implement thread-per-container namespace isolation for FSNotify (test failing)

Author: realrajaryan

Sources/Containerization/SandboxContext/SandboxContext.pb.swift

@@ -1059,6 +1059,8 @@ public struct Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest
 
   public var eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType = .create
 
+  public var containerID: String = String()
+
   public var unknownFields = SwiftProtobuf.UnknownStorage()
 
   public init() {}
@@ -2992,6 +2994,7 @@ extension Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest: Sw
   public static let _protobuf_nameMap: SwiftProtobuf._NameMap = [
     1: .same(proto: "path"),
     2: .standard(proto: "event_type"),
+    3: .standard(proto: "container_id"),
   ]
 
   public mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
@@ -3002,6 +3005,7 @@ extension Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest: Sw
       switch fieldNumber {
       case 1: try { try decoder.decodeSingularStringField(value: &self.path) }()
       case 2: try { try decoder.decodeSingularEnumField(value: &self.eventType) }()
+      case 3: try { try decoder.decodeSingularStringField(value: &self.containerID) }()
       default: break
       }
     }
@@ -3014,12 +3018,16 @@ extension Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest: Sw
     if self.eventType != .create {
       try visitor.visitSingularEnumField(value: self.eventType, fieldNumber: 2)
     }
+    if !self.containerID.isEmpty {
+      try visitor.visitSingularStringField(value: self.containerID, fieldNumber: 3)
+    }
     try unknownFields.traverse(visitor: &visitor)
   }
 
   public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest, rhs: Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest) -> Bool {
     if lhs.path != rhs.path {return false}
     if lhs.eventType != rhs.eventType {return false}
+    if lhs.containerID != rhs.containerID {return false}
     if lhs.unknownFields != rhs.unknownFields {return false}
     return true
   }

Sources/Containerization/SandboxContext/SandboxContext.proto

@@ -297,6 +297,7 @@ enum FileSystemEventType {
 message NotifyFileSystemEventRequest {
   string path = 1;
   FileSystemEventType event_type = 2;
+  string container_id = 3;
 }
 
 message NotifyFileSystemEventResponse {

Sources/Containerization/Vminitd.swift

@@ -369,12 +369,15 @@ extension Vminitd {
     }
 
     /// Send a filesystem event notification to the guest.
-    public func notifyFileSystemEvent(path: String, eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType) async throws
-        -> Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventResponse
-    {
+    public func notifyFileSystemEvent(
+        path: String,
+        eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType,
+        containerID: String
+    ) async throws -> Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventResponse {
         let request = Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest.with {
             $0.path = path
             $0.eventType = eventType
+            $0.containerID = containerID
         }
 
         let requests = AsyncStream<Com_Apple_Containerization_Sandbox_V3_NotifyFileSystemEventRequest> { continuation in

Sources/Integration/VMTests.swift

@@ -369,21 +369,23 @@ extension IntegrationSuite {
         let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
         let agent = Vminitd(connection: connection, group: group)
 
-        // Calculate the hashed tag name for the mount source and mount in VM
-        let mountTag = try hashMountSource(source: directory.path)
-        let vmMountPath = "/tmp/fsnotify-test"
-
-        try await agent.mount(.init(type: "virtiofs", source: mountTag, destination: vmMountPath))
-
         // Test 1: CREATE event on existing file
-        let createResponse = try await agent.notifyFileSystemEvent(path: "\(vmMountPath)/existing.txt", eventType: .create)
+        let createResponse = try await agent.notifyFileSystemEvent(
+            path: "/mnt/existing.txt",
+            eventType: .create,
+            containerID: id
+        )
 
         guard createResponse.success else {
             throw IntegrationError.assert(msg: "CREATE event failed: \(createResponse.error)")
         }
 
         // Test 2: MODIFY event on existing file
-        let modifyResponse = try await agent.notifyFileSystemEvent(path: "\(vmMountPath)/existing.txt", eventType: .modify)
+        let modifyResponse = try await agent.notifyFileSystemEvent(
+            path: "/mnt/existing.txt",
+            eventType: .modify,
+            containerID: id
+        )
         guard modifyResponse.success else {
             throw IntegrationError.assert(msg: "MODIFY event failed: \(modifyResponse.error)")
         }
@@ -396,34 +398,38 @@ extension IntegrationSuite {
                 "/bin/sh", "-c",
                 """
                 apk add --no-cache inotify-tools > /dev/null 2>&1 && \
-                timeout 2 inotifywait -m /mnt -e modify,create,delete --format '%e %f' 2>/dev/null &
-                INOTIFY_PID=$!
-                sleep 0.1
-                # Trigger a modify event that should be detected
-                touch /mnt/test-inotify.txt
-                echo "modify test-inotify.txt"
-                wait $INOTIFY_PID 2>/dev/null || true
+                timeout 5 inotifywait -m /mnt -e modify,create,delete --format '%e %f' 2>/dev/null || true
                 """,
             ]
             config.stdout = inotifyBuffer
         }
 
         try await inotifyProcess.start()
 
-        // While inotify is running, send FSNotify events that should trigger inotify
-        try await Task.sleep(for: .milliseconds(200))
-        let _ = try await agent.notifyFileSystemEvent(path: "\(vmMountPath)/test-inotify.txt", eventType: .modify)
+        // Wait for inotify to start monitoring, then send FSNotify events
+        try await Task.sleep(for: .milliseconds(500))
+
+        // Send ONLY agent-driven events
+        let _ = try await agent.notifyFileSystemEvent(
+            path: "/mnt/existing.txt",
+            eventType: .modify,
+            containerID: id
+        )
 
         let _ = try await inotifyProcess.wait()
         let inotifyOutput = String(data: inotifyBuffer.data, encoding: .utf8) ?? ""
 
         // Verify that inotify detected the modify event
-        guard inotifyOutput.contains("modify test-inotify.txt") else {
-            throw IntegrationError.assert(msg: "inotify did not detect FSNotify-triggered modify event. Output: \(inotifyOutput)")
+        guard inotifyOutput.contains("MODIFY existing.txt") else {
+            throw IntegrationError.assert(msg: "inotify did not detect FSNotify agent modify event. Output: '\(inotifyOutput)'")
         }
 
         // Test 4: DELETE event on non-existent file
-        let deleteResponse = try await agent.notifyFileSystemEvent(path: "\(vmMountPath)/nonexistent.txt", eventType: .delete)
+        let deleteResponse = try await agent.notifyFileSystemEvent(
+            path: "/mnt/nonexistent.txt",
+            eventType: .delete,
+            containerID: id
+        )
         guard deleteResponse.success else {
             throw IntegrationError.assert(msg: "DELETE event failed: \(deleteResponse.error)")
         }

Sources/cctl/FSNotifyCommand.swift

@@ -98,7 +98,11 @@ extension Application {
                 let vminitd = Vminitd(client: client)
 
                 // Send the notification using the public API
-                let response = try await vminitd.notifyFileSystemEvent(path: path, eventType: eventType)
+                let response = try await vminitd.notifyFileSystemEvent(
+                    path: path,
+                    eventType: eventType,
+                    containerID: containerID
+                )
 
                 if !response.success {
                     let errorMsg = response.hasError ? response.error : "Unknown error"

vminitd/Sources/vminitd/ManagedContainer.swift

@@ -14,11 +14,19 @@
 // limitations under the License.
 //===----------------------------------------------------------------------===//
 
+import Containerization
 import ContainerizationError
 import ContainerizationOCI
 import ContainerizationOS
 import Foundation
 import Logging
+import Synchronization
+
+#if canImport(Musl)
+import Musl
+#elseif canImport(Glibc)
+import Glibc
+#endif
 
 actor ManagedContainer {
     let id: String
@@ -28,6 +36,131 @@ actor ManagedContainer {
     private let log: Logger
     private let bundle: ContainerizationOCI.Bundle
     private var execs: [String: ManagedProcess] = [:]
+    private var namespaceWorker: NamespaceWorker?
+
+    /// Worker thread that runs in container's namespace for filesystem operations
+    private final class NamespaceWorker: @unchecked Sendable {
+        private let containerID: String
+        private let containerPID: Int32
+        private var workerThread: Thread?
+        private let eventQueue: Mutex<[FileSystemEvent]> = Mutex([])
+        private let semaphore: DispatchSemaphore = DispatchSemaphore(value: 0)
+        private let shouldStop: Atomic<Bool> = Atomic(false)
+
+        struct FileSystemEvent: Sendable {
+            let path: String
+            let eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType
+            let completion: @Sendable (Result<Void, Error>) -> Void
+        }
+
+        init(containerID: String, containerPID: Int32) {
+            self.containerID = containerID
+            self.containerPID = containerPID
+        }
+
+        func start() throws {
+            guard workerThread == nil else {
+                throw ContainerizationError(.invalidState, message: "NamespaceWorker already started")
+            }
+
+            let thread = Thread { [weak self] in
+                self?.runWorkerLoop()
+            }
+            thread.name = "namespace-worker-\(containerID)"
+            workerThread = thread
+            thread.start()
+        }
+
+        func enqueueEvent(path: String, eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType) async throws {
+            try await withCheckedThrowingContinuation { continuation in
+                let event = FileSystemEvent(
+                    path: path,
+                    eventType: eventType,
+                    completion: { @Sendable result in
+                        continuation.resume(with: result)
+                    }
+                )
+
+                eventQueue.withLock { (queue: inout [FileSystemEvent]) in
+                    queue.append(event)
+                }
+                semaphore.signal()
+            }
+        }
+
+        func stop() {
+            shouldStop.store(true, ordering: .relaxed)
+            semaphore.signal()  // Wake up the worker thread
+            workerThread?.cancel()
+            workerThread = nil
+        }
+
+        private func runWorkerLoop() {
+            // Enter container namespace
+            do {
+                try enterContainerNamespace()
+            } catch {
+                return
+            }
+
+            // Worker loop
+            while !shouldStop.load(ordering: .relaxed) {
+                semaphore.wait()
+
+                // Check stop condition again after waking up
+                if shouldStop.load(ordering: .relaxed) {
+                    break
+                }
+
+                // Process all queued events
+                let events = eventQueue.withLock { (queue: inout [FileSystemEvent]) -> [FileSystemEvent] in
+                    let currentEvents = Array(queue)
+                    queue.removeAll()
+                    return currentEvents
+                }
+
+                for event in events {
+                    do {
+                        try generateSyntheticInotifyEvent(path: event.path, eventType: event.eventType)
+                        event.completion(.success(()))
+                    } catch {
+                        event.completion(.failure(error))
+                    }
+                }
+            }
+        }
+
+        private func enterContainerNamespace() throws {
+            let nsPath = "/proc/\(containerPID)/ns/mnt"
+            let fd = open(nsPath, O_RDONLY)
+            guard fd >= 0 else {
+                throw ContainerizationError(.internalError, message: "Failed to open namespace file: \(nsPath)")
+            }
+            defer { _ = close(fd) }
+
+            guard setns(fd, CLONE_NEWNS) == 0 else {
+                throw ContainerizationError(.internalError, message: "Failed to setns to mount namespace: \(errno)")
+            }
+        }
+
+        private func generateSyntheticInotifyEvent(
+            path: String,
+            eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType
+        ) throws {
+            if eventType == .delete && !FileManager.default.fileExists(atPath: path) {
+                return
+            }
+
+            let attributes = try FileManager.default.attributesOfItem(atPath: path)
+            guard let permissions = attributes[.posixPermissions] as? NSNumber else {
+                throw ContainerizationError(.internalError, message: "Failed to get file permissions for path: \(path)")
+            }
+            try FileManager.default.setAttributes(
+                [.posixPermissions: permissions],
+                ofItemAtPath: path
+            )
+        }
+    }
 
     var pid: Int32 {
         self.initProcess.pid
@@ -79,6 +212,9 @@ actor ManagedContainer {
             self.id = id
             self.bundle = bundle
             self.log = log
+
+            // Initialize namespace worker - will be started after process starts
+            self.namespaceWorker = nil
         } catch {
             try? cgManager.delete()
             throw error
@@ -96,6 +232,26 @@ extension ManagedContainer {
         }
     }
 
+    /// Start namespace worker thread after container process starts
+    private func startNamespaceWorker() throws {
+        let pid = self.initProcess.pid
+        guard pid > 0 else {
+            throw ContainerizationError(.invalidState, message: "Container process not started")
+        }
+
+        let worker = NamespaceWorker(containerID: self.id, containerPID: pid)
+        try worker.start()
+        self.namespaceWorker = worker
+    }
+
+    /// Execute filesystem event using dedicated namespace thread
+    func executeFileSystemEvent(path: String, eventType: Com_Apple_Containerization_Sandbox_V3_FileSystemEventType) async throws {
+        guard let worker = self.namespaceWorker else {
+            throw ContainerizationError(.invalidState, message: "Namespace worker not started for container \(self.id)")
+        }
+        try await worker.enqueueEvent(path: path, eventType: eventType)
+    }
+
     func createExec(
         id: String,
         stdio: HostStdio,
@@ -121,7 +277,14 @@ extension ManagedContainer {
 
     func start(execID: String) async throws -> Int32 {
         let proc = try self.getExecOrInit(execID: execID)
-        return try await ProcessSupervisor.default.start(process: proc)
+        let pid = try await ProcessSupervisor.default.start(process: proc)
+
+        // Start namespace worker thread if this is the init process
+        if execID == self.id {
+            try self.startNamespaceWorker()
+        }
+
+        return pid
     }
 
     func wait(execID: String) async throws -> ManagedProcess.ExitStatus {
@@ -155,6 +318,10 @@ extension ManagedContainer {
     }
 
     func delete() throws {
+        // Stop namespace worker thread
+        self.namespaceWorker?.stop()
+        self.namespaceWorker = nil
+
         try self.bundle.delete()
         try self.cgroupManager.delete(force: true)
     }