diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 68dbd962a49..bc1debfd204 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -161,3 +161,20 @@ jobs: command: ssh default -- "CONTAINERD_SNAPSHOTTER=fuse-overlayfs /vagrant/nerdctl.test -test.v -test.kill-daemon" - name: "Uninstall rootless containerd" run: ssh default -- containerd-rootless-setuptool.sh uninstall + + test-unit-freebsd-amd64: + runs-on: macos-latest + + strategy: + matrix: + box: + - fbsd_13_0 + + steps: + - uses: actions/checkout@v2 + - name: Set up vagrant + run: | + ln -sf hack/Vagrantfile Vagrantfile + vagrant up ${{ matrix.box }} + - name: "Run unit tests" + run: vagrant ssh ${{ matrix.box }} -- "cd /vagrant; go test -v ./pkg/..." diff --git a/Makefile b/Makefile index 643468ad7fb..a119f036621 100644 --- a/Makefile +++ b/Makefile @@ -83,6 +83,9 @@ artifacts: clean GOOS=windows GOARCH=amd64 make -C $(CURDIR) binaries tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-windows-amd64.tar.gz _output/nerdctl.exe + GOOS=freebsd GOARCH=amd64 make -C $(CURDIR) binaries + tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-freebsd-amd64.tar.gz _output/nerdctl extras/rootless/* + rm -f $(CURDIR)/_output/nerdctl $(CURDIR)/_output/nerdctl.exe $(call make_artifact_full_linux,amd64) diff --git a/cmd/nerdctl/client_linux.go b/cmd/nerdctl/client_unix.go similarity index 94% rename from cmd/nerdctl/client_linux.go rename to cmd/nerdctl/client_unix.go index ed5988f91b8..401a90bc373 100644 --- a/cmd/nerdctl/client_linux.go +++ b/cmd/nerdctl/client_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/exec_freebsd.go b/cmd/nerdctl/exec_freebsd.go new file mode 100644 index 00000000000..5bbb2dbdd4d --- /dev/null +++ b/cmd/nerdctl/exec_freebsd.go @@ -0,0 +1,29 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/opencontainers/runtime-spec/specs-go" +) + +func setExecCapabilities(pspec *specs.Process) error { + //no op freebsd + return nil +} diff --git a/cmd/nerdctl/login_linux.go b/cmd/nerdctl/login_unix.go similarity index 95% rename from cmd/nerdctl/login_linux.go rename to cmd/nerdctl/login_unix.go index ae689e5e78a..b349d356bea 100644 --- a/cmd/nerdctl/login_linux.go +++ b/cmd/nerdctl/login_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/main_freebsd.go b/cmd/nerdctl/main_freebsd.go new file mode 100644 index 00000000000..2032b84348a --- /dev/null +++ b/cmd/nerdctl/main_freebsd.go @@ -0,0 +1,32 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/urfave/cli/v2" +) + +func appNeedsRootlessParentMain(clicontext *cli.Context) bool { + return false +} + +func appBashComplete(clicontext *cli.Context) { + return +} diff --git a/cmd/nerdctl/main_linux.go b/cmd/nerdctl/main_linux.go index baae0f67b26..8264e2861e6 100644 --- a/cmd/nerdctl/main_linux.go +++ b/cmd/nerdctl/main_linux.go @@ -20,10 +20,8 @@ import ( "fmt" ncdefaults "github.com/containerd/nerdctl/pkg/defaults" - "github.com/containerd/nerdctl/pkg/infoutil" "github.com/containerd/nerdctl/pkg/rootlessutil" - "github.com/sirupsen/logrus" "github.com/urfave/cli/v2" ) @@ -64,45 +62,3 @@ func appBashComplete(clicontext *cli.Context) { fmt.Fprintln(clicontext.App.Writer, subcomm.Name) } } - -func bashCompleteNamespaceNames(clicontext *cli.Context) { - if rootlessutil.IsRootlessParent() { - _ = rootlessutil.ParentMain() - return - } - - client, ctx, cancel, err := newClient(clicontext) - if err != nil { - return - } - defer cancel() - nsService := client.NamespaceService() - nsList, err := nsService.List(ctx) - if err != nil { - logrus.Warn(err) - return - } - for _, ns := range nsList { - fmt.Fprintln(clicontext.App.Writer, ns) - } -} - -func bashCompleteSnapshotterNames(clicontext *cli.Context) { - if rootlessutil.IsRootlessParent() { - _ = rootlessutil.ParentMain() - return - } - - client, ctx, cancel, err := newClient(clicontext) - if err != nil { - return - } - defer cancel() - snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService()) - if err != nil { - return - } - for _, name := range snapshotterPlugins { - fmt.Fprintln(clicontext.App.Writer, name) - } -} diff --git a/cmd/nerdctl/main_unix.go b/cmd/nerdctl/main_unix.go new file mode 100644 index 00000000000..40567910718 --- /dev/null +++ b/cmd/nerdctl/main_unix.go @@ -0,0 +1,72 @@ +//go:build freebsd || linux +// +build freebsd linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "fmt" + + "github.com/containerd/nerdctl/pkg/infoutil" + + "github.com/containerd/nerdctl/pkg/rootlessutil" + "github.com/sirupsen/logrus" + "github.com/urfave/cli/v2" +) + +func bashCompleteNamespaceNames(clicontext *cli.Context) { + if rootlessutil.IsRootlessParent() { + _ = rootlessutil.ParentMain() + return + } + + client, ctx, cancel, err := newClient(clicontext) + if err != nil { + return + } + defer cancel() + nsService := client.NamespaceService() + nsList, err := nsService.List(ctx) + if err != nil { + logrus.Warn(err) + return + } + for _, ns := range nsList { + fmt.Fprintln(clicontext.App.Writer, ns) + } +} + +func bashCompleteSnapshotterNames(clicontext *cli.Context) { + if rootlessutil.IsRootlessParent() { + _ = rootlessutil.ParentMain() + return + } + + client, ctx, cancel, err := newClient(clicontext) + if err != nil { + return + } + defer cancel() + snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService()) + if err != nil { + return + } + for _, name := range snapshotterPlugins { + fmt.Fprintln(clicontext.App.Writer, name) + } +} diff --git a/cmd/nerdctl/run.go b/cmd/nerdctl/run.go index 43dde709bcf..04bfb32ce4e 100644 --- a/cmd/nerdctl/run.go +++ b/cmd/nerdctl/run.go @@ -25,6 +25,7 @@ import ( "os" "path" "path/filepath" + "runtime" "strings" "github.com/containerd/console" @@ -315,12 +316,16 @@ func runAction(clicontext *cli.Context) error { opts = append(opts, oci.WithDefaultSpec(), oci.WithDefaultUnixDevices, - oci.WithMounts([]specs.Mount{ - {Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}}, - }), WithoutRunMount(), // unmount default tmpfs on "/run": https://github.com/containerd/nerdctl/issues/157 ) + if runtime.GOOS == "linux" { + opts = append(opts, + oci.WithMounts([]specs.Mount{ + {Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}}, + })) + } + rootfsOpts, rootfsCOpts, ensuredImage, err := generateRootfsOpts(ctx, client, clicontext, id) if err != nil { return err @@ -747,7 +752,7 @@ func withCustomHosts(src string) func(context.Context, oci.Client, *containers.C } func generateLogURI(dataStore string) (*url.URL, error) { - selfExe, err := os.Readlink("/proc/self/exe") + selfExe, err := executablePath() if err != nil { return nil, err } diff --git a/cmd/nerdctl/run_cgroup_freebsd.go b/cmd/nerdctl/run_cgroup_freebsd.go new file mode 100644 index 00000000000..25fed14038b --- /dev/null +++ b/cmd/nerdctl/run_cgroup_freebsd.go @@ -0,0 +1,29 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/containerd/containerd/oci" + "github.com/urfave/cli/v2" +) + +func generateCgroupOpts(clicontext *cli.Context, id string) ([]oci.SpecOpts, error) { + return []oci.SpecOpts{}, nil +} diff --git a/cmd/nerdctl/run_freebsd.go b/cmd/nerdctl/run_freebsd.go new file mode 100644 index 00000000000..8821ff4997f --- /dev/null +++ b/cmd/nerdctl/run_freebsd.go @@ -0,0 +1,103 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +/* +#cgo LDFLAGS: -lprocstat +#include +#include +#include +#include +#include +int info_about_process() { + return KERN_PROC_PID | KERN_PROC_INC_THREAD; +} +*/ +import "C" + +import ( + "bytes" + "context" + "fmt" + "os" + "unsafe" + + "github.com/containerd/containerd/containers" + "github.com/containerd/containerd/oci" + "github.com/urfave/cli/v2" +) + +func runBashComplete(clicontext *cli.Context) { + coco := parseCompletionContext(clicontext) + if coco.boring { + defaultBashComplete(clicontext) + return + } + if coco.flagTakesValue { + w := clicontext.App.Writer + switch coco.flagName { + case "restart": + fmt.Fprintln(w, "always") + fmt.Fprintln(w, "no") + return + case "pull": + fmt.Fprintln(w, "always") + fmt.Fprintln(w, "missing") + fmt.Fprintln(w, "never") + return + case "net", "network": + bashCompleteNetworkNames(clicontext, nil) + return + } + defaultBashComplete(clicontext) + return + } + // show image names, unless we have "--rootfs" flag + if clicontext.Bool("rootfs") { + defaultBashComplete(clicontext) + return + } + bashCompleteImageNames(clicontext) +} + +func WithoutRunMount() func(ctx context.Context, client oci.Client, c *containers.Container, s *oci.Spec) error { + // not valid on freebsd + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { return nil } +} + +func executablePath() (string, error) { + prstat, err := C.procstat_open_sysctl() + if err != nil { + return "", err + } + defer C.procstat_close(prstat) + pid := C.int(os.Getpid()) + var count C.uint + kinfo, err := C.procstat_getprocs(prstat, C.info_about_process(), pid, &count) + if err != nil { + return "", err + } + defer C.procstat_freeprocs(prstat, kinfo) + buf := make([]byte, 256) + C.procstat_getpathname(prstat, kinfo, (*C.char)(unsafe.Pointer(&buf[0])), 256) + n := bytes.IndexByte(buf[:], 0) + + return string(buf[:n]), nil +} diff --git a/cmd/nerdctl/run_linux.go b/cmd/nerdctl/run_linux.go index abdc4f69f07..541a0c50c39 100644 --- a/cmd/nerdctl/run_linux.go +++ b/cmd/nerdctl/run_linux.go @@ -19,6 +19,7 @@ package main import ( "context" "fmt" + "os" "strings" "github.com/containerd/containerd/containers" @@ -80,3 +81,7 @@ func runBashComplete(clicontext *cli.Context) { } bashCompleteImageNames(clicontext) } + +func executablePath() (string, error) { + return os.Readlink("/proc/self/exe") +} diff --git a/cmd/nerdctl/run_runtime.go b/cmd/nerdctl/run_runtime.go index 5f5e9576129..749fcc95d21 100644 --- a/cmd/nerdctl/run_runtime.go +++ b/cmd/nerdctl/run_runtime.go @@ -41,7 +41,7 @@ func generateRuntimeCOpts(clicontext *cli.Context) ([]containerd.NewContainerOpt runcOpts.SystemdCgroup = true } if runtimeStr := clicontext.String("runtime"); runtimeStr != "" { - if strings.HasPrefix(runtimeStr, "io.containerd.") { + if strings.HasPrefix(runtimeStr, "io.containerd.") || runtimeStr == "wtf.sbk.runj.v1" { runtime = runtimeStr if !strings.HasPrefix(runtimeStr, "io.containerd.runc.") { if cgm == "systemd" { diff --git a/cmd/nerdctl/run_windows.go b/cmd/nerdctl/run_windows.go index 6d713eb0985..4fbc5f1f4da 100644 --- a/cmd/nerdctl/run_windows.go +++ b/cmd/nerdctl/run_windows.go @@ -19,9 +19,12 @@ package main import ( "context" + "github.com/Microsoft/go-winio/pkg/process" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/oci" "github.com/urfave/cli/v2" + + "golang.org/x/sys/windows" ) func runBashComplete(clicontext *cli.Context) { @@ -32,3 +35,9 @@ func WithoutRunMount() func(ctx context.Context, client oci.Client, c *container // not valid on windows return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { return nil } } + +func executablePath() (string, error) { + p, _ := windows.GetCurrentProcess() + + return process.QueryFullProcessImageName(p, 0) +} diff --git a/docs/freebsd.md b/docs/freebsd.md new file mode 100644 index 00000000000..61cfb6d51df --- /dev/null +++ b/docs/freebsd.md @@ -0,0 +1,23 @@ +# FreeBSD + + +| :zap: FreeBSD runtimes are at the very early stage of development | +|--------------------------------------------------------------------------| + +nerdctl provides experimental support for running FreeBSD jails. + +## Installation + +You will need the most up-to-date containerd build along with a containerd shim, +such as [runj](https://github.com/samuelkarp/runj). Follow the build +instructions in the respective repositories. + +## Limitations & Bugs + +- :warning: CNI & CNI plugins are not yet ported to FreeBSD. The only supported + network type is `none` +- :warning: buildkit is not yet ported to FreeBSD. +- :warning: Linuxulator containers support is + WIP. https://github.com/containerd/nerdctl/issues/280 https://github.com/containerd/containerd/pull/5480 + +- :bug: `nerdctl compose` commands currently don't work. https://github.com/containerd/containerd/pull/5991 diff --git a/hack/Vagrantfile b/hack/Vagrantfile new file mode 100644 index 00000000000..3563fde07ef --- /dev/null +++ b/hack/Vagrantfile @@ -0,0 +1,39 @@ +# This code is taken from the Vagrantfile from libjail-rs +# https://github.com/fubarnetes/libjail-rs/blob/727353bd6565c5e7a9be2664258d0197a1c8bb35/Vagrantfile +# licensed under BSD-3 Clause License: +# BSD 3-Clause License + +# Copyright (c) 2018, Fabian Freyer All rights reserved. + +# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +# * Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Vagrant.configure("2") do |config| + # Unreleased version + # + # config.vm.define "fbsd_14_0" do |fbsd_14_0| + # fbsd_14_0.vm.box = "freebsd/FreeBSD-14.0-CURRENT" + # end + + # Stable version + # + config.vm.define "fbsd_13_0" do |fbsd_13_0| + fbsd_13_0.vm.box = "freebsd/FreeBSD-13.0-STABLE" + end + + config.vm.synced_folder ".", "/vagrant", type: "rsync", + rsync__exclude: ".git/", + rsync__auto: true + + config.vm.provision "shell", inline: <<-SHELL + pkg bootstrap + pkg install -y go llvm + SHELL +end diff --git a/pkg/containerinspector/containerinspector_freebsd.go b/pkg/containerinspector/containerinspector_freebsd.go new file mode 100644 index 00000000000..604d2f32fee --- /dev/null +++ b/pkg/containerinspector/containerinspector_freebsd.go @@ -0,0 +1,32 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package containerinspector + +import ( + "context" + + "github.com/containerd/nerdctl/pkg/inspecttypes/native" +) + +func inspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) { + r := &native.NetNS{} + + return r, nil +} diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go new file mode 100644 index 00000000000..49761a570af --- /dev/null +++ b/pkg/defaults/defaults_freebsd.go @@ -0,0 +1,51 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package defaults + +import ( + gocni "github.com/containerd/go-cni" +) + +const AppArmorProfileName = "" + +func DataRoot() string { + return "/var/lib/nerdctl" +} + +func CNIPath() string { + // default: /opt/cni/bin + return gocni.DefaultCNIDir +} + +func CNINetConfPath() string { + return gocni.DefaultNetDir +} + +func BuildKitHost() string { + return "unix:///run/buildkit/buildkitd.sock" +} + +func CgroupManager() string { + return "" +} + +func CgroupnsMode() string { + return "" +} diff --git a/pkg/infoutil/infoutil_freebsd.go b/pkg/infoutil/infoutil_freebsd.go new file mode 100644 index 00000000000..ad5c050f80a --- /dev/null +++ b/pkg/infoutil/infoutil_freebsd.go @@ -0,0 +1,26 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package infoutil + +const UnameO = "FreeBSD" + +func CgroupsVersion() string { + return "" +} diff --git a/pkg/infoutil/infoutil_linux.go b/pkg/infoutil/infoutil_linux.go index 1d2c6285b4d..cf6aab29ab1 100644 --- a/pkg/infoutil/infoutil_linux.go +++ b/pkg/infoutil/infoutil_linux.go @@ -17,98 +17,11 @@ package infoutil import ( - "bufio" - "io" - "os" - "regexp" - - "strings" - "github.com/containerd/cgroups" - "golang.org/x/sys/unix" ) -// UnameR returns `uname -r` -func UnameR() string { - var utsname unix.Utsname - if err := unix.Uname(&utsname); err != nil { - // error is unlikely to happen - return "" - } - var s string - for _, f := range utsname.Release { - if f == 0 { - break - } - s += string(f) - } - return s -} - -// UnameM returns `uname -m` -func UnameM() string { - var utsname unix.Utsname - if err := unix.Uname(&utsname); err != nil { - // error is unlikely to happen - return "" - } - var s string - for _, f := range utsname.Machine { - if f == 0 { - break - } - s += string(f) - } - return s -} - const UnameO = "GNU/Linux" -func DistroName() string { - f, err := os.Open("/etc/os-release") - if err != nil { - return UnameO - } - defer f.Close() - return distroName(f) -} - -func distroName(r io.Reader) string { - scanner := bufio.NewScanner(r) - var name, version string - for scanner.Scan() { - line := scanner.Text() - k, v := getOSReleaseAttrib(line) - switch k { - case "PRETTY_NAME": - return v - case "NAME": - name = v - case "VERSION": - version = v - } - } - if name != "" { - if version != "" { - return name + " " + version - } - return name - } - return UnameO -} - -var osReleaseAttribRegex = regexp.MustCompile(`([^\s=]+)\s*=\s*("{0,1})([^"]*)("{0,1})`) - -func getOSReleaseAttrib(line string) (string, string) { - splitBySlash := strings.SplitN(line, "#", 2) - l := strings.TrimSpace(splitBySlash[0]) - x := osReleaseAttribRegex.FindAllStringSubmatch(l, -1) - if len(x) >= 1 && len(x[0]) > 3 { - return x[0][1], x[0][3] - } - return "", "" -} - func CgroupsVersion() string { if cgroups.Mode() == cgroups.Unified { return "2" diff --git a/pkg/infoutil/infoutil_unix.go b/pkg/infoutil/infoutil_unix.go new file mode 100644 index 00000000000..46f27a337a8 --- /dev/null +++ b/pkg/infoutil/infoutil_unix.go @@ -0,0 +1,110 @@ +//go:build freebsd || linux +// +build freebsd linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package infoutil + +import ( + "bufio" + "io" + "os" + "regexp" + + "strings" + + "golang.org/x/sys/unix" +) + +// UnameR returns `uname -r` +func UnameR() string { + var utsname unix.Utsname + if err := unix.Uname(&utsname); err != nil { + // error is unlikely to happen + return "" + } + var s string + for _, f := range utsname.Release { + if f == 0 { + break + } + s += string(f) + } + return s +} + +// UnameM returns `uname -m` +func UnameM() string { + var utsname unix.Utsname + if err := unix.Uname(&utsname); err != nil { + // error is unlikely to happen + return "" + } + var s string + for _, f := range utsname.Machine { + if f == 0 { + break + } + s += string(f) + } + return s +} + +func DistroName() string { + f, err := os.Open("/etc/os-release") + if err != nil { + return UnameO + } + defer f.Close() + return distroName(f) +} + +func distroName(r io.Reader) string { + scanner := bufio.NewScanner(r) + var name, version string + for scanner.Scan() { + line := scanner.Text() + k, v := getOSReleaseAttrib(line) + switch k { + case "PRETTY_NAME": + return v + case "NAME": + name = v + case "VERSION": + version = v + } + } + if name != "" { + if version != "" { + return name + " " + version + } + return name + } + return UnameO +} + +var osReleaseAttribRegex = regexp.MustCompile(`([^\s=]+)\s*=\s*("{0,1})([^"]*)("{0,1})`) + +func getOSReleaseAttrib(line string) (string, string) { + splitBySlash := strings.SplitN(line, "#", 2) + l := strings.TrimSpace(splitBySlash[0]) + x := osReleaseAttribRegex.FindAllStringSubmatch(l, -1) + if len(x) >= 1 && len(x[0]) > 3 { + return x[0][1], x[0][3] + } + return "", "" +} diff --git a/pkg/infoutil/infoutil_linux_test.go b/pkg/infoutil/infoutil_unix_test.go similarity index 98% rename from pkg/infoutil/infoutil_linux_test.go rename to pkg/infoutil/infoutil_unix_test.go index 90628f0b0af..f98d30c51ec 100644 --- a/pkg/infoutil/infoutil_linux_test.go +++ b/pkg/infoutil/infoutil_unix_test.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/lockutil/lockutil_linux.go b/pkg/lockutil/lockutil_unix.go similarity index 96% rename from pkg/lockutil/lockutil_linux.go rename to pkg/lockutil/lockutil_unix.go index f779a89e054..5f29354ea9e 100644 --- a/pkg/lockutil/lockutil_linux.go +++ b/pkg/lockutil/lockutil_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/mountutil/mountutil.go b/pkg/mountutil/mountutil.go index 1325631bb3f..f9d99242ef0 100644 --- a/pkg/mountutil/mountutil.go +++ b/pkg/mountutil/mountutil.go @@ -18,6 +18,7 @@ package mountutil import ( "path/filepath" + "runtime" "strings" "github.com/containerd/containerd/errdefs" @@ -108,11 +109,17 @@ func ProcessFlagV(s string, volStore volumestore.VolumeStore) (*Processed, error default: return nil, errors.Errorf("failed to parse %q", s) } + + fstype := "nullfs" + if runtime.GOOS != "freebsd" { + fstype = "none" + options = append(options, "rbind") + } res.Mount = specs.Mount{ - Type: "none", + Type: fstype, Source: src, Destination: dst, - Options: append([]string{"rbind"}, options...), + Options: options, } if sys.RunningInUserNS() { unpriv, err := getUnprivilegedMountFlags(src) diff --git a/pkg/mountutil/mountutil_freebsd.go b/pkg/mountutil/mountutil_freebsd.go new file mode 100644 index 00000000000..920eafcf4f9 --- /dev/null +++ b/pkg/mountutil/mountutil_freebsd.go @@ -0,0 +1,61 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package mountutil + +import ( + "fmt" + "strings" + + "github.com/containerd/containerd/oci" + "github.com/sirupsen/logrus" +) + +func getUnprivilegedMountFlags(path string) ([]string, error) { + m := []string{} + return m, nil +} + +// FreeBSD doesn't support bind mounts. +const DefaultPropagationMode = "" + +// parseVolumeOptions parses specified optsRaw with using information of +// the volume type and the src directory when necessary. +func parseVolumeOptions(vType, src, optsRaw string) ([]string, []oci.SpecOpts, error) { + var writeModeRawOpts []string + for _, opt := range strings.Split(optsRaw, ",") { + switch opt { + case "rw": + writeModeRawOpts = append(writeModeRawOpts, opt) + case "ro": + writeModeRawOpts = append(writeModeRawOpts, opt) + case "": + // NOP + default: + logrus.Warnf("unsupported volume option %q", opt) + } + } + var opts []string + if len(writeModeRawOpts) > 1 { + return nil, nil, fmt.Errorf("duplicated read/write volume option: %+v", writeModeRawOpts) + } else if len(writeModeRawOpts) > 0 && writeModeRawOpts[0] == "ro" { + opts = append(opts, "ro") + } // No need to return option when "rw" + return opts, nil, nil +} diff --git a/pkg/netutil/netutil_linux.go b/pkg/netutil/netutil_unix.go similarity index 96% rename from pkg/netutil/netutil_linux.go rename to pkg/netutil/netutil_unix.go index 3b17a4aa057..7bc04612fa8 100644 --- a/pkg/netutil/netutil_linux.go +++ b/pkg/netutil/netutil_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/ocihook/ocihook_freebsd.go b/pkg/ocihook/ocihook_freebsd.go new file mode 100644 index 00000000000..f6ab7d9d3cf --- /dev/null +++ b/pkg/ocihook/ocihook_freebsd.go @@ -0,0 +1,25 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ocihook + +func loadAppArmor() { + //noop + return +}