diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-02-06 23:46:28 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-02-06 23:46:28 +0100 |
| commit | 63d8f387fd24488c4152ce67b764147b4b98c261 (patch) | |
| tree | a3e8b7f3275408458c3e71eb67f8c58678b43e47 | |
| parent | 0a241cdcd34b94429100eae258bdb57500617662 (diff) | |
| download | rebel-63d8f387fd24488c4152ce67b764147b4b98c261.tar rebel-63d8f387fd24488c4152ce67b764147b4b98c261.zip | |
runc: create mount namespace for each task
| -rw-r--r-- | src/runner/runc/init.rs | 18 | ||||
| -rw-r--r-- | src/runner/runc/run.rs | 75 |
2 files changed, 66 insertions, 27 deletions
diff --git a/src/runner/runc/init.rs b/src/runner/runc/init.rs index 1786719..658b318 100644 --- a/src/runner/runc/init.rs +++ b/src/runner/runc/init.rs @@ -52,24 +52,6 @@ fn prepare_buildtmp() -> io::Result<()> { } DirBuilder::new().create("build/tmp/runc")?; - DirBuilder::new().create("build/tmp/runc/rootfs")?; - - mount::mount::<_, _, str, str>( - Some("build/tmp/rootfs"), - "build/tmp/runc/rootfs", - None, - MsFlags::MS_BIND, - None, - ) - .to_io_result()?; - mount::mount::<str, _, str, str>( - None, - "build/tmp/runc/rootfs", - None, - MsFlags::MS_BIND | MsFlags::MS_REMOUNT | MsFlags::MS_RDONLY, - None, - ) - .to_io_result()?; Ok(()) } diff --git a/src/runner/runc/run.rs b/src/runner/runc/run.rs index 9261b7d..10acbe6 100644 --- a/src/runner/runc/run.rs +++ b/src/runner/runc/run.rs @@ -1,31 +1,88 @@ -use std::{io, process}; +use std::{fs::DirBuilder, io, process}; +use nix::{ + mount::{self, MsFlags}, + sched::{self, CloneFlags}, +}; use serde::{Deserialize, Serialize}; -use crate::types::*; +use crate::{types::*, util::ToIOResult}; + #[derive(Debug, Deserialize, Serialize)] -pub struct Error; +pub enum Error { + Code(i32), + String(String), +} + +impl From<io::Error> for Error { + fn from(error: io::Error) -> Self { + match error.raw_os_error() { + Some(code) => Error::Code(code), + None => Error::String(error.to_string()), + } + } +} impl From<Error> for io::Error { - fn from(_: Error) -> Self { - io::Error::new(io::ErrorKind::Other, "Failed to run task") + fn from(error: Error) -> Self { + match error { + Error::Code(code) => io::Error::from_raw_os_error(code), + Error::String(string) => io::Error::new(io::ErrorKind::Other, string), + } } } +fn init_task() -> Result<(), Error> { + sched::unshare(CloneFlags::CLONE_NEWNS).to_io_result()?; + + mount::mount::<_, _, _, str>( + Some("runc"), + "build/tmp/runc", + Some("tmpfs"), + MsFlags::empty(), + None, + ) + .to_io_result()?; + + DirBuilder::new().create("build/tmp/runc/rootfs")?; + + mount::mount::<_, _, str, str>( + Some("build/tmp/rootfs"), + "build/tmp/runc/rootfs", + None, + MsFlags::MS_BIND, + None, + ) + .to_io_result()?; + mount::mount::<str, _, str, str>( + None, + "build/tmp/runc/rootfs", + None, + MsFlags::MS_BIND | MsFlags::MS_REMOUNT | MsFlags::MS_RDONLY, + None, + ) + .to_io_result()?; + + Ok(()) +} + pub fn handle_task(task: TaskRef, task_def: Task) -> Result<(), Error> { - let result = process::Command::new("sh") + init_task()?; + + let output = process::Command::new("sh") .arg("-c") .arg(task_def.run) .current_dir("build/tmp/runc/rootfs") - .output(); - if let Ok(output) = result { + .output()?; + + if output.status.success() { println!( "{}:\n{}", task, String::from_utf8_lossy(output.stdout.as_slice()), ); } else { - println!("{}:\n\t{:?}", task, result); + println!("{}:\n\t{:?}", task, output); } Ok(()) |