Add support for pause

This experiment adds support for running a global shared pause instance side by side to `conmonrs`. The idea is that this instance keeps the required namespaces open and provides them as part of the container creation response to the consumers. Signed-off-by: Sascha Grunert <[email protected]>
containers · Nov 21, 2022 · f0b26e5 · f0b26e5
1 parent a59a7d4
commit f0b26e5
Show file tree

Hide file tree

Showing 13 changed files with 1,502 additions and 356 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -95,14 +95,14 @@ linters:
     # - wsl
 linters-settings:
   funlen:
-    lines: 100
+    lines: 120
     statements: 50
   varnamelen:
     min-name-length: 1
   cyclop:
-    max-complexity: 20
+    max-complexity: 25
   gocognit:
-    min-complexity: 30
+    min-complexity: 35
   nestif:
     min-complexity: 15
   errcheck:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/conmon-rs/common/proto/conmon.capnp b/conmon-rs/common/proto/conmon.capnp
@@ -57,6 +57,7 @@ interface Conmon {
 
     struct CreateContainerResponse {
         containerPid @0 :UInt32;
+        namespacesPath @1 :Text;
     }
 
     createContainer @1 (request: CreateContainerRequest) -> (response: CreateContainerResponse);
@@ -120,4 +121,31 @@ interface Conmon {
     }
 
     setWindowSizeContainer @5 (request: SetWindowSizeRequest) -> (response: SetWindowSizeResponse);
+
+    ###############################################
+    # CreateNamespaces
+    struct CreateNamespacesRequest {
+        metadata @0 :Data; # Standard metadata to carry.
+        namespaces @1 :List(Namespace); # The list of namespaces to unshare.
+    }
+
+    enum Namespace {
+        ipc @0; # Unshare the IPC namespace.
+        net @1; # Unshare the network namespace.
+        pid @2; # Unshare the PID namespace.
+        user @3; # Unshare the user namespace.
+        uts @4; # Unshare the UTS namespace.
+    }
+
+    struct CreateNamespacesResponse {
+        namespaces @0 :List(NamespaceResponse);  # The list of created namespaces.
+    }
+
+    # Available namespaces.
+    struct NamespaceResponse {
+        type @0 :Namespace; # The type of the namespace.
+        path @1 :Text; # Path to the directory for the unshared namespaces.
+    }
+
+    createNamespaces @6 (request: CreateNamespacesRequest) -> (response: CreateNamespacesResponse);
 }
diff --git a/conmon-rs/server/Cargo.toml b/conmon-rs/server/Cargo.toml
@@ -22,6 +22,7 @@ memchr = "2.5.0"
 multimap = "0.8.3"
 nix = "0.25.0"
 notify = "5.0.0"
+once_cell = "1.16.0"
 opentelemetry = { version = "0.18.0", features = ["rt-tokio"] }
 opentelemetry-otlp = "0.11.0"
 opentelemetry-semantic-conventions = "0.10.0"
@@ -31,6 +32,7 @@ sendfd = { version = "0.4.3", features = ["tokio"] }
 serde = { version = "1.0.147", features = ["derive"] }
 serde_json = "1.0.88"
 shadow-rs = "=0.16.1"
+signal-hook = "0.3.14"
 strum = { version = "0.24.1", features = ["derive"] }
 tempfile = "3.3.0"
 tokio = { version = "1.21.2", features = ["fs", "io-std", "io-util", "macros", "net", "process", "rt", "rt-multi-thread", "signal", "time"] }

diff --git a/conmon-rs/server/src/config.rs b/conmon-rs/server/src/config.rs
@@ -1,6 +1,6 @@
 //! Configuration related structures
 use anyhow::{bail, Result};
-use clap::{ArgEnum, Parser};
+use clap::{ArgEnum, Parser, Subcommand};
 use getset::{CopyGetters, Getters, Setters};
 use serde::{Deserialize, Serialize};
 use std::{fs, path::PathBuf};
@@ -18,9 +18,13 @@ macro_rules! prefix {
     after_help("More info at: https://github.com/containers/conmon-rs"),
     disable_version_flag(true)
 )]
-
 /// An OCI container runtime monitor.
 pub struct Config {
+    #[get = "pub"]
+    #[clap(subcommand)]
+    /// Possible subcommands.
+    command: Option<Commands>,
+
     #[get_copy = "pub"]
     #[clap(
         default_missing_value("default"),
@@ -129,6 +133,42 @@ pub struct Config {
     tracing_endpoint: String,
 }
 
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Subcommand)]
+/// Possible subcommands.
+pub enum Commands {
+    /// Run pause instead of the server.
+    Pause {
+        #[clap(
+            env(concat!(prefix!(), "PAUSE_PATH")),
+            long("path"),
+            short('p'),
+            value_name("PATH")
+        )]
+        /// The base path for pinning the namespaces.
+        path: PathBuf,
+
+        #[clap(long("ipc"))]
+        /// Unshare the IPC namespace.
+        ipc: bool,
+
+        #[clap(long("pid"))]
+        /// Unshare the PID namespace.
+        pid: bool,
+
+        #[clap(long("net"))]
+        /// Unshare the network namespace.
+        net: bool,
+
+        #[clap(long("user"))]
+        /// Unshare the user namespace.
+        user: bool,
+
+        #[clap(long("uts"))]
+        /// Unshare the UTS namespace.
+        uts: bool,
+    },
+}
+
 #[derive(
     ArgEnum,
     AsRefStr,

diff --git a/conmon-rs/server/src/lib.rs b/conmon-rs/server/src/lib.rs
@@ -15,6 +15,7 @@ mod init;
 mod journal;
 mod listener;
 mod oom_watcher;
+mod pause;
 mod rpc;
 mod server;
 mod streams;

diff --git a/conmon-rs/server/src/listener.rs b/conmon-rs/server/src/listener.rs
@@ -73,7 +73,7 @@ pub struct DefaultListener;
 
 impl ListenerImpl for DefaultListener {
     fn bind(&self, path: &Path) -> io::Result<UnixListener> {
-        UnixListener::bind(&path)
+        UnixListener::bind(path)
     }
 
     fn create_dir_all(&self, path: &Path) -> io::Result<()> {