containerd
/
rust-extensions
mirror of https://github.com/containerd/rust-extensions.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

runc: fix bug that exec command leaks files 

Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
This commit is contained in:
Zhang Tianyang 2022-02-23 20:26:59 +08:00
parent 3905a44f0f
commit b08e4090ea
4 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Cargo.toml
View File

@ -8,3 +8,8 @@ members = [
"crates/runc", "crates/runc",
"crates/runc-shim", "crates/runc-shim",
] ]
[profile.release]
# Keep binary as small as possible
# https://doc.rust-lang.org/book/ch09-01-unrecoverable-errors-with-panic.html
panic = 'abort'

4
crates/runc-shim/Cargo.toml
View File

@ -25,7 +25,3 @@ crossbeam = "0.8.1"
containerd-shim = { path = "../shim", version = "0.2.0" } containerd-shim = { path = "../shim", version = "0.2.0" }
runc = { path = "../runc", version = "0.1.0" } runc = { path = "../runc", version = "0.1.0" }
[profile.release]
# Keep binary as small as possible
# https://doc.rust-lang.org/book/ch09-01-unrecoverable-errors-with-panic.html
panic = 'abort'

16
crates/runc/src/lib.rs
View File

@ -34,7 +34,10 @@
*/ */
//! A crate for consuming the runc binary in your Rust applications, similar to [go-runc](https://github.com/containerd/go-runc) for Go. //! A crate for consuming the runc binary in your Rust applications, similar to [go-runc](https://github.com/containerd/go-runc) for Go.
#![allow(unused)]
use std::fmt::{self, Display}; use std::fmt::{self, Display};
use std::io::Write;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::process::ExitStatus; use std::process::ExitStatus;
@ -207,9 +210,16 @@ impl Runc {
/// Execute an additional process inside the container /// Execute an additional process inside the container
pub fn exec(&self, id: &str, spec: &Process, opts: Option<&ExecOpts>) -> Result<()> { pub fn exec(&self, id: &str, spec: &Process, opts: Option<&ExecOpts>) -> Result<()> {
let filename = utils::temp_filename_in_runtime_dir()?; let (mut temp_file, filename) = utils::make_temp_file_in_runtime_dir()?;
let spec_json = serde_json::to_string(spec).map_err(Error::JsonDeserializationFailed)?; {
std::fs::write(&filename, spec_json).map_err(Error::SpecFileCreationFailed)?; let f = temp_file.as_file_mut();
let spec_json =
serde_json::to_string(spec).map_err(Error::JsonDeserializationFailed)?;
f.write(spec_json.as_bytes())
.map_err(Error::SpecFileCreationFailed)?;
f.flush().map_err(Error::SpecFileCreationFailed)?;
}
let mut args = vec!["exec".to_string(), "--process".to_string(), filename]; let mut args = vec!["exec".to_string(), "--process".to_string(), filename];
if let Some(opts) = opts { if let Some(opts) = opts {
args.append(&mut opts.args()?); args.append(&mut opts.args()?);

1
crates/runc/src/utils.rs
View File

@ -95,6 +95,7 @@ pub fn make_temp_file_in_runtime_dir() -> Result<(NamedTempFile, String), Error>
let file_name = temp_filename_in_runtime_dir()?; let file_name = temp_filename_in_runtime_dir()?;
let temp_file = Builder::new() let temp_file = Builder::new()
.prefix(&file_name) .prefix(&file_name)
.rand_bytes(0)
.tempfile() .tempfile()
.map_err(Error::SpecFileCreationFailed)?; .map_err(Error::SpecFileCreationFailed)?;
Ok((temp_file, file_name)) Ok((temp_file, file_name))