Merge pull request #2429 from devimc/topic/virtcontainers/rootlessStore

rootless: implement rootless fs and support --rootless option

cli/main.go

@@ -18,12 +18,12 @@ import (
 	"syscall"
 
 	"github.com/kata-containers/runtime/pkg/katautils"
-	"github.com/kata-containers/runtime/pkg/rootless"
 	"github.com/kata-containers/runtime/pkg/signals"
 	vc "github.com/kata-containers/runtime/virtcontainers"
 	exp "github.com/kata-containers/runtime/virtcontainers/experimental"
 	vf "github.com/kata-containers/runtime/virtcontainers/factory"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
+	"github.com/kata-containers/runtime/virtcontainers/pkg/rootless"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/sirupsen/logrus"
@@ -102,6 +102,11 @@ var runtimeFlags = []cli.Flag{
 		Value: defaultRootDirectory,
 		Usage: "root directory for storage of container state (this should be located in tmpfs)",
 	},
+	cli.StringFlag{
+		Name:  "rootless",
+		Value: "auto",
+		Usage: "ignore cgroup permission errors ('true', 'false', or 'auto')",
+	},
 	cli.BoolFlag{
 		Name:  showConfigPathsOption,
 		Usage: "show config file paths that will be checked for (in order)",
@@ -266,6 +271,19 @@ func beforeSubcommands(c *cli.Context) error {
 		return nil
 	}
 
+	r, err := parseBoolOrAuto(c.GlobalString("rootless"))
+	if err != nil {
+		return err
+	}
+	// If flag is true/false, assign the rootless flag.
+	// vc will not perform any auto-detection in that case.
+	// In case flag is nil or auto, vc detects if the runtime is running as rootless.
+	if r != nil {
+		rootless.SetRootless(*r)
+	}
+	// Support --systed-cgroup
+	// Issue: https://github.com/kata-containers/runtime/issues/2428
+
 	ignoreConfigLogs := false
 	var traceRootSpan string
 

cli/main_test.go

@@ -24,10 +24,10 @@ import (
 	"github.com/dlespiau/covertool/pkg/cover"
 	ktu "github.com/kata-containers/runtime/pkg/katatestutils"
 	"github.com/kata-containers/runtime/pkg/katautils"
-	"github.com/kata-containers/runtime/pkg/rootless"
 	vc "github.com/kata-containers/runtime/virtcontainers"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
+	"github.com/kata-containers/runtime/virtcontainers/pkg/rootless"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
 	"github.com/kata-containers/runtime/virtcontainers/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"

cli/utils.go

@@ -1,3 +1,4 @@
+// Copyright (c) 2014 Docker, Inc.
 // Copyright (c) 2017 Intel Corporation
 //
 // SPDX-License-Identifier: Apache-2.0
@@ -8,6 +9,7 @@ package main
 import (
 	"fmt"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/kata-containers/runtime/pkg/katautils"
@@ -131,3 +133,13 @@ func genericGetCPUDetails() (vendor, model string, err error) {
 
 	return vendor, model, nil
 }
+
+// from runC
+// parseBoolOrAuto returns (nil, nil) if s is empty or "auto"
+func parseBoolOrAuto(s string) (*bool, error) {
+	if s == "" || strings.ToLower(s) == "auto" {
+		return nil, nil
+	}
+	b, err := strconv.ParseBool(s)
+	return &b, err
+}

pkg/katautils/network.go

@@ -16,8 +16,8 @@ import (
 
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containernetworking/plugins/pkg/testutils"
-	"github.com/kata-containers/runtime/pkg/rootless"
 	vc "github.com/kata-containers/runtime/virtcontainers"
+	"github.com/kata-containers/runtime/virtcontainers/pkg/rootless"
 	"golang.org/x/sys/unix"
 )
 

pkg/katautils/oci.go

@@ -13,7 +13,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/kata-containers/runtime/pkg/rootless"
+	"github.com/kata-containers/runtime/virtcontainers/pkg/rootless"
 )
 
 const ctrsMappingDirMode = os.FileMode(0750)

pkg/katautils/oci_test.go

@@ -13,7 +13,7 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/kata-containers/runtime/pkg/rootless"
+	"github.com/kata-containers/runtime/virtcontainers/pkg/rootless"
 	"github.com/stretchr/testify/assert"
 )
 

virtcontainers/acrn.go

@@ -21,11 +21,8 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 
-	"github.com/kata-containers/runtime/pkg/rootless"
 	"github.com/kata-containers/runtime/virtcontainers/device/config"
-	"github.com/kata-containers/runtime/virtcontainers/persist"
 	persistapi "github.com/kata-containers/runtime/virtcontainers/persist/api"
-	"github.com/kata-containers/runtime/virtcontainers/persist/fs"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/uuid"
 	"github.com/kata-containers/runtime/virtcontainers/types"
 	"github.com/kata-containers/runtime/virtcontainers/utils"
@@ -39,17 +36,6 @@ const (
 	uuidFile       = "uuid.json"
 )
 
-// VMUUIDStoragePath is the uuid directory.
-// It will contain all uuid info used by guest vm.
-var VMUUIDStoragePath = func() string {
-	path := filepath.Join(fs.StorageRootPath(), UUIDPathSuffix)
-	if rootless.IsRootless() {
-		return filepath.Join(rootless.GetRootlessDir(), path)
-	}
-	return path
-
-}
-
 // ACRN currently supports only known UUIDs for security
 // reasons (FuSa). When launching VM, only these pre-defined
 // UUID should be used else VM launch will fail. The main
@@ -101,6 +87,7 @@ type Acrn struct {
 	info       AcrnInfo
 	arch       acrnArch
 	ctx        context.Context
+	store      persistapi.PersistDriver
 }
 
 type acrnPlatformInfo struct {
@@ -328,7 +315,7 @@ func (a *Acrn) setup(id string, hypervisorConfig *HypervisorConfig) error {
 
 		// The path might already exist, but in case of VM templating,
 		// we have to create it since the sandbox has not created it yet.
-		if err = os.MkdirAll(filepath.Join(fs.RunStoragePath(), id), DirMode); err != nil {
+		if err = os.MkdirAll(filepath.Join(a.store.RunStoragePath(), id), DirMode); err != nil {
 			return err
 		}
 
@@ -444,7 +431,7 @@ func (a *Acrn) startSandbox(timeoutSecs int) error {
 		a.Logger().WithField("default-kernel-parameters", formatted).Debug()
 	}
 
-	vmPath := filepath.Join(fs.RunVMStoragePath(), a.id)
+	vmPath := filepath.Join(a.store.RunVMStoragePath(), a.id)
 	err := os.MkdirAll(vmPath, DirMode)
 	if err != nil {
 		return err
@@ -658,7 +645,7 @@ func (a *Acrn) getSandboxConsole(id string) (string, error) {
 	span, _ := a.trace("getSandboxConsole")
 	defer span.Finish()
 
-	return utils.BuildSocketPath(fs.RunVMStoragePath(), id, acrnConsoleSocket)
+	return utils.BuildSocketPath(a.store.RunVMStoragePath(), id, acrnConsoleSocket)
 }
 
 func (a *Acrn) saveSandbox() error {
@@ -734,7 +721,7 @@ func (a *Acrn) check() error {
 }
 
 func (a *Acrn) generateSocket(id string, useVsock bool) (interface{}, error) {
-	return generateVMSocket(id, useVsock)
+	return generateVMSocket(id, useVsock, a.store.RunVMStoragePath())
 }
 
 // GetACRNUUIDBytes returns UUID bytes that is used for VM creation
@@ -797,32 +784,24 @@ func (a *Acrn) GetMaxSupportedACRNVM() (uint8, error) {
 }
 
 func (a *Acrn) storeInfo() error {
-	store, err := persist.GetDriver("fs")
-	if err != nil {
-		return err
-	}
 	relPath := filepath.Join(UUIDPathSuffix, uuidFile)
 
 	jsonOut, err := json.Marshal(a.info)
 	if err != nil {
 		return fmt.Errorf("Could not marshal data: %s", err)
 	}
 
-	if err := store.GlobalWrite(relPath, jsonOut); err != nil {
+	if err := a.store.GlobalWrite(relPath, jsonOut); err != nil {
 		return fmt.Errorf("failed to write uuid to file: %v", err)
 	}
 
 	return nil
 }
 
 func (a *Acrn) loadInfo() error {
-	store, err := persist.GetDriver("fs")
-	if err != nil {
-		return err
-	}
 	relPath := filepath.Join(UUIDPathSuffix, uuidFile)
 
-	data, err := store.GlobalRead(relPath)
+	data, err := a.store.GlobalRead(relPath)
 	if err != nil {
 		return fmt.Errorf("failed to read uuid from file: %v", err)
 	}

virtcontainers/acrn_arch_base_test.go

@@ -107,7 +107,7 @@ func TestAcrnArchBaseAppendConsoles(t *testing.T) {
 	assert := assert.New(t)
 	acrnArchBase := newAcrnArchBase()
 
-	path := filepath.Join(filepath.Join(fs.RunStoragePath(), sandboxID), consoleSocket)
+	path := filepath.Join(filepath.Join(fs.MockRunStoragePath(), sandboxID), consoleSocket)
 
 	expectedOut := []Device{
 		ConsoleDevice{

virtcontainers/acrn_test.go

@@ -12,7 +12,7 @@ import (
 	"testing"
 
 	"github.com/kata-containers/runtime/virtcontainers/device/config"
-	"github.com/kata-containers/runtime/virtcontainers/persist/fs"
+	"github.com/kata-containers/runtime/virtcontainers/persist"
 	"github.com/kata-containers/runtime/virtcontainers/types"
 	"github.com/stretchr/testify/assert"
 )
@@ -194,11 +194,16 @@ func TestAcrnUpdateBlockDeviceInvalidIdx(t *testing.T) {
 
 func TestAcrnGetSandboxConsole(t *testing.T) {
 	assert := assert.New(t)
+
+	store, err := persist.GetDriver()
+	assert.NoError(err)
+
 	a := &Acrn{
-		ctx: context.Background(),
+		ctx:   context.Background(),
+		store: store,
 	}
 	sandboxID := "testSandboxID"
-	expected := filepath.Join(fs.RunVMStoragePath(), sandboxID, consoleSocket)
+	expected := filepath.Join(a.store.RunVMStoragePath(), sandboxID, consoleSocket)
 
 	result, err := a.getSandboxConsole(sandboxID)
 	assert.NoError(err)
@@ -208,7 +213,12 @@ func TestAcrnGetSandboxConsole(t *testing.T) {
 func TestAcrnCreateSandbox(t *testing.T) {
 	assert := assert.New(t)
 	acrnConfig := newAcrnConfig()
-	a := &Acrn{}
+	store, err := persist.GetDriver()
+	assert.NoError(err)
+
+	a := &Acrn{
+		store: store,
+	}
 
 	sandbox := &Sandbox{
 		ctx: context.Background(),
@@ -218,7 +228,7 @@ func TestAcrnCreateSandbox(t *testing.T) {
 		},
 	}
 
-	err := globalSandboxList.addSandbox(sandbox)
+	err = globalSandboxList.addSandbox(sandbox)
 	assert.NoError(err)
 
 	defer globalSandboxList.removeSandbox(sandbox.id)

virtcontainers/agent.go

@@ -224,9 +224,6 @@ type agent interface {
 	// configureFromGrpc will update agent settings based on provided arguments which from Grpc
 	configureFromGrpc(h hypervisor, id string, builtin bool, config interface{}) error
 
-	// getVMPath will return the agent vm socket's directory path
-	getVMPath(id string) string
-
 	// getSharePath will return the agent 9pfs share mount path
 	getSharePath(id string) string
 

virtcontainers/api.go

@@ -13,7 +13,7 @@ import (
 
 	deviceApi "github.com/kata-containers/runtime/virtcontainers/device/api"
 	deviceConfig "github.com/kata-containers/runtime/virtcontainers/device/config"
-	"github.com/kata-containers/runtime/virtcontainers/persist/fs"
+	"github.com/kata-containers/runtime/virtcontainers/persist"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
 	vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
 	"github.com/kata-containers/runtime/virtcontainers/types"
@@ -308,9 +308,12 @@ func ListSandbox(ctx context.Context) ([]SandboxStatus, error) {
 	span, ctx := trace(ctx, "ListSandbox")
 	defer span.Finish()
 
-	sbsdir := fs.RunStoragePath()
+	store, err := persist.GetDriver()
+	if err != nil {
+		return []SandboxStatus{}, err
+	}
 
-	dir, err := os.Open(sbsdir)
+	dir, err := os.Open(store.RunStoragePath())
 	if err != nil {
 		if os.IsNotExist(err) {
 			// No sandbox directory is not an error