* Bring back bundle support
* Check reader ptr before use it as when working in uab mode, ll-box
might not have reader at all.
* More config.json generate handling code.
* Install ll-box-static to /usr/libexec
Change-Id: Iafc2f5a684cecbce2aeb8aed90f1eed451c165f2
We used to use ofstream with io::out to touch a file. It turns out that
this will overwrite file content if there is already something in that
file.
Now we have a new method called `touch` in util::fs::path, which will
check if that file exist.
Change-Id: I1accec8b57c653c4b2ea7b4aa0016b9cf8f51ac6
Process created by fork will inherit blocked signal list. In then third
level ll-box, we block SIGCHLD and SIGTERM for handling them in
signalfd with epoll. So we have to unblock this two signals to let the
application or command we run can recive this signals.
When a process try to start daemon with double fork, it might wait for
the SIGCHLD of first child. If SIGCHLD is blocked, the process wating
for signal will never recive that signal, and keep waiting forever.
Change-Id: Iebc6810560e89849915d0374acedcdbe5866b818
- Use static link ll-box so that the bundle file can run it without
depends
- Add BUILD_STATIC option to CMakeLists.text, default is OFF
Log:
Change-Id: Ica871aa6311e47f4a38c03d2348f049913ea9ee5
* We should ignore EAGAIN, as noblock socket would return -1 when read
with no data in it and set errno to EAGAIN, which mean we have to
retry later.
Change-Id: I84d01bf719214583e22b8566934cd0836f0e3c90
We used to ignore any signal expect SIGCHLD, which lead to the ll-box
which waiting to exec command cannot be killed by SIGTERM.
Change-Id: I06802aec86c95133fd0f2c25644ab35394911e45
* copy PKGBUILD from https://wiki.archlinux.org/title/CMake_package_guidelines
* add some dependencies
This is just a workround, dependencies list should be consider more
carefully.
Change-Id: I1c698974746b91551715950162a858746c28d545
* We should cd to the "cwd" of argument but not the cwd in oci config
as they might be different.
* Add a new info log before exec, to determine whether we has entered
the container or not.
* Add a new warning for failed chdir.
Log: Bug fix and add more log.
Change-Id: I5bef3aa4e19ce37cce324f1886db37575a414177
As the 'exec' function is implemented by forking a new child from the
init process. The init process have to stay in the same user namespace
as application process.
So we now result in a situation where we have to always create new pid
namespace to keep the third layer box as the init(pid=1) process for
application.
Change-Id: If83dd5bc10c292f43b9ad3e0fb59b31d222fccac
This reverts commit 6d6ce1ada7.
We need to configure $PATH to exec program. so we have to get this done
before call `util::Exec`
Change-Id: Ib171ac2cb4cdea9c0c1b47386eb2ff15f1efd120
`p.env` might contain something like "AAA=", which cause kv.size=1,
leading to `kv.at(1)` fail with `out_of_range` exception.
As util::Exec use execvp which can handle environment variables, we
don't need these lines of codes at all.
Change-Id: I03495a451d8c7530d5800a585abc606a7ab8ab3a
* message_reader.cpp for read/write from/to socket.
* use signalfd + epoll to make ll-box work like a sane init
Change-Id: I392c9190462359c215b8efce6d551c57982b770c
* use realpath
this commit fix two issues:
* use of uninitalized buffer
* readlink not work for relative symbol link
Change-Id: I1b3a9f2e43b303ebacd3c84b07c5245a1d993c3e
(cherry picked from commit 8ffef114624f56d9582f13f7eaf0e019e84238de)
* CLONE_FS cannot be use with CLONE_NEWUSER, which cause a EINVAL
refer: man 2 clone
> For security reasons, CLONE_NEWUSER cannot be specified in
> conjunction with CLONE_FS.
Change-Id: I4b2463ad799d7c3c37d346824edca37918056cfb
* Move the uid(gid) mapping configure logic into cloned process
* Void using of semaphore
* Improve log of wait helper functions.
Change-Id: Ifb0ca77df62c07dc7513698be8895dfa52e1a443
As we may create double nest pid namespace there might be two ll-box
both think their pid=1. So when print log, we have to print the pid
namespace them in as well as their pids.
Change-Id: Ie5716bd902f16c82fe315ed7faaabc50d0f48c7e
- ll-box 1
- ll-box 2
- ll-box 3
- app
If app daemonlize itself, it will be adopted by the init process of
its pid namespace. for now, this init process maybe ll-box 2 or ll-box
3, so we have to wait -1 in ll-box 2 in case we do not create new pid
namespace when creating ll-box 3 by clone.
Change-Id: I32548d5427a7598a806187259323653055e0603f
* Partly revert 4d40bce034
Note: not sure why these unused codes make the third-level ll-box
terminate, but the second-level ll-box donot exit.
Change-Id: I9ca5b72f1c8ed7ec0f25214a7972ca6f375806f7
Chen Linxuan
huqinghong
chenhuixing
Iceyer
liujianqiang
black-desk