From d93be27a67524b71bef1b2e63c725577da8f69f9 Mon Sep 17 00:00:00 2001 From: Artem Khramov Date: Wed, 15 Sep 2021 13:08:15 +0300 Subject: [PATCH 1/3] [#137] FreeBSD support Now that containerd supports FreeBSD, we can port nerdctl, too! :rocket:. For full-fledged functionality, we will need to port * buildkit. Status: POC is ready, need to upstream fixes to dependencies. * runtime + containerd shim. runj/knast should work just fine. * CNI bridge plugin for networking. This change fixes FreeBSD compilation errors by renaming linux files to unix where necessary, or otherwise introducing FreeBSD versions for the necessary files. Signed-off-by: Artem Khramov --- .github/workflows/test.yml | 23 ++++ Makefile | 4 +- .../{client_linux.go => client_unix.go} | 3 + cmd/nerdctl/exec_freebsd.go | 29 +++++ cmd/nerdctl/{login_linux.go => login_unix.go} | 3 + cmd/nerdctl/main_freebsd.go | 32 +++++ cmd/nerdctl/main_linux.go | 44 ------- cmd/nerdctl/main_unix.go | 72 ++++++++++++ cmd/nerdctl/run.go | 16 ++- cmd/nerdctl/run_cgroup_freebsd.go | 29 +++++ cmd/nerdctl/run_freebsd.go | 67 +++++++++++ cmd/nerdctl/run_runtime.go | 2 +- docs/freebsd.md | 33 ++++++ Vagrantfile => hack/Vagrantfile.fedora34 | 0 hack/Vagrantfile.freebsd13 | 28 +++++ .../containerinspector_freebsd.go | 32 +++++ pkg/defaults/defaults_freebsd.go | 52 +++++++++ pkg/defaults/defaults_linux.go | 2 + pkg/defaults/defaults_windows.go | 1 + pkg/infoutil/infoutil_freebsd.go | 26 +++++ pkg/infoutil/infoutil_linux.go | 87 -------------- pkg/infoutil/infoutil_unix.go | 110 ++++++++++++++++++ ...il_linux_test.go => infoutil_unix_test.go} | 3 + .../{lockutil_linux.go => lockutil_unix.go} | 3 + pkg/mountutil/mountutil.go | 11 +- pkg/mountutil/mountutil_freebsd.go | 61 ++++++++++ .../{netutil_linux.go => netutil_unix.go} | 3 + pkg/ocihook/ocihook_freebsd.go | 25 ++++ 28 files changed, 660 insertions(+), 141 deletions(-) rename cmd/nerdctl/{client_linux.go => client_unix.go} (94%) create mode 100644 cmd/nerdctl/exec_freebsd.go rename cmd/nerdctl/{login_linux.go => login_unix.go} (95%) create mode 100644 cmd/nerdctl/main_freebsd.go create mode 100644 cmd/nerdctl/main_unix.go create mode 100644 cmd/nerdctl/run_cgroup_freebsd.go create mode 100644 cmd/nerdctl/run_freebsd.go create mode 100644 docs/freebsd.md rename Vagrantfile => hack/Vagrantfile.fedora34 (100%) create mode 100644 hack/Vagrantfile.freebsd13 create mode 100644 pkg/containerinspector/containerinspector_freebsd.go create mode 100644 pkg/defaults/defaults_freebsd.go create mode 100644 pkg/infoutil/infoutil_freebsd.go create mode 100644 pkg/infoutil/infoutil_unix.go rename pkg/infoutil/{infoutil_linux_test.go => infoutil_unix_test.go} (98%) rename pkg/lockutil/{lockutil_linux.go => lockutil_unix.go} (96%) create mode 100644 pkg/mountutil/mountutil_freebsd.go rename pkg/netutil/{netutil_linux.go => netutil_unix.go} (96%) create mode 100644 pkg/ocihook/ocihook_freebsd.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 68dbd962a4..6e1010ee8d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -124,6 +124,8 @@ jobs: # nested virtualization is only available on macOS hosts runs-on: macos-10.15 timeout-minutes: 40 + env: + VAGRANT_VAGRANTFILE: hack/Vagrantfile.fedora34 steps: - uses: actions/setup-go@v2 with: @@ -161,3 +163,24 @@ jobs: command: ssh default -- "CONTAINERD_SNAPSHOTTER=fuse-overlayfs /vagrant/nerdctl.test -test.v -test.kill-daemon" - name: "Uninstall rootless containerd" run: ssh default -- containerd-rootless-setuptool.sh uninstall + + test-freebsd-amd64: + runs-on: macos-latest + env: + VAGRANT_VAGRANTFILE: hack/Vagrantfile.freebsd13 + NERDCTL_RUN_ARGS: --net none knast/freebsd:13-STABLE echo "Nerdctl is up and running." + steps: + - name: Cache Vagrant boxes + uses: actions/cache@v2 + with: + path: ~/.vagrant.d/boxes + key: ${{ runner.os }}-vagrant-${{ hashFiles('hack/Vagrantfile.freebsd13') }} + restore-keys: | + ${{ runner.os }}-vagrant- + - uses: actions/checkout@v2 + - name: Set up vagrant + run: vagrant up + - name: "Run unit tests" + run: vagrant ssh -- "cd /vagrant; go test -v ./pkg/..." + - name: "Integration smoke test" + run: vagrant ssh -- "cd /vagrant/cmd/nerdctl; sudo go run . -- run $NERDCTL_RUN_ARGS | grep running" diff --git a/Makefile b/Makefile index 643468ad7f..f4ac00bdb7 100644 --- a/Makefile +++ b/Makefile @@ -82,9 +82,11 @@ artifacts: clean GOOS=windows GOARCH=amd64 make -C $(CURDIR) binaries tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-windows-amd64.tar.gz _output/nerdctl.exe - rm -f $(CURDIR)/_output/nerdctl $(CURDIR)/_output/nerdctl.exe + GOOS=freebsd GOARCH=amd64 make -C $(CURDIR) binaries + tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-freebsd-amd64.tar.gz _output/nerdctl extras/rootless/* + $(call make_artifact_full_linux,amd64) $(call make_artifact_full_linux,arm64) diff --git a/cmd/nerdctl/client_linux.go b/cmd/nerdctl/client_unix.go similarity index 94% rename from cmd/nerdctl/client_linux.go rename to cmd/nerdctl/client_unix.go index ed5988f91b..401a90bc37 100644 --- a/cmd/nerdctl/client_linux.go +++ b/cmd/nerdctl/client_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/exec_freebsd.go b/cmd/nerdctl/exec_freebsd.go new file mode 100644 index 0000000000..5bbb2dbdd4 --- /dev/null +++ b/cmd/nerdctl/exec_freebsd.go @@ -0,0 +1,29 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/opencontainers/runtime-spec/specs-go" +) + +func setExecCapabilities(pspec *specs.Process) error { + //no op freebsd + return nil +} diff --git a/cmd/nerdctl/login_linux.go b/cmd/nerdctl/login_unix.go similarity index 95% rename from cmd/nerdctl/login_linux.go rename to cmd/nerdctl/login_unix.go index ae689e5e78..b349d356be 100644 --- a/cmd/nerdctl/login_linux.go +++ b/cmd/nerdctl/login_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/main_freebsd.go b/cmd/nerdctl/main_freebsd.go new file mode 100644 index 0000000000..2032b84348 --- /dev/null +++ b/cmd/nerdctl/main_freebsd.go @@ -0,0 +1,32 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/urfave/cli/v2" +) + +func appNeedsRootlessParentMain(clicontext *cli.Context) bool { + return false +} + +func appBashComplete(clicontext *cli.Context) { + return +} diff --git a/cmd/nerdctl/main_linux.go b/cmd/nerdctl/main_linux.go index baae0f67b2..8264e2861e 100644 --- a/cmd/nerdctl/main_linux.go +++ b/cmd/nerdctl/main_linux.go @@ -20,10 +20,8 @@ import ( "fmt" ncdefaults "github.com/containerd/nerdctl/pkg/defaults" - "github.com/containerd/nerdctl/pkg/infoutil" "github.com/containerd/nerdctl/pkg/rootlessutil" - "github.com/sirupsen/logrus" "github.com/urfave/cli/v2" ) @@ -64,45 +62,3 @@ func appBashComplete(clicontext *cli.Context) { fmt.Fprintln(clicontext.App.Writer, subcomm.Name) } } - -func bashCompleteNamespaceNames(clicontext *cli.Context) { - if rootlessutil.IsRootlessParent() { - _ = rootlessutil.ParentMain() - return - } - - client, ctx, cancel, err := newClient(clicontext) - if err != nil { - return - } - defer cancel() - nsService := client.NamespaceService() - nsList, err := nsService.List(ctx) - if err != nil { - logrus.Warn(err) - return - } - for _, ns := range nsList { - fmt.Fprintln(clicontext.App.Writer, ns) - } -} - -func bashCompleteSnapshotterNames(clicontext *cli.Context) { - if rootlessutil.IsRootlessParent() { - _ = rootlessutil.ParentMain() - return - } - - client, ctx, cancel, err := newClient(clicontext) - if err != nil { - return - } - defer cancel() - snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService()) - if err != nil { - return - } - for _, name := range snapshotterPlugins { - fmt.Fprintln(clicontext.App.Writer, name) - } -} diff --git a/cmd/nerdctl/main_unix.go b/cmd/nerdctl/main_unix.go new file mode 100644 index 0000000000..4056791071 --- /dev/null +++ b/cmd/nerdctl/main_unix.go @@ -0,0 +1,72 @@ +//go:build freebsd || linux +// +build freebsd linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "fmt" + + "github.com/containerd/nerdctl/pkg/infoutil" + + "github.com/containerd/nerdctl/pkg/rootlessutil" + "github.com/sirupsen/logrus" + "github.com/urfave/cli/v2" +) + +func bashCompleteNamespaceNames(clicontext *cli.Context) { + if rootlessutil.IsRootlessParent() { + _ = rootlessutil.ParentMain() + return + } + + client, ctx, cancel, err := newClient(clicontext) + if err != nil { + return + } + defer cancel() + nsService := client.NamespaceService() + nsList, err := nsService.List(ctx) + if err != nil { + logrus.Warn(err) + return + } + for _, ns := range nsList { + fmt.Fprintln(clicontext.App.Writer, ns) + } +} + +func bashCompleteSnapshotterNames(clicontext *cli.Context) { + if rootlessutil.IsRootlessParent() { + _ = rootlessutil.ParentMain() + return + } + + client, ctx, cancel, err := newClient(clicontext) + if err != nil { + return + } + defer cancel() + snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService()) + if err != nil { + return + } + for _, name := range snapshotterPlugins { + fmt.Fprintln(clicontext.App.Writer, name) + } +} diff --git a/cmd/nerdctl/run.go b/cmd/nerdctl/run.go index 2d2c9105c2..36619d3441 100644 --- a/cmd/nerdctl/run.go +++ b/cmd/nerdctl/run.go @@ -25,6 +25,7 @@ import ( "os" "path" "path/filepath" + "runtime" "strings" "github.com/containerd/console" @@ -34,7 +35,6 @@ import ( "github.com/containerd/containerd/cmd/ctr/commands/tasks" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/oci" - "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/runtime/restart" gocni "github.com/containerd/go-cni" "github.com/containerd/nerdctl/pkg/defaults" @@ -187,7 +187,7 @@ var runCommand = &cli.Command{ &cli.StringFlag{ Name: "runtime", Usage: "Runtime to use for this container, e.g. \"crun\", or \"io.containerd.runsc.v1\"", - Value: plugin.RuntimeRuncV2, + Value: defaults.Runtime, }, &cli.StringSliceFlag{ Name: "sysctl", @@ -319,12 +319,16 @@ func runAction(clicontext *cli.Context) error { opts = append(opts, oci.WithDefaultSpec(), oci.WithDefaultUnixDevices, - oci.WithMounts([]specs.Mount{ - {Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}}, - }), WithoutRunMount(), // unmount default tmpfs on "/run": https://github.com/containerd/nerdctl/issues/157 ) + if runtime.GOOS == "linux" { + opts = append(opts, + oci.WithMounts([]specs.Mount{ + {Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}}, + })) + } + rootfsOpts, rootfsCOpts, ensuredImage, err := generateRootfsOpts(ctx, client, clicontext, id) if err != nil { return err @@ -757,7 +761,7 @@ func withCustomHosts(src string) func(context.Context, oci.Client, *containers.C } func generateLogURI(dataStore string) (*url.URL, error) { - selfExe, err := os.Readlink("/proc/self/exe") + selfExe, err := os.Executable() if err != nil { return nil, err } diff --git a/cmd/nerdctl/run_cgroup_freebsd.go b/cmd/nerdctl/run_cgroup_freebsd.go new file mode 100644 index 0000000000..25fed14038 --- /dev/null +++ b/cmd/nerdctl/run_cgroup_freebsd.go @@ -0,0 +1,29 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "github.com/containerd/containerd/oci" + "github.com/urfave/cli/v2" +) + +func generateCgroupOpts(clicontext *cli.Context, id string) ([]oci.SpecOpts, error) { + return []oci.SpecOpts{}, nil +} diff --git a/cmd/nerdctl/run_freebsd.go b/cmd/nerdctl/run_freebsd.go new file mode 100644 index 0000000000..4f20d97e35 --- /dev/null +++ b/cmd/nerdctl/run_freebsd.go @@ -0,0 +1,67 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package main + +import ( + "context" + "fmt" + + "github.com/containerd/containerd/containers" + "github.com/containerd/containerd/oci" + "github.com/urfave/cli/v2" +) + +func runBashComplete(clicontext *cli.Context) { + coco := parseCompletionContext(clicontext) + if coco.boring { + defaultBashComplete(clicontext) + return + } + if coco.flagTakesValue { + w := clicontext.App.Writer + switch coco.flagName { + case "restart": + fmt.Fprintln(w, "always") + fmt.Fprintln(w, "no") + return + case "pull": + fmt.Fprintln(w, "always") + fmt.Fprintln(w, "missing") + fmt.Fprintln(w, "never") + return + case "net", "network": + bashCompleteNetworkNames(clicontext, nil) + return + } + defaultBashComplete(clicontext) + return + } + // show image names, unless we have "--rootfs" flag + if clicontext.Bool("rootfs") { + defaultBashComplete(clicontext) + return + } + bashCompleteImageNames(clicontext) +} + +func WithoutRunMount() func(ctx context.Context, client oci.Client, c *containers.Container, s *oci.Spec) error { + // not valid on freebsd + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { return nil } +} diff --git a/cmd/nerdctl/run_runtime.go b/cmd/nerdctl/run_runtime.go index 5f5e957612..749fcc95d2 100644 --- a/cmd/nerdctl/run_runtime.go +++ b/cmd/nerdctl/run_runtime.go @@ -41,7 +41,7 @@ func generateRuntimeCOpts(clicontext *cli.Context) ([]containerd.NewContainerOpt runcOpts.SystemdCgroup = true } if runtimeStr := clicontext.String("runtime"); runtimeStr != "" { - if strings.HasPrefix(runtimeStr, "io.containerd.") { + if strings.HasPrefix(runtimeStr, "io.containerd.") || runtimeStr == "wtf.sbk.runj.v1" { runtime = runtimeStr if !strings.HasPrefix(runtimeStr, "io.containerd.runc.") { if cgm == "systemd" { diff --git a/docs/freebsd.md b/docs/freebsd.md new file mode 100644 index 0000000000..b566e8e91c --- /dev/null +++ b/docs/freebsd.md @@ -0,0 +1,33 @@ +# FreeBSD + + +| :zap: FreeBSD runtimes are at the very early stage of development | +|--------------------------------------------------------------------------| + +nerdctl provides experimental support for running FreeBSD jails. + +## Installation + +You will need the most up-to-date containerd build along with a containerd shim, +such as [runj](https://github.com/samuelkarp/runj). Follow the build +instructions in the respective repositories. + +## Usage + +You can use the `knast/freebsd` image to run a standard FreeBSD 13 jail: + +```sh +nerdctl run --net none -it knast/freebsd:13-STABLE +``` + +## Limitations & Bugs + +- :warning: CNI & CNI plugins are not yet ported to FreeBSD. The only supported + network type is `none` +- :warning: buildkit is not yet ported to FreeBSD. + - [ ] https://github.com/tonistiigi/fsutil/pull/109 - buildkit dependency + - [ ] https://github.com/moby/moby/pull/42866 - buildkit dependency +- :warning: Linuxulator containers support is + WIP. https://github.com/containerd/nerdctl/issues/280 https://github.com/containerd/containerd/pull/5480 + +- :bug: `nerdctl compose` commands currently don't work. https://github.com/containerd/containerd/pull/5991 diff --git a/Vagrantfile b/hack/Vagrantfile.fedora34 similarity index 100% rename from Vagrantfile rename to hack/Vagrantfile.fedora34 diff --git a/hack/Vagrantfile.freebsd13 b/hack/Vagrantfile.freebsd13 new file mode 100644 index 0000000000..f3f6407010 --- /dev/null +++ b/hack/Vagrantfile.freebsd13 @@ -0,0 +1,28 @@ +# This code is taken from the Vagrantfile from libjail-rs +# https://github.com/fubarnetes/libjail-rs/blob/727353bd6565c5e7a9be2664258d0197a1c8bb35/Vagrantfile +# licensed under BSD-3 Clause License: +# BSD 3-Clause License + +# Copyright (c) 2018, Fabian Freyer All rights reserved. + +# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +# * Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Vagrant.configure("2") do |config| + config.vm.synced_folder ".", "/vagrant", type: "rsync", rsync__auto: true + config.vm.box = "freebsd/FreeBSD-13.0-STABLE" + config.vm.provision "shell", inline: <<-SHELL + pkg bootstrap + pkg install -y go containerd runj + + # Starting containerd + daemon -o containerd.out containerd + SHELL +end diff --git a/pkg/containerinspector/containerinspector_freebsd.go b/pkg/containerinspector/containerinspector_freebsd.go new file mode 100644 index 0000000000..604d2f32fe --- /dev/null +++ b/pkg/containerinspector/containerinspector_freebsd.go @@ -0,0 +1,32 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package containerinspector + +import ( + "context" + + "github.com/containerd/nerdctl/pkg/inspecttypes/native" +) + +func inspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) { + r := &native.NetNS{} + + return r, nil +} diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go new file mode 100644 index 0000000000..9393ab0cfc --- /dev/null +++ b/pkg/defaults/defaults_freebsd.go @@ -0,0 +1,52 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package defaults + +import ( + gocni "github.com/containerd/go-cni" +) + +const AppArmorProfileName = "" +const Runtime = "wtf.sbk.runj.v1" + +func DataRoot() string { + return "/var/lib/nerdctl" +} + +func CNIPath() string { + // default: /opt/cni/bin + return gocni.DefaultCNIDir +} + +func CNINetConfPath() string { + return gocni.DefaultNetDir +} + +func BuildKitHost() string { + return "unix:///run/buildkit/buildkitd.sock" +} + +func CgroupManager() string { + return "" +} + +func CgroupnsMode() string { + return "" +} diff --git a/pkg/defaults/defaults_linux.go b/pkg/defaults/defaults_linux.go index 287f067e10..5a46016644 100644 --- a/pkg/defaults/defaults_linux.go +++ b/pkg/defaults/defaults_linux.go @@ -21,12 +21,14 @@ import ( "os" "path/filepath" + "github.com/containerd/containerd/plugin" gocni "github.com/containerd/go-cni" "github.com/containerd/nerdctl/pkg/rootlessutil" "github.com/sirupsen/logrus" ) const AppArmorProfileName = "nerdctl-default" +const Runtime = plugin.RuntimeRuncV2 func DataRoot() string { if !rootlessutil.IsRootless() { diff --git a/pkg/defaults/defaults_windows.go b/pkg/defaults/defaults_windows.go index 1afd512551..f13be4eaaa 100644 --- a/pkg/defaults/defaults_windows.go +++ b/pkg/defaults/defaults_windows.go @@ -23,6 +23,7 @@ import ( ) const AppArmorProfileName = "" +const Runtime = "" func DataRoot() string { return filepath.Join(os.Getenv("ProgramData"), "nerdctl") diff --git a/pkg/infoutil/infoutil_freebsd.go b/pkg/infoutil/infoutil_freebsd.go new file mode 100644 index 0000000000..ad5c050f80 --- /dev/null +++ b/pkg/infoutil/infoutil_freebsd.go @@ -0,0 +1,26 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package infoutil + +const UnameO = "FreeBSD" + +func CgroupsVersion() string { + return "" +} diff --git a/pkg/infoutil/infoutil_linux.go b/pkg/infoutil/infoutil_linux.go index 1d2c6285b4..cf6aab29ab 100644 --- a/pkg/infoutil/infoutil_linux.go +++ b/pkg/infoutil/infoutil_linux.go @@ -17,98 +17,11 @@ package infoutil import ( - "bufio" - "io" - "os" - "regexp" - - "strings" - "github.com/containerd/cgroups" - "golang.org/x/sys/unix" ) -// UnameR returns `uname -r` -func UnameR() string { - var utsname unix.Utsname - if err := unix.Uname(&utsname); err != nil { - // error is unlikely to happen - return "" - } - var s string - for _, f := range utsname.Release { - if f == 0 { - break - } - s += string(f) - } - return s -} - -// UnameM returns `uname -m` -func UnameM() string { - var utsname unix.Utsname - if err := unix.Uname(&utsname); err != nil { - // error is unlikely to happen - return "" - } - var s string - for _, f := range utsname.Machine { - if f == 0 { - break - } - s += string(f) - } - return s -} - const UnameO = "GNU/Linux" -func DistroName() string { - f, err := os.Open("/etc/os-release") - if err != nil { - return UnameO - } - defer f.Close() - return distroName(f) -} - -func distroName(r io.Reader) string { - scanner := bufio.NewScanner(r) - var name, version string - for scanner.Scan() { - line := scanner.Text() - k, v := getOSReleaseAttrib(line) - switch k { - case "PRETTY_NAME": - return v - case "NAME": - name = v - case "VERSION": - version = v - } - } - if name != "" { - if version != "" { - return name + " " + version - } - return name - } - return UnameO -} - -var osReleaseAttribRegex = regexp.MustCompile(`([^\s=]+)\s*=\s*("{0,1})([^"]*)("{0,1})`) - -func getOSReleaseAttrib(line string) (string, string) { - splitBySlash := strings.SplitN(line, "#", 2) - l := strings.TrimSpace(splitBySlash[0]) - x := osReleaseAttribRegex.FindAllStringSubmatch(l, -1) - if len(x) >= 1 && len(x[0]) > 3 { - return x[0][1], x[0][3] - } - return "", "" -} - func CgroupsVersion() string { if cgroups.Mode() == cgroups.Unified { return "2" diff --git a/pkg/infoutil/infoutil_unix.go b/pkg/infoutil/infoutil_unix.go new file mode 100644 index 0000000000..46f27a337a --- /dev/null +++ b/pkg/infoutil/infoutil_unix.go @@ -0,0 +1,110 @@ +//go:build freebsd || linux +// +build freebsd linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package infoutil + +import ( + "bufio" + "io" + "os" + "regexp" + + "strings" + + "golang.org/x/sys/unix" +) + +// UnameR returns `uname -r` +func UnameR() string { + var utsname unix.Utsname + if err := unix.Uname(&utsname); err != nil { + // error is unlikely to happen + return "" + } + var s string + for _, f := range utsname.Release { + if f == 0 { + break + } + s += string(f) + } + return s +} + +// UnameM returns `uname -m` +func UnameM() string { + var utsname unix.Utsname + if err := unix.Uname(&utsname); err != nil { + // error is unlikely to happen + return "" + } + var s string + for _, f := range utsname.Machine { + if f == 0 { + break + } + s += string(f) + } + return s +} + +func DistroName() string { + f, err := os.Open("/etc/os-release") + if err != nil { + return UnameO + } + defer f.Close() + return distroName(f) +} + +func distroName(r io.Reader) string { + scanner := bufio.NewScanner(r) + var name, version string + for scanner.Scan() { + line := scanner.Text() + k, v := getOSReleaseAttrib(line) + switch k { + case "PRETTY_NAME": + return v + case "NAME": + name = v + case "VERSION": + version = v + } + } + if name != "" { + if version != "" { + return name + " " + version + } + return name + } + return UnameO +} + +var osReleaseAttribRegex = regexp.MustCompile(`([^\s=]+)\s*=\s*("{0,1})([^"]*)("{0,1})`) + +func getOSReleaseAttrib(line string) (string, string) { + splitBySlash := strings.SplitN(line, "#", 2) + l := strings.TrimSpace(splitBySlash[0]) + x := osReleaseAttribRegex.FindAllStringSubmatch(l, -1) + if len(x) >= 1 && len(x[0]) > 3 { + return x[0][1], x[0][3] + } + return "", "" +} diff --git a/pkg/infoutil/infoutil_linux_test.go b/pkg/infoutil/infoutil_unix_test.go similarity index 98% rename from pkg/infoutil/infoutil_linux_test.go rename to pkg/infoutil/infoutil_unix_test.go index 90628f0b0a..f98d30c51e 100644 --- a/pkg/infoutil/infoutil_linux_test.go +++ b/pkg/infoutil/infoutil_unix_test.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/lockutil/lockutil_linux.go b/pkg/lockutil/lockutil_unix.go similarity index 96% rename from pkg/lockutil/lockutil_linux.go rename to pkg/lockutil/lockutil_unix.go index f779a89e05..5f29354ea9 100644 --- a/pkg/lockutil/lockutil_linux.go +++ b/pkg/lockutil/lockutil_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/mountutil/mountutil.go b/pkg/mountutil/mountutil.go index 1325631bb3..f9d99242ef 100644 --- a/pkg/mountutil/mountutil.go +++ b/pkg/mountutil/mountutil.go @@ -18,6 +18,7 @@ package mountutil import ( "path/filepath" + "runtime" "strings" "github.com/containerd/containerd/errdefs" @@ -108,11 +109,17 @@ func ProcessFlagV(s string, volStore volumestore.VolumeStore) (*Processed, error default: return nil, errors.Errorf("failed to parse %q", s) } + + fstype := "nullfs" + if runtime.GOOS != "freebsd" { + fstype = "none" + options = append(options, "rbind") + } res.Mount = specs.Mount{ - Type: "none", + Type: fstype, Source: src, Destination: dst, - Options: append([]string{"rbind"}, options...), + Options: options, } if sys.RunningInUserNS() { unpriv, err := getUnprivilegedMountFlags(src) diff --git a/pkg/mountutil/mountutil_freebsd.go b/pkg/mountutil/mountutil_freebsd.go new file mode 100644 index 0000000000..920eafcf4f --- /dev/null +++ b/pkg/mountutil/mountutil_freebsd.go @@ -0,0 +1,61 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package mountutil + +import ( + "fmt" + "strings" + + "github.com/containerd/containerd/oci" + "github.com/sirupsen/logrus" +) + +func getUnprivilegedMountFlags(path string) ([]string, error) { + m := []string{} + return m, nil +} + +// FreeBSD doesn't support bind mounts. +const DefaultPropagationMode = "" + +// parseVolumeOptions parses specified optsRaw with using information of +// the volume type and the src directory when necessary. +func parseVolumeOptions(vType, src, optsRaw string) ([]string, []oci.SpecOpts, error) { + var writeModeRawOpts []string + for _, opt := range strings.Split(optsRaw, ",") { + switch opt { + case "rw": + writeModeRawOpts = append(writeModeRawOpts, opt) + case "ro": + writeModeRawOpts = append(writeModeRawOpts, opt) + case "": + // NOP + default: + logrus.Warnf("unsupported volume option %q", opt) + } + } + var opts []string + if len(writeModeRawOpts) > 1 { + return nil, nil, fmt.Errorf("duplicated read/write volume option: %+v", writeModeRawOpts) + } else if len(writeModeRawOpts) > 0 && writeModeRawOpts[0] == "ro" { + opts = append(opts, "ro") + } // No need to return option when "rw" + return opts, nil, nil +} diff --git a/pkg/netutil/netutil_linux.go b/pkg/netutil/netutil_unix.go similarity index 96% rename from pkg/netutil/netutil_linux.go rename to pkg/netutil/netutil_unix.go index 3b17a4aa05..7bc04612fa 100644 --- a/pkg/netutil/netutil_linux.go +++ b/pkg/netutil/netutil_unix.go @@ -1,3 +1,6 @@ +//go:build freebsd || linux +// +build freebsd linux + /* Copyright The containerd Authors. diff --git a/pkg/ocihook/ocihook_freebsd.go b/pkg/ocihook/ocihook_freebsd.go new file mode 100644 index 0000000000..f6ab7d9d3c --- /dev/null +++ b/pkg/ocihook/ocihook_freebsd.go @@ -0,0 +1,25 @@ +//go:build freebsd +// +build freebsd + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ocihook + +func loadAppArmor() { + //noop + return +} From 9d024132ea743a96e6378eee1765ff377f8c37a7 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 21 Sep 2021 22:44:45 +0900 Subject: [PATCH 2/3] freebsd: remove bogus build annotations Signed-off-by: Akihiro Suda --- cmd/nerdctl/exec_freebsd.go | 3 --- cmd/nerdctl/main_freebsd.go | 3 --- cmd/nerdctl/run_cgroup_freebsd.go | 3 --- cmd/nerdctl/run_freebsd.go | 3 --- pkg/containerinspector/containerinspector_freebsd.go | 3 --- pkg/defaults/defaults_freebsd.go | 3 --- pkg/infoutil/infoutil_freebsd.go | 3 --- pkg/mountutil/mountutil_freebsd.go | 3 --- pkg/ocihook/ocihook_freebsd.go | 3 --- 9 files changed, 27 deletions(-) diff --git a/cmd/nerdctl/exec_freebsd.go b/cmd/nerdctl/exec_freebsd.go index 5bbb2dbdd4..8d374c3b9c 100644 --- a/cmd/nerdctl/exec_freebsd.go +++ b/cmd/nerdctl/exec_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/main_freebsd.go b/cmd/nerdctl/main_freebsd.go index 2032b84348..522963124a 100644 --- a/cmd/nerdctl/main_freebsd.go +++ b/cmd/nerdctl/main_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/run_cgroup_freebsd.go b/cmd/nerdctl/run_cgroup_freebsd.go index 25fed14038..bf571d6b3d 100644 --- a/cmd/nerdctl/run_cgroup_freebsd.go +++ b/cmd/nerdctl/run_cgroup_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/run_freebsd.go b/cmd/nerdctl/run_freebsd.go index 4f20d97e35..f7068fd396 100644 --- a/cmd/nerdctl/run_freebsd.go +++ b/cmd/nerdctl/run_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/pkg/containerinspector/containerinspector_freebsd.go b/pkg/containerinspector/containerinspector_freebsd.go index 604d2f32fe..752b807dc5 100644 --- a/pkg/containerinspector/containerinspector_freebsd.go +++ b/pkg/containerinspector/containerinspector_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go index 9393ab0cfc..6d9624e9ee 100644 --- a/pkg/defaults/defaults_freebsd.go +++ b/pkg/defaults/defaults_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/pkg/infoutil/infoutil_freebsd.go b/pkg/infoutil/infoutil_freebsd.go index ad5c050f80..a0c99b7dbf 100644 --- a/pkg/infoutil/infoutil_freebsd.go +++ b/pkg/infoutil/infoutil_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/pkg/mountutil/mountutil_freebsd.go b/pkg/mountutil/mountutil_freebsd.go index 920eafcf4f..08d87e5f83 100644 --- a/pkg/mountutil/mountutil_freebsd.go +++ b/pkg/mountutil/mountutil_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. diff --git a/pkg/ocihook/ocihook_freebsd.go b/pkg/ocihook/ocihook_freebsd.go index f6ab7d9d3c..ef9df017c9 100644 --- a/pkg/ocihook/ocihook_freebsd.go +++ b/pkg/ocihook/ocihook_freebsd.go @@ -1,6 +1,3 @@ -//go:build freebsd -// +build freebsd - /* Copyright The containerd Authors. From fef5ff276fbed58981e964f76ed057e2f73589d6 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 21 Sep 2021 22:47:42 +0900 Subject: [PATCH 3/3] docs: update for FreeBSD Signed-off-by: Akihiro Suda --- README.md | 6 ++++++ docs/freebsd.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 911198e8fb..f06ab6bcce 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,10 @@ $ lima nerdctl run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine NOTE: ARM Mac requires installing a patched version of QEMU, see [Lima](https://github.com/AkihiroSuda/lima) documentation. +### FreeBSD + +See [`./docs/freebsd.md`](docs/freebsd.md). + ### Windows - Linux containers: Known to work on WSL2 @@ -121,6 +125,7 @@ Minor: - Importing OCI archives as well as Docker archives: `nerdctl load` . - Specifying a non-image rootfs: `nerdctl run -it --rootfs /bin/sh` . The CLI syntax conforms to Podman convention. - Connecting a container to multiple networks at once: `nerdctl run --net foo --net bar` +- Running [FreeBSD jails](./docs/freebsd.md). Trivial: - Inspecting raw OCI config: `nerdctl container inspect --mode=native` . @@ -958,3 +963,4 @@ Others: - [`./docs/rootless.md`](./docs/rootless.md): Rootless mode - [`./docs/stargz.md`](./docs/stargz.md): Lazy-pulling using Stargz Snapshotter - [`./docs/ocicrypt.md`](./docs/ocicrypt.md): Running encrypted images +- [`./docs/freebsd.md`](./docs/freebsd.md): Running FreeBSD jails diff --git a/docs/freebsd.md b/docs/freebsd.md index b566e8e91c..9327c53d33 100644 --- a/docs/freebsd.md +++ b/docs/freebsd.md @@ -4,7 +4,7 @@ | :zap: FreeBSD runtimes are at the very early stage of development | |--------------------------------------------------------------------------| -nerdctl provides experimental support for running FreeBSD jails. +nerdctl provides experimental support for running FreeBSD jails on FreeBSD hosts. ## Installation