Merged
Conversation
863822c to
968c783
Compare
Member
Author
|
Recommend reviewing this with whitespace changes disabled. |
cpuguy83
commented
Nov 1, 2022
cpuguy83
commented
Nov 1, 2022
danbugs
reviewed
Nov 5, 2022
Contributor
danbugs
left a comment
There was a problem hiding this comment.
~haven't finished reviewing the src/instance.rs, crates/containerd-shim-wasm/src/sandbox/exec.rs, and crates/containerd-shim-wasm/src/sandbox/oci.rs files just, but it's getting late, so figured I'd just post what I have so far. That is:
- two suggestions (regarding dependencies versioning), and
- a possible mistake in a CI action!
I'll probably review the rest during the weekend!
danbugs
requested changes
Nov 5, 2022
| cgroups::new(p.as_ref().unwrap().to_str().unwrap().to_string()) | ||
| } | ||
|
|
||
| pub fn setup_cgroup(cg: &Box<dyn cgroups::Cgroup>, spec: &Spec) -> Result<()> { |
Contributor
There was a problem hiding this comment.
Suggested change
| pub fn setup_cgroup(cg: &Box<dyn cgroups::Cgroup>, spec: &Spec) -> Result<()> { | |
| pub fn setup_cgroup(cg: &dyn cgroups::Cgroup, spec: &Spec) -> Result<()> { |
~don't need Box if we are passing a reference, will suggest fixes on the function calls of this too.
src/instance.rs
Outdated
| *ec = Some((137, Utc::now())); | ||
| } | ||
| }; | ||
| oci::setup_cgroup(&cg, &spec)?; |
Contributor
There was a problem hiding this comment.
Suggested change
| oci::setup_cgroup(&cg, &spec)?; | |
| oci::setup_cgroup(&*cg, &spec)?; |
danbugs
reviewed
Nov 5, 2022
| @@ -52,9 +55,6 @@ impl From<Error> for ttrpc::Error { | |||
| ttrpc::Error::RpcStatus(ttrpc::get_status(ttrpc::Code::FAILED_PRECONDITION, s)) | |||
| } | |||
| Error::Oci(ref s) => match s { | |||
Contributor
There was a problem hiding this comment.
Suggested change
| Error::Oci(ref s) => match s { | |
| Error::Oci(ref s) => { |
Contributor
|
I'll come back to do a review of the functionality tomorrow~ lemme know if there's anything specific you'd like me to do locally to test the cgroups! |
Member
|
For some reason, when I retried to run a testwasm container, I got the following error |
ee18818 to
929be45
Compare
cpuguy83
commented
Nov 8, 2022
danbugs
added a commit
that referenced
this pull request
Nov 8, 2022
some more clippy-ing I noticed while reviewing #21
Some of the tests really require the CAP_SYS_ADMIN capability and behavior differently without it.
This is really what it is and the function makes more sense named this way. Also updated the doc for this since it was outdated already.
This allows us to return an object that will be properly closed when out of scope as well as do more interaction with the process, such as sending signals.
Since we're using fork now there is no need to spin up a new thread for most of the module setup. We only need a new thread to wait on the wasi function call to return to report the status. We also store the pidfd and use that for sending signals to.
Now the shim just calls `kill -9` on the process running the module. No more need for the deprecated feature from wasmtime.
This is better left to the caller, or perhaps some better integration with the oci spec.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Co-authored-by: Dan Chiarlone <danilochiarlone@gmail.com> Co-authored-by: Jiaxiao Zhou <duibao55328@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Co-authored-by: Dan Chiarlone <danilochiarlone@gmail.com>
This just makes the intention of this function more obvious. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes the implementations a little easier to read and other changes to make it much easier to test certain things.
This re-execs the test binary to run just the single test that requires sudo. This should just work in CI since there's no need to enter a password there. For local machines you'll just need to enter your sudo password to run these tests.
This adds some missing controllers, adds constants for cgroup files, and some minor cleanups. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Member
Author
|
Updated:
This should have a follow-up to add CI for cgroupv2 to make sure those code paths are exercised. |
Member
|
Hey @cpuguy83, in our last meeting, I asked you feature parity between runwasi and runc. I remember you said there are features like namespaces and OCI hooks which are not implemented in runwasi. Do we plan to add them in the future? If yes, we could create issues for them. |
18 tasks
Member
Author
|
2 LGTM's, I'm gonna go ahead and merge. |
rumpl
pushed a commit
to rumpl/runwasi
that referenced
this pull request
Nov 23, 2022
…etch_cargo.io fix 'Unable to update registry crates-io' issue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a series of patches to add support for running wasm code in a cgroup.
While some cgroup controllers can support running different threads in different cgroups, the main one we are interested in, the cgroup memory controller, this doesn't make sense since threads all share memory.
Because of this we'll fork off a new process (which should have CoW version of the main shim's memory) to run the wasm code.
Of course all the issues of fork apply here since this is fairly unsafe from a multithreaded program (which the shim is always multi-threaded), so care must be taken to not try do things like take a lock in the new process because this can cause a deadlock.
There may be some interesting things to test out with the wasmtime engine just to make sure we aren't going to deadlock if there's multiple things happening when the fork occurs.