feat: bind /dev/console when terminal is set

nixpig · Dec 25, 2024 · 811e75b · 811e75b
1 parent cb66a91
commit 811e75b
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -16,9 +16,8 @@ This is a personal project for me to explore and better understand the OCI Runti
 - [ ] Implement [Cgroups v2](https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#control-groups)
 - [ ] Implement optional [Seccomp](https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#seccomp)
 - [ ] Implement optional [AppArmor](https://github.com/opencontainers/runtime-spec/blob/main/config.md#linux-process)
-- [ ] Build, version and package
-- [ ] Integration tests for other tools
 - [ ] Rollback (step 12)
+- [ ] Build, version and package
 - [ ] Refactor and tidy-up
 
 

diff --git a/container/container_reexec.go b/container/container_reexec.go
@@ -27,8 +27,11 @@ func (c *Container) Reexec() error {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
 
+	var pty *terminal.Pty
 	if c.State.ConsoleSocket != nil {
-		pty, err := terminal.NewPty()
+		var err error
+
+		pty, err = terminal.NewPty()
 		if err != nil {
 			return fmt.Errorf("new pty: %w", err)
 		}
@@ -49,6 +52,18 @@ func (c *Container) Reexec() error {
 		return fmt.Errorf("setup rootfs: %w", err)
 	}
 
+	if c.State.ConsoleSocket != nil && c.Spec.Process.Terminal {
+		if err := filesystem.MountDevice(filesystem.Device{
+			Source: pty.Slave.Name(),
+			Target: filepath.Join(c.Rootfs(), "dev/console"),
+			Fstype: "bind",
+			Flags:  syscall.MS_BIND,
+			Data:   "",
+		}); err != nil {
+			return fmt.Errorf("mount dev/console device: %w", err)
+		}
+	}
+
 	// wait a sec for init sock to be ready before dialing
 	for i := 0; i < 10; i++ {
 		if _, err := os.Stat(filepath.Join(

diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
@@ -11,7 +11,7 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func mountDevice(device Device) error {
+func MountDevice(device Device) error {
 	if _, err := os.Stat(device.Target); os.IsNotExist(err) {
 		f, err := os.Create(device.Target)
 		if err != nil && !os.IsExist(err) {
@@ -42,7 +42,7 @@ func mountDevice(device Device) error {
 }
 
 func mountRootfs(containerRootfs string) error {
-	if err := mountDevice(Device{
+	if err := MountDevice(Device{
 		Source: "",
 		Target: "/",
 		Fstype: "",
@@ -52,7 +52,7 @@ func mountRootfs(containerRootfs string) error {
 		return err
 	}
 
-	if err := mountDevice(Device{
+	if err := MountDevice(Device{
 		Source: containerRootfs,
 		Target: containerRootfs,
 		Fstype: "",
@@ -71,7 +71,7 @@ func mountProc(containerRootfs string) error {
 		return fmt.Errorf("create proc dir: %w", err)
 	}
 
-	if err := mountDevice(Device{
+	if err := MountDevice(Device{
 		Source: "proc",
 		Target: containerProc,
 		Fstype: "proc",
@@ -104,7 +104,7 @@ func mountDevices(devices []specs.LinuxDevice, rootfs string) error {
 			}
 		}
 
-		if err := mountDevice(Device{
+		if err := MountDevice(Device{
 			Source: dev.Path,
 			Target: absPath,
 			Fstype: "bind",
@@ -158,7 +158,7 @@ func mountSpecMounts(mounts []specs.Mount, rootfs string) error {
 			Data:   data,
 		}
 
-		if err := mountDevice(d); err != nil {
+		if err := MountDevice(d); err != nil {
 			return fmt.Errorf("mount device (%+v): %w", d, err)
 		}
 	}

diff --git a/filesystem/masked_paths.go b/filesystem/masked_paths.go
@@ -13,7 +13,7 @@ func MountMaskedPaths(paths []string) error {
 		}
 
 		if f.IsDir() {
-			if err := mountDevice(Device{
+			if err := MountDevice(Device{
 				Source: "tmpfs",
 				Target: path,
 				Fstype: "tmpfs",
@@ -23,7 +23,7 @@ func MountMaskedPaths(paths []string) error {
 				return err
 			}
 		} else {
-			if err := mountDevice(Device{
+			if err := MountDevice(Device{
 				Source: "/dev/null",
 				Target: path,
 				Fstype: "bind",

diff --git a/filesystem/readonly_paths.go b/filesystem/readonly_paths.go
@@ -4,7 +4,7 @@ import "syscall"
 
 func MountReadonlyPaths(paths []string) error {
 	for _, path := range paths {
-		if err := mountDevice(Device{
+		if err := MountDevice(Device{
 			Source: path,
 			Target: path,
 			Fstype: "",
@@ -14,7 +14,7 @@ func MountReadonlyPaths(paths []string) error {
 			return err
 		}
 
-		if err := mountDevice(Device{
+		if err := MountDevice(Device{
 			Source: path,
 			Target: path,
 			Fstype: "",

diff --git a/missing.md b/missing.md
@@ -0,0 +1,15 @@
+
+Benchmark 1: sudo youki create -b tutorial a && sudo youki start a && sudo youki delete -f a
+  Time (mean ± σ):     223.4 ms ±  36.5 ms    [User: 13.2 ms, System: 30.8 ms]
+  Range (min … max):   145.5 ms … 339.9 ms    100 runs
+
+Benchmark 1: sudo runc create -b tutorial a && sudo runc start a && sudo runc delete -f a
+  Time (mean ± σ):     369.9 ms ±  24.2 ms    [User: 12.6 ms, System: 29.0 ms]
+  Range (min … max):   280.8 ms … 436.5 ms    100 runs
+
+
+**I'm _obviously_ missing something if it's running this fast.**
+
+Benchmark 1: sudo brownie create -b tutorial a && sudo brownie start a && sudo brownie delete -f a
+  Time (mean ± σ):     185.1 ms ±  23.1 ms    [User: 11.9 ms, System: 27.8 ms]
+  Range (min … max):   123.6 ms … 238.9 ms    100 runs