Skip to content

Commit

Permalink
Additional mounting for socket
Browse files Browse the repository at this point in the history 
- hardcoded to `/var/run/appscope`
  • Loading branch information
@michalbiesek
michalbiesek committed Jun 16, 2023
1 parent 6e36312 commit cb84616
Show file tree
Hide file tree
Showing 9 changed files with 149 additions and 84 deletions.
114 changes: 68 additions & 46 deletions src/wrap_go.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,11 +466,16 @@ free_go_str(char *str) {
*
* Please look into opencontainers Linux runtime-spec for details about the exact JSON struct.
* The following changes will be performed:
* - Add a mount point
* - Add a mount points
* `appscope` directory will be mounted from the host "/usr/lib/appscope/" into the container: "/usr/lib/appscope/"
*
* UNIX socket directory will be mounted from the host into the container the path to UNIX socket will be read from
* host based on value in the filter file
*
* - Extend Environment variables
* `LD_PRELOAD` will contain the following entry `/opt/appscope/libscope.so`
* `SCOPE_SETUP_DONE=true` mark that configuration was processed
*
* - Add prestart hook
* execute scope extract operation to ensure using library with proper loader reference (musl/glibc)
*/
Expand All @@ -496,11 +501,11 @@ rewriteOpenContainersConfig(const char *cWorkDir)
goto exit;
}

// Filter file must exists
if (scope_stat("/usr/lib/appscope/scope_filter", &fileStat) == -1) {
scope_fclose(fp);
goto exit;
}
// TODO: read socket location from filter file must exists
// if (scope_stat("/usr/lib/appscope/scope_filter", &fileStat) == -1) {
// scope_fclose(fp);
// goto exit;
// }

// Scope executable must exists
if (scope_snprintf(path, sizeof(path), "/usr/lib/appscope/%s/scope", SCOPE_VER) < 0) {
Expand Down Expand Up @@ -626,7 +631,7 @@ rewriteOpenContainersConfig(const char *cWorkDir)
}

/*
* Handle process mounts
* Handle process mounts for library and filter file and socket
*
"mounts":[
{
Expand All @@ -648,57 +653,74 @@ rewriteOpenContainersConfig(const char *cWorkDir)
"rbind",
"rprivate"
]
},
{
"destination":"/var/run/appscope/",
"type":"bind",
"source":"/var/run/appscope/",
"options":[
"rbind",
"rprivate"
]
}
*/
cJSON *mountNodeArr = cJSON_GetObjectItemCaseSensitive(json, "mounts");
if (!mountNodeArr) {
mountNodeArr = cJSON_CreateArray();

const char *mountPath[2] =
{
"/usr/lib/appscope/",
"/var/run/appscope/"
};

for (int i = 0; i < 2; ++i ) {
cJSON *mountNodeArr = cJSON_GetObjectItemCaseSensitive(json, "mounts");
if (!mountNodeArr) {
mountNodeArr = cJSON_CreateArray();
if (!mountNodeArr) {
cJSON_Delete(json);
goto exit;
}
cJSON_AddItemToObject(json, "mounts", mountNodeArr);
}

cJSON *mountNode = cJSON_CreateObject();
if (!mountNode) {
cJSON_Delete(json);
goto exit;
}
cJSON_AddItemToObject(json, "mounts", mountNodeArr);
}

cJSON *mountNode = cJSON_CreateObject();
if (!mountNode) {
cJSON_Delete(json);
goto exit;
}

if (!cJSON_AddStringToObjLN(mountNode, "destination", "/usr/lib/appscope/")) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}
if (!cJSON_AddStringToObjLN(mountNode, "destination", mountPath[i])) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}

if (!cJSON_AddStringToObjLN(mountNode, "type", "bind")) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}
if (!cJSON_AddStringToObjLN(mountNode, "type", "bind")) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}

if (!cJSON_AddStringToObjLN(mountNode, "source", "/usr/lib/appscope/")) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}
if (!cJSON_AddStringToObjLN(mountNode, "source", mountPath[i])) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}

const char *optItems[2] =
{
"rbind",
"rprivate"
};
const char *optItems[2] =
{
"rbind",
"rprivate"
};

cJSON *optNodeArr = cJSON_CreateStringArray(optItems, 2);
if (!optNodeArr) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
cJSON *optNodeArr = cJSON_CreateStringArray(optItems, 2);
if (!optNodeArr) {
cJSON_Delete(mountNode);
cJSON_Delete(json);
goto exit;
}
cJSON_AddItemToObject(mountNode, "options", optNodeArr);
cJSON_AddItemToArray(mountNodeArr, mountNode);
}
cJSON_AddItemToObject(mountNode, "options", optNodeArr);
cJSON_AddItemToArray(mountNodeArr, mountNode);

/*
* Handle startContainer hooks process
*
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci0out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"startContainer": [{
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci1out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"startContainer": [{
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci2out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"startContainer": [{
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci3out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"startContainer": [{
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci4out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"startContainer": [{
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci5out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"startContainer": [{
Expand Down
5 changes: 5 additions & 0 deletions test/data/oci/oci6out.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@
"type": "bind",
"source": "/usr/lib/appscope/",
"options": ["rbind", "rprivate"]
}, {
"destination": "/var/run/appscope/",
"type": "bind",
"source": "/var/run/appscope/",
"options": ["rbind", "rprivate"]
}],
"hooks": {
"containerstatrt": [{
Expand Down
84 changes: 46 additions & 38 deletions test/unit/library/ocitest.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,54 +179,62 @@ rewriteOpenContainersConfigTest(int id) {
cJSON_AddItemToObject(procNode, "env", envNodeArr);
}

cJSON *mountNodeArr = cJSON_GetObjectItemCaseSensitive(json, "mounts");
if (!mountNodeArr) {
mountNodeArr = cJSON_CreateArray();
const char *mountPath[2] =
{
"/usr/lib/appscope/",
"/var/run/appscope/"
};

for (int i = 0; i < 2; ++i ) {
cJSON *mountNodeArr = cJSON_GetObjectItemCaseSensitive(json, "mounts");
if (!mountNodeArr) {
mountNodeArr = cJSON_CreateArray();
if (!mountNodeArr) {
assert_non_null(NULL);
goto exit;
}
cJSON_AddItemToObject(json, "mounts", mountNodeArr);
}

cJSON *mountNode = cJSON_CreateObject();
if (!mountNode) {
assert_non_null(NULL);
goto exit;
}
cJSON_AddItemToObject(json, "mounts", mountNodeArr);
}

cJSON *mountNode = cJSON_CreateObject();
if (!mountNode) {
assert_non_null(NULL);
goto exit;
}

if (!cJSON_AddStringToObjLN(mountNode, "destination", "/usr/lib/appscope/")) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}
if (!cJSON_AddStringToObjLN(mountNode, "destination", mountPath[i])) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}

if (!cJSON_AddStringToObjLN(mountNode, "type", "bind")) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}
if (!cJSON_AddStringToObjLN(mountNode, "type", "bind")) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}

if (!cJSON_AddStringToObjLN(mountNode, "source", "/usr/lib/appscope/")) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}
if (!cJSON_AddStringToObjLN(mountNode, "source", mountPath[i])) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}

const char *optItems[2] =
{
"rbind",
"rprivate"
};
const char *optItems[2] =
{
"rbind",
"rprivate"
};

cJSON *optNodeArr = cJSON_CreateStringArray(optItems, 2);
if (!optNodeArr) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
cJSON *optNodeArr = cJSON_CreateStringArray(optItems, 2);
if (!optNodeArr) {
cJSON_Delete(mountNode);
assert_non_null(NULL);
goto exit;
}
cJSON_AddItemToObject(mountNode, "options", optNodeArr);
cJSON_AddItemToArray(mountNodeArr, mountNode);
}
cJSON_AddItemToObject(mountNode, "options", optNodeArr);
cJSON_AddItemToArray(mountNodeArr, mountNode);

cJSON *hooksNode = cJSON_GetObjectItemCaseSensitive(json, "hooks");
if (!hooksNode) {
Expand Down

0 comments on commit cb84616

Please sign in to comment.