From dd6fe704381513df583196cf9d504246e94cc65e Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sun, 7 Feb 2021 00:58:10 +0100
Subject: runc: run commands in runc containers

---
 Cargo.lock             | 35 +++++++++++++++++++++++
 Cargo.toml             |  1 +
 src/runner/runc/run.rs | 77 ++++++++++++++++++++++++++++++++++----------------
 3 files changed, 88 insertions(+), 25 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 569e8f3..aa792f9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -155,6 +155,12 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "itoa"
+version = "0.4.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736"
+
 [[package]]
 name = "kernel32-sys"
 version = "0.2.2"
@@ -252,6 +258,17 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "oci-spec"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8eb445556ec119b785f90e1705c6b6aa684ccc2afee6c43d4a9fa4148d420e37"
+dependencies = [
+ "serde",
+ "serde_derive",
+ "serde_json",
+]
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.10"
@@ -364,6 +381,7 @@ dependencies = [
  "ipc-channel",
  "libc",
  "nix",
+ "oci-spec",
  "serde",
  "serde_yaml",
  "tar",
@@ -389,6 +407,12 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "ryu"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
+
 [[package]]
 name = "same-file"
 version = "1.0.6"
@@ -418,6 +442,17 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "serde_json"
+version = "1.0.62"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea1c6153794552ea7cf7cf63b1231a25de00ec90db326ba6264440fa08e31486"
+dependencies = [
+ "itoa",
+ "ryu",
+ "serde",
+]
+
 [[package]]
 name = "serde_yaml"
 version = "0.8.15"
diff --git a/Cargo.toml b/Cargo.toml
index 5b9f7ba..b91e375 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,6 +11,7 @@ edition = "2018"
 ipc-channel = { git = "https://github.com/NeoRaider/ipc-channel.git", branch = "integration" }
 libc = "0.2.84"
 nix = "0.19.1"
+oci-spec = "0.2.8"
 serde = { version = "1", features = ["derive"] }
 serde_yaml = "0.8"
 tar = "0.4.32"
diff --git a/src/runner/runc/run.rs b/src/runner/runc/run.rs
index 10acbe6..e7fb393 100644
--- a/src/runner/runc/run.rs
+++ b/src/runner/runc/run.rs
@@ -1,12 +1,17 @@
-use std::{fs::DirBuilder, io, process};
+use std::{io, process};
 
 use nix::{
 	mount::{self, MsFlags},
 	sched::{self, CloneFlags},
 };
+use oci_spec::runtime;
 use serde::{Deserialize, Serialize};
 
-use crate::{types::*, util::ToIOResult};
+use crate::{
+	types::*,
+	unshare,
+	util::{Checkable, ToIOResult},
+};
 
 #[derive(Debug, Deserialize, Serialize)]
 pub enum Error {
@@ -44,35 +49,53 @@ fn init_task() -> Result<(), Error> {
 	)
 	.to_io_result()?;
 
-	DirBuilder::new().create("build/tmp/runc/rootfs")?;
+	Ok(())
+}
 
-	mount::mount::<_, _, str, str>(
-		Some("build/tmp/rootfs"),
-		"build/tmp/runc/rootfs",
-		None,
-		MsFlags::MS_BIND,
-		None,
-	)
-	.to_io_result()?;
-	mount::mount::<str, _, str, str>(
-		None,
-		"build/tmp/runc/rootfs",
-		None,
-		MsFlags::MS_BIND | MsFlags::MS_REMOUNT | MsFlags::MS_RDONLY,
-		None,
-	)
-	.to_io_result()?;
+fn configure_spec(path: &str, run: &str) {
+	let mut spec = runtime::Spec::load(path).unwrap();
 
-	Ok(())
+	let process = spec.process.as_mut().unwrap();
+	process.terminal = Some(false);
+	process.user = runtime::User {
+		uid: unshare::BUILD_UID,
+		gid: unshare::BUILD_GID,
+		additional_gids: None,
+		username: None,
+	};
+	process.args = Some(
+		vec!["sh", "-c", run]
+			.into_iter()
+			.map(str::to_string)
+			.collect(),
+	);
+	process.cwd = "/rebel".to_string();
+
+	let root = spec.root.as_mut().unwrap();
+	root.path = "../rootfs".to_string();
+
+	spec.hostname = Some("rebel-builder".to_string());
+
+	spec.save(path).unwrap();
 }
 
 pub fn handle_task(task: TaskRef, task_def: Task) -> Result<(), Error> {
 	init_task()?;
 
-	let output = process::Command::new("sh")
-		.arg("-c")
-		.arg(task_def.run)
-		.current_dir("build/tmp/runc/rootfs")
+	process::Command::new("runc")
+		.arg("spec")
+		.current_dir("build/tmp/runc")
+		.status()?
+		.check()?;
+
+	configure_spec("build/tmp/runc/config.json", task_def.run.as_str());
+
+	let output = process::Command::new("runc")
+		.arg("--root")
+		.arg("build/tmp/runc/state")
+		.arg("run")
+		.arg("rebel")
+		.current_dir("build/tmp/runc")
 		.output()?;
 
 	if output.status.success() {
@@ -82,7 +105,11 @@ pub fn handle_task(task: TaskRef, task_def: Task) -> Result<(), Error> {
 			String::from_utf8_lossy(output.stdout.as_slice()),
 		);
 	} else {
-		println!("{}:\n\t{:?}", task, output);
+		println!(
+			"{}:\n{}",
+			task,
+			String::from_utf8_lossy(output.stderr.as_slice()),
+		);
 	}
 
 	Ok(())
-- 
cgit v1.2.3