diff --git a/.gitignore b/.gitignore index e313a06..a5961bd 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ target Cargo.lock railcar .wercker +**/.vscode diff --git a/build.rs b/build.rs index 18db6e3..b00ec9f 100644 --- a/build.rs +++ b/build.rs @@ -17,7 +17,7 @@ fn main() { let mut f = File::open("libseccomp/config.log").unwrap(); let mut result = String::new(); f.read_to_string(&mut result).unwrap(); - println!{"{}", &result}; + println! {"{}", &result}; std::process::exit(1); } diff --git a/src/cgroups.rs b/src/cgroups.rs index aea8dff..b3f28ba 100644 --- a/src/cgroups.rs +++ b/src/cgroups.rs @@ -29,7 +29,7 @@ pub fn apply( continue; }; // ensure cgroup dir - debug!{"creating cgroup dir {}", &dir}; + debug! {"creating cgroup dir {}", &dir}; let chain = || format!("create cgroup dir {} failed", &dir); create_dir_all(&dir).chain_err(chain)?; // enter cgroups @@ -55,7 +55,7 @@ pub fn remove(cgroups_path: &str) -> Result<()> { } else { continue; }; - debug!{"removing cgroup dir {}", &dir}; + debug! {"removing cgroup dir {}", &dir}; // remove cgroup dir let chain = || format!("remove cgroup dir {} failed", &dir); remove_dir(&dir).chain_err(chain)?; @@ -90,7 +90,7 @@ fn try_wrnz( match wrnz(dir, key, value) { Err(Error(ErrorKind::Io(e), x)) => { if e.kind() == ::std::io::ErrorKind::PermissionDenied { - warn!{"setting cgroup value {} is not supported", key} + warn! {"setting cgroup value {} is not supported", key} Ok(()) } else { Err(Error(ErrorKind::Io(e), x)) @@ -101,19 +101,19 @@ fn try_wrnz( } pub fn write_file(dir: &str, file: &str, data: &str) -> Result<()> { - let path = format!{"{}/{}", dir, file}; - debug!{"writing {} to {}", data, &path}; + let path = format! {"{}/{}", dir, file}; + debug! {"writing {} to {}", data, &path}; let mut f = File::create(&path)?; f.write_all(data.as_bytes())?; Ok(()) } pub fn read_file(dir: &str, file: &str) -> Result<(String)> { - let path = format!{"{}/{}", dir, file}; + let path = format! {"{}/{}", dir, file}; let mut f = File::open(&path)?; let mut result = String::new(); f.read_to_string(&mut result)?; - debug!{"read {} from {}", &result, &path}; + debug! {"read {} from {}", &result, &path}; Ok(result) } @@ -123,20 +123,20 @@ pub fn path(key: &str, cgroups_path: &str) -> Option { if mount.is_none() || rel.is_none() { None } else if rel.unwrap() == "/" { - Some(format!{"{}{}", &mount.unwrap(), cgroups_path}) + Some(format! {"{}{}", &mount.unwrap(), cgroups_path}) } else { - Some(format!{"{}{}{}", &mount.unwrap(), &rel.unwrap(), cgroups_path}) + Some(format! {"{}{}{}", &mount.unwrap(), &rel.unwrap(), cgroups_path}) } } pub fn get_procs(key: &str, cgroups_path: &str) -> Vec { let mut result = Vec::new(); if let Some(dir) = path(key, cgroups_path) { - let path = format!{"{}/cgroup.procs", dir}; + let path = format! {"{}/cgroup.procs", dir}; let f = match File::open(path) { Ok(f) => f, Err(e) => { - warn!{"could not cgroup.procs: {}", e}; + warn! {"could not cgroup.procs: {}", e}; return result; } }; @@ -162,7 +162,7 @@ lazy_static! { let f = match File::open("/proc/self/cgroup") { Ok(f) => f, Err(e) => { - warn!{"could not load cgroup info: {}", e}; + warn! {"could not load cgroup info: {}", e}; return result; } }; @@ -193,7 +193,7 @@ lazy_static! { let f = match File::open("/proc/self/mountinfo") { Ok(f) => f, Err(e) => { - warn!{"could not load mount info: {}", e}; + warn! {"could not load mount info: {}", e}; return result; } }; @@ -319,7 +319,7 @@ fn copy_parent(dir: &str, file: &str) -> Result<()> { let parent = if let Some(o) = dir.rfind('/') { &dir[..o] } else { - bail!{"failed to find {} in parent cgroups", file}; + bail! {"failed to find {} in parent cgroups", file}; }; match read_file(parent, file) { Err(Error(ErrorKind::Io(e), _)) => { @@ -390,7 +390,7 @@ fn memory_apply(r: &LinuxResources, dir: &str) -> Result<()> { if s <= 100 { wrnz(dir, "memory.swappiness", memory.swappiness)?; } else { - warn!{"memory swappiness invalid, working around bug"}; + warn! {"memory swappiness invalid, working around bug"}; } } if r.disable_oom_killer { @@ -402,7 +402,7 @@ fn memory_apply(r: &LinuxResources, dir: &str) -> Result<()> { #[inline] fn rate(d: &LinuxThrottleDevice) -> String { - return format!{"{}:{} {}", d.major, d.minor, d.rate}; + return format! {"{}:{} {}", d.major, d.minor, d.rate}; } fn blkio_apply(r: &LinuxResources, dir: &str) -> Result<()> { @@ -415,11 +415,11 @@ fn blkio_apply(r: &LinuxResources, dir: &str) -> Result<()> { // NOTE: runc writes zero values here. This may be a bug, but // we are duplicating functionality. if let Some(w) = d.weight { - let weight = format!{"{}:{} {}", d.major, d.minor, w}; + let weight = format! {"{}:{} {}", d.major, d.minor, w}; write_file(dir, "blkio.weight_device", &weight)?; } if let Some(w) = d.leaf_weight { - let weight = format!{"{}:{} {}", d.major, d.minor, w}; + let weight = format! {"{}:{} {}", d.major, d.minor, w}; write_file(dir, "blkio.leaf_weight_device", &weight)?; } } @@ -460,7 +460,7 @@ fn net_cls_apply(r: &LinuxResources, dir: &str) -> Result<()> { fn net_prio_apply(r: &LinuxResources, dir: &str) -> Result<()> { if let Some(network) = r.network.as_ref() { for p in &network.priorities { - let prio = format!{"{} {}", p.name, p.priority}; + let prio = format! {"{} {}", p.name, p.priority}; write_file(dir, "net_prio.ifpriomap", &prio)?; } } @@ -469,7 +469,7 @@ fn net_prio_apply(r: &LinuxResources, dir: &str) -> Result<()> { fn hugetlb_apply(r: &LinuxResources, dir: &str) -> Result<()> { for h in &r.hugepage_limits { - let key = format!{"hugetlb.{}.limit_in_bytes", h.page_size}; + let key = format! {"hugetlb.{}.limit_in_bytes", h.page_size}; write_file(dir, &key, &h.limit.to_string())?; } Ok(()) @@ -500,7 +500,7 @@ fn write_device(d: &LinuxDeviceCgroup, dir: &str) -> Result<()> { } else { "*".to_string() }; - let val = format!{"{} {}:{} {}", typ, &major, &minor, &d.access}; + let val = format! {"{} {}:{} {}", typ, &major, &minor, &d.access}; write_file(dir, key, &val) } diff --git a/src/main.rs b/src/main.rs index c563306..699df8f 100644 --- a/src/main.rs +++ b/src/main.rs @@ -563,11 +563,11 @@ fn load_console_sockets() -> Result<(RawFd, RawFd)> { } fn finish_create(id: &str, dir: &str, matches: &ArgMatches) -> Result<()> { - let spec = - Spec::load(CONFIG).chain_err(|| format!("failed to load {}", CONFIG))?; + let spec = Spec::load(CONFIG) + .chain_err(|| format!("failed to load {}", CONFIG))?; let rootfs = canonicalize(&spec.root.path) - .chain_err(|| format!{"failed to find root path {}", &spec.root.path})? + .chain_err(|| format! {"failed to find root path {}", &spec.root.path})? .to_string_lossy() .into_owned(); @@ -693,8 +693,8 @@ fn cmd_start(id: &str, state_dir: &str) -> Result<()> { let dir = instance_dir(id, state_dir); chdir(&*dir).chain_err(|| format!("instance {} doesn't exist", id))?; - let spec = - Spec::load(CONFIG).chain_err(|| format!("failed to load {}", CONFIG))?; + let spec = Spec::load(CONFIG) + .chain_err(|| format!("failed to load {}", CONFIG))?; let init_pid = get_init_pid()?; @@ -729,7 +729,7 @@ fn cmd_start(id: &str, state_dir: &str) -> Result<()> { } let linux = spec.linux.as_ref().unwrap(); let cpath = if linux.cgroups_path == "" { - format!{"/{}", id} + format! {"/{}", id} } else { linux.cgroups_path.clone() }; @@ -900,7 +900,7 @@ fn cmd_delete(id: &str, state_dir: &str, matches: &ArgMatches) -> Result<()> { if let Ok(spec) = Spec::load(CONFIG) { let linux = spec.linux.as_ref().unwrap(); let cpath = if linux.cgroups_path == "" { - format!{"/{}", id} + format! {"/{}", id} } else { linux.cgroups_path.clone() }; @@ -936,8 +936,8 @@ fn cmd_delete(id: &str, state_dir: &str, matches: &ArgMatches) -> Result<()> { fn cmd_run(id: &str, matches: &ArgMatches) -> Result<()> { let bundle = matches.value_of("bundle").unwrap(); chdir(&*bundle).chain_err(|| format!("failed to chdir to {}", bundle))?; - let spec = - Spec::load(CONFIG).chain_err(|| format!("failed to load {}", CONFIG))?; + let spec = Spec::load(CONFIG) + .chain_err(|| format!("failed to load {}", CONFIG))?; let child_pid = safe_run_container( id, @@ -1002,12 +1002,12 @@ fn execute_hook(hook: &oci::Hook, state: &oci::State) -> Result<()> { } // a timeout will cause a failure and child will be killed on exit if let Some(sig) = wait_for_pipe_sig(rfd, timeout)? { - let msg = format!{"hook exited with signal: {:?}", sig}; + let msg = format! {"hook exited with signal: {:?}", sig}; return Err(ErrorKind::InvalidHook(msg).into()); } let (exit_code, _) = wait_for_child(child)?; if exit_code != 0 { - let msg = format!{"hook exited with exit code: {}", exit_code}; + let msg = format! {"hook exited with exit code: {}", exit_code}; return Err(ErrorKind::InvalidHook(msg).into()); } } @@ -1104,7 +1104,7 @@ fn run_container( } let cpath = if linux.cgroups_path == "" { - format!{"/{}", id} + format! {"/{}", id} } else { linux.cgroups_path.clone() }; @@ -1141,7 +1141,8 @@ fn run_container( mount_fd = fd; continue; } - setns(fd, space).chain_err(|| format!("failed to enter {:?}", space))?; + setns(fd, space) + .chain_err(|| format!("failed to enter {:?}", space))?; close(fd)?; if space == CloneFlags::CLONE_NEWUSER { setid(Uid::from_raw(0), Gid::from_raw(0)) @@ -1188,7 +1189,8 @@ fn run_container( } if cf.contains(CloneFlags::CLONE_NEWNS) { - mounts::pivot_rootfs(&*rootfs).chain_err(|| "failed to pivot rootfs")?; + mounts::pivot_rootfs(&*rootfs) + .chain_err(|| "failed to pivot rootfs")?; // only set sysctls in newns for (key, value) in &linux.sysctl { @@ -1343,7 +1345,7 @@ fn fork_first( // set rlimits (before entering user ns) for rlimit in rlimits.iter() { - setrlimit(rlimit.typ as i32, rlimit.soft, rlimit.hard)?; + setrlimit(rlimit.typ as u32, rlimit.soft, rlimit.hard)?; } if userns { @@ -1366,11 +1368,13 @@ fn fork_first( write_mappings( &format!("/proc/{}/uid_map", child), &linux.uid_mappings, - ).chain_err(|| "failed to write uid mappings")?; + ) + .chain_err(|| "failed to write uid mappings")?; write_mappings( &format!("/proc/{}/gid_map", child), &linux.gid_mappings, - ).chain_err(|| "failed to write gid mappings")?; + ) + .chain_err(|| "failed to write gid mappings")?; } // setup cgroups let schild = child.to_string(); @@ -1550,7 +1554,7 @@ fn write_mappings(path: &str, maps: &[LinuxIDMapping]) -> Result<()> { } fn set_sysctl(key: &str, value: &str) -> Result<()> { - let path = format!{"/proc/sys/{}", key.replace(".", "/")}; + let path = format! {"/proc/sys/{}", key.replace(".", "/")}; let fd = match open(&*path, OFlag::O_RDWR, Mode::empty()) { Err(::nix::Error::Sys(errno)) => { if errno != Errno::ENOENT { @@ -1657,7 +1661,7 @@ fn wait_for_pipe_zero(rfd: RawFd, timeout: i32) -> Result<()> { return Err(ErrorKind::PipeClosed(msg).into()); } if result[0] != 0 { - let msg = format!{"got {} from pipe instead of 0", result[0]}; + let msg = format! {"got {} from pipe instead of 0", result[0]}; return Err(ErrorKind::InvalidValue(msg).into()); } Ok(()) @@ -1768,8 +1772,8 @@ fn set_name(name: &str) -> Result<()> { Ok(_) => (), }; unsafe { - let init = - std::ffi::CString::new(name).chain_err(|| "invalid process name")?; + let init = std::ffi::CString::new(name) + .chain_err(|| "invalid process name")?; let len = std::ffi::CStr::from_ptr(*ARGV).to_bytes().len(); // after fork, ARGV points to the thread's local // copy of arg0. diff --git a/src/mounts.rs b/src/mounts.rs index 2c4359f..dad4e1d 100644 --- a/src/mounts.rs +++ b/src/mounts.rs @@ -232,7 +232,7 @@ fn mount_cgroups( } else { &mount_path[..] }; - let dest = format!{"{}/{}", &m.destination, &base}; + let dest = format! {"{}/{}", &m.destination, &base}; let bm = Mount { source: source, typ: "bind".to_string(), @@ -249,14 +249,14 @@ fn mount_cgroups( for k in key.split(',') { if k != key { // try to create a symlink for combined strings - let dest = format!{"{}{}/{}", rootfs, &m.destination, &k}; + let dest = format! {"{}{}/{}", rootfs, &m.destination, &k}; symlink(key, &dest)?; } } } // remount readonly if necessary if flags.contains(MsFlags::MS_RDONLY) { - let dest = format!{"{}{}", rootfs, &m.destination}; + let dest = format! {"{}{}", rootfs, &m.destination}; mount( Some(&*dest), &*dest, @@ -299,15 +299,15 @@ fn mount_from( let d; if !label.is_empty() && m.typ != "proc" && m.typ != "sysfs" { if data.is_empty() { - d = format!{"context=\"{}\"", label}; + d = format! {"context=\"{}\"", label}; } else { - d = format!{"{},context=\"{}\"", data, label}; + d = format! {"{},context=\"{}\"", data, label}; } } else { d = data.to_string(); } - let dest = format!{"{}{}", rootfs, &m.destination}; + let dest = format! {"{}{}", rootfs, &m.destination}; debug!( "mounting {} to {} as {} with data '{}'", @@ -351,7 +351,7 @@ fn mount_from( mount(Some(&*src), &*dest, Some(&*m.typ), flags, Some(data))?; // warn if label cannot be set if let Err(e) = setfilecon(&dest, label) { - warn!{"could not set mount label of {} to {}: {}", + warn! {"could not set mount label of {} to {}: {}", &m.destination, &label, e}; } } @@ -364,7 +364,8 @@ fn mount_from( | MsFlags::MS_PRIVATE | MsFlags::MS_SHARED | MsFlags::MS_SLAVE), - ) { + ) + { let chain = || format!("remount of {} failed", &dest); mount( Some(&*dest), @@ -372,7 +373,8 @@ fn mount_from( None::<&str>, flags | MsFlags::MS_REMOUNT, None::<&str>, - ).chain_err(chain)?; + ) + .chain_err(chain)?; } Ok(()) } diff --git a/src/nix_ext.rs b/src/nix_ext.rs index 93bfdd1..21baccf 100644 --- a/src/nix_ext.rs +++ b/src/nix_ext.rs @@ -39,7 +39,7 @@ pub fn setgroups(gids: &[libc::gid_t]) -> Result<()> { #[inline] pub fn setrlimit( - resource: libc::c_int, + resource: libc::c_uint, soft: libc::c_ulonglong, hard: libc::c_ulonglong, ) -> Result<()> { diff --git a/src/signals.rs b/src/signals.rs index f439bdc..8fc33db 100644 --- a/src/signals.rs +++ b/src/signals.rs @@ -81,7 +81,7 @@ pub fn to_signal(signal: &str) -> Result { "29" | "IO" | "SIGIO" => Signal::SIGIO, "30" | "PWR" | "SIGPWR" => Signal::SIGPWR, "31" | "SYS" | "SIGSYS" => Signal::SIGSYS, - _ => bail!{"{} is not a valid signal", signal}, + _ => bail! {"{} is not a valid signal", signal}, }) } @@ -105,9 +105,11 @@ pub fn raise_for_parent(signal: Signal) -> Result<()> { // make sure the signal is unblocked let mut s = SigSet::empty(); s.add(signal); - s.thread_unblock().chain_err(|| "failed to unblock signal")?; + s.thread_unblock() + .chain_err(|| "failed to unblock signal")?; // raise the signal - raise(signal).chain_err(|| format!("failed to raise signal {:?}", signal))?; + raise(signal) + .chain_err(|| format!("failed to raise signal {:?}", signal))?; Ok(()) }