From 99274ad0b22174a5b6876f53584718cf95e62c9f Mon Sep 17 00:00:00 2001 From: Artem Khramov Date: Wed, 15 Sep 2021 13:08:15 +0300 Subject: [PATCH] [#137] FreeBSD support Now that containerd supports FreeBSD, we can port nerdctl, too! :rocket:. For full-fledged functionality, we will need to port * buildkit. Status: POC is ready, need to upstream fixes to dependencies. * runtime + containerd shim. runj/knast should work just fine. * CNI bridge plugin for networking. This change fixes FreeBSD compilation errors by renaming linux files to unix where necessary, or otherwise introducing FreeBSD versions for the necessary files. Signed-off-by: Artem Khramov --- .github/workflows/test.yml | 23 ++++ Makefile | 4 +- .../{client_linux.go => client_unix.go} | 3 + cmd/nerdctl/exec_freebsd.go | 29 +++++ cmd/nerdctl/{login_linux.go => login_unix.go} | 3 + cmd/nerdctl/main_freebsd.go | 32 +++++ cmd/nerdctl/main_linux.go | 44 ------- cmd/nerdctl/main_unix.go | 72 ++++++++++++ cmd/nerdctl/run.go | 13 ++- cmd/nerdctl/run_cgroup_freebsd.go | 29 +++++ cmd/nerdctl/run_freebsd.go | 67 +++++++++++ cmd/nerdctl/run_runtime.go | 2 +- docs/freebsd.md | 33 ++++++ Vagrantfile => hack/Vagrantfile.fedora34 | 0 hack/Vagrantfile.freebsd13 | 30 +++++ .../containerinspector_freebsd.go | 32 +++++ pkg/defaults/defaults_freebsd.go | 51 ++++++++ pkg/infoutil/infoutil_freebsd.go | 26 +++++ pkg/infoutil/infoutil_linux.go | 87 -------------- pkg/infoutil/infoutil_unix.go | 110 ++++++++++++++++++ ...il_linux_test.go => infoutil_unix_test.go} | 3 + .../{lockutil_linux.go => lockutil_unix.go} | 3 + pkg/mountutil/mountutil.go | 11 +- pkg/mountutil/mountutil_freebsd.go | 61 ++++++++++ .../{netutil_linux.go => netutil_unix.go} | 3 + pkg/ocihook/ocihook_freebsd.go | 25 ++++ 26 files changed, 657 insertions(+), 139 deletions(-) rename cmd/nerdctl/{client_linux.go => client_unix.go} (94%) create mode 100644 cmd/nerdctl/exec_freebsd.go rename cmd/nerdctl/{login_linux.go => login_unix.go} (95%) create mode 100644 cmd/nerdctl/main_freebsd.go create mode 100644 cmd/nerdctl/main_unix.go create mode 100644 cmd/nerdctl/run_cgroup_freebsd.go create mode 100644 cmd/nerdctl/run_freebsd.go create mode 100644 docs/freebsd.md rename Vagrantfile => hack/Vagrantfile.fedora34 (100%) create mode 100644 hack/Vagrantfile.freebsd13 create mode 100644 pkg/containerinspector/containerinspector_freebsd.go create mode 100644 pkg/defaults/defaults_freebsd.go create mode 100644 pkg/infoutil/infoutil_freebsd.go create mode 100644 pkg/infoutil/infoutil_unix.go rename pkg/infoutil/{infoutil_linux_test.go => infoutil_unix_test.go} (98%) rename pkg/lockutil/{lockutil_linux.go => lockutil_unix.go} (96%) create mode 100644 pkg/mountutil/mountutil_freebsd.go rename pkg/netutil/{netutil_linux.go => netutil_unix.go} (96%) create mode 100644 pkg/ocihook/ocihook_freebsd.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 68dbd962a49..fc44c411134 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -124,6 +124,8 @@ jobs: # nested virtualization is only available on macOS hosts runs-on: macos-10.15 timeout-minutes: 40 + env: + VAGRANT_VAGRANTFILE: hack/Vagrantfile.fedora34 steps: - uses: actions/setup-go@v2 with: @@ -161,3 +163,24 @@ jobs: command: ssh default -- "CONTAINERD_SNAPSHOTTER=fuse-overlayfs /vagrant/nerdctl.test -test.v -test.kill-daemon" - name: "Uninstall rootless containerd" run: ssh default -- containerd-rootless-setuptool.sh uninstall + + test-freebsd-amd64: + runs-on: macos-latest + env: + VAGRANT_VAGRANTFILE: hack/Vagrantfile.freebsd13 + NERDCTL_RUN_ARGS: --net none knast/freebsd:13-STABLE echo "Nerdctl is up and running." + steps: + - name: Cache Vagrant boxes + uses: actions/cache@v2 + with: + path: ~/.vagrant.d/boxes + key: ${{ runner.os }}-vagrant-${{ hashFiles('Vagrantfile') }} + restore-keys: | + ${{ runner.os }}-vagrant- + - uses: actions/checkout@v2 + - name: Set up vagrant + run: vagrant up + - name: "Run unit tests" + run: vagrant ssh -- "cd /vagrant; go test -v ./pkg/..." + - name: "Integration smoke test" + run: vagrant ssh -- "cd /vagrant/cmd/nerdctl; sudo go run . -- run $NERDCTL_RUN_ARGS | grep running" diff --git a/Makefile b/Makefile index 643468ad7fb..f4ac00bdb7f 100644 --- a/Makefile +++ b/Makefile @@ -82,9 +82,11 @@ artifacts: clean GOOS=windows GOARCH=amd64 make -C $(CURDIR) binaries tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-windows-amd64.tar.gz _output/nerdctl.exe - rm -f $(CURDIR)/_output/nerdctl $(CURDIR)/_output/nerdctl.exe + GOOS=freebsd GOARCH=amd64 make -C $(CURDIR) binaries + tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-freebsd-amd64.tar.gz _output/nerdctl extras/rootless/* + $(call make_artifact_full_linux,amd64) $(call make_artifact_full_linux,arm64) diff --git a/cmd/nerdctl/client_linux.go b/cmd/nerdctl/client_unix.go similarity index 94% rename from cmd/nerdctl/client_linux.go rename to cmd/nerdctl/client_unix.go index ed5988f91b8..401a90bc373 100644 --- a/cmd/nerdctl/client_linux.go +++ b/cmd/nerdctl/client_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/exec_freebsd.go b/cmd/nerdctl/exec_freebsd.go new file mode 100644 index 00000000000..5bbb2dbdd4d --- /dev/null +++ b/cmd/nerdctl/exec_freebsd.go @@ -0,0 +1,29 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/opencontainers/runtime-spec/specs-go" +) + +func setExecCapabilities(pspec *specs.Process) error { + //no op freebsd + return nil +} diff --git a/cmd/nerdctl/login_linux.go b/cmd/nerdctl/login_unix.go similarity index 95% rename from cmd/nerdctl/login_linux.go rename to cmd/nerdctl/login_unix.go index ae689e5e78a..b349d356bea 100644 --- a/cmd/nerdctl/login_linux.go +++ b/cmd/nerdctl/login_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/main_freebsd.go b/cmd/nerdctl/main_freebsd.go new file mode 100644 index 00000000000..2032b84348a --- /dev/null +++ b/cmd/nerdctl/main_freebsd.go @@ -0,0 +1,32 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/urfave/cli/v2" +) + +func appNeedsRootlessParentMain(clicontext *cli.Context) bool { + return false +} + +func appBashComplete(clicontext *cli.Context) { + return +} diff --git a/cmd/nerdctl/main_linux.go b/cmd/nerdctl/main_linux.go index baae0f67b26..8264e2861e6 100644 --- a/cmd/nerdctl/main_linux.go +++ b/cmd/nerdctl/main_linux.go @@ -20,10 +20,8 @@ import ( "fmt" ncdefaults "github.com/containerd/nerdctl/pkg/defaults" - "github.com/containerd/nerdctl/pkg/infoutil" "github.com/containerd/nerdctl/pkg/rootlessutil" - "github.com/sirupsen/logrus" "github.com/urfave/cli/v2" ) @@ -64,45 +62,3 @@ func appBashComplete(clicontext *cli.Context) { fmt.Fprintln(clicontext.App.Writer, subcomm.Name) } } - -func bashCompleteNamespaceNames(clicontext *cli.Context) { - if rootlessutil.IsRootlessParent() { - _ = rootlessutil.ParentMain() - return - } - - client, ctx, cancel, err := newClient(clicontext) - if err != nil { - return - } - defer cancel() - nsService := client.NamespaceService() - nsList, err := nsService.List(ctx) - if err != nil { - logrus.Warn(err) - return - } - for _, ns := range nsList { - fmt.Fprintln(clicontext.App.Writer, ns) - } -} - -func bashCompleteSnapshotterNames(clicontext *cli.Context) { - if rootlessutil.IsRootlessParent() { - _ = rootlessutil.ParentMain() - return - } - - client, ctx, cancel, err := newClient(clicontext) - if err != nil { - return - } - defer cancel() - snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService()) - if err != nil { - return - } - for _, name := range snapshotterPlugins { - fmt.Fprintln(clicontext.App.Writer, name) - } -} diff --git a/cmd/nerdctl/main_unix.go b/cmd/nerdctl/main_unix.go new file mode 100644 index 00000000000..40567910718 --- /dev/null +++ b/cmd/nerdctl/main_unix.go @@ -0,0 +1,72 @@ +//go:build freebsd || linux +// +build freebsd linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "fmt" + + "github.com/containerd/nerdctl/pkg/infoutil" + + "github.com/containerd/nerdctl/pkg/rootlessutil" + "github.com/sirupsen/logrus" + "github.com/urfave/cli/v2" +) + +func bashCompleteNamespaceNames(clicontext *cli.Context) { + if rootlessutil.IsRootlessParent() { + _ = rootlessutil.ParentMain() + return + } + + client, ctx, cancel, err := newClient(clicontext) + if err != nil { + return + } + defer cancel() + nsService := client.NamespaceService() + nsList, err := nsService.List(ctx) + if err != nil { + logrus.Warn(err) + return + } + for _, ns := range nsList { + fmt.Fprintln(clicontext.App.Writer, ns) + } +} + +func bashCompleteSnapshotterNames(clicontext *cli.Context) { + if rootlessutil.IsRootlessParent() { + _ = rootlessutil.ParentMain() + return + } + + client, ctx, cancel, err := newClient(clicontext) + if err != nil { + return + } + defer cancel() + snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService()) + if err != nil { + return + } + for _, name := range snapshotterPlugins { + fmt.Fprintln(clicontext.App.Writer, name) + } +} diff --git a/cmd/nerdctl/run.go b/cmd/nerdctl/run.go index 2d2c9105c22..cd333d5278d 100644 --- a/cmd/nerdctl/run.go +++ b/cmd/nerdctl/run.go @@ -25,6 +25,7 @@ import ( "os" "path" "path/filepath" + "runtime" "strings" "github.com/containerd/console" @@ -319,12 +320,16 @@ func runAction(clicontext *cli.Context) error { opts = append(opts, oci.WithDefaultSpec(), oci.WithDefaultUnixDevices, - oci.WithMounts([]specs.Mount{ - {Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}}, - }), WithoutRunMount(), // unmount default tmpfs on "/run": https://github.com/containerd/nerdctl/issues/157 ) + if runtime.GOOS == "linux" { + opts = append(opts, + oci.WithMounts([]specs.Mount{ + {Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}}, + })) + } + rootfsOpts, rootfsCOpts, ensuredImage, err := generateRootfsOpts(ctx, client, clicontext, id) if err != nil { return err @@ -757,7 +762,7 @@ func withCustomHosts(src string) func(context.Context, oci.Client, *containers.C } func generateLogURI(dataStore string) (*url.URL, error) { - selfExe, err := os.Readlink("/proc/self/exe") + selfExe, err := os.Executable() if err != nil { return nil, err } diff --git a/cmd/nerdctl/run_cgroup_freebsd.go b/cmd/nerdctl/run_cgroup_freebsd.go new file mode 100644 index 00000000000..25fed14038b --- /dev/null +++ b/cmd/nerdctl/run_cgroup_freebsd.go @@ -0,0 +1,29 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/containerd/containerd/oci" + "github.com/urfave/cli/v2" +) + +func generateCgroupOpts(clicontext *cli.Context, id string) ([]oci.SpecOpts, error) { + return []oci.SpecOpts{}, nil +} diff --git a/cmd/nerdctl/run_freebsd.go b/cmd/nerdctl/run_freebsd.go new file mode 100644 index 00000000000..4f20d97e35a --- /dev/null +++ b/cmd/nerdctl/run_freebsd.go @@ -0,0 +1,67 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "context" + "fmt" + + "github.com/containerd/containerd/containers" + "github.com/containerd/containerd/oci" + "github.com/urfave/cli/v2" +) + +func runBashComplete(clicontext *cli.Context) { + coco := parseCompletionContext(clicontext) + if coco.boring { + defaultBashComplete(clicontext) + return + } + if coco.flagTakesValue { + w := clicontext.App.Writer + switch coco.flagName { + case "restart": + fmt.Fprintln(w, "always") + fmt.Fprintln(w, "no") + return + case "pull": + fmt.Fprintln(w, "always") + fmt.Fprintln(w, "missing") + fmt.Fprintln(w, "never") + return + case "net", "network": + bashCompleteNetworkNames(clicontext, nil) + return + } + defaultBashComplete(clicontext) + return + } + // show image names, unless we have "--rootfs" flag + if clicontext.Bool("rootfs") { + defaultBashComplete(clicontext) + return + } + bashCompleteImageNames(clicontext) +} + +func WithoutRunMount() func(ctx context.Context, client oci.Client, c *containers.Container, s *oci.Spec) error { + // not valid on freebsd + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { return nil } +} diff --git a/cmd/nerdctl/run_runtime.go b/cmd/nerdctl/run_runtime.go index 5f5e9576129..749fcc95d21 100644 --- a/cmd/nerdctl/run_runtime.go +++ b/cmd/nerdctl/run_runtime.go @@ -41,7 +41,7 @@ func generateRuntimeCOpts(clicontext *cli.Context) ([]containerd.NewContainerOpt runcOpts.SystemdCgroup = true } if runtimeStr := clicontext.String("runtime"); runtimeStr != "" { - if strings.HasPrefix(runtimeStr, "io.containerd.") { + if strings.HasPrefix(runtimeStr, "io.containerd.") || runtimeStr == "wtf.sbk.runj.v1" { runtime = runtimeStr if !strings.HasPrefix(runtimeStr, "io.containerd.runc.") { if cgm == "systemd" { diff --git a/docs/freebsd.md b/docs/freebsd.md new file mode 100644 index 00000000000..b566e8e91ce --- /dev/null +++ b/docs/freebsd.md @@ -0,0 +1,33 @@ +# FreeBSD + + +| :zap: FreeBSD runtimes are at the very early stage of development | +|--------------------------------------------------------------------------| + +nerdctl provides experimental support for running FreeBSD jails. + +## Installation + +You will need the most up-to-date containerd build along with a containerd shim, +such as [runj](https://github.com/samuelkarp/runj). Follow the build +instructions in the respective repositories. + +## Usage + +You can use the `knast/freebsd` image to run a standard FreeBSD 13 jail: + +```sh +nerdctl run --net none -it knast/freebsd:13-STABLE +``` + +## Limitations & Bugs + +- :warning: CNI & CNI plugins are not yet ported to FreeBSD. The only supported + network type is `none` +- :warning: buildkit is not yet ported to FreeBSD. + - [ ] https://github.com/tonistiigi/fsutil/pull/109 - buildkit dependency + - [ ] https://github.com/moby/moby/pull/42866 - buildkit dependency +- :warning: Linuxulator containers support is + WIP. https://github.com/containerd/nerdctl/issues/280 https://github.com/containerd/containerd/pull/5480 + +- :bug: `nerdctl compose` commands currently don't work. https://github.com/containerd/containerd/pull/5991 diff --git a/Vagrantfile b/hack/Vagrantfile.fedora34 similarity index 100% rename from Vagrantfile rename to hack/Vagrantfile.fedora34 diff --git a/hack/Vagrantfile.freebsd13 b/hack/Vagrantfile.freebsd13 new file mode 100644 index 00000000000..bfb73f62261 --- /dev/null +++ b/hack/Vagrantfile.freebsd13 @@ -0,0 +1,30 @@ +# This code is taken from the Vagrantfile from libjail-rs +# https://github.com/fubarnetes/libjail-rs/blob/727353bd6565c5e7a9be2664258d0197a1c8bb35/Vagrantfile +# licensed under BSD-3 Clause License: +# BSD 3-Clause License + +# Copyright (c) 2018, Fabian Freyer All rights reserved. + +# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +# * Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Vagrant.configure("2") do |config| + config.vm.synced_folder ".", "/vagrant", type: "rsync", rsync__auto: true + config.vm.box = "freebsd/FreeBSD-13.0-STABLE" + config.vm.provision "shell", inline: <<-SHELL + pkg bootstrap + pkg install -y go containerd runj + cp /usr/local/bin/containerd-shim-runj-v1 /usr/local/bin/containerd-shim-runc-v2 + + mkdir -p /var/lib/nerdctl + # Starting containerd + daemon -o containerd.out containerd + SHELL +end diff --git a/pkg/containerinspector/containerinspector_freebsd.go b/pkg/containerinspector/containerinspector_freebsd.go new file mode 100644 index 00000000000..604d2f32fee --- /dev/null +++ b/pkg/containerinspector/containerinspector_freebsd.go @@ -0,0 +1,32 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package containerinspector + +import ( + "context" + + "github.com/containerd/nerdctl/pkg/inspecttypes/native" +) + +func inspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) { + r := &native.NetNS{} + + return r, nil +} diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go new file mode 100644 index 00000000000..49761a570af --- /dev/null +++ b/pkg/defaults/defaults_freebsd.go @@ -0,0 +1,51 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package defaults + +import ( + gocni "github.com/containerd/go-cni" +) + +const AppArmorProfileName = "" + +func DataRoot() string { + return "/var/lib/nerdctl" +} + +func CNIPath() string { + // default: /opt/cni/bin + return gocni.DefaultCNIDir +} + +func CNINetConfPath() string { + return gocni.DefaultNetDir +} + +func BuildKitHost() string { + return "unix:///run/buildkit/buildkitd.sock" +} + +func CgroupManager() string { + return "" +} + +func CgroupnsMode() string { + return "" +} diff --git a/pkg/infoutil/infoutil_freebsd.go b/pkg/infoutil/infoutil_freebsd.go new file mode 100644 index 00000000000..ad5c050f80a --- /dev/null +++ b/pkg/infoutil/infoutil_freebsd.go @@ -0,0 +1,26 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package infoutil + +const UnameO = "FreeBSD" + +func CgroupsVersion() string { + return "" +} diff --git a/pkg/infoutil/infoutil_linux.go b/pkg/infoutil/infoutil_linux.go index 1d2c6285b4d..cf6aab29ab1 100644 --- a/pkg/infoutil/infoutil_linux.go +++ b/pkg/infoutil/infoutil_linux.go @@ -17,98 +17,11 @@ package infoutil import ( - "bufio" - "io" - "os" - "regexp" - - "strings" - "github.com/containerd/cgroups" - "golang.org/x/sys/unix" ) -// UnameR returns `uname -r` -func UnameR() string { - var utsname unix.Utsname - if err := unix.Uname(&utsname); err != nil { - // error is unlikely to happen - return "" - } - var s string - for _, f := range utsname.Release { - if f == 0 { - break - } - s += string(f) - } - return s -} - -// UnameM returns `uname -m` -func UnameM() string { - var utsname unix.Utsname - if err := unix.Uname(&utsname); err != nil { - // error is unlikely to happen - return "" - } - var s string - for _, f := range utsname.Machine { - if f == 0 { - break - } - s += string(f) - } - return s -} - const UnameO = "GNU/Linux" -func DistroName() string { - f, err := os.Open("/etc/os-release") - if err != nil { - return UnameO - } - defer f.Close() - return distroName(f) -} - -func distroName(r io.Reader) string { - scanner := bufio.NewScanner(r) - var name, version string - for scanner.Scan() { - line := scanner.Text() - k, v := getOSReleaseAttrib(line) - switch k { - case "PRETTY_NAME": - return v - case "NAME": - name = v - case "VERSION": - version = v - } - } - if name != "" { - if version != "" { - return name + " " + version - } - return name - } - return UnameO -} - -var osReleaseAttribRegex = regexp.MustCompile(`([^\s=]+)\s*=\s*("{0,1})([^"]*)("{0,1})`) - -func getOSReleaseAttrib(line string) (string, string) { - splitBySlash := strings.SplitN(line, "#", 2) - l := strings.TrimSpace(splitBySlash[0]) - x := osReleaseAttribRegex.FindAllStringSubmatch(l, -1) - if len(x) >= 1 && len(x[0]) > 3 { - return x[0][1], x[0][3] - } - return "", "" -} - func CgroupsVersion() string { if cgroups.Mode() == cgroups.Unified { return "2" diff --git a/pkg/infoutil/infoutil_unix.go b/pkg/infoutil/infoutil_unix.go new file mode 100644 index 00000000000..46f27a337a8 --- /dev/null +++ b/pkg/infoutil/infoutil_unix.go @@ -0,0 +1,110 @@ +//go:build freebsd || linux +// +build freebsd linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package infoutil + +import ( + "bufio" + "io" + "os" + "regexp" + + "strings" + + "golang.org/x/sys/unix" +) + +// UnameR returns `uname -r` +func UnameR() string { + var utsname unix.Utsname + if err := unix.Uname(&utsname); err != nil { + // error is unlikely to happen + return "" + } + var s string + for _, f := range utsname.Release { + if f == 0 { + break + } + s += string(f) + } + return s +} + +// UnameM returns `uname -m` +func UnameM() string { + var utsname unix.Utsname + if err := unix.Uname(&utsname); err != nil { + // error is unlikely to happen + return "" + } + var s string + for _, f := range utsname.Machine { + if f == 0 { + break + } + s += string(f) + } + return s +} + +func DistroName() string { + f, err := os.Open("/etc/os-release") + if err != nil { + return UnameO + } + defer f.Close() + return distroName(f) +} + +func distroName(r io.Reader) string { + scanner := bufio.NewScanner(r) + var name, version string + for scanner.Scan() { + line := scanner.Text() + k, v := getOSReleaseAttrib(line) + switch k { + case "PRETTY_NAME": + return v + case "NAME": + name = v + case "VERSION": + version = v + } + } + if name != "" { + if version != "" { + return name + " " + version + } + return name + } + return UnameO +} + +var osReleaseAttribRegex = regexp.MustCompile(`([^\s=]+)\s*=\s*("{0,1})([^"]*)("{0,1})`) + +func getOSReleaseAttrib(line string) (string, string) { + splitBySlash := strings.SplitN(line, "#", 2) + l := strings.TrimSpace(splitBySlash[0]) + x := osReleaseAttribRegex.FindAllStringSubmatch(l, -1) + if len(x) >= 1 && len(x[0]) > 3 { + return x[0][1], x[0][3] + } + return "", "" +} diff --git a/pkg/infoutil/infoutil_linux_test.go b/pkg/infoutil/infoutil_unix_test.go similarity index 98% rename from pkg/infoutil/infoutil_linux_test.go rename to pkg/infoutil/infoutil_unix_test.go index 90628f0b0af..f98d30c51ec 100644 --- a/pkg/infoutil/infoutil_linux_test.go +++ b/pkg/infoutil/infoutil_unix_test.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/lockutil/lockutil_linux.go b/pkg/lockutil/lockutil_unix.go similarity index 96% rename from pkg/lockutil/lockutil_linux.go rename to pkg/lockutil/lockutil_unix.go index f779a89e054..5f29354ea9e 100644 --- a/pkg/lockutil/lockutil_linux.go +++ b/pkg/lockutil/lockutil_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/mountutil/mountutil.go b/pkg/mountutil/mountutil.go index 1325631bb3f..f9d99242ef0 100644 --- a/pkg/mountutil/mountutil.go +++ b/pkg/mountutil/mountutil.go @@ -18,6 +18,7 @@ package mountutil import ( "path/filepath" + "runtime" "strings" "github.com/containerd/containerd/errdefs" @@ -108,11 +109,17 @@ func ProcessFlagV(s string, volStore volumestore.VolumeStore) (*Processed, error default: return nil, errors.Errorf("failed to parse %q", s) } + + fstype := "nullfs" + if runtime.GOOS != "freebsd" { + fstype = "none" + options = append(options, "rbind") + } res.Mount = specs.Mount{ - Type: "none", + Type: fstype, Source: src, Destination: dst, - Options: append([]string{"rbind"}, options...), + Options: options, } if sys.RunningInUserNS() { unpriv, err := getUnprivilegedMountFlags(src) diff --git a/pkg/mountutil/mountutil_freebsd.go b/pkg/mountutil/mountutil_freebsd.go new file mode 100644 index 00000000000..920eafcf4f9 --- /dev/null +++ b/pkg/mountutil/mountutil_freebsd.go @@ -0,0 +1,61 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package mountutil + +import ( + "fmt" + "strings" + + "github.com/containerd/containerd/oci" + "github.com/sirupsen/logrus" +) + +func getUnprivilegedMountFlags(path string) ([]string, error) { + m := []string{} + return m, nil +} + +// FreeBSD doesn't support bind mounts. +const DefaultPropagationMode = "" + +// parseVolumeOptions parses specified optsRaw with using information of +// the volume type and the src directory when necessary. +func parseVolumeOptions(vType, src, optsRaw string) ([]string, []oci.SpecOpts, error) { + var writeModeRawOpts []string + for _, opt := range strings.Split(optsRaw, ",") { + switch opt { + case "rw": + writeModeRawOpts = append(writeModeRawOpts, opt) + case "ro": + writeModeRawOpts = append(writeModeRawOpts, opt) + case "": + // NOP + default: + logrus.Warnf("unsupported volume option %q", opt) + } + } + var opts []string + if len(writeModeRawOpts) > 1 { + return nil, nil, fmt.Errorf("duplicated read/write volume option: %+v", writeModeRawOpts) + } else if len(writeModeRawOpts) > 0 && writeModeRawOpts[0] == "ro" { + opts = append(opts, "ro") + } // No need to return option when "rw" + return opts, nil, nil +} diff --git a/pkg/netutil/netutil_linux.go b/pkg/netutil/netutil_unix.go similarity index 96% rename from pkg/netutil/netutil_linux.go rename to pkg/netutil/netutil_unix.go index 3b17a4aa057..7bc04612fa8 100644 --- a/pkg/netutil/netutil_linux.go +++ b/pkg/netutil/netutil_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/ocihook/ocihook_freebsd.go b/pkg/ocihook/ocihook_freebsd.go new file mode 100644 index 00000000000..f6ab7d9d3cf --- /dev/null +++ b/pkg/ocihook/ocihook_freebsd.go @@ -0,0 +1,25 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ocihook + +func loadAppArmor() { + //noop + return +}