Merge branch 'containers:main' into main

utam0k · Nov 29, 2021 · cb3d674 · cb3d674
2 parents c29f322 + 6cb39e1
commit cb3d674
Show file tree

Hide file tree

Showing 17 changed files with 422 additions and 192 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/integration_test/Cargo.toml b/crates/integration_test/Cargo.toml
@@ -13,7 +13,7 @@ version = "=3.0.0-beta.5"
 default-features = true
 
 [dependencies]
-procfs = "0.11.0"
+procfs = "0.11.1"
 uuid = "0.8"
 rand = "0.8.0"
 tar = "0.4"

diff --git a/crates/libcgroups/Cargo.toml b/crates/libcgroups/Cargo.toml
@@ -9,7 +9,7 @@ cgroupsv2_devices = ["rbpf", "libbpf-sys", "errno", "libc"]
 
 [dependencies]
 nix = "0.23.0"
-procfs = "0.11.0"
+procfs = "0.11.1"
 log = "0.4"
 anyhow = "1.0"
 oci-spec = { git = "https://github.com/containers/oci-spec-rs",  rev = "54c5e386f01ab37c9305cc4a83404eb157e42440" }
@@ -19,7 +19,7 @@ serde = { version = "1.0", features = ["derive"] }
 rbpf = {version = "0.1.0", optional = true }
 libbpf-sys = { version = "0.5.0-2", optional = true }
 errno = { version = "0.2.8", optional = true }
-libc = { version = "0.2.107", optional = true }
+libc = { version = "0.2.108", optional = true }
 
 [dev-dependencies]
 oci-spec = { git = "https://github.com/containers/oci-spec-rs",  rev = "54c5e386f01ab37c9305cc4a83404eb157e42440", features = ["proptests"] }

diff --git a/crates/libcgroups/src/common.rs b/crates/libcgroups/src/common.rs
@@ -184,11 +184,18 @@ pub fn create_cgroup_manager<P: Into<PathBuf>>(
                 if !systemd::booted() {
                     bail!("systemd cgroup flag passed, but systemd support for managing cgroups is not available");
                 }
-                log::info!("systemd cgroup manager will be used");
+
+                let use_system = nix::unistd::geteuid().is_root();
+
+                log::info!(
+                    "systemd cgroup manager with system bus {} will be used",
+                    use_system
+                );
                 return Ok(Box::new(systemd::manager::Manager::new(
                     DEFAULT_CGROUP_ROOT.into(),
                     cgroup_path.into(),
                     container_name.into(),
+                    use_system,
                 )?));
             }
             log::info!("cgroup manager V2 will be used");

diff --git a/crates/libcgroups/src/systemd/dbus/client.rs b/crates/libcgroups/src/systemd/dbus/client.rs
@@ -3,18 +3,54 @@ use anyhow::{Context, Result};
 use dbus::arg::{RefArg, Variant};
 use dbus::blocking::{Connection, Proxy};
 use std::collections::HashMap;
+use std::path::PathBuf;
 use std::time::Duration;
 
+pub trait SystemdClient {
+    fn is_system(&self) -> bool;
+
+    fn start_transient_unit(
+        &self,
+        container_name: &str,
+        pid: u32,
+        parent: &str,
+        unit_name: &str,
+    ) -> Result<()>;
+
+    fn stop_transient_unit(&self, unit_name: &str) -> Result<()>;
+
+    fn set_unit_properties(
+        &self,
+        unit_name: &str,
+        properties: &HashMap<&str, Box<dyn RefArg>>,
+    ) -> Result<()>;
+
+    fn systemd_version(&self) -> Result<u32>;
+
+    fn control_cgroup_root(&self) -> Result<PathBuf>;
+}
+
 /// Client is a wrapper providing higher level API and abatraction around dbus.
 /// For more information see https://www.freedesktop.org/wiki/Software/systemd/dbus/
 pub struct Client {
     conn: Connection,
+    system: bool,
 }
 
 impl Client {
-    pub fn new() -> Result<Self> {
+    /// Uses the system bus to communicate with systemd
+    pub fn new_system() -> Result<Self> {
         let conn = Connection::new_system()?;
-        Ok(Client { conn })
+        Ok(Client { conn, system: true })
+    }
+
+    /// Uses the session bus to communicate with systemd
+    pub fn new_session() -> Result<Self> {
+        let conn = Connection::new_session()?;
+        Ok(Client {
+            conn,
+            system: false,
+        })
     }
 
     fn create_proxy(&self) -> Proxy<&Connection> {
@@ -24,11 +60,17 @@ impl Client {
             Duration::from_millis(5000),
         )
     }
+}
+
+impl SystemdClient for Client {
+    fn is_system(&self) -> bool {
+        self.system
+    }
 
     /// start_transient_unit is a higher level API for starting a unit
     /// for a specific container under systemd.
     /// See https://www.freedesktop.org/wiki/Software/systemd/dbus for more details.
-    pub fn start_transient_unit(
+    fn start_transient_unit(
         &self,
         container_name: &str,
         pid: u32,
@@ -70,6 +112,8 @@ impl Client {
         properties.push(("DefaultDependencies", Variant(Box::new(false))));
         properties.push(("PIDs", Variant(Box::new(vec![pid]))));
 
+        log::debug!("START UNIT: {:?}", properties);
+
         proxy
             .start_transient_unit(unit_name, "replace", properties, vec![])
             .with_context(|| {
@@ -81,7 +125,7 @@ impl Client {
         Ok(())
     }
 
-    pub fn stop_transient_unit(&self, unit_name: &str) -> Result<()> {
+    fn stop_transient_unit(&self, unit_name: &str) -> Result<()> {
         let proxy = self.create_proxy();
 
         proxy
@@ -90,7 +134,7 @@ impl Client {
         Ok(())
     }
 
-    pub fn set_unit_properties(
+    fn set_unit_properties(
         &self,
         unit_name: &str,
         properties: &HashMap<&str, Box<dyn RefArg>>,
@@ -108,7 +152,7 @@ impl Client {
         Ok(())
     }
 
-    pub fn systemd_version(&self) -> Result<u32> {
+    fn systemd_version(&self) -> Result<u32> {
         let proxy = self.create_proxy();
 
         let version = proxy
@@ -123,4 +167,14 @@ impl Client {
 
         Ok(version)
     }
+
+    fn control_cgroup_root(&self) -> Result<PathBuf> {
+        let proxy = self.create_proxy();
+
+        let cgroup_root = proxy
+            .control_group()
+            .context("failed to get systemd control group")?;
+        PathBuf::try_from(&cgroup_root)
+            .with_context(|| format!("parse systemd control cgroup {} into path", cgroup_root))
+    }
 }