILE,
+        PosixRlimitType::RlimitMemlock => Resource::RLIMIT_MEMLOCK,
+        PosixRlimitType::RlimitAs => Resource::RLIMIT_AS,
+        PosixRlimitType::RlimitLocks => Resource::RLIMIT_LOCKS,
+        PosixRlimitType::RlimitSigpending => Resource::RLIMIT_SIGPENDING,
+        PosixRlimitType::RlimitMsgqueue => Resource::RLIMIT_MSGQUEUE,
+        PosixRlimitType::RlimitNice => Resource::RLIMIT_NICE,
+        PosixRlimitType::RlimitRtprio => Resource::RLIMIT_RTPRIO,
+        PosixRlimitType::RlimitRttime => Resource::RLIMIT_RTTIME,
+    }
+}
+
 // the validate_rootfs function is used to validate the rootfs of the container is
 // as expected. This function is used in the no_pivot test to validate the rootfs
 pub fn validate_rootfs() {