|
|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
use std::fs::OpenOptions;
|
|
|
|
|
use std::fs::{remove_dir_all, OpenOptions};
|
|
|
|
|
use std::os::unix::fs::OpenOptionsExt;
|
|
|
|
|
use std::{io, fs, fmt, os, path, process, time};
|
|
|
|
|
use fmt::Display;
|
|
|
|
|
@ -25,7 +25,8 @@ static WORKSPACE: &str = "/home/rocker";
|
|
|
|
|
static USER_NAME: &str = "rocker";
|
|
|
|
|
static INFO_FILE: &str = "info.toml";
|
|
|
|
|
static mut STACK: [u8; 1024*1024*1] = [0; 1024*1024*1];
|
|
|
|
|
static CLONE_FLAG: i32 = 0b1101100000000100000000000000000; // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET;
|
|
|
|
|
// 在/usr/src目录执行 "find . -name "*.h" -exec grep -H "CLONE_NEWTIME" {} \;" 查找时间的namespac的值
|
|
|
|
|
static CLONE_FLAG: i32 = 0b1101100000000100000000000000000 | 0x00000080; // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET;
|
|
|
|
|
static START_T: OnceLock<time::Instant> = OnceLock::new();
|
|
|
|
|
|
|
|
|
|
static LOGO: &str = r#"
|
|
|
|
|
@ -224,7 +225,7 @@ fn init_container_env(env: &String) -> Result<()>{
|
|
|
|
|
for (k, _) in std::env::vars(){
|
|
|
|
|
std::env::remove_var(k);
|
|
|
|
|
}
|
|
|
|
|
let mut env_vec = if env.starts_with("./") || env.starts_with("/") {
|
|
|
|
|
let env_vec = if env.starts_with("./") || env.starts_with("/") {
|
|
|
|
|
// 读取出路径指定的文件作为env
|
|
|
|
|
let env_text = fs::read_to_string(env)?;
|
|
|
|
|
env_text.lines().map(String::from).collect::<Vec<String>>()
|
|
|
|
|
@ -293,6 +294,12 @@ fn init_container_proc() -> Result<()> {
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn init_container_pts() -> Result<()> {
|
|
|
|
|
let mount_flags = MsFlags::MS_NODEV | MsFlags::MS_NOEXEC | MsFlags::MS_NOSUID;
|
|
|
|
|
mount(Some("devpts"), "/dev/pts", Some("devpts"), mount_flags, Some("mode=777"))?;
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn init_container_log() -> Result<()> {
|
|
|
|
|
let log_path = Path::new("logs");
|
|
|
|
|
let log_file = fs::OpenOptions::new()
|
|
|
|
|
@ -334,7 +341,7 @@ fn check_container_is_running(pid: &Pid, main_exe: &Path) -> Result<bool> {
|
|
|
|
|
|
|
|
|
|
fn init_exec_ns(pid: i32) -> Result<()>{
|
|
|
|
|
// 把当前进程加入到指定pid的namespace
|
|
|
|
|
for ns_name in vec!["ipc", "uts", "net", "pid", "mnt"] {
|
|
|
|
|
for ns_name in vec!["ipc", "uts", "net", "pid", "mnt", "time"] {
|
|
|
|
|
let ns_path = format!("/proc/{pid}/ns/{ns_name}");
|
|
|
|
|
let ns_fild = fs::File::open(ns_path)?;
|
|
|
|
|
setns(ns_fild.as_fd(), CloneFlags::from_bits_retain(0))? }
|
|
|
|
|
@ -461,13 +468,15 @@ fn run_container(container_info: &ContainerInfo, is_exec_cmd: Option<&String>) -
|
|
|
|
|
init_container_dev(&container_merged_path).unwrap();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// 设置pivot
|
|
|
|
|
init_container_pivot(&container_merged_path).unwrap();
|
|
|
|
|
|
|
|
|
|
// 挂载proc
|
|
|
|
|
init_container_proc().unwrap();
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
init_container_pts().unwrap();
|
|
|
|
|
|
|
|
|
|
if container_info.log {
|
|
|
|
|
init_container_log().unwrap();
|
|
|
|
|
}
|
|
|
|
|
|
阳光少年
1 year ago