diff --git a/src/main.rs b/src/main.rs index e18ccfd..aa905d3 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,6 +7,7 @@ use sync::OnceLock; use nix::sched::{clone, CloneCb, CloneFlags, setns}; use nix::sys::wait::{waitpid, WaitPidFlag}; +use nix::sys::signal::sigaction; use nix::unistd::{dup2, pivot_root, setgid, setgroups, sethostname, setuid, Gid, Pid, Uid, User}; use nix::mount::{mount, MntFlags, MsFlags, umount2}; use uuid; @@ -26,7 +27,8 @@ static USER_NAME: &str = "rocker"; static INFO_FILE: &str = "info.toml"; static mut STACK: [u8; 1024*1024*1] = [0; 1024*1024*1]; // 在/usr/src目录执行 "find . -name "*.h" -exec grep -H "CLONE_NEWTIME" {} \;" 查找时间的namespac的值 -static CLONE_FLAG: i32 = 0b1101100000000100000000000000000 | 0x00000080; // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET; +static CLONE_NEWTIME: i32 = 0x00000080; +static CLONE_FLAG: i32 = 0b1101100000000100000000000000000 | CLONE_NEWTIME; // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | CLONE_NEWTIME; static START_T: OnceLock = OnceLock::new(); static LOGO: &str = r#" @@ -344,10 +346,10 @@ fn check_container_is_running(pid: &Pid, main_exe: &Path) -> Result { fn init_exec_ns(pid: i32) -> Result<()>{ // 把当前进程加入到指定pid的namespace - for ns_name in vec!["ipc", "uts", "net", "pid", "mnt", "time"] { + for (ns_name, clone_flag) in [("ipc", CloneFlags::CLONE_NEWIPC), ("uts", CloneFlags::CLONE_NEWUTS), ("net", CloneFlags::CLONE_NEWNET), ("pid", CloneFlags::CLONE_NEWPID), ("mnt", CloneFlags::CLONE_NEWNS), ("time", CloneFlags::from_bits_retain(CLONE_NEWTIME))] { let ns_path = format!("/proc/{pid}/ns/{ns_name}"); if let Ok(ns_fild) = fs::File::open(ns_path) { - setns(ns_fild.as_fd(), CloneFlags::from_bits_retain(0))? + setns(ns_fild.as_fd(), clone_flag)? } } Ok(()) @@ -440,11 +442,9 @@ fn run_container(container_info: &ContainerInfo, is_exec_cmd: Option<&String>) - let _cb = || { init_exec_ns(container_info.procs[0]).unwrap(); clear_env(); - let env_vec = get_env_vec(&Default::default()).unwrap(); if container_info.root == false { init_container_user(rocker_uid, rocker_gid).unwrap(); } - init_container_env(&env_vec).unwrap(); create_pause(container_root_pause_path).unwrap(); while container_merged_pause_path.exists() { @@ -685,6 +685,9 @@ fn stop_container(containers_id: &str, is_remove: bool) -> Result<()> { Ok(()) } +extern "C" fn signal_handler(i: i32) { + println!("收到信号,准备退出... {}", i); +} fn main() -> Result<()>{ println!("{LOGO}"); diff --git a/src/network.rs b/src/network.rs index 7601853..cb43bc9 100644 --- a/src/network.rs +++ b/src/network.rs @@ -165,21 +165,28 @@ pub fn remove_network(uuid_name: &str) { pub fn create_network(uuid_name: &str, pid: i32) -> bool { let pid = pid.to_string(); + let bridge_name = format!("ro_{uuid_name}_1"); + let master_veth_name = format!("ro_{uuid_name}_2"); + let slave_veth_name = format!("ro_{uuid_name}_3"); + // 创建一个随机地址段的 没分配过的ip let mut all_network = take_all_network(); + + if all_network.iter().any(|n|n.bridge_name == bridge_name) { + println!("{uuid_name} 已经存在一个网卡, 无法再次创建"); + return false; + } + let mut rg = rand::thread_rng(); let network = loop { // 生成一个随机桥ip - let base_addr = format!("10.{}.{}", rg.gen_range(0..255), rg.gen_range(0..255)); + let base_addr = format!("10.{}.{}", rg.gen_range(1..255), rg.gen_range(1..255)); let gateway_addr = format!("{base_addr}.0"); let bridge_addr = format!("{base_addr}.1"); let slave_addr = format!("{base_addr}.3"); if all_network.iter().any(|n|n.bridge_addr == bridge_addr) == false { - let bridge_name = format!("ro_{uuid_name}_1"); - let master_veth_name = format!("ro_{uuid_name}_2"); - let slave_veth_name = format!("ro_{uuid_name}_3"); let net_work = NetWrok { gateway_addr, bridge_addr,