fixme: no merge

fixme no merge Signed-off-by: Julio Montes <julio.montes@intel.com>
kata-containers · Nov 26, 2018 · 833b538 · 833b538
1 parent 2a900c6
commit 833b538
Show file tree

Hide file tree

Showing 12 changed files with 483 additions and 194 deletions.
diff --git a/cli/create.go b/cli/create.go
@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"syscall"
 
 	vc "github.com/kata-containers/runtime/virtcontainers"
 	vf "github.com/kata-containers/runtime/virtcontainers/factory"
@@ -86,6 +87,8 @@ var createCLICommand = cli.Command{
 // Use a variable to allow tests to modify its value
 var getKernelParamsFunc = getKernelParams
 
+var mountRootfsFunc = mountRootfs
+
 func handleFactory(ctx context.Context, runtimeConfig oci.RuntimeConfig) {
 	if !runtimeConfig.FactoryConfig.Template {
 		return
@@ -321,55 +324,91 @@ func setEphemeralStorageType(ociSpec oci.CompatOCISpec) oci.CompatOCISpec {
 }
 
 func createContainer(ctx context.Context, ociSpec oci.CompatOCISpec, containerID, bundlePath,
-	console, consoleSocket string, disableOutput bool) (vc.Process, error) {
+	console, consoleSocket string, disableOutput bool) (p vc.Process, err error) {
 	sandboxID, err := ociSpec.SandboxID()
 	if err != nil {
-		return vc.Process{}, err
+		return
 	}
 
-	if err := newPersistentNamespaces(sandboxID, containerID, ociSpec.Linux.Namespaces); err != nil {
-		return vc.Process{}, err
+	if err = newPersistentNamespaces(sandboxID, containerID, ociSpec.Linux.Namespaces); err != nil {
+		return
 	}
 
+	defer func() {
+		if err != nil {
+			if e := removePersistentNamespaces(sandboxID, containerID); e != nil {
+				kataLog.WithError(e).Warn("Could not remove persisten namespaces")
+			}
+		}
+	}()
+
 	span, ctx := trace(ctx, "createContainer")
 	defer span.Finish()
 
 	consolePath, err := setupConsole(console, consoleSocket)
 	if err != nil {
-		return vc.Process{}, err
+		return
 	}
 
 	ociSpec = setEphemeralStorageType(ociSpec)
 
 	contConfig, err := oci.ContainerConfig(ociSpec, bundlePath, containerID, consolePath, disableOutput)
 	if err != nil {
-		return vc.Process{}, err
+		return
+	}
+
+	rootfs, err := mountRootfsFunc(contConfig.RootFs)
+	if err != nil {
+		return
 	}
 
+	defer func() {
+		if err != nil && rootfs != "" {
+			if e := syscall.Unmount(rootfs, 0); e != nil {
+				kataLog.WithError(e).WithField("rootfs", rootfs).Warn("Could not unmount rootfs")
+			}
+		}
+	}()
+
 	kataLog = kataLog.WithField("sandbox", sandboxID)
 	setExternalLoggers(ctx, kataLog)
 	span.SetTag("sandbox", sandboxID)
 
 	s, c, err := vci.CreateContainer(ctx, sandboxID, contConfig)
 	if err != nil {
-		return vc.Process{}, err
+		return
 	}
 
 	// Run pre-start OCI hooks.
 	err = enterNetNS(s.GetNetNs(), func() error {
 		return preStartHooks(ctx, ociSpec, containerID, bundlePath)
 	})
 	if err != nil {
-		return vc.Process{}, err
+		return
 	}
 
-	if err := addContainerIDMapping(ctx, containerID, sandboxID); err != nil {
-		return vc.Process{}, err
+	if err = addContainerIDMapping(ctx, containerID, sandboxID); err != nil {
+		return
 	}
 
 	return c.Process(), nil
 }
 
+func mountRootfs(rootfs string) (string, error) {
+	// Sandbox's mount namespaces was created before this container, hence
+	// the rootfs for this container must be mounted to make it visible
+	info, err := getFsInfo(rootfs)
+	if err != nil {
+		return "", err
+	}
+
+	if err = syscall.Mount(info.device, info.mountPoint, info.fsType, uintptr(info.flags), info.data); err != nil {
+		return "", err
+	}
+
+	return info.mountPoint, nil
+}
+
 func createPIDFile(ctx context.Context, pidFilePath string, pid int) error {
 	span, _ := trace(ctx, "createPIDFile")
 	defer span.Finish()

diff --git a/cli/delete.go b/cli/delete.go
@@ -60,7 +60,8 @@ EXAMPLE:
 }
 
 func delete(ctx context.Context, containerID string, force bool) error {
-	if err := joinNamespaces(containerID); err != nil {
+	joinedNs, err := joinNamespaces(containerID)
+	if err != nil {
 		return err
 	}
 
@@ -115,6 +116,11 @@ func delete(ctx context.Context, containerID string, force bool) error {
 			return err
 		}
 	case vc.PodContainer:
+		// rootfs is mounted to make container rootfs visible inside sandbox namespace
+		if err := unmountRootfsFunc(status, ociSpec, joinedNs); err != nil {
+			return err
+		}
+
 		if err := deleteContainer(ctx, sandboxID, containerID, forceStop); err != nil {
 			return err
 		}
@@ -127,7 +133,7 @@ func delete(ctx context.Context, containerID string, force bool) error {
 		return err
 	}
 
-	if err := removePersistentNamespaces(sandboxID, containerID, ociSpec.Linux.Namespaces); err != nil {
+	if err := removePersistentNamespaces(sandboxID, containerID); err != nil {
 		return err
 	}
 

diff --git a/cli/exec.go b/cli/exec.go
@@ -189,7 +189,7 @@ func generateExecParams(context *cli.Context, specProcess *oci.CompatOCIProcess)
 
 func execute(ctx context.Context, context *cli.Context) error {
 	containerID := context.Args().First()
-	if err := joinNamespaces(containerID); err != nil {
+	if _, err := joinNamespaces(containerID); err != nil {
 		return err
 	}
 

diff --git a/cli/kill.go b/cli/kill.go
@@ -9,10 +9,12 @@ package main
 import (
 	"context"
 	"fmt"
+	"path/filepath"
 	"strconv"
 	"syscall"
 
 	vc "github.com/kata-containers/runtime/virtcontainers"
+	vcAnnot "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -29,7 +31,7 @@ var killCLICommand = cli.Command{
 EXAMPLE:
    If the container id is "ubuntu01" the following will send a "KILL" signal
    to the init process of the "ubuntu01" container:
-	 
+
        # ` + name + ` kill ubuntu01 KILL`,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@@ -96,8 +98,11 @@ var signalList = map[string]syscall.Signal{
 	"SIGXFSZ":   syscall.SIGXFSZ,
 }
 
+var unmountRootfsFunc = unmountRootfs
+
 func kill(ctx context.Context, containerID, signal string, all bool) error {
-	if err := joinNamespaces(containerID); err != nil {
+	joinedNs, err := joinNamespaces(containerID)
+	if err != nil {
 		return err
 	}
 
@@ -144,21 +149,42 @@ func kill(ctx context.Context, containerID, signal string, all bool) error {
 		return nil
 	}
 
+	return stopContainer(ctx, sandboxID, containerID, status, joinedNs)
+}
+
+func stopContainer(ctx context.Context, sandboxID, containerID string, status vc.ContainerStatus, joinedNs bool) error {
 	containerType, err := oci.GetContainerType(status.Annotations)
 	if err != nil {
 		return err
 	}
 
+	ociSpec, err := oci.GetOCIConfig(status)
+	if err != nil {
+		return err
+	}
+
 	switch containerType {
 	case vc.PodSandbox:
-		_, err = vci.StopSandbox(ctx, sandboxID)
+		if _, err = vci.StopSandbox(ctx, sandboxID); err != nil {
+			return err
+		}
+		if err := removePersistentNamespaces(sandboxID, containerID); err != nil {
+			return err
+		}
 	case vc.PodContainer:
-		_, err = vci.StopContainer(ctx, sandboxID, containerID)
+		// rootfs is mounted to make container rootfs visible inside sandbox namespace
+		if err := unmountRootfsFunc(status, ociSpec, joinedNs); err != nil {
+			return err
+		}
+
+		if _, err = vci.StopContainer(ctx, sandboxID, containerID); err != nil {
+			return err
+		}
 	default:
 		return fmt.Errorf("Invalid container type found")
 	}
 
-	return err
+	return nil
 }
 
 func processSignal(signal string) (syscall.Signal, error) {
@@ -190,3 +216,25 @@ func processSignal(signal string) (syscall.Signal, error) {
 
 	return 0, fmt.Errorf("Signal %s is not supported", signal)
 }
+
+func unmountRootfs(status vc.ContainerStatus, ociSpec oci.CompatOCISpec, joinedNs bool) error {
+	// umount container's rootfs that was mounted in the sandbox namespace
+	if joinedNs {
+		rootfs := ociSpec.Root.Path
+		if !filepath.IsAbs(rootfs) {
+			rootfs = filepath.Join(status.Annotations[vcAnnot.BundlePathKey], ociSpec.Root.Path)
+		}
+
+		info, err := getFsInfo(rootfs)
+		if err != nil {
+			kataLog.WithError(err).WithField("path", rootfs).Warn("Could not get filesystem information")
+			return nil
+		}
+
+		if err := syscall.Unmount(info.mountPoint, 0); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/cli/kill_test.go b/cli/kill_test.go
@@ -68,8 +68,14 @@ func testKillCLIFunctionTerminationSignalSuccessful(t *testing.T, sig string) {
 		State: vc.StateRunning,
 	}
 
+	rootPath, configPath := testConfigSetup(t)
+	defer os.RemoveAll(rootPath)
+	configJSON, err := readOCIConfigJSON(configPath)
+	assert.NoError(err)
+
 	annotations := map[string]string{
 		vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
+		vcAnnotations.ConfigJSONKey:    configJSON,
 	}
 
 	testingImpl.KillContainerFunc = testKillContainerFuncReturnNil
@@ -96,6 +102,7 @@ func testKillCLIFunctionTerminationSignalSuccessful(t *testing.T, sig string) {
 
 	annotations = map[string]string{
 		vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
+		vcAnnotations.ConfigJSONKey:    configJSON,
 	}
 
 	testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
@@ -154,8 +161,14 @@ func TestKillCLIFunctionNoSignalSuccessful(t *testing.T) {
 		State: vc.StateRunning,
 	}
 
+	rootPath, configPath := testConfigSetup(t)
+	defer os.RemoveAll(rootPath)
+	configJSON, err := readOCIConfigJSON(configPath)
+	assert.NoError(err)
+
 	annotations := map[string]string{
 		vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
+		vcAnnotations.ConfigJSONKey:    configJSON,
 	}
 
 	testingImpl.KillContainerFunc = testKillContainerFuncReturnNil
@@ -182,6 +195,7 @@ func TestKillCLIFunctionNoSignalSuccessful(t *testing.T) {
 
 	annotations = map[string]string{
 		vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
+		vcAnnotations.ConfigJSONKey:    configJSON,
 	}
 
 	testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
@@ -204,8 +218,14 @@ func TestKillCLIFunctionEnableAllSuccessful(t *testing.T) {
 		State: vc.StateRunning,
 	}
 
+	rootPath, configPath := testConfigSetup(t)
+	defer os.RemoveAll(rootPath)
+	configJSON, err := readOCIConfigJSON(configPath)
+	assert.NoError(err)
+
 	annotations := map[string]string{
 		vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
+		vcAnnotations.ConfigJSONKey:    configJSON,
 	}
 
 	testingImpl.KillContainerFunc = func(ctx context.Context, sandboxID, containerID string, signal syscall.Signal, all bool) error {
@@ -239,6 +259,7 @@ func TestKillCLIFunctionEnableAllSuccessful(t *testing.T) {
 
 	annotations = map[string]string{
 		vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
+		vcAnnotations.ConfigJSONKey:    configJSON,
 	}
 
 	testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
@@ -327,9 +348,17 @@ func TestKillCLIFunctionStatePausedSuccessful(t *testing.T) {
 	assert.NoError(err)
 	defer os.RemoveAll(path)
 
+	rootPath, configPath := testConfigSetup(t)
+	defer os.RemoveAll(rootPath)
+	configJSON, err := readOCIConfigJSON(configPath)
+	assert.NoError(err)
+
 	testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
 		return newSingleContainerStatus(testContainerID, state,
-			map[string]string{string(vcAnnotations.ContainerTypeKey): string(vc.PodContainer)}), nil
+			map[string]string{
+				string(vcAnnotations.ContainerTypeKey): string(vc.PodContainer),
+				vcAnnotations.ConfigJSONKey:            configJSON,
+			}), nil
 	}
 
 	defer func() {