rewrite to runc implementation

Author: elijah-wright

vminitd/Sources/vmexec/ExecCommand.swift

@@ -23,6 +23,7 @@ import Foundation
 import LCShim
 import Logging
 import Musl
+import Glibc
 
 struct ExecCommand: ParsableCommand {
     static let configuration = CommandConfiguration(
@@ -96,11 +97,44 @@ struct ExecCommand: ParsableCommand {
                 throw App.Errno(stage: "setsid()")
             }
 
+            var hostFd: Int32 = -1
+
+            if process.terminal {
+                hostFd = 0
+                var containerFd: Int32 = 0
+                var ws = winsize(ws_row: 40. ws_col: 120, ws_xpixel: 0, ws_ypixel: 0)
+                guard openpty(&hostFd, &containerFd, nil, nil, &ws) == 0 else {
+                    throw App.Errno(stage: "openpty()")
+                }
+
+                guard dup3(containerFd, 0, 0) != -1 else {
+                    throw App.Errno(stage: "dup3(slave->stdin)")
+                }
+                guard dup3(containerFd, 1, 0) != -1 else {
+                    throw App.Errno(stage: "dup3(slave->stdout)")
+                }
+                guard dup3(containerFd, 2, 0) != -1 else {
+                    throw App.Errno(stage: "dup3(slave->stderr)")
+                }
+                _ = close(containerFd)
+
+                guard ioctl(0, UInt(TIOCSCTTY), 0) != -1 else {
+                    throw App.Errno(stage: "setctty()")
+                }
+            }
+
+            var fdCopy = hostFd
+            var fdData = Data(bytes: &fdCopy, count: MemoryLayout.size(ofValue: fdCopy))
+            try childPipe.fileHandleForWriting.write(contentsOf: fdData)
+            try childPipe.fileHandleForWriting.close()
+
             // Apply O_CLOEXEC to all file descriptors except stdio.
             // This ensures that all unwanted fds we may have accidentally
             // inherited are marked close-on-exec so they stay out of the
             // container.
-            try App.applyCloseExecOnFDs()
+            let preserve: Set<Int32> = hostFd >= 0 ? [hostFd] : []
+            try App.applyCloseExecOnFDs(preserve: preserve)
+
             try App.setRLimits(rlimits: process.rlimits)
 
             // set uid, gid, and supplementary groups
@@ -120,9 +154,9 @@ struct ExecCommand: ParsableCommand {
             _ = try childPipe.fileHandleForReading.readToEnd()
             try childPipe.fileHandleForReading.close()
 
-            // send our child's pid to our parent before we exit.
-            var childPid = processID
-            let data = Data(bytes: &childPid, count: MemoryLayout.size(ofValue: childPid))
+            // send our child's pid and the host fd to our parent before we exit.
+            var payload = [Int32(processID), hostFd]
+            let data = Data(bytes: &payload, count: MemoryLayout<Int32>.size * 2)
 
             try syncfd.write(contentsOf: data)
             try syncfd.close()

vminitd/Sources/vmexec/Mount.swift

@@ -60,7 +60,7 @@ struct ContainerMount {
                 if access(console, F_OK) != 0 {
                     let fd = open(console, O_RDWR | O_CREAT, mode_t(UInt16(0o600)))
                     if fd == -1 {
-                        throw App.erno(stage: "open(/dev/console)")
+                        throw App.Errno(stage: "open(/dev/console)")
                     }
                     close(fd)
                 }

vminitd/Sources/vmexec/RunCommand.swift

@@ -23,6 +23,7 @@ import Foundation
 import LCShim
 import Logging
 import Musl
+import Glibc
 
 struct RunCommand: ParsableCommand {
     static let configuration = CommandConfiguration(
@@ -95,6 +96,32 @@ struct RunCommand: ParsableCommand {
 
             try childRootSetup(rootfs: root, mounts: spec.mounts, log: log, process: process)
 
+            var hostFd: Int32 = -1
+
+            if process.terminal {
+                hostFd = 0
+                var containerFd: Int32 = 0
+                var ws = winsize(ws_row: 40. ws_col: 120, ws_xpixel: 0, ws_ypixel: 0)
+                guard openpty(&hostFd, &containerFd, nil, nil, &ws) == 0 else {
+                    throw App.Errno(stage: "openpty()")
+                }
+
+                guard dup3(containerFd, 0, 0) != -1 else {
+                    throw App.Errno(stage: "dup3(slave->stdin)")
+                }
+                guard dup3(containerFd, 1, 0) != -1 else {
+                    throw App.Errno(stage: "dup3(slave->stdout)")
+                }
+                guard dup3(containerFd, 2, 0) != -1 else {
+                    throw App.Errno(stage: "dup3(slave->stderr)")
+                }
+                _ = close(containerFd)
+
+                guard ioctl(0, UInt(TIOCSCTTY), 0) != -1 else {
+                    throw App.Errno(stage: "setctty()")
+                }
+            }
+
             if !spec.hostname.isEmpty {
                 let errCode = spec.hostname.withCString { ptr in
                     Musl.sethostname(ptr, spec.hostname.count)
@@ -104,11 +131,17 @@ struct RunCommand: ParsableCommand {
                 }
             }
 
+            var fdCopy = hostFd
+            var fdData = Data(bytes: &fdCopy, count: MemoryLayout.size(ofValue: fdCopy))
+            try childPipe.fileHandleForWriting.write(contentsOf: fdData)
+            try childPipe.fileHandleForWriting.close()
+
             // Apply O_CLOEXEC to all file descriptors except stdio.
             // This ensures that all unwanted fds we may have accidentally
             // inherited are marked close-on-exec so they stay out of the
             // container.
-            try App.applyCloseExecOnFDs()
+            let preserve: Set<Int32> = hostFd >= 0 ? [hostFd] : []
+            try App.applyCloseExecOnFDs(preserve: preserve)
 
             try App.setRLimits(rlimits: process.rlimits)
 
@@ -129,9 +162,9 @@ struct RunCommand: ParsableCommand {
             _ = try childPipe.fileHandleForReading.readToEnd()
             try childPipe.fileHandleForReading.close()
 
-            // send our child's pid to our parent before we exit.
-            var childPid = processID
-            let data = Data(bytes: &childPid, count: MemoryLayout.size(ofValue: childPid))
+            // send our child's pid and the host fd to our parent before we exit.
+            var payload = [Int32(processID), hostFd]
+            let data = Data(bytes: &payload, count: MemoryLayout<Int32>.size * 2)
 
             try syncfd.write(contentsOf: data)
             try syncfd.close()

vminitd/Sources/vmexec/vmexec.swift

@@ -51,9 +51,9 @@ struct App: ParsableCommand {
 }
 
 extension App {
-    /// Applies O_CLOEXEC to all file descriptors currently open for
-    /// the process except the stdio fd values
-    static func applyCloseExecOnFDs() throws {
+    /// Applies O_CLOEXEC to all file descriptors currently open for the
+    /// process except the stdio fd values and those in the preserve set
+    static func applyCloseExecOnFDs(preserve: Set<Int32> = []) throws {
         let minFD = 2  // stdin, stdout, stderr should be preserved
 
         let fdList = try FileManager.default.contentsOfDirectory(atPath: "/proc/self/fd")
@@ -65,6 +65,9 @@ extension App {
             if fd <= minFD {
                 continue
             }
+            if preserve.contains(Int32(fd)) {
+                continue
+            }
 
             _ = fcntl(Int32(fd), F_SETFD, FD_CLOEXEC)
         }

vminitd/Sources/vminitd/ManagedProcess.swift

@@ -118,11 +118,6 @@ final class ManagedProcess: Sendable {
             )
         }
 
-        log.info("starting io")
-
-        // Setup IO early. We expect the host to be listening already.
-        try io.start()
-
         self.process = process
         self.lock = Mutex(State(io: io))
     }
@@ -133,6 +128,10 @@ extension ManagedProcess {
         try self.lock.withLock {
             log.debug("starting managed process")
 
+            if !($0.io is TerminalIO) {
+                try $0.io.start()
+            }
+
             // Start the underlying process.
             try process.start()
 
@@ -144,13 +143,28 @@ extension ManagedProcess {
                 throw ContainerizationError(.internalError, message: "no pid data from sync pipe")
             }
 
+            guard piddata.count >= MemoryLayout<Int32>.size else {
+                throw ContainerizationError(.internalError, message: "invalid payload")
+            }
+
             let i = piddata.withUnsafeBytes { ptr in
                 ptr.load(as: Int32.self)
             }
 
-            log.info("got back pid data \(i)")
+            var fd: Int32 = -1
+            if piddata.count >= MemoryLayout<Int32>.size * 2 {
+                fd = piddata.withUnsafeBytes { ptr in 
+                    ptr.load(fromByteOffset: MemoryLayout<Int32>.size, as: Int32.self)
+                }
+            }
+
+            log.info("got back pid data \(i), fd \(fd)")
             $0.pid = i
 
+            if let terminalIO = $0.io as? TerminalIO, fd != -1 {
+                try terminalIO.attach(pid: i, fd: fd)
+            }
+
             log.debug(
                 "started managed process",
                 metadata: [

vminitd/Sources/vminitd/TerminalIO.swift

@@ -19,10 +19,10 @@ import ContainerizationOS
 import Foundation
 import Logging
 import SendableProperty
+import Glibc
 
 final class TerminalIO: ManagedProcess.IO & Sendable {
-    private let parent: Terminal
-    private let child: Terminal
+    private let parent: Terminal? = nil
     private let log: Logger?
 
     private let stdio: HostStdio
@@ -36,30 +36,43 @@ final class TerminalIO: ManagedProcess.IO & Sendable {
         stdio: HostStdio,
         log: Logger?
     ) throws {
-        let pair = try Terminal.create()
-        self.parent = pair.parent
-        self.child = pair.child
         self.stdio = stdio
         self.log = log
 
-        let ptyHandle = child.handle
-        let useHandles = stdio.stdin != nil || stdio.stdout != nil
-        // We currently set stdin to the controlling terminal always, so
-        // it must be a valid pty descriptor.
-        process.stdin = useHandles ? ptyHandle : nil
-
-        let stdoutHandle = useHandles ? ptyHandle : nil
-        process.stdout = stdoutHandle
-        process.stderr = stdoutHandle
+        process.stdin = nil
+        process.stdout = nil
+        process.stderr = nil
     }
 
     func resize(size: Terminal.Size) throws {
         if self.stdio.stdin != nil {
-            try parent.resize(size: size)
+            try parent?.resize(size: size)
         }
     }
 
-    func start() throws {
+    func start() throws {}
+
+    func attach(pid: Int32, fd: Int32) throws {
+        let containerFd = Glibc.syscall(Int(SYS_pidfd_open), pid, 0)
+        guard containerFd != -1 else {
+            throw POSIXError.fromErrno()
+        }
+
+        let hostFd = Glibc.syscall(Int(SYS_pidfd_getfd), containerFd, pid, 0)
+        guard Foundation.close(Int32(containerFd)) != -1 else {
+            self.log?.error("failed to close pidfd: \(POSIXError.fromErrno())")
+        }
+
+        guard hostFd != 1 else {
+            throw POSIXError.fromErrno()
+        }
+
+        let fdDup = Int32(hostFd)
+        self.terminal = try Terminal(descriptor: fdDup, setInitState: false)
+        try self.setupRelays(fd: fdDup)
+    }
+
+    private func setupRelays(fd: Int32) throws {
         if let stdinPort = self.stdio.stdin {
             let type = VsockType(
                 port: stdinPort,
@@ -71,7 +84,7 @@ final class TerminalIO: ManagedProcess.IO & Sendable {
 
             try relay(
                 readFromFd: stdinSocket.fileDescriptor,
-                writeToFd: self.parent.handle.fileDescriptor
+                writeToFd: fd
             )
         }
 
@@ -85,7 +98,7 @@ final class TerminalIO: ManagedProcess.IO & Sendable {
             self.stdoutSocket = stdoutSocket
 
             try relay(
-                readFromFd: self.parent.handle.fileDescriptor,
+                readFromFd: fd,
                 writeToFd: stdoutSocket.fileDescriptor
             )
         }
@@ -157,10 +170,8 @@ final class TerminalIO: ManagedProcess.IO & Sendable {
     }
 
     func close() throws {
-        try parent.close()
+        try parent?.close()
     }
 
-    func closeAfterExec() throws {
-        try child.close()
-    }
+    func closeAfterExec() throws {}
 }