|
|
|
@ -4,13 +4,13 @@ use std::fs::File;
|
|
|
|
use std::io::Read;
|
|
|
|
use std::io::Read;
|
|
|
|
use std::os::fd::{AsFd, AsRawFd};
|
|
|
|
use std::os::fd::{AsFd, AsRawFd};
|
|
|
|
use std::os::unix::fs::PermissionsExt;
|
|
|
|
use std::os::unix::fs::PermissionsExt;
|
|
|
|
|
|
|
|
use std::os::unix::process::CommandExt;
|
|
|
|
use nix::libc::{self, setgid, CLONE_NEWCGROUP, MS_NODEV, MS_NOSUID};
|
|
|
|
use nix::libc::{self, setgid, CLONE_NEWCGROUP, MS_NODEV, MS_NOSUID};
|
|
|
|
use nix::sched::{clone, CloneCb, CloneFlags, setns};
|
|
|
|
use nix::sched::{clone, CloneCb, CloneFlags, setns};
|
|
|
|
use nix::sys::signal::{kill, Signal};
|
|
|
|
use nix::sys::signal::{kill, Signal};
|
|
|
|
use nix::sys::wait::{wait, waitpid, waitid, WaitPidFlag};
|
|
|
|
use nix::sys::wait::{wait, waitpid, waitid, WaitPidFlag};
|
|
|
|
use nix::unistd::{chdir, chroot, dup2, execv, pivot_root, setuid, sleep, Gid, Pid, Uid, User, setgroups};
|
|
|
|
use nix::unistd::{chdir, chroot, dup2, execv, pivot_root, setuid, sleep, Gid, Pid, Uid, User, setgroups};
|
|
|
|
use nix::mount::{mount, MntFlags, MsFlags, umount2, umount};
|
|
|
|
use nix::mount::{mount, MntFlags, MsFlags, umount2};
|
|
|
|
use nix::env::clearenv;
|
|
|
|
|
|
|
|
use std::path::{Path, PathBuf};
|
|
|
|
use std::path::{Path, PathBuf};
|
|
|
|
use clap::Parser;
|
|
|
|
use clap::Parser;
|
|
|
|
use error::{Result, RockerError};
|
|
|
|
use error::{Result, RockerError};
|
|
|
|
@ -226,7 +226,7 @@ fn init_container_pivot<P: AsRef<Path>>(merged_path: P) -> Result<()> {
|
|
|
|
mount(None::<&str>, "/", None::<&str>, MsFlags::MS_PRIVATE | MsFlags::MS_REC, None::<&str>)?;
|
|
|
|
mount(None::<&str>, "/", None::<&str>, MsFlags::MS_PRIVATE | MsFlags::MS_REC, None::<&str>)?;
|
|
|
|
|
|
|
|
|
|
|
|
// 修改overlayfs 为rootfs
|
|
|
|
// 修改overlayfs 为rootfs
|
|
|
|
chdir(merged_path.as_ref())?;
|
|
|
|
std::env::set_current_dir(merged_path)?;
|
|
|
|
let pwd_path = std::env::current_dir()?;
|
|
|
|
let pwd_path = std::env::current_dir()?;
|
|
|
|
let pwd_str = pwd_path.to_string_lossy().to_string();
|
|
|
|
let pwd_str = pwd_path.to_string_lossy().to_string();
|
|
|
|
|
|
|
|
|
|
|
|
@ -241,7 +241,7 @@ fn init_container_pivot<P: AsRef<Path>>(merged_path: P) -> Result<()> {
|
|
|
|
pivot_root(pwd_str.as_str(), pivot_root_dir.as_str())?;
|
|
|
|
pivot_root(pwd_str.as_str(), pivot_root_dir.as_str())?;
|
|
|
|
|
|
|
|
|
|
|
|
// 修改当前进程工作目录(注意我们之前已经到rootfs内, 并且把根目录设置完毕了)
|
|
|
|
// 修改当前进程工作目录(注意我们之前已经到rootfs内, 并且把根目录设置完毕了)
|
|
|
|
chdir("/")?;
|
|
|
|
std::env::set_current_dir("/")?;
|
|
|
|
|
|
|
|
|
|
|
|
// 卸载 old_root, 并删除临时文件
|
|
|
|
// 卸载 old_root, 并删除临时文件
|
|
|
|
umount2(".pivot_root", MntFlags::MNT_DETACH).unwrap();
|
|
|
|
umount2(".pivot_root", MntFlags::MNT_DETACH).unwrap();
|
|
|
|
@ -296,17 +296,7 @@ fn create_dir<P: AsRef<Path>>(path: P, is_any:bool) -> Result<()> {
|
|
|
|
fn parse_cmd(run: &String) -> Vec<CString>{
|
|
|
|
fn parse_cmd(run: &String) -> Vec<CString>{
|
|
|
|
let args= run
|
|
|
|
let args= run
|
|
|
|
.split(" ")
|
|
|
|
.split(" ")
|
|
|
|
.filter_map(|s| {
|
|
|
|
.filter_map(|s| CString::new(s).ok())
|
|
|
|
match CString::new(s) {
|
|
|
|
|
|
|
|
Ok(cs) => {
|
|
|
|
|
|
|
|
Some(cs)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
Err(e) => {
|
|
|
|
|
|
|
|
println!("{e:?}");
|
|
|
|
|
|
|
|
None
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
.collect::<Vec<CString>>();
|
|
|
|
.collect::<Vec<CString>>();
|
|
|
|
args
|
|
|
|
args
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -393,13 +383,11 @@ fn run_container(_container_id: &String, cmd: &String, args: &RockerArgs, volume
|
|
|
|
init_container_env(None).unwrap();
|
|
|
|
init_container_env(None).unwrap();
|
|
|
|
init_container_user(rocker_uid, rocker_gid).unwrap();
|
|
|
|
init_container_user(rocker_uid, rocker_gid).unwrap();
|
|
|
|
|
|
|
|
|
|
|
|
let cmd_vec = parse_cmd(cmd);
|
|
|
|
let cmd_vec = cmd.split(" ").collect::<Vec<&str>>();
|
|
|
|
match execv(&cmd_vec[0], &cmd_vec) {
|
|
|
|
let err = std::process::Command::new(cmd_vec[0])
|
|
|
|
Err(e) => {
|
|
|
|
.args(&cmd_vec[1..])
|
|
|
|
println!("execv {cmd_vec:?}失败: {e:?}");
|
|
|
|
.exec();
|
|
|
|
}
|
|
|
|
println!("execv {cmd_vec:?}失败: {err:?}");
|
|
|
|
_ => {},
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
0isize
|
|
|
|
0isize
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
@ -425,17 +413,14 @@ fn run_container(_container_id: &String, cmd: &String, args: &RockerArgs, volume
|
|
|
|
init_container_mount().unwrap();
|
|
|
|
init_container_mount().unwrap();
|
|
|
|
init_container_log(args.log).unwrap();
|
|
|
|
init_container_log(args.log).unwrap();
|
|
|
|
init_container_user(rocker_uid, rocker_gid).unwrap();
|
|
|
|
init_container_user(rocker_uid, rocker_gid).unwrap();
|
|
|
|
|
|
|
|
|
|
|
|
let cmd_vec = parse_cmd(cmd);
|
|
|
|
let cmd_vec = cmd.split(" ").collect::<Vec<&str>>();
|
|
|
|
match execv(&cmd_vec[0], &cmd_vec) {
|
|
|
|
let err = std::process::Command::new(cmd_vec[0])
|
|
|
|
Err(e) => {
|
|
|
|
.args(&cmd_vec[1..])
|
|
|
|
println!("execv {cmd_vec:?}失败: {e:?}");
|
|
|
|
.exec();
|
|
|
|
}
|
|
|
|
println!("execv {cmd_vec:?}失败: {err:?}");
|
|
|
|
_ => {},
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
0isize
|
|
|
|
0isize
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
clone_flags = CloneFlags::from_bits_truncate(CLONE_FLAG);
|
|
|
|
clone_flags = CloneFlags::from_bits_truncate(CLONE_FLAG);
|
|
|
|
Box::new(_cb) as CloneCb
|
|
|
|
Box::new(_cb) as CloneCb
|
|
|
|
};
|
|
|
|
};
|
|
|
|
@ -615,7 +600,7 @@ fn main() -> Result<()>{
|
|
|
|
Err(e) => {
|
|
|
|
Err(e) => {
|
|
|
|
println!("run_container失败: {e}");
|
|
|
|
println!("run_container失败: {e}");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
save_container_info(&args, &container_id, pid)?; // todo 无论出不错, 都要保存一个信息, 后面需要删除用清理
|
|
|
|
save_container_info(&args, &container_id, pid)?; // todo 无论出不错, 都要保存一个信息, 后面需要删除用清理
|
|
|
|
} else if args.ps || args.psa {
|
|
|
|
} else if args.ps || args.psa {
|
|
|
|
// --ps
|
|
|
|
// --ps
|
|
|
|
@ -629,18 +614,6 @@ fn main() -> Result<()>{
|
|
|
|
} else if let (Some(cmd), Some(container_id)) = (&args.run, &args.exec) {
|
|
|
|
} else if let (Some(cmd), Some(container_id)) = (&args.run, &args.exec) {
|
|
|
|
run_container(container_id, &cmd, &args, &Default::default(), true).unwrap();
|
|
|
|
run_container(container_id, &cmd, &args, &Default::default(), true).unwrap();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// } else if let Some(containers_id) = &args.start {
|
|
|
|
|
|
|
|
// // --start
|
|
|
|
|
|
|
|
// start_container(containers_id)?;
|
|
|
|
|
|
|
|
// } else if let Some(containers_id) = &args.exec {
|
|
|
|
|
|
|
|
// // --exec
|
|
|
|
|
|
|
|
// exec_container(containers_id, &cmd, &args)?;
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// exec
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// logs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
阳光少年
1 year ago