chore: wip

cmd/cmd.go

@@ -44,8 +44,6 @@ func createCmd(log *zerolog.Logger, stdout io.Writer) *cobra.Command {
 		Example: "  brownie create busybox",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			log.Info().Str(cmd.Name(), strings.Join(args, " "))
-			fmt.Println("create", args)
-			stdout.Write([]byte("something in here!!"))
 
 			containerID := args[0]
 
@@ -91,9 +89,7 @@ func startCmd(log *zerolog.Logger, stdout io.Writer) *cobra.Command {
 		Example: "  brownie start busybox",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			log.Info().Str(cmd.Name(), strings.Join(args, " "))
-			fmt.Println("start", args)
-			cmd.Println("SOMETHING FROM STDOUT OF START CMD")
-			stdout.Write([]byte("MORE FROM START..."))
+
 			containerID := args[0]
 
 			opts := &commands.StartOpts{
@@ -112,8 +108,10 @@ func killCmd(log *zerolog.Logger) *cobra.Command {
 		Use:     "kill [flags] CONTAINER_ID SIGNAL",
 		Short:   "Kill a container",
 		Args:    cobra.ExactArgs(2),
-		Example: "  brownie delete busybox 9",
+		Example: "  brownie kill busybox 9",
 		RunE: func(cmd *cobra.Command, args []string) error {
+			log.Info().Str(cmd.Name(), strings.Join(args, " "))
+
 			containerID := args[0]
 			signal := args[1]
 
@@ -131,12 +129,26 @@ func deleteCmd(log *zerolog.Logger) *cobra.Command {
 		Args:    cobra.ExactArgs(1),
 		Example: "  brownie delete busybox",
 		RunE: func(cmd *cobra.Command, args []string) error {
+			log.Info().Str(cmd.Name(), strings.Join(args, " "))
+
 			containerID := args[0]
 
-			return commands.Delete(containerID)
+			force, err := cmd.Flags().GetBool("force")
+			if err != nil {
+				return err
+			}
+
+			opts := &commands.DeleteOpts{
+				ID:    containerID,
+				Force: force,
+			}
+
+			return commands.Delete(opts, log)
 		},
 	}
 
+	delete.Flags().BoolP("force", "f", false, "force delete")
+
 	return delete
 }
 
@@ -184,8 +196,6 @@ func stateCmd(log *zerolog.Logger) *cobra.Command {
 
 			state, err := commands.State(opts, log)
 			if err != nil {
-				e := cmd.ErrOrStderr()
-				e.Write([]byte(err.Error()))
 				return err
 			}
 

go.mod

@@ -11,10 +11,15 @@ require (
 require (
 	github.com/creack/pty v1.1.23 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jkeiser/iter v0.0.0-20200628201005-c8aa0ae784d1 // indirect
+	github.com/jochenvg/go-udev v0.0.0-20240801134859-b65ed646224b // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/rs/zerolog v1.33.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.12.0 // indirect
+	kernel.org/pub/linux/libs/security/libcap/cap v1.2.70 // indirect
+	kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 // indirect
 )

go.sum

@@ -5,6 +5,10 @@ github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfv
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jkeiser/iter v0.0.0-20200628201005-c8aa0ae784d1 h1:smvLGU3obGU5kny71BtE/ibR0wIXRUiRFDmSn0Nxz1E=
+github.com/jkeiser/iter v0.0.0-20200628201005-c8aa0ae784d1/go.mod h1:fP/NdyhRVOv09PLRbVXrSqHhrfQypdZwgE2L4h2U5C8=
+github.com/jochenvg/go-udev v0.0.0-20240801134859-b65ed646224b h1:Pzf7tldbCVqwl3NnOnTamEWdh/rL41fsoYCn2HdHgRA=
+github.com/jochenvg/go-udev v0.0.0-20240801134859-b65ed646224b/go.mod h1:IBDUGq30U56w969YNPomhMbRje1GrhUsCh7tHdwgLXA=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -25,6 +29,8 @@ github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
+github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
@@ -35,3 +41,7 @@ golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+kernel.org/pub/linux/libs/security/libcap/cap v1.2.70 h1:QnLPkuDWWbD5C+3DUA2IUXai5TK6w2zff+MAGccqdsw=
+kernel.org/pub/linux/libs/security/libcap/cap v1.2.70/go.mod h1:/iBwcj9nbLejQitYvUm9caurITQ6WyNHibJk6Q9fiS4=
+kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 h1:HsB2G/rEQiYyo1bGoQqHZ/Bvd6x1rERQTNdPr1FyWjI=
+kernel.org/pub/linux/libs/security/libcap/psx v1.2.70/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24=

internal/capabilities/capabilities.go

@@ -0,0 +1,49 @@
+package capabiliities
+
+import (
+	"kernel.org/pub/linux/libs/security/libcap/cap"
+)
+
+var Capabilities = map[string]cap.Value{
+	"CAP_AUDIT_CONTROL":      cap.AUDIT_CONTROL,
+	"CAP_AUDIT_READ":         cap.AUDIT_READ,
+	"CAP_AUDIT_WRITE":        cap.AUDIT_WRITE,
+	"CAP_BLOCK_SUSPEND":      cap.BLOCK_SUSPEND,
+	"CAP_BPF":                cap.BPF,
+	"CAP_CHECKPOINT_RESTORE": cap.CHECKPOINT_RESTORE,
+	"CAP_CHOWN":              cap.CHOWN,
+	"CAP_DAC_OVERRIDE":       cap.DAC_OVERRIDE,
+	"CAP_DAC_READ_SEARCH":    cap.DAC_READ_SEARCH,
+	"CAP_FOWNER":             cap.FOWNER,
+	"CAP_FSETID":             cap.FSETID,
+	"CAP_IPC_LOCK":           cap.IPC_LOCK,
+	"CAP_IPC_OWNER":          cap.IPC_OWNER,
+	"CAP_KILL":               cap.KILL,
+	"CAP_LEASE":              cap.LEASE,
+	"CAP_LINUX_IMMUTABLE":    cap.LINUX_IMMUTABLE,
+	"CAP_MAC_ADMIN":          cap.MAC_ADMIN,
+	"CAP_MAC_OVERRIDE":       cap.MAC_OVERRIDE,
+	"CAP_MKNOD":              cap.MKNOD,
+	"CAP_NET_ADMIN":          cap.NET_ADMIN,
+	"CAP_NET_BIND_SERVICE":   cap.NET_BIND_SERVICE,
+	"CAP_NET_BROADCAST":      cap.NET_BROADCAST,
+	"CAP_NET_RAW":            cap.NET_RAW,
+	"CAP_PERFMON":            cap.PERFMON,
+	"CAP_SETGID":             cap.SETGID,
+	"CAP_SETFCAP":            cap.SETFCAP,
+	"CAP_SETPCAP":            cap.SETPCAP,
+	"CAP_SETUID":             cap.SETUID,
+	"CAP_SYS_ADMIN":          cap.SYS_ADMIN,
+	"CAP_SYS_BOOT":           cap.SYS_BOOT,
+	"CAP_SYS_CHROOT":         cap.SYS_CHROOT,
+	"CAP_SYS_MODULE":         cap.SYS_MODULE,
+	"CAP_SYS_NICE":           cap.SYS_NICE,
+	"CAP_SYS_PACCT":          cap.SYS_PACCT,
+	"CAP_SYS_PTRACE":         cap.SYS_PTRACE,
+	"CAP_SYS_RAWIO":          cap.SYS_RAWIO,
+	"CAP_SYS_RESOURCE":       cap.SYS_RESOURCE,
+	"CAP_SYS_TIME":           cap.SYS_TIME,
+	"CAP_SYS_TTY_CONFIG":     cap.SYS_TTY_CONFIG,
+	"CAP_SYSLOG":             cap.SYSLOG,
+	"CAP_WAKE_ALARM":         cap.WAKE_ALARM,
+}

internal/commands/create.go

@@ -116,7 +116,6 @@ func Create(opts *CreateOpts, log *zerolog.Logger) error {
 		}...)
 
 	var cloneFlags uintptr
-	log.Info().Msg("convert namespaces to flags")
 	for _, ns := range spec.Linux.Namespaces {
 		ns := internal.LinuxNamespace(ns)
 		flag, err := ns.ToFlag()
@@ -162,15 +161,14 @@ func Create(opts *CreateOpts, log *zerolog.Logger) error {
 		})
 	}
 
-	var capabilityFlags []uintptr
+	var ambientCapsFlags []uintptr
 	for _, cap := range spec.Process.Capabilities.Ambient {
-		capabilityFlags = append(capabilityFlags, uintptr(pkg.Capabilities[cap]))
+		ambientCapsFlags = append(ambientCapsFlags, uintptr(pkg.Capabilities[cap]))
 	}
 
-	log.Info().Msg("set sysprocattr")
 	// apply configuration, e.g. devices, proc, etc...
 	forkCmd.SysProcAttr = &syscall.SysProcAttr{
-		AmbientCaps:                capabilityFlags,
+		AmbientCaps:                ambientCapsFlags,
 		Cloneflags:                 cloneFlags,
 		Unshareflags:               syscall.CLONE_NEWNS,
 		GidMappingsEnableSetgroups: false,
@@ -180,21 +178,16 @@ func Create(opts *CreateOpts, log *zerolog.Logger) error {
 
 	forkCmd.Env = spec.Process.Env
 
-	log.Info().Msg("start fork cmd")
 	if err := forkCmd.Start(); err != nil {
 		return fmt.Errorf("fork: %w", err)
 	}
 
-	state.Status = specs.StateCreated
-	pid := forkCmd.Process.Pid
-	state.Pid = pid
-
-	log.Info().Msg("release fork process")
+	// need to get the pid off the process _before_ releasing it
+	state.Pid = forkCmd.Process.Pid
 	if err := forkCmd.Process.Release(); err != nil {
 		log.Error().Err(err).Msg("detach fork")
 		return err
 	}
-	log.Info().Msg("process successfully released")
 
 	initConn, err := listener.Accept()
 	if err != nil {
@@ -204,7 +197,6 @@ func Create(opts *CreateOpts, log *zerolog.Logger) error {
 
 	b := make([]byte, 128)
 
-	fmt.Println("listening on: ", initSockAddr)
 	for {
 		time.Sleep(time.Second)
 
@@ -220,12 +212,12 @@ func Create(opts *CreateOpts, log *zerolog.Logger) error {
 		}
 
 		if len(b) >= 5 && string(b[:5]) == "ready" {
-			fmt.Println("received 'ready' message")
 			log.Info().Msg("received 'ready' message")
 			break
 		}
 	}
 
+	state.Status = specs.StateCreated
 	if err := internal.SaveState(state); err != nil {
 		return fmt.Errorf("save created state: %w", err)
 	}

internal/commands/delete.go

@@ -10,23 +10,29 @@ import (
 	"github.com/nixpig/brownie/internal"
 	"github.com/nixpig/brownie/pkg"
 	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/rs/zerolog"
 )
 
-func Delete(containerID string) error {
-	state, err := internal.GetState(containerID)
+type DeleteOpts struct {
+	ID    string
+	Force bool
+}
+
+func Delete(opts *DeleteOpts, log *zerolog.Logger) error {
+	state, err := internal.GetState(opts.ID)
 	if err != nil {
 		return fmt.Errorf("get state: %w", err)
 	}
 
-	if state.Status != specs.StateStopped {
+	if !opts.Force && state.Status != specs.StateStopped {
 		return errors.New("container is not stopped")
 	}
 
 	if err := os.Remove(filepath.Join(pkg.BrownieRootDir, "containers", state.ID, "container.sock")); err != nil {
 		return fmt.Errorf("remove ipc socket: %w", err)
 	}
 
-	containerPath := filepath.Join(pkg.BrownieRootDir, "containers", containerID)
+	containerPath := filepath.Join(pkg.BrownieRootDir, "containers", opts.ID)
 	if err := os.RemoveAll(containerPath); err != nil {
 		return fmt.Errorf("remove container path: %s", err)
 	}