robmry
diff --git a/‎daemon/daemon.go‎
Lines changed: 14 additions & 0 deletions b/‎daemon/daemon.go‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎daemon/internal/nri/logshim.go‎
Lines changed: 29 additions & 0 deletions b/‎daemon/internal/nri/logshim.go‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎daemon/internal/nri/nri.go‎
Lines changed: 130 additions & 0 deletions b/‎daemon/internal/nri/nri.go‎
Lines changed: 130 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 0 deletions b/‎go.mod‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 0 deletions b/‎go.sum‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎pkg/homedir/homedir_linux.go‎
Lines changed: 10 additions & 0 deletions b/‎pkg/homedir/homedir_linux.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎pkg/homedir/homedir_others.go‎
Lines changed: 5 additions & 0 deletions b/‎pkg/homedir/homedir_others.go‎
Lines changed: 5 additions & 0 deletions
@@ -37,6 +37,7 @@ import (
 	networktypes "github.com/moby/moby/api/types/network"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/moby/moby/api/types/swarm"
+	"github.com/moby/moby/v2/daemon/internal/nri"
 	"github.com/moby/sys/user"
 	"github.com/moby/sys/userns"
 	"github.com/pkg/errors"
@@ -116,6 +117,7 @@ type Daemon struct {
 	shutdown          bool
 	idMapping         user.IdentityMapping
 	PluginStore       *plugin.Store // TODO: remove
+	nri               *nri.NRI
 	pluginManager     *plugin.Manager
 	linkIndex         *linkIndex
 	containerdClient  *containerd.Client
@@ -1096,6 +1098,14 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		return nil, err
 	}
 
+	d.nri, err = nri.NewNRI(ctx, nri.Config{
+		DaemonConfig:    config.NRIOpts,
+		ContainerLister: d.containers,
+	})
+	if err != nil {
+		return nil, err
+	}
+
 	driverName := getDriverOverride(ctx, cfgStore.GraphDriver, imgStoreChoice)
 
 	var migrationConfig migration.Config
@@ -1486,6 +1496,10 @@ func (daemon *Daemon) Shutdown(ctx context.Context) error {
 	// Shutdown plugins after containers and layerstore. Don't change the order.
 	daemon.pluginShutdown()
 
+	if daemon.nri != nil {
+		daemon.nri.Shutdown(ctx)
+	}
+
 	// trigger libnetwork Stop only if it's initialized
 	if daemon.netController != nil {
 		daemon.netController.Stop()
 
@@ -0,0 +1,29 @@
+package nri
+
+import (
+	"context"
+
+	"github.com/containerd/log"
+	nrilog "github.com/containerd/nri/pkg/log"
+)
+
+type logShim struct{}
+
+// logShim implements interface nrilog.Logger.
+var _ nrilog.Logger = (*logShim)(nil)
+
+func (nls *logShim) Debugf(ctx context.Context, format string, args ...any) {
+	log.G(ctx).Debugf("NRI: "+format, args...)
+}
+
+func (nls *logShim) Infof(ctx context.Context, format string, args ...any) {
+	log.G(ctx).Infof("NRI: "+format, args...)
+}
+
+func (nls *logShim) Warnf(ctx context.Context, format string, args ...any) {
+	log.G(ctx).Warnf("NRI: "+format, args...)
+}
+
+func (nls *logShim) Errorf(ctx context.Context, format string, args ...any) {
+	log.G(ctx).Errorf("NRI: "+format, args...)
+}
@@ -0,0 +1,130 @@
+package nri
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"path/filepath"
+	"sync"
+
+	"github.com/containerd/log"
+	"github.com/containerd/nri/pkg/adaptation"
+	nrilog "github.com/containerd/nri/pkg/log"
+	"github.com/moby/moby/v2/daemon/container"
+	"github.com/moby/moby/v2/daemon/internal/rootless"
+	"github.com/moby/moby/v2/daemon/pkg/opts"
+	"github.com/moby/moby/v2/dockerversion"
+	"github.com/moby/moby/v2/pkg/homedir"
+)
+
+const (
+	// defaultPluginSubdir is the default location for NRI plugins under libexec,
+	// which is in a different location for rootful/rootless Docker.
+	defaultPluginSubdir = "docker/nri-plugins"
+	// defaultPluginConfigSubdir is the default location for NRI plugin config under etc,
+	// which is in a different location for rootful/rootless Docker.
+	defaultPluginConfigSubdir = "docker/nri/conf.d"
+)
+
+type NRI struct {
+	cfg Config
+
+	// mu protects nri - read lock for container operations, write lock for sync and shutdown.
+	mu  sync.RWMutex
+	nri *adaptation.Adaptation
+}
+
+type ContainerLister interface {
+	List() []*container.Container
+}
+
+type Config struct {
+	DaemonConfig    opts.NRIOpts
+	ContainerLister ContainerLister
+}
+
+func NewNRI(ctx context.Context, cfg Config) (*NRI, error) {
+	n := &NRI{cfg: cfg}
+	if !n.cfg.DaemonConfig.Enable {
+		log.G(ctx).Info("NRI is disabled")
+		return n, nil
+	}
+
+	if err := setDefaultPaths(&n.cfg.DaemonConfig); err != nil {
+		return nil, err
+	}
+	log.G(ctx).WithFields(log.Fields{
+		"pluginPath":       n.cfg.DaemonConfig.PluginPath,
+		"pluginConfigPath": n.cfg.DaemonConfig.PluginConfigPath,
+		"socketPath":       n.cfg.DaemonConfig.SocketPath,
+	}).Info("Starting NRI")
+	nrilog.Set(&logShim{})
+
+	var err error
+	n.nri, err = adaptation.New("docker", dockerversion.Version, n.syncFn, n.updateFn, nriOptions(n.cfg.DaemonConfig)...)
+	if err != nil {
+		return nil, err
+	}
+	if err := n.nri.Start(); err != nil {
+		return nil, err
+	}
+	return n, nil
+}
+
+func (n *NRI) Shutdown(ctx context.Context) {
+	n.mu.Lock()
+	defer n.mu.Unlock()
+	if n.nri == nil {
+		return
+	}
+	log.G(ctx).Info("Shutting down NRI")
+	n.nri.Stop()
+	n.nri = nil
+}
+
+func (n *NRI) syncFn(ctx context.Context, syncCB adaptation.SyncCB) error {
+	return nil
+}
+
+func (n *NRI) updateFn(context.Context, []*adaptation.ContainerUpdate) ([]*adaptation.ContainerUpdate, error) {
+	return nil, errors.New("not implemented")
+}
+
+func setDefaultPaths(cfg *opts.NRIOpts) error {
+	if cfg.PluginPath != "" && cfg.PluginConfigPath != "" {
+		return nil
+	}
+	libexecDir := "/usr/libexec"
+	etcDir := "/etc"
+	if rootless.RunningWithRootlessKit() {
+		var err error
+		libexecDir, err = homedir.GetLibexecHome()
+		if err != nil {
+			return fmt.Errorf("configuring NRI: %w", err)
+		}
+		etcDir, err = homedir.GetConfigHome()
+		if err != nil {
+			return fmt.Errorf("configuring NRI: %w", err)
+		}
+	}
+	if cfg.PluginPath == "" {
+		cfg.PluginPath = filepath.Join(libexecDir, defaultPluginSubdir)
+	}
+	if cfg.PluginConfigPath == "" {
+		cfg.PluginConfigPath = filepath.Join(etcDir, defaultPluginConfigSubdir)
+	}
+	return nil
+}
+
+func nriOptions(cfg opts.NRIOpts) []adaptation.Option {
+	res := []adaptation.Option{
+		adaptation.WithPluginPath(cfg.PluginPath),
+		adaptation.WithPluginConfigPath(cfg.PluginConfigPath),
+	}
+	if cfg.SocketPath == "" {
+		res = append(res, adaptation.WithDisabledExternalConnections())
+	} else {
+		res = append(res, adaptation.WithSocketPath(cfg.SocketPath))
+	}
+	return res
+}
@@ -27,6 +27,7 @@ require (
 	github.com/containerd/errdefs v1.0.0
 	github.com/containerd/fifo v1.1.0
 	github.com/containerd/log v0.1.0
+	github.com/containerd/nri v0.10.0
 	github.com/containerd/platforms v1.0.0-rc.2
 	github.com/containerd/typeurl/v2 v2.2.3
 	github.com/coreos/go-systemd/v22 v22.6.0
@@ -194,6 +195,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmoiron/sqlx v1.3.3 // indirect
 	github.com/klauspost/compress v1.18.2 // indirect
+	github.com/knqyf263/go-plugin v0.9.0 // indirect
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/sys/capability v0.4.0 // indirect
@@ -215,6 +217,7 @@ require (
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/spdx/tools-golang v0.5.5 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
+	github.com/tetratelabs/wazero v1.9.0 // indirect
 	github.com/tinylib/msgp v1.3.0 // indirect
 	github.com/tonistiigi/dchapes-mode v0.0.0-20250318174251-73d941a28323 // indirect
 	github.com/tonistiigi/fsutil v0.0.0-20250605211040-586307ad452f // indirect
 
@@ -154,6 +154,8 @@ github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gG
 github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/nri v0.10.0 h1:bt2NzfvlY6OJE0i+fB5WVeGQEycxY7iFVQpEbh7J3Go=
+github.com/containerd/nri v0.10.0/go.mod h1:5VyvLa/4uL8FjyO8nis1UjbCutXDpngil17KvBSL6BU=
 github.com/containerd/nydus-snapshotter v0.15.4 h1:l59kGRVMtwMLDLh322HsWhEsBCkRKMkGWYV5vBeLYCE=
 github.com/containerd/nydus-snapshotter v0.15.4/go.mod h1:eRJqnxQDr48HNop15kZdLZpFF5B6vf6Q11Aq1K0E4Ms=
 github.com/containerd/platforms v1.0.0-rc.2 h1:0SPgaNZPVWGEi4grZdV8VRYQn78y+nm6acgLGv/QzE4=
@@ -377,6 +379,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
 github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/knqyf263/go-plugin v0.9.0 h1:CQs2+lOPIlkZVtcb835ZYDEoyyWJWLbSTWeCs0EwTwI=
+github.com/knqyf263/go-plugin v0.9.0/go.mod h1:2z5lCO1/pez6qGo8CvCxSlBFSEat4MEp1DrnA+f7w8Q=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -598,6 +602,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/tedsuo/ifrit v0.0.0-20230516164442-7862c310ad26 h1:mWCRvpoEMVlslxEvvptKgIUb35va9yj9Oq5wGw/er5I=
 github.com/tedsuo/ifrit v0.0.0-20230516164442-7862c310ad26/go.mod h1:0uD3VMXkZ7Bw0ojGCwDzebBBzPBXtzEZeXai+56BLX4=
+github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZBf/I=
+github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM=
 github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
 github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
 github.com/tonistiigi/dchapes-mode v0.0.0-20250318174251-73d941a28323 h1:r0p7fK56l8WPequOaR3i9LBqfPtEdXIQbUTzT55iqT4=
 
@@ -103,3 +103,13 @@ func GetLibHome() (string, error) {
 	}
 	return filepath.Join(home, ".local/lib"), nil
 }
+
+// GetLibexecHome returns $HOME/.local/libexec
+// If HOME is not set, getpwent(3) is consulted to determine the users home directory.
+func GetLibexecHome() (string, error) {
+	home := Get()
+	if home == "" {
+		return "", errors.New("could not get HOME")
+	}
+	return filepath.Join(home, ".local/libexec"), nil
+}
@@ -30,3 +30,8 @@ func GetConfigHome() (string, error) {
 func GetLibHome() (string, error) {
 	return "", errors.New("homedir.GetLibHome() is not supported on this system")
 }
+
+// GetLibexecHome is unsupported on non-linux system.
+func GetLibexecHome() (string, error) {
+	return "", errors.New("homedir.GetLibexecHome() is not supported on this system")
+}
Original file line number	Diff line number	Diff line change
`@@ -103,3 +103,13 @@ func GetLibHome() (string, error) {`
`103`	`103`	`}`
`104`	`104`	`return filepath.Join(home, ".local/lib"), nil`
`105`	`105`	`}`
	`106`	`+`
	`107`	`+// GetLibexecHome returns $HOME/.local/libexec`
	`108`	`+// If HOME is not set, getpwent(3) is consulted to determine the users home directory.`
	`109`	`+func GetLibexecHome() (string, error) {`
	`110`	`+ home := Get()`
	`111`	`+ if home == "" {`
	`112`	`+ return "", errors.New("could not get HOME")`
	`113`	`+ }`
	`114`	`+ return filepath.Join(home, ".local/libexec"), nil`
	`115`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -30,3 +30,8 @@ func GetConfigHome() (string, error) {`
`30`	`30`	`func GetLibHome() (string, error) {`
`31`	`31`	`return "", errors.New("homedir.GetLibHome() is not supported on this system")`
`32`	`32`	`}`
	`33`	`+`
	`34`	`+// GetLibexecHome is unsupported on non-linux system.`
	`35`	`+func GetLibexecHome() (string, error) {`
	`36`	`+ return "", errors.New("homedir.GetLibexecHome() is not supported on this system")`
	`37`	`+}`