commit 680845cb1ce337d29ad21295b53ccd05fa2679c2 Author: wehub-resource-sync Date: Mon Jul 13 12:25:30 2026 +0800 chore: import upstream snapshot with attribution diff --git a/.github/ISSUE_TEMPLATE/01-bug.yml b/.github/ISSUE_TEMPLATE/01-bug.yml new file mode 100644 index 0000000..c8335c5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/01-bug.yml @@ -0,0 +1,71 @@ +name: Bug report +description: File a bug report. +title: "[Bug]: " +type: "Bug" +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + - type: checkboxes + id: prereqs + attributes: + label: I have done the following + description: Select that you have completed the following prerequisites. + options: + - label: I have searched the existing issues + required: true + - label: If possible, I've reproduced the issue using the 'main' branch of this project + required: false + - type: textarea + id: reproduce + attributes: + label: Steps to reproduce + description: Explain how to reproduce the incorrect behavior. + validations: + required: true + - type: textarea + id: what-happened + attributes: + label: Current behavior + description: A concise description of what you're experiencing. + validations: + required: true + - type: textarea + id: expected + attributes: + label: Expected behavior + description: A concise description of what you expected to happen. + validations: + required: true + - type: textarea + attributes: + label: Environment + description: | + Examples: + - **OS**: macOS 26.0 (25A354) + - **Xcode**: Version 26.0 (17A324) + - **Swift**: Apple Swift version 6.2 (swift-6.2-RELEASE) + value: | + - OS: + - Xcode: + - Swift: + render: markdown + validations: + required: true + - type: textarea + id: logs + attributes: + label: Relevant log output + description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. + value: | + N/A + render: shell + - type: checkboxes + id: terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/apple/.github/blob/main/CODE_OF_CONDUCT.md). + options: + - label: I agree to follow this project's Code of Conduct + required: true diff --git a/.github/ISSUE_TEMPLATE/02-feature.yml b/.github/ISSUE_TEMPLATE/02-feature.yml new file mode 100644 index 0000000..e3d3572 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/02-feature.yml @@ -0,0 +1,24 @@ +name: Feature or enhancement request +description: File a request for a feature or enhancement +title: "[Request]: " +type: "Feature" +body: + - type: markdown + attributes: + value: | + Thanks for contributing to the containerization project! + - type: textarea + id: request + attributes: + label: Feature or enhancement request details + description: Describe your proposed feature or enhancement. Code samples that show what's missing, or what new capabilities will be possible, are very helpful! Provide links to existing issues or external references/discussions, if appropriate. + validations: + required: true + - type: checkboxes + id: terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/apple/.github/blob/main/CODE_OF_CONDUCT.md). + options: + - label: I agree to follow this project's Code of Conduct + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..dadfeee --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: false +contact_links: + - name: Containerization community support + url: https://github.com/apple/container/discussions + about: Please ask and answer questions here. diff --git a/.github/workflows/build-test-images.yml b/.github/workflows/build-test-images.yml new file mode 100644 index 0000000..4ad317d --- /dev/null +++ b/.github/workflows/build-test-images.yml @@ -0,0 +1,77 @@ +name: Build and publish containerization test images + +permissions: + contents: read + +on: + workflow_dispatch: + inputs: + publish: + type: boolean + description: "Publish the built image" + default: false + version: + type: string + description: "Version of the image to create" + default: "test" + image: + type: choice + description: Test image to build + options: + - dockermanifestimage + - emptyimage + default: 'dockermanifestimage' + useBuildx: + type: boolean + description: "Use docker buildx to build the image" + default: false + +jobs: + image: + name: Build test images + timeout-minutes: 30 + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Check branch + env: + GH_REF: ${{ github.ref }} + PUBLISH: ${{ inputs.publish }} + run: | + if [[ "${GH_REF}" != "refs/heads/main" ]] && [[ "${GH_REF}" != refs/heads/release* ]] && [[ "${PUBLISH}" == "true" ]]; then + echo "❌ Cannot publish an image if we are not on main or a release branch." + exit 1 + fi + - name: Check inputs + env: + IMAGE: ${{ inputs.image }} + USE_BUILDX: ${{ inputs.useBuildx }} + run: | + if [[ "${IMAGE}" == "dockermanifestimage" ]] && [[ "${USE_BUILDX}" == "true" ]]; then + echo "❌ dockermanifestimage cannot be built with buildx" + exit 1 + fi + + if [[ "${IMAGE}" == "emptyimage" ]] && [[ "${USE_BUILDX}" != "true" ]]; then + echo "❌ emptyimage should be built with buildx" + exit 1 + fi + - name: Checkout repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - name: Login to GitHub Container Registry + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx + if: ${{ inputs.useBuildx }} + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 + - name: Build dockerfile and push image + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 + with: + push: ${{ inputs.publish }} + context: Tests/TestImages/${{ inputs.image }} + tags: ghcr.io/apple/containerization/${{ inputs.image }}:${{ inputs.version }} diff --git a/.github/workflows/containerization-build-template.yml b/.github/workflows/containerization-build-template.yml new file mode 100644 index 0000000..c67b546 --- /dev/null +++ b/.github/workflows/containerization-build-template.yml @@ -0,0 +1,130 @@ +name: Build containerization template + +permissions: + contents: read + +on: + workflow_call: + inputs: + release: + type: boolean + description: "Create a release" + default: false + version: + type: string + description: Version of containerization + default: test + +jobs: + buildAndTest: + name: Build and Test repo + if: github.repository == 'apple/containerization' + timeout-minutes: 60 + runs-on: [self-hosted, macos, tahoe, ARM64] + permissions: + contents: read + packages: write + env: + DEVELOPER_DIR: "/Applications/Xcode_swift_6.3.app/Contents/Developer" + + steps: + - name: Checkout repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + fetch-depth: 0 + + - name: Activate Swiftly + run: | + source ~/.swiftly/env.sh + cat ~/.swiftly/env.sh + + - name: Check formatting + run: | + ./scripts/install-hawkeye.sh + make fmt + git diff + if ! git diff --quiet ; then echo the following files require formatting or license headers: ; git diff --name-only ; false ; fi + + - name: Check protobufs + run: | + make protos + if ! git diff --quiet ; then echo the following files require formatting or license headers: ; git diff --name-only ; false ; fi + + - name: Make containerization, examples, and docs + run: | + make clean containerization examples docs + tar cfz _site.tgz _site + env: + BUILD_CONFIGURATION: ${{ inputs.release && 'release' || 'debug' }} + + - name: Make vminitd image + run: | + source ~/.swiftly/env.sh + make -C vminitd swift linux-sdk + make init + env: + BUILD_CONFIGURATION: ${{ inputs.release && 'release' || 'debug' }} + + - name: Test containerization + run: | + make fetch-default-kernel + make test integration + env: + REGISTRY_TOKEN: ${{ github.token }} + REGISTRY_USERNAME: ${{ github.actor }} + + - name: Push vminitd image + if: ${{ inputs.release }} + env: + REGISTRY_TOKEN: ${{ github.token }} + REGISTRY_USERNAME: ${{ github.actor }} + REGISTRY_HOST: ghcr.io + VERSION: ${{ inputs.version }} + run: | + bin/cctl images tag vminit:latest "ghcr.io/apple/containerization/vminit:${VERSION}" + bin/cctl images push "ghcr.io/apple/containerization/vminit:${VERSION}" + + - name: Create image tar + if: ${{ !inputs.release }} + run: | + bin/cctl images save vminit:latest -o vminit.tar + + - name: Save vminit artifact + if: ${{ !inputs.release }} + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + with: + name: vminit + path: vminit.tar + + - name: Save documentation artifact + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + with: + name: api-docs + path: "./_site.tgz" + retention-days: 14 + + uploadPages: + # Separate upload step required because upload-pages-artifact needs + # gtar which is not on the macOS runner. + name: Upload artifact for GitHub Pages + needs: buildAndTest + timeout-minutes: 5 + runs-on: ubuntu-latest + + steps: + - name: Setup Pages + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 + + - name: Download a single artifact + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: api-docs + + - name: Add API docs to documentation + run: | + tar xfz _site.tgz + + - name: Upload Artifact + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 + with: + path: "./_site" diff --git a/.github/workflows/containerization-build.yml b/.github/workflows/containerization-build.yml new file mode 100644 index 0000000..dc32e1b --- /dev/null +++ b/.github/workflows/containerization-build.yml @@ -0,0 +1,53 @@ +name: Build containerization + +permissions: + contents: read + +on: + pull_request: + types: [opened, reopened, synchronize] + push: + branches: + - main + - release/* + +jobs: + verify-signatures: + name: Verify commit signatures + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + steps: + - name: Check all commits are signed + env: + GH_TOKEN: ${{ github.token }} + REPO: ${{ github.repository }} + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + commits=$(gh api "repos/${REPO}/pulls/${PR_NUMBER}/commits" --paginate) + unsigned_commits="" + + while IFS='|' read -r sha author verified; do + if [ "$verified" != "true" ]; then + unsigned_commits="$unsigned_commits - $sha by $author\n" + fi + done < <(echo "$commits" | jq -r '.[] | "\(.sha)|\(.commit.author.name)|\(.commit.verification.verified)"') + + if [ -n "$unsigned_commits" ]; then + echo "::error::The following commits are not signed:" + echo -e "$unsigned_commits" + echo "" + echo "Please sign your commits. See:" + echo " - https://github.com/apple/containerization/blob/main/CONTRIBUTING.md#pull-requests" + echo " - https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits" + exit 1 + fi + + echo "All commits are signed!" + + containerization: + permissions: + contents: read + packages: write + pages: write + uses: ./.github/workflows/containerization-build-template.yml + secrets: inherit diff --git a/.github/workflows/docs-release.yaml b/.github/workflows/docs-release.yaml new file mode 100644 index 0000000..e1295d6 --- /dev/null +++ b/.github/workflows/docs-release.yaml @@ -0,0 +1,46 @@ +# Manual workflow for releasing docs ad-hoc. Workflow can only be run for main or release branches. +# Workflow does NOT publish a release of containerization. +name: Deploy application website + +permissions: + contents: read + +on: + workflow_dispatch: + +jobs: + checkBranch: + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') || startsWith(github.ref, 'refs/heads/release') + steps: + - name: Branch validation + env: + REF_NAME: ${{ github.ref_name }} + run: echo "Branch ${REF_NAME} is allowed" + + buildSite: + name: Build application website + needs: checkBranch + uses: ./.github/workflows/containerization-build-template.yml + secrets: inherit + permissions: + contents: read + packages: write + pages: write + + deployDocs: + runs-on: ubuntu-latest + needs: [checkBranch, buildSite] + permissions: + contents: read + pages: write + id-token: write + + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml new file mode 100644 index 0000000..2d0acac --- /dev/null +++ b/.github/workflows/linux-build.yml @@ -0,0 +1,60 @@ +name: Linux build + +permissions: + contents: read + +on: + pull_request: + types: [opened, reopened, synchronize] + push: + branches: + - main + - release/* + +jobs: + swift-version: + name: Determine Swift version + runs-on: ubuntu-24.04 + outputs: + image: ${{ steps.version.outputs.image }} + steps: + - name: Checkout .swift-version + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + sparse-checkout: .swift-version + sparse-checkout-cone-mode: false + + - name: Read Swift version + id: version + run: echo "image=swift:$(cat .swift-version)-noble" >> "$GITHUB_OUTPUT" + + build: + name: Linux compile check + needs: swift-version + timeout-minutes: 30 + runs-on: ubuntu-24.04 + container: ${{ needs.swift-version.outputs.image }} + + steps: + - name: Checkout repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + fetch-depth: 0 + + - name: Install system dependencies + run: apt-get update && apt-get install -y curl make libarchive-dev libbz2-dev liblzma-dev libssl-dev + + - name: Build containerization + run: make containerization + + - name: Build vminitd (glibc) + run: make -C vminitd SWIFT_CONFIGURATION="--disable-automatic-resolution -Xswiftc -warnings-as-errors" + + - name: Install Static Linux SDK + run: make -C vminitd linux-sdk + + - name: Build vminitd (musl) + run: make -C vminitd + + - name: Run unit tests + run: swift test --disable-automatic-resolution -Xswiftc -warnings-as-errors diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..7f211c7 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,57 @@ +name: Release containerization + +permissions: + contents: read + +on: + push: + tags: + - "[0-9]+\\.[0-9]+\\.[0-9]+" + +jobs: + containerization: + uses: ./.github/workflows/containerization-build-template.yml + with: + release: true + version: ${{ github.ref_name }} + secrets: inherit + permissions: + contents: read + packages: write + pages: write + + deployDocs: + if: startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + needs: containerization + permissions: + contents: read + pages: write + id-token: write + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 + + release: + if: startsWith(github.ref, 'refs/tags/') + name: Publish release + timeout-minutes: 30 + needs: containerization + runs-on: ubuntu-latest + permissions: + contents: write + packages: read + steps: + - name: Create release + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + with: + token: ${{ github.token }} + name: ${{ github.ref_name }}-prerelease + draft: true + make_latest: false + prerelease: true + fail_on_unmatched_files: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..088b1bf --- /dev/null +++ b/.gitignore @@ -0,0 +1,28 @@ +.DS_Store +bin +libexec +.build +.local +xcuserdata/ +DerivedData/ +.swiftpm/ +.netrc +workdir/ +installer/ +.venv/ +test_results/ +*.pid +*.log +*.zip +*.o +*.ext4 +*.pkg +*.swp +*.tar.gz +*.tar.xz +vmlinux* + +# API docs for local preview only. +_site/ +_serve/ +kernel/vmlinuz-x86_64 diff --git a/.spi.yml b/.spi.yml new file mode 100644 index 0000000..9b46d1f --- /dev/null +++ b/.spi.yml @@ -0,0 +1,5 @@ +version: 1 +builder: + configs: + - documentation_targets: [Containerization, ContainerizationEXT4, ContainerizationOS, ContainerizationOCI, ContainerizationNetlink, ContainerizationIO, ContainerizationExtras, ContainerizationArchive, SendableProperty] + swift_version: '6.2' diff --git a/.swift-format b/.swift-format new file mode 100644 index 0000000..dcd6005 --- /dev/null +++ b/.swift-format @@ -0,0 +1,68 @@ +{ + "fileScopedDeclarationPrivacy" : { + "accessLevel" : "private" + }, + "indentation" : { + "spaces" : 4 + }, + "indentConditionalCompilationBlocks" : false, + "indentSwitchCaseLabels" : false, + "lineBreakAroundMultilineExpressionChainComponents" : false, + "lineBreakBeforeControlFlowKeywords" : false, + "lineBreakBeforeEachArgument" : false, + "lineBreakBeforeEachGenericRequirement" : false, + "lineLength" : 180, + "maximumBlankLines" : 1, + "multiElementCollectionTrailingCommas" : true, + "noAssignmentInExpressions" : { + "allowedFunctions" : [ + "XCTAssertNoThrow" + ] + }, + "prioritizeKeepingFunctionOutputTogether" : false, + "respectsExistingLineBreaks" : true, + "rules" : { + "AllPublicDeclarationsHaveDocumentation" : false, + "AlwaysUseLowerCamelCase" : true, + "AmbiguousTrailingClosureOverload" : false, + "BeginDocumentationCommentWithOneLineSummary" : false, + "DoNotUseSemicolons" : true, + "DontRepeatTypeInStaticProperties" : true, + "FileScopedDeclarationPrivacy" : true, + "FullyIndirectEnum" : true, + "GroupNumericLiterals" : true, + "IdentifiersMustBeASCII" : true, + "NeverForceUnwrap" : true, + "NeverUseForceTry" : true, + "NeverUseImplicitlyUnwrappedOptionals" : true, + "NoAccessLevelOnExtensionDeclaration" : true, + "NoAssignmentInExpressions" : true, + "NoBlockComments" : false, + "NoCasesWithOnlyFallthrough" : true, + "NoEmptyTrailingClosureParentheses" : true, + "NoLabelsInCasePatterns" : true, + "NoLeadingUnderscores" : false, + "NoParensAroundConditions" : true, + "NoPlaygroundLiterals" : true, + "NoVoidReturnOnFunctionSignature" : true, + "OmitExplicitReturns" : true, + "OneCasePerLine" : true, + "OneVariableDeclarationPerLine" : true, + "OnlyOneTrailingClosureArgument" : true, + "OrderedImports" : true, + "ReplaceForEachWithForLoop" : true, + "ReturnVoidInsteadOfEmptyTuple" : true, + "TypeNamesShouldBeCapitalized" : true, + "UseEarlyExits" : true, + "UseLetInEveryBoundCaseVariable" : true, + "UseShorthandTypeNames" : true, + "UseSingleLinePropertyGetter" : true, + "UseSynthesizedInitializer" : true, + "UseTripleSlashForDocumentationComments" : true, + "UseWhereClausesInForLoops" : false, + "ValidateDocumentationComments" : true + }, + "spacesAroundRangeFormationOperators" : false, + "tabWidth" : 2, + "version" : 1 +} diff --git a/.swift-format-nolint b/.swift-format-nolint new file mode 100644 index 0000000..8f600e5 --- /dev/null +++ b/.swift-format-nolint @@ -0,0 +1,68 @@ +{ + "fileScopedDeclarationPrivacy" : { + "accessLevel" : "private" + }, + "indentation" : { + "spaces" : 4 + }, + "indentConditionalCompilationBlocks" : false, + "indentSwitchCaseLabels" : false, + "lineBreakAroundMultilineExpressionChainComponents" : false, + "lineBreakBeforeControlFlowKeywords" : false, + "lineBreakBeforeEachArgument" : false, + "lineBreakBeforeEachGenericRequirement" : false, + "lineLength" : 180, + "maximumBlankLines" : 1, + "multiElementCollectionTrailingCommas" : true, + "noAssignmentInExpressions" : { + "allowedFunctions" : [ + "XCTAssertNoThrow" + ] + }, + "prioritizeKeepingFunctionOutputTogether" : false, + "respectsExistingLineBreaks" : true, + "rules" : { + "AllPublicDeclarationsHaveDocumentation" : false, + "AlwaysUseLowerCamelCase" : false, + "AmbiguousTrailingClosureOverload" : false, + "BeginDocumentationCommentWithOneLineSummary" : false, + "DoNotUseSemicolons" : true, + "DontRepeatTypeInStaticProperties" : false, + "FileScopedDeclarationPrivacy" : false, + "FullyIndirectEnum" : false, + "GroupNumericLiterals" : false, + "IdentifiersMustBeASCII" : false, + "NeverForceUnwrap" : false, + "NeverUseForceTry" : false, + "NeverUseImplicitlyUnwrappedOptionals" : false, + "NoAccessLevelOnExtensionDeclaration" : false, + "NoAssignmentInExpressions" : false, + "NoBlockComments" : false, + "NoCasesWithOnlyFallthrough" : false, + "NoEmptyTrailingClosureParentheses" : true, + "NoLabelsInCasePatterns" : false, + "NoLeadingUnderscores" : false, + "NoParensAroundConditions" : true, + "NoPlaygroundLiterals" : false, + "NoVoidReturnOnFunctionSignature" : true, + "OmitExplicitReturns" : false, + "OneCasePerLine" : true, + "OneVariableDeclarationPerLine" : true, + "OnlyOneTrailingClosureArgument" : false, + "OrderedImports" : true, + "ReplaceForEachWithForLoop" : false, + "ReturnVoidInsteadOfEmptyTuple" : false, + "TypeNamesShouldBeCapitalized" : false, + "UseEarlyExits" : false, + "UseLetInEveryBoundCaseVariable" : false, + "UseShorthandTypeNames" : true, + "UseSingleLinePropertyGetter" : true, + "UseSynthesizedInitializer" : false, + "UseTripleSlashForDocumentationComments" : true, + "UseWhereClausesInForLoops" : false, + "ValidateDocumentationComments" : false + }, + "spacesAroundRangeFormationOperators" : false, + "tabWidth" : 2, + "version" : 1 +} diff --git a/.swift-version b/.swift-version new file mode 100644 index 0000000..798e389 --- /dev/null +++ b/.swift-version @@ -0,0 +1 @@ +6.3.0 diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..d3d775b --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,91 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Build / Test / Format + +The project is built via `make`, not directly with `swift build`. Two Swift packages live in this repo: the root package (Containerization libraries + `cctl` + macOS-only integration binary) and `vminitd/` (the Linux guest init system, cross-compiled with the Static Linux SDK). + +- `make all` — build everything (`containerization` + `vminitd` + `init.ext4` rootfs in `bin/`). Default `BUILD_CONFIGURATION=debug`; pass `release` (or use `make release`) for optimized builds. +- `make containerization` — build just the host-side Swift package (skips vminitd). +- `make vminitd` — build vminitd / vmexec only. By default uses `LIBC=musl` via the Static Linux SDK; `make linux-build LIBC=glibc` builds via a Linux dev container. +- `make test` — unit tests with code coverage. `make coverage` regenerates the coverage report. +- `make integration` — runs `bin/containerization-integration`. Requires an in-repo kernel under `bin/` (`bin/vmlinux-arm64` on arm64, `bin/vmlinuz-x86_64` or `bin/vmlinux-x86_64` on x86_64); if absent, run `make fetch-default-kernel` to download the Kata-provided kernel for the host arch. +- Single test: `swift test --filter ContainerizationOCITests.ReferenceTests/testParsing` (Swift Testing / XCTest filter syntax). Targets are listed in `Package.swift`. +- `make linux-test` — runs `swift test` inside the Linux dev container (requires the `container` CLI from apple/container). +- `make linux-build` — builds the host-side Swift package (incl. `cctl`, `Containerization`, and `CloudHypervisor`) inside the same Linux dev container. Use this to validate Linux portability of host-side code; the resulting `cctl` is what the cloud-hypervisor backend ships behind. +- `make linux-integration` — runs the cross-platform integration suite against a real cloud-hypervisor VM inside the dev container (nested virt via apple/container's `--virtualization`). Requires a KVM-capable kernel at `kernel/vmlinux-arm64` (or `kernel/vmlinuz-x86_64` on x86_64 hosts) — build via `make -C kernel`; the kata-fetched kernel doesn't include KVM. Also requires `make fetch-cloud-hypervisor` and `make linux-build` to have been run first. Linux runs only the cross-platform subset (`process true`/`false`/`echo hi`); the macOS suite is unchanged. +- `make fetch-cloud-hypervisor` — downloads the static `cloud-hypervisor` v52.0 (aarch64) binary into `bin/cloud-hypervisor` for the Linux integration tests. +- `make build-cloud-hypervisor` / `make build-virtiofsd` — build patched `cloud-hypervisor` / `virtiofsd` from sources you have cloned into `.local/cloud-hypervisor` and `.local/virtiofsd` respectively. There is no fetch target — clone the upstream repos at the revision you want pinned. `build-virtiofsd` applies `scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch` and is idempotent. Both run inside the same Linux dev container as `linux-integration` so the resulting binaries are aarch64-linux-gnu. +- `make dist-x86_64` — assembles `bin/containerization-x86_64-.tar.gz` (cctl + cloud-hypervisor + virtiofsd + initfs.ext4 + kernel) for x86_64 Linux deployment, cross-compiled inside the aarch64 dev container via the Static Linux SDK (Swift) and `cargo zigbuild` (Rust). Prereqs: `.local/cloud-hypervisor` and `.local/virtiofsd` source checkouts (clone deliberately — no fetch target), and an x86_64 kernel built via `make -C kernel TARGET_ARCH=x86_64`. Per-stage rebuild env vars: `REBUILD_VMINITD=1`, `REBUILD_INITFS=1`, `REBUILD_CH=1`, `REBUILD_VIRTIOFSD=1`; cctl x86 always rebuilds. **Full pipeline, toolchain rationale, and troubleshooting in `docs/x86_64-build.md`.** The orchestrator is `scripts/build-dist-x86_64.sh`. +- `make fmt` — applies `.swift-format` and refreshes license headers via hawkeye. +- `make check` — formatting + license-header lint (this is what the pre-commit hook runs). Uses `.swift-format-nolint` for stricter linting. +- `make pre-commit` — installs `scripts/pre-commit.fmt` as a git pre-commit hook. +- `make protos` — regenerates `Sources/Containerization/SandboxContext/SandboxContext.{pb,grpc}.swift` from the `.proto`. Touch this whenever the proto changes; never hand-edit the generated files. +- `make cross-prep` — installs Swiftly, the pinned Swift toolchain (see `.swift-version`), and the Static Linux SDK. Run once before the first build. + +`WARNINGS_AS_ERRORS=true` is the default for both packages. Don't disable it casually — CI builds with it on. + +## Architecture + +This is a **Swift library package** (not a CLI tool) that lets applications run Linux containers on Apple silicon by spawning a lightweight VM per container via `Virtualization.framework`. The corresponding end-user CLI lives in [`apple/container`](https://github.com/apple/container) and is **not** part of this repo. `cctl` here is a playground/example binary, not the shipping product. + +### The host ↔ guest split + +Every Linux container runs inside its own VM. The boundary between host (macOS) and guest (Linux) is the central architectural fact: + +- **Host side** (`Sources/`, `macOS` platform): orchestrates VMs through `Virtualization.framework` (`VZVirtualMachineInstance.swift`, `VZVirtualMachine+Helpers.swift`). The user-facing entry points are `LinuxContainer` (one container per VM) and `LinuxPod` (multiple containers in one VM, experimental). These build a `VMConfiguration`, boot the VM with the chosen `Kernel` and a rootfs containing `vminitd`, then drive the guest via gRPC. +- **Guest side** (`vminitd/`, Linux platform): `vminitd` is PID 1 inside the VM. It exposes a gRPC service over **vsock** (default port `1024`) defined by `Sources/Containerization/SandboxContext/SandboxContext.proto`. `VminitdCore` implements that service: launching container processes, handling stdio over vsock, signal/event delivery, cgroups, mounts, and process lifecycle. By default it launches workloads via `vmexec` (a small helper that runs a single process inside the guest namespace); `runc` is used only when an OCI runtime path is supplied. + +The proto is the contract between the two halves. **The `.pb.swift` and `.grpc.swift` files in `SandboxContext/` are generated** — regenerate via `make protos` after changing `SandboxContext.proto`. Both host and guest depend on the same generated Swift via the path-dependency wiring in `vminitd/Package.swift` (`containerization` is a sibling path package). + +### VMM backends + +`Containerization` abstracts the VMM behind `VirtualMachineManager` / `VirtualMachineInstance`. Two backends ship in this repo, both inside the same `Containerization` target but gated by `#if`: + +- **macOS**: `VZVirtualMachineManager` / `VZVirtualMachineInstance` (`VZ*` files, `#if os(macOS)`). Drives `Virtualization.framework` directly. +- **Linux**: `CHVirtualMachineManager` / `CHVirtualMachineInstance` (`CH*` files plus `CHProcess`, `VirtiofsdProcess`, `Vsock+Linux`, all `#if os(Linux)`). One `cloud-hypervisor` subprocess per VM, REST-on-UDS control plane via the standalone [`CloudHypervisor`](./Sources/CloudHypervisor) Swift package, virtio-blk / virtio-fs (one `virtiofsd` per share) / TAP / vsock for the data plane. Same `Vminitd` guest contract as VZ — only the host-side VMM differs. + +The `CloudHypervisor` library is a thin NIO-based HTTP/1.1-over-UDS client targeting cloud-hypervisor's REST API. It compiles on both platforms (so it can be unit-tested on macOS without a real cloud-hypervisor binary), but is only consumed by the Linux backend at runtime. + +**Sandbox env vars.** `CHProcess` and `VirtiofsdProcess` default to the upstream-secure spawn flags. Per-component opt-outs: + +- `CONTAINERIZATION_NO_CH_SECCOMP=1` — launch cloud-hypervisor with `--seccomp false`. +- `CONTAINERIZATION_NO_VIRTIOFSD_SANDBOX=1` — launch virtiofsd with `--sandbox none`. + +Both flags emit a one-line `logger.warning` at start so a relaxed-sandbox VM is loud in the host log. The legacy alias `CONTAINERIZATION_RELAXED_SANDBOX=1` continues to flip both at once. These are required inside apple/container's `--virtualization` dev container, where the host seccomp profile SIGSYS-kills both binaries; `make linux-integration` sets the legacy alias automatically. Leave them unset in production deployments where the host policy lets CH/virtiofsd run unmolested. + +### Library targets (`Sources/`) + +These are independently consumable Swift modules. Keep their dependencies narrow: + +- `Containerization` — the top-level orchestration layer (`LinuxContainer`, `LinuxPod`, `VMConfiguration`, `Vminitd` gRPC client wrapper, mounts, networking, sockets, image unpacking). Hosts both the macOS (VZ) and Linux (CH) VMM backends behind `#if os(...)`. +- `CloudHypervisor` — standalone NIO-based HTTP/1.1-over-UDS client targeting cloud-hypervisor's REST API. Cross-platform (compiles on macOS for unit tests; consumed at runtime only by the Linux side of `Containerization`). +- `ContainerizationOCI` — OCI image spec types, registry client (push/pull/auth), local OCI layout, content store. Used host-side for image management. +- `ContainerizationEXT4` — pure-Swift ext4 reader/formatter; used to build container rootfs blocks (`bin/initfs.ext4`). +- `ContainerizationArchive` — Swift wrapper around vendored libarchive headers (`Sources/ContainerizationArchive/CArchive`, refreshable via `make update-libarchive-source`). Links system `libarchive`, `lzma`, `bz2`, `z`, plus zstd via SwiftPM. +- `ContainerizationNetlink` — netlink socket bindings (used by vminitd for in-guest network configuration). +- `ContainerizationOS` — POSIX/Darwin/Linux platform shims (`Command`, `Terminal`, `Socket`, signal handling, mount syscalls, keychain). Cross-platform. +- `ContainerizationIO` — small NIO-flavored stream/reader utilities. +- `ContainerizationExtras`, `ContainerizationError`, `CShim` — shared helpers and a tiny C bridge. + +`Sources/Integration/` is the macOS-only `containerization-integration` binary (the integration test runner; it is not a `testTarget`, it's an `executableTarget` that's invoked by `make integration`). Unit `testTarget`s live under `Tests/`. + +### vminitd internals (`vminitd/Sources/`) + +- `VminitdCore/Server+GRPC.swift` is the bulk of the guest agent — it implements every RPC declared in `SandboxContext.proto`. +- `ManagedContainer.swift` / `ManagedProcess.swift` launch container processes via `vmexec` by default; `VminitdCore/Runc/` plus `RuncProcess.swift` shell out to `runc` only when an OCI runtime path is supplied. `ProcessSupervisor` reaps and dispatches exit events. +- `Cgroup/` handles cgroup v2 setup. `LCShim/` and `CVersion/` are small C bridges (the latter injects `GIT_COMMIT`/`GIT_TAG`/`BUILD_TIME` at compile time). +- `vmexec` runs a single container process inside the guest namespace and is what `vminitd` execs to launch container workloads. + +## Conventions + +- **License headers are required** on every Swift file. `make check-licenses` runs hawkeye against `scripts/license-header.txt`. New files: run `make update-licenses` (or `make fmt`) before committing. +- **Formatting**: `.swift-format` (line length 180, 4-space indent). The lint config (`.swift-format-nolint`) is what CI enforces. `NeverForceUnwrap`, `NeverUseForceTry`, and `NeverUseImplicitlyUnwrappedOptionals` are all on — don't introduce `!` / `try!`. +- **Package isolation**: prefer adding code to the smallest applicable module. Don't pull `Containerization` into `ContainerizationOCI` or similar — the leaf modules are intentionally light so they can be consumed standalone. +- **`SandboxContext.proto` is excluded from the `Containerization` target** (see `Package.swift`). The generated `.pb.swift` / `.grpc.swift` files are checked in. +- **Squash-and-merge**: PRs land as a single commit, so the PR title/body becomes the commit message — write it accordingly. Commits must be signed (per `CONTRIBUTING.md`). + +## Requirements + +Apple silicon Mac, macOS 26, Xcode 26. Swift toolchain version is pinned in `.swift-version` (currently `6.3.0`) and installed via Swiftly during `make cross-prep`. Older macOS releases are not supported. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..7326c97 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,116 @@ +# 🌈 📦️ Welcome to the Containerization community! 📦️ 🌈 + +Contributions to Containerization are welcomed and encouraged. + +## Index + +- [How you can help](#how-you-can-help) +- [Submitting issues and pull requests](#submitting-issues-and-pull-requests) +- [New to open source?](#new-to-open-source) +- [AI contribution guidelines](#ai-contribution-guidelines) +- [Code of conduct](#code-of-conduct) + +## How you can help + +We would love your contributions in the form of: + +🐛 Bug fixes\ +⚡️ Performance improvements\ +✨ API additions or enhancements\ +📝 Documentation\ +🧑‍💻 Project advocacy: blogs, conference talks, and more + +Anything else that could enhance the project! + +## Submitting issues and pull requests + +### Issues + +To file a bug or feature request, use [GitHub issues](https://github.com/apple/containerization/issues/new). + +🚧 For unexpected behavior or usability limitations, detailed instructions on how to reproduce the issue are appreciated. This will greatly help the priority setting and speed at which maintainers can get to your issue. + +### Pull requests + +We require all commits be signed with any of GitHub's supported methods, such as GPG or SSH. Information on how to set this up can be found on [GitHub's docs](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#about-commit-signature-verification). + +To make a pull request, use [GitHub](https://github.com/apple/containerization/compare). Please give the team a few days to review but it's ok to check in on occasion. We appreciate your contribution! + +> [!IMPORTANT] +> If you plan to make substantial changes or add new features, we encourage you to first discuss them with the wider containerization developer community. +> You can do this by filing a [GitHub issue](https://github.com/apple/containerization/issues/new). +> This will save time and increases the chance of your pull request being accepted. + +We use a "squash and merge" strategy to keep our `main` branch history clean and easy to follow. When your pull request +is merged, all of your commits will be combined into a single commit. + +With the "squash and merge" strategy, the *title* and *body* of your pull request is extremely important. It will become the commit message +for the squashed commit. Think of it as the single, definitive description of your contribution. + +Before merging, we'll review the pull request title and body to ensure it: + +* Clearly and concisely describes the changes. +* Uses the imperative mood (for example, "Add feature," "Fix bug"). +* Provides enough context for future developers to understand the purpose of the change. + +The pull request description should be concise and accurately describe the *what* and *why* of your changes. + +#### .gitignore contributions + +We do not currently accept contributions to add editor specific additions to the root .gitignore. We urge contributors to make a global .gitignore file with their rulesets they may want to add instead. A global .gitignore file can be set like so: + +```bash +git config --global core.excludesfile ~/.gitignore +``` + +#### Formatting contributions + +Make sure your contributions are consistent with the rest of the project's formatting. You can do this using our Makefile: + +```bash +make fmt +``` + +#### Applying license header to new files + +If you submit a contribution that adds a new file, please add the license header. You can do this using our Makefile: + +```bash +make update-licenses +``` + +## New to open source? + +### How do I pick something to work on? + +Take a look at the `good first issue` label in the [containerization](https://github.com/apple/containerization/contribute) or [container](https://github.com/apple/container/contribute) project. +Before you start working on an issue: +* Check the comments, assignees, and any references to pull requests — make sure nobody else is actively working on it, or awaiting help or review. +* If someone is assigned to the issue or volunteered to work on it, and there are no signs of progress or activity over at least the past month, don't hesitate to check in with them +* Leave a comment that you have started working on it. + +### Getting help + +Don't be afraid to ask for help! When asking for help, provide as much information as possible, while highlighting anything you think may be important. Refer to the [MAINTAINERS.txt](MAINTAINERS.txt) file for the appropriate people to ping. + +### I didn't get a response from someone. What should I do? + +It's possible that you ask someone a question in an issue/pull request and you don't get a response as quickly as you'd like. If you don't get a response within a week, it's okay to politely ping them using an `@` mention. If you don't get a response for 2-3 weeks in a row, please ping someone else. + +### I can't finish the contribution I started + +Sometimes an issue ends up bigger, harder, or more time-consuming than expected — **and that’s completely fine.** Be sure to comment on the issue saying you’re stepping away, so that someone else is able to pick it up. + +## AI contribution guidelines + +We welcome thoughtful use of AI tools in your contributions to this repository. We ask that you adhere to these rules in order to preserve the project's integrity, clarity, and quality, and to respect maintainer bandwidth: + +* You should be able to explain and justify every line of code or documentation that was generated or assisted by AI. Your submission should reflect your own understanding and intent. +* Use AI to augment, not totally replace, your reasoning or familiarity, especially for non-trivial parts of the system. +* Avoid dumping AI-generated walls of text that you cannot explain. Low-effort, unexplained submissions will be deprioritized to protect maintainer bandwidth. + +AI tools should be used to **enhance, not replace** the human elements that make OSS special: learning, collaboration, and community growth. + +## Code of conduct + +To clarify what is expected of our contributors and community members, the Containerization team has adopted the code of conduct defined by the Contributor Covenant. This document is used across many open source communities and articulates our values well. For more detail, please read the [Code of Conduct](https://github.com/apple/.github/blob/main/CODE_OF_CONDUCT.md "Code of Conduct"). diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7a4a3ea --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/MAINTAINERS.txt b/MAINTAINERS.txt new file mode 100644 index 0000000..2b40e20 --- /dev/null +++ b/MAINTAINERS.txt @@ -0,0 +1,26 @@ +This file contains a list of maintainers and past maintainers who have made meaningful changes to this repository. + +### Maintainers + +Aditya Ramani (adityaramani) +AJ Emory (ajemory) +Danny Canter (dcantah) +Dmitry Kovba (dkovba) +Eric Ernst (egernst) +John Logan (jglogan) +Kathryn Baldauf (katiewasnothere) +Madhu Venugopal (mavenugo) +Michael Crosby (crosbymichael) +Raj Aryan Singh (realrajaryan) +Sidhartha Mani (wlan0) +Yibo Zhuang (yibozhuang) + + +### Emeritus maintainers + +Agam Dua (agamdua) +Evan Hazlett (ehazlett) +Gilbert Song (gilbert88) +Hugh Bussell (hughbussell) +Tanweer Noor (tanweernoor) +Ximena Perez Diaz (ximenanperez) diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9c99a9e --- /dev/null +++ b/Makefile @@ -0,0 +1,448 @@ +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Build configuration variables +BUILD_CONFIGURATION ?= debug +WARNINGS_AS_ERRORS ?= true +SWIFT_CONFIGURATION := $(if $(filter-out false,$(WARNINGS_AS_ERRORS)),-Xswiftc -warnings-as-errors) --disable-automatic-resolution + +# Commonly used locations +UNAME_S := $(shell uname -s) +UNAME_M := $(shell uname -m) +KERNEL_ARCH := $(if $(filter $(UNAME_M),aarch64 arm64),arm64,$(UNAME_M)) +# Candidate kernel filenames in bin/ (compiled vmlinuz first, kata-fetched vmlinux fallback). +ifeq ($(KERNEL_ARCH),x86_64) +KERNEL_CANDIDATES := bin/vmlinuz-x86_64 bin/vmlinux-x86_64 +else +KERNEL_CANDIDATES := bin/vmlinux-$(KERNEL_ARCH) +endif +# In-repo KVM-capable kernel built by `make -C kernel` (vmlinuz for x86_64 bzImage, +# vmlinux for arm64 Image). linux-integration requires this; the kata-fetched +# kernel under bin/ does not enable KVM. +ifeq ($(KERNEL_ARCH),x86_64) +LINUX_INTEGRATION_KERNEL := kernel/vmlinuz-x86_64 +else +LINUX_INTEGRATION_KERNEL := kernel/vmlinux-$(KERNEL_ARCH) +endif +ifeq ($(UNAME_S),Darwin) +SWIFT ?= /usr/bin/swift +else +SWIFT ?= swift +endif + +ROOT_DIR := $(shell git rev-parse --show-toplevel) +BUILD_BIN_DIR = $(shell $(SWIFT) build -c $(BUILD_CONFIGURATION) --show-bin-path) +COV_DATA_DIR = $(shell $(SWIFT) test --show-coverage-path | xargs dirname) +COV_REPORT_FILE = $(ROOT_DIR)/code-coverage-report + +# Variables for libarchive integration +LIBARCHIVE_UPSTREAM_REPO := https://github.com/libarchive/libarchive +LIBARCHIVE_UPSTREAM_VERSION := v3.7.7 +LIBARCHIVE_LOCAL_DIR := workdir/libarchive + +KATA_BINARY_PACKAGE := https://github.com/kata-containers/kata-containers/releases/download/3.17.0/kata-static-3.17.0-arm64.tar.xz +CLOUD_HYPERVISOR_URL := https://github.com/cloud-hypervisor/cloud-hypervisor/releases/download/v52.0/cloud-hypervisor-static-aarch64 +# SHA256 of the v52.0 aarch64 static binary (verified locally from the +# upstream release artifact). Bump alongside CLOUD_HYPERVISOR_URL. +CLOUD_HYPERVISOR_SHA256 := bf004ddc1a148f47caa87ac49a783b8dbd6bf9bc27abe522ed197df7b982d3b1 + +SWIFT_VERSION := $(shell cat $(ROOT_DIR)/.swift-version) +SWIFT_SDK_URL := $(shell grep '^SWIFT_SDK_URL' vminitd/Makefile | head -1 | sed 's/.*:= *//') +SWIFT_SDK_CHECKSUM := $(shell grep '^SWIFT_SDK_CHECKSUM' vminitd/Makefile | head -1 | sed 's/.*:= *//') +LINUX_DEV_IMAGE := containerization-dev:$(SWIFT_VERSION) + +# Literal `,` for use inside $(call ...) arguments — bare commas are +# treated as the call's argument separator and split the value early. +comma := , + +# Run a command inside a Linux dev container. +# Requires 'container' (https://github.com/apple/container). +# Automatically builds the dev image if it doesn't exist. +# +# Bind-mounts $(ROOT_DIR)/.local/integration-cache → the dev container's +# appRoot (`~/.local/share/com.apple.containerization`) so cctl-populated +# imageStore content (e.g. `vminit:latest` from `make init`, plus images +# pulled by the integration suite like alpine) persists across `container +# run` invocations. Without this, every `make linux-integration` re-pulls +# alpine and re-imports vminit, which dominates per-suite ramp-up. The +# macOS path gets this for free because $HOME persists. +# +# $(1): bash command to run inside the container. +# $(2): optional extra flags for `container run` (empty by default). Use this +# for linux-integration to pass `--kernel kernel/vmlinux-` so +# /dev/kvm is exposed in the dev container's Linux VM (the kata kernel +# fetched by `make fetch-default-kernel` does not enable KVM). +define linux_run + @if ! command -v container > /dev/null 2>&1; then \ + echo "Error: 'container' CLI not found. Install from https://github.com/apple/container"; \ + exit 1; \ + fi + @if ! container image list -q 2>/dev/null | grep -q "$(LINUX_DEV_IMAGE)"; then \ + echo "Building Linux dev container image..."; \ + $(MAKE) linux-image; \ + fi + @mkdir -p $(ROOT_DIR)/.local/integration-cache + @container run --rm $(2) --memory 16gb --cpus 8 --virtualization \ + -v $(ROOT_DIR):/workspace \ + -v $(ROOT_DIR)/.local/integration-cache:/root/.local/share/com.apple.containerization \ + -w /workspace $(LINUX_DEV_IMAGE) \ + bash -c "$(1)" +endef + +include Protobuf.Makefile +.DEFAULT_GOAL := all + +.PHONY: deps +deps: +ifeq ($(UNAME_S),Linux) + sudo apt-get install -y libarchive-dev libbz2-dev liblzma-dev libssl-dev +else + @echo "No additional dependencies required on $(UNAME_S)" +endif + +ifeq ($(UNAME_S),Darwin) +.PHONY: linux-image +linux-image: + container build \ + --progress plain \ + -f images/linux-dev/Dockerfile \ + --build-arg SWIFT_VERSION=$(SWIFT_VERSION) \ + --build-arg SWIFT_SDK_URL=$(SWIFT_SDK_URL) \ + --build-arg SWIFT_SDK_CHECKSUM=$(SWIFT_SDK_CHECKSUM) \ + -t $(LINUX_DEV_IMAGE) \ + . + +.PHONY: linux-build +linux-build: LIBC ?= musl +linux-build: +ifeq ($(LIBC),all) + $(call linux_run,make containerization && make -C vminitd LIBC=glibc && make -C vminitd LIBC=musl && make init) +else + $(call linux_run,make containerization && make -C vminitd LIBC=$(LIBC) && make init) +endif + +.PHONY: linux-test +linux-test: + $(call linux_run,swift test $(SWIFT_CONFIGURATION)) + +.PHONY: build-cloud-hypervisor +# Build cloud-hypervisor from the patched source at .local/cloud-hypervisor and +# install it to bin/cloud-hypervisor. Runs inside the Linux dev container so the +# resulting binary is aarch64-linux-gnu and can run nested-virt under +# `container run --virtualization`. Installs build deps + rustup the first +# time. Forces HOME=/root since the container inherits the host HOME otherwise, +# which breaks rustup's $HOME/.cargo path. +# +# Prerequisite: clone cloud-hypervisor into .local/cloud-hypervisor (any +# revision compatible with the v52.0 REST surface this repo targets). There +# is no fetch target — pin the revision deliberately. Example: +# git clone -b v52.0 https://github.com/cloud-hypervisor/cloud-hypervisor \ +# .local/cloud-hypervisor +build-cloud-hypervisor: +ifeq (,$(wildcard .local/cloud-hypervisor/Cargo.toml)) + @echo "missing .local/cloud-hypervisor source checkout." >&2 + @echo "clone the cloud-hypervisor repo into .local/cloud-hypervisor before running this target, e.g.:" >&2 + @echo " git clone -b v52.0 https://github.com/cloud-hypervisor/cloud-hypervisor .local/cloud-hypervisor" >&2 + @exit 1 +endif + $(call linux_run,export HOME=/root && if ! command -v curl >/dev/null 2>&1; then apt-get update && apt-get install -y --no-install-recommends curl ca-certificates build-essential pkg-config libssl-dev; fi && if [ ! -x /root/.cargo/bin/cargo ]; then curl --proto =https --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal; fi && . /root/.cargo/env && cd .local/cloud-hypervisor && cargo build --release --bin cloud-hypervisor && cp target/release/cloud-hypervisor /workspace/bin/cloud-hypervisor && chmod +x /workspace/bin/cloud-hypervisor) + +.PHONY: build-virtiofsd +# Build virtiofsd from the source at .local/virtiofsd and install it to +# bin/virtiofsd. Runs inside the Linux dev container so the resulting +# binary is aarch64-linux-gnu and matches the cloud-hypervisor binary +# built by `make build-cloud-hypervisor`. +# +# Prerequisite: clone virtiofsd into .local/virtiofsd (any revision the +# scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch applies +# cleanly to). There is no fetch target — pin the revision deliberately: +# git clone https://gitlab.com/virtio-fs/virtiofsd .local/virtiofsd +# +# virtiofsd has two hard build deps that aren't in the base dev image: +# * libcap-ng-dev — capng crate is unconditional in [dependencies]. +# * libseccomp-dev — Cargo.toml has `default = ["seccomp"]` and +# `[[bin]] required-features = ["seccomp"]`, and libseccomp-sys is a +# -sys crate that links against the system library via pkg-config. +# Both are required even though we run with `--sandbox none` (capng is +# called for capability-drop at startup, before any sandbox setup). +# +# Before building, applies the patch at +# scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch (see +# that file for rationale). Idempotent: skips if already applied via +# git apply --reverse --check. +# +# Sentinel for the apt-get block is libcap-ng + libseccomp via pkg-config +# (not `command -v curl`) so this target works correctly even after +# `build-cloud-hypervisor` has already installed curl in the same dev +# container. +build-virtiofsd: +ifeq (,$(wildcard .local/virtiofsd/Cargo.toml)) + @echo "missing .local/virtiofsd source checkout." >&2 + @echo "clone the virtiofsd repo into .local/virtiofsd before running this target, e.g.:" >&2 + @echo " git clone https://gitlab.com/virtio-fs/virtiofsd .local/virtiofsd" >&2 + @exit 1 +endif + $(call linux_run,export HOME=/root && \ + if ! pkg-config --exists libcap-ng libseccomp 2>/dev/null; then \ + apt-get update && apt-get install -y --no-install-recommends \ + curl ca-certificates build-essential pkg-config libssl-dev \ + libcap-ng-dev libseccomp-dev; \ + fi && \ + if [ ! -x /root/.cargo/bin/cargo ]; then \ + curl --proto =https --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal; \ + fi && \ + . /root/.cargo/env && \ + cd /workspace/.local/virtiofsd && \ + if git apply --check /workspace/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch 2>/dev/null; then \ + git apply /workspace/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch && \ + echo "applied virtiofsd cap-drop patch"; \ + elif git apply --reverse --check /workspace/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch 2>/dev/null; then \ + echo "virtiofsd cap-drop patch already applied"; \ + else \ + echo "ERROR: virtiofsd cap-drop patch does not apply cleanly" >&2; \ + exit 1; \ + fi && \ + cargo build --release && \ + cp target/release/virtiofsd /workspace/bin/virtiofsd && \ + chmod +x /workspace/bin/virtiofsd) + +.PHONY: linux-integration +linux-integration: +ifeq (,$(wildcard bin/cloud-hypervisor)) + @echo "missing bin/cloud-hypervisor; run 'make fetch-cloud-hypervisor' first" + @exit 1 +endif +ifeq (,$(wildcard bin/virtiofsd)) + @echo "missing bin/virtiofsd; run 'make build-virtiofsd' first" + @exit 1 +endif +ifeq (,$(wildcard $(LINUX_INTEGRATION_KERNEL))) + @echo "missing $(LINUX_INTEGRATION_KERNEL); run 'make -C kernel' first to build a KVM-capable kernel" + @exit 1 +endif +ifeq (,$(wildcard bin/containerization-integration)) + @echo "missing bin/containerization-integration; run 'make linux-build' first" + @exit 1 +endif +ifeq (,$(wildcard bin/initfs.ext4)) + @echo "missing bin/initfs.ext4; run 'make init' first (this also seeds the persistent imageStore at .local/integration-cache)" + @exit 1 +endif + $(call linux_run,CONTAINERIZATION_RELAXED_SANDBOX=1 ./bin/containerization-integration --kernel ./$(LINUX_INTEGRATION_KERNEL) --ch-binary ./bin/cloud-hypervisor --virtiofsd-binary ./bin/virtiofsd --max-concurrency 1,--kernel $(LINUX_INTEGRATION_KERNEL)) + +# Builds the x86_64 deployment tarball. +# +# Cross-compiles cctl, vminitd, cloud-hypervisor, and virtiofsd to +# x86_64-linux-musl inside the aarch64 Linux dev container (using the +# musl cross toolchain + static C deps installed by the dev image), +# packs an initfs.ext4 with the x86_64 vminitd inside, and emits +# bin/containerization-x86_64-.tar.gz. +# +# Depends on linux-image so that Dockerfile / build-musl-x86_64-deps.sh +# changes are picked up automatically. `container build` is cheap when +# layers are cached, so the no-change path is a few seconds of overhead. +# +# Prereqs: +# * .local/cloud-hypervisor and .local/virtiofsd source checkouts +# (see build-cloud-hypervisor / build-virtiofsd for clone URLs). +# * kernel/vmlinuz-x86_64 (preferred) or kernel/vmlinux-x86_64 present. +# Build via `make -C kernel TARGET_ARCH=x86_64` (or `make -C kernel x86_64`). +# The script fails hard if neither is present. +.PHONY: dist-x86_64 +dist-x86_64: linux-image + $(call linux_run,./scripts/build-dist-x86_64.sh) +endif + +.PHONY: all +all: containerization +all: init + +.PHONY: release +release: BUILD_CONFIGURATION = release +release: all + +.PHONY: containerization +containerization: + @echo Building containerization binaries... + @$(SWIFT) --version + @$(SWIFT) build -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) + + @echo Copying containerization binaries... + @mkdir -p bin + @install "$(BUILD_BIN_DIR)/cctl" ./bin/ + @install "$(BUILD_BIN_DIR)/containerization-integration" ./bin/ +ifeq ($(UNAME_S),Darwin) + @echo Signing containerization binaries... + @codesign --force --sign - --timestamp=none --entitlements=signing/vz.entitlements bin/cctl + @codesign --force --sign - --timestamp=none --entitlements=signing/vz.entitlements bin/containerization-integration +endif + +.PHONY: init +init: containerization vminitd + @echo Creating init.ext4... + @rm -f bin/init.rootfs.tar.gz bin/init.block bin/initfs.ext4 + @./bin/cctl rootfs create \ + --vminitd vminitd/bin/vminitd \ + --vmexec vminitd/bin/vmexec \ + --ext4 ./bin/initfs.ext4 \ + --label org.opencontainers.image.source=https://github.com/apple/containerization \ + --image vminit:latest \ + bin/init.rootfs.tar.gz + +.PHONY: cross-prep +cross-prep: + @"$(MAKE)" -C vminitd cross-prep + +.PHONY: vminitd +vminitd: + @mkdir -p ./bin + @"$(MAKE)" -C vminitd BUILD_CONFIGURATION=$(BUILD_CONFIGURATION) WARNINGS_AS_ERRORS=$(WARNINGS_AS_ERRORS) + +.PHONY: update-libarchive-source +update-libarchive-source: + @echo Updating the libarchive source files... + @git clone $(LIBARCHIVE_UPSTREAM_REPO) --depth 1 --branch $(LIBARCHIVE_UPSTREAM_VERSION) "$(LIBARCHIVE_LOCAL_DIR)" + @cp "$(LIBARCHIVE_LOCAL_DIR)/libarchive/archive_entry.h" Sources/ContainerizationArchive/CArchive/include + @cp "$(LIBARCHIVE_LOCAL_DIR)/libarchive/archive.h" Sources/ContainerizationArchive/CArchive/include + @cp "$(LIBARCHIVE_LOCAL_DIR)/COPYING" Sources/ContainerizationArchive/CArchive/COPYING + @rm -rf "$(LIBARCHIVE_LOCAL_DIR)" + +.PHONY: test +test: + @echo Testing all test targets... + @$(SWIFT) test --enable-code-coverage $(SWIFT_CONFIGURATION) + +.PHONY: coverage +coverage: test + @echo Generating code coverage report... + @xcrun llvm-cov show --compilation-dir=`pwd` \ + -instr-profile=$(COV_DATA_DIR)/default.profdata \ + --ignore-filename-regex=".build/" \ + --ignore-filename-regex=".pb.swift" \ + --ignore-filename-regex=".proto" \ + --ignore-filename-regex=".grpc.swift" \ + $(BUILD_BIN_DIR)/containerizationPackageTests.xctest/Contents/MacOS/containerizationPackageTests > $(COV_REPORT_FILE) + @echo Code coverage report generated: $(COV_REPORT_FILE) + +.PHONY: integration +integration: + @kernel="$$(for f in $(KERNEL_CANDIDATES); do [ -f $$f ] && echo $$f && break; done)"; \ + if [ -z "$$kernel" ]; then \ + echo "No kernel found. Looked for: $(KERNEL_CANDIDATES). See fetch-default-kernel target or build via kernel/Makefile."; \ + exit 1; \ + fi; \ + echo "Running the integration tests with kernel $$kernel..."; \ + ./bin/containerization-integration --kernel "$$kernel" + +.PHONY: fetch-default-kernel +fetch-default-kernel: + @mkdir -p .local/ bin/ +ifeq (,$(wildcard .local/kata.tar.gz)) + @curl -SsL -o .local/kata.tar.gz ${KATA_BINARY_PACKAGE} +endif +ifeq (,$(wildcard .local/vmlinux-$(KERNEL_ARCH))) + @tar -zxf .local/kata.tar.gz -C .local/ --strip-components=1 + @cp -L .local/opt/kata/share/kata-containers/vmlinux.container .local/vmlinux-$(KERNEL_ARCH) +endif +ifeq (,$(wildcard bin/vmlinux-$(KERNEL_ARCH))) + @cp .local/vmlinux-$(KERNEL_ARCH) bin/vmlinux-$(KERNEL_ARCH) +endif + +.PHONY: fetch-cloud-hypervisor +fetch-cloud-hypervisor: + @mkdir -p bin + @curl -SsL -o bin/cloud-hypervisor $(CLOUD_HYPERVISOR_URL) + @actual=$$(shasum -a 256 bin/cloud-hypervisor | awk '{print $$1}'); \ + if [ "$$actual" != "$(CLOUD_HYPERVISOR_SHA256)" ]; then \ + echo "ERROR: cloud-hypervisor checksum mismatch" >&2; \ + echo " expected: $(CLOUD_HYPERVISOR_SHA256)" >&2; \ + echo " actual: $$actual" >&2; \ + rm -f bin/cloud-hypervisor; \ + exit 1; \ + fi + @chmod +x bin/cloud-hypervisor + +.PHONY: check +check: swift-fmt-check check-licenses + +.PHONY: fmt +fmt: swift-fmt update-licenses + +.PHONY: swift-fmt +SWIFT_SRC = $(shell find . -type f -name '*.swift' -not -path "*/.*" -not -path "*.pb.swift" -not -path "*.grpc.swift" -not -path "*/checkouts/*") +swift-fmt: + @echo Applying the standard code formatting... + @$(SWIFT) format --recursive --configuration .swift-format -i $(SWIFT_SRC) + +swift-fmt-check: + @echo Checking code formatting compliance... + @$(SWIFT) format lint --recursive --strict --configuration .swift-format-nolint $(SWIFT_SRC) + +.PHONY: update-licenses +update-licenses: + @echo Updating license headers... + @./scripts/ensure-hawkeye-exists.sh + @.local/bin/hawkeye format --fail-if-unknown --fail-if-updated false + +.PHONY: check-licenses +check-licenses: + @echo Checking license headers existence in source files... + @./scripts/ensure-hawkeye-exists.sh + @.local/bin/hawkeye check --fail-if-unknown + +.PHONY: pre-commit +pre-commit: + cp Scripts/pre-commit.fmt .git/hooks + touch .git/hooks/pre-commit + cat .git/hooks/pre-commit | grep -v 'hooks/pre-commit\.fmt' > /tmp/pre-commit.new || true + echo 'PRECOMMIT_NOFMT=$${PRECOMMIT_NOFMT} $$(git rev-parse --show-toplevel)/.git/hooks/pre-commit.fmt' >> /tmp/pre-commit.new + mv /tmp/pre-commit.new .git/hooks/pre-commit + chmod +x .git/hooks/pre-commit + +.PHONY: serve-docs +serve-docs: + @echo 'to browse: open http://127.0.0.1:8000/containerization/documentation/' + @rm -rf _serve + @mkdir -p _serve + @cp -a _site _serve/containerization + @python3 -m http.server --bind 127.0.0.1 --directory ./_serve + +.PHONY: docs +docs: + @echo Updating API documentation... + @rm -rf _site + @scripts/make-docs.sh _site containerization + +.PHONY: cleancontent +cleancontent: + @echo Cleaning the content... + @rm -rf ~/Library/Application\ Support/com.apple.containerization + +.PHONY: examples +examples: + @echo Building examples... + @mkdir -p bin + @"$(MAKE)" -C examples/sandboxy build BUILD_CONFIGURATION=$(BUILD_CONFIGURATION) + @install examples/sandboxy/bin/sandboxy ./bin/ + @codesign --force --sign - --timestamp=none --entitlements=signing/vz.entitlements bin/sandboxy + +.PHONY: clean +clean: + @echo Cleaning build files... + @rm -rf bin/ + @rm -rf _site/ + @rm -rf _serve/ + @rm -f $(COV_REPORT_FILE) + @$(SWIFT) package clean + @"$(MAKE)" -C vminitd clean diff --git a/Package.resolved b/Package.resolved new file mode 100644 index 0000000..2e5a69f --- /dev/null +++ b/Package.resolved @@ -0,0 +1,249 @@ +{ + "originHash" : "2b73182b4d0f81b61ee24d8e615d350d28301517488d944fafddde15bc854cdc", + "pins" : [ + { + "identity" : "async-http-client", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/async-http-client.git", + "state" : { + "revision" : "60235983163d040f343a489f7e2e77c1918a8bd9", + "version" : "1.26.1" + } + }, + { + "identity" : "grpc-swift-2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-2.git", + "state" : { + "revision" : "f28854bc760a116e053fdfc4a48a9428c34625c0", + "version" : "2.3.0" + } + }, + { + "identity" : "grpc-swift-nio-transport", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-nio-transport.git", + "state" : { + "revision" : "2ca31f06658ed288a2560e23ad649acbb3d6b3a3", + "version" : "2.9.0" + } + }, + { + "identity" : "grpc-swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-protobuf.git", + "state" : { + "revision" : "19153231a03c2fda1f4ea60da1b92a2cb9c011d8", + "version" : "2.2.0" + } + }, + { + "identity" : "swift-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-algorithms.git", + "state" : { + "revision" : "87e50f483c54e6efd60e885f7f5aa946cee68023", + "version" : "1.2.1" + } + }, + { + "identity" : "swift-argument-parser", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-argument-parser.git", + "state" : { + "revision" : "c5d11a805e765f52ba34ec7284bd4fcd6ba68615", + "version" : "1.7.0" + } + }, + { + "identity" : "swift-asn1", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-asn1.git", + "state" : { + "revision" : "a54383ada6cecde007d374f58f864e29370ba5c3", + "version" : "1.3.2" + } + }, + { + "identity" : "swift-async-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-async-algorithms.git", + "state" : { + "revision" : "042e1c4d9d19748c9c228f8d4ebc97bb1e339b0b", + "version" : "1.0.4" + } + }, + { + "identity" : "swift-atomics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-atomics.git", + "state" : { + "revision" : "cd142fd2f64be2100422d658e7411e39489da985", + "version" : "1.2.0" + } + }, + { + "identity" : "swift-certificates", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-certificates.git", + "state" : { + "revision" : "f4cd9e78a1ec209b27e426a5f5c693675f95e75a", + "version" : "1.15.0" + } + }, + { + "identity" : "swift-collections", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-collections.git", + "state" : { + "revision" : "c1805596154bb3a265fd91b8ac0c4433b4348fb0", + "version" : "1.2.0" + } + }, + { + "identity" : "swift-crypto", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-crypto.git", + "state" : { + "revision" : "e8d6eba1fef23ae5b359c46b03f7d94be2f41fed", + "version" : "3.12.3" + } + }, + { + "identity" : "swift-docc-plugin", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swiftlang/swift-docc-plugin", + "state" : { + "revision" : "d1691545d53581400b1de9b0472d45eb25c19fed", + "version" : "1.4.4" + } + }, + { + "identity" : "swift-docc-symbolkit", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swiftlang/swift-docc-symbolkit", + "state" : { + "revision" : "b45d1f2ed151d057b54504d653e0da5552844e34", + "version" : "1.0.0" + } + }, + { + "identity" : "swift-http-structured-headers", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-structured-headers.git", + "state" : { + "revision" : "db6eea3692638a65e2124990155cd220c2915903", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-http-types", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-types.git", + "state" : { + "revision" : "a0a57e949a8903563aba4615869310c0ebf14c03", + "version" : "1.4.0" + } + }, + { + "identity" : "swift-log", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-log.git", + "state" : { + "revision" : "bbd81b6725ae874c69e9b8c8804d462356b55523", + "version" : "1.10.1" + } + }, + { + "identity" : "swift-nio", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio.git", + "state" : { + "revision" : "f71c8d2a5e74a2c6d11a0fbe324774b5d6084237", + "version" : "2.99.0" + } + }, + { + "identity" : "swift-nio-extras", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-extras.git", + "state" : { + "revision" : "145db1962f4f33a4ea07a32e751d5217602eea29", + "version" : "1.28.0" + } + }, + { + "identity" : "swift-nio-http2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-http2.git", + "state" : { + "revision" : "81cc18264f92cd307ff98430f89372711d4f6fe9", + "version" : "1.43.0" + } + }, + { + "identity" : "swift-nio-ssl", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-ssl.git", + "state" : { + "revision" : "173cc69a058623525a58ae6710e2f5727c663793", + "version" : "2.36.0" + } + }, + { + "identity" : "swift-nio-transport-services", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-transport-services.git", + "state" : { + "revision" : "cd1e89816d345d2523b11c55654570acd5cd4c56", + "version" : "1.24.0" + } + }, + { + "identity" : "swift-numerics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-numerics.git", + "state" : { + "revision" : "e0ec0f5f3af6f3e4d5e7a19d2af26b481acb6ba8", + "version" : "1.0.3" + } + }, + { + "identity" : "swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-protobuf.git", + "state" : { + "revision" : "86970144a0b86068c81ff48ee29b3f97cae0b879", + "version" : "1.36.0" + } + }, + { + "identity" : "swift-service-lifecycle", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/swift-service-lifecycle.git", + "state" : { + "revision" : "e7187309187695115033536e8fc9b2eb87fd956d", + "version" : "2.8.0" + } + }, + { + "identity" : "swift-system", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-system.git", + "state" : { + "revision" : "7c6ad0fc39d0763e0b699210e4124afd5041c5df", + "version" : "1.6.4" + } + }, + { + "identity" : "zstd", + "kind" : "remoteSourceControl", + "location" : "https://github.com/facebook/zstd.git", + "state" : { + "revision" : "f8745da6ff1ad1e7bab384bd1f9d742439278e99", + "version" : "1.5.7" + } + } + ], + "version" : 3 +} diff --git a/Package.swift b/Package.swift new file mode 100644 index 0000000..a4e4b4e --- /dev/null +++ b/Package.swift @@ -0,0 +1,337 @@ +// swift-tools-version: 6.2 +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// The swift-tools-version declares the minimum version of Swift required to build this package. + +import CompilerPluginSupport +import Foundation +import PackageDescription + +let package = Package( + name: "containerization", + platforms: [.macOS("15.0")], + products: [ + .library(name: "Containerization", targets: ["Containerization", "ContainerizationError"]), + .library(name: "ContainerizationEXT4", targets: ["ContainerizationEXT4"]), + .library(name: "ContainerizationOCI", targets: ["ContainerizationOCI"]), + .library(name: "ContainerizationNetlink", targets: ["ContainerizationNetlink"]), + .library(name: "ContainerizationIO", targets: ["ContainerizationIO"]), + .library(name: "ContainerizationOS", targets: ["ContainerizationOS"]), + .library(name: "ContainerizationExtras", targets: ["ContainerizationExtras"]), + .library(name: "ContainerizationArchive", targets: ["ContainerizationArchive"]), + .library(name: "VminitdCore", targets: ["VminitdCore", "Cgroup", "LCShim"]), + .library(name: "CloudHypervisor", targets: ["CloudHypervisor"]), + .executable(name: "cctl", targets: ["cctl"]), + ], + dependencies: [ + .package(url: "https://github.com/apple/swift-log.git", from: "1.10.1"), + .package(url: "https://github.com/apple/swift-argument-parser.git", from: "1.7.0"), + .package(url: "https://github.com/apple/swift-collections.git", from: "1.1.4"), + .package(url: "https://github.com/apple/swift-crypto.git", from: "3.0.0"), + .package(url: "https://github.com/grpc/grpc-swift-2.git", from: "2.3.0"), + .package(url: "https://github.com/grpc/grpc-swift-nio-transport.git", from: "2.9.0"), + .package(url: "https://github.com/grpc/grpc-swift-protobuf.git", from: "2.2.0"), + .package(url: "https://github.com/apple/swift-protobuf.git", from: "1.36.0"), + .package(url: "https://github.com/apple/swift-nio.git", from: "2.80.0"), + .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.36.0"), + .package(url: "https://github.com/swift-server/async-http-client.git", from: "1.20.1"), + .package(url: "https://github.com/apple/swift-system.git", from: "1.6.4"), + .package(url: "https://github.com/swiftlang/swift-docc-plugin", from: "1.1.0"), + .package(url: "https://github.com/facebook/zstd.git", exact: "1.5.7"), + ], + targets: [ + .target( + name: "ContainerizationError" + ), + .target( + name: "Containerization", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + .product(name: "SystemPackage", package: "swift-system"), + .product(name: "GRPCCore", package: "grpc-swift-2"), + .product(name: "GRPCNIOTransportHTTP2", package: "grpc-swift-nio-transport"), + .product(name: "GRPCProtobuf", package: "grpc-swift-protobuf"), + .product(name: "_NIOFileSystem", package: "swift-nio"), + "CloudHypervisor", + "ContainerizationArchive", + "ContainerizationOCI", + "ContainerizationOS", + "ContainerizationIO", + "ContainerizationExtras", + "ContainerizationEXT4", + "ContainerizationNetlink", + "CShim", + ], + exclude: [ + "../Containerization/SandboxContext/SandboxContext.proto" + ] + ), + .executableTarget( + name: "cctl", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + .product(name: "ArgumentParser", package: "swift-argument-parser"), + "Containerization", + "ContainerizationArchive", + "ContainerizationEXT4", + "ContainerizationExtras", + "ContainerizationOCI", + "ContainerizationOS", + ] + ), + .testTarget( + name: "ContainerizationUnitTests", + dependencies: ["Containerization", "CloudHypervisor"], + path: "Tests/ContainerizationTests", + resources: [ + .copy("ImageTests/Resources/scratch.tar"), + .copy("ImageTests/Resources/scratch_no_annotations.tar"), + ] + ), + .target( + name: "ContainerizationEXT4", + dependencies: [ + "ContainerizationArchive", + .product(name: "SystemPackage", package: "swift-system"), + "ContainerizationOS", + ], + path: "Sources/ContainerizationEXT4", + exclude: [ + "README.md" + ] + ), + .testTarget( + name: "ContainerizationEXT4Tests", + dependencies: [ + "ContainerizationEXT4", + "ContainerizationArchive", + ], + resources: [ + .copy( + "Resources/content/blobs/sha256/ad59e9f71edceca7b1ac7c642410858489b743c97233b0a26a5e2098b1443762"), // index + .copy( + "Resources/content/blobs/sha256/48a06049d3738991b011ca8b12473d712b7c40666a1462118dae3c403676afc2"), // manifest + .copy( + "Resources/content/blobs/sha256/8e2eb240a6cd7be1a0d308125afe0060b020e89275ced2e729eda7d4eeff62a2"), // config + .copy( + "Resources/content/blobs/sha256/c6b39de5b33961661dc939b997cc1d30cda01e38005a6c6625fd9c7e748bab44"), // layer 1 + .copy( + "Resources/content/blobs/sha256/4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"), // layer 2 + ] + ), + .target( + name: "ContainerizationArchive", + dependencies: [ + .product(name: "SystemPackage", package: "swift-system"), + "CArchive", + "ContainerizationExtras", + "ContainerizationOS", + ], + exclude: [ + "CArchive" + ] + ), + .testTarget( + name: "ContainerizationArchiveTests", + dependencies: [ + "ContainerizationArchive" + ], + resources: [ + .copy("Resources/test.tar.zst") + ] + ), + .target( + name: "CArchive", + dependencies: [ + .product(name: "libzstd", package: "zstd") + ], + path: "Sources/ContainerizationArchive/CArchive", + sources: [ + "archive_swift_bridge.c" + ], + cSettings: [ + .define( + "PLATFORM_CONFIG_H", to: "\"config_darwin.h\"", + .when(platforms: [.iOS, .macOS, .macCatalyst, .watchOS, .driverKit, .tvOS])), + .define("PLATFORM_CONFIG_H", to: "\"config_linux.h\"", .when(platforms: [.linux])), + .unsafeFlags(["-fno-modules"]), + ], + linkerSettings: [ + .linkedLibrary("z"), + .linkedLibrary("bz2"), + .linkedLibrary("lzma"), + .linkedLibrary("archive"), + .linkedLibrary("iconv", .when(platforms: [.macOS])), + .linkedLibrary("crypto", .when(platforms: [.linux])), + ] + ), + .target( + name: "ContainerizationOCI", + dependencies: [ + .product(name: "AsyncHTTPClient", package: "async-http-client"), + .product(name: "Crypto", package: "swift-crypto"), + .product(name: "Logging", package: "swift-log"), + .product(name: "_NIOFileSystem", package: "swift-nio"), + "ContainerizationError", + "ContainerizationOS", + "ContainerizationExtras", + ] + ), + .testTarget( + name: "ContainerizationOCITests", + dependencies: [ + "ContainerizationOCI", + "Containerization", + "ContainerizationIO", + .product(name: "NIO", package: "swift-nio"), + .product(name: "Crypto", package: "swift-crypto"), + ] + ), + .target( + name: "ContainerizationNetlink", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + "ContainerizationOS", + "ContainerizationExtras", + ] + ), + .testTarget( + name: "ContainerizationNetlinkTests", + dependencies: [ + "ContainerizationNetlink" + ] + ), + .target( + name: "ContainerizationOS", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + .product(name: "SystemPackage", package: "swift-system"), + "CShim", + "ContainerizationError", + ], + exclude: [ + "../ContainerizationOS/README.md" + ] + ), + .testTarget( + name: "ContainerizationOSTests", + dependencies: [ + .product(name: "SystemPackage", package: "swift-system"), + "ContainerizationOS", + "ContainerizationExtras", + ] + ), + .target( + name: "ContainerizationIO", + dependencies: [ + "ContainerizationOS", + .product(name: "NIO", package: "swift-nio"), + .product(name: "NIOCore", package: "swift-nio"), + .product(name: "NIOFoundationCompat", package: "swift-nio"), + ] + ), + .target( + name: "ContainerizationExtras", + dependencies: [ + "ContainerizationError", + .product(name: "Collections", package: "swift-collections"), + .product(name: "Logging", package: "swift-log"), + .product(name: "NIOSSL", package: "swift-nio-ssl"), + + ] + ), + .testTarget( + name: "ContainerizationExtrasTests", + dependencies: [ + "ContainerizationExtras", + "CShim", + ] + ), + .target( + name: "CShim" + ), + .target( + name: "CloudHypervisor", + dependencies: [ + .product(name: "AsyncHTTPClient", package: "async-http-client"), + .product(name: "Logging", package: "swift-log"), + .product(name: "NIOCore", package: "swift-nio"), + .product(name: "NIOPosix", package: "swift-nio"), + .product(name: "NIOHTTP1", package: "swift-nio"), + .product(name: "NIOConcurrencyHelpers", package: "swift-nio"), + ] + ), + .testTarget( + name: "CloudHypervisorTests", + dependencies: [ + "CloudHypervisor", + .product(name: "NIOCore", package: "swift-nio"), + .product(name: "NIOPosix", package: "swift-nio"), + .product(name: "NIOHTTP1", package: "swift-nio"), + .product(name: "NIOConcurrencyHelpers", package: "swift-nio"), + ] + ), + .target( + name: "LCShim", + path: "vminitd/Sources/LCShim" + ), + .target( + name: "Cgroup", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + "ContainerizationOCI", + "ContainerizationOS", + .product(name: "SystemPackage", package: "swift-system"), + "LCShim", + ], + path: "vminitd/Sources/Cgroup" + ), + .target( + name: "VminitdCore", + dependencies: [ + .product(name: "ArgumentParser", package: "swift-argument-parser"), + .product(name: "Logging", package: "swift-log"), + "Containerization", + "ContainerizationArchive", + "ContainerizationNetlink", + "ContainerizationIO", + "ContainerizationOS", + .product(name: "SystemPackage", package: "swift-system"), + .product(name: "GRPCCore", package: "grpc-swift-2"), + .product(name: "GRPCNIOTransportHTTP2", package: "grpc-swift-nio-transport"), + .product(name: "GRPCProtobuf", package: "grpc-swift-protobuf"), + "LCShim", + "Cgroup", + ], + path: "vminitd/Sources/VminitdCore" + ), + ] +) + +package.targets.append( + .executableTarget( + name: "containerization-integration", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + .product(name: "ArgumentParser", package: "swift-argument-parser"), + .product(name: "NIOCore", package: "swift-nio"), + .product(name: "NIOPosix", package: "swift-nio"), + "Containerization", + ], + path: "Sources/Integration" + ) +) diff --git a/Protobuf.Makefile b/Protobuf.Makefile new file mode 100644 index 0000000..31e2293 --- /dev/null +++ b/Protobuf.Makefile @@ -0,0 +1,55 @@ +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_DIR := $(ROOT_DIR)/.local +LOCAL_BIN_DIR := $(LOCAL_DIR)/bin + +# Versions +PROTOC_VERSION := 26.1 + +# Protoc binary installation +PROTOC_ZIP := protoc-$(PROTOC_VERSION)-osx-universal_binary.zip +PROTOC := $(LOCAL_BIN_DIR)/protoc@$(PROTOC_VERSION)/protoc +$(PROTOC): + @echo Downloading protocol buffers... + @mkdir -p $(LOCAL_DIR) + @curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/$(PROTOC_ZIP) + @mkdir -p $(dir $@) + @unzip -jo $(PROTOC_ZIP) bin/protoc -d $(dir $@) + @unzip -o $(PROTOC_ZIP) 'include/*' -d $(dir $@) + @rm -f $(PROTOC_ZIP) + +.PHONY: protoc-gen-swift +protoc-gen-swift: + @$(SWIFT) build --product protoc-gen-swift + @$(SWIFT) build --product protoc-gen-grpc-swift-2 + +.PHONY: protos +protos: $(PROTOC) protoc-gen-swift + @echo Generating protocol buffers source code... + @$(PROTOC) Sources/Containerization/SandboxContext/SandboxContext.proto \ + --plugin=protoc-gen-grpc-swift=$(BUILD_BIN_DIR)/protoc-gen-grpc-swift-2 \ + --plugin=protoc-gen-swift=$(BUILD_BIN_DIR)/protoc-gen-swift \ + --proto_path=Sources/Containerization/SandboxContext \ + --grpc-swift_out="Sources/Containerization/SandboxContext" \ + --grpc-swift_opt=Visibility=Public \ + --swift_out="Sources/Containerization/SandboxContext" \ + --swift_opt=Visibility=Public \ + -I. + @"$(MAKE)" update-licenses + +.PHONY: clean-proto-tools +clean-proto-tools: + @echo Cleaning proto tools... + @rm -rf $(LOCAL_DIR)/bin/protoc* diff --git a/README.md b/README.md new file mode 100644 index 0000000..3bf6398 --- /dev/null +++ b/README.md @@ -0,0 +1,196 @@ +

+ Containerization logo +  Containerization +

+ +The Containerization package allows applications to use Linux containers. +Containerization is written in [Swift](https://www.swift.org) and uses [Virtualization.framework](https://developer.apple.com/documentation/virtualization) on Apple silicon. + +> **Looking for command line binaries for running containers?**\ +> They are available in the dedicated [apple/container](https://github.com/apple/container) repository. + +Containerization provides APIs to: + +- [Manage OCI images](./Sources/ContainerizationOCI/). +- [Interact with remote registries](./Sources/ContainerizationOCI/Client/). +- [Create and populate ext4 file systems](./Sources/ContainerizationEXT4/). +- [Interact with the Netlink socket family](./Sources/ContainerizationNetlink/). +- [Create an optimized Linux kernel for fast boot times](./kernel/). +- [Spawn lightweight virtual machines and manage the runtime environment](./Sources/Containerization/LinuxContainer.swift). +- [Spawn and interact with containerized processes](./Sources/Containerization/LinuxProcess.swift). +- Use Rosetta 2 for running linux/amd64 containers on Apple silicon. + +Please view the [API documentation](https://apple.github.io/containerization/documentation/) for information on the Swift packages that Containerization provides. + +## Design + +Containerization executes each Linux container inside of its own lightweight virtual machine. Clients can create dedicated IP addresses for every container to remove the need for individual port forwarding. Containers achieve sub-second start times using an optimized [Linux kernel configuration](/kernel) and a minimal root filesystem with a lightweight init system. + +[vminitd](/vminitd) is a small init system, which is a subproject within Containerization. +`vminitd` is spawned as the initial process inside of the virtual machine and provides a GRPC API over vsock. +The API allows the runtime environment to be configured and containerized processes to be launched. +`vminitd` provides I/O, signals, and events to the calling process when a process is run. + +## Backends + +Containerization abstracts the VMM behind the `VirtualMachineManager` / +`VirtualMachineInstance` protocols and ships two implementations: + +- **macOS — Virtualization.framework** (`VZVirtualMachineManager`). The shipping path on Apple silicon. Uses Apple's `Virtualization` framework directly; no extra binaries required. +- **Linux — cloud-hypervisor + KVM** (`CHVirtualMachineManager`). One `cloud-hypervisor` subprocess per VM, controlled over its REST-on-UDS API by the standalone [`CloudHypervisor`](./Sources/CloudHypervisor) Swift package. Block storage uses virtio-blk, shared directories use virtio-fs (one `virtiofsd` per share), networking uses TAP, and the guest agent is reached over cloud-hypervisor's hybrid vsock — same `vminitd` contract as the macOS path, so guest-side semantics are unchanged. + +The Linux backend requires: + +- `cloud-hypervisor` and `virtiofsd` on the host. Both are looked up on `PATH` by default; `CHVirtualMachineManager.init` accepts explicit URLs to override. `virtiofsd` is resolved lazily — a VM that uses only block-device mounts can run without it installed at all. Recent stable releases of each are recommended (smoke testing pins specific versions). +- KVM access (`/dev/kvm` readable + writable by the calling user). +- Pre-staged TAP / bridge / NAT plumbing if the container needs networking. `TAPInterface` consumes an existing TAP device by name; bringing it up, attaching it to a bridge, and configuring NAT or routing is the caller's responsibility. + +The integration test suite (`make linux-integration`) runs inside an apple/container Linux VM with nested virt enabled (`container run --virtualization`). The kata kernel fetched by `make fetch-default-kernel` does not enable KVM, so the integration suite uses the in-repo kernel at `kernel/vmlinux-arm64` (or `kernel/vmlinuz-x86_64` on x86_64 hosts) instead — build it with `make -C kernel` before invoking `make linux-integration`. On Linux the suite runs only the cross-platform scenarios that don't depend on macOS-only types; the full suite remains macOS-only for now. + +## Requirements + +To build the Containerization package, you need: + +- Mac with Apple silicon +- macOS 26 +- Xcode 26 + +Older versions of macOS are not supported. + +## Example Usage + +For examples of how to use the libraries' API surface, the cctl executable is a good start. This app is a useful playground for exploring the API. It contains commands that exercise some of the core functionality of the various products, such as: + +1. [Manipulating OCI images](./Sources/cctl/ImageCommand.swift) +2. [Logging in to container registries](./Sources/cctl/LoginCommand.swift) +3. [Creating root filesystem blocks](./Sources/cctl/RootfsCommand.swift) +4. [Running simple Linux containers](./Sources/cctl/RunCommand.swift) + +## Linux kernel + +A Linux kernel is required for spawning lightweight virtual machines on macOS. +Containerization provides an optimized kernel configuration located in the [kernel](./kernel) directory. + +This directory includes a containerized build environment to easily compile a kernel for use with Containerization. + +The kernel configuration is a minimal set of features to support fast start times and a lightweight environment. + +While this configuration will work for the majority of workloads we understand that some will need extra features. +To solve this Containerization provides first class APIs to use different kernel configurations and versions on a per container basis. +This enables containers to be developed and validated across different kernel versions. + +See the [README](/kernel/README.md) in the kernel directory for instructions on how to compile the optimized kernel. + +### Kernel Support + +Containerization allows user provided kernels but tests functionality starting with kernel version `6.14.9`. + +### Pre-built Kernel + +If you wish to consume a pre-built kernel, make sure it has `VIRTIO` drivers compiled into the kernel (not merely as modules). + +The [Kata Containers](https://github.com/kata-containers/kata-containers) project provides a Linux kernel that is optimized for containers, with all required configuration options enabled. The [releases](https://github.com/kata-containers/kata-containers/releases/) page contains downloadable artifacts, and the image itself (`vmlinux.container`) can be found in the `/opt/kata/share/kata-containers/` directory. + +## Prepare to build package + +Install the recommended version of Xcode. + +Set the active developer directory to the installed Xcode (replace ``): +```bash +sudo xcode-select -s +``` + +Install [Swiftly](https://github.com/swiftlang/swiftly), [Swift](https://www.swift.org), and [Static Linux SDK](https://www.swift.org/documentation/articles/static-linux-getting-started.html): + +```bash +make cross-prep +``` + +If you use a custom terminal application, you may need to move this command from `.zprofile` to `.zshrc` (replace ``): + +```bash +# Added by swiftly +. "/Users//.swiftly/env.sh" +``` + +Restart the terminal application. Ensure this command returns `/Users//.swiftly/bin/swift` (replace ``): + +```bash +which swift +``` + +If you've installed or used a Static Linux SDK previously, you may need to remove older SDK versions from the system (replace ``): + +```bash +swift sdk list +swift sdk remove +``` + +## Build the package + +Build Containerization from sources: + +```bash +make all +``` + +## Test the package + +After building, run basic and integration tests: + +```bash +make test integration +``` + +A kernel is required to run integration tests. +If you do not have a kernel locally, a default kernel can be fetched using the `make fetch-default-kernel` target. + +Fetching the default kernel only needs to happen after an initial build or after a `make clean`. + +```bash +make fetch-default-kernel +make all test integration +``` + +## Protobufs + +Containerization depends on specific versions of `grpc-swift` and `swift-protobuf`. You can install them and re-generate RPC interfaces with: + +```bash +make protos +``` + +## Building a kernel + +If you'd like to build your own kernel please see the instructions in the [kernel directory](./kernel/README.md). + +## Pre-commit hook + +Run `make pre-commit` to install a pre-commit hook that ensures that your changes have correct formatting and license headers when you run `git commit`. + +## Documentation + +Generate the API documentation for local viewing with: + +```bash +make docs +make serve-docs +``` + +Preview the documentation by running in another terminal: + +```bash +open http://localhost:8000/containerization/documentation/ +``` + +## Contributing + +Contributions to Containerization are welcomed and encouraged. Please see [CONTRIBUTING.md](/CONTRIBUTING.md) for more information. + +## Project Status + +Version 0.1.0 is the first official release of Containerization. Earlier versions have no source stability guarantees. + +Because the Containerization library is under active development, source stability is only guaranteed within minor versions (for example, between 0.1.1 and 0.1.2). If you don't want potentially source-breaking package updates, you can specify your package dependency using .upToNextMinorVersion(from: "0.1.0") instead. + +Future minor versions of the package may introduce changes to these rules as needed. diff --git a/README.wehub.md b/README.wehub.md new file mode 100644 index 0000000..34d4a88 --- /dev/null +++ b/README.wehub.md @@ -0,0 +1,7 @@ +# WeHub 来源说明 + +- 原始项目:`apple/containerization` +- 原始仓库:https://github.com/apple/containerization +- 导入方式:上游默认分支的最新快照 +- 原作者、版权和许可证信息以原始仓库及本仓库 LICENSE 为准 +- 本文件仅用于记录来源,不代表 WeHub 是原项目作者 diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..3b82940 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security disclosure process + +If you believe that you have discovered a security or privacy vulnerability in our open source software, please report it to us using the [GitHub private vulnerability feature](https://github.com/apple/containerization/security/advisories/new). Reports should include specific product and software version(s) that you believe are affected; a technical description of the behavior that you observed and the behavior that you expected; the steps required to reproduce the issue; and a proof of concept or exploit. + +The project team will do their best to acknowledge receiving all security reports within 7 days of submission. This initial acknowledgment is neither acceptance nor rejection of your report. The project team may come back to you with further questions or invite you to collaborate while working through the details of your report. + +Keep these additional guidelines in mind when submitting your report: + +* Reports concerning known, publicly disclosed CVEs can be submitted as normal issues to this project. +* Output from automated security scans or fuzzers MUST include additional context demonstrating the vulnerability with a proof of concept or working exploit. +* Application crashes due to malformed inputs are typically not treated as security vulnerabilities, unless they are shown to also impact other processes on the system. + +While we welcome reports for open source software projects, they are not eligible for Apple Security Bounties. diff --git a/Sources/CShim/capability.c b/Sources/CShim/capability.c new file mode 100644 index 0000000..fb4d25f --- /dev/null +++ b/Sources/CShim/capability.c @@ -0,0 +1,32 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(__linux__) + +#include +#include +#include "capability.h" + +// Capability syscall wrappers +int CZ_capget(void *header, void *data) { + return syscall(SYS_capget, header, data); +} + +int CZ_capset(void *header, void *data) { + return syscall(SYS_capset, header, data); +} + +#endif diff --git a/Sources/CShim/cz_tap.c b/Sources/CShim/cz_tap.c new file mode 100644 index 0000000..9f4621f --- /dev/null +++ b/Sources/CShim/cz_tap.c @@ -0,0 +1,78 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(__linux__) + +#include "cz_tap.h" + +#include +#include +#include /* struct ifreq, IFNAMSIZ */ +#include +#include +#include + +/* + * Avoid — the Static Linux SDK (musl) used to cross-compile + * vminitd ships from musl but not the linux kernel UAPI headers. + * The TUN ioctl number and flags are stable Linux ABI; redeclare locally. + * + * TUNSETIFF = _IOW('T', 202, int): + * dir=IOC_WRITE(1)<<30 | size(4)<<16 | type('T'=0x54)<<8 | nr(202=0xCA) + * = 0x400454CA + * Architecture-independent (Linux's ioctl encoding is the same on x86/arm). + */ +#ifndef TUNSETIFF +#define TUNSETIFF 0x400454CAu +#endif +#ifndef IFF_TAP +#define IFF_TAP 0x0002 +#endif +#ifndef IFF_NO_PI +#define IFF_NO_PI 0x1000 +#endif + +int cz_tap_create(const char *requested_name, char *out_name, size_t out_name_len) { + if (out_name == NULL || out_name_len < IFNAMSIZ) { + return -EINVAL; + } + + int fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC); + if (fd < 0) { + return -errno; + } + + struct ifreq ifr; + memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + if (requested_name != NULL && requested_name[0] != '\0') { + strncpy(ifr.ifr_name, requested_name, IFNAMSIZ - 1); + } + + if (ioctl(fd, TUNSETIFF, &ifr) < 0) { + int saved = errno; + close(fd); + return -saved; + } + + /* Copy out the resolved name. ifr.ifr_name is always NUL-terminated + * within IFNAMSIZ by the kernel. */ + memset(out_name, 0, out_name_len); + strncpy(out_name, ifr.ifr_name, IFNAMSIZ - 1); + return fd; +} + +#endif /* __linux__ */ diff --git a/Sources/CShim/exec_command.c b/Sources/CShim/exec_command.c new file mode 100644 index 0000000..450109a --- /dev/null +++ b/Sources/CShim/exec_command.c @@ -0,0 +1,393 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(__linux__) || defined(__APPLE__) + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if defined(__linux__) +#include +#endif + +#include "exec_command.h" + +#ifndef SYS_close_range +#define SYS_close_range 436 +#endif + +#ifndef CLOSE_RANGE_CLOEXEC +#define CLOSE_RANGE_CLOEXEC 0x4 +#endif + +static int mark_cloexec(int fd) { + int flags = fcntl(fd, F_GETFD); + + if (flags == -1) return flags; + if (flags & FD_CLOEXEC) return 0; + + return fcntl(fd, F_SETFD, flags | FD_CLOEXEC); +} + +static int cloexec_from(int min_fd) { +#if defined(__linux__) + // First try close_range. + long ret = syscall(SYS_close_range, min_fd, ~0U, CLOSE_RANGE_CLOEXEC); + if (ret == 0) { + return 0; + } + const char* dirpath = "/proc/self/fd"; +#elif defined(__APPLE__) + const char* dirpath = "/dev/fd"; +#endif + DIR *dp = opendir(dirpath); + if (!dp) return -1; + + int dp_fd = dirfd(dp); + struct dirent *de; + + while ((de = readdir(dp))) { + if (de->d_name[0] == '.') continue; + + char *end; + long val = strtol(de->d_name, &end, 10); + if (*end || val < 0 || val > INT_MAX) continue; + + int fd = (int)val; + if (fd < min_fd || fd == dp_fd) continue; + + int ret = mark_cloexec(fd); + if (ret != 0) { + return ret; + } + } + close(dp_fd); + closedir(dp); + return 0; +} + +void exec_command_attrs_init(struct exec_command_attrs *attrs) { + attrs->setpgid = 0; + attrs->pgid = 0; + attrs->setsid = 0; + attrs->setctty = 0; + attrs->ctty = 0; + attrs->mask = 0; + attrs->uid = -1; + attrs->gid = -1; + attrs->pdeathSignal = 0; + attrs->setfgpgrp = 0; +} + +static void child_handler(const int sync_pipes[2], const char *executable, + char *const args[], char *const environment[], + const int file_handles[], const int file_handle_count, + const char *cwd, const sigset_t old_mask, + const struct exec_command_attrs attrs) { + int i = 0; + int err = 0; + int fd_index = 0; + int fd_table[file_handle_count]; + struct rlimit limits = {0}; + int syncfd = sync_pipes[1]; + struct sigaction action = {0}; + + // Closing our parent's side of the pipe + if (close(sync_pipes[0]) < 0) { + goto fail; + } + + // Setup process group and foreground before clearing signal mask. + if (attrs.setpgid) { + if (setpgid(0, attrs.pgid) < 0) { + goto fail; + } + } + + // Make the new process group the foreground process group so it can read from the TTY. + if (attrs.setfgpgrp) { + if (tcsetpgrp(STDIN_FILENO, getpgrp()) < 0) { + if (errno != ENOTTY && errno != ENXIO) { + goto fail; + } + } + } + + // clear sighandlers + action.sa_flags = 0; + action.sa_handler = SIG_DFL; + sigemptyset(&action.sa_mask); + for (i = 0; i < NSIG; i++) { + sigaction(i, &action, 0); + } + + sigset_t local_mask; + sigemptyset(&local_mask); + if (pthread_sigmask(SIG_SETMASK, &local_mask, NULL) < 0) { + goto fail; + } + + // start shuffling fds. + // look at all the file handles and find the highest one, + // use that for our pipe, + // + // Then, we need to start dup2 the fds starting for the final process + // at 0-n. + // as an example we have this list of FDs that should be passed to the + // process: + // + /* + The index of this list is the final result that the new process expects. + The values are open fds provided from the parent process. + [0] == 12 + [1] == 7 + [2] == 9 + [3] == 0 + + We also have a pipe to sync the child and parent so that adds an additional + parameter to consider. + + So we start by finding the highest open fd in the list, then move our pipe to + the next. + + i.e. fd12 is highest so move our pipe to fd13 + + Now start moving all the fds above our pipe as we will need to start placing + the fds in the child process into the right order. Make sure they are all + marked cloexec. + + pipe == 13 + [0] == 12 dup2 14 + [1] == 7 dup2 15 + [2] == 9 dup2 16 + [3] == 0 dup2 17 + + Now overwrite the fd table for the child with the current index. + + Make index == fd. + + pipe == 13 + [0] == 14 dup2 0 + [1] == 15 dup2 1 + [2] == 16 dup2 2 + [3] == 17 dup2 3 + + Clear cloexec on this new fds. + */ + + // find the highest fd value in our list. + for (i = 0; i < file_handle_count; i++) { + if (file_handles[i] > fd_index) { + fd_index = file_handles[i]; + } + fd_table[i] = file_handles[i]; + } + // now fd_index is == to the highest fd in our list of handles. + // Increment it and set our pipe to it. + fd_index++; + + if (syncfd != fd_index) { + if (dup2(syncfd, fd_index) < 0) { + goto fail; + } + if (close(syncfd) < 0) { + goto fail; + } + syncfd = fd_index; + } + fd_index++; + + // make sure our syncfd retains its cloexec + if (fcntl(syncfd, F_SETFD, FD_CLOEXEC) == -1) { + goto fail; + } + + // move the rest of the fds up above our index if they don't match the index. + for (i = 0; i < file_handle_count; i++) { + if (fd_table[i] == i) { + continue; + } + if (dup2(fd_table[i], fd_index) < 0) { + goto fail; + } + if (fcntl(fd_index, F_SETFD, FD_CLOEXEC) == -1) { + goto fail; + } + fd_table[i] = fd_index; + fd_index++; + } + + // now create the child process's final fd table. where i == i + for (i = 0; i < file_handle_count; i++) { + if (fd_table[i] != i) { + if (dup2(fd_table[i], i) < 0) { + goto fail; + } + } + // now fd[i] should == i + // clear cloexec as this fd is where we want it. + if (fcntl(i, F_SETFD, 0) == -1) { + goto fail; + } + } + + if (attrs.setsid) { + if (setsid() == -1) { + goto fail; + } + } + + if (attrs.setctty) { + if (ioctl(attrs.ctty, TIOCSCTTY, 0)) { + goto fail; + } + } + +#if defined(__linux__) + // Set parent death signal if specified + if (attrs.pdeathSignal != 0) { + if (prctl(PR_SET_PDEATHSIG, attrs.pdeathSignal) != 0) { + goto fail; + } + } +#endif + + // close exec everything outside of our child's fd_table. + if (cloexec_from(file_handle_count) != 0) { + goto fail; + } + + // set gid + if (attrs.gid != -1) { + if (setgid(attrs.gid) != 0) { + goto fail; + } + } + + // set uid + if (attrs.uid != -1) { + if (setreuid(attrs.uid, attrs.uid) != 0) { + goto fail; + } + } + + if (cwd != NULL) { + if (chdir(cwd)) { + goto fail; + } + } + + execve(executable, args, environment); +fail: + err = errno; + if (err) { + // send our error to the parent + while (write(syncfd, &err, sizeof(err)) < 0) + ; + } + exit(127); +} + +int exec_command(pid_t *result, const char *executable, char *const args[], + char *const envp[], const int file_handles[], + const int file_handle_count, const char *working_directory, + struct exec_command_attrs *attrs) { + pid_t pid = 0; + int err = 0; + int sync_pipe[2]; + sigset_t old_mask; + + sigset_t all; + sigfillset(&all); + + if (pipe(sync_pipe)) { + goto fail; + } + + if (pthread_sigmask(SIG_SETMASK, &all, &old_mask) < 0) { + goto fail; + } + + pid = fork(); + if (pid == -1) { + close(sync_pipe[0]); + close(sync_pipe[1]); + goto fail; + } + + if (pid == 0) { + // hand off to child + child_handler(sync_pipe, executable, args, envp, file_handles, + file_handle_count, working_directory, old_mask, *attrs); + exit(EXIT_FAILURE); + } + + // handle parent operations + if (close(sync_pipe[1]) < 0) { + goto fail; + } + + // sync with our child process + err = 0; + ssize_t size = read(sync_pipe[0], &err, sizeof(err)); + // -- we didn't get an errno back + if (size != sizeof(err)) { + // will be used as return result + err = 0; + } else { + // we did get an errno back from the child process and our + // err var is set to that errno + // lets set our errno and then reap the process + errno = err; + int status = 0; + waitpid(pid, &status, 0); + // lets continue our journey below + } + + if (close(sync_pipe[0]) < 0) { + goto fail; + } + if (err) { + goto fail; + } + + (*result) = pid; + err = 0; +fail: + if (pthread_sigmask(SIG_SETMASK, &old_mask, 0) < 0) { + printf("restoring signal mask: %s\n", strerror(errno)); + } + if (err) { + printf("exec_command execve: %s\n", strerror(err)); + return -1; + } + return 0; +} + +#endif \ No newline at end of file diff --git a/Sources/CShim/include/capability.h b/Sources/CShim/include/capability.h new file mode 100644 index 0000000..9016b70 --- /dev/null +++ b/Sources/CShim/include/capability.h @@ -0,0 +1,28 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __CAPABILITY_H +#define __CAPABILITY_H + +#if defined(__linux__) + +// Capability syscall wrappers +int CZ_capget(void *header, void *data); +int CZ_capset(void *header, void *data); + +#endif + +#endif diff --git a/Sources/CShim/include/cz_tap.h b/Sources/CShim/include/cz_tap.h new file mode 100644 index 0000000..e293b7f --- /dev/null +++ b/Sources/CShim/include/cz_tap.h @@ -0,0 +1,39 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __CZ_TAP_H +#define __CZ_TAP_H + +#include + +/* + * Open /dev/net/tun, ioctl(TUNSETIFF) with IFF_TAP|IFF_NO_PI, and write the + * resolved interface name into `out_name` (must be at least 16 bytes). + * + * If `requested_name` is non-NULL and non-empty, it is the desired name; the + * kernel may rename it on collision (rare). If NULL or empty, the kernel + * picks a name like "tap%d". + * + * Returns the open fd on success, -errno on failure. + * + * Linux-only — the implementation in cz_tap.c is gated on __linux__. The + * declaration is left unconditional so Swift's clang importer can see it + * regardless of whose target's preprocessor defines reach the modulemap. + * On non-Linux targets the symbol is not provided; do not call. + */ +int cz_tap_create(const char *requested_name, char *out_name, size_t out_name_len); + +#endif /* __CZ_TAP_H */ diff --git a/Sources/CShim/include/exec_command.h b/Sources/CShim/include/exec_command.h new file mode 100644 index 0000000..fba2e99 --- /dev/null +++ b/Sources/CShim/include/exec_command.h @@ -0,0 +1,56 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef exec_command_h +#define exec_command_h + +#if defined(__linux__) || defined(__APPLE__) + +#include +#include + +struct exec_command_attrs { + int setpgid; + /// parent group id + pid_t pgid; + /// set the controlling terminal + int setctty; + /// controlling terminal fd + int ctty; + /// set the process as session leader + int setsid; + /// set the process user id + uid_t uid; + /// set the process group id + gid_t gid; + /// signal mask for the child process + int mask; + /// parent death signal (Linux only, 0 to disable) + int pdeathSignal; + /// make the new process group the foreground process group + int setfgpgrp; +}; + +void exec_command_attrs_init(struct exec_command_attrs *attrs); + +/// spawn a new child process with the provided attrs +int exec_command(pid_t *result, const char *executable, char *const argv[], + char *const envp[], const int file_handles[], + const int file_handle_count, const char *working_directory, + struct exec_command_attrs *attrs); + +#endif /* defined(__linux__) || defined(__APPLE__) */ +#endif /* exec_command_h */ diff --git a/Sources/CShim/include/linux_shim.h b/Sources/CShim/include/linux_shim.h new file mode 100644 index 0000000..af9e0c2 --- /dev/null +++ b/Sources/CShim/include/linux_shim.h @@ -0,0 +1,32 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// The below fall into two main categories: +// 1. Aren't exposed by Swifts glibc modulemap. +// 2. Don't have syscall wrappers/definitions in glibc/musl. + +#ifndef __LINUX_SHIM_H +#define __LINUX_SHIM_H + +#if defined(__linux__) + +#include +#include +#include + +#endif /* __linux__ */ + +#endif /* __LINUX_SHIM_H */ diff --git a/Sources/CShim/include/openat2.h b/Sources/CShim/include/openat2.h new file mode 100644 index 0000000..2c7bdb6 --- /dev/null +++ b/Sources/CShim/include/openat2.h @@ -0,0 +1,37 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __OPENAT2_H +#define __OPENAT2_H + +#include + +#ifndef RESOLVE_IN_ROOT +#define RESOLVE_IN_ROOT 0x10 +#endif + +struct cz_open_how { + unsigned long long flags; + unsigned long long mode; + unsigned long long resolve; +}; + +/// openat2(2) wrapper. Musl does not provide openat2 so we invoke the syscall +/// directly. Requires Linux 5.6+. +int CZ_openat2(int dirfd, const char *pathname, struct cz_open_how *how, + size_t size); + +#endif diff --git a/Sources/CShim/include/prctl.h b/Sources/CShim/include/prctl.h new file mode 100644 index 0000000..c6d0255 --- /dev/null +++ b/Sources/CShim/include/prctl.h @@ -0,0 +1,33 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __PRCTL_H +#define __PRCTL_H + +#if defined(__linux__) + +#include + +// Capability management prctl wrappers +int CZ_prctl_set_keepcaps(); +int CZ_prctl_clear_keepcaps(); +int CZ_prctl_capbset_drop(unsigned int capability); +int CZ_prctl_cap_ambient_clear_all(); +int CZ_prctl_cap_ambient_raise(unsigned int capability); + +#endif + +#endif diff --git a/Sources/CShim/include/socket_helpers.h b/Sources/CShim/include/socket_helpers.h new file mode 100644 index 0000000..c53c3fd --- /dev/null +++ b/Sources/CShim/include/socket_helpers.h @@ -0,0 +1,29 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef socket_helpers_h +#define socket_helpers_h + +#include +#include + +// Helper functions to access CMSG macros from Swift +struct cmsghdr* CZ_CMSG_FIRSTHDR(struct msghdr *msg); +void* CZ_CMSG_DATA(struct cmsghdr *cmsg); +size_t CZ_CMSG_SPACE(size_t length); +size_t CZ_CMSG_LEN(size_t length); + +#endif /* socket_helpers_h */ diff --git a/Sources/CShim/include/vsock.h b/Sources/CShim/include/vsock.h new file mode 100644 index 0000000..878a599 --- /dev/null +++ b/Sources/CShim/include/vsock.h @@ -0,0 +1,33 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// + +#ifndef vsock_h +#define vsock_h + +#include + +#ifdef __APPLE__ + #include +#else + #include + #include +#endif /* __APPLE__ */ + +extern const unsigned long VsockLocalCIDIoctl; + +#endif /* vsock_h */ diff --git a/Sources/CShim/openat2.c b/Sources/CShim/openat2.c new file mode 100644 index 0000000..3c11638 --- /dev/null +++ b/Sources/CShim/openat2.c @@ -0,0 +1,33 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(__linux__) + +#include +#include + +#include "openat2.h" + +#ifndef SYS_openat2 +#define SYS_openat2 437 +#endif + +int CZ_openat2(int dirfd, const char *pathname, struct cz_open_how *how, + size_t size) { + return syscall(SYS_openat2, dirfd, pathname, how, size); +} + +#endif diff --git a/Sources/CShim/prctl.c b/Sources/CShim/prctl.c new file mode 100644 index 0000000..b304e5e --- /dev/null +++ b/Sources/CShim/prctl.c @@ -0,0 +1,47 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(__linux__) + +#include +#include "prctl.h" + +// Set keep caps to preserve capabilities across setuid() +int CZ_prctl_set_keepcaps() { + return prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); +} + +// Clear keep caps after user change +int CZ_prctl_clear_keepcaps() { + return prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0); +} + +// Drop capability from bounding set +int CZ_prctl_capbset_drop(unsigned int capability) { + return prctl(PR_CAPBSET_DROP, capability, 0, 0, 0); +} + +// Clear all ambient capabilities +int CZ_prctl_cap_ambient_clear_all() { + return prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0); +} + +// Raise ambient capability +int CZ_prctl_cap_ambient_raise(unsigned int capability) { + return prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, capability, 0, 0); +} + +#endif diff --git a/Sources/CShim/socket_helpers.c b/Sources/CShim/socket_helpers.c new file mode 100644 index 0000000..939c6a5 --- /dev/null +++ b/Sources/CShim/socket_helpers.c @@ -0,0 +1,33 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "socket_helpers.h" + +struct cmsghdr* CZ_CMSG_FIRSTHDR(struct msghdr *msg) { + return CMSG_FIRSTHDR(msg); +} + +void* CZ_CMSG_DATA(struct cmsghdr *cmsg) { + return CMSG_DATA(cmsg); +} + +size_t CZ_CMSG_SPACE(size_t length) { + return CMSG_SPACE(length); +} + +size_t CZ_CMSG_LEN(size_t length) { + return CMSG_LEN(length); +} diff --git a/Sources/CShim/vsock.c b/Sources/CShim/vsock.c new file mode 100644 index 0000000..27c17a0 --- /dev/null +++ b/Sources/CShim/vsock.c @@ -0,0 +1,19 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "vsock.h" + +const unsigned long VsockLocalCIDIoctl = IOCTL_VM_SOCKETS_GET_LOCAL_CID; diff --git a/Sources/CloudHypervisor/CloudHypervisor+Client.swift b/Sources/CloudHypervisor/CloudHypervisor+Client.swift new file mode 100644 index 0000000..2c4a67a --- /dev/null +++ b/Sources/CloudHypervisor/CloudHypervisor+Client.swift @@ -0,0 +1,169 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Logging +import NIOCore +import NIOHTTP1 +import NIOPosix + +extension CloudHypervisor { + /// A high-level client for Cloud Hypervisor's REST API over a Unix Domain Socket. + /// + /// Use ``init(socketPath:eventLoopGroup:logger:)`` to construct a client, then + /// call endpoint-specific methods (added as extensions in `Endpoints/`). + /// + /// The internal `get(_:)` / `put(_:)` / `put(_:body:)` helpers are used by + /// endpoint extensions in A8-A10 and are intentionally not public. + public final class Client: Sendable { + private let http: HTTPOverUDSClient + private let group: any EventLoopGroup + private let ownsGroup: Bool + private let encoder: JSONEncoder + private let decoder: JSONDecoder + + /// Create a client that communicates with Cloud Hypervisor over the given socket. + /// + /// - Parameters: + /// - socketPath: A `file://` URL whose `.path` points to the socket. + /// - eventLoopGroup: The NIO event loop group to use. When `nil` the client + /// creates and owns its own group. Callers wanting deterministic + /// resource release should pass a group they manage and call + /// ``shutdown()`` themselves; the deinit fallback shuts down + /// asynchronously and may outlive the `Client` instance briefly. + /// - logger: Logger for transport-level diagnostics. + /// - requestTimeout: Per-request deadline. A request that does not + /// complete within this window fails with + /// ``CloudHypervisor/Error/transport(_:)``. Defaults to 30 seconds. + /// - Throws: ``CloudHypervisor/Error/invalidSocketPath(_:)`` when `socketPath` + /// is not a `file://` URL. + public init( + socketPath: URL, + eventLoopGroup: (any EventLoopGroup)? = nil, + logger: Logger = Logger(label: "CloudHypervisor.Client"), + requestTimeout: TimeAmount = .seconds(30) + ) throws { + guard socketPath.isFileURL else { + throw CloudHypervisor.Error.invalidSocketPath(socketPath.absoluteString) + } + if let eventLoopGroup { + self.ownsGroup = false + self.group = eventLoopGroup + } else { + self.ownsGroup = true + self.group = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount) + } + self.http = HTTPOverUDSClient( + socketPath: socketPath.path, + group: self.group, + logger: logger, + requestTimeout: requestTimeout + ) + self.encoder = JSONEncoder() + self.decoder = JSONDecoder() + } + + /// Drain the underlying `AsyncHTTPClient`, and shut down the NIO + /// event-loop group when this client owns it. Idempotent. Prefer + /// calling this explicitly over relying on the deinit fallback — + /// `shutdown()` waits for in-flight I/O to drain. + /// + /// Callers that pass in a shared `eventLoopGroup` MUST call this + /// before tearing down that group. AsyncHTTPClient parks deferred + /// connection-close work on the group's event loops after each + /// response returns; shutting the group down before that work + /// runs trips NIO's "Cannot schedule tasks on an EventLoop that + /// has already shut down" warning (and a forced crash in future + /// NIO releases). + public func shutdown() async throws { + try await http.shutdown() + if ownsGroup { + try await group.shutdownGracefully() + } + } + + deinit { + // Use the async-dispatched shutdown rather than + // `syncShutdownGracefully()`. The sync variant blocks the calling + // thread until every event loop drains, which deadlocks if deinit + // happens to run on one of the group's event loop threads (e.g. + // the last release came from inside a NIO callback). The + // callback-based variant schedules shutdown on its own queue and + // returns immediately — at the cost of giving up any signal that + // shutdown completed. Callers who need that signal should call + // `shutdown()` explicitly before letting the client deinit. + if ownsGroup { + group.shutdownGracefully(queue: .global()) { _ in } + } + } + + // MARK: - Internal request dispatch helpers + // + // Endpoint extensions (A8/A9/A10) call these to build their public API. + // They are internal (not public) because all public surface lives in those + // extensions. + + /// GET `path`, decode the response body as `Response`. + func get(_ path: String) async throws -> Response { + try await sendAndDecode(method: .GET, path: path, body: nil) + } + + /// PUT `path` with no body, discard the response. + func put(_ path: String) async throws { + try await sendVoid(method: .PUT, path: path, body: nil) + } + + /// PUT `path` with a JSON-encoded body, discard the response. + func put(_ path: String, body: Body) async throws { + let data = try encoder.encode(body) + try await sendVoid(method: .PUT, path: path, body: data) + } + + /// PUT `path` with a JSON-encoded body, decode the response as `Response`. + func put( + _ path: String, + body: Body + ) async throws -> Response { + let data = try encoder.encode(body) + return try await sendAndDecode(method: .PUT, path: path, body: data) + } + + // MARK: - Private machinery + + private func sendAndDecode( + method: HTTPMethod, + path: String, + body: Data? + ) async throws -> Response { + let resp = try await http.send(method: method, uri: path, body: body) + guard (200..<300).contains(Int(resp.status.code)) else { + throw CloudHypervisor.Error.http(status: resp.status, body: resp.body) + } + do { + return try decoder.decode(Response.self, from: resp.body) + } catch { + throw CloudHypervisor.Error.decoding(error, body: resp.body) + } + } + + private func sendVoid(method: HTTPMethod, path: String, body: Data?) async throws { + let resp = try await http.send(method: method, uri: path, body: body) + guard (200..<300).contains(Int(resp.status.code)) else { + throw CloudHypervisor.Error.http(status: resp.status, body: resp.body) + } + } + } +} diff --git a/Sources/CloudHypervisor/CloudHypervisor+Error.swift b/Sources/CloudHypervisor/CloudHypervisor+Error.swift new file mode 100644 index 0000000..942e1bf --- /dev/null +++ b/Sources/CloudHypervisor/CloudHypervisor+Error.swift @@ -0,0 +1,27 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import NIOHTTP1 + +extension CloudHypervisor { + public enum Error: Swift.Error, Sendable { + case transport(any Swift.Error) + case http(status: HTTPResponseStatus, body: Data) + case decoding(any Swift.Error, body: Data) + case invalidSocketPath(String) + } +} diff --git a/Sources/CloudHypervisor/CloudHypervisor.swift b/Sources/CloudHypervisor/CloudHypervisor.swift new file mode 100644 index 0000000..d723118 --- /dev/null +++ b/Sources/CloudHypervisor/CloudHypervisor.swift @@ -0,0 +1,17 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +public enum CloudHypervisor {} diff --git a/Sources/CloudHypervisor/Endpoints/Client+Hotplug.swift b/Sources/CloudHypervisor/Endpoints/Client+Hotplug.swift new file mode 100644 index 0000000..4eeb52e --- /dev/null +++ b/Sources/CloudHypervisor/Endpoints/Client+Hotplug.swift @@ -0,0 +1,55 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension CloudHypervisor.Client { + /// Hotplug a virtio-blk disk device into a running VM. + /// + /// Maps to `PUT /api/v1/vm.add-disk` in the Cloud Hypervisor REST API. + public func vmAddDisk(_ config: CloudHypervisor.DiskConfig) async throws -> CloudHypervisor.PciDeviceInfo { + try await put("/api/v1/vm.add-disk", body: config) + } + + /// Hotplug a virtio-fs filesystem device into a running VM. + /// + /// Maps to `PUT /api/v1/vm.add-fs` in the Cloud Hypervisor REST API. + public func vmAddFs(_ config: CloudHypervisor.FsConfig) async throws -> CloudHypervisor.PciDeviceInfo { + try await put("/api/v1/vm.add-fs", body: config) + } + + /// Hotplug a virtio-net network device into a running VM. + /// + /// Maps to `PUT /api/v1/vm.add-net` in the Cloud Hypervisor REST API. + public func vmAddNet(_ config: CloudHypervisor.NetConfig) async throws -> CloudHypervisor.PciDeviceInfo { + try await put("/api/v1/vm.add-net", body: config) + } + + /// Hotplug a virtio-vsock device into a running VM. + /// + /// Maps to `PUT /api/v1/vm.add-vsock` in the Cloud Hypervisor REST API. + public func vmAddVsock(_ config: CloudHypervisor.VsockConfig) async throws -> CloudHypervisor.PciDeviceInfo { + try await put("/api/v1/vm.add-vsock", body: config) + } + + /// Remove a hotplugged device from a running VM by its identifier. + /// + /// Maps to `PUT /api/v1/vm.remove-device` in the Cloud Hypervisor REST API. + public func vmRemoveDevice(id: String) async throws { + struct Request: Encodable, Sendable { let id: String } + try await put("/api/v1/vm.remove-device", body: Request(id: id)) + } +} diff --git a/Sources/CloudHypervisor/Endpoints/Client+VM.swift b/Sources/CloudHypervisor/Endpoints/Client+VM.swift new file mode 100644 index 0000000..b1f7998 --- /dev/null +++ b/Sources/CloudHypervisor/Endpoints/Client+VM.swift @@ -0,0 +1,61 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension CloudHypervisor.Client { + /// Create a VM with the given configuration. + /// + /// Maps to `PUT /api/v1/vm.create` in the Cloud Hypervisor REST API. + public func vmCreate(_ config: CloudHypervisor.VmConfig) async throws { + try await put("/api/v1/vm.create", body: config) + } + + /// Boot the VM (transition from Created → Running). + /// + /// Maps to `PUT /api/v1/vm.boot` in the Cloud Hypervisor REST API. + public func vmBoot() async throws { + try await put("/api/v1/vm.boot") + } + + /// Shut down the VM. + /// + /// Maps to `PUT /api/v1/vm.shutdown` in the Cloud Hypervisor REST API. + public func vmShutdown() async throws { + try await put("/api/v1/vm.shutdown") + } + + /// Retrieve runtime information about the VM. + /// + /// Maps to `GET /api/v1/vm.info` in the Cloud Hypervisor REST API. + public func vmInfo() async throws -> CloudHypervisor.VmInfo { + try await get("/api/v1/vm.info") + } + + /// Pause the running VM. + /// + /// Maps to `PUT /api/v1/vm.pause` in the Cloud Hypervisor REST API. + public func vmPause() async throws { + try await put("/api/v1/vm.pause") + } + + /// Resume a paused VM. + /// + /// Maps to `PUT /api/v1/vm.resume` in the Cloud Hypervisor REST API. + public func vmResume() async throws { + try await put("/api/v1/vm.resume") + } +} diff --git a/Sources/CloudHypervisor/Endpoints/Client+VMM.swift b/Sources/CloudHypervisor/Endpoints/Client+VMM.swift new file mode 100644 index 0000000..fb95663 --- /dev/null +++ b/Sources/CloudHypervisor/Endpoints/Client+VMM.swift @@ -0,0 +1,40 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension CloudHypervisor.Client { + /// Ping the Cloud Hypervisor VMM process and return its version information. + /// + /// Maps to `GET /api/v1/vmm.ping` in the Cloud Hypervisor REST API. + public func vmmPing() async throws -> CloudHypervisor.VmmPingResponse { + try await get("/api/v1/vmm.ping") + } + + /// Request the Cloud Hypervisor VMM process to shut down gracefully. + /// + /// Maps to `PUT /api/v1/vmm.shutdown` in the Cloud Hypervisor REST API. + public func vmmShutdown() async throws { + try await put("/api/v1/vmm.shutdown") + } + + /// Retrieve information about the Cloud Hypervisor VMM process. + /// + /// Maps to `GET /api/v1/vmm.info` in the Cloud Hypervisor REST API. + public func vmmInfo() async throws -> CloudHypervisor.VmmInfo { + try await get("/api/v1/vmm.info") + } +} diff --git a/Sources/CloudHypervisor/HTTPOverUDS.swift b/Sources/CloudHypervisor/HTTPOverUDS.swift new file mode 100644 index 0000000..96ecf44 --- /dev/null +++ b/Sources/CloudHypervisor/HTTPOverUDS.swift @@ -0,0 +1,202 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import Foundation +import Logging +import NIOConcurrencyHelpers +import NIOCore +import NIOHTTP1 + +// MARK: - HTTPResponse + +/// An HTTP response received from Cloud Hypervisor's REST API. +struct HTTPResponse: Sendable { + let status: HTTPResponseStatus + let headers: HTTPHeaders + let body: Data +} + +// MARK: - HTTPOverUDSClient + +/// A minimal HTTP/1.1 client that speaks over a Unix Domain Socket. Backed +/// by `AsyncHTTPClient` so connection lifecycle, timeout handling, and the +/// head/body/end write race we used to manage manually all live in the +/// library rather than in this file. +/// +/// AHC selects UDS via the `http+unix://` URL scheme (the supplied +/// `URL(httpURLWithSocketPath:uri:)` initializer does the percent-encoding). +/// Each `HTTPOverUDSClient` owns a fresh `HTTPClient` configured with +/// `eventLoopGroupProvider: .shared(group)` so the underlying NIO group is +/// the caller's to shut down — `httpClient.shutdown` only releases the +/// client's own state. +final class HTTPOverUDSClient: Sendable { + private let socketPath: String + private let httpClient: HTTPClient + private let logger: Logger + private let requestTimeout: TimeAmount + // One-shot flag tracking whether shutdown has been initiated, so + // explicit `shutdown()` is idempotent and `deinit` skips its fallback + // when an explicit shutdown already drained the HTTPClient. + private let didShutdown: NIOLockedValueBox + + init( + socketPath: String, + group: any EventLoopGroup, + logger: Logger, + requestTimeout: TimeAmount = .seconds(30) + ) { + self.socketPath = socketPath + self.httpClient = HTTPClient( + eventLoopGroupProvider: .shared(group), + configuration: .init() + ) + self.logger = logger + self.requestTimeout = requestTimeout + self.didShutdown = NIOLockedValueBox(false) + } + + /// Drain the underlying HTTPClient and wait for in-flight I/O to + /// finish. Idempotent — safe to call multiple times. + /// + /// MUST be called before the shared event-loop group is torn down. + /// AsyncHTTPClient leaves deferred connection-cleanup work parked on + /// the group's event loops after a response returns; if the group is + /// shut down first, that deferred work fails to schedule and SwiftNIO + /// prints "Cannot schedule tasks on an EventLoop that has already + /// shut down" (and will upgrade to a forced crash in future NIO + /// releases). + func shutdown() async throws { + let already = didShutdown.withLockedValue { state -> Bool in + if state { return true } + state = true + return false + } + if already { return } + try await httpClient.shutdown() + } + + /// Send an HTTP request and return the response. + /// + /// Translates AHC errors → ``CloudHypervisor/Error/transport(_:)`` so + /// callers see a uniform error type regardless of failure mode. + func send( + method: HTTPMethod, + uri: String, + body: Data?, + headers: HTTPHeaders = [:] + ) async throws -> HTTPResponse { + // AHC handles the percent-encoding. nil only on a path that can't + // be encoded — surface it the same way the public Client init does. + guard let url = URL(httpURLWithSocketPath: socketPath, uri: uri) else { + throw CloudHypervisor.Error.invalidSocketPath(socketPath) + } + + var request = HTTPClientRequest(url: url.absoluteString) + request.method = method + + // Preserve all caller-supplied headers verbatim. + for (name, value) in headers { + request.headers.replaceOrAdd(name: name, value: value) + } + + // `Connection: close` is preserved from the previous transport. CH + // accepts both close and keep-alive, but close is the safer default + // until we have explicit smoke coverage of long-lived per-VM + // keep-alive behavior. Each request goes to a different per-VM UDS + // anyway so there's nothing to pool. + request.headers.replaceOrAdd(name: "Connection", value: "close") + + // Body framing. CH's HTTP parser rejects body-less PUTs unless the + // request carries `Content-Length: 0` instead of falling back to + // chunked transfer encoding. + // + // How AHC actually frames the request is subtle: + // `RequestValidation.setTransportFraming` strips any manually-set + // `Content-Length` and re-derives framing from the body's known + // length. Assigning `.bytes(ByteBuffer())` (rather than leaving + // body nil) sets `bodyLength == .known(0)`, which AHC then frames + // as `Content-Length: 0` for PUT/POST per RFC 7230 §3.3.2. Leaving + // body nil would surface as `bodyLength == .unknown`, and AHC may + // emit chunked framing or no framing at all, which CH rejects. + // The explicit `Content-Length: 0` header set below is documentation + // of intent — AHC removes it before deriving framing — but the + // wire shape is determined by the empty body assignment. + // + // Regression test: ClientTests.bodylessPUTSendsContentLengthZero. + if let body, !body.isEmpty { + if request.headers["Content-Type"].isEmpty { + request.headers.add(name: "Content-Type", value: "application/json") + } + request.body = .bytes(ByteBuffer(bytes: body)) + } else { + request.headers.replaceOrAdd(name: "Content-Length", value: "0") + request.body = .bytes(ByteBuffer()) + } + + let deadline = NIODeadline.now() + requestTimeout + logger.debug("HTTPOverUDSClient: \(method) \(uri) → \(socketPath)") + + do { + let response = try await httpClient.execute( + request, + deadline: deadline, + logger: logger + ) + + // 16 MiB is far larger than any CH response we expect — vm.info, + // the largest, measures in low-KB even for many-disk VMs. The + // cap exists so a wedged server can't OOM us. + // + // Use `readableBytesView` + the Sequence-based Data init rather + // than `Data(buffer: ByteBuffer)`: the latter requires + // `NIOFoundationCompat`, which the Linux musl build doesn't + // pull in via Foundation by default. + let bodyBuffer = try await response.body.collect(upTo: 1 << 24) + let bodyData = Data(bodyBuffer.readableBytesView) + + logger.debug("HTTPOverUDSClient: \(method) \(uri) ← \(response.status.code)") + return HTTPResponse( + status: response.status, + headers: response.headers, + body: bodyData + ) + } catch let error as CloudHypervisor.Error { + throw error + } catch { + throw CloudHypervisor.Error.transport(error) + } + } + + deinit { + // Fire the callback-based shutdown only when `shutdown()` wasn't + // already called. The sync variant would deadlock if deinit + // happened to run on one of the HTTPClient's own event loops + // (commit fe1c95cf); the callback variant returns immediately at + // the cost of any completion signal. If explicit shutdown + // already ran, the HTTPClient is drained and a second call would + // just return `alreadyShutdown` — but it can still try to + // schedule the callback on the (now-dead) event loop, which is + // exactly the failure mode this whole flag guards against. + let already = didShutdown.withLockedValue { state -> Bool in + if state { return true } + state = true + return false + } + guard !already else { return } + httpClient.shutdown { _ in } + } +} diff --git a/Sources/CloudHypervisor/README.md b/Sources/CloudHypervisor/README.md new file mode 100644 index 0000000..9f8d397 --- /dev/null +++ b/Sources/CloudHypervisor/README.md @@ -0,0 +1,95 @@ +# CloudHypervisor + +A standalone Swift library for driving the [cloud-hypervisor](https://github.com/cloud-hypervisor/cloud-hypervisor) REST API over a Unix domain socket. The package compiles on both macOS and Linux, though `cloud-hypervisor` itself only runs on Linux. + +## Dependencies + +- [swift-nio](https://github.com/apple/swift-nio): `NIOCore`, `NIOPosix`, `NIOHTTP1`, `NIOConcurrencyHelpers` +- [swift-log](https://github.com/apple/swift-log): `Logging` + +There are no transitive dependencies on any other `containerization` library types. + +## Usage + +```swift +import CloudHypervisor + +let client = try CloudHypervisor.Client( + socketPath: URL(filePath: "/tmp/ch-foo/api.sock") +) + +try await client.vmmPing() +try await client.vmCreate(VmConfig(/* ... */)) +try await client.vmBoot() +``` + +### Full example with shared event loop group + +```swift +import CloudHypervisor +import NIOPosix + +let group = MultiThreadedEventLoopGroup(numberOfThreads: 2) +defer { try? group.syncShutdownGracefully() } + +let client = try CloudHypervisor.Client( + socketPath: URL(filePath: "/run/ch/vm0.sock"), + eventLoopGroup: group +) + +let info = try await client.vmInfo() +print(info.state) +``` + +## Supported Endpoints (v1) + +### VMM + +- `vmmPing() -> VmmPingResponse` — verify the VMM process is alive +- `vmmShutdown()` — shut down the VMM process +- `vmmInfo() -> VmmInfo` — query VMM-level metadata + +### VM Lifecycle + +- `vmCreate(_ config: VmConfig)` — define a new VM +- `vmBoot()` — start the VM +- `vmShutdown()` — gracefully shut down the VM +- `vmInfo() -> VmInfo` — query VM state and configuration +- `vmPause()` — pause a running VM +- `vmResume()` — resume a paused VM + +### Hotplug + +- `vmAddDisk(_ config: DiskConfig) -> PciDeviceInfo` — hot-add a block device +- `vmAddFs(_ config: FsConfig) -> PciDeviceInfo` — hot-add a virtio-fs share +- `vmAddNet(_ config: NetConfig) -> PciDeviceInfo` — hot-add a network device +- `vmAddVsock(_ config: VsockConfig) -> PciDeviceInfo` — hot-add a vsock device +- `vmRemoveDevice(id: String)` — hot-remove a device by ID + +## Minimum Supported cloud-hypervisor Version + +The package targets the `/api/v1/` REST namespace. It is tested against **cloud-hypervisor v40** and later. Earlier releases may be missing endpoints or use incompatible JSON schemas. + +## Error Model + +All failures are reported through `CloudHypervisor.Error`: + +- `.transport(any Swift.Error)` — a network or NIO-level failure before the HTTP response was received +- `.http(status:body:)` — the server responded with a non-2xx HTTP status; `body` contains the raw response bytes +- `.decoding(any Swift.Error, body:)` — the response had a 2xx status but JSON decoding failed; `body` is the raw bytes for diagnostics +- `.invalidSocketPath(String)` — the URL passed to `Client.init` is not a `file://` URL + +Non-2xx responses always produce `.http`, never a decode error, so callers can distinguish protocol-level errors from unexpected payloads. + +## Concurrency + +`Client` is `Sendable` and all endpoint methods are `async throws`. Each call opens a fresh TCP-over-UDS connection to cloud-hypervisor and closes it when the response is complete. + +By default the client creates and owns a `MultiThreadedEventLoopGroup` and shuts it down in `deinit`. If you already have an event loop group (e.g. from NIO or another library), pass it via the `eventLoopGroup:` parameter — in that case the client does **not** shut the group down on `deinit`, leaving lifecycle management to the caller. + +## Non-Goals (v1) + +- Not a high-level VM orchestration layer — for that, use the `Containerization` library. +- Not exhaustive coverage of cloud-hypervisor's full OpenAPI surface — only the 14 endpoints listed above are implemented; additional endpoints can be added incrementally. +- No connection pooling — a fresh connection is opened per request, which is appropriate for low-volume control-plane use. +- No streaming response bodies — response payloads are buffered in memory before decoding. diff --git a/Sources/CloudHypervisor/Types/DeviceConfigs.swift b/Sources/CloudHypervisor/Types/DeviceConfigs.swift new file mode 100644 index 0000000..e54877d --- /dev/null +++ b/Sources/CloudHypervisor/Types/DeviceConfigs.swift @@ -0,0 +1,242 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension CloudHypervisor { + // MARK: - ImageType + + /// On-disk format of a `DiskConfig`'s backing file. When omitted on the + /// wire, cloud-hypervisor defaults to `Unknown` and rejects writes to + /// the disk (logging "Attempting to write to sector 0 on a disk without + /// specifying image_type"); always set this explicitly. + /// + /// Raw values match the Rust `block::ImageType` enum variants used in + /// CH's JSON serialization (PascalCase) — these differ from the + /// lowercase tokens accepted on the `--disk` CLI flag. + public enum ImageType: String, Sendable, Codable, Equatable { + case raw = "Raw" + case qcow2 = "Qcow2" + case fixedVhd = "FixedVhd" + case vhdx = "Vhdx" + case unknown = "Unknown" + } + + // MARK: - DiskConfig + + /// Virtio-blk disk configuration. + /// + /// Maps to `DiskConfig` in the Cloud Hypervisor OpenAPI spec. + public struct DiskConfig: Sendable, Codable, Equatable { + /// Path to the disk image file. + public var path: String + /// Open the disk in read-only mode. + public var readonly: Bool? + /// Use O_DIRECT for disk I/O. + public var direct: Bool? + /// Enable IOMMU for this device. + public var iommu: Bool? + /// Optional device identifier. + public var id: String? + /// PCI segment to attach the device to. + public var pciSegment: UInt16? + /// On-disk format of the backing file. + public var imageType: ImageType? + + public init( + path: String, + readonly: Bool? = nil, + direct: Bool? = nil, + iommu: Bool? = nil, + id: String? = nil, + pciSegment: UInt16? = nil, + imageType: ImageType? = nil + ) { + self.path = path + self.readonly = readonly + self.direct = direct + self.iommu = iommu + self.id = id + self.pciSegment = pciSegment + self.imageType = imageType + } + + enum CodingKeys: String, CodingKey { + case path + case readonly + case direct + case iommu + case id + case pciSegment = "pci_segment" + case imageType = "image_type" + } + } + + // MARK: - NetConfig + + /// Virtio-net network device configuration. + /// + /// Maps to `NetConfig` in the Cloud Hypervisor OpenAPI spec. + public struct NetConfig: Sendable, Codable, Equatable { + /// TAP device name on the host. + public var tap: String? + /// IPv4 address for the device. + public var ip: String? + /// IPv4 subnet mask. + public var mask: String? + /// MAC address for the device. + public var mac: String? + /// Maximum transmission unit. + public var mtu: Int? + /// Number of virtio queues. + public var numQueues: Int? + /// Size of each virtio queue. + public var queueSize: Int? + /// Optional device identifier. + public var id: String? + + public init( + tap: String? = nil, + ip: String? = nil, + mask: String? = nil, + mac: String? = nil, + mtu: Int? = nil, + numQueues: Int? = nil, + queueSize: Int? = nil, + id: String? = nil + ) { + self.tap = tap + self.ip = ip + self.mask = mask + self.mac = mac + self.mtu = mtu + self.numQueues = numQueues + self.queueSize = queueSize + self.id = id + } + + enum CodingKeys: String, CodingKey { + case tap + case ip + case mask + case mac + case mtu + case numQueues = "num_queues" + case queueSize = "queue_size" + case id + } + } + + // MARK: - FsConfig + + /// Virtio-fs filesystem device configuration. + /// + /// Maps to `FsConfig` in the Cloud Hypervisor OpenAPI spec. + public struct FsConfig: Sendable, Codable, Equatable { + /// Filesystem tag used by the guest to mount. + public var tag: String + /// Path to the virtiofsd Unix socket. + public var socket: String + /// Number of virtio queues. + public var numQueues: Int? + /// Size of each virtio queue. + public var queueSize: Int? + /// Optional device identifier. + public var id: String? + /// PCI segment to attach the device to. + public var pciSegment: UInt16? + + public init( + tag: String, + socket: String, + numQueues: Int? = nil, + queueSize: Int? = nil, + id: String? = nil, + pciSegment: UInt16? = nil + ) { + self.tag = tag + self.socket = socket + self.numQueues = numQueues + self.queueSize = queueSize + self.id = id + self.pciSegment = pciSegment + } + + enum CodingKeys: String, CodingKey { + case tag + case socket + case numQueues = "num_queues" + case queueSize = "queue_size" + case id + case pciSegment = "pci_segment" + } + } + + // MARK: - VsockConfig + + /// Virtio-vsock configuration. + /// + /// Maps to `VsockConfig` in the Cloud Hypervisor OpenAPI spec. + public struct VsockConfig: Sendable, Codable, Equatable { + /// Context ID (CID) for the vsock device. + public var cid: UInt32 + /// Path to the vsock Unix socket on the host. + public var socket: String + /// Enable IOMMU for this device. + public var iommu: Bool? + /// Optional device identifier. + public var id: String? + + public init( + cid: UInt32, + socket: String, + iommu: Bool? = nil, + id: String? = nil + ) { + self.cid = cid + self.socket = socket + self.iommu = iommu + self.id = id + } + + enum CodingKeys: String, CodingKey { + case cid + case socket + case iommu + case id + } + } + + // MARK: - PciDeviceInfo + + /// PCI device identifier returned by Cloud Hypervisor after device add. + /// + /// Maps to `PciDeviceInfo` in the Cloud Hypervisor OpenAPI spec. + public struct PciDeviceInfo: Sendable, Codable, Equatable { + /// Device identifier string. + public var id: String + /// PCI Bus:Device.Function address (e.g. `"0000:00:03.0"`). + public var bdf: String + + public init(id: String, bdf: String) { + self.id = id + self.bdf = bdf + } + + enum CodingKeys: String, CodingKey { + case id + case bdf + } + } +} diff --git a/Sources/CloudHypervisor/Types/VmConfig.swift b/Sources/CloudHypervisor/Types/VmConfig.swift new file mode 100644 index 0000000..429b7db --- /dev/null +++ b/Sources/CloudHypervisor/Types/VmConfig.swift @@ -0,0 +1,187 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension CloudHypervisor { + // MARK: - VmConfig + + /// Top-level VM boot / create payload. + /// + /// Maps to `VmConfig` in the Cloud Hypervisor OpenAPI spec. + public struct VmConfig: Sendable, Codable, Equatable { + public var cpus: CpusConfig + public var memory: MemoryConfig + public var payload: PayloadConfig + public var disks: [DiskConfig]? + public var net: [NetConfig]? + public var fs: [FsConfig]? + public var vsock: VsockConfig? + public var console: ConsoleConfig + public var serial: ConsoleConfig + + public init( + cpus: CpusConfig, + memory: MemoryConfig, + payload: PayloadConfig, + disks: [DiskConfig]? = nil, + net: [NetConfig]? = nil, + fs: [FsConfig]? = nil, + vsock: VsockConfig? = nil, + console: ConsoleConfig, + serial: ConsoleConfig + ) { + self.cpus = cpus + self.memory = memory + self.payload = payload + self.disks = disks + self.net = net + self.fs = fs + self.vsock = vsock + self.console = console + self.serial = serial + } + + enum CodingKeys: String, CodingKey { + case cpus + case memory + case payload + case disks + case net + case fs + case vsock + case console + case serial + } + } + + // MARK: - CpusConfig + + /// CPU configuration for a VM. + /// + /// Maps to `CpusConfig` in the Cloud Hypervisor OpenAPI spec. + public struct CpusConfig: Sendable, Codable, Equatable { + /// Number of vCPUs to boot with. + public var bootVcpus: Int + /// Maximum number of vCPUs (for hotplug). + public var maxVcpus: Int + + public init(bootVcpus: Int, maxVcpus: Int) { + self.bootVcpus = bootVcpus + self.maxVcpus = maxVcpus + } + + enum CodingKeys: String, CodingKey { + case bootVcpus = "boot_vcpus" + case maxVcpus = "max_vcpus" + } + } + + // MARK: - MemoryConfig + + /// Memory configuration for a VM. + /// + /// Maps to `MemoryConfig` in the Cloud Hypervisor OpenAPI spec. + public struct MemoryConfig: Sendable, Codable, Equatable { + /// RAM size in bytes. + public var size: UInt64 + /// Hotplug memory size in bytes. + public var hotplugSize: UInt64? + /// Enable memory merging (KSM). + public var mergeable: Bool? + /// Use a shared memory mapping (`MAP_SHARED`). Required when any + /// vhost-user device (e.g. virtio-fs / virtiofsd) is attached — + /// CH otherwise rejects `vm.boot` with "Using vhost-user requires + /// using shared memory or huge pages". + public var shared: Bool? + + public init(size: UInt64, hotplugSize: UInt64? = nil, mergeable: Bool? = nil, shared: Bool? = nil) { + self.size = size + self.hotplugSize = hotplugSize + self.mergeable = mergeable + self.shared = shared + } + + enum CodingKeys: String, CodingKey { + case size + case hotplugSize = "hotplug_size" + case mergeable + case shared + } + } + + // MARK: - PayloadConfig + + /// Kernel / initramfs / cmdline payload for a VM. + /// + /// Maps to `PayloadConfig` in the Cloud Hypervisor OpenAPI spec. + public struct PayloadConfig: Sendable, Codable, Equatable { + /// Path to the uncompressed kernel image (vmlinux). + public var kernel: String + /// Optional initramfs path. + public var initramfs: String? + /// Optional kernel command line. + public var cmdline: String? + + public init(kernel: String, initramfs: String? = nil, cmdline: String? = nil) { + self.kernel = kernel + self.initramfs = initramfs + self.cmdline = cmdline + } + + enum CodingKeys: String, CodingKey { + case kernel + case initramfs + case cmdline + } + } + + // MARK: - ConsoleConfig + + /// Console / serial device configuration. + /// + /// Maps to `ConsoleConfig` in the Cloud Hypervisor OpenAPI spec. + public struct ConsoleConfig: Sendable, Codable, Equatable { + /// Console I/O mode. + /// + /// CH's OpenAPI spec uses these capitalized strings literally. + public enum Mode: String, Codable, Sendable { + case Off + case Pty + case Tty + case File + case Socket + case Null + } + + public var mode: Mode + /// Path to the output file when `mode == .File`. + public var file: String? + /// Path to the Unix socket when `mode == .Socket`. + public var socket: String? + + public init(mode: Mode, file: String? = nil, socket: String? = nil) { + self.mode = mode + self.file = file + self.socket = socket + } + + enum CodingKeys: String, CodingKey { + case mode + case file + case socket + } + } + +} diff --git a/Sources/CloudHypervisor/Types/VmInfo.swift b/Sources/CloudHypervisor/Types/VmInfo.swift new file mode 100644 index 0000000..f37f63e --- /dev/null +++ b/Sources/CloudHypervisor/Types/VmInfo.swift @@ -0,0 +1,122 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension CloudHypervisor { + // MARK: - VmState + + /// Lifecycle state of a Cloud Hypervisor VM. + /// + /// Maps to `VmState` in the Cloud Hypervisor OpenAPI spec. + /// The raw values match CH's literal strings exactly (capitalized). + public enum VmState: String, Sendable, Codable, Equatable { + case Created + case Running + case Shutdown + case Paused + case BreakPoint + } + + // MARK: - VmInfo + + /// Response body for `GET /vm.info`. + /// + /// Maps to `VmInfo` in the Cloud Hypervisor OpenAPI spec. + /// + /// Note: the `device_tree` map (`[String: VmInfoDeviceNode]`) from the + /// upstream OpenAPI spec is omitted in this v1 implementation — no current + /// endpoint consumers require it. Add when needed. + public struct VmInfo: Sendable, Codable, Equatable { + /// The boot configuration used for this VM. + public var config: VmConfig + /// Current lifecycle state. + public var state: VmState + /// Actual memory size in bytes as reported by the VMM, if available. + public var memoryActualSize: UInt64? + + public init(config: VmConfig, state: VmState, memoryActualSize: UInt64? = nil) { + self.config = config + self.state = state + self.memoryActualSize = memoryActualSize + } + + enum CodingKeys: String, CodingKey { + case config + case state + case memoryActualSize = "memory_actual_size" + } + } + + // MARK: - VmmPingResponse + + /// Response body for `GET /vmm.ping`. + /// + /// Maps to `VmmPingResponse` in the Cloud Hypervisor OpenAPI spec. + public struct VmmPingResponse: Sendable, Codable, Equatable { + /// Cloud Hypervisor version string (e.g. `"v40.0"`). + public var version: String + /// PID of the VMM process, if provided. + public var pid: Int? + /// List of compiled-in feature flags, if provided. + public var features: [String]? + /// Build-time version string, if provided. + public var buildVersion: String? + + public init(version: String, pid: Int? = nil, features: [String]? = nil, buildVersion: String? = nil) { + self.version = version + self.pid = pid + self.features = features + self.buildVersion = buildVersion + } + + enum CodingKeys: String, CodingKey { + case version + case pid + case features + case buildVersion = "build_version" + } + } + + // MARK: - VmmInfo + + /// Response body for `GET /vmm.info`. + /// + /// Maps to a subset of the `VmmInfo` schema in the Cloud Hypervisor OpenAPI + /// spec. Only the fields needed by v1 consumers are included (YAGNI). + public struct VmmInfo: Sendable, Codable, Equatable { + /// Cloud Hypervisor version string (e.g. `"v40.0"`). + public var version: String + /// PID of the VMM process, if provided. + public var pid: Int? + /// Build-time version string, if provided. + public var buildVersion: String? + /// The currently-running VM's boot configuration, if a VM exists. + public var config: VmConfig? + + public init(version: String, pid: Int? = nil, buildVersion: String? = nil, config: VmConfig? = nil) { + self.version = version + self.pid = pid + self.buildVersion = buildVersion + self.config = config + } + + enum CodingKeys: String, CodingKey { + case version + case pid + case buildVersion = "build_version" + case config + } + } +} diff --git a/Sources/Containerization/AttachedFilesystem.swift b/Sources/Containerization/AttachedFilesystem.swift new file mode 100644 index 0000000..f9dbfe5 --- /dev/null +++ b/Sources/Containerization/AttachedFilesystem.swift @@ -0,0 +1,53 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import ContainerizationOCI + +/// A filesystem that was attached and able to be mounted inside the runtime environment. +public struct AttachedFilesystem: Sendable { + /// The type of the filesystem. + public var type: String + /// The path to the filesystem within a sandbox. + public var source: String + /// Destination when mounting the filesystem inside a sandbox. + public var destination: String + /// The options to use when mounting the filesystem. + public var options: [String] + + public init(mount: Mount, allocator: any AddressAllocator) throws { + switch mount.runtimeOptions { + case .virtiofs: + let name = try hashFilePath(path: mount.source) + self.source = name + case .virtioblk: + let char = try allocator.allocate() + self.source = "/dev/vd\(char)" + case .shared, .any: + self.source = mount.source + } + self.type = mount.type + self.options = mount.options + self.destination = mount.destination + } + + public init(type: String, source: String, destination: String, options: [String]) { + self.type = type + self.source = source + self.destination = destination + self.options = options + } +} diff --git a/Sources/Containerization/BridgeManager.swift b/Sources/Containerization/BridgeManager.swift new file mode 100644 index 0000000..c117d19 --- /dev/null +++ b/Sources/Containerization/BridgeManager.swift @@ -0,0 +1,399 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import ContainerizationExtras +import ContainerizationNetlink +import Foundation +import Logging + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +/// Linux-only host plumbing for a container bridge network. +/// +/// `create()` is idempotent: it brings the bridge to a known state (created +/// if absent, configured if already present), records what it changed in +/// `/run/containerization/bridge-.state`, and `delete()` reverses +/// only what was recorded. +/// +/// **NAT is opt-in.** With the default (`enableNAT: false`) `create()` only +/// brings up the bridge link and assigns the gateway IP — it does NOT touch +/// `ip_forward`, does NOT program iptables, and does NOT pick an egress +/// interface. Containers attached to the bridge can talk to each other and +/// to the host, but not to the outside world. Pass `enableNAT: true` to +/// also enable IPv4 forwarding and program a scoped MASQUERADE/FORWARD +/// pair (`-i -o `); the bridge becomes a NAT exit and the +/// host now routes guest traffic. +/// +/// Concurrent `create()`/`delete()` calls (e.g. from two `cctl run` +/// processes) serialize via `flock(LOCK_EX)` on +/// `/run/containerization/bridge-.lock`. +/// +/// Requires root (or `CAP_NET_ADMIN` plus, when NAT is enabled, the ability +/// to write `/proc/sys/...` and invoke `iptables`). +public struct BridgeManager: Sendable { + public let name: String + public let subnet: CIDRv4 + public let gateway: IPv4Address + public let mtu: UInt32 + public let egressInterface: String? + public let enableNAT: Bool + private let log: Logger + + /// - Parameters: + /// - name: bridge interface name (e.g. `cz0`). + /// - subnet: subnet to assign on the bridge. + /// - gateway: host-side IP on the bridge. Defaults to `subnet.gateway` + /// (= `subnet.lower + 1`). + /// - mtu: bridge MTU. Default 1500. + /// - egressInterface: explicit egress iface for MASQUERADE. nil = + /// auto-detect via `/proc/net/route` at `create()` time. Only used + /// when `enableNAT` is true. + /// - enableNAT: when true, program iptables MASQUERADE+FORWARD and + /// enable `net.ipv4.ip_forward`. Default false — the bridge is + /// created without external connectivity, leaving host firewall + /// policy untouched. + /// - logger: optional logger. Defaults to a `bridge`-labeled logger. + public init( + name: String, + subnet: CIDRv4, + gateway: IPv4Address? = nil, + mtu: UInt32 = 1500, + egressInterface: String? = nil, + enableNAT: Bool = false, + logger: Logger? = nil + ) { + self.name = Self.validateInterfaceName(name) + self.subnet = subnet + self.gateway = gateway ?? subnet.gateway + self.mtu = mtu + self.egressInterface = egressInterface.map(Self.validateInterfaceName) + self.enableNAT = enableNAT + self.log = logger ?? Logger(label: "com.apple.containerization.bridge") + } + + /// Reject obviously-bogus interface names before they hit netlink or + /// `iptables`. This is a defense-in-depth check; the kernel and + /// `iptables` themselves will also reject pathological inputs, but doing + /// it here surfaces the error in a callable Swift API rather than as a + /// netlink rc or iptables exit. Asserts (rather than throws) — these + /// constraints are static, so a violation is a programming error. + private static func validateInterfaceName(_ name: String) -> String { + // IFNAMSIZ on Linux is 16 (15 usable + NUL). iptables itself caps + // at 15. Names with `/`, whitespace, or NUL are kernel-rejected. + precondition(!name.isEmpty, "interface name must be non-empty") + precondition(name.utf8.count <= 15, "interface name '\(name)' exceeds IFNAMSIZ-1 (15)") + precondition( + !name.contains(where: { $0.isWhitespace || $0 == "/" || $0 == "\0" || $0 == ":" }), + "interface name '\(name)' contains invalid characters" + ) + return name + } + + /// Idempotent create. + public func create() throws { + try Self.ensureStateDirectory() + let lock = try FileLock(path: Self.lockPath(for: name)) + try lock.withExclusive { + try createLocked() + } + } + + /// Idempotent delete. No-op when the bridge does not exist. + public func delete() throws { + try Self.ensureStateDirectory() + let lock = try FileLock(path: Self.lockPath(for: name)) + try lock.withExclusive { + try deleteLocked() + } + } + + private func createLocked() throws { + let session = NetlinkSession(socket: try DefaultNetlinkSocket(), log: log) + let stateURL = URL(fileURLWithPath: Self.statePath(for: name)) + + // Preserve `prevIpForward` across re-runs: a second NAT-enabled + // create() call would otherwise read the value the FIRST run left + // behind ("1") and clobber the original prior state, so delete() + // couldn't restore. + let priorState: BridgeState? = (try? Data(contentsOf: stateURL)) + .flatMap { try? BridgeState.decode($0) } + + // 1. Bridge link. + do { + try session.linkAddBridge(name: name) + log.info("created bridge \(name)") + } catch { + // EEXIST is fine; treat any error as "maybe it exists" and probe. + // `linkGet` throws ENODEV when the iface is absent (rather than + // returning an empty array), so coalesce both shapes to "absent". + let existing = (try? session.linkGet(interface: name)) ?? [] + if existing.isEmpty { + throw ContainerizationError( + .internalError, + message: "linkAddBridge \(name) failed and bridge does not exist: \(error)" + ) + } + log.debug("bridge \(name) already exists") + } + + // 2. Address (gateway/prefix) on the bridge. + let cidr = try CIDRv4(gateway, prefix: subnet.prefix) + do { + try session.addressAdd(interface: name, ipv4Address: cidr) + } catch { + // EEXIST tolerated; netlink layer doesn't expose errno cleanly, + // so log and continue. linkSet/up below will fail visibly if the + // bridge state is actually broken. + log.debug("addressAdd \(cidr) on \(name) returned \(error) (likely already set)") + } + + // 3. Up + MTU. + try session.linkSet(interface: name, up: true, mtu: mtu) + + // NAT is opt-in but sticky: once enabled by a previous create(), + // subsequent create() calls without --enable-nat leave the existing + // rules and ip_forward state in place. Otherwise `cctl run` + // (defaults to NAT off) called after `cctl bridge create + // --enable-nat` would silently disable the NAT the user explicitly + // turned on. delete() always reverses whatever the state file + // records. + let effectiveNAT = enableNAT || (priorState?.natEnabled ?? false) + guard effectiveNAT else { + let state = BridgeState(natEnabled: false) + try state.encode().write(to: stateURL) + log.info("bridge \(name) ready (subnet \(subnet), NAT disabled)") + return + } + + // 4. ip_forward: read what's currently on the host, decide what to + // record. If we already have a NAT-enabled state file from a prior + // create(), keep its `prevIpForward` (it's the *original* prior + // value); otherwise record what we just read. + let currentIpForward = (try? Self.readSysctl("net/ipv4/ip_forward")) ?? "0" + let prevIpForward = (priorState?.natEnabled == true ? priorState?.prevIpForward : nil) ?? currentIpForward + if currentIpForward != "1" { + try Self.writeSysctl("net/ipv4/ip_forward", value: "1") + } + + // 5. Egress iface — explicit override or auto-detect. + let egress: String + if let explicit = egressInterface { + egress = explicit + } else if let detected = HostDefaultRoute.currentEgress() { + egress = detected + } else { + throw ContainerizationError( + .invalidArgument, + message: "no default route on host; pass egressInterface explicitly" + ) + } + + // 6. Record state BEFORE iptables. If a later iptables -A fails, + // delete() still has authority to clean up partial rules; if we + // deferred the write until after, a mid-failure would orphan rules + // with no record. + let state = BridgeState( + natEnabled: true, + prevIpForward: prevIpForward, + egressInterface: egress + ) + try state.encode().write(to: stateURL) + + // 7. iptables rules — idempotent. The FORWARD rule is scoped to + // `-i -o ` so the host doesn't become an + // unrestricted router for guest traffic across every host iface + // (e.g. a VPN or a sibling bridge). + try IptablesRules.ensure( + table: "nat", + args: [ + "POSTROUTING", "-s", subnet.description, "!", "-o", name, "-j", "MASQUERADE", + ]) + try IptablesRules.ensure(args: [ + "FORWARD", "-i", name, "-o", egress, "-j", "ACCEPT", + ]) + try IptablesRules.ensure(args: [ + "FORWARD", "-i", egress, "-o", name, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT", + ]) + + log.info("bridge \(name) ready (subnet \(subnet), egress \(egress), NAT enabled)") + } + + private func deleteLocked() throws { + let stateURL = URL(fileURLWithPath: Self.statePath(for: name)) + let state: BridgeState? = (try? Data(contentsOf: stateURL)) + .flatMap { try? BridgeState.decode($0) } + + // 1. iptables — only if a prior create() with NAT enabled left state + // we own. The rules are keyed off subnet, bridge name, and the + // recorded egress iface, so removal is precise even when the + // host has rules from other tools. + if let state, state.natEnabled, let egress = state.egressInterface { + log.debug("removing iptables rules for bridge \(name) (egress \(egress))") + IptablesRules.remove( + table: "nat", + args: [ + "POSTROUTING", "-s", subnet.description, "!", "-o", name, "-j", "MASQUERADE", + ]) + IptablesRules.remove(args: [ + "FORWARD", "-i", name, "-o", egress, "-j", "ACCEPT", + ]) + IptablesRules.remove(args: [ + "FORWARD", "-i", egress, "-o", name, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT", + ]) + } + + // 2. Bridge link. + let session = NetlinkSession(socket: try DefaultNetlinkSocket(), log: log) + // Refuse to delete anything that isn't actually a bridge — the + // kernel exposes `/sys/class/net//bridge` only for links of + // kind=bridge, so its presence is an authoritative kind check + // without parsing IFLA_LINKINFO. This guards against `cctl bridge + // delete --name eth0` (or docker0, etc.) taking down host links. + let sysfsBridge = "/sys/class/net/\(name)/bridge" + let isBridge = FileManager.default.fileExists(atPath: sysfsBridge) + let exists = !((try? session.linkGet(interface: name)) ?? []).isEmpty + if exists && !isBridge { + throw ContainerizationError( + .invalidArgument, + message: "refusing to delete \(name): exists but is not a bridge interface" + ) + } + do { + try session.linkDel(name: name) + log.info("deleted bridge \(name)") + } catch { + // ENODEV-like: nothing to do. + log.debug("linkDel \(name) returned \(error) (likely already absent)") + } + + // 3. Restore ip_forward only if this bridge's create()-with-NAT set + // it from 0 AND no other containerization bridge still has NAT + // enabled. ip_forward is a single global sysctl shared by every + // bridge, so it must be reference-counted against the on-disk state + // files rather than blindly reset — otherwise tearing down one NAT + // bridge would disable forwarding for a sibling that still needs it. + // + // (Torn down in the order that removes the original flipper first — + // or two NAT bridges torn down concurrently — may leave ip_forward=1 + // after the last bridge is gone. That's the safe direction: + // forwarding with no bridge or iptables rules attached is inert, and + // a reboot clears it. Erroneously forcing it to 0 under a live NAT + // bridge is the failure this guards against.) + let otherNAT = Self.otherNATEnabledBridgesExist(excluding: name) + if state?.natEnabled == true, state?.prevIpForward == "0", !otherNAT { + try? Self.writeSysctl("net/ipv4/ip_forward", value: "0") + } + + // 4. Remove state file. + try? FileManager.default.removeItem(at: stateURL) + } + + // MARK: - Paths / sysctl helpers + + private static let stateDir = "/run/containerization" + + private static func statePath(for name: String) -> String { + "\(stateDir)/bridge-\(name).state" + } + + private static func lockPath(for name: String) -> String { + "\(stateDir)/bridge-\(name).lock" + } + + private static func ensureStateDirectory() throws { + try FileManager.default.createDirectory( + atPath: stateDir, + withIntermediateDirectories: true, + attributes: [.posixPermissions: 0o755] + ) + } + + private static func readSysctl(_ path: String) throws -> String { + let url = URL(fileURLWithPath: "/proc/sys/\(path)") + return try String(contentsOf: url, encoding: .utf8) + .trimmingCharacters(in: .whitespacesAndNewlines) + } + + private static func writeSysctl(_ path: String, value: String) throws { + let url = URL(fileURLWithPath: "/proc/sys/\(path)") + try Data((value + "\n").utf8).write(to: url) + } + + /// Whether any *other* containerization bridge still has NAT enabled, + /// determined by scanning the `bridge-*.state` files under `stateDir`. + /// Used by `delete()` to reference-count the shared global `ip_forward` + /// sysctl so tearing down one NAT bridge doesn't disable forwarding for + /// its siblings. `excluding` is this bridge's name — its own (still + /// present) state file is skipped since `delete()` removes it afterward. + private static func otherNATEnabledBridgesExist(excluding name: String) -> Bool { + let selfFile = "bridge-\(name).state" + let entries = (try? FileManager.default.contentsOfDirectory(atPath: stateDir)) ?? [] + for entry in entries { + guard entry.hasPrefix("bridge-"), entry.hasSuffix(".state"), entry != selfFile else { + continue + } + let url = URL(fileURLWithPath: "\(stateDir)/\(entry)") + guard + let data = try? Data(contentsOf: url), + let state = try? BridgeState.decode(data) + else { + continue + } + if state.natEnabled { + return true + } + } + return false + } +} + +/// `flock(2)` wrapper. Held for the duration of a closure. +struct FileLock { + let fd: Int32 + + init(path: String) throws { + let f = open(path, O_RDWR | O_CREAT | O_CLOEXEC, 0o600) + guard f >= 0 else { + throw ContainerizationError( + .internalError, + message: "open \(path) failed: errno=\(errno)" + ) + } + self.fd = f + } + + func withExclusive(_ body: () throws -> T) throws -> T { + guard flock(fd, LOCK_EX) == 0 else { + close(fd) + throw ContainerizationError( + .internalError, + message: "flock LOCK_EX failed: errno=\(errno)" + ) + } + defer { + _ = flock(fd, LOCK_UN) + close(fd) + } + return try body() + } +} +#endif diff --git a/Sources/Containerization/BridgeStateFile.swift b/Sources/Containerization/BridgeStateFile.swift new file mode 100644 index 0000000..34dbd09 --- /dev/null +++ b/Sources/Containerization/BridgeStateFile.swift @@ -0,0 +1,75 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// On-disk record of state `BridgeManager.create()` modified, used by +/// `delete()` to restore the host. Stored at +/// `/run/containerization/bridge-.state` (tmpfs — gone after host +/// reboot, which is fine because reboot already clears `ip_forward` and +/// the bridge link itself). +struct BridgeState: Codable, Equatable { + /// Whether `create()` programmed NAT (iptables MASQUERADE/FORWARD + + /// `ip_forward`). When `false`, the only thing `create()` did was bring + /// the bridge up — `delete()` only needs to remove the link, not roll + /// back NAT. State files predating this field are decoded as + /// `natEnabled = true` for back-compat. + let natEnabled: Bool + + /// Value of `/proc/sys/net/ipv4/ip_forward` read at the *first* + /// `create()` call. Preserved across re-runs so `delete()` can restore + /// the host's true original value. Only set when `natEnabled`. + let prevIpForward: String? + + /// Egress interface that `create()` used in the iptables rules — passed + /// explicitly by the caller, or auto-detected from `/proc/net/route`. + /// Only set when `natEnabled`. Recorded for debug / observability and + /// to scope the FORWARD rule's `-o` clause; rule removal is keyed off + /// subnet, bridge name, and egress. + let egressInterface: String? + + init(natEnabled: Bool, prevIpForward: String? = nil, egressInterface: String? = nil) { + self.natEnabled = natEnabled + self.prevIpForward = prevIpForward + self.egressInterface = egressInterface + } + + enum CodingKeys: String, CodingKey { + case natEnabled + case prevIpForward + case egressInterface + } + + init(from decoder: Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + // Default natEnabled to true when missing so files written by older + // versions (which always programmed NAT) still describe themselves + // accurately — delete() will roll back ip_forward / iptables. + self.natEnabled = try container.decodeIfPresent(Bool.self, forKey: .natEnabled) ?? true + self.prevIpForward = try container.decodeIfPresent(String.self, forKey: .prevIpForward) + self.egressInterface = try container.decodeIfPresent(String.self, forKey: .egressInterface) + } + + func encode() throws -> Data { + let encoder = JSONEncoder() + encoder.outputFormatting = [.prettyPrinted, .sortedKeys] + return try encoder.encode(self) + } + + static func decode(_ data: Data) throws -> BridgeState { + try JSONDecoder().decode(BridgeState.self, from: data) + } +} diff --git a/Sources/Containerization/CHHotplugProvider.swift b/Sources/Containerization/CHHotplugProvider.swift new file mode 100644 index 0000000..9036da5 --- /dev/null +++ b/Sources/Containerization/CHHotplugProvider.swift @@ -0,0 +1,422 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import CloudHypervisor +import ContainerizationError +import ContainerizationExtras +import Foundation +import Logging +import NIOHTTP1 +import Synchronization + +/// Hotplug provider for the cloud-hypervisor backend. +/// +/// Handles both block (`vm.add-disk`) and virtiofs (`vm.add-fs`, with one +/// `virtiofsd` per unique source-hash tag) hotplug, plus the matching +/// `vm.remove-device` teardown. Owns the per-VM mount registry so +/// `CHVirtualMachineInstance.mounts` can forward to it. +final class CHHotplugProvider: HotplugProvider { + struct HotplugRecord: Sendable { + let chDeviceId: String + let kind: Kind + + enum Kind: Sendable { + case block(letter: Character) + case virtiofs(tag: String) + } + } + + struct VirtiofsdTagState: Sendable { + var process: VirtiofsdProcess + var refcount: Int + var chDeviceId: String + } + + private let client: CloudHypervisor.Client + private let workDir: URL + private let virtiofsdBinaryOverride: URL? + private let allocator: any AddressAllocator + private let _mounts: Mutex<[String: [AttachedFilesystem]]> + private let _records: Mutex<[String: [HotplugRecord]]> + private let _tags: Mutex<[String: VirtiofsdTagState]> + /// Serializes per-tag virtiofsd spawn so a concurrent hotplug for the + /// same tag can't race the existence-check / process-registration window + /// (TOCTOU → orphaned virtiofsd). Held across awaits, so it must be an + /// `AsyncLock` rather than the sync `Mutex` that protects `_tags`. + private let spawnLock: AsyncLock + private let logger: Logger? + + init( + client: CloudHypervisor.Client, + workDir: URL, + virtiofsdBinary: URL?, + allocator: any AddressAllocator, + initialMounts: [String: [AttachedFilesystem]], + logger: Logger? + ) { + self.client = client + self.workDir = workDir + self.virtiofsdBinaryOverride = virtiofsdBinary + self.allocator = allocator + self._mounts = Mutex(initialMounts) + self._records = Mutex([:]) + self._tags = Mutex([:]) + self.spawnLock = AsyncLock() + self.logger = logger + } + + // MARK: - Read accessors + + var mounts: [String: [AttachedFilesystem]] { + _mounts.withLock { $0 } + } + + func withMountRegistry( + _ body: (inout sending [String: [AttachedFilesystem]]) throws -> sending T + ) rethrows -> T { + try _mounts.withLock(body) + } + + // MARK: - HotplugProvider conformance + + func hotplug(_ block: Mount, id: String) async throws -> AttachedFilesystem { + guard case .virtioblk = block.runtimeOptions else { + throw ContainerizationError(.invalidArgument, message: "hotplug requires a virtio-blk mount") + } + + let letter = try allocator.allocate() + let chId = "blk-\(id)-\(letter)" + let disk = CloudHypervisor.DiskConfig( + path: block.source, + readonly: block.options.contains("ro"), + id: chId, + imageType: .raw + ) + + let pci: CloudHypervisor.PciDeviceInfo + do { + pci = try await chCall { try await self.client.vmAddDisk(disk) } + } catch { + try? allocator.release(letter) + throw error + } + + let attached = AttachedFilesystem( + type: block.type, + source: "/dev/vd\(letter)", + destination: block.destination, + options: block.options + ) + + _records.withLock { + $0[id, default: []].append(HotplugRecord(chDeviceId: pci.id, kind: .block(letter: letter))) + } + return attached + } + + func registerMounts(id: String, rootfs: AttachedFilesystem, additionalMounts: [Mount]) throws { + var attached: [AttachedFilesystem] = [rootfs] + for mount in additionalMounts { + attached.append(try AttachedFilesystem(mount: mount, allocator: allocator)) + } + _mounts.withLock { + $0[id, default: []].append(contentsOf: attached) + } + } + + func releaseHotplug(id: String) async throws { + let popped: [HotplugRecord] = _records.withLock { records in + let all = records[id] ?? [] + let blocks = all.filter { record in + if case .block = record.kind { return true } + return false + } + let remaining = all.filter { record in + if case .block = record.kind { return false } + return true + } + if remaining.isEmpty { + records.removeValue(forKey: id) + } else { + records[id] = remaining + } + return blocks + } + + for rec in popped { + do { + try await chCall { try await self.client.vmRemoveDevice(id: rec.chDeviceId) } + } catch { + logger?.warning("vmRemoveDevice failed for \(rec.chDeviceId): \(error)") + } + if case .block(let letter) = rec.kind { + try? allocator.release(letter) + } + } + + // Drop block-derived AttachedFilesystem entries for `id`. Block entries + // are the ones whose source was rewritten to "/dev/vd" by + // `hotplug(_:)` (or by AttachedFilesystem(mount:allocator:) for an + // additionalMount of type virtio-blk). + _mounts.withLock { state in + guard var perID = state[id] else { return } + perID.removeAll { $0.source.hasPrefix("/dev/vd") } + if perID.isEmpty { + state.removeValue(forKey: id) + } else { + state[id] = perID + } + } + } + + func hotplugVirtioFS(_ mounts: [Mount], id: String) async throws { + let virtiofs = mounts.filter { + if case .virtiofs = $0.runtimeOptions { return true } + return false + } + guard !virtiofs.isEmpty else { return } + + // Group by tag (source-hash). Multiple Mounts to the same source dir + // share a tag and a single virtiofsd. + var byTag: [String: [Mount]] = [:] + for mount in virtiofs { + let tag = try hashFilePath(path: mount.source) + byTag[tag, default: []].append(mount) + } + + for (tag, group) in byTag { + // Hold spawnLock across the existence check and the spawn / + // _tags write so two concurrent calls for the same tag can't + // both decide alreadyRunning=false and double-spawn virtiofsd + // (the second write would clobber the first in `_tags`, + // orphaning that process). + try await spawnLock.withLock { _ in + // Build per-container AttachedFilesystem entries up front. + // These depend only on Mount + allocator and don't need the + // chDeviceId, so surfacing any error here keeps the + // transactional shape: nothing irreversible has happened + // yet, no virtiofsd has spawned, no _tags entry written. + var attached: [AttachedFilesystem] = [] + for mount in group { + attached.append(try AttachedFilesystem(mount: mount, allocator: self.allocator)) + } + + let chDeviceId: String + + // Refcount-bump path. If a virtiofsd already serves this + // tag, increment refcount and use the cached deviceId. + let cachedDeviceId: String? = self._tags.withLock { tags in + if var state = tags[tag] { + state.refcount += 1 + tags[tag] = state + return state.chDeviceId + } + return nil + } + + if let cached = cachedDeviceId { + chDeviceId = cached + } else { + // First-spawn path. Walk: spawn → vmAddFs → commit _tags, + // with rollback at every step so a partial failure can't + // leave a virtiofsd running unrecorded. + let socket = chVirtiofsSocketURL(workDir: self.workDir, tag: tag) + let readonly = group.allSatisfy { $0.options.contains("ro") } + guard let source = group.first?.source else { return } + let virtiofsdBinary = try CHVirtualMachineManager.resolveBinary( + self.virtiofsdBinaryOverride, + name: "virtiofsd" + ) + + let process = VirtiofsdProcess( + config: .init( + binary: virtiofsdBinary, + socketPath: socket, + sharedDir: URL(fileURLWithPath: source), + readonly: readonly + ), + logger: self.logger + ) + + try await process.start() + + let fsConfig = CloudHypervisor.FsConfig( + tag: tag, + socket: socket.path, + id: "fs-\(tag)" + ) + let pci: CloudHypervisor.PciDeviceInfo + do { + pci = try await chCall { try await self.client.vmAddFs(fsConfig) } + } catch { + await process.terminate(graceSeconds: 5) + try? FileManager.default.removeItem(at: socket) + throw error + } + + self._tags.withLock { + $0[tag] = VirtiofsdTagState(process: process, refcount: 1, chDeviceId: pci.id) + } + chDeviceId = pci.id + } + + // Bookkeeping. Both writes are non-throwing closures, and + // `attached` was built up front, so once we reach here + // nothing can fail between the refcount/spawn commit above + // and the per-container record below — the orphan window + // (tag committed, record missing) is closed. + self._records.withLock { + $0[id, default: []].append(HotplugRecord(chDeviceId: chDeviceId, kind: .virtiofs(tag: tag))) + } + self._mounts.withLock { + $0[id, default: []].append(contentsOf: attached) + } + } + } + } + + func releaseVirtioFS(id: String) async throws { + let popped: [HotplugRecord] = _records.withLock { records in + let all = records[id] ?? [] + let fs = all.filter { record in + if case .virtiofs = record.kind { return true } + return false + } + let remaining = all.filter { record in + if case .virtiofs = record.kind { return false } + return true + } + if remaining.isEmpty { + records.removeValue(forKey: id) + } else { + records[id] = remaining + } + return fs + } + + var processesToStop: [(VirtiofsdProcess, String, String)] = [] // (process, tag, chDeviceId) + for rec in popped { + guard case .virtiofs(let tag) = rec.kind else { continue } + _tags.withLock { tags in + guard var state = tags[tag] else { return } + state.refcount -= 1 + if state.refcount <= 0 { + tags.removeValue(forKey: tag) + processesToStop.append((state.process, tag, state.chDeviceId)) + } else { + tags[tag] = state + } + } + } + + for (process, tag, chDeviceId) in processesToStop { + do { + try await chCall { try await self.client.vmRemoveDevice(id: chDeviceId) } + } catch { + logger?.warning("vmRemoveDevice failed for \(chDeviceId): \(error)") + } + await process.terminate(graceSeconds: 5) + let socket = chVirtiofsSocketURL(workDir: workDir, tag: tag) + try? FileManager.default.removeItem(at: socket) + } + + // Drop virtiofs AttachedFilesystem entries for `id`. AttachedFilesystem + // sets `type = mount.type` which for a `.virtiofs` mount is "virtiofs". + _mounts.withLock { state in + guard var perID = state[id] else { return } + perID.removeAll { $0.type == "virtiofs" } + if perID.isEmpty { + state.removeValue(forKey: id) + } else { + state[id] = perID + } + } + } + + // MARK: - Boot-time + shutdown hooks (used by CHVirtualMachineInstance) + + /// Record a virtiofsd that was started as part of `start()`'s initial + /// `VmConfig.fs` (rather than a runtime `vm.add-fs`). The `chDeviceId` + /// is the user-supplied `FsConfig.id` (which `vm.remove-device` keys on). + /// `ownerIds` are the container ids that count toward this tag's refcount; + /// each gets a `HotplugRecord` so `releaseVirtioFS(id:)` walks them + /// uniformly. + func recordBootTimeVirtiofs( + tag: String, + process: VirtiofsdProcess, + chDeviceId: String, + ownerIds: [String] + ) { + _tags.withLock { + $0[tag] = VirtiofsdTagState(process: process, refcount: ownerIds.count, chDeviceId: chDeviceId) + } + _records.withLock { records in + for id in ownerIds { + records[id, default: []].append(HotplugRecord(chDeviceId: chDeviceId, kind: .virtiofs(tag: tag))) + } + } + } + + /// Called from `CHVirtualMachineInstance.stop()` to terminate any + /// virtiofsd subprocesses still alive. The CH side teardown is handled by + /// `chProcess.terminate()`. + func shutdown() async { + let processes = _tags.withLock { tags -> [VirtiofsdProcess] in + let all = tags.values.map(\.process) + tags.removeAll() + return all + } + _records.withLock { $0.removeAll() } + + for process in processes { + await process.terminate(graceSeconds: 5) + } + } +} + +// MARK: - Error translation + +/// Wraps a closure that may throw `CloudHypervisor.Error`, translating it into +/// `ContainerizationError` per spec §6 so callers of the public API only see +/// `ContainerizationError`. +func chCall(_ block: @Sendable () async throws -> T) async throws -> T { + do { + return try await block() + } catch let error as CloudHypervisor.Error { + switch error { + case .http(let status, let body): + let bodyStr = String(data: body, encoding: .utf8) ?? "" + if status == .notFound { + throw ContainerizationError(.notFound, message: "cloud-hypervisor 404: \(bodyStr)") + } + if status == .badRequest { + throw ContainerizationError(.invalidArgument, message: "cloud-hypervisor 400: \(bodyStr)") + } + throw ContainerizationError( + .internalError, + message: "cloud-hypervisor HTTP \(status.code): \(bodyStr)" + ) + case .transport(let underlying): + throw ContainerizationError(.internalError, message: "cloud-hypervisor transport error", cause: underlying) + case .decoding(let underlying, _): + throw ContainerizationError(.internalError, message: "cloud-hypervisor response decode error", cause: underlying) + case .invalidSocketPath(let path): + throw ContainerizationError(.invalidArgument, message: "invalid cloud-hypervisor socket path: \(path)") + } + } +} +#endif diff --git a/Sources/Containerization/CHInstanceExtension.swift b/Sources/Containerization/CHInstanceExtension.swift new file mode 100644 index 0000000..8012147 --- /dev/null +++ b/Sources/Containerization/CHInstanceExtension.swift @@ -0,0 +1,46 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import CloudHypervisor + +/// Extension hook for `CHVirtualMachineInstance` lifecycle. Append conforming +/// types to `Configuration.extensions` to participate in VM setup and +/// teardown without subclassing. +/// +/// All methods have no-op defaults so a conforming type only needs to +/// implement the hooks it actually cares about. +public protocol CHInstanceExtension: Sendable { + /// Mutate the cloud-hypervisor `VmConfig` before the VM is created. + /// Called by `start()` after the base config is built but before + /// `vm.create` is dispatched to the VMM. + func configureCH(_ config: inout CloudHypervisor.VmConfig) throws + + /// Called once the VM has been created and booted but before + /// `start()` returns to the caller. + func didCreate(_ instance: CHVirtualMachineInstance) throws + + /// Called from `stop()` before the VM is shut down. Errors are + /// best-effort — `stop()` swallows them. + func willStop(_ instance: CHVirtualMachineInstance) async throws +} + +extension CHInstanceExtension { + public func configureCH(_ config: inout CloudHypervisor.VmConfig) throws {} + public func didCreate(_ instance: CHVirtualMachineInstance) throws {} + public func willStop(_ instance: CHVirtualMachineInstance) async throws {} +} +#endif diff --git a/Sources/Containerization/CHInterface.swift b/Sources/Containerization/CHInterface.swift new file mode 100644 index 0000000..459209f --- /dev/null +++ b/Sources/Containerization/CHInterface.swift @@ -0,0 +1,68 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import CloudHypervisor +import ContainerizationExtras + +/// An `Interface` specialization that can produce a `CloudHypervisor.NetConfig` +/// describing how the cloud-hypervisor VMM should attach the device. +public protocol CHInterface { + func chNetConfig() throws -> CloudHypervisor.NetConfig +} + +/// A TAP-backed network interface for the cloud-hypervisor backend. +/// +/// IP configuration on the guest side is delegated to `vminitd` (matching the +/// macOS path). `chNetConfig()` therefore leaves CH's `ip`/`mask` fields nil — +/// those would assign an address to the host end of the TAP, which we do not +/// use. Bringing up the TAP and any bridge/NAT plumbing is the caller's +/// responsibility. +public struct TAPInterface: CHInterface, Interface, Sendable { + public let tapName: String + public let ipv4Address: CIDRv4 + public let ipv4Gateway: IPv4Address? + public let macAddress: MACAddress? + public let mtu: UInt32 + + public init( + tapName: String, + ipv4Address: CIDRv4, + ipv4Gateway: IPv4Address? = nil, + macAddress: MACAddress? = nil, + mtu: UInt32 = 1500 + ) { + self.tapName = tapName + self.ipv4Address = ipv4Address + self.ipv4Gateway = ipv4Gateway + self.macAddress = macAddress + self.mtu = mtu + } + + public func chNetConfig() throws -> CloudHypervisor.NetConfig { + CloudHypervisor.NetConfig( + tap: tapName, + ip: nil, + mask: nil, + mac: macAddress?.description, + mtu: Int(mtu), + numQueues: nil, + queueSize: nil, + id: nil + ) + } +} +#endif diff --git a/Sources/Containerization/CHProcess.swift b/Sources/Containerization/CHProcess.swift new file mode 100644 index 0000000..fd1c6b1 --- /dev/null +++ b/Sources/Containerization/CHProcess.swift @@ -0,0 +1,211 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import ContainerizationExtras +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +/// A managed `cloud-hypervisor` subprocess. +/// +/// Owns spawning the binary with `--api-socket `, attaching stdout/stderr +/// per the supplied `BootLog`, and tearing it down with a SIGTERM/SIGKILL ladder. +/// One `CHProcess` per VM. Not safe to call `start()` more than once. +final class CHProcess: Sendable { + struct Config: Sendable { + let binary: URL + let apiSocketPath: URL + let bootLog: BootLog? + } + + enum ExitReason: Sendable, Equatable { + case exited(Int32) + case signalled(Int32) + case unknown + } + + private struct State { + var command: Command? + var bootLogHandle: FileHandle? + var exitTask: Task? + } + + private let config: Config + private let logger: Logger? + private let state: Mutex + + init(config: Config, logger: Logger?) { + self.config = config + self.logger = logger + self.state = Mutex(State(command: nil, bootLogHandle: nil, exitTask: nil)) + } + + /// Spawn the cloud-hypervisor binary and wait for its API socket to accept + /// connections. Throws `ContainerizationError(.timeout, ...)` if the socket + /// is not connectable within the bounded poll deadline. + func start() async throws { + let logHandle = try Self.openBootLogHandle(config.bootLog) + var arguments = ["--api-socket", config.apiSocketPath.path] + if SandboxOverrides.chSeccompDisabled { + // `--seccomp false`: cloud-hypervisor's default seccomp profile + // SIGSYS-kills the VMM on syscalls it didn't anticipate. Inside + // apple/container's --virtualization dev container the unix-vsock + // muxer's accept(2)/connect(2) interactions on per-port UDS files + // trip the filter and CH dies mid-process-start, surfacing on the + // host as "Stream unexpectedly closed" on the vminitd gRPC channel. + // Opt-in via CONTAINERIZATION_NO_CH_SECCOMP=1; default = secure. + logger?.warning( + "cloud-hypervisor launching with --seccomp false (CONTAINERIZATION_NO_CH_SECCOMP=1) — VMM seccomp filter disabled" + ) + arguments.append(contentsOf: ["--seccomp", "false"]) + } + var command = Command( + config.binary.path, + arguments: arguments, + environment: ChildEnvironment.minimal() + ) + command.stdout = logHandle + command.stderr = logHandle + // Run cloud-hypervisor in its own session. Without setsid, the VMM + // shares the parent process group and inherits SIGINT/SIGQUIT from + // the controlling TTY (e.g. Ctrl-C in `cctl run`), dying alongside + // the parent before our own teardown ladder (terminate → wait) gets + // a chance to run an orderly shutdown. + command.attrs.setsid = true + + do { + try command.start() + } catch { + try? logHandle?.close() + throw error + } + + let exitTask = Task.detached { [command, logger] in + do { + let status = try command.wait() + if status >= 128 { + return .signalled(status - 128) + } + return .exited(status) + } catch { + logger?.error("cloud-hypervisor wait failed: \(error)") + return .unknown + } + } + + state.withLock { + $0.command = command + $0.bootLogHandle = logHandle + $0.exitTask = exitTask + } + + try await waitForAPISocket() + } + + /// Wait for the subprocess to exit. Resolves with the cached `ExitReason` + /// once `wait4` has returned. Safe to call any number of times. + func wait() async -> ExitReason { + guard let task = state.withLock({ $0.exitTask }) else { + return .unknown + } + return await task.value + } + + /// Send SIGTERM, then SIGKILL after `graceSeconds` if the process is still + /// running. Returns once the process has been reaped. + func terminate(graceSeconds: UInt32) async { + guard let command = state.withLock({ $0.command }) else { return } + + _ = command.kill(SIGTERM) + + do { + try await Timeout.run(for: .seconds(Int(graceSeconds))) { + _ = await self.wait() + } + } catch { + logger?.warning("cloud-hypervisor did not exit within \(graceSeconds)s, sending SIGKILL") + _ = command.kill(SIGKILL) + _ = await wait() + } + + state.withLock { + try? $0.bootLogHandle?.close() + $0.bootLogHandle = nil + } + } + + // MARK: - Private helpers + + private static let socketDeadline: Duration = .seconds(2) + private static let socketPollInterval: Duration = .milliseconds(50) + + private func waitForAPISocket() async throws { + let clock = ContinuousClock() + let deadline = clock.now.advanced(by: Self.socketDeadline) + + while clock.now < deadline { + if Self.isAPISocketReady(at: config.apiSocketPath) { + return + } + try? await Task.sleep(for: Self.socketPollInterval) + } + + await terminate(graceSeconds: 5) + throw ContainerizationError( + .timeout, + message: "cloud-hypervisor API socket not connectable at \(config.apiSocketPath.path) within \(Self.socketDeadline)" + ) + } + + private static func isAPISocketReady(at url: URL) -> Bool { + guard let unix = try? UnixType(path: url.path) else { return false } + guard let socket = try? Socket(type: unix) else { return false } + defer { try? socket.close() } + do { + try socket.connect() + return true + } catch { + return false + } + } + + private static func openBootLogHandle(_ bootLog: BootLog?) throws -> FileHandle? { + guard let bootLog else { return nil } + switch bootLog.base { + case .file(let path, let append): + var flags = O_WRONLY | O_CREAT + flags |= append ? O_APPEND : O_TRUNC + let fd = open(path.path, flags, 0o644) + guard fd >= 0 else { + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + return FileHandle(fileDescriptor: fd, closeOnDealloc: true) + case .fileHandle(let handle): + return handle + } + } + +} +#endif diff --git a/Sources/Containerization/CHVirtualMachineInstance.swift b/Sources/Containerization/CHVirtualMachineInstance.swift new file mode 100644 index 0000000..122f592 --- /dev/null +++ b/Sources/Containerization/CHVirtualMachineInstance.swift @@ -0,0 +1,753 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import CloudHypervisor +import ContainerizationError +import ContainerizationExtras +import ContainerizationOS +import Foundation +import Logging +import NIOCore +import NIOPosix +import Synchronization + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +/// Cloud-hypervisor backed virtual machine instance. +/// +/// One CH subprocess per VM. Connects to the same `Vminitd` guest agent the +/// macOS path uses, so guest-side semantics are unchanged. This file is the +/// D1 scaffold — `start`/`stop`/`dialAgent`/`dial`/`listen` throw +/// `.unsupported` until D3–D5 fill them in. Hotplug methods delegate to +/// `CHHotplugProvider` (stubbed in D0, real in D2). +public final class CHVirtualMachineInstance: Sendable { + public typealias Agent = Vminitd + + /// VM-instance configuration. Mirrors the macOS `VZVirtualMachineInstance.Configuration`, + /// minus rosetta / nested-virt (which are macOS-only concepts). + public struct Configuration: Sendable { + public var cpus: Int + public var memoryInBytes: UInt64 + public var mountsByID: [String: [Mount]] + public var interfaces: [any Interface] + public var kernel: Kernel? + public var initialFilesystem: Mount? + public var bootLog: BootLog? + public var extensions: [any Sendable] = [] + + public init() { + self.cpus = 4 + self.memoryInBytes = 1024 * 1024 * 1024 + self.mountsByID = [:] + self.interfaces = [] + } + } + + /// One boot-time virtio-blk disk. Built deterministically in `init` so + /// `start()`'s `VmConfig.disks` ordering matches the allocator letters. + struct BootDisk: Sendable { + let mount: Mount + let containerId: String? // nil for rootfs + let letter: Character + } + + // MARK: - State + + private let _state: Mutex + public var state: VirtualMachineInstanceState { + _state.withLock { $0 } + } + + public var mounts: [String: [AttachedFilesystem]] { + hotplug.mounts + } + + /// Cloud-hypervisor exposes one virtio-fs device per source-hash tag, so + /// guests must mount each tag separately at `/run/virtiofs/` rather + /// than using a single unified-share device. + public var virtiofsLayout: VirtiofsLayout { .perTag } + + /// Block-letter allocator shared between the boot wiring (already + /// reserved in `init` via `bootDisks`) and runtime hotplug (D2). + let blockAllocator: any AddressAllocator + + /// Boot-time disks in the order their letters were allocated. D3 maps + /// these into `VmConfig.disks`. + let bootDisks: [BootDisk] + + /// Owned resources + let workDir: URL + let config: Configuration + let chProcess: CHProcess + let client: CloudHypervisor.Client + let hotplug: CHHotplugProvider + let virtiofsdBinaryOverride: URL? + let group: any EventLoopGroup + private let ownsGroup: Bool + private let lock: AsyncLock + private let timeSyncer: TimeSyncer + let logger: Logger? + + /// Pre-bound vsock listener pool for stdio. apple/container's + /// `--virtualization` mode hands the cloud-hypervisor child process a + /// snapshotted filesystem view at fork time, so files written under the + /// per-VM workDir AFTER cloud-hypervisor starts are invisible to CH. + /// We work around this by binding a fixed range of `vsock.sock_` + /// listener files BEFORE launching CH; `vm.listen(_:)` then consumes + /// pre-bound entries from this pool instead of binding on demand. + /// Range covers `LinuxContainer.hostVsockPorts` initial value + /// (`0x10000000`) through the next `stdioPoolSize` sequential ports — + /// enough for `[stdin,stdout,stderr] x N` processes per VM. Bump + /// `stdioPoolSize` if you need more concurrent stdio streams than that. + static let stdioPoolBase: UInt32 = 0x1000_0000 + static let stdioPoolSize: Int = 16 + private struct PreboundListener: Sendable { + let port: UInt32 + let listenFd: Int32 + let path: URL + } + private let _stdioPool: Mutex<[UInt32: PreboundListener]> + + public convenience init( + group: (any EventLoopGroup)? = nil, + runtimeRoot: URL, + chBinary: URL, + virtiofsdBinary: URL?, + logger: Logger? = nil, + with: (inout Configuration) throws -> Void + ) throws { + var config = Configuration() + try with(&config) + try self.init( + group: group, + config: config, + runtimeRoot: runtimeRoot, + chBinary: chBinary, + virtiofsdBinary: virtiofsdBinary, + logger: logger + ) + } + + init( + group: (any EventLoopGroup)?, + config: Configuration, + runtimeRoot: URL, + chBinary: URL, + virtiofsdBinary: URL?, + logger: Logger? + ) throws { + // 1. Working directory: per-instance under runtimeRoot. Mode 0o700 + // so the per-VM UDS sockets inside (api.sock, vsock.sock, vfs-*) + // aren't reachable by other local users — the gRPC channel into + // vminitd has no peer authentication, so socket-file perms are + // the trust boundary. + let workDir = runtimeRoot.appendingPathComponent(UUID().uuidString) + try FileManager.default.createDirectory( + at: workDir, + withIntermediateDirectories: true, + attributes: [.posixPermissions: 0o700] + ) + self.workDir = workDir + + // 2. Block allocator + boot inventory. Walks rootfs first, then + // mountsByID sorted by container id, allocating disk letters in + // that order. The same allocator is later handed to the hotplug + // provider so runtime add-disk picks up where boot wiring left off. + let allocator = Character.blockDeviceTagAllocator() + let inventory = try config.bootInventory(allocator: allocator) + self.blockAllocator = allocator + self.bootDisks = inventory.bootDisks + + // 3. EventLoopGroup + if let group { + self.ownsGroup = false + self.group = group + } else { + self.ownsGroup = true + self.group = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount) + } + + // 4. CHProcess + REST client. The api socket lives next to the workDir. + let apiSocket = workDir.appendingPathComponent("api.sock") + self.chProcess = CHProcess( + config: .init( + binary: chBinary, + apiSocketPath: apiSocket, + bootLog: config.bootLog + ), + logger: logger + ) + self.client = try CloudHypervisor.Client( + socketPath: apiSocket, + eventLoopGroup: self.group, + logger: logger ?? Logger(label: "CloudHypervisor.Client") + ) + + // 5. Hotplug provider — owns the mount registry, seeded with the + // boot inventory so registerMounts can append to it. + self.hotplug = CHHotplugProvider( + client: self.client, + workDir: workDir, + virtiofsdBinary: virtiofsdBinary, + allocator: allocator, + initialMounts: inventory.attachments, + logger: logger + ) + + // 6. Misc + self.config = config + self.virtiofsdBinaryOverride = virtiofsdBinary + self.logger = logger + self.lock = .init() + self.timeSyncer = .init(logger: logger) + self._state = Mutex(.stopped) + self._stdioPool = Mutex([:]) + } + + /// Mutate the mount registry. Forwards to the hotplug provider, which + /// owns the registry. Kept on the instance for parity with the macOS + /// path's `withMountRegistry` API. + func withMountRegistry(_ body: (inout sending [String: [AttachedFilesystem]]) throws -> sending T) rethrows -> T { + try hotplug.withMountRegistry(body) + } +} + +// MARK: - VirtualMachineInstance conformance (stubbed; D3–D5 fill these in) + +extension CHVirtualMachineInstance: VirtualMachineInstance { + public func start() async throws { + try await lock.withLock { _ in + guard self.state == .stopped else { + throw ContainerizationError( + .invalidState, + message: "virtual machine is not stopped (\(self.state))" + ) + } + self._state.withLock { $0 = .starting } + + do { + var vmConfig = try await self.buildVmConfig() + for ext in self.config.extensions.compactMap({ $0 as? any CHInstanceExtension }) { + try ext.configureCH(&vmConfig) + } + let finalConfig = vmConfig + + // Pre-bind the stdio vsock listener pool before launching CH. + // CH inherits a fs snapshot at fork time and is blind to + // anything we add to workDir after — see `_stdioPool` doc. + try self.prebindStdioPool() + + try await self.chProcess.start() + + try await chCall { try await self.client.vmCreate(finalConfig) } + try await chCall { try await self.client.vmBoot() } + + let fh = try await self.dialVminitdWithRetries() + let agent = try await Vminitd(connection: fh, group: self.group) + await self.timeSyncer.start(context: agent) + + for ext in self.config.extensions.compactMap({ $0 as? any CHInstanceExtension }) { + try ext.didCreate(self) + } + + self._state.withLock { $0 = .running } + } catch { + self.logger?.warning("CH VM start failed; tearing down partial resources: \(error)") + await self.teardownAfterFailedStart() + self._state.withLock { $0 = .stopped } + throw error + } + } + } + + /// Reverse the side effects of any partially-completed `start()`: + /// terminate cloud-hypervisor, kill registered virtiofsd processes, + /// close pre-bound stdio listener fds, remove the workDir, and shut + /// down the owned event-loop group. All steps are best-effort and + /// safe to invoke whether the corresponding `start()` step ran or not. + private func teardownAfterFailedStart() async { + try? await self.timeSyncer.close() + + // chProcess.terminate() is a no-op if `start()` never reached the + // spawn — otherwise SIGTERM / SIGKILL ladder + reap. + await self.chProcess.terminate(graceSeconds: 5) + + // Kills every virtiofsd registered by buildVmConfig (boot-time) or + // by an in-flight hotplug. Empty if neither ran. + await self.hotplug.shutdown() + + // Close pre-bound stdio listener fds the start path opened in + // prebindStdioPool. Files unlink with workDir below. + let leftover = self._stdioPool.withLock { pool -> [PreboundListener] in + let entries = Array(pool.values) + pool.removeAll() + return entries + } + for entry in leftover { + _ = close(entry.listenFd) + } + + try? FileManager.default.removeItem(at: self.workDir) + + // Drain the AHC HTTP client before shutting down the shared + // event-loop group, same rationale as `stop()`: AHC's deferred + // connection cleanup must not outlive the group it's parked on. + try? await self.client.shutdown() + + if self.ownsGroup { + try? await self.group.shutdownGracefully() + } + } + + public func stop() async throws { + try await lock.withLock { _ in + guard self.state == .running else { + throw ContainerizationError(.invalidState, message: "vm is not running") + } + self._state.withLock { $0 = .stopping } + + try? await self.timeSyncer.close() + + for ext in self.config.extensions.compactMap({ $0 as? any CHInstanceExtension }) { + try? await ext.willStop(self) + } + + // Best-effort graceful shutdown via REST. The CH process may + // already be on its way out, so swallow errors from these. + _ = try? await chCall { try await self.client.vmShutdown() } + _ = try? await chCall { try await self.client.vmmShutdown() } + + await self.chProcess.terminate(graceSeconds: 10) + await self.hotplug.shutdown() + + // Drain the AHC HTTP client before tearing down the shared + // event-loop group. AHC parks deferred connection-cleanup + // work on the group's event loops after each response; if we + // shut the group down with that work still pending, NIO + // prints "Cannot schedule tasks on an EventLoop that has + // already shut down" (and will hard-crash in future NIO + // releases). Must run after the last `chCall` above and + // before `group.shutdownGracefully()` below. + try? await self.client.shutdown() + + // Close any listening fds for stdio ports the test never + // consumed. The files themselves are removed when workDir is + // unlinked below. + let leftover = self._stdioPool.withLock { pool -> [PreboundListener] in + let entries = Array(pool.values) + pool.removeAll() + return entries + } + for entry in leftover { + _ = close(entry.listenFd) + } + + if self.ownsGroup { + try? await self.group.shutdownGracefully() + } + + try? FileManager.default.removeItem(at: self.workDir) + + self._state.withLock { $0 = .stopped } + } + } + + public func dialAgent() async throws -> Vminitd { + try await lock.withLock { _ in + try self.requireRunning() + let fh = try await chVsockDial( + baseSocket: self.workDir.appendingPathComponent("vsock.sock"), + port: Vminitd.port + ) + return try await Vminitd(connection: fh, group: self.group) + } + } + + public func dial(_ port: UInt32) async throws -> FileHandle { + try await lock.withLock { _ in + try self.requireRunning() + return try await chVsockDial( + baseSocket: self.workDir.appendingPathComponent("vsock.sock"), + port: port + ) + } + } + + /// Reject vsock dials when the VM isn't actually running. Without this, + /// a dial issued after `stop()` (or before `start()` finished) raced + /// against `workDir` removal and surfaced as an opaque "connect: No + /// such file or directory" instead of a clear lifecycle error. + private func requireRunning() throws { + let current = self.state + guard current == .running else { + throw ContainerizationError( + .invalidState, + message: "vm is not running (state=\(current))" + ) + } + } + + public func listen(_ port: UInt32) throws -> VsockListener { + // Consume from the pre-bound pool (see `_stdioPool` doc). + let prebound = _stdioPool.withLock { $0.removeValue(forKey: port) } + guard let prebound else { + throw ContainerizationError( + .invalidArgument, + message: "vsock port \(port) was not pre-bound; only ports " + + "\(Self.stdioPoolBase)..<\(Self.stdioPoolBase + UInt32(Self.stdioPoolSize)) " + + "are available for stdio. Increase CHVirtualMachineInstance.stdioPoolSize " + + "if you need more concurrent stdio streams per VM." + ) + } + let listenFd = prebound.listenFd + let path = prebound.path + logger?.debug("vsock listen consuming pool entry port=\(port) path=\(path.path)") + let listener = VsockListener(port: port) { [path, listenFd, logger] _ in + logger?.debug("vsock listen finishing port=\(port) closing listenFd=\(listenFd)") + _ = close(listenFd) + try? FileManager.default.removeItem(at: path) + } + let acceptLogger = logger + // The accept loop calls a blocking accept() syscall, which is + // inappropriate for Swift's cooperative thread pool: a pool thread + // pinned to accept() can't service other tasks until the syscall + // returns. With even a few leaked accept loops (e.g. when a test's + // setupIO times out and the listener is finished only when the + // 30s timer fires), Task.detached'd accept loops queue behind the + // pinned threads and never run, manifesting as the "vsock acceptLoop + // starting" log being silent and the dial-back never being seen by + // the host. Use libdispatch's global queue instead — it spawns + // OS threads on demand and is the right tool for blocking syscalls. + DispatchQueue.global(qos: .userInitiated).async { [listener, listenFd] in + acceptLogger?.debug("vsock acceptLoop starting port=\(listener.port) listenFd=\(listenFd)") + Self.acceptLoop(listenFd: listenFd, into: listener, logger: acceptLogger) + acceptLogger?.debug("vsock acceptLoop exited port=\(listener.port)") + } + return listener + } + + /// Bind every port in `stdioPoolBase../vsock.sock_`. Must run before + /// `chProcess.start()` so the files end up in CH's snapshot view of + /// the workDir. Files for ports never consumed are removed during + /// `stop()` along with the rest of `workDir`; the listening fds are + /// closed there too. + private func prebindStdioPool() throws { + let base = workDir.appendingPathComponent("vsock.sock") + var pool: [UInt32: PreboundListener] = [:] + pool.reserveCapacity(Self.stdioPoolSize) + do { + for offset in 0.. AttachedFilesystem { + try await hotplug.hotplug(block, id: id) + } + + public func releaseHotplug(id: String) async throws { + try await hotplug.releaseHotplug(id: id) + } + + public func hotplugVirtioFS(_ mounts: [Mount], id: String) async throws { + try await hotplug.hotplugVirtioFS(mounts, id: id) + } + + public func releaseVirtioFS(id: String) async throws { + try await hotplug.releaseVirtioFS(id: id) + } + + public func registerMounts(id: String, rootfs: AttachedFilesystem, additionalMounts: [Mount]) throws { + try hotplug.registerMounts(id: id, rootfs: rootfs, additionalMounts: additionalMounts) + } +} + +// MARK: - VmConfig + vminitd dial helpers + +extension CHVirtualMachineInstance { + /// Build the cloud-hypervisor `VmConfig` from `config`. Spawns one + /// `virtiofsd` per unique boot-time virtiofs source-hash tag and registers + /// each with the hotplug provider so `releaseVirtioFS(id:)` and `stop()` + /// can reclaim them. + private func buildVmConfig() async throws -> CloudHypervisor.VmConfig { + guard let kernel = config.kernel else { + throw ContainerizationError(.invalidArgument, message: "kernel is required for cloud-hypervisor backend") + } + guard let rootfs = config.initialFilesystem else { + throw ContainerizationError(.invalidArgument, message: "initialFilesystem is required for cloud-hypervisor backend") + } + + // Disks: rootfs forced read-only at the device level; container disks + // honor their `ro` option through chDiskConfig. + var disks: [CloudHypervisor.DiskConfig] = [] + for bd in bootDisks { + let chId = bd.containerId.map { "blk-\($0)-\(bd.letter)" } ?? "rootfs" + if var disk = bd.mount.chDiskConfig(id: chId) { + if bd.containerId == nil { + disk.readonly = true + } + disks.append(disk) + } + } + + // Virtiofs: group all .virtiofs mounts in mountsByID by source-hash + // tag, spawn one virtiofsd per tag, build matching FsConfigs. + var byTag: [String: (mounts: [Mount], owners: [String])] = [:] + for cid in config.mountsByID.keys.sorted() { + guard let mounts = config.mountsByID[cid] else { continue } + for mount in mounts { + guard case .virtiofs = mount.runtimeOptions else { continue } + let tag = try hashFilePath(path: mount.source) + var entry = byTag[tag] ?? (mounts: [], owners: []) + entry.mounts.append(mount) + if !entry.owners.contains(cid) { + entry.owners.append(cid) + } + byTag[tag] = entry + } + } + + var fsConfigs: [CloudHypervisor.FsConfig] = [] + // Resolve virtiofsd lazily — only if we actually have any virtiofs + // mounts at boot. A block-only VM doesn't require virtiofsd. + let resolvedVirtiofsdBinary: URL? = + byTag.isEmpty + ? nil + : try CHVirtualMachineManager.resolveBinary(virtiofsdBinaryOverride, name: "virtiofsd") + for (tag, entry) in byTag { + guard let source = entry.mounts.first?.source else { continue } + guard let binary = resolvedVirtiofsdBinary else { continue } + let socket = chVirtiofsSocketURL(workDir: workDir, tag: tag) + let readonly = entry.mounts.allSatisfy { $0.options.contains("ro") } + let chDeviceId = "fs-\(tag)" + + let process = VirtiofsdProcess( + config: .init( + binary: binary, + socketPath: socket, + sharedDir: URL(fileURLWithPath: source), + readonly: readonly + ), + logger: logger + ) + try await process.start() + + hotplug.recordBootTimeVirtiofs( + tag: tag, + process: process, + chDeviceId: chDeviceId, + ownerIds: entry.owners + ) + + fsConfigs.append( + CloudHypervisor.FsConfig( + tag: tag, + socket: socket.path, + id: chDeviceId + ) + ) + } + + let net: [CloudHypervisor.NetConfig] = try config.interfaces.compactMap { + try ($0 as? any CHInterface)?.chNetConfig() + } + + let vsock = CloudHypervisor.VsockConfig( + cid: 3, + socket: workDir.appendingPathComponent("vsock.sock").path + ) + + let payload = CloudHypervisor.PayloadConfig( + kernel: kernel.path.path, + cmdline: kernel.linuxCommandline(initialFilesystem: rootfs) + ) + + return CloudHypervisor.VmConfig( + cpus: .init(bootVcpus: config.cpus, maxVcpus: config.cpus), + // `shared: true` is required as soon as any vhost-user device (e.g. + // virtiofsd) is attached — CH rejects `vm.boot` with "Using + // vhost-user requires using shared memory or huge pages" otherwise. + // We set it unconditionally because virtiofs can be added via + // hotplug after boot (CHHotplugProvider.hotplugVirtioFS), and the + // memory config can't be changed once the VM has booted. The + // MAP_SHARED-backed RAM has negligible runtime impact. + memory: .init( + size: Self.alignMemorySize(config.memoryInBytes), + shared: true + ), + payload: payload, + disks: disks.isEmpty ? nil : disks, + net: net.isEmpty ? nil : net, + fs: fsConfigs.isEmpty ? nil : fsConfigs, + vsock: vsock, + // Kernel cmdline is `console=hvc0`, so userspace (vminitd) writes + // to hvc0 — capture that to the bootlog. We deliberately disable + // the pl011 (`serial`) UART entirely with `.Off`. Any non-Off mode + // makes cloud-hypervisor APPEND `earlycon=pl011,mmio,0x...` to + // the kernel cmdline (see CH device_manager.rs add_serial_device), + // which forces every early-boot printk character through an MMIO + // trap into CH's pl011 emulator and adds ~1.5s to VM boot. We + // don't need pl011 — virtio-console is enough — so just turn it + // off. To diagnose pre-virtio-console boot, switch to `.File` and + // re-add `earlycon=pl011,mmio,0x09000000` to the cmdline. + console: Self.consoleConfig(forBootLog: config.bootLog), + serial: .init(mode: .Off) + ) + } + + /// Round `bytes` up to the nearest 2 MiB boundary. Cloud Hypervisor + /// rejects `vm.boot` with "Memory size is misaligned with default page + /// size or its hugepage size" if the memory size isn't a multiple of the + /// guest's page size; 2 MiB is a multiple of both 4 KiB and 64 KiB pages + /// and the standard hugepage size on aarch64. + private static func alignMemorySize(_ bytes: UInt64) -> UInt64 { + let alignment: UInt64 = 2 * 1024 * 1024 + let remainder = bytes % alignment + return remainder == 0 ? bytes : bytes + (alignment - remainder) + } + + private static func consoleConfig(forBootLog bootLog: BootLog?) -> CloudHypervisor.ConsoleConfig { + guard let bootLog else { return .init(mode: .Null) } + switch bootLog.base { + case .file(let path, _): + return .init(mode: .File, file: path.path) + case .fileHandle: + // Cloud Hypervisor's File mode requires a path. For raw FDs we + // could route through a pipe/relay later; for v1 fall back to + // null to avoid silently dropping logs to a wrong place. + return .init(mode: .Null) + } + } + + /// Bounded retry loop for dialing the vminitd vsock port. Absorbs the + /// short delay between `vm.boot` and the guest agent advertising the + /// CONNECT/OK protocol on the host UDS. Vminitd typically becomes ready + /// within a few hundred ms of `vm.boot` returning, so we poll fast at + /// 10 ms intervals (capped at 50 ms) to avoid burning wall-clock in + /// exponential backoff while the guest is already up. Deadline stays + /// at 60s as a safety net for the cold-cache long tail. + private func dialVminitdWithRetries( + deadline: Duration = .seconds(60), + initialDelay: Duration = .milliseconds(10) + ) async throws -> FileHandle { + let baseSocket = workDir.appendingPathComponent("vsock.sock") + let clock = ContinuousClock() + let stop = clock.now.advanced(by: deadline) + var delay = initialDelay + var lastError: any Error = ContainerizationError(.timeout, message: "could not dial vminitd") + while clock.now < stop { + do { + return try await chVsockDial(baseSocket: baseSocket, port: Vminitd.port) + } catch { + lastError = error + try? await Task.sleep(for: delay) + if delay < .milliseconds(50) { + delay = delay * 2 + } + } + } + throw ContainerizationError(.timeout, message: "could not dial vminitd within \(deadline): \(lastError)") + } + + /// Blocking accept loop driving a `VsockListener`. Runs on a detached + /// task because `accept(2)` blocks. Exits when the listening fd is + /// closed (by `VsockListener.finish()`) or the stream consumer + /// terminates. + private static func acceptLoop(listenFd: Int32, into listener: VsockListener, logger: Logger?) { + while true { + logger?.debug("vsock acceptLoop blocking on accept port=\(listener.port) listenFd=\(listenFd)") + let connFd = accept(listenFd, nil, nil) + if connFd < 0 { + let savedErrno = errno + if savedErrno == EINTR { + continue + } + logger?.debug("vsock acceptLoop accept returned \(connFd) errno=\(savedErrno) port=\(listener.port)") + return + } + logger?.debug("vsock acceptLoop accepted connFd=\(connFd) port=\(listener.port)") + let handle = FileHandle(fileDescriptor: connFd, closeOnDealloc: true) + let result = listener.yield(handle) + if case .terminated = result { + logger?.debug("vsock acceptLoop yield terminated port=\(listener.port)") + try? handle.close() + return + } + logger?.debug("vsock acceptLoop yield enqueued port=\(listener.port)") + } + } +} + +// MARK: - Boot inventory + +extension CHVirtualMachineInstance.Configuration { + /// Walks boot-time mounts in deterministic order (rootfs first, then + /// `mountsByID` sorted by container id, then each container's mounts in + /// input order), allocating disk letters for virtio-blk mounts and seeding + /// the per-container `AttachedFilesystem` registry. + /// + /// The allocator is shared with the runtime hotplug provider, so block + /// hotplug picks up at the next free letter after boot. + func bootInventory( + allocator: any AddressAllocator + ) throws -> (attachments: [String: [AttachedFilesystem]], bootDisks: [CHVirtualMachineInstance.BootDisk]) { + var bootDisks: [CHVirtualMachineInstance.BootDisk] = [] + var attachments: [String: [AttachedFilesystem]] = [:] + + // Rootfs is not part of mountsByID. If it's a block device, it claims + // the first letter (vda) so the kernel cmdline `root=/dev/vda` is right. + if let rootfs = self.initialFilesystem, rootfs.isBlock { + let letter = try allocator.allocate() + bootDisks.append(.init(mount: rootfs, containerId: nil, letter: letter)) + } + + for cid in self.mountsByID.keys.sorted() { + guard let mounts = self.mountsByID[cid] else { continue } + var perContainer: [AttachedFilesystem] = [] + for mount in mounts { + let attached = try AttachedFilesystem(mount: mount, allocator: allocator) + if mount.isBlock, let letter = attached.source.last { + bootDisks.append(.init(mount: mount, containerId: cid, letter: letter)) + } + perContainer.append(attached) + } + attachments[cid] = perContainer + } + + return (attachments, bootDisks) + } +} +#endif diff --git a/Sources/Containerization/CHVirtualMachineManager.swift b/Sources/Containerization/CHVirtualMachineManager.swift new file mode 100644 index 0000000..ba20b5d --- /dev/null +++ b/Sources/Containerization/CHVirtualMachineManager.swift @@ -0,0 +1,149 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import Foundation +import Logging +import NIOCore + +/// VirtualMachineManager backed by `cloud-hypervisor` + KVM on Linux. +/// +/// One subprocess per VM. The manager itself is just a factory: kernel, +/// initial filesystem, host binary paths, and a runtime root (under which +/// each instance gets its own working directory). +public struct CHVirtualMachineManager: VirtualMachineManager { + private let kernel: Kernel + private let initialFilesystem: Mount + private let chBinary: URL + private let virtiofsdBinaryOverride: URL? + private let runtimeRoot: URL + private let group: (any EventLoopGroup)? + private let logger: Logger? + + /// - Parameters: + /// - kernel: The Linux kernel image used for every VM this manager creates. + /// - initialFilesystem: The rootfs `Mount` (typically the `init.ext4` + /// blob produced by `make init`). + /// - chBinary: Path to the `cloud-hypervisor` binary; if nil, looked + /// up on `PATH`. Validated at init time. + /// - virtiofsdBinary: Path to `virtiofsd`; if nil, looked up on `PATH` + /// lazily — only when a virtiofs share is actually used. A VM that + /// boots with only block-device mounts can run without virtiofsd + /// installed at all. + /// - runtimeRoot: Directory under which per-VM working directories are + /// created. Defaults to `/run/containerization/ch`. The directory is + /// created with mode `0o700` so per-VM UDS sockets (api.sock, + /// vsock.sock, vfs-*.sock) inside aren't reachable by other local + /// users. `/run` is tmpfs on every modern Linux distro, so contents + /// don't survive reboot — which is the right lifecycle for VM + /// runtime state. + /// - group: Optional shared NIO `EventLoopGroup`; if nil, each VM + /// spawns its own. + public init( + kernel: Kernel, + initialFilesystem: Mount, + chBinary: URL? = nil, + virtiofsdBinary: URL? = nil, + runtimeRoot: URL? = nil, + group: (any EventLoopGroup)? = nil, + logger: Logger? = nil + ) throws { + self.kernel = kernel + self.initialFilesystem = initialFilesystem + self.chBinary = try Self.resolveBinary(chBinary, name: "cloud-hypervisor") + if let virtiofsdBinary { + // Validate explicit overrides at init time so misconfiguration + // surfaces early. PATH-lookup deferral only applies when no + // override is supplied. + guard FileManager.default.isExecutableFile(atPath: virtiofsdBinary.path) else { + throw ContainerizationError( + .notFound, + message: "virtiofsd not executable at \(virtiofsdBinary.path)" + ) + } + } + self.virtiofsdBinaryOverride = virtiofsdBinary + let runtimeRoot = runtimeRoot ?? URL(fileURLWithPath: "/run/containerization/ch") + try FileManager.default.createDirectory( + at: runtimeRoot, + withIntermediateDirectories: true, + attributes: [.posixPermissions: 0o700] + ) + // createDirectory only sets attributes on directories it creates, so + // explicitly tighten an existing dir if a previous run left it at a + // looser mode. + try? FileManager.default.setAttributes([.posixPermissions: 0o700], ofItemAtPath: runtimeRoot.path) + self.runtimeRoot = runtimeRoot + self.group = group + self.logger = logger + } + + public func create(config: some VMCreationConfig) async throws -> any VirtualMachineInstance { + let vmConfig = config.configuration + + var instanceConfig = CHVirtualMachineInstance.Configuration() + instanceConfig.cpus = vmConfig.cpus + instanceConfig.memoryInBytes = vmConfig.memoryInBytes + instanceConfig.interfaces = vmConfig.interfaces + instanceConfig.mountsByID = vmConfig.mountsByID + instanceConfig.bootLog = vmConfig.bootLog + instanceConfig.extensions = vmConfig.extensions + instanceConfig.kernel = kernel + instanceConfig.initialFilesystem = initialFilesystem + + return try CHVirtualMachineInstance( + group: group, + config: instanceConfig, + runtimeRoot: runtimeRoot, + chBinary: chBinary, + virtiofsdBinary: virtiofsdBinaryOverride, + logger: logger + ) + } + + // MARK: - Binary resolution + + /// Resolve a binary path, accepting an explicit override or falling back to + /// `PATH` lookup. Used both at manager init for `cloud-hypervisor` and + /// lazily by the CH instance / hotplug provider for `virtiofsd` so a + /// block-only VM doesn't require virtiofsd to be installed. + static func resolveBinary(_ override: URL?, name: String) throws -> URL { + if let override { + guard FileManager.default.isExecutableFile(atPath: override.path) else { + throw ContainerizationError( + .notFound, + message: "\(name) not executable at \(override.path)" + ) + } + return override + } + + let path = ProcessInfo.processInfo.environment["PATH"] ?? "/usr/local/bin:/usr/bin:/bin" + for dir in path.split(separator: ":") where !dir.isEmpty { + let candidate = URL(fileURLWithPath: String(dir)).appendingPathComponent(name) + if FileManager.default.isExecutableFile(atPath: candidate.path) { + return candidate + } + } + + throw ContainerizationError( + .notFound, + message: "could not find \(name) on PATH; pass an explicit URL to CHVirtualMachineManager.init" + ) + } +} +#endif diff --git a/Sources/Containerization/Container.swift b/Sources/Containerization/Container.swift new file mode 100644 index 0000000..9519525 --- /dev/null +++ b/Sources/Containerization/Container.swift @@ -0,0 +1,27 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// The core protocol container implementations must implement. +public protocol Container { + /// ID for the container. + var id: String { get } + /// The amount of cpus assigned to the container. + var cpus: Int { get } + /// The memory in bytes assigned to the container. + var memoryInBytes: UInt64 { get } + /// The network interfaces assigned to the container. + var interfaces: [any Interface] { get } +} diff --git a/Sources/Containerization/ContainerManager.swift b/Sources/Containerization/ContainerManager.swift new file mode 100644 index 0000000..1b3a408 --- /dev/null +++ b/Sources/Containerization/ContainerManager.swift @@ -0,0 +1,383 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) + +import ContainerizationError +import ContainerizationEXT4 +import ContainerizationOCI +import ContainerizationOS +import Foundation +import ContainerizationExtras +import SystemPackage +import Virtualization + +/// A manager for creating and running containers. +/// Supports container networking options. +public struct ContainerManager: Sendable { + public let imageStore: ImageStore + private let vmm: VirtualMachineManager + private var network: Network? + + private var containerRoot: URL { + self.imageStore.path.appendingPathComponent("containers") + } + + /// Create a new manager with the provided kernel, initfs mount, image store + /// and optional network implementation. This will use a Virtualization.framework + /// backed VMM implicitly. + public init( + kernel: Kernel, + initfs: Mount, + imageStore: ImageStore, + network: Network? = nil, + rosetta: Bool = false, + nestedVirtualization: Bool = false + ) throws { + self.imageStore = imageStore + self.network = network + try Self.createRootDirectory(path: self.imageStore.path) + self.vmm = VZVirtualMachineManager( + kernel: kernel, + initialFilesystem: initfs, + rosetta: rosetta, + nestedVirtualization: nestedVirtualization + ) + } + + /// Create a new manager with the provided kernel, initfs mount, root state + /// directory and optional network implementation. This will use a Virtualization.framework + /// backed VMM implicitly. + public init( + kernel: Kernel, + initfs: Mount, + root: URL? = nil, + network: Network? = nil, + rosetta: Bool = false, + nestedVirtualization: Bool = false + ) throws { + if let root { + self.imageStore = try ImageStore(path: root) + } else { + self.imageStore = ImageStore.default + } + self.network = network + try Self.createRootDirectory(path: self.imageStore.path) + self.vmm = VZVirtualMachineManager( + kernel: kernel, + initialFilesystem: initfs, + rosetta: rosetta, + nestedVirtualization: nestedVirtualization + ) + } + + /// Create a new manager with the provided kernel, initfs reference, image store + /// and optional network implementation. This will use a Virtualization.framework + /// backed VMM implicitly. + public init( + kernel: Kernel, + initfsReference: String, + imageStore: ImageStore, + network: Network? = nil, + rosetta: Bool = false, + nestedVirtualization: Bool = false + ) async throws { + self.imageStore = imageStore + self.network = network + try Self.createRootDirectory(path: self.imageStore.path) + + let initPath = self.imageStore.path.appendingPathComponent("initfs.ext4") + let initImage = try await self.imageStore.getInitImage(reference: initfsReference) + let initfs = try await { + do { + return try await initImage.initBlock(at: initPath, for: .linuxArm) + } catch let err as ContainerizationError { + guard err.code == .exists else { + throw err + } + return .block( + format: "ext4", + source: initPath.absolutePath(), + destination: "/", + options: ["ro"] + ) + } + }() + + self.vmm = VZVirtualMachineManager( + kernel: kernel, + initialFilesystem: initfs, + rosetta: rosetta, + nestedVirtualization: nestedVirtualization + ) + } + + /// Create a new manager with the provided kernel and image reference for the initfs. + /// This will use a Virtualization.framework backed VMM implicitly. + public init( + kernel: Kernel, + initfsReference: String, + root: URL? = nil, + network: Network? = nil, + rosetta: Bool = false, + nestedVirtualization: Bool = false + ) async throws { + if let root { + self.imageStore = try ImageStore(path: root) + } else { + self.imageStore = ImageStore.default + } + self.network = network + try Self.createRootDirectory(path: self.imageStore.path) + + let initPath = self.imageStore.path.appendingPathComponent("initfs.ext4") + let initImage = try await self.imageStore.getInitImage(reference: initfsReference) + let initfs = try await { + do { + return try await initImage.initBlock(at: initPath, for: .linuxArm) + } catch let err as ContainerizationError { + guard err.code == .exists else { + throw err + } + return .block( + format: "ext4", + source: initPath.absolutePath(), + destination: "/", + options: ["ro"] + ) + } + }() + + self.vmm = VZVirtualMachineManager( + kernel: kernel, + initialFilesystem: initfs, + rosetta: rosetta, + nestedVirtualization: nestedVirtualization + ) + } + + /// Create a new manager with the provided vmm and network. + public init( + vmm: any VirtualMachineManager, + network: Network? = nil + ) throws { + self.imageStore = ImageStore.default + try Self.createRootDirectory(path: self.imageStore.path) + self.network = network + self.vmm = vmm + } + + private static func createRootDirectory(path: URL) throws { + try FileManager.default.createDirectory( + at: path.appendingPathComponent("containers"), + withIntermediateDirectories: true + ) + } + + /// Returns a new container from the provided image reference. + /// - Parameters: + /// - id: The container ID. + /// - reference: The image reference. + /// - rootfsSizeInBytes: The size of the root filesystem in bytes. Defaults to 8 GiB. + /// - writableLayerSizeInBytes: Optional size for a separate writable layer. When provided, + /// the rootfs becomes read-only and an overlayfs is used with a separate writable layer of this size. + /// - readOnly: Whether to mount the root filesystem as read-only. + /// - networking: Whether to create a network interface for this container. Defaults to `true`. + /// When `false`, no network resources are allocated and `releaseNetwork`/`delete` remain safe to call. + /// - progress: Optional handler for tracking rootfs unpacking progress. + public mutating func create( + _ id: String, + reference: String, + rootfsSizeInBytes: UInt64 = 8.gib(), + writableLayerSizeInBytes: UInt64? = nil, + readOnly: Bool = false, + networking: Bool = true, + progress: ProgressHandler? = nil, + configuration: (inout LinuxContainer.Configuration) throws -> Void + ) async throws -> LinuxContainer { + let image = try await imageStore.get(reference: reference, pull: true) + return try await create( + id, + image: image, + rootfsSizeInBytes: rootfsSizeInBytes, + writableLayerSizeInBytes: writableLayerSizeInBytes, + readOnly: readOnly, + networking: networking, + progress: progress, + configuration: configuration + ) + } + + /// Returns a new container from the provided image. + /// - Parameters: + /// - id: The container ID. + /// - image: The image. + /// - rootfsSizeInBytes: The size of the root filesystem in bytes. Defaults to 8 GiB. + /// - writableLayerSizeInBytes: Optional size for a separate writable layer. When provided, + /// the rootfs becomes read-only and an overlayfs is used with a separate writable layer of this size. + /// - readOnly: Whether to mount the root filesystem as read-only. + /// - networking: Whether to create a network interface for this container. Defaults to `true`. + /// When `false`, no network resources are allocated and `releaseNetwork`/`delete` remain safe to call. + /// - progress: Optional handler for tracking rootfs unpacking progress. + public mutating func create( + _ id: String, + image: Image, + rootfsSizeInBytes: UInt64 = 8.gib(), + writableLayerSizeInBytes: UInt64? = nil, + readOnly: Bool = false, + networking: Bool = true, + progress: ProgressHandler? = nil, + configuration: (inout LinuxContainer.Configuration) throws -> Void + ) async throws -> LinuxContainer { + let path = try createContainerRoot(id) + + var rootfs = try await unpack( + image: image, + destination: path.appendingPathComponent("rootfs.ext4"), + size: rootfsSizeInBytes, + progress: progress + ) + if readOnly { + rootfs.options.append("ro") + } + + // Create writable layer if size is specified. + var writableLayer: Mount? = nil + if let writableLayerSize = writableLayerSizeInBytes { + writableLayer = try createEmptyFilesystem( + at: path.appendingPathComponent("writable.ext4"), + size: writableLayerSize + ) + } + + return try await create( + id, + image: image, + rootfs: rootfs, + writableLayer: writableLayer, + networking: networking, + configuration: configuration + ) + } + + /// Returns a new container from the provided image and root filesystem mount. + /// - Parameters: + /// - id: The container ID. + /// - image: The image. + /// - rootfs: The root filesystem mount pointing to an existing block file. + /// The `destination` field is ignored as mounting is handled internally. + /// - writableLayer: Optional writable layer mount. When provided, an overlayfs is used with + /// rootfs as the lower layer and this as the upper layer. + /// The `destination` field is ignored as mounting is handled internally. + /// - networking: Whether to create a network interface for this container. Defaults to `true`. + /// When `false`, no network resources are allocated and `releaseNetwork`/`delete` remain safe to call. + public mutating func create( + _ id: String, + image: Image, + rootfs: Mount, + writableLayer: Mount? = nil, + networking: Bool = true, + configuration: (inout LinuxContainer.Configuration) throws -> Void + ) async throws -> LinuxContainer { + let imageConfig = try await image.config(for: .current).config + return try LinuxContainer( + id, + rootfs: rootfs, + writableLayer: writableLayer, + vmm: self.vmm + ) { config in + if let imageConfig { + config.process = .init(from: imageConfig) + } + if networking { + if let interface = try self.network?.createInterface(id) { + config.interfaces = [interface] + guard let gateway = interface.ipv4Gateway else { + throw ContainerizationError( + .invalidState, + message: "missing ipv4 gateway for container \(id)" + ) + } + config.dns = .init(nameservers: [gateway.description]) + } + } + config.bootLog = BootLog.file(path: self.containerRoot.appendingPathComponent(id).appendingPathComponent("bootlog.log")) + try configuration(&config) + } + } + + /// Releases network resources for a container. + /// + /// - Parameter id: The container ID. + public mutating func releaseNetwork(_ id: String) throws { + try self.network?.releaseInterface(id) + } + + /// Releases network resources and removes all files for a container. + /// - Parameter id: The container ID. + public mutating func delete(_ id: String) throws { + try self.releaseNetwork(id) + let path = containerRoot.appendingPathComponent(id) + try FileManager.default.removeItem(at: path) + } + + private func createContainerRoot(_ id: String) throws -> URL { + let path = containerRoot.appendingPathComponent(id) + try FileManager.default.createDirectory(at: path, withIntermediateDirectories: false) + return path + } + + private func unpack(image: Image, destination: URL, size: UInt64, progress: ProgressHandler? = nil) async throws -> Mount { + do { + let unpacker = EXT4Unpacker(blockSizeInBytes: size) + return try await unpacker.unpack(image, for: .current, at: destination, progress: progress) + } catch let err as ContainerizationError { + if err.code == .exists { + return .block( + format: "ext4", + source: destination.absolutePath(), + destination: "/", + options: [] + ) + } + throw err + } + } + + private func createEmptyFilesystem(at destination: URL, size: UInt64) throws -> Mount { + let path = destination.absolutePath() + guard !FileManager.default.fileExists(atPath: path) else { + throw ContainerizationError(.exists, message: "filesystem already exists at \(path)") + } + let filesystem = try EXT4.Formatter(FilePath(path), minDiskSize: size) + try filesystem.close() + return .block( + format: "ext4", + source: path, + destination: "/", + options: [] + ) + } +} + +extension CIDRv6 { + /// The gateway address of the network. + public var gateway: IPv6Address { + IPv6Address(self.lower.value + 1) + } +} + +#endif diff --git a/Sources/Containerization/ContainerStatistics.swift b/Sources/Containerization/ContainerStatistics.swift new file mode 100644 index 0000000..c416787 --- /dev/null +++ b/Sources/Containerization/ContainerStatistics.swift @@ -0,0 +1,248 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Statistics for a container. +public struct ContainerStatistics: Sendable { + public var id: String + public var process: ProcessStatistics? + public var memory: MemoryStatistics? + public var cpu: CPUStatistics? + public var blockIO: BlockIOStatistics? + public var networks: [NetworkStatistics]? + public var memoryEvents: MemoryEventStatistics? + + public init( + id: String, + process: ProcessStatistics? = nil, + memory: MemoryStatistics? = nil, + cpu: CPUStatistics? = nil, + blockIO: BlockIOStatistics? = nil, + networks: [NetworkStatistics]? = nil, + memoryEvents: MemoryEventStatistics? = nil + ) { + self.id = id + self.process = process + self.memory = memory + self.cpu = cpu + self.blockIO = blockIO + self.networks = networks + self.memoryEvents = memoryEvents + } + + /// Process statistics for a container. + public struct ProcessStatistics: Sendable { + public var current: UInt64 + public var limit: UInt64 + + public init(current: UInt64, limit: UInt64) { + self.current = current + self.limit = limit + } + } + + /// Memory statistics for a container. + public struct MemoryStatistics: Sendable { + public var usageBytes: UInt64 + public var limitBytes: UInt64 + public var swapUsageBytes: UInt64 + public var swapLimitBytes: UInt64 + public var cacheBytes: UInt64 + public var kernelStackBytes: UInt64 + public var slabBytes: UInt64 + public var pageFaults: UInt64 + public var majorPageFaults: UInt64 + public var inactiveFile: UInt64 + public var anon: UInt64 + public var workingsetRefaultAnon: UInt64 + public var workingsetRefaultFile: UInt64 + public var pgstealKswapd: UInt64 + public var pgstealDirect: UInt64 + public var pgstealKhugepaged: UInt64 + + public init( + usageBytes: UInt64, + limitBytes: UInt64, + swapUsageBytes: UInt64, + swapLimitBytes: UInt64, + cacheBytes: UInt64, + kernelStackBytes: UInt64, + slabBytes: UInt64, + pageFaults: UInt64, + majorPageFaults: UInt64, + inactiveFile: UInt64, + anon: UInt64, + workingsetRefaultAnon: UInt64 = 0, + workingsetRefaultFile: UInt64 = 0, + pgstealKswapd: UInt64 = 0, + pgstealDirect: UInt64 = 0, + pgstealKhugepaged: UInt64 = 0 + ) { + self.usageBytes = usageBytes + self.limitBytes = limitBytes + self.swapUsageBytes = swapUsageBytes + self.swapLimitBytes = swapLimitBytes + self.cacheBytes = cacheBytes + self.kernelStackBytes = kernelStackBytes + self.slabBytes = slabBytes + self.pageFaults = pageFaults + self.majorPageFaults = majorPageFaults + self.inactiveFile = inactiveFile + self.anon = anon + self.workingsetRefaultAnon = workingsetRefaultAnon + self.workingsetRefaultFile = workingsetRefaultFile + self.pgstealKswapd = pgstealKswapd + self.pgstealDirect = pgstealDirect + self.pgstealKhugepaged = pgstealKhugepaged + } + } + + /// CPU statistics for a container. + public struct CPUStatistics: Sendable { + public var usageUsec: UInt64 + public var userUsec: UInt64 + public var systemUsec: UInt64 + public var throttlingPeriods: UInt64 + public var throttledPeriods: UInt64 + public var throttledTimeUsec: UInt64 + + public init( + usageUsec: UInt64, + userUsec: UInt64, + systemUsec: UInt64, + throttlingPeriods: UInt64, + throttledPeriods: UInt64, + throttledTimeUsec: UInt64 + ) { + self.usageUsec = usageUsec + self.userUsec = userUsec + self.systemUsec = systemUsec + self.throttlingPeriods = throttlingPeriods + self.throttledPeriods = throttledPeriods + self.throttledTimeUsec = throttledTimeUsec + } + } + + /// Block I/O statistics for a container. + public struct BlockIOStatistics: Sendable { + public var devices: [BlockIODevice] + + public init(devices: [BlockIODevice]) { + self.devices = devices + } + } + + /// Block I/O statistics for a specific device. + public struct BlockIODevice: Sendable { + public var major: UInt64 + public var minor: UInt64 + public var readBytes: UInt64 + public var writeBytes: UInt64 + public var readOperations: UInt64 + public var writeOperations: UInt64 + + public init( + major: UInt64, + minor: UInt64, + readBytes: UInt64, + writeBytes: UInt64, + readOperations: UInt64, + writeOperations: UInt64 + ) { + self.major = major + self.minor = minor + self.readBytes = readBytes + self.writeBytes = writeBytes + self.readOperations = readOperations + self.writeOperations = writeOperations + } + } + + /// Statistics for a network interface. + public struct NetworkStatistics: Sendable { + public var interface: String + public var receivedPackets: UInt64 + public var transmittedPackets: UInt64 + public var receivedBytes: UInt64 + public var transmittedBytes: UInt64 + public var receivedErrors: UInt64 + public var transmittedErrors: UInt64 + + public init( + interface: String, + receivedPackets: UInt64, + transmittedPackets: UInt64, + receivedBytes: UInt64, + transmittedBytes: UInt64, + receivedErrors: UInt64, + transmittedErrors: UInt64 + ) { + self.interface = interface + self.receivedPackets = receivedPackets + self.transmittedPackets = transmittedPackets + self.receivedBytes = receivedBytes + self.transmittedBytes = transmittedBytes + self.receivedErrors = receivedErrors + self.transmittedErrors = transmittedErrors + } + } + + /// Memory event counters from cgroup2's memory.events file. + public struct MemoryEventStatistics: Sendable { + /// Number of times the cgroup was reclaimed due to low memory. + public var low: UInt64 + /// Number of times the cgroup exceeded its high memory limit. + public var high: UInt64 + /// Number of times the cgroup hit its max memory limit. + public var max: UInt64 + /// Number of times the cgroup triggered OOM. + public var oom: UInt64 + /// Number of processes killed by OOM killer. + public var oomKill: UInt64 + + public init(low: UInt64, high: UInt64, max: UInt64, oom: UInt64, oomKill: UInt64) { + self.low = low + self.high = high + self.max = max + self.oom = oom + self.oomKill = oomKill + } + } +} + +/// Categories of statistics that can be requested. +public struct StatCategory: OptionSet, Sendable { + public let rawValue: Int + + public init(rawValue: Int) { + self.rawValue = rawValue + } + + /// Process statistics (pids.current, pids.max). + public static let process = StatCategory(rawValue: 1 << 0) + /// Memory usage statistics. + public static let memory = StatCategory(rawValue: 1 << 1) + /// CPU usage statistics. + public static let cpu = StatCategory(rawValue: 1 << 2) + /// Block I/O statistics. + public static let blockIO = StatCategory(rawValue: 1 << 3) + /// Network interface statistics. + public static let network = StatCategory(rawValue: 1 << 4) + /// Memory event counters (OOM kills, pressure events, etc.). + public static let memoryEvents = StatCategory(rawValue: 1 << 5) + + /// All available statistics categories. + public static let all: StatCategory = [.process, .memory, .cpu, .blockIO, .network, .memoryEvents] +} diff --git a/Sources/Containerization/DNSConfiguration.swift b/Sources/Containerization/DNSConfiguration.swift new file mode 100644 index 0000000..e87ed27 --- /dev/null +++ b/Sources/Containerization/DNSConfiguration.swift @@ -0,0 +1,91 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras + +/// DNS configuration for a container. The values will be used to +/// construct /etc/resolv.conf for a given container. +public struct DNS: Sendable { + /// The set of default nameservers to use if none are provided + /// in the constructor. + public static let defaultNameservers = ["1.1.1.1"] + + /// The nameservers a container should use. + public var nameservers: [String] + /// The DNS domain to use. + public var domain: String? + /// The DNS search domains to use. + public var searchDomains: [String] + /// The DNS options to use. + public var options: [String] + + public init( + nameservers: [String] = defaultNameservers, + domain: String? = nil, + searchDomains: [String] = [], + options: [String] = [] + ) { + self.nameservers = nameservers + self.domain = domain + self.searchDomains = searchDomains + self.options = options + } + + /// Validates the DNS configuration. + /// + /// Ensures that all nameserver entries are valid IPv4 or IPv6 addresses. + /// Arbitrary hostnames are not permitted as nameservers. + /// + /// - Throws: ``ContainerizationError`` with code `.invalidArgument` if + /// any nameserver is not a valid IP address. + public func validate() throws { + for nameserver in nameservers { + let isValidIPv4 = (try? IPv4Address(nameserver)) != nil + let isValidIPv6 = (try? IPv6Address(nameserver)) != nil + if !isValidIPv4 && !isValidIPv6 { + throw ContainerizationError( + .invalidArgument, + message: "nameserver '\(nameserver)' is not a valid IPv4 or IPv6 address" + ) + } + } + } +} + +extension DNS { + public var resolvConf: String { + var text = "" + + if !nameservers.isEmpty { + text += nameservers.map { "nameserver \($0)" }.joined(separator: "\n") + "\n" + } + + if let domain { + text += "domain \(domain)\n" + } + + if !searchDomains.isEmpty { + text += "search \(searchDomains.joined(separator: " "))\n" + } + + if !options.isEmpty { + text += "options \(options.joined(separator: " "))\n" + } + + return text + } +} diff --git a/Sources/Containerization/ExitStatus.swift b/Sources/Containerization/ExitStatus.swift new file mode 100644 index 0000000..0848e68 --- /dev/null +++ b/Sources/Containerization/ExitStatus.swift @@ -0,0 +1,36 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// ExitStatus contains the exit code for a given container process, +/// as well as the timestamp at which it exited. +public struct ExitStatus: Sendable { + /// The exit code for the process. + public var exitCode: Int32 + /// The timestamp when the process exited. + public var exitedAt: Date + + public init(exitCode: Int32) { + self.exitCode = exitCode + self.exitedAt = .now + } + + public init(exitCode: Int32, exitedAt: Date) { + self.exitCode = exitCode + self.exitedAt = exitedAt + } +} diff --git a/Sources/Containerization/FileMount.swift b/Sources/Containerization/FileMount.swift new file mode 100644 index 0000000..518aaee --- /dev/null +++ b/Sources/Containerization/FileMount.swift @@ -0,0 +1,202 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationOCI +import Foundation + +/// Manages single-file mounts by transforming them into virtiofs directory shares +/// plus bind mounts. +/// +/// Since virtiofs only supports sharing directories, mounting a single file requires +/// sharing the file's parent directory via virtiofs and then bind mounting the specific +/// file from that share to the final destination in the container. +struct FileMountContext: Sendable { + /// Metadata for a single prepared file mount. + struct PreparedMount: Sendable { + /// Original file path on host + let hostFilePath: String + /// Where the user wants the file in the container + let containerDestination: String + /// Just the filename (after resolving symlinks) + let filename: String + /// The parent directory containing the file (after resolving symlinks) + let parentDirectory: URL + /// The virtiofs tag (hash of parent dir path). Used to find the AttachedFilesystem + let tag: String + /// Mount options from the original mount + let options: [String] + /// Where we mounted the share in the guest (set after mountHoldingDirectories) + var guestHoldingPath: String? + } + + /// Prepared file mounts for this context + var preparedMounts: [PreparedMount] + + /// The transformed mounts to pass to the VM (files replaced with directory shares) + private(set) var transformedMounts: [Mount] + + private init() { + self.preparedMounts = [] + self.transformedMounts = [] + } + + /// Returns true if there are any file mounts that need handling. + var hasFileMounts: Bool { + !preparedMounts.isEmpty + } + + /// Returns the set of virtiofs tags for file mount holding directories. + /// These should be filtered out from OCI spec mounts since we mount them + /// separately under /run. + var holdingDirectoryTags: Set { + Set(preparedMounts.map { $0.tag }) + } +} + +extension FileMountContext { + /// Prepare mounts for a container, detecting file mounts and transforming them. + /// + /// This method stats each virtiofs mount source. If it's a regular file rather than + /// a directory, it shares the file's parent directory via virtiofs and records the + /// metadata needed to bind mount the specific file later. + /// + /// - Parameter mounts: The original mounts from the container config + /// - Returns: A FileMountContext containing transformed mounts and tracking info + static func prepare(mounts: [Mount]) throws -> FileMountContext { + var context = FileMountContext() + var transformed: [Mount] = [] + // Track parent directories we've already added a share for to avoid duplicates. + var sharedParentTags: Set = [] + + for mount in mounts { + // Only virtiofs mounts can be files + guard case .virtiofs(let runtimeOpts) = mount.runtimeOptions else { + transformed.append(mount) + continue + } + + // Stat the source to see if it's a file + let fm = FileManager.default + var isDirectory: ObjCBool = false + guard fm.fileExists(atPath: mount.source, isDirectory: &isDirectory) else { + // Doesn't exist. Let the normal flow handle the error + transformed.append(mount) + continue + } + + if isDirectory.boolValue { + // It's a directory, pass through unchanged + transformed.append(mount) + continue + } + + // It's a file, so prepare it. + let prepared = try context.prepareFileMount(mount: mount, runtimeOptions: runtimeOpts) + + // Only add the directory share once per unique parent directory. + if !sharedParentTags.contains(prepared.tag) { + sharedParentTags.insert(prepared.tag) + // The destination here is unused. We mount the share ourselves + // to a location under /run in mountHoldingDirectories. + let directoryShare = Mount.share( + source: prepared.parentDirectory.path, + destination: "/.file-mount-holding", + options: mount.options.filter { $0 != "bind" }, + runtimeOptions: runtimeOpts + ) + transformed.append(directoryShare) + } + } + + context.transformedMounts = transformed + return context + } + + private mutating func prepareFileMount( + mount: Mount, + runtimeOptions: [String] + ) throws -> PreparedMount { + let resolvedSource = URL(fileURLWithPath: mount.source).resolvingSymlinksInPath() + let filename = resolvedSource.lastPathComponent + let parentDirectory = resolvedSource.deletingLastPathComponent() + let tag = try hashFilePath(path: parentDirectory.path) + + let prepared = PreparedMount( + hostFilePath: mount.source, + containerDestination: mount.destination, + filename: filename, + parentDirectory: parentDirectory, + tag: tag, + options: mount.options, + guestHoldingPath: nil + ) + + preparedMounts.append(prepared) + return prepared + } +} + +extension FileMountContext { + /// Set up the holding directory paths for all file mounts. + /// Since virtiofs shares are now mounted once at /run/virtiofs, the holding + /// directories appear as subdirectories there automatically. + /// - Parameters: + /// - vmMounts: The AttachedFilesystem array from the VM for this container + /// - agent: The VM agent for RPCs (unused, kept for API compatibility) + mutating func mountHoldingDirectories( + vmMounts: [AttachedFilesystem], + agent: any VirtualMachineAgent + ) async throws { + for i in preparedMounts.indices { + let prepared = preparedMounts[i] + + // Verify the attached filesystem exists + guard + vmMounts.first(where: { + $0.type == "virtiofs" && $0.source == prepared.tag + }) != nil + else { + throw ContainerizationError( + .notFound, + message: "could not find attached filesystem for file mount \(prepared.hostFilePath)" + ) + } + + // With unified virtiofs, holding directories are subdirectories under /run/virtiofs + let guestPath = "/run/virtiofs/\(prepared.tag)" + preparedMounts[i].guestHoldingPath = guestPath + } + } +} + +extension FileMountContext { + /// Get the bind mounts to append to the OCI spec. + func ociBindMounts() -> [ContainerizationOCI.Mount] { + preparedMounts.compactMap { prepared in + guard let guestPath = prepared.guestHoldingPath else { + return nil + } + + return ContainerizationOCI.Mount( + type: "none", + source: "\(guestPath)/\(prepared.filename)", + destination: prepared.containerDestination, + options: ["bind"] + prepared.options + ) + } + } +} diff --git a/Sources/Containerization/Hash.swift b/Sources/Containerization/Hash.swift new file mode 100644 index 0000000..e5088f4 --- /dev/null +++ b/Sources/Containerization/Hash.swift @@ -0,0 +1,40 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Crypto +import Foundation + +extension Mount { + /// A deterministic hash of the mount's source path, used as the virtiofs tag. + /// + /// Resolves symlinks before hashing so that different paths to the same + /// directory produce an identical tag. + public var tagHash: String { + get throws { + try hashFilePath(path: self.source) + } + } +} + +func hashFilePath(path: String) throws -> String { + // Resolve symlinks so different paths to the same directory get the same hash. + let resolvedSource = URL(fileURLWithPath: path).resolvingSymlinksInPath().path + guard let data = resolvedSource.data(using: .utf8) else { + throw ContainerizationError(.invalidArgument, message: "\(path) could not be converted to Data") + } + return String(SHA256.hash(data: data).encoded.prefix(36)) +} diff --git a/Sources/Containerization/HostDefaultRoute.swift b/Sources/Containerization/HostDefaultRoute.swift new file mode 100644 index 0000000..32785d7 --- /dev/null +++ b/Sources/Containerization/HostDefaultRoute.swift @@ -0,0 +1,68 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// Reads the host's default IPv4 egress interface from `/proc/net/route`. +/// +/// `/proc/net/route` columns (tab-separated): +/// +/// Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT +/// +/// Numeric fields are hex with bytes in network order (so `0102A8C0` is +/// `192.168.2.1`). Pure-string parsing keeps this cross-platform-testable +/// even though `/proc/net/route` itself only exists on Linux. +enum HostDefaultRoute { + /// `RTF_GATEWAY` from ``. Set on rows representing a gateway route. + private static let RTF_GATEWAY: UInt32 = 0x0002 + + /// Parse the contents of `/proc/net/route` and return the iface for the + /// default route (destination 0.0.0.0 with `RTF_GATEWAY`). When multiple + /// default routes exist, the one with the lowest metric wins. + static func parseEgress(procNetRoute contents: String) -> String? { + var best: (iface: String, metric: UInt64)? + for (i, line) in contents.split(separator: "\n", omittingEmptySubsequences: true).enumerated() { + if i == 0 { continue } // header + let cols = line.split(separator: "\t", omittingEmptySubsequences: false) + .map { $0.trimmingCharacters(in: .whitespaces) } + guard cols.count >= 11 else { continue } + let iface = String(cols[0]) + let destination = cols[1] + let flagsHex = cols[3] + let metricStr = cols[6] + + guard destination == "00000000" else { continue } + guard let flags = UInt32(flagsHex, radix: 16), + flags & RTF_GATEWAY != 0 + else { continue } + let metric = UInt64(metricStr) ?? UInt64.max + if let current = best, metric >= current.metric { + continue + } + best = (iface, metric) + } + return best?.iface + } + + /// Read `/proc/net/route` and return the default-route iface, or nil if + /// the file is missing or no default route exists. + static func currentEgress() -> String? { + guard let contents = try? String(contentsOfFile: "/proc/net/route", encoding: .utf8) else { + return nil + } + return parseEgress(procNetRoute: contents) + } +} diff --git a/Sources/Containerization/HostsConfiguration.swift b/Sources/Containerization/HostsConfiguration.swift new file mode 100644 index 0000000..5713319 --- /dev/null +++ b/Sources/Containerization/HostsConfiguration.swift @@ -0,0 +1,140 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Static table lookups for a container. The values will be used to +/// construct /etc/hosts for a given container. +public struct Hosts: Sendable { + /// Represents one entry in an /etc/hosts file. + public struct Entry: Sendable { + /// The IPV4 or IPV6 address in String form. + public var ipAddress: String + /// The hostname(s) for the entry. + public var hostnames: [String] + /// An optional comment to be placed to the right side of the entry. + public var comment: String? + + public init(ipAddress: String, hostnames: [String], comment: String? = nil) { + self.comment = comment + self.hostnames = hostnames + self.ipAddress = ipAddress + } + + /// The information in the structure rendered to a String representation + /// that matches the format /etc/hosts expects. + public var rendered: String { + var line = ipAddress + if !hostnames.isEmpty { + line += " " + hostnames.joined(separator: " ") + } + if let comment { + line += " # \(comment) " + } + return line + } + + public static func localHostIPV4(comment: String? = nil) -> Self { + Self( + ipAddress: "127.0.0.1", + hostnames: ["localhost"], + comment: comment + ) + } + + public static func localHostIPV6(comment: String? = nil) -> Self { + Self( + ipAddress: "::1", + hostnames: ["localhost", "ip6-localhost", "ip6-loopback"], + comment: comment + ) + } + + public static func ipv6LocalNet(comment: String? = nil) -> Self { + Self( + ipAddress: "fe00::", + hostnames: ["ip6-localnet"], + comment: comment + ) + } + + public static func ipv6MulticastPrefix(comment: String? = nil) -> Self { + Self( + ipAddress: "ff00::", + hostnames: ["ip6-mcastprefix"], + comment: comment + ) + } + + public static func ipv6AllNodes(comment: String? = nil) -> Self { + Self( + ipAddress: "ff02::1", + hostnames: ["ip6-allnodes"], + comment: comment + ) + } + + public static func ipv6AllRouters(comment: String? = nil) -> Self { + Self( + ipAddress: "ff02::2", + hostnames: ["ip6-allrouters"], + comment: comment + ) + } + } + + /// The entries to be written to /etc/hosts. + public var entries: [Entry] + + /// A comment to render at the top of the file. + public var comment: String? + + public init( + entries: [Entry], + comment: String? = nil + ) { + self.entries = entries + self.comment = comment + } +} + +extension Hosts { + /// A default entry that can be used for convenience. It contains a IPV4 + /// and IPV6 localhost entry, as well as ipv6 localnet, ipv6 mcastprefix, + /// ipv6 allnodes, and ipv6 allrouters. + public static let `default` = Hosts(entries: [ + Entry.localHostIPV4(), + Entry.localHostIPV6(), + Entry.ipv6LocalNet(), + Entry.ipv6MulticastPrefix(), + Entry.ipv6AllNodes(), + Entry.ipv6AllRouters(), + ]) + + /// Returns a string variant of the data that can be written to + /// /etc/hosts directly. + public var hostsFile: String { + var lines: [String] = [] + + if let comment { + lines.append("# \(comment)") + } + + for entry in entries { + lines.append(entry.rendered) + } + + return lines.joined(separator: "\n") + "\n" + } +} diff --git a/Sources/Containerization/HotplugProvider.swift b/Sources/Containerization/HotplugProvider.swift new file mode 100644 index 0000000..f535ce3 --- /dev/null +++ b/Sources/Containerization/HotplugProvider.swift @@ -0,0 +1,56 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A provider that manages hotplug operations for a virtual machine instance. +/// +/// Conforming types implement the mechanics of hotplugging block devices and +/// virtiofs shares into a running VM. +public protocol HotplugProvider: Sendable { + /// Hotplug a block device into the running VM. + /// - Parameters: + /// - block: The mount configuration for the block device + /// - id: The container ID to associate with this device + /// - Returns: The attached filesystem with the device path in the guest + func hotplug(_ block: Mount, id: String) async throws -> AttachedFilesystem + + /// Register mounts for a container in the VM's mount registry. + /// - Parameters: + /// - id: The container ID + /// - rootfs: The rootfs attachment from hotplug + /// - additionalMounts: Additional mounts to register + func registerMounts(id: String, rootfs: AttachedFilesystem, additionalMounts: [Mount]) throws + + /// Release a hotplug device. + /// - Parameter id: The container ID who should be released + func releaseHotplug(id: String) async throws + + /// Hotplug virtiofs directories into the running VM. + /// - Parameters: + /// - mounts: The virtiofs mounts to add + /// - id: The container ID that owns these mounts + func hotplugVirtioFS(_ mounts: [Mount], id: String) async throws + + /// Release virtiofs shares for a container. + /// - Parameter id: The container ID whose shares should be released + func releaseVirtioFS(id: String) async throws + + /// Clean up resources held by the provider. + func cleanup() +} + +extension HotplugProvider { + public func cleanup() {} +} diff --git a/Sources/Containerization/IO/ReaderStream.swift b/Sources/Containerization/IO/ReaderStream.swift new file mode 100644 index 0000000..330620d --- /dev/null +++ b/Sources/Containerization/IO/ReaderStream.swift @@ -0,0 +1,22 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// A type that returns a stream of Data. +public protocol ReaderStream: Sendable { + func stream() -> AsyncStream +} diff --git a/Sources/Containerization/IO/Terminal+ReaderStream.swift b/Sources/Containerization/IO/Terminal+ReaderStream.swift new file mode 100644 index 0000000..1bd91ee --- /dev/null +++ b/Sources/Containerization/IO/Terminal+ReaderStream.swift @@ -0,0 +1,36 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOS +import Foundation + +extension Terminal: ReaderStream { + public func stream() -> AsyncStream { + .init { cont in + self.handle.readabilityHandler = { handle in + let data = handle.availableData + if data.isEmpty { + self.handle.readabilityHandler = nil + cont.finish() + return + } + cont.yield(data) + } + } + } +} + +extension Terminal: Writer {} diff --git a/Sources/Containerization/IO/Writer.swift b/Sources/Containerization/IO/Writer.swift new file mode 100644 index 0000000..4be3626 --- /dev/null +++ b/Sources/Containerization/IO/Writer.swift @@ -0,0 +1,23 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// A type that writes the provided Data. +public protocol Writer: Sendable { + func write(_ data: Data) throws + func close() throws +} diff --git a/Sources/Containerization/Image/Image.swift b/Sources/Containerization/Image/Image.swift new file mode 100644 index 0000000..bfd0892 --- /dev/null +++ b/Sources/Containerization/Image/Image.swift @@ -0,0 +1,130 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS +import Foundation + +/// Type representing an OCI container image. +public struct Image: Sendable { + private let contentStore: ContentStore + /// The description for the image that comprises of its name and a reference to its root descriptor. + public let description: Description + + /// A description of the OCI image. + public struct Description: Sendable { + /// The string reference of the image. + public let reference: String + /// The descriptor identifying the image. + public let descriptor: Descriptor + /// The digest for the image. + public var digest: String { descriptor.digest } + /// The media type of the image. + public var mediaType: String { descriptor.mediaType } + + public init(reference: String, descriptor: Descriptor) { + self.reference = reference + self.descriptor = descriptor + } + } + + /// The descriptor for the image. + public var descriptor: Descriptor { description.descriptor } + /// The digest of the image. + public var digest: String { description.digest } + /// The media type of the image. + public var mediaType: String { description.mediaType } + /// The string reference for the image. + public var reference: String { description.reference } + + public init(description: Description, contentStore: ContentStore) { + self.description = description + self.contentStore = contentStore + } + + /// Returns the underlying OCI index for the image. + public func index() async throws -> Index { + guard let content: Content = try await contentStore.get(digest: digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(digest)") + } + return try content.decode() + } + + /// Returns the manifest for the specified platform. + public func manifest(for platform: Platform) async throws -> Manifest { + let index = try await self.index() + let desc = index.manifests.first { desc in + desc.platform == platform + } + guard let desc else { + throw ContainerizationError(.unsupported, message: "platform \(platform.description)") + } + guard let content: Content = try await contentStore.get(digest: desc.digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(digest)") + } + return try content.decode() + } + + /// Returns the descriptor for the given platform. If it does not exist + /// will throw a ContainerizationError with the code set to .invalidArgument. + public func descriptor(for platform: Platform) async throws -> Descriptor { + let index = try await self.index() + let desc = index.manifests.first { $0.platform == platform } + guard let desc else { + throw ContainerizationError(.invalidArgument, message: "unsupported platform \(platform)") + } + return desc + } + + /// Returns the OCI config for the specified platform. + public func config(for platform: Platform) async throws -> ContainerizationOCI.Image { + let manifest = try await self.manifest(for: platform) + let desc = manifest.config + guard let content: Content = try await contentStore.get(digest: desc.digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(digest)") + } + return try content.decode() + } + + /// Returns a list of digests to all the referenced OCI objects. + public func referencedDigests() async throws -> [String] { + var referenced: [String] = [self.digest.trimmingDigestPrefix] + let index = try await self.index() + for manifest in index.manifests { + referenced.append(manifest.digest.trimmingDigestPrefix) + guard let m: Manifest = try? await contentStore.get(digest: manifest.digest) else { + // If the requested digest does not exist or is not a manifest. Skip. + // It's safe to skip processing this digest as it won't have any child layers. + continue + } + let descs = m.layers + [m.config] + referenced.append(contentsOf: descs.map { $0.digest.trimmingDigestPrefix }) + } + return referenced + } + + /// Returns a reference to the content blob for the image. The specified digest must be referenced by the image in one of its layers. + public func getContent(digest: String) async throws -> Content { + guard try await self.referencedDigests().contains(digest.trimmingDigestPrefix) else { + throw ContainerizationError(.internalError, message: "image \(self.reference) does not reference digest \(digest)") + } + guard let content: Content = try await contentStore.get(digest: digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(digest)") + } + return content + } +} diff --git a/Sources/Containerization/Image/ImageStore/ImageStore+Export.swift b/Sources/Containerization/Image/ImageStore/ImageStore+Export.swift new file mode 100644 index 0000000..916285f --- /dev/null +++ b/Sources/Containerization/Image/ImageStore/ImageStore+Export.swift @@ -0,0 +1,179 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationIO +import ContainerizationOCI +import Crypto +import Foundation + +extension ImageStore { + public struct ExportOperation: Sendable { + let name: String + let tag: String + let contentStore: ContentStore + let client: ContentClient + let progress: ProgressHandler? + + public init(name: String, tag: String, contentStore: ContentStore, client: ContentClient, progress: ProgressHandler? = nil) { + self.contentStore = contentStore + self.client = client + self.progress = progress + self.name = name + self.tag = tag + } + + @discardableResult + public func export(index: Descriptor, platforms: (Platform) -> Bool, filter: (Descriptor) -> Bool = { _ in true }) async throws -> Descriptor { + var pushQueue: [[Descriptor]] = [] + var current: [Descriptor] = [index] + while !current.isEmpty { + let children = try await self.getChildren(descs: current) + let matches = try filterPlatforms(matcher: platforms, children).uniqued { $0.digest } + pushQueue.append(matches) + current = matches + } + let localIndexData = try await self.createIndex(from: index, matching: platforms) + + await updatePushProgress(pushQueue: pushQueue, localIndexData: localIndexData) + + // We need to work bottom up when pushing an image. + // First, the tar blobs / config layers, then, the manifests and so on... + // When processing a given "level", the requests maybe made in parallel. + // We need to ensure that the child level has been uploaded fully + // before uploading the parent level. + try await withThrowingTaskGroup(of: Void.self) { group in + for layerGroup in pushQueue.reversed() { + for chunk in layerGroup.chunks(ofCount: 8) { + for desc in chunk.filter(filter) { + guard let content = try await self.contentStore.get(digest: desc.digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(desc.digest)") + } + group.addTask { + let readStream = try ReadStream(url: content.path) + try await self.pushContent(descriptor: desc, stream: readStream) + } + } + try await group.waitForAll() + } + } + } + + // Lastly, we need to construct and push a new index, since we may + // have pushed content only for specific platforms. + let digest = SHA256.hash(data: localIndexData) + // The descriptor's mediaType becomes the HTTP Content-Type in + // RegistryClient.push and must match the mediaType field inside + // localIndexData. Registries reject mismatches with MANIFEST_INVALID. + let descriptor = Descriptor( + mediaType: index.mediaType, + digest: digest.digestString, + size: Int64(localIndexData.count)) + let stream = ReadStream(data: localIndexData) + try await self.pushContent(descriptor: descriptor, stream: stream) + return descriptor + } + + private func updatePushProgress(pushQueue: [[Descriptor]], localIndexData: Data) async { + for layerGroup in pushQueue { + for desc in layerGroup { + await progress?([ + .addTotalSize(desc.size), + .addTotalItems(1), + ]) + } + } + await progress?([ + .addTotalSize(Int64(localIndexData.count)), + .addTotalItems(1), + ]) + } + + private func createIndex(from index: Descriptor, matching: (Platform) -> Bool) async throws -> Data { + guard let content = try await self.contentStore.get(digest: index.digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(index.digest)") + } + var idx: Index = try content.decode() + let manifests = idx.manifests + var matchedManifests: [Descriptor] = [] + var skippedPlatforms = false + for manifest in manifests { + guard let p = manifest.platform else { + continue + } + if matching(p) { + matchedManifests.append(manifest) + } else { + skippedPlatforms = true + } + } + if !skippedPlatforms { + return try content.data() + } + idx.manifests = matchedManifests + return try JSONEncoder().encode(idx) + } + + private func pushContent(descriptor: Descriptor, stream: ReadStream) async throws { + do { + let generator = { + try stream.reset() + return stream.stream + } + try await client.push(name: name, ref: tag, descriptor: descriptor, streamGenerator: generator, progress: progress) + await progress?([ + .addSize(descriptor.size), + .addItems(1), + ]) + } catch let err as ContainerizationError { + guard err.code != .exists else { + // We reported the total items and size and have to account for them in existing content. + await progress?([ + .addSize(descriptor.size), + .addItems(1), + ]) + return + } + throw err + } + } + + private func getChildren(descs: [Descriptor]) async throws -> [Descriptor] { + var out: [Descriptor] = [] + for desc in descs { + let mediaType = desc.mediaType + guard let content = try await self.contentStore.get(digest: desc.digest) else { + throw ContainerizationError(.notFound, message: "content with digest \(desc.digest)") + } + switch mediaType { + case MediaTypes.index, MediaTypes.dockerManifestList: + let index: Index = try content.decode() + out.append(contentsOf: index.manifests) + case MediaTypes.imageManifest, MediaTypes.dockerManifest: + let manifest: Manifest = try content.decode() + out.append(manifest.config) + out.append(contentsOf: manifest.layers) + default: + continue + } + } + return out + } + } +} diff --git a/Sources/Containerization/Image/ImageStore/ImageStore+Import.swift b/Sources/Containerization/Image/ImageStore/ImageStore+Import.swift new file mode 100644 index 0000000..9bc39a7 --- /dev/null +++ b/Sources/Containerization/Image/ImageStore/ImageStore+Import.swift @@ -0,0 +1,257 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +extension ImageStore { + public struct ImportOperation: Sendable { + static let decoder = JSONDecoder() + + let client: ContentClient + let ingestDir: URL + let contentStore: ContentStore + let progress: ProgressHandler? + let name: String + let maxConcurrentDownloads: Int + + public init(name: String, contentStore: ContentStore, client: ContentClient, ingestDir: URL, progress: ProgressHandler? = nil, maxConcurrentDownloads: Int = 3) { + self.client = client + self.ingestDir = ingestDir + self.contentStore = contentStore + self.progress = progress + self.name = name + self.maxConcurrentDownloads = maxConcurrentDownloads + } + + /// Pull the required image layers for the provided descriptor and platform(s) into the given directory using the provided client. Returns a descriptor to the Index manifest. + public func `import`(root: Descriptor, matcher: (ContainerizationOCI.Platform) -> Bool) async throws -> Descriptor { + var toProcess = [root] + while !toProcess.isEmpty { + // Count the total number of blobs and their size + if let progress { + var size: Int64 = 0 + for desc in toProcess { + size += desc.size + } + await progress([ + .addTotalSize(size), + .addTotalItems(toProcess.count), + ]) + } + + try await self.fetchAll(toProcess) + let children = try await self.walk(toProcess) + let filtered = try filterPlatforms(matcher: matcher, children) + toProcess = filtered.uniqued { $0.digest } + } + + guard root.mediaType != MediaTypes.dockerManifestList && root.mediaType != MediaTypes.index else { + return root + } + + // Create an index for the root descriptor and write it to the content store + let index = try await self.createIndex(for: root) + // In cases where the root descriptor pointed to `MediaTypes.imageManifest` + // Or `MediaTypes.dockerManifest`, it is required that we check the supported platform + // matches the platforms we were asked to pull. This can be done only after we created + // the Index. + let supportedPlatforms = index.manifests.compactMap { $0.platform } + guard supportedPlatforms.allSatisfy(matcher) else { + throw ContainerizationError(.unsupported, message: "image \(root.digest) does not support required platforms") + } + let writer = try ContentWriter(for: self.ingestDir) + let result = try writer.create(from: index) + return Descriptor( + mediaType: MediaTypes.index, + digest: result.digest.digestString, + size: Int64(result.size)) + } + + private func getManifestContent(descriptor: Descriptor) async throws -> T { + do { + if let content = try await self.contentStore.get(digest: descriptor.digest.trimmingDigestPrefix) { + return try content.decode() + } + if let content = try? LocalContent(path: ingestDir.appending(path: descriptor.digest.trimmingDigestPrefix)) { + return try content.decode() + } + return try await self.client.fetch(name: name, descriptor: descriptor) + } catch { + throw ContainerizationError(.internalError, message: "cannot fetch content with digest \(descriptor.digest)", cause: error) + } + } + + private func walk(_ descriptors: [Descriptor]) async throws -> [Descriptor] { + var out: [Descriptor] = [] + for desc in descriptors { + let mediaType = desc.mediaType + switch mediaType { + case MediaTypes.index, MediaTypes.dockerManifestList: + let index: Index = try await self.getManifestContent(descriptor: desc) + out.append(contentsOf: index.manifests) + case MediaTypes.imageManifest, MediaTypes.dockerManifest: + let manifest: Manifest = try await self.getManifestContent(descriptor: desc) + out.append(manifest.config) + out.append(contentsOf: manifest.layers) + default: + // TODO: Explicitly handle other content types + continue + } + } + return out + } + + private func fetchAll(_ descriptors: [Descriptor]) async throws { + try await withThrowingTaskGroup(of: Void.self) { group in + var iterator = descriptors.makeIterator() + // Start initial batch of concurrent downloads based on maxConcurrentDownloads + for _ in 0.. 1.mib() { + try await self.fetchBlob(descriptor) + } else { + try await self.fetchData(descriptor) + } + // Count the number of blobs + await progress?([ + .addItems(1) + ]) + } + + private func fetchBlob(_ descriptor: Descriptor) async throws { + let id = UUID().uuidString + let fm = FileManager.default + let tempFile = ingestDir.appendingPathComponent(id) + let (_, digest) = try await client.fetchBlob(name: name, descriptor: descriptor, into: tempFile, progress: progress) + guard digest.digestString == descriptor.digest else { + throw ContainerizationError(.internalError, message: "digest mismatch expected \(descriptor.digest), got \(digest.digestString)") + } + do { + try fm.moveItem(at: tempFile, to: ingestDir.appendingPathComponent(digest.encoded)) + } catch let err as NSError { + guard err.code == NSFileWriteFileExistsError else { + throw err + } + try fm.removeItem(at: tempFile) + } + } + + @discardableResult + private func fetchData(_ descriptor: Descriptor) async throws -> Data { + let data = try await client.fetchData(name: name, descriptor: descriptor) + let writer = try ContentWriter(for: ingestDir) + let result = try writer.write(data) + if let progress { + let size = Int64(result.size) + await progress([ + .addSize(size) + ]) + } + guard result.digest.digestString == descriptor.digest else { + throw ContainerizationError(.internalError, message: "digest mismatch expected \(descriptor.digest), got \(result.digest.digestString)") + } + return data + } + + private func createIndex(for root: Descriptor) async throws -> Index { + switch root.mediaType { + case MediaTypes.index, MediaTypes.dockerManifestList: + return try await self.getManifestContent(descriptor: root) + case MediaTypes.imageManifest, MediaTypes.dockerManifest: + let supportedPlatforms = try await getSupportedPlatforms(for: root) + guard supportedPlatforms.count == 1 else { + throw ContainerizationError( + .internalError, + message: + "descriptor \(root.mediaType) with digest \(root.digest) does not list any supported platform or supports more than one platform, supported platforms: \(supportedPlatforms)" + ) + } + let platform = supportedPlatforms.first! + var root = root + root.platform = platform + let index = ContainerizationOCI.Index( + schemaVersion: 2, manifests: [root], + annotations: [ + // indicate that this is a synthesized index which is not directly user facing + AnnotationKeys.containerizationIndexIndirect: "true" + ]) + return index + default: + throw ContainerizationError(.internalError, message: "failed to create index for descriptor \(root.digest), media type \(root.mediaType)") + } + } + + private func getSupportedPlatforms(for root: Descriptor) async throws -> [ContainerizationOCI.Platform] { + var supportedPlatforms: [ContainerizationOCI.Platform] = [] + var toProcess = [root] + while !toProcess.isEmpty { + let children = try await self.walk(toProcess) + for child in children { + if let p = child.platform { + supportedPlatforms.append(p) + continue + } + switch child.mediaType { + case MediaTypes.imageConfig, MediaTypes.dockerImageConfig: + let config: ContainerizationOCI.Image = try await self.getManifestContent(descriptor: child) + let p = ContainerizationOCI.Platform( + arch: config.architecture, os: config.os, osFeatures: config.osFeatures, variant: config.variant + ) + supportedPlatforms.append(p) + default: + continue + } + } + toProcess = children + } + return supportedPlatforms + } + + } +} diff --git a/Sources/Containerization/Image/ImageStore/ImageStore+OCILayout.swift b/Sources/Containerization/Image/ImageStore/ImageStore+OCILayout.swift new file mode 100644 index 0000000..6f149e7 --- /dev/null +++ b/Sources/Containerization/Image/ImageStore/ImageStore+OCILayout.swift @@ -0,0 +1,110 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +extension ImageStore { + /// Exports the specified images and their associated layers to an OCI Image Layout directory. + /// This function saves the images identified by the `references` array, including their + /// manifests and layer blobs, into a directory structure compliant with the OCI Image Layout specification at the given `out` URL. + /// + /// - Parameters: + /// - references: A list image references that exists in the `ImageStore` that are to be saved in the OCI Image Layout format. + /// - out: A URL to a directory on disk at which the OCI Image Layout structure will be created. + /// - platform: An optional parameter to indicate the platform to be saved for the images. + /// Defaults to `nil` signifying that layers for all supported platforms by the images will be saved. + /// + public func save(references: [String], out: URL, platform: Platform? = nil) async throws { + let matcher = createPlatformMatcher(for: platform) + let fileManager = FileManager.default + let tempDir = fileManager.uniqueTemporaryDirectory() + defer { + try? fileManager.removeItem(at: tempDir) + } + + var toSave: [Image] = [] + for reference in references { + let image = try await self.get(reference: reference) + let allowedMediaTypes = [MediaTypes.dockerManifestList, MediaTypes.index] + guard allowedMediaTypes.contains(image.mediaType) else { + throw ContainerizationError(.internalError, message: "cannot save image \(image.reference) with Index media type \(image.mediaType)") + } + toSave.append(image) + } + let client = try LocalOCILayoutClient(root: out) + var saved: [Descriptor] = [] + + for image in toSave { + let ref = try Reference.parse(image.reference) + let name = ref.path + guard let tag = ref.tag ?? ref.digest else { + throw ContainerizationError(.invalidArgument, message: "invalid tag/digest for image reference \(image.reference)") + } + let operation = ExportOperation(name: name, tag: tag, contentStore: self.contentStore, client: client, progress: nil) + var descriptor = try await operation.export(index: image.descriptor, platforms: matcher) + client.setImageReferenceAnnotation(descriptor: &descriptor, reference: image.reference) + saved.append(descriptor) + } + try client.createOCILayoutStructure(directory: out, manifests: saved) + } + + /// Imports one or more images and their associated layers from an OCI Image Layout directory. + /// + /// - Parameters: + /// - directory: A URL to a directory on disk at that follows the OCI Image Layout structure. + /// - progress: An optional handler over which progress update events about the load operation can be received. + /// - Returns: The list of images that were loaded into the `ImageStore`. + /// + public func load(from directory: URL, progress: ProgressHandler? = nil) async throws -> [Image] { + let client = try LocalOCILayoutClient(root: directory) + let index = try client.loadIndexFromOCILayout(directory: directory) + let matcher = createPlatformMatcher(for: nil) + + var loaded: [Image.Description] = [] + let (id, tempDir) = try await self.contentStore.newIngestSession() + do { + for descriptor in index.manifests { + let reference = client.getImageReferencefromDescriptor(descriptor: descriptor) + let ref = try Reference.parse(reference) + let name = ref.path + let operation = ImportOperation(name: name, contentStore: self.contentStore, client: client, ingestDir: tempDir, progress: progress) + let indexDesc = try await operation.import(root: descriptor, matcher: matcher) + loaded.append(Image.Description(reference: reference, descriptor: indexDesc)) + } + + let loadedImages = loaded + let importedImages = try await self.lock.withLock { lock in + var images: [Image] = [] + try await self.contentStore.completeIngestSession(id) + for description in loadedImages { + let img = try await self._create(description: description, lock: lock) + images.append(img) + } + return images + } + guard importedImages.count > 0 else { + throw ContainerizationError(.internalError, message: "failed to import image") + } + return importedImages + } catch { + try? await self.contentStore.cancelIngestSession(id) + throw error + } + } +} diff --git a/Sources/Containerization/Image/ImageStore/ImageStore+ReferenceManager.swift b/Sources/Containerization/Image/ImageStore/ImageStore+ReferenceManager.swift new file mode 100644 index 0000000..f898bc6 --- /dev/null +++ b/Sources/Containerization/Image/ImageStore/ImageStore+ReferenceManager.swift @@ -0,0 +1,90 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationOCI +import Foundation + +extension ImageStore { + /// A ReferenceManager handles the mappings between an image's + /// reference and the underlying descriptor inside of a content store. + internal actor ReferenceManager { + private let path: URL + + private typealias State = [String: Descriptor] + private var images: State + + public init(path: URL) throws { + try FileManager.default.createDirectory(at: path, withIntermediateDirectories: true) + + self.path = path + self.images = [:] + } + + private func load() throws -> State { + let statePath = self.path.appendingPathComponent("state.json") + guard FileManager.default.fileExists(atPath: statePath.absolutePath()) else { + return [:] + } + do { + let data = try Data(contentsOf: statePath) + return try JSONDecoder().decode(State.self, from: data) + } catch { + throw ContainerizationError(.internalError, message: "failed to load image state \(error.localizedDescription)") + } + } + + private func save(_ state: State) throws { + let statePath = self.path.appendingPathComponent("state.json") + try JSONEncoder().encode(state).write(to: statePath) + } + + public func delete(reference: String) throws { + var state = try self.load() + state.removeValue(forKey: reference) + try self.save(state) + } + + public func delete(image: Image.Description) throws { + try self.delete(reference: image.reference) + } + + public func create(description: Image.Description) throws { + var state = try self.load() + state[description.reference] = description.descriptor + try self.save(state) + } + + public func list() throws -> [Image.Description] { + let state = try self.load() + return state.map { key, val in + let description = Image.Description(reference: key, descriptor: val) + return description + } + } + + public func get(reference: String) throws -> Image.Description { + let images = try self.list() + let hit = images.first(where: { image in + image.reference == reference + }) + guard let hit else { + throw ContainerizationError(.notFound, message: "image \(reference) not found") + } + return hit + } + } +} diff --git a/Sources/Containerization/Image/ImageStore/ImageStore.swift b/Sources/Containerization/Image/ImageStore/ImageStore.swift new file mode 100644 index 0000000..dc83616 --- /dev/null +++ b/Sources/Containerization/Image/ImageStore/ImageStore.swift @@ -0,0 +1,395 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +/// An ImageStore handles the mappings between an image's +/// reference and the underlying descriptor inside of a content store. +public actor ImageStore: Sendable { + /// The ImageStore path it was created with. + public nonisolated let path: URL + + private let referenceManager: ReferenceManager + internal let contentStore: ContentStore + internal let lock: AsyncLock = AsyncLock() + + public init(path: URL, contentStore: ContentStore? = nil) throws { + try FileManager.default.createDirectory(at: path, withIntermediateDirectories: true) + + if let contentStore { + self.contentStore = contentStore + } else { + self.contentStore = try LocalContentStore(path: path.appendingPathComponent("content")) + } + + self.path = path + self.referenceManager = try ReferenceManager(path: path) + } + + /// Return the default image store for the current user. + public static let `default`: ImageStore = { + do { + let root = try defaultRoot() + return try ImageStore(path: root) + } catch { + fatalError("unable to initialize default ImageStore \(error)") + } + }() + + private static func defaultRoot() throws -> URL { + let root = FileManager.default.urls( + for: .applicationSupportDirectory, + in: .userDomainMask + ).first + guard let root else { + throw ContainerizationError(.notFound, message: "unable to get Application Support directory for current user") + } + return root.appendingPathComponent("com.apple.containerization") + + } +} + +extension ImageStore { + /// Get an image from the `ImageStore`. + /// + /// - Parameters: + /// - reference: Name of the image. + /// - pull: Pull the image if it is not found. + /// + /// - Returns: A `Containerization.Image` object whose `reference` matches the given string. + /// This method throws a `ContainerizationError(code: .notFound)` if the provided reference does not exist in the `ImageStore`. + public func get(reference: String, pull: Bool = false) async throws -> Image { + do { + let desc = try await self.referenceManager.get(reference: reference) + return Image(description: desc, contentStore: self.contentStore) + } catch let error as ContainerizationError { + if error.code == .notFound && pull { + return try await self.pull(reference: reference) + } + throw error + } + } + + /// Get a list of all images in the `ImageStore`. + /// + /// - Returns: A `[Containerization.Image]` for all the images in the `ImageStore`. + public func list() async throws -> [Image] { + try await self.referenceManager.list().map { desc in + Image(description: desc, contentStore: self.contentStore) + } + } + + /// Create a new image in the `ImageStore`. + /// + /// - Parameters: + /// - description: The underlying `Image.Description` that contains information about the reference and index descriptor for the image to be created. + /// + /// - Note: It is assumed that the underlying manifests and blob layers for the image already exists in the `ContentStore` that the `ImageStore` was initialized with. This method is invoked when the `pull(...)` , `load(...)` and `tag(...)` methods are used. + /// - Returns: A `Containerization.Image` + @discardableResult + public func create(description: Image.Description) async throws -> Image { + try await self.lock.withLock { ctx in + try await self._create(description: description, lock: ctx) + } + } + + @discardableResult + internal func _create(description: Image.Description, lock: AsyncLock.Context) async throws -> Image { + try await self.referenceManager.create(description: description) + return Image(description: description, contentStore: self.contentStore) + } + + /// Delete an image from the `ImageStore`. + /// + /// - Parameters: + /// - reference: Name of the image that is to be deleted. + /// - performCleanup: Perform a garbage collection on the `ContentStore`, removing all unreferenced image layers and manifests, + public func delete(reference: String, performCleanup: Bool = false) async throws { + try await self.lock.withLock { lockCtx in + try await self.referenceManager.delete(reference: reference) + if performCleanup { + try await self._cleanUpOrphanedBlobs(lockCtx) + } + } + } + + /// Clean up orphaned blobs that are no longer referenced by any image. + /// + /// - Returns: Returns a tuple of `(deleted, freed)`. + /// `deleted` : A list of the names of the content items that were deleted from the `ContentStore`, + /// `freed` : The total size of the items that were deleted. + @discardableResult + public func cleanUpOrphanedBlobs() async throws -> (deleted: [String], freed: UInt64) { + try await self.lock.withLock { lockCtx in + try await self._cleanUpOrphanedBlobs(lockCtx) + } + } + + /// Calculate the size of orphaned blobs without deleting them. + /// + /// - Returns: The total size in bytes of blobs that are not referenced by any image. + public func calculateOrphanedBlobsSize() async throws -> UInt64 { + try await self.lock.withLock { lockCtx in + try await self._calculateOrphanedBlobsSize(lockCtx) + } + } + + @discardableResult + private func _cleanUpOrphanedBlobs(_ lock: AsyncLock.Context) async throws -> (deleted: [String], freed: UInt64) { + let images = try await self.list() + var referenced: [String] = [] + for image in images { + try await referenced.append(contentsOf: image.referencedDigests().uniqued()) + } + let (deleted, size) = try await self.contentStore.delete(keeping: referenced) + return (deleted, size) + } + + private func _calculateOrphanedBlobsSize(_ lock: AsyncLock.Context) async throws -> UInt64 { + let images = try await self.list() + var referenced: [String] = [] + for image in images { + try await referenced.append(contentsOf: image.referencedDigests().uniqued()) + } + + // Calculate size of blobs not in the referenced list + let referencedSet = Set(referenced.map { $0.trimmingDigestPrefix }) + let blobsPath = self.path.appendingPathComponent("content/blobs/sha256") + + let fileManager = FileManager.default + let allBlobs = try fileManager.contentsOfDirectory( + at: blobsPath, + includingPropertiesForKeys: [.fileSizeKey], + options: [.skipsHiddenFiles] + ) + + var orphanedSize: UInt64 = 0 + for blobURL in allBlobs { + let digest = blobURL.lastPathComponent + if !referencedSet.contains(digest) { + if let resourceValues = try? blobURL.resourceValues(forKeys: [.fileSizeKey]), + let size = resourceValues.fileSize + { + orphanedSize += UInt64(size) + } + } + } + + return orphanedSize + } + + /// Tag an existing image such that it can be referenced by another name. + /// + /// - Parameters: + /// - existing: The reference to an image that already exists in the `ImageStore`. + /// - new: The new reference by which the image should also be referenced as. + /// - Note: The new image created in the `ImageStore` will have the same `Image.Description` + /// as that of the image with reference `existing.` + /// - Returns: A `Containerization.Image` object to the newly created image. + public func tag(existing: String, new: String) async throws -> Image { + let old = try await self.get(reference: existing) + let descriptor = old.descriptor + do { + _ = try Reference.parse(new) + } catch { + throw ContainerizationError(.invalidArgument, message: "invalid reference \(new), error: \(error)") + } + let newDescription = Image.Description(reference: new, descriptor: descriptor) + return try await self.create(description: newDescription) + } +} + +extension ImageStore { + /// Pull an image and its associated manifest and blob layers from a remote registry. + /// + /// - Parameters: + /// - reference: A string that references an image in a remote registry of the form `[:]/repository:` + /// For example: "docker.io/library/alpine:latest". + /// - platform: An optional parameter to indicate the platform to be pulled for the image. + /// Defaults to `nil` signifying that layers for all supported platforms by the image will be pulled. + /// - insecure: A boolean indicating if the connection to the remote registry should be made via plain-text http or not. + /// Defaults to false, meaning the connection to the registry will be over https. + /// - auth: An object that implements the `Authentication` protocol, + /// used to add any credentials to the HTTP requests that are made to the registry. + /// Defaults to `nil` meaning no additional credentials are added to any HTTP requests made to the registry. + /// - progress: An optional handler over which progress update events about the pull operation can be received. + /// + /// - Returns: A `Containerization.Image` object to the newly pulled image. + public func pull( + reference: String, platform: Platform? = nil, insecure: Bool = false, + auth: Authentication? = nil, progress: ProgressHandler? = nil, maxConcurrentDownloads: Int = 3 + ) async throws -> Image { + + let matcher = createPlatformMatcher(for: platform) + let client = try RegistryClient(reference: reference, insecure: insecure, auth: auth, tlsConfiguration: TLSUtils.makeEnvironmentAwareTLSConfiguration()) + + let ref = try Reference.parse(reference) + let name = ref.path + guard let tag = ref.tag ?? ref.digest else { + throw ContainerizationError(.invalidArgument, message: "invalid tag/digest for image reference \(reference)") + } + + let rootDescriptor = try await client.resolve(name: name, tag: tag) + let (id, tempDir) = try await self.contentStore.newIngestSession() + let operation = ImportOperation( + name: name, contentStore: self.contentStore, client: client, ingestDir: tempDir, progress: progress, maxConcurrentDownloads: maxConcurrentDownloads) + do { + let index = try await operation.import(root: rootDescriptor, matcher: matcher) + return try await self.lock.withLock { lock in + try await self.contentStore.completeIngestSession(id) + let description = Image.Description(reference: reference, descriptor: index) + let image = try await self._create(description: description, lock: lock) + return image + } + } catch { + try? await self.contentStore.cancelIngestSession(id) + throw error + } + } + + /// Push an image and its associated manifest and blob layers to a remote registry. + /// + /// - Parameters: + /// - reference: A string that references an image in the `ImageStore`. It must be of the form `[:]/repository:` + /// For example: "ghcr.io/foo-bar-baz/image:v1". + /// - platform: An optional parameter to indicate the platform to be pushed for the image. + /// Defaults to `nil` signifying that layers for all supported platforms by the image will be pushed to the remote registry. + /// - insecure: A boolean indicating if the connection to the remote registry should be made via plain-text http or not. + /// Defaults to false, meaning the connection to the registry will be over https. + /// - auth: An object that implements the `Authentication` protocol, + /// used to add any credentials to the HTTP requests that are made to the registry. + /// Defaults to `nil` meaning no additional credentials are added to any HTTP requests made to the registry. + /// - progress: An optional handler over which progress update events about the push operation can be received. + /// + public func push(reference: String, platform: Platform? = nil, insecure: Bool = false, auth: Authentication? = nil, progress: ProgressHandler? = nil) async throws { + let matcher = createPlatformMatcher(for: platform) + let client = try RegistryClient(reference: reference, insecure: insecure, auth: auth, tlsConfiguration: TLSUtils.makeEnvironmentAwareTLSConfiguration()) + try await self.pushSingle(reference: reference, client: client, matcher: matcher, progress: progress) + } + + /// Push multiple image references to a remote registry, sharing a single ``RegistryClient``. + /// + /// All references must resolve to the same registry host. Passing references that target + /// different hosts throws a ``ContainerizationError`` with code ``invalidArgument``. + /// + /// - Parameters: + /// - references: An array of fully qualified image reference strings to push. + /// Each must include a host (e.g., `"ghcr.io/myrepo/myimage:v1"`). + /// - platform: An optional parameter to indicate the platform to be pushed for each image. + /// Defaults to `nil` signifying that layers for all supported platforms will be pushed. + /// - insecure: A boolean indicating if the connection to the remote registry should be made via plain-text http or not. + /// Defaults to false, meaning the connection to the registry will be over https. + /// - auth: An object that implements the `Authentication` protocol, + /// used to add any credentials to the HTTP requests that are made to the registry. + /// Defaults to `nil` meaning no additional credentials are added to any HTTP requests made to the registry. + /// - maxConcurrentUploads: Maximum number of concurrent tag pushes. Defaults to 3. + /// - progress: An optional handler over which progress update events about the push operations can be received. + /// + public func push( + references: [String], platform: Platform? = nil, insecure: Bool = false, + auth: Authentication? = nil, maxConcurrentUploads: Int = 3, progress: ProgressHandler? = nil + ) async throws { + guard let firstReference = references.first else { + return + } + + // Parse all references upfront: validate hosts and avoid re-parsing inside tasks. + let parsed = try references.map { ref in try Reference.parse(ref) } + let hosts = parsed.compactMap { $0.resolvedDomain } + guard hosts.count == references.count else { + throw ContainerizationError(.invalidArgument, message: "all references must include a host") + } + let uniqueHosts = Set(hosts) + guard uniqueHosts.count == 1 else { + throw ContainerizationError( + .invalidArgument, + message: "all references must target the same registry host, got: \(uniqueHosts.sorted().joined(separator: ", "))") + } + + let matcher = createPlatformMatcher(for: platform) + let client = try RegistryClient( + reference: firstReference, insecure: insecure, auth: auth, + tlsConfiguration: TLSUtils.makeEnvironmentAwareTLSConfiguration()) + + let pushOne: @Sendable (String) async -> (String, String?) = { reference in + do { + try await self.pushSingle(reference: reference, client: client, matcher: matcher, progress: progress) + return (reference, nil) + } catch { + return (reference, String(describing: error)) + } + } + + var iterator = references.makeIterator() + var failures: [(reference: String, message: String)] = [] + + await withTaskGroup(of: (String, String?).self) { group in + for _ in 0.. Bool, progress: ProgressHandler? + ) async throws { + let allowedMediaTypes = [MediaTypes.dockerManifestList, MediaTypes.index] + let img = try await self.get(reference: reference) + guard allowedMediaTypes.contains(img.mediaType) else { + throw ContainerizationError(.internalError, message: "cannot push image \(reference): unsupported media type \(img.mediaType), expected an index or manifest list") + } + let ref = try Reference.parse(reference) + guard let tag = ref.tag ?? ref.digest else { + throw ContainerizationError(.invalidArgument, message: "invalid tag/digest for image reference \(reference)") + } + let operation = ExportOperation(name: ref.path, tag: tag, contentStore: self.contentStore, client: client, progress: progress) + try await operation.export(index: img.descriptor, platforms: matcher) + } +} + +extension ImageStore { + /// Get the image for the init block from the image store. + /// If the image does not exist locally, pull the image. + public func getInitImage(reference: String, auth: Authentication? = nil, progress: ProgressHandler? = nil) async throws -> InitImage { + do { + let image = try await self.get(reference: reference) + return InitImage(image: image) + } catch let error as ContainerizationError { + if error.code == .notFound { + let image = try await self.pull(reference: reference, auth: auth, progress: progress) + return InitImage(image: image) + } + throw error + } + } +} diff --git a/Sources/Containerization/Image/InitImage.swift b/Sources/Containerization/Image/InitImage.swift new file mode 100644 index 0000000..a63f0dc --- /dev/null +++ b/Sources/Containerization/Image/InitImage.swift @@ -0,0 +1,85 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationOCI +import Foundation + +/// Data representing the image to use as the root filesystem for a virtual machine. +/// Typically this image would contain the guest agent used to facilitate container +/// workloads, as well as any extras that may be useful to have in the guest. +public struct InitImage: Sendable { + public var name: String { image.reference } + + let image: Image + + public init(image: Image) { + self.image = image + } +} + +extension InitImage { + /// Unpack the initial filesystem for the desired platform at a given path. + public func initBlock(at: URL, for platform: SystemPlatform) async throws -> Mount { + let unpacker = EXT4Unpacker(blockSizeInBytes: 512.mib()) + var fs = try await unpacker.unpack(self.image, for: platform.ociPlatform(), at: at) + fs.options = ["ro"] + return fs + } + + /// Create a new InitImage with the reference as the name. + /// The `rootfs` parameter must be a tar.gz file whose contents make up the filesystem for the image. + public static func create( + reference: String, rootfs: URL, platform: Platform, + labels: [String: String] = [:], imageStore: ImageStore, contentStore: ContentStore + ) async throws -> InitImage { + + let indexDescriptorStore = AsyncStore() + try await contentStore.ingest { dir in + let writer = try ContentWriter(for: dir) + var result = try writer.create(from: rootfs) + let layerDescriptor = Descriptor(mediaType: ContainerizationOCI.MediaTypes.imageLayerGzip, digest: result.digest.digestString, size: result.size) + + // TODO: compute and fill in the correct diffID for the above layer + // We currently put in the sha of the fully compressed layer, this needs to be replaced with + // the sha of the uncompressed layer. + let rootfsConfig = ContainerizationOCI.Rootfs(type: "layers", diffIDs: [result.digest.digestString]) + let runtimeConfig = ContainerizationOCI.ImageConfig(labels: labels) + let imageConfig = ContainerizationOCI.Image(architecture: platform.architecture, os: platform.os, config: runtimeConfig, rootfs: rootfsConfig) + result = try writer.create(from: imageConfig) + let configDescriptor = Descriptor(mediaType: ContainerizationOCI.MediaTypes.imageConfig, digest: result.digest.digestString, size: result.size) + + let manifest = Manifest(config: configDescriptor, layers: [layerDescriptor]) + result = try writer.create(from: manifest) + let manifestDescriptor = Descriptor(mediaType: ContainerizationOCI.MediaTypes.imageManifest, digest: result.digest.digestString, size: result.size, platform: platform) + + let index = ContainerizationOCI.Index(manifests: [manifestDescriptor]) + result = try writer.create(from: index) + + let indexDescriptor = Descriptor(mediaType: ContainerizationOCI.MediaTypes.index, digest: result.digest.digestString, size: result.size) + await indexDescriptorStore.set(indexDescriptor) + + } + + guard let indexDescriptor = await indexDescriptorStore.get() else { + throw ContainerizationError(.notFound, message: "image for \(reference) not found") + } + + let description = Image.Description(reference: reference, descriptor: indexDescriptor) + let image = try await imageStore.create(description: description) + return InitImage(image: image) + } +} diff --git a/Sources/Containerization/Image/KernelImage.swift b/Sources/Containerization/Image/KernelImage.swift new file mode 100644 index 0000000..9a64c6f --- /dev/null +++ b/Sources/Containerization/Image/KernelImage.swift @@ -0,0 +1,94 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationOCI +import Foundation + +/// A multi-arch kernel image represented by an OCI image. +public struct KernelImage: Sendable { + /// The media type for a kernel image. + public static let mediaType = "application/vnd.apple.containerization.kernel" + + /// The name or reference of the image. + public var name: String { image.reference } + + let image: Image + + public init(image: Image) { + self.image = image + } +} + +extension KernelImage { + /// Return the kernel from a multi arch image for a specific system platform. + public func kernel(for platform: SystemPlatform) async throws -> Kernel { + let manifest = try await image.manifest(for: platform.ociPlatform()) + guard let descriptor = manifest.layers.first, descriptor.mediaType == Self.mediaType else { + throw ContainerizationError(.notFound, message: "kernel descriptor for \(platform) not found") + } + let content = try await image.getContent(digest: descriptor.digest) + return Kernel( + path: content.path, + platform: platform + ) + } + + /// Create a new kernel image with the reference as the name. + /// This will create a multi arch image containing kernel's for each provided architecture. + public static func create(reference: String, binaries: [Kernel], labels: [String: String] = [:], imageStore: ImageStore, contentStore: ContentStore) async throws -> KernelImage + { + let indexDescriptorStore = AsyncStore() + try await contentStore.ingest { ingestPath in + var descriptors = [Descriptor]() + let writer = try ContentWriter(for: ingestPath) + + for kernel in binaries { + var result = try writer.create(from: kernel.path) + let platform = kernel.platform.ociPlatform() + let layerDescriptor = Descriptor( + mediaType: mediaType, + digest: result.digest.digestString, + size: result.size, + platform: platform) + let rootfsConfig = ContainerizationOCI.Rootfs(type: "layers", diffIDs: [result.digest.digestString]) + let runtimeConfig = ContainerizationOCI.ImageConfig(labels: labels) + let imageConfig = ContainerizationOCI.Image(architecture: platform.architecture, os: platform.os, config: runtimeConfig, rootfs: rootfsConfig) + + result = try writer.create(from: imageConfig) + let configDescriptor = Descriptor(mediaType: ContainerizationOCI.MediaTypes.imageConfig, digest: result.digest.digestString, size: result.size) + + let manifest = Manifest(config: configDescriptor, layers: [layerDescriptor]) + result = try writer.create(from: manifest) + let manifestDescriptor = Descriptor( + mediaType: ContainerizationOCI.MediaTypes.imageManifest, digest: result.digest.digestString, size: result.size, platform: platform) + descriptors.append(manifestDescriptor) + } + let index = ContainerizationOCI.Index(manifests: descriptors) + let result = try writer.create(from: index) + let indexDescriptor = Descriptor(mediaType: ContainerizationOCI.MediaTypes.index, digest: result.digest.digestString, size: result.size) + await indexDescriptorStore.set(indexDescriptor) + } + + guard let indexDescriptor = await indexDescriptorStore.get() else { + throw ContainerizationError(.notFound, message: "image for \(reference) not found") + } + + let description = Image.Description(reference: reference, descriptor: indexDescriptor) + let image = try await imageStore.create(description: description) + return KernelImage(image: image) + } +} diff --git a/Sources/Containerization/Image/Unpacker/EXT4Unpacker.swift b/Sources/Containerization/Image/Unpacker/EXT4Unpacker.swift new file mode 100644 index 0000000..0e9609b --- /dev/null +++ b/Sources/Containerization/Image/Unpacker/EXT4Unpacker.swift @@ -0,0 +1,169 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationArchive +import ContainerizationEXT4 +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation +import SystemPackage + +public struct EXT4Unpacker: Unpacker { + let blockSizeInBytes: UInt64 + + let journal: EXT4.JournalConfig? + + /// Creates an unpacker that extracts images into EXT4 filesystems. + /// - Parameters: + /// - blockSizeInBytes: The filesystem block size. + /// - journal: The journal configuration to use, or nil for no journaling. + public init(blockSizeInBytes: UInt64, journal: EXT4.JournalConfig? = nil) { + self.blockSizeInBytes = blockSizeInBytes + self.journal = journal + } + + /// Performs the unpacking of a tar archive into a filesystem. + /// - Parameters: + /// - archive: The archive to unpack. + /// - compression: The compression to use when unpacking the image. + /// - path: The path to the filesystem that will be created. + public func unpack( + archive: URL, + compression: ContainerizationArchive.Filter, + at path: URL + ) async throws { + let cleanedPath = try prepareUnpackPath(path: path) + let filesystem = try EXT4.Formatter( + FilePath(cleanedPath), + minDiskSize: blockSizeInBytes, + journal: journal + ) + defer { try? filesystem.close() } + + try await filesystem.unpack( + source: archive, + format: .paxRestricted, + compression: compression + ) + } + + /// Returns a `Mount` point after unpacking the image into a filesystem. + /// - Parameters: + /// - image: The image to unpack. + /// - platform: The platform content to unpack. + /// - path: The path to the directory where the filesystem will be created. + /// - progress: The progress handler to invoke as the unpacking progresses. + public func unpack( + _ image: Image, + for platform: Platform, + at path: URL, + progress: ProgressHandler? = nil + ) async throws -> Mount { + let cleanedPath = try prepareUnpackPath(path: path) + let manifest = try await image.manifest(for: platform) + let filesystem = try EXT4.Formatter( + FilePath( + cleanedPath + ), + minDiskSize: blockSizeInBytes + ) + defer { try? filesystem.close() } + + // Resolve layer paths upfront. When progress reporting is enabled and a layer + // uses zstd, decompress once so both the size-scanning pass and the unpack + // pass share the same decompressed file. + var resolvedLayers: [(file: URL, filter: ContainerizationArchive.Filter)] = [] + var decompressedFiles: [URL] = [] + for layer in manifest.layers { + try Task.checkCancellation() + let content = try await image.getContent(digest: layer.digest) + let compression = try compressionFilter(for: layer.mediaType) + if progress != nil && compression == .zstd { + let decompressed = try ArchiveReader.decompressZstd(content.path) + decompressedFiles.append(decompressed) + resolvedLayers.append((file: decompressed, filter: .none)) + } else { + resolvedLayers.append((file: content.path, filter: compression)) + } + } + defer { + for file in decompressedFiles { + ArchiveReader.cleanUpDecompressedZstd(file) + } + } + + if let progress { + var totalSize: Int64 = 0 + var totalItems: Int = 0 + for layer in resolvedLayers { + try Task.checkCancellation() + let totals = try EXT4.Formatter.scanArchiveHeaders( + format: .paxRestricted, filter: layer.filter, file: layer.file) + totalSize += totals.size + totalItems += totals.items + } + var totalEvents: [ProgressEvent] = [] + if totalSize > 0 { + totalEvents.append(.addTotalSize(totalSize)) + } + if totalItems > 0 { + totalEvents.append(.addTotalItems(totalItems)) + } + if !totalEvents.isEmpty { + await progress(totalEvents) + } + } + + for resolved in resolvedLayers { + try Task.checkCancellation() + let reader = try ArchiveReader( + format: .paxRestricted, + filter: resolved.filter, + file: resolved.file + ) + try await filesystem.unpack(reader: reader, progress: progress) + } + + return .block( + format: "ext4", + source: cleanedPath, + destination: "/", + options: [] + ) + } + + private func prepareUnpackPath(path: URL) throws -> String { + let blockPath = path.absolutePath() + guard !FileManager.default.fileExists(atPath: blockPath) else { + throw ContainerizationError(.exists, message: "block device already exists at \(blockPath)") + } + return blockPath + } + + private func compressionFilter(for mediaType: String) throws -> ContainerizationArchive.Filter { + switch mediaType { + case MediaTypes.imageLayer, MediaTypes.dockerImageLayer: + return .none + case MediaTypes.imageLayerGzip, MediaTypes.dockerImageLayerGzip: + return .gzip + case MediaTypes.imageLayerZstd, MediaTypes.dockerImageLayerZstd: + return .zstd + default: + throw ContainerizationError(.unsupported, message: "media type \(mediaType) not supported.") + } + } +} diff --git a/Sources/Containerization/Image/Unpacker/Unpacker.swift b/Sources/Containerization/Image/Unpacker/Unpacker.swift new file mode 100644 index 0000000..d188b2c --- /dev/null +++ b/Sources/Containerization/Image/Unpacker/Unpacker.swift @@ -0,0 +1,40 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +/// The `Unpacker` protocol defines a standardized interface that involves +/// decompressing, extracting image layers and preparing it for use. +/// +/// The `Unpacker` is responsible for managing the lifecycle of the +/// unpacking process, including any temporary files or resources, until the +/// `Mount` object is produced. +public protocol Unpacker { + + /// Unpacks the provided image to a specified path for a given platform. + /// + /// This asynchronous method should handle the entire unpacking process, from reading + /// the `Image` layers for the given `Platform` via its `Manifest`, + /// to making the extracted contents available as a `Mount`. + /// Implementations of this method may apply platform-specific optimizations + /// or transformations during the unpacking. + /// + /// Progress updates can be observed via the optional `progress` handler. + func unpack(_ image: Image, for platform: Platform, at path: URL, progress: ProgressHandler?) async throws -> Mount + +} diff --git a/Sources/Containerization/Interface.swift b/Sources/Containerization/Interface.swift new file mode 100644 index 0000000..a95c58f --- /dev/null +++ b/Sources/Containerization/Interface.swift @@ -0,0 +1,46 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras + +/// A network interface. +public protocol Interface: Sendable { + /// The interface IPv4 address and subnet prefix length, as a CIDR address. + /// Example: `192.168.64.3/24` + var ipv4Address: CIDRv4 { get } + + /// The IPv4 gateway address for the default route, or nil for no IPv4 default route. + var ipv4Gateway: IPv4Address? { get } + + /// The interface IPv6 address and subnet prefix length, as a CIDRv6 address, or nil for no IPv6 address. + /// Example: `fd00::1/64` + var ipv6Address: CIDRv6? { get } + + /// The IPv6 gateway address for the default route, or nil for no IPv6 default route. + var ipv6Gateway: IPv6Address? { get } + + /// The interface MAC address, or nil to auto-configure the address. + var macAddress: MACAddress? { get } + + /// The interface MTU (Maximum Transmission Unit). + var mtu: UInt32 { get } +} + +extension Interface { + public var mtu: UInt32 { 1500 } + public var ipv6Address: CIDRv6? { nil } + public var ipv6Gateway: IPv6Address? { nil } +} diff --git a/Sources/Containerization/IptablesRules.swift b/Sources/Containerization/IptablesRules.swift new file mode 100644 index 0000000..a62e21c --- /dev/null +++ b/Sources/Containerization/IptablesRules.swift @@ -0,0 +1,106 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import ContainerizationOS +import Foundation + +/// Thin idempotent wrappers around the `iptables` CLI for use by +/// `BridgeManager`. We don't program nftables directly; modern distros +/// ship the `iptables` binary as a shim over nftables and it's universally +/// available. +enum IptablesRules { + /// Add a rule unless it already exists. `args` is the rule body + /// excluding the leading action (`-A`/`-C`/`-D`). + /// + /// Implementation: run `iptables -C ` first; if exit 0, the rule + /// exists already — return. Otherwise run `iptables -A ` and + /// throw on non-zero exit. + static func ensure(table: String? = nil, args: [String]) throws { + let tableArgs = table.map { ["-t", $0] } ?? [] + let check = try run(args: tableArgs + ["-C"] + args) + if check.exit == 0 { return } + let add = try run(args: tableArgs + ["-A"] + args) + if add.exit != 0 { + throw ContainerizationError( + .internalError, + message: """ + iptables -A \(args.joined(separator: " ")) failed (exit \(add.exit))\ + \(add.stderr.isEmpty ? "" : ": \(add.stderr)") + """ + ) + } + } + + /// Best-effort delete. Ignores non-zero exit (rule may not exist). + static func remove(table: String? = nil, args: [String]) { + let tableArgs = table.map { ["-t", $0] } ?? [] + _ = try? run(args: tableArgs + ["-D"] + args) + } + + /// Captured outcome of a single `iptables` invocation. + private struct InvocationResult { + let exit: Int32 + let stderr: String + } + + /// Run `iptables` with the given args, returning the exit status and any + /// stderr the binary emitted. Throws if no `iptables` binary is found. + private static func run(args: [String]) throws -> InvocationResult { + // ContainerizationOS.Command uses execve() under the hood, which + // requires an absolute path. Probe the two paths iptables actually + // ships at on Linux distros — /usr/sbin first (Debian, Ubuntu, + // Fedora, Alpine, RHEL), then /sbin (older / busybox-style). + let candidates = ["/usr/sbin/iptables", "/sbin/iptables"] + // Open /dev/null fresh rather than using FileHandle.nullDevice: + // swift-corelibs-foundation's nullDevice uses a sentinel fd that + // doesn't survive dup2() in Command's child, producing EBADF on exec. + // Capture stderr through a pipe so failures surface with the actual + // iptables error (locked xtables, missing kernel module, conflicting + // rule) instead of an opaque exit code. + let devNullOut = FileHandle(forWritingAtPath: "/dev/null") + let stderrPipe = Pipe() + defer { + try? devNullOut?.close() + try? stderrPipe.fileHandleForReading.close() + } + for path in candidates where FileManager.default.isExecutableFile(atPath: path) { + // `-w` makes iptables block on the xtables lock rather than + // failing (exit 4) when another actor — a sibling BridgeManager on + // a different bridge, Docker, firewalld — is mid-iptables. Accepted + // by both legacy iptables and the nft shim. + var cmd = Command(path, arguments: ["-w"] + args) + cmd.stdout = devNullOut + cmd.stderr = stderrPipe.fileHandleForWriting + try cmd.start() + // Close the parent's write end so the read end sees EOF when + // iptables exits, even if iptables itself never writes anything. + try? stderrPipe.fileHandleForWriting.close() + let exit = try cmd.wait() + let data = (try? stderrPipe.fileHandleForReading.readToEnd()) ?? Data() + let stderr = + String(data: data, encoding: .utf8)? + .trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + return InvocationResult(exit: exit, stderr: stderr) + } + throw ContainerizationError( + .notFound, + message: "iptables not found at /usr/sbin/iptables or /sbin/iptables; install iptables (or its nftables shim)" + ) + } +} +#endif diff --git a/Sources/Containerization/Kernel+Commandline.swift b/Sources/Containerization/Kernel+Commandline.swift new file mode 100644 index 0000000..a5ff83c --- /dev/null +++ b/Sources/Containerization/Kernel+Commandline.swift @@ -0,0 +1,50 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension Kernel { + /// Build the `init=/sbin/vminitd` Linux kernel command line for the given + /// rootfs type. Used by both the VZ and cloud-hypervisor backends since + /// the guest's vminitd init contract is identical across VMMs. + func linuxCommandline(initialFilesystem: Mount) -> String { + var args = self.commandLine.kernelArgs + + args.append("init=/sbin/vminitd") + // rootfs is always mounted read-only. + args.append("ro") + + switch initialFilesystem.type { + case "virtiofs": + args.append(contentsOf: [ + "rootfstype=virtiofs", + "root=rootfs", + ]) + case "ext4": + args.append(contentsOf: [ + "rootfstype=ext4", + "root=/dev/vda", + ]) + default: + fatalError("unsupported initfs filesystem \(initialFilesystem.type)") + } + + if self.commandLine.initArgs.count > 0 { + args.append("--") + args.append(contentsOf: self.commandLine.initArgs) + } + + return args.joined(separator: " ") + } +} diff --git a/Sources/Containerization/Kernel.swift b/Sources/Containerization/Kernel.swift new file mode 100644 index 0000000..c4c2468 --- /dev/null +++ b/Sources/Containerization/Kernel.swift @@ -0,0 +1,101 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Logging + +/// An object representing a Linux kernel used to boot a virtual machine. +/// In addition to a path to the kernel itself, this type stores relevant +/// data such as the commandline to pass to the kernel, and init arguments. +public struct Kernel: Sendable, Codable { + /// The command line arguments passed to the kernel on boot. + public struct CommandLine: Sendable, Codable { + public static let kernelDefaults = [ + "console=hvc0", + "tsc=reliable", + ] + + /// Adds the debug argument to the kernel commandline. + mutating public func addDebug() { + self.kernelArgs.append("debug") + } + + /// Adds a panic level to the kernel commandline. + mutating public func addPanic(level: Int) { + self.kernelArgs.append("panic=\(level)") + } + + // Sets the log level for the Agent + mutating public func setAgentLogLevel(level: Logger.Level) { + self.initArgs.append(contentsOf: ["--log-level", level.description]) + } + + /// Additional kernel arguments. + public var kernelArgs: [String] + /// Additional arguments passed to the Initial Process / Agent. + public var initArgs: [String] + + /// Initializes the kernel commandline using the mix of kernel arguments + /// and init arguments. + public init( + kernelArgs: [String] = kernelDefaults, + initArgs: [String] = [] + ) { + self.kernelArgs = kernelArgs + self.initArgs = initArgs + } + + /// Initializes the kernel commandline to the defaults of Self.kernelDefaults, + /// adds a debug and panic flag as instructed, and optionally a set of init + /// process flags to supply to vminitd. + public init(debug: Bool, panic: Int, initArgs: [String] = []) { + var args = Self.kernelDefaults + if debug { + args.append("debug") + } + args.append("panic=\(panic)") + self.kernelArgs = args + self.initArgs = initArgs + } + } + + /// Path on disk to the kernel binary. + public var path: URL + /// Platform for the kernel. + public var platform: SystemPlatform + /// Kernel and init process command line. + public var commandLine: Self.CommandLine + + /// Kernel command line arguments. + public var kernelArgs: [String] { + self.commandLine.kernelArgs + } + + /// Init process arguments. + public var initArgs: [String] { + self.commandLine.initArgs + } + + public init( + path: URL, + platform: SystemPlatform, + commandline: Self.CommandLine = CommandLine(debug: false, panic: 0) + ) { + self.path = path + self.platform = platform + self.commandLine = commandline + } +} diff --git a/Sources/Containerization/LinuxBridgedNetwork.swift b/Sources/Containerization/LinuxBridgedNetwork.swift new file mode 100644 index 0000000..de62ab6 --- /dev/null +++ b/Sources/Containerization/LinuxBridgedNetwork.swift @@ -0,0 +1,181 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import ContainerizationExtras +import ContainerizationNetlink +import Crypto +import Foundation + +/// A `Network` implementation backed by Linux TAP devices, optionally +/// enslaved to a pre-existing bridge. The bridge itself is **not** managed +/// by this type — callers own its creation, teardown, and any NAT/firewall +/// rules. This abstraction only handles per-VM TAP lifecycle and IPv4 +/// address allocation within a configured subnet. +/// +/// Mirrors the `VmnetNetwork` shape on macOS so the two backends are +/// interchangeable from a `LinuxContainer`/`Network` consumer's POV. +/// +/// Requires `CAP_NET_ADMIN` for TAP creation and bridge enslavement. +public struct LinuxBridgedNetwork: Network { + /// The IPv4 subnet from which container interfaces are allocated. + public let subnet: CIDRv4 + /// The default-route gateway for containers attached to this network. + public let ipv4Gateway: IPv4Address + /// Optional bridge name to enslave each created TAP to. + public let bridge: String? + /// MTU applied to every TAP this network creates. + public let mtu: UInt32 + + private var allocator: Allocator + private var taps: [String: TAPDevice] + + /// Per-id rotating IPv4 allocator. Mirrors `VmnetNetwork.Allocator` + /// verbatim: lower bound = `subnet.lower + 2` (gateway = `lower + 1`, + /// network = `lower`), size = `upper - lower - 3` (broadcast = `upper`, + /// also reserved). + struct Allocator: Sendable { + private let addressAllocator: any AddressAllocator + private let cidr: CIDRv4 + private var allocations: [String: UInt32] + + init(cidr: CIDRv4) throws { + self.cidr = cidr + self.allocations = [:] + let span = cidr.upper.value - cidr.lower.value + guard span >= 4 else { + throw ContainerizationError( + .invalidArgument, + message: "subnet \(cidr) has no usable host addresses (need at least 4)" + ) + } + let size = Int(span - 3) + self.addressAllocator = try UInt32.rotatingAllocator( + lower: cidr.lower.value + 2, + size: UInt32(size) + ) + } + + mutating func allocate(_ id: String) throws -> CIDRv4 { + if allocations[id] != nil { + throw ContainerizationError( + .exists, + message: "allocation with id \(id) already exists" + ) + } + let index = try addressAllocator.allocate() + allocations[id] = index + return try CIDRv4(IPv4Address(index), prefix: cidr.prefix) + } + + mutating func release(_ id: String) throws { + if let index = allocations[id] { + try addressAllocator.release(index) + allocations.removeValue(forKey: id) + } + } + } + + /// Create a Linux bridged network. + /// + /// - Parameters: + /// - subnet: The IPv4 subnet to allocate container addresses from. + /// - gateway: Default-route gateway IPv4. If nil, defaults to + /// `subnet.gateway` (= `lower + 1`). + /// - bridge: Existing bridge name to enslave each TAP to, or nil for + /// standalone TAPs. Validated at init time via netlink. + /// - mtu: MTU applied to every created TAP (default 1500). + public init( + subnet: CIDRv4, + gateway: IPv4Address? = nil, + bridge: String? = nil, + mtu: UInt32 = 1500 + ) throws { + self.subnet = subnet + self.ipv4Gateway = gateway ?? subnet.gateway + self.bridge = bridge + self.mtu = mtu + self.allocator = try Allocator(cidr: subnet) + self.taps = [:] + + if let bridge { + // Validate via the public linkGet — empty result or netlink error + // means the bridge does not exist or is unreachable. + let session = try NetlinkSession(socket: DefaultNetlinkSocket()) + do { + let links = try session.linkGet(interface: bridge) + guard !links.isEmpty else { + throw ContainerizationError( + .notFound, + message: "bridge \(bridge) not found" + ) + } + } catch let err as ContainerizationError { + throw err + } catch { + throw ContainerizationError( + .notFound, + message: "bridge \(bridge) not found: \(error)" + ) + } + } + } + + public mutating func createInterface(_ id: String) throws -> Interface? { + let cidr = try allocator.allocate(id) + let tapName = Self.derivedTAPName(forID: id) + + let device: TAPDevice + do { + device = try TAPDevice( + name: tapName, + bridge: bridge, + mtu: mtu, + macAddress: nil + ) + } catch { + // Roll back the allocator so the IP isn't leaked. + try? allocator.release(id) + throw error + } + taps[id] = device + + return TAPInterface( + tapName: device.name, + ipv4Address: cidr, + ipv4Gateway: ipv4Gateway, + macAddress: nil, + mtu: mtu + ) + } + + public mutating func releaseInterface(_ id: String) throws { + if let device = taps.removeValue(forKey: id) { + device.close() + } + try allocator.release(id) + } + + /// Derive a deterministic, IFNAMSIZ-compliant TAP name from a container id. + /// Format: `czt-<10 hex chars>` (14 chars total; IFNAMSIZ-1 = 15). + static func derivedTAPName(forID id: String) -> String { + let hash = SHA256.hash(data: Data(id.utf8)) + let hex = hash.map { String(format: "%02x", $0) }.joined() + return "czt-" + String(hex.prefix(10)) + } +} +#endif diff --git a/Sources/Containerization/LinuxContainer.swift b/Sources/Containerization/LinuxContainer.swift new file mode 100644 index 0000000..e24bdf6 --- /dev/null +++ b/Sources/Containerization/LinuxContainer.swift @@ -0,0 +1,1531 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationArchive +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging +import Synchronization +import SystemPackage + +import struct ContainerizationOS.Terminal + +/// `LinuxContainer` is an easy to use type for launching and managing the +/// full lifecycle of a Linux container ran inside of a virtual machine. +public final class LinuxContainer: Container, Sendable { + public static let maxIDLength = 64 + + /// The identifier of the container. + public let id: String + + /// Rootfs for the container. + /// + /// Note: The `destination` field of this mount is ignored as mounting is handled internally. + public let rootfs: Mount + + /// Optional writable layer for the container. When provided, the rootfs + /// is mounted as the lower layer of an overlayfs, with this as the upper layer. + /// All writes will go to this layer instead of the rootfs. + /// + /// Note: The `destination` field of this mount is ignored as mounting is handled internally. + public let writableLayer: Mount? + + /// Configuration for the container. + public let config: Configuration + + /// The configuration for the LinuxContainer. + public struct Configuration: Sendable { + /// Configuration for the init process of the container. + public var process = LinuxProcessConfiguration() + /// The amount of cpus for the container. + public var cpus: Int = 4 + /// The memory in bytes to give to the container. + public var memoryInBytes: UInt64 = 1024.mib() + /// The hostname for the container. + public var hostname: String? + /// The system control options for the container. + public var sysctl: [String: String] = [:] + /// The network interfaces for the container. + public var interfaces: [any Interface] = [] + /// The Unix domain socket relays to setup for the container. + public var sockets: [UnixSocketConfiguration] = [] + /// The mounts for the container. + public var mounts: [Mount] = LinuxContainer.defaultMounts() + /// Paths inside the container that vmexec hides from the workload. + /// Defaults to the OCI standard set (``LinuxContainer/defaultMaskedPaths()``), + /// matching the restricted capability baseline. Set to `[]` to opt out, + /// or append to extend it. + public var maskedPaths: [String] = LinuxContainer.defaultMaskedPaths() + /// Paths inside the container that vmexec marks read-only. + /// Defaults to the OCI standard set (``LinuxContainer/defaultReadonlyPaths()``), + /// matching the restricted capability baseline. Set to `[]` to opt out, + /// or append to extend it. + public var readonlyPaths: [String] = LinuxContainer.defaultReadonlyPaths() + /// The DNS configuration for the container. + public var dns: DNS? + /// The hosts to add to /etc/hosts for the container. + public var hosts: Hosts? + /// Enable nested virtualization support. + public var virtualization: Bool = false + /// Optional destination for serial boot logs. + public var bootLog: BootLog? + /// EXPERIMENTAL: Path in the root filesystem for the virtual + /// machine where the OCI runtime used to spawn the container lives. + public var ociRuntimePath: String? + /// Run the container with a minimal init process that handles signal + /// forwarding and zombie reaping. + public var useInit: Bool = false + /// Additional CPU cores to allocate for the virtual machine on top + /// of the container's configured `cpus` value. + public var cpuOverhead: Int = 1 + /// Additional memory in bytes to allocate for the virtual machine + /// on top of the container's configured `memoryInBytes` value. + /// The total is aligned to a 1 MiB boundary. + public var memoryOverhead: UInt64 = 128.mib() + + public init() {} + + public init( + process: LinuxProcessConfiguration, + cpus: Int = 4, + memoryInBytes: UInt64 = 1024.mib(), + hostname: String? = nil, + sysctl: [String: String] = [:], + interfaces: [any Interface] = [], + sockets: [UnixSocketConfiguration] = [], + mounts: [Mount] = LinuxContainer.defaultMounts(), + maskedPaths: [String] = LinuxContainer.defaultMaskedPaths(), + readonlyPaths: [String] = LinuxContainer.defaultReadonlyPaths(), + dns: DNS? = nil, + hosts: Hosts? = nil, + virtualization: Bool = false, + bootLog: BootLog? = nil, + ociRuntimePath: String? = nil, + useInit: Bool = false, + cpuOverhead: Int = 1, + memoryOverhead: UInt64 = 128.mib() + ) { + self.process = process + self.cpus = cpus + self.memoryInBytes = memoryInBytes + self.hostname = hostname + self.sysctl = sysctl + self.interfaces = interfaces + self.sockets = sockets + self.mounts = mounts + self.maskedPaths = maskedPaths + self.readonlyPaths = readonlyPaths + self.dns = dns + self.hosts = hosts + self.virtualization = virtualization + self.bootLog = bootLog + self.ociRuntimePath = ociRuntimePath + self.useInit = useInit + self.cpuOverhead = cpuOverhead + self.memoryOverhead = memoryOverhead + } + } + + private let state: AsyncMutex + + // Ports to be allocated from for stdio and for + // unix socket relays that are sharing a guest + // uds to the host. + private let hostVsockPorts: Atomic + // Ports we request the guest to allocate for unix socket relays from + // the host. + private let guestVsockPorts: Atomic + + // Queue for copy IO. + private let copyQueue = DispatchQueue(label: "com.apple.containerization.copy") + + private enum State: Sendable { + /// The container class has been created but no live resources are running. + case initialized + /// The container's virtual machine has been setup and the runtime environment has been configured. + case created(CreatedState) + /// The initial process of the container has started and is running. + case started(StartedState) + /// The container has run and fully stopped. + case stopped + /// An error occurred during the lifetime of this class. + case errored(Swift.Error) + /// The container is paused. + case paused(PausedState) + + struct CreatedState: Sendable { + let vm: any VirtualMachineInstance + let relayManager: UnixSocketRelayManager + var fileMountContext: FileMountContext + } + + struct StartedState: Sendable { + let vm: any VirtualMachineInstance + let process: LinuxProcess + let relayManager: UnixSocketRelayManager + var vendedProcesses: [String: LinuxProcess] + let fileMountContext: FileMountContext + + init(_ state: CreatedState, process: LinuxProcess) { + self.vm = state.vm + self.relayManager = state.relayManager + self.process = process + self.vendedProcesses = [:] + self.fileMountContext = state.fileMountContext + } + + init(_ state: PausedState) { + self.vm = state.vm + self.relayManager = state.relayManager + self.process = state.process + self.vendedProcesses = state.vendedProcesses + self.fileMountContext = state.fileMountContext + } + } + + struct PausedState: Sendable { + let vm: any VirtualMachineInstance + let relayManager: UnixSocketRelayManager + let process: LinuxProcess + var vendedProcesses: [String: LinuxProcess] + let fileMountContext: FileMountContext + + init(_ state: StartedState) { + self.vm = state.vm + self.relayManager = state.relayManager + self.process = state.process + self.vendedProcesses = state.vendedProcesses + self.fileMountContext = state.fileMountContext + } + } + + func createdState(_ operation: String) throws -> CreatedState { + switch self { + case .created(let state): + return state + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "failed to \(operation): container must be created" + ) + } + } + + func startedState(_ operation: String) throws -> StartedState { + switch self { + case .started(let state): + return state + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "failed to \(operation): container must be running" + ) + } + } + + func pausedState(_ operation: String) throws -> PausedState { + switch self { + case .paused(let state): + return state + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "failed to \(operation): container must be paused" + ) + } + } + + mutating func validateForCreate() throws { + switch self { + case .initialized, .stopped: + break + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "container must be in initialized or stopped state to create" + ) + } + } + + mutating func setErrored(error: Swift.Error) { + self = .errored(error) + } + + func vm(_ operation: String) throws -> any VirtualMachineInstance { + switch self { + case .created(let state): + return state.vm + case .started(let state): + return state.vm + case .paused(let state): + return state.vm + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "failed to \(operation): container must be created, running, or paused" + ) + } + } + } + + private let vmm: VirtualMachineManager + private let logger: Logger? + + /// Create a new `LinuxContainer`. + /// + /// - Parameters: + /// - id: The identifier for the container. + /// - rootfs: The root filesystem mount containing the container image contents. + /// The `destination` field is ignored as mounting is handled internally. + /// - writableLayer: Optional writable layer mount. When provided, an overlayfs is used with + /// rootfs as the lower layer and this as the upper layer. Must be a block device. + /// The `destination` field is ignored as mounting is handled internally. + /// - vmm: The virtual machine manager that will handle launching the VM for the container. + /// - logger: Optional logger for container operations. + /// - configuration: A closure that configures the container by modifying the Configuration instance. + public convenience init( + _ id: String, + rootfs: Mount, + writableLayer: Mount? = nil, + vmm: VirtualMachineManager, + logger: Logger? = nil, + configuration: (inout Configuration) throws -> Void + ) throws { + var config = Configuration() + try configuration(&config) + try self.init( + id, + rootfs: rootfs, + writableLayer: writableLayer, + vmm: vmm, + configuration: config, + logger: logger + ) + } + + /// Create a new `LinuxContainer`. + /// + /// - Parameters: + /// - id: The identifier for the container. + /// - rootfs: The root filesystem mount containing the container image contents. + /// The `destination` field is ignored as mounting is handled internally. + /// - writableLayer: Optional writable layer mount. When provided, an overlayfs is used with + /// rootfs as the lower layer and this as the upper layer. Must be a block device. + /// The `destination` field is ignored as mounting is handled internally. + /// - vmm: The virtual machine manager that will handle launching the VM for the container. + /// - configuration: The container configuration specifying process, resources, networking, and other settings. + /// - logger: Optional logger for container operations. + public init( + _ id: String, + rootfs: Mount, + writableLayer: Mount? = nil, + vmm: VirtualMachineManager, + configuration: LinuxContainer.Configuration, + logger: Logger? = nil + ) throws { + guard id.count <= Self.maxIDLength else { + throw ContainerizationError( + .invalidArgument, + message: "container id length \(id.count) exceeds maximum of \(Self.maxIDLength) characters" + ) + } + if let writableLayer { + guard writableLayer.isBlock else { + throw ContainerizationError( + .invalidArgument, + message: "writableLayer must be a block device" + ) + } + } + self.id = id + self.vmm = vmm + self.hostVsockPorts = Atomic(0x1000_0000) + self.guestVsockPorts = Atomic(0x1000_0000) + self.logger = logger + self.config = configuration + self.state = AsyncMutex(.initialized) + self.rootfs = rootfs + self.writableLayer = writableLayer + } + + private static func createDefaultRuntimeSpec(_ id: String) -> Spec { + .init( + process: .init(), + hostname: id, + root: .init( + path: Self.guestRootfsPath(id), + readonly: false + ), + linux: .init( + resources: .init(), + cgroupsPath: "/container/\(id)" + ) + ) + } + + private func generateRuntimeSpec() -> Spec { + var spec = Self.createDefaultRuntimeSpec(id) + + // Process toggles. + spec.process = config.process.toOCI() + + // Wrap with init process if requested. + if config.useInit { + let originalArgs = spec.process?.args ?? [] + spec.process?.args = ["/.cz-init", "--"] + originalArgs + } + + // General toggles. + if let hostname = config.hostname { + spec.hostname = hostname + } + + // Linux toggles. + spec.linux?.sysctl = config.sysctl + spec.linux?.maskedPaths = config.maskedPaths + spec.linux?.readonlyPaths = config.readonlyPaths + + // If the rootfs was requested as read-only, set it in the OCI spec. + // We let the OCI runtime remount as ro, instead of doing it originally. + // However, if we have a writable layer, the overlay allows writes so we don't mark it read-only. + spec.root?.readonly = self.rootfs.options.contains("ro") && self.writableLayer == nil + + // Resource limits. + // CPU: quota/period model where period is 100ms (100,000µs) and quota is cpus * period + // Memory: limit in bytes + spec.linux?.resources = LinuxResources( + memory: LinuxMemory( + limit: Int64(config.memoryInBytes) + ), + cpu: LinuxCPU( + quota: Int64(config.cpus * 100_000), + period: 100_000 + ) + ) + + spec.linux?.namespaces = [ + LinuxNamespace(type: .cgroup), + LinuxNamespace(type: .ipc), + LinuxNamespace(type: .mount), + LinuxNamespace(type: .pid), + LinuxNamespace(type: .uts), + ] + + return spec + } + + /// The default set of mounts for a LinuxContainer. + public static func defaultMounts() -> [Mount] { + let defaultOptions = ["nosuid", "noexec", "nodev"] + return [ + .any(type: "proc", source: "proc", destination: "/proc"), + .any(type: "sysfs", source: "sysfs", destination: "/sys", options: defaultOptions), + .any(type: "devtmpfs", source: "none", destination: "/dev", options: ["nosuid", "mode=755"]), + .any(type: "mqueue", source: "mqueue", destination: "/dev/mqueue", options: defaultOptions), + .any(type: "tmpfs", source: "tmpfs", destination: "/dev/shm", options: defaultOptions + ["mode=1777", "size=65536k"]), + .any(type: "cgroup2", source: "none", destination: "/sys/fs/cgroup", options: defaultOptions), + .any(type: "devpts", source: "devpts", destination: "/dev/pts", options: ["nosuid", "noexec", "newinstance", "gid=5", "mode=0620", "ptmxmode=0666"]), + ] + } + + /// The default set of paths to mask inside a container, matching the OCI + /// runtime spec defaults that runc and other production runtimes apply. + /// Each path is hidden from the workload (replaced by `/dev/null` for files + /// or an empty tmpfs for directories) by `vmexec` after `pivot_root`. + /// + /// Applied by default (see ``Configuration/maskedPaths``); set + /// `config.maskedPaths = []` to opt out, or append to extend the set. + public static func defaultMaskedPaths() -> [String] { + [ + "/proc/asound", + "/proc/acpi", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/proc/scsi", + "/sys/firmware", + "/sys/devices/virtual/powercap", + ] + } + + /// The default set of paths to mark read-only inside a container, matching + /// the OCI runtime spec defaults that runc and other production runtimes apply. + /// + /// Applied by default (see ``Configuration/readonlyPaths``); set + /// `config.readonlyPaths = []` to opt out, or append to extend the set. + public static func defaultReadonlyPaths() -> [String] { + [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger", + ] + } + + /// A more traditional default set of mounts that OCI runtimes typically employ. + public static func defaultOCIMounts() -> [Mount] { + let defaultOptions = ["nosuid", "noexec", "nodev"] + return [ + .any(type: "proc", source: "proc", destination: "/proc"), + .any(type: "tmpfs", source: "tmpfs", destination: "/dev", options: ["nosuid", "mode=755", "size=65536k"]), + .any(type: "devpts", source: "devpts", destination: "/dev/pts", options: ["nosuid", "noexec", "newinstance", "gid=5", "mode=0620", "ptmxmode=0666"]), + .any(type: "sysfs", source: "sysfs", destination: "/sys", options: defaultOptions), + .any(type: "mqueue", source: "mqueue", destination: "/dev/mqueue", options: defaultOptions), + .any(type: "tmpfs", source: "tmpfs", destination: "/dev/shm", options: defaultOptions + ["mode=1777", "size=65536k"]), + .any(type: "cgroup2", source: "none", destination: "/sys/fs/cgroup", options: defaultOptions), + ] + } + + private static func guestRootfsPath(_ id: String) -> String { + "/run/container/\(id)/rootfs" + } + + private static func guestSocketStagingPath(_ socketID: String) -> String { + "/run/sockets/\(socketID).sock" + } +} + +extension LinuxContainer { + package var root: String { + Self.guestRootfsPath(id) + } + + /// Number of CPU cores allocated. + public var cpus: Int { + config.cpus + } + + /// Amount of memory in bytes allocated for the container. + /// This will be aligned to a 1MB boundary if it isn't already. + public var memoryInBytes: UInt64 { + config.memoryInBytes + } + + /// Network interfaces of the container. + public var interfaces: [any Interface] { + config.interfaces + } + + private func mountRootfs( + attachments: [AttachedFilesystem], + rootfsPath: String, + agent: VirtualMachineAgent + ) async throws { + guard let rootfsAttachment = attachments.first else { + throw ContainerizationError(.notFound, message: "rootfs mount not found") + } + + if self.writableLayer != nil { + // Set up overlayfs with image as lower layer and writable layer as upper. + guard attachments.count >= 2 else { + throw ContainerizationError( + .notFound, + message: "writable layer mount not found" + ) + } + let writableAttachment = attachments[1] + + let lowerPath = "/run/container/\(self.id)/lower" + let upperMountPath = "/run/container/\(self.id)/upper" + let upperPath = "/run/container/\(self.id)/upper/diff" + let workPath = "/run/container/\(self.id)/upper/work" + + // Mount the image (lower layer) as read-only. + var lowerMount = rootfsAttachment.to + lowerMount.destination = lowerPath + if !lowerMount.options.contains("ro") { + lowerMount.options.append("ro") + } + try await agent.mount(lowerMount) + + // Mount the writable layer. + var upperMount = writableAttachment.to + upperMount.destination = upperMountPath + try await agent.mount(upperMount) + + // Create the upper and work directories inside the writable layer. + try await agent.mkdir(path: upperPath, all: true, perms: 0o755) + try await agent.mkdir(path: workPath, all: true, perms: 0o755) + + // Mount the overlay. + let overlayMount = ContainerizationOCI.Mount( + type: "overlay", + source: "overlay", + destination: rootfsPath, + options: [ + "lowerdir=\(lowerPath)", + "upperdir=\(upperPath)", + "workdir=\(workPath)", + ] + ) + try await agent.mount(overlayMount) + } else { + // No writable layer. Mount rootfs directly. + var rootfs = rootfsAttachment.to + rootfs.destination = rootfsPath + try await agent.mount(rootfs) + } + } + + /// Create and start the underlying container's virtual machine + /// and set up the runtime environment. The container's init process + /// is NOT running afterwards. + public func create() async throws { + try await self.state.withLock { state in + try state.validateForCreate() + + // This is a bit of an annoyance, but because the type we use for the rootfs is simply + // the same Mount type we use for non-rootfs mounts, it's possible someone passed 'ro' + // in the options (which should be perfectly valid). However, the problem is when we go to + // setup /etc/hosts and /etc/resolv.conf, as we'd get EROFS if they did supply 'ro'. + // To remedy this, remove any "ro" options before passing to VZ. Having the OCI runtime + // remount "ro" (which is what we do later in the guest) is truthfully the right thing, + // but this bit here is just a tad awkward. + var modifiedRootfs = self.rootfs + modifiedRootfs.options.removeAll(where: { $0 == "ro" }) + + let vmMemory = self.memoryInBytes + self.config.memoryOverhead + + let vmCpus = self.cpus + self.config.cpuOverhead + + // Prepare file mounts. This transforms single-file mounts into directory shares. + let fileMountContext = try FileMountContext.prepare(mounts: self.config.mounts) + // This is dumb, but alas. + let fileMountContextHolder = Mutex(fileMountContext) + + // Build the list of mounts to attach to the VM. + var containerMounts = [modifiedRootfs] + fileMountContext.transformedMounts + if let writableLayer = self.writableLayer { + containerMounts.insert(writableLayer, at: 1) + } + + let vmConfig = VMConfiguration( + cpus: vmCpus, + memoryInBytes: vmMemory, + interfaces: self.interfaces, + mountsByID: [self.id: containerMounts], + bootLog: self.config.bootLog, + nestedVirtualization: self.config.virtualization + ) + let creationConfig = StandardVMConfig(configuration: vmConfig) + let vm = try await self.vmm.create(config: creationConfig) + let relayManager = UnixSocketRelayManager(vm: vm, log: self.logger) + + try await vm.start() + do { + let mountsForAgent = containerMounts + try await vm.withAgent { agent in + try await agent.standardSetup() + + // Mount the unified virtiofs share at /run/virtiofs only + // when at least one of the container's mounts is virtiofs + // — the bind-mount transform below derives its sources + // from /run/virtiofs/{tag}, so the unified share is only + // load-bearing when there are virtiofs mounts. The macOS + // VZ backend always exposes the virtiofs device (even + // with zero shares), but the cloud-hypervisor backend + // only spawns virtiofsd when shares exist; mounting an + // unbacked tag fails with EINVAL. + let hasVirtiofsMount = mountsForAgent.contains { mount in + if case .virtiofs = mount.runtimeOptions { return true } + return false + } + if hasVirtiofsMount { + // VZ exposes ONE virtio-fs device with tag "virtiofs" + // and multiple sources as subdirs (VZMultipleDirectoryShare). + // The CH backend exposes one device per source-hash + // tag instead, so the guest must mount each tag + // separately at /run/virtiofs/. The bind-mount + // transform below uses /run/virtiofs/ in both + // cases, so this branch is only about how /run/virtiofs + // gets populated. + if vm.virtiofsLayout == .perTag { + try await agent.mkdir(path: "/run/virtiofs", all: true, perms: 0o755) + let virtiofsAttachments = (vm.mounts[self.id] ?? []).filter { $0.type == "virtiofs" } + let uniqueTags = Set(virtiofsAttachments.map(\.source)) + for tag in uniqueTags { + let dest = "/run/virtiofs/\(tag)" + try await agent.mkdir(path: dest, all: true, perms: 0o755) + try await agent.mount( + ContainerizationOCI.Mount( + type: "virtiofs", + source: tag, + destination: dest, + options: [] + )) + } + } else { + try await agent.mount( + ContainerizationOCI.Mount( + type: "virtiofs", + source: "virtiofs", + destination: "/run/virtiofs", + options: [] + )) + } + } + + guard let attachments = vm.mounts[self.id] else { + throw ContainerizationError(.notFound, message: "rootfs mount not found") + } + let rootfsPath = Self.guestRootfsPath(self.id) + try await self.mountRootfs(attachments: attachments, rootfsPath: rootfsPath, agent: agent) + + // Mount file mount holding directories under /run. + if fileMountContext.hasFileMounts { + let containerMounts = vm.mounts[self.id] ?? [] + var ctx = fileMountContextHolder.withLock { $0 } + try await ctx.mountHoldingDirectories( + vmMounts: containerMounts, + agent: agent + ) + fileMountContextHolder.withLock { $0 = ctx } + } + + // Start up our friendly unix socket relays. + for socket in self.config.sockets { + try await self.relayUnixSocket( + socket: socket, + relayManager: relayManager, + agent: agent + ) + } + + // For every interface asked for: + // 1. Add the address requested + // 2. Online the adapter + // 3. For the first interface, add the default route + var defaultRouteSet = false + for (index, i) in self.interfaces.enumerated() { + let name = "eth\(index)" + try await agent.setupInterface( + i, + name: name, + setDefaultRoute: !defaultRouteSet, + logger: self.logger + ) + defaultRouteSet = true + } + + // Setup /etc/resolv.conf and /etc/hosts if asked for. + if let dns = self.config.dns { + try await agent.configureDNS(config: dns, location: rootfsPath) + } + if let hosts = self.config.hosts { + try await agent.configureHosts(config: hosts, location: rootfsPath) + } + + } + state = .created(.init(vm: vm, relayManager: relayManager, fileMountContext: fileMountContextHolder.withLock { $0 })) + } catch { + try? await relayManager.stopAll() + try? await vm.stop() + state.setErrored(error: error) + throw error + } + } + } + + /// Start the container's initial process. + public func start() async throws { + try await self.state.withLock { state in + let createdState = try state.createdState("start") + + let agent = try await createdState.vm.dialAgent() + do { + var spec = self.generateRuntimeSpec() + // We don't need the rootfs (or writable layer), nor do OCI runtimes want it included. + // Also filter out file mount holding directories. We'll mount those separately under /run. + // Transform virtiofs mounts to bind mounts from /run/virtiofs/{tag} + let containerMounts = createdState.vm.mounts[self.id] ?? [] + let holdingTags = createdState.fileMountContext.holdingDirectoryTags + // Drop rootfs, and writable layer if present. + let mountsToSkip = self.writableLayer != nil ? 2 : 1 + var mounts: [ContainerizationOCI.Mount] = + containerMounts.dropFirst(mountsToSkip) + .filter { !holdingTags.contains($0.source) } + .map { attached -> ContainerizationOCI.Mount in + if attached.type == "virtiofs" { + // Transform to bind mount from holding directory + return ContainerizationOCI.Mount( + type: "none", + source: "/run/virtiofs/\(attached.source)", + destination: attached.destination, + options: ["bind"] + attached.options + ) + } + return attached.to + } + + createdState.fileMountContext.ociBindMounts() + + // When useInit is enabled, bind mount vminitd from the VM's filesystem + // into the container so it can be executed. + if self.config.useInit { + mounts.append( + ContainerizationOCI.Mount( + type: "bind", + source: "/sbin/vminitd", + destination: "/.cz-init", + options: ["bind", "ro"] + )) + } + + // Bind mount staged sockets into the container. Sockets relayed + // .into the container are created in a staging directory outside + // the rootfs to avoid symlink traversal and mount shadowing. + for socket in self.config.sockets where socket.direction == .into { + mounts.append( + ContainerizationOCI.Mount( + type: "bind", + source: Self.guestSocketStagingPath(socket.id), + destination: socket.destination.path, + options: ["bind"] + )) + } + + spec.mounts = cleanAndSortMounts(mounts) + + let stdio = IOUtil.setup( + portAllocator: self.hostVsockPorts, + stdin: self.config.process.stdin, + stdout: self.config.process.stdout, + stderr: self.config.process.stderr + ) + + let process = LinuxProcess( + self.id, + containerID: self.id, + spec: spec, + io: stdio, + ociRuntimePath: self.config.ociRuntimePath, + agent: agent, + vm: createdState.vm, + logger: self.logger + ) + try await process.start() + + state = .started(.init(createdState, process: process)) + } catch { + try? await agent.close() + try? await createdState.vm.stop() + state.setErrored(error: error) + throw error + } + } + } + + /// Stop the container from executing. This MUST be called even if wait() has returned + /// as their are additional resources to free. + public func stop() async throws { + try await self.state.withLock { state in + // Allow stop to be called multiple times. + if case .stopped = state { + return + } + + let vm: any VirtualMachineInstance + let relayManager: UnixSocketRelayManager + + let startedState = try? state.startedState("stop") + if let startedState { + vm = startedState.vm + relayManager = startedState.relayManager + } else { + let createdState = try state.createdState("stop") + vm = createdState.vm + relayManager = createdState.relayManager + } + + var firstError: Error? + do { + try await relayManager.stopAll() + } catch { + self.logger?.error("failed to stop relay manager: \(error)") + firstError = firstError ?? error + } + + do { + try await vm.withAgent { agent in + // First, we need to stop any unix socket relays as this will + // keep the rootfs from being able to umount (EBUSY). + let sockets = self.config.sockets + if !sockets.isEmpty { + guard let relayAgent = agent as? SocketRelayAgent else { + throw ContainerizationError( + .unsupported, + message: "VirtualMachineAgent does not support relaySocket surface" + ) + } + for socket in sockets { + try await relayAgent.stopSocketRelay(configuration: socket) + } + } + + if let _ = startedState { + // Now lets ensure every process is donezo. + try await agent.kill(pid: -1, signal: SIGKILL) + + // Wait on init proc exit. Give it 5 seconds of leeway. + _ = try await agent.waitProcess( + id: self.id, + containerID: self.id, + timeoutInSeconds: 5 + ) + } + + // Today, we leave EBUSY looping and other fun logic up to the + // guest agent. + try await agent.umount( + path: Self.guestRootfsPath(self.id), + flags: 0 + ) + + // If we have a writable layer, we also need to unmount the lower and upper layers. + if self.writableLayer != nil { + let upperPath = "/run/container/\(self.id)/upper" + let lowerPath = "/run/container/\(self.id)/lower" + try await agent.umount(path: upperPath, flags: 0) + try await agent.umount(path: lowerPath, flags: 0) + } + + try await agent.sync() + } + } catch { + self.logger?.error("failed during guest cleanup: \(error)") + firstError = firstError ?? error + } + + if let startedState { + for process in startedState.vendedProcesses.values { + do { + try await process._delete() + } catch { + self.logger?.error("failed to delete process \(process.id): \(error)") + firstError = firstError ?? error + } + } + + do { + try await startedState.process.delete() + } catch { + self.logger?.error("failed to delete init process: \(error)") + firstError = firstError ?? error + } + } + + do { + try await vm.stop() + state = .stopped + if let firstError { + throw firstError + } + } catch { + self.logger?.error("failed to stop VM: \(error)") + let finalError = firstError ?? error + state.setErrored(error: finalError) + throw finalError + } + } + } + + /// Send a signal to the container. + public func kill(_ signal: Signal) async throws { + try await self.state.withLock { + let state = try $0.startedState("kill") + try await state.process.kill(signal) + } + } + + /// Wait for the container to exit. Returns the exit code. + @discardableResult + public func wait(timeoutInSeconds: Int64? = nil) async throws -> ExitStatus { + let t = try await self.state.withLock { + let state = try $0.startedState("wait") + let t = Task { + try await state.process.wait(timeoutInSeconds: timeoutInSeconds) + } + return t + } + return try await t.value + } + + /// Resize the container's terminal (if one was requested). This + /// will error if terminal was set to false before creating the container. + public func resize(to: Terminal.Size) async throws { + try await self.state.withLock { + let state = try $0.startedState("resize") + try await state.process.resize(to: to) + } + } + + /// Execute a new process in the container. The process is not started after this call, and must be manually started + /// via the `start` method. + public func exec(_ id: String, configuration: @Sendable @escaping (inout LinuxProcessConfiguration) throws -> Void) async throws -> LinuxProcess { + try await self.state.withLock { state in + var startedState = try state.startedState("exec") + + var spec = self.generateRuntimeSpec() + var config = LinuxProcessConfiguration() + try configuration(&config) + spec.process = config.toOCI() + + let stdio = IOUtil.setup( + portAllocator: self.hostVsockPorts, + stdin: config.stdin, + stdout: config.stdout, + stderr: config.stderr + ) + let agent = try await startedState.vm.dialAgent() + let process = LinuxProcess( + id, + containerID: self.id, + spec: spec, + io: stdio, + ociRuntimePath: self.config.ociRuntimePath, + agent: agent, + vm: startedState.vm, + logger: self.logger, + onDelete: { [weak self = self] in + await self?.removeProcess(id: id) + } + ) + + startedState.vendedProcesses[id] = process + state = .started(startedState) + + return process + } + } + + /// Execute a new process in the container. The process is not started after this call, and must be manually started + /// via the `start` method. + public func exec(_ id: String, configuration: LinuxProcessConfiguration) async throws -> LinuxProcess { + try await self.state.withLock { + var state = try $0.startedState("exec") + + var spec = self.generateRuntimeSpec() + spec.process = configuration.toOCI() + + let stdio = IOUtil.setup( + portAllocator: self.hostVsockPorts, + stdin: configuration.stdin, + stdout: configuration.stdout, + stderr: configuration.stderr + ) + let agent = try await state.vm.dialAgent() + let process = LinuxProcess( + id, + containerID: self.id, + spec: spec, + io: stdio, + ociRuntimePath: self.config.ociRuntimePath, + agent: agent, + vm: state.vm, + logger: self.logger, + onDelete: { [weak self = self] in + await self?.removeProcess(id: id) + } + ) + + state.vendedProcesses[id] = process + $0 = .started(state) + + return process + } + } + + /// Dial a vsock port in the container. + public func dialVsock(port: UInt32) async throws -> FileHandle { + try await self.state.withLock { + let state = try $0.startedState("dialVsock") + return try await state.vm.dial(port) + } + } + + /// Provides scoped access to the underlying virtual machine instance. + /// + /// Most users should prefer the higher level APIs on ``LinuxContainer`` + /// directly. This is intended for advanced use cases that need to interact + /// with the virtual machine outside of the container abstraction. + public func withVirtualMachineInstance( + _ fn: @Sendable (any VirtualMachineInstance) async throws -> T + ) async throws -> T { + let vm = try await self.state.withLock { state in + try state.vm("withVirtualMachineInstance") + } + return try await fn(vm) + } + + /// Close the containers standard input to signal no more input is + /// arriving. + public func closeStdin() async throws { + try await self.state.withLock { + let state = try $0.startedState("closeStdin") + return try await state.process.closeStdin() + } + } + + /// Remove a process from the vended processes tracking. + private func removeProcess(id: String) async { + await self.state.withLock { + guard case .started(var state) = $0 else { + return + } + state.vendedProcesses.removeValue(forKey: id) + $0 = .started(state) + } + } + + /// Get statistics for the container. + public func statistics(categories: StatCategory = .all) async throws -> ContainerStatistics { + try await self.state.withLock { + let state = try $0.startedState("statistics") + + let stats = try await state.vm.withAgent { agent in + let allStats = try await agent.containerStatistics(containerIDs: [self.id], categories: categories) + guard let containerStats = allStats.first else { + throw ContainerizationError( + .notFound, + message: "statistics for container \(self.id) not found" + ) + } + return containerStats + } + + return stats + } + } + + // Perform filesystem operations in the container. + public func filesystemOperation(operation: FilesystemOperation, path: String) async throws { + try await self.state.withLock { + let state = try $0.startedState("filesystemOperation") + try await state.vm.withAgent { agent in + guard let vminitd = agent as? Vminitd else { + throw ContainerizationError(.unsupported, message: "filesystemOperation requires Vminitd agent") + } + let guestPath = URL(filePath: Self.guestRootfsPath(self.id)).appending(path: path).path + try await vminitd.filesystemOperation(operation: operation, path: guestPath) + } + } + } + + private func relayUnixSocket( + socket: UnixSocketConfiguration, + relayManager: UnixSocketRelayManager, + agent: any VirtualMachineAgent + ) async throws { + guard let relayAgent = agent as? SocketRelayAgent else { + throw ContainerizationError( + .unsupported, + message: "VirtualMachineAgent does not support relaySocket surface" + ) + } + + var socket = socket + let rootInGuest = URL(filePath: self.root) + + let port: UInt32 + if socket.direction == .into { + port = self.hostVsockPorts.wrappingAdd(1, ordering: .relaxed).oldValue + socket.destination = URL(filePath: Self.guestSocketStagingPath(socket.id)) + } else { + port = self.guestVsockPorts.wrappingAdd(1, ordering: .relaxed).oldValue + socket.source = rootInGuest.appending(path: socket.source.path) + } + + try await relayManager.start(port: port, socket: socket) + try await relayAgent.relaySocket(port: port, configuration: socket) + } + + /// Default chunk size for file transfers (1MiB). + public static let defaultCopyChunkSize = 1024 * 1024 + + /// Copy a file or directory from the host into the container. + /// + /// Data transfer happens over a dedicated vsock connection. For directories, + /// the source is archived as tar+gzip and streamed directly through vsock + /// without intermediate temp files. + public func copyIn( + from source: URL, + to destination: URL, + mode: UInt32 = 0o644, + createParents: Bool = true, + chunkSize: Int = defaultCopyChunkSize + ) async throws { + try await self.state.withLock { + let state = try $0.startedState("copyIn") + + var isDirectory: ObjCBool = false + guard FileManager.default.fileExists(atPath: source.path, isDirectory: &isDirectory) else { + throw ContainerizationError(.notFound, message: "copyIn: source not found '\(source.path)'") + } + let isArchive = isDirectory.boolValue + + let guestPath: URL = try await state.vm.withAgent { agent in + guard let vminitd = agent as? Vminitd else { + throw ContainerizationError(.unsupported, message: "copyIn requires Vminitd agent") + } + + return try await self.resolveCopyInGuestPath( + from: source, + to: destination, + sourceIsDirectory: isArchive, + using: vminitd + ) + } + + let port = self.hostVsockPorts.wrappingAdd(1, ordering: .relaxed).oldValue + let listener = try state.vm.listen(port) + + try await withThrowingTaskGroup(of: Void.self) { group in + group.addTask { + try await state.vm.withAgent { agent in + guard let vminitd = agent as? Vminitd else { + throw ContainerizationError(.unsupported, message: "copyIn requires Vminitd agent") + } + try await vminitd.copy( + direction: .copyIn, + guestPath: guestPath, + vsockPort: port, + mode: mode, + createParents: createParents, + isArchive: isArchive + ) + } + } + + group.addTask { + guard let conn = await listener.first(where: { _ in true }) else { + throw ContainerizationError(.internalError, message: "copyIn: vsock connection not established") + } + try listener.finish() + + try await withCheckedThrowingContinuation { (continuation: CheckedContinuation) in + self.copyQueue.async { + do { + defer { conn.closeFile() } + + if isArchive { + let writer = try ArchiveWriter(configuration: .init(format: .pax, filter: .gzip)) + try writer.open(fileDescriptor: conn.fileDescriptor) + try writer.archiveDirectory(source) + try writer.finishEncoding() + } else { + let srcFd = open(source.path, O_RDONLY) + guard srcFd != -1 else { + throw ContainerizationError( + .internalError, + message: "copyIn: failed to open '\(source.path)': \(String(cString: strerror(errno)))" + ) + } + defer { close(srcFd) } + + var buf = [UInt8](repeating: 0, count: chunkSize) + while true { + let n = read(srcFd, &buf, buf.count) + if n == 0 { break } + guard n > 0 else { + throw ContainerizationError( + .internalError, + message: "copyIn: read error: \(String(cString: strerror(errno)))" + ) + } + var written = 0 + while written < n { + let w = buf.withUnsafeBytes { ptr in + write(conn.fileDescriptor, ptr.baseAddress! + written, n - written) + } + guard w > 0 else { + throw ContainerizationError( + .internalError, + message: "copyIn: vsock write error: \(String(cString: strerror(errno)))" + ) + } + written += w + } + } + } + continuation.resume() + } catch { + continuation.resume(throwing: error) + } + } + } + } + + try await group.waitForAll() + } + } + } + + private func resolveCopyInGuestPath( + from source: URL, + to destination: URL, + sourceIsDirectory: Bool, + using vminitd: Vminitd + ) async throws -> URL { + let guestDestination = URL(filePath: self.root).appending(path: destination.path) + + let stat: ContainerizationOS.Stat? + do { + stat = try await vminitd.stat(path: guestDestination) + } catch let error as ContainerizationError where error.code == .notFound { + stat = nil + } + // Any other error propagates so transport and permission failures are visible. + + guard let stat else { + if destination.hasDirectoryPath && !sourceIsDirectory { + throw ContainerizationError( + .invalidArgument, + message: "destination directory does not exist: \(destination.path)" + ) + } + return guestDestination + } + + let destinationIsDirectory = (stat.mode & UInt32(S_IFMT)) == UInt32(S_IFDIR) + guard destinationIsDirectory else { + if sourceIsDirectory { + throw ContainerizationError( + .invalidArgument, + message: "cannot copy directory over existing file: \(destination.path)" + ) + } + return guestDestination + } + + return guestDestination.appendingPathComponent(source.lastPathComponent) + } + + /// Copy a file or directory from the container to the host. + /// + /// Data transfer happens over a dedicated vsock connection. For directories, + /// the guest archives the source as tar+gzip and streams it directly through + /// vsock. The host extracts the archive without intermediate temp files. + public func copyOut( + from source: URL, + to destination: URL, + createParents: Bool = true, + chunkSize: Int = defaultCopyChunkSize + ) async throws { + try await self.state.withLock { + let state = try $0.startedState("copyOut") + + if createParents { + let parentDir = destination.deletingLastPathComponent() + try FileManager.default.createDirectory(at: parentDir, withIntermediateDirectories: true) + } + + let guestPath = URL(filePath: self.root).appending(path: source.path) + let port = self.hostVsockPorts.wrappingAdd(1, ordering: .relaxed).oldValue + let listener = try state.vm.listen(port) + + let (metadataStream, metadataCont) = AsyncStream.makeStream(of: Vminitd.CopyMetadata.self) + + try await withThrowingTaskGroup(of: Void.self) { group in + group.addTask { + try await state.vm.withAgent { agent in + guard let vminitd = agent as? Vminitd else { + throw ContainerizationError(.unsupported, message: "copyOut requires Vminitd agent") + } + try await vminitd.copy( + direction: .copyOut, + guestPath: guestPath, + vsockPort: port, + onMetadata: { meta in + metadataCont.yield(meta) + metadataCont.finish() + } + ) + } + } + + group.addTask { + guard let metadata = await metadataStream.first(where: { _ in true }) else { + throw ContainerizationError(.internalError, message: "copyOut: no metadata received") + } + + guard let conn = await listener.first(where: { _ in true }) else { + throw ContainerizationError(.internalError, message: "copyOut: vsock connection not established") + } + try listener.finish() + + try await withCheckedThrowingContinuation { (continuation: CheckedContinuation) in + self.copyQueue.async { + do { + defer { conn.closeFile() } + + if metadata.isArchive { + try FileManager.default.createDirectory(at: destination, withIntermediateDirectories: true) + let fh = FileHandle(fileDescriptor: dup(conn.fileDescriptor), closeOnDealloc: true) + let reader = try ArchiveReader(format: .pax, filter: .gzip, fileHandle: fh) + _ = try reader.extractContents(to: destination) + } else { + let destFd = open(destination.path, O_WRONLY | O_CREAT | O_TRUNC, 0o644) + guard destFd != -1 else { + throw ContainerizationError( + .internalError, + message: "copyOut: failed to open '\(destination.path)': \(String(cString: strerror(errno)))" + ) + } + defer { close(destFd) } + + var buf = [UInt8](repeating: 0, count: chunkSize) + while true { + let n = read(conn.fileDescriptor, &buf, buf.count) + if n == 0 { break } + guard n > 0 else { + throw ContainerizationError( + .internalError, + message: "copyOut: vsock read error: \(String(cString: strerror(errno)))" + ) + } + var written = 0 + while written < n { + let w = buf.withUnsafeBytes { ptr in + write(destFd, ptr.baseAddress! + written, n - written) + } + guard w > 0 else { + throw ContainerizationError( + .internalError, + message: "copyOut: write error: \(String(cString: strerror(errno)))" + ) + } + written += w + } + } + } + continuation.resume() + } catch { + continuation.resume(throwing: error) + } + } + } + } + + try await group.waitForAll() + } + } + } +} + +extension VirtualMachineInstance { + /// Scoped access to an agent instance to ensure the resources are always freed (mostly close(2)'ing + /// the vsock fd) + func withAgent(fn: @Sendable (VirtualMachineAgent) async throws -> T) async throws -> T { + let agent = try await self.dialAgent() + do { + let result = try await fn(agent) + try await agent.close() + return result + } catch { + try? await agent.close() + throw error + } + } +} + +extension AttachedFilesystem { + var to: ContainerizationOCI.Mount { + .init( + type: self.type, + source: self.source, + destination: self.destination, + options: self.options + ) + } +} + +/// Normalize mount destinations via ``FilePath/lexicallyNormalized()`` and +/// sort mounts by the depth of their destination path. This ensures that +/// higher level mounts don't shadow other mounts. For example, if a user +/// specifies mounts for `/tmp/foo/bar` and `/tmp`, sorting by depth ensures +/// `/tmp` is mounted first without shadowing `/tmp/foo/bar`. +func cleanAndSortMounts(_ mounts: [ContainerizationOCI.Mount]) -> [ContainerizationOCI.Mount] { + var mounts = mounts + for i in mounts.indices { + mounts[i].destination = FilePath(mounts[i].destination).lexicallyNormalized().string + } + return sortMountsByDestinationDepth(mounts) +} + +/// Sort mounts by the depth of their destination path. +func sortMountsByDestinationDepth(_ mounts: [ContainerizationOCI.Mount]) -> [ContainerizationOCI.Mount] { + mounts.sorted { a, b in + a.destination.split(separator: "/").count < b.destination.split(separator: "/").count + } +} + +struct IOUtil { + static func setup( + portAllocator: borrowing Atomic, + stdin: ReaderStream?, + stdout: Writer?, + stderr: Writer? + ) -> LinuxProcess.Stdio { + var stdinSetup: LinuxProcess.StdioReaderSetup? = nil + if let reader = stdin { + let ret = portAllocator.wrappingAdd(1, ordering: .relaxed) + stdinSetup = .init( + port: ret.oldValue, + reader: reader + ) + } + + var stdoutSetup: LinuxProcess.StdioSetup? = nil + if let writer = stdout { + let ret = portAllocator.wrappingAdd(1, ordering: .relaxed) + stdoutSetup = LinuxProcess.StdioSetup( + port: ret.oldValue, + writer: writer + ) + } + + var stderrSetup: LinuxProcess.StdioSetup? = nil + if let writer = stderr { + let ret = portAllocator.wrappingAdd(1, ordering: .relaxed) + stderrSetup = LinuxProcess.StdioSetup( + port: ret.oldValue, + writer: writer + ) + } + + return LinuxProcess.Stdio( + stdin: stdinSetup, + stdout: stdoutSetup, + stderr: stderrSetup + ) + } +} diff --git a/Sources/Containerization/LinuxPod.swift b/Sources/Containerization/LinuxPod.swift new file mode 100644 index 0000000..8ad0014 --- /dev/null +++ b/Sources/Containerization/LinuxPod.swift @@ -0,0 +1,1335 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation +import Logging +import Synchronization + +import struct ContainerizationOS.Terminal + +/// NOTE: Experimental API +/// +/// `LinuxPod` allows managing multiple Linux containers within a single +/// virtual machine. Each container has its own rootfs and process, but +/// shares the VM's resources (CPU, memory, network). +public final class LinuxPod: Sendable { + static let maxIDLength = 64 + + /// The identifier of the pod. + public let id: String + + /// Configuration for the pod. + public let config: Configuration + + /// The configuration for the LinuxPod. + public struct Configuration: Sendable { + /// The amount of cpus for the pod's VM. + public var cpus: Int = 4 + /// The memory in bytes to give to the pod's VM. + public var memoryInBytes: UInt64 = 1024.mib() + /// The network interfaces for the pod. + public var interfaces: [any Interface] = [] + /// Whether nested virtualization should be turned on for the pod. + public var virtualization: Bool = false + /// Optional file path to store serial boot logs. + public var bootLog: BootLog? + /// Whether containers in the pod should share a PID namespace. + /// When enabled, all containers can see each other's processes. + public var shareProcessNamespace: Bool = false + /// The default hostname for all containers in the pod. + /// Individual containers can override this by setting their own `hostname` configuration. + public var hostname: String? + /// The default DNS configuration for all containers in the pod. + /// Individual containers can override this by setting their own `dns` configuration. + public var dns: DNS? + /// The default hosts file configuration for all containers in the pod. + /// Individual containers can override this by setting their own `hosts` configuration. + public var hosts: Hosts? + /// Volumes attached to the pod. Can be shared with multiple containers. + public var volumes: [PodVolume] = [] + /// Extension objects that participate in the VM instance lifecycle. + public var extensions: [any Sendable] = [] + + public init() {} + } + + /// Configuration for a container within the pod. + public struct ContainerConfiguration: Sendable { + /// Configuration for the init process of the container. + public var process = LinuxProcessConfiguration() + /// Optional per-container CPU limit (can exceed pod total for oversubscription). + public var cpus: Int? + /// Optional per-container memory limit in bytes (can exceed pod total for oversubscription). + public var memoryInBytes: UInt64? + /// The hostname for the container. + public var hostname: String? + /// The system control options for the container. + public var sysctl: [String: String] = [:] + /// The mounts for the container. + public var mounts: [Mount] = LinuxContainer.defaultMounts() + /// Paths inside the container that vmexec hides from the workload. + /// Defaults to the OCI standard set (``LinuxContainer/defaultMaskedPaths()``), + /// matching the restricted capability baseline. Set to `[]` to opt out, + /// or append to extend it. + public var maskedPaths: [String] = LinuxContainer.defaultMaskedPaths() + /// Paths inside the container that vmexec marks read-only. + /// Defaults to the OCI standard set (``LinuxContainer/defaultReadonlyPaths()``), + /// matching the restricted capability baseline. Set to `[]` to opt out, + /// or append to extend it. + public var readonlyPaths: [String] = LinuxContainer.defaultReadonlyPaths() + /// The Unix domain socket relays to setup for the container. + public var sockets: [UnixSocketConfiguration] = [] + /// The DNS configuration for the container. + public var dns: DNS? + /// The hosts file configuration for the container. + public var hosts: Hosts? + /// Run the container with a minimal init process that handles signal + /// forwarding and zombie reaping. + public var useInit: Bool = false + + public init() {} + } + + /// A volume that is attached at the pod level and can be shared by multiple containers. + public struct PodVolume: Sendable { + /// Describes the backing storage for the volume. + public enum Source: Sendable { + /// A network block device (NBD) volume. + case nbd(url: URL, timeout: TimeInterval? = nil, readOnly: Bool = false) + /// A disk-image file on the host, attached as a virtio-block device. + case diskImage(path: URL, readOnly: Bool = false) + } + + /// The logical name of this volume. Containers reference this name + /// via `Mount.sharedMount(name:destination:)` in their mounts. + public var name: String + /// The backing storage source for this volume. + public var source: Source + /// The filesystem format on the volume. + public var format: String + + public init(name: String, source: Source, format: String) { + self.name = name + self.source = source + self.format = format + } + + func toMount() -> Mount { + switch source { + case .nbd(let url, let timeout, let readOnly): + var runtimeOptions: [String] = [] + if let timeout { + runtimeOptions.append("vzTimeout=\(timeout)") + } + return Mount.block( + format: self.format, + source: url.absoluteString, + destination: LinuxPod.guestVolumePath(name), + options: readOnly ? ["ro"] : [], + runtimeOptions: runtimeOptions + ) + case .diskImage(let path, let readOnly): + return Mount.block( + format: self.format, + source: path.absolutePath(), + destination: LinuxPod.guestVolumePath(name), + options: readOnly ? ["ro"] : [] + ) + } + } + } + + private struct PodContainer: Sendable { + let id: String + let rootfs: Mount + let config: ContainerConfiguration + var state: ContainerState + var process: LinuxProcess? + var fileMountContext: FileMountContext + + enum ContainerState: Sendable { + case registered + case created + case started + case stopped + case errored + } + } + + private let state: AsyncMutex + + // Ports to be allocated from for stdio and for + // unix socket relays that are sharing a guest + // uds to the host. + private let hostVsockPorts: Atomic + // Ports we request the guest to allocate for unix socket relays from + // the host. + private let guestVsockPorts: Atomic + + private struct State: Sendable { + var phase: Phase + var containers: [String: PodContainer] + var pauseProcess: LinuxProcess? + } + + private enum Phase: Sendable { + /// The pod has been created but no live resources are running. + case initialized + /// The pod's virtual machine has been setup and the runtime environment has been configured. + case created(CreatedState) + /// An error occurred during the lifetime of this class. + case errored(Swift.Error) + + struct CreatedState: Sendable { + let vm: any VirtualMachineInstance + let relayManager: UnixSocketRelayManager + } + + func createdState(_ operation: String) throws -> CreatedState { + switch self { + case .created(let state): + return state + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "failed to \(operation): pod must be created" + ) + } + } + + mutating func validateForCreate() throws { + switch self { + case .initialized: + break + case .errored(let err): + throw err + default: + throw ContainerizationError( + .invalidState, + message: "pod must be in initialized state to create" + ) + } + } + + mutating func setErrored(error: Swift.Error) { + self = .errored(error) + } + } + + private let vmm: VirtualMachineManager + private let logger: Logger? + + /// Create a new `LinuxPod`. A `VirtualMachineManager` instance must be + /// provided that will handle launching the virtual machine the containers + /// will execute inside of. + public init( + _ id: String, + vmm: VirtualMachineManager, + logger: Logger? = nil, + configuration: (inout Configuration) throws -> Void + ) throws { + guard id.count <= Self.maxIDLength else { + throw ContainerizationError( + .invalidArgument, + message: "pod id length \(id.count) exceeds maximum of \(Self.maxIDLength) characters" + ) + } + self.id = id + self.vmm = vmm + self.hostVsockPorts = Atomic(0x1000_0000) + self.guestVsockPorts = Atomic(0x1000_0000) + self.logger = logger + + var config = Configuration() + try configuration(&config) + + self.config = config + self.state = AsyncMutex(State(phase: .initialized, containers: [:], pauseProcess: nil)) + } + + private static func createDefaultRuntimeSpec(_ containerID: String, podID: String) -> Spec { + .init( + process: .init(), + hostname: containerID, + root: .init( + path: Self.guestRootfsPath(containerID), + readonly: false + ), + linux: .init( + resources: .init(), + cgroupsPath: "/container/pod/\(podID)/\(containerID)" + ) + ) + } + + private func generateRuntimeSpec(containerID: String, config: ContainerConfiguration, rootfs: Mount) -> Spec { + var spec = Self.createDefaultRuntimeSpec(containerID, podID: self.id) + + // Process configuration + spec.process = config.process.toOCI() + + // Wrap with init process if requested. + if config.useInit { + let originalArgs = spec.process?.args ?? [] + spec.process?.args = ["/.cz-init", "--"] + originalArgs + } + + // General toggles + // Container-level hostname takes precedence; fall back to pod-level hostname. + if let hostname = config.hostname ?? self.config.hostname { + spec.hostname = hostname + } + + // Linux toggles + spec.linux?.sysctl = config.sysctl + spec.linux?.maskedPaths = config.maskedPaths + spec.linux?.readonlyPaths = config.readonlyPaths + + // If the rootfs was requested as read-only, set it in the OCI spec. + // We let the OCI runtime remount as ro, instead of doing it originally. + spec.root?.readonly = rootfs.options.contains("ro") + + // Resource limits (if specified) + if let cpus = config.cpus, cpus > 0 { + spec.linux?.resources?.cpu = LinuxCPU( + quota: Int64(cpus * 100_000), + period: 100_000 + ) + } + if let memoryInBytes = config.memoryInBytes, memoryInBytes > 0 { + spec.linux?.resources?.memory = LinuxMemory( + limit: Int64(memoryInBytes) + ) + } + + return spec + } + + static func guestRootfsPath(_ containerID: String) -> String { + "/run/container/\(containerID)/rootfs" + } + + static func guestSocketStagingPath(_ socketID: String) -> String { + "/run/sockets/\(socketID).sock" + } + + private static func guestVolumePath(_ volumeName: String) -> String { + "/run/volumes/\(volumeName)" + } +} + +extension LinuxPod { + /// Number of CPU cores allocated to the pod's VM. + public var cpus: Int { + config.cpus + } + + /// Amount of memory in bytes allocated for the pod's VM. + public var memoryInBytes: UInt64 { + config.memoryInBytes + } + + /// Network interfaces of the pod. + public var interfaces: [any Interface] { + config.interfaces + } + + /// Add a container to the pod. + /// + /// When called before `create()`, the container is registered for setup during VM creation. + /// When called after `create()`, the container is hotplugged into the running VM. + /// If the underlying VMM does not support hotplug, an error is thrown. + public func addContainer( + _ id: String, + rootfs: Mount, + configuration: @Sendable @escaping (inout ContainerConfiguration) throws -> Void + ) async throws { + guard id.count <= Self.maxIDLength else { + throw ContainerizationError( + .invalidArgument, + message: "container id length \(id.count) exceeds maximum of \(Self.maxIDLength) characters" + ) + } + try await self.state.withLock { state in + guard state.containers[id] == nil else { + throw ContainerizationError( + .invalidArgument, + message: "container with id \(id) already exists in pod" + ) + } + + var config = ContainerConfiguration() + try configuration(&config) + + let fileMountContext = try FileMountContext.prepare(mounts: config.mounts) + + switch state.phase { + case .initialized: + state.containers[id] = PodContainer( + id: id, + rootfs: rootfs, + config: config, + state: .registered, + process: nil, + fileMountContext: fileMountContext + ) + + case .created(let createdState): + let vm = createdState.vm + + var modifiedRootfs = rootfs + modifiedRootfs.options.removeAll(where: { $0 == "ro" }) + + let attachment = try await vm.hotplug(modifiedRootfs, id: id) + + var updatedFileMountContext = fileMountContext + do { + let virtioFSMounts = fileMountContext.transformedMounts.filter { + if case .virtiofs(_) = $0.runtimeOptions { return true } + return false + } + if !virtioFSMounts.isEmpty { + try await vm.hotplugVirtioFS(virtioFSMounts, id: id) + } + + let agent = try await vm.dialAgent() + do { + var mount = attachment.to + mount.destination = Self.guestRootfsPath(id) + try await agent.mount(mount) + + try vm.registerMounts( + id: id, + rootfs: attachment, + additionalMounts: fileMountContext.transformedMounts + ) + + // Mount the hotplugged container's virtiofs shares in the + // guest. create() does this for boot-time containers (the + // /run/virtiofs loop); the hotplug path must do the same or + // the container's bind mounts from /run/virtiofs/ fail + // with ENOENT. + let newVirtiofsTags = (vm.mounts[id] ?? []) + .filter { $0.type == "virtiofs" } + .map { $0.source } + if !newVirtiofsTags.isEmpty { + // Tags already mounted in the guest at boot or by a + // prior hotplug (i.e. present on another container). + let alreadyMounted = Set( + vm.mounts + .filter { $0.key != id } + .values.flatMap { $0 } + .filter { $0.type == "virtiofs" } + .map { $0.source } + ) + try await agent.mkdir(path: "/run/virtiofs", all: true, perms: 0o755) + if vm.virtiofsLayout == .perTag { + var seen: Set = [] + for tag in newVirtiofsTags + where !alreadyMounted.contains(tag) && seen.insert(tag).inserted { + let dest = "/run/virtiofs/\(tag)" + try await agent.mkdir(path: dest, all: true, perms: 0o755) + try await agent.mount( + ContainerizationOCI.Mount( + type: "virtiofs", + source: tag, + destination: dest, + options: [] + )) + } + } else if alreadyMounted.isEmpty { + // Unified layout: one /run/virtiofs mount, needed + // only if nothing mounted it at boot / earlier. + try await agent.mount( + ContainerizationOCI.Mount( + type: "virtiofs", + source: "virtiofs", + destination: "/run/virtiofs", + options: [] + )) + } + } + + if fileMountContext.hasFileMounts { + let containerMounts = vm.mounts[id] ?? [] + try await updatedFileMountContext.mountHoldingDirectories( + vmMounts: containerMounts, + agent: agent + ) + } + + if let dns = config.dns ?? self.config.dns { + try await agent.configureDNS( + config: dns, + location: Self.guestRootfsPath(id) + ) + } + + if let hosts = config.hosts ?? self.config.hosts { + try await agent.configureHosts( + config: hosts, + location: Self.guestRootfsPath(id) + ) + } + + for socket in config.sockets { + try await self.relayUnixSocket( + socket: socket, + containerID: id, + relayManager: createdState.relayManager, + agent: agent + ) + } + + try await agent.close() + } catch { + try? await agent.umount(path: Self.guestRootfsPath(id), flags: 0) + try? await agent.close() + throw error + } + + state.containers[id] = PodContainer( + id: id, + rootfs: rootfs, + config: config, + state: .created, + process: nil, + fileMountContext: updatedFileMountContext + ) + } catch { + try? await vm.releaseHotplug(id: id) + try? await vm.releaseVirtioFS(id: id) + throw error + } + + case .errored(let err): + throw err + } + } + } + + /// Create and start the underlying pod's virtual machine and set up + /// the runtime environment. All registered containers will have their + /// rootfs mounted, but no init processes will be running. + public func create() async throws { + try await self.state.withLock { state in + try state.phase.validateForCreate() + + // Build mountsByID for all containers. + // Strip "ro" from rootfs options - we handle readonly via the OCI spec's + // root.readonly field and remount in vmexec after setup is complete. + // Use transformedMounts from fileMountContext (file mounts become directory shares). + var mountsByID: [String: [Mount]] = [:] + for (id, container) in state.containers { + var modifiedRootfs = container.rootfs + modifiedRootfs.options.removeAll(where: { $0 == "ro" }) + // Filter out shared mounts — those are handled separately as pod volume bind mounts. + let containerMounts = container.fileMountContext.transformedMounts.filter { + if case .shared = $0.runtimeOptions { return false } + return true + } + mountsByID[id] = [modifiedRootfs] + containerMounts + } + + // Validate pod volume names are unique. + var volumeNames = Set() + for volume in self.config.volumes { + guard volumeNames.insert(volume.name).inserted else { + throw ContainerizationError( + .invalidArgument, + message: "duplicate pod volume name \"\(volume.name)\"" + ) + } + } + + // Validate that all shared mounts reference valid pod volume names. + for (id, container) in state.containers { + for mount in container.config.mounts { + if case .shared = mount.runtimeOptions { + guard volumeNames.contains(mount.source) else { + throw ContainerizationError( + .invalidArgument, + message: "container \(id) references unknown pod volume \"\(mount.source)\"" + ) + } + } + } + } + let podVolumeMounts = self.config.volumes.map { $0.toMount() } + if !podVolumeMounts.isEmpty { + mountsByID[self.id] = podVolumeMounts + } + + // Capture into an immutable `let` so the value is safely usable + // from the concurrent `withAgent` closure below. The container + // path makes the same decision in LinuxContainer.create — CH + // only attaches a virtiofs device when shares are configured, + // so mounting an unbacked /run/virtiofs would fail with EINVAL + // on the CH backend. + let hasVirtiofsMount = mountsByID.values.contains { mounts in + mounts.contains { mount in + if case .virtiofs = mount.runtimeOptions { return true } + return false + } + } + + var vmConfig = VMConfiguration( + cpus: self.config.cpus, + memoryInBytes: self.config.memoryInBytes, + interfaces: self.config.interfaces, + mountsByID: mountsByID, + bootLog: self.config.bootLog, + nestedVirtualization: self.config.virtualization + ) + vmConfig.extensions = self.config.extensions + let creationConfig = StandardVMConfig(configuration: vmConfig) + let vm = try await self.vmm.create(config: creationConfig) + let relayManager = UnixSocketRelayManager(vm: vm) + try await vm.start() + + do { + let containers = state.containers + let shareProcessNamespace = self.config.shareProcessNamespace + let pauseProcessHolder = Mutex(nil) + let fileMountContextUpdates = Mutex<[String: FileMountContext]>([:]) + + try await vm.withAgent { agent in + try await agent.standardSetup() + + // Mount the unified virtiofs share at /run/virtiofs only + // when at least one container has a virtiofs mount. VZ + // tolerates the unbacked mount; CH does not. + if hasVirtiofsMount { + try await agent.mkdir(path: "/run/virtiofs", all: true, perms: 0o755) + if vm.virtiofsLayout == .perTag { + // CH backend: one virtio-fs device per source-hash + // tag, so mount each tag separately at + // /run/virtiofs/. See LinuxContainer for the + // VZ vs. CH model split. + var seenTags: Set = [] + for (_, attached) in vm.mounts { + for entry in attached where entry.type == "virtiofs" { + guard seenTags.insert(entry.source).inserted else { continue } + let dest = "/run/virtiofs/\(entry.source)" + try await agent.mkdir(path: dest, all: true, perms: 0o755) + try await agent.mount( + ContainerizationOCI.Mount( + type: "virtiofs", + source: entry.source, + destination: dest, + options: [] + )) + } + } + } else { + try await agent.mount( + ContainerizationOCI.Mount( + type: "virtiofs", + source: "virtiofs", + destination: "/run/virtiofs", + options: [] + )) + } + } + + // Create pause container if PID namespace sharing is enabled + if shareProcessNamespace { + let pauseID = "pause-\(self.id)" + let pauseRootfsPath = "/run/container/\(pauseID)/rootfs" + + // Bind mount /sbin into the pause container rootfs. + // This is where the guest agent lives. + try await agent.mount( + ContainerizationOCI.Mount( + type: "", + source: "/sbin", + destination: "\(pauseRootfsPath)/sbin", + options: ["bind"] + )) + + var pauseSpec = Self.createDefaultRuntimeSpec(pauseID, podID: self.id) + pauseSpec.process?.args = ["/sbin/vminitd", "pause"] + pauseSpec.hostname = "" + pauseSpec.mounts = LinuxContainer.defaultMounts().map { + ContainerizationOCI.Mount( + type: $0.type, + source: $0.source, + destination: $0.destination, + options: $0.options + ) + } + pauseSpec.linux?.namespaces = [ + LinuxNamespace(type: .cgroup), + LinuxNamespace(type: .ipc), + LinuxNamespace(type: .mount), + LinuxNamespace(type: .pid), + LinuxNamespace(type: .uts), + ] + + // Create LinuxProcess for pause container + let process = LinuxProcess( + pauseID, + containerID: pauseID, + spec: pauseSpec, + io: LinuxProcess.Stdio(stdin: nil, stdout: nil, stderr: nil), + ociRuntimePath: nil, + agent: agent, + vm: vm, + logger: self.logger + ) + + try await process.start() + pauseProcessHolder.withLock { $0 = process } + + self.logger?.debug("Pause container started", metadata: ["pid": "\(process.pid)"]) + } + + // Mount all container rootfs + for (_, container) in containers { + guard let attachments = vm.mounts[container.id], let rootfsAttachment = attachments.first else { + throw ContainerizationError(.notFound, message: "rootfs mount not found for container \(container.id)") + } + var rootfs = rootfsAttachment.to + rootfs.destination = Self.guestRootfsPath(container.id) + try await agent.mount(rootfs) + } + + // Mount file mount holding directories under /run for each container. + for (id, container) in containers { + if container.fileMountContext.hasFileMounts { + var ctx = container.fileMountContext + let containerMounts = vm.mounts[id] ?? [] + try await ctx.mountHoldingDirectories( + vmMounts: containerMounts, + agent: agent + ) + fileMountContextUpdates.withLock { $0[id] = ctx } + } + } + + // Mount pod-level volumes. + let podVolumeAttachments = vm.mounts[self.id] ?? [] + for (index, volume) in self.config.volumes.enumerated() { + guard index < podVolumeAttachments.count else { + throw ContainerizationError( + .notFound, + message: "attached filesystem not found for pod volume \"\(volume.name)\"" + ) + } + let attachment = podVolumeAttachments[index] + let guestPath = Self.guestVolumePath(volume.name) + try await agent.mount( + ContainerizationOCI.Mount( + type: volume.format, + source: attachment.source, + destination: guestPath, + options: [] + )) + } + + // Start up unix socket relays for each container + for (_, container) in containers { + for socket in container.config.sockets { + try await self.relayUnixSocket( + socket: socket, + containerID: container.id, + relayManager: relayManager, + agent: agent + ) + } + } + + // For every interface asked for: + // 1. Add the address requested + // 2. Online the adapter + // 3. For the first interface, add the default route + var defaultRouteSet = false + for (index, i) in self.interfaces.enumerated() { + let name = "eth\(index)" + try await agent.setupInterface( + i, + name: name, + setDefaultRoute: !defaultRouteSet, + logger: self.logger + ) + defaultRouteSet = true + } + + // Setup /etc/resolv.conf and /etc/hosts for each container. + // Container-level config takes precedence over pod-level config. + for (_, container) in containers { + if let dns = container.config.dns ?? self.config.dns { + try await agent.configureDNS( + config: dns, + location: Self.guestRootfsPath(container.id) + ) + } + if let hosts = container.config.hosts ?? self.config.hosts { + try await agent.configureHosts( + config: hosts, + location: Self.guestRootfsPath(container.id) + ) + } + } + } + + state.pauseProcess = pauseProcessHolder.withLock { $0 } + + // Apply file mount context updates. + let updates = fileMountContextUpdates.withLock { $0 } + for (id, ctx) in updates { + state.containers[id]?.fileMountContext = ctx + } + + // Transition all containers to created state + for id in state.containers.keys { + state.containers[id]?.state = .created + } + + state.phase = .created(.init(vm: vm, relayManager: relayManager)) + } catch { + try? await relayManager.stopAll() + try? await vm.stop() + state.phase.setErrored(error: error) + throw error + } + } + } + + /// Start a container's initial process. + public func startContainer(_ containerID: String) async throws { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("startContainer") + + guard var container = state.containers[containerID] else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found in pod" + ) + } + + guard container.state == .created else { + throw ContainerizationError( + .invalidState, + message: "container \(containerID) must be in created state to start" + ) + } + + let agent = try await createdState.vm.dialAgent() + do { + var spec = self.generateRuntimeSpec(containerID: containerID, config: container.config, rootfs: container.rootfs) + // We don't need the rootfs, nor do OCI runtimes want it included. + // Also filter out file mount holding directories - we mount those separately under /run. + // Transform virtiofs mounts to bind mounts from /run/virtiofs/{tag} + let containerMounts = createdState.vm.mounts[containerID] ?? [] + let holdingTags = container.fileMountContext.holdingDirectoryTags + var mounts: [ContainerizationOCI.Mount] = + containerMounts.dropFirst() + .filter { !holdingTags.contains($0.source) } + .map { attached -> ContainerizationOCI.Mount in + if attached.type == "virtiofs" { + // Transform to bind mount from holding directory + return ContainerizationOCI.Mount( + type: "none", + source: "/run/virtiofs/\(attached.source)", + destination: attached.destination, + options: ["bind"] + attached.options + ) + } + return attached.to + } + + container.fileMountContext.ociBindMounts() + + // When useInit is enabled, bind mount vminitd from the VM's filesystem + // into the container so it can be executed. + if container.config.useInit { + mounts.append( + ContainerizationOCI.Mount( + type: "bind", + source: "/sbin/vminitd", + destination: "/.cz-init", + options: ["bind", "ro"] + )) + } + + // Bind mount staged sockets into the container. Sockets relayed + // .into the container are created in a staging directory outside + // the rootfs to avoid symlink traversal and mount shadowing. + for socket in container.config.sockets where socket.direction == .into { + mounts.append( + ContainerizationOCI.Mount( + type: "bind", + source: Self.guestSocketStagingPath(socket.id), + destination: socket.destination.path, + options: ["bind"] + )) + } + + // Bind mount pod volumes into the container. + for mount in container.config.mounts { + if case .shared = mount.runtimeOptions { + mounts.append( + ContainerizationOCI.Mount( + type: "none", + source: Self.guestVolumePath(mount.source), + destination: mount.destination, + options: ["bind"] + mount.options + )) + } + } + + spec.mounts = cleanAndSortMounts(mounts) + + // Configure namespaces for the container + var namespaces: [LinuxNamespace] = [ + LinuxNamespace(type: .cgroup), + LinuxNamespace(type: .ipc), + LinuxNamespace(type: .mount), + LinuxNamespace(type: .uts), + ] + + // Either join pause container's pid ns or create a new one + if self.config.shareProcessNamespace, let pausePID = state.pauseProcess?.pid { + let nsPath = "/proc/\(pausePID)/ns/pid" + + self.logger?.debug( + "Container joining pause PID namespace", + metadata: [ + "container": "\(containerID)", + "pausePID": "\(pausePID)", + "nsPath": "\(nsPath)", + ]) + + namespaces.append(LinuxNamespace(type: .pid, path: nsPath)) + } else { + namespaces.append(LinuxNamespace(type: .pid)) + } + + spec.linux?.namespaces = namespaces + + let stdio = IOUtil.setup( + portAllocator: self.hostVsockPorts, + stdin: container.config.process.stdin, + stdout: container.config.process.stdout, + stderr: container.config.process.stderr + ) + + let process = LinuxProcess( + containerID, + containerID: containerID, + spec: spec, + io: stdio, + ociRuntimePath: nil, + agent: agent, + vm: createdState.vm, + logger: self.logger + ) + try await process.start() + + container.process = process + container.state = .started + state.containers[containerID] = container + } catch { + try? await agent.close() + throw error + } + } + } + + /// Stop a container from executing. + public func stopContainer(_ containerID: String) async throws { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("stopContainer") + + guard var container = state.containers[containerID] else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found in pod" + ) + } + + // Allow stop to be called multiple times + if container.state == .stopped { + return + } + + // Handle containers that were hotplugged but never started + if container.state == .created { + // Release the hotplug device and virtiofs shares + try? await createdState.vm.releaseHotplug(id: containerID) + try? await createdState.vm.releaseVirtioFS(id: containerID) + + container.state = .stopped + state.containers[containerID] = container + return + } + + guard container.state == .started, let process = container.process else { + throw ContainerizationError( + .invalidState, + message: "container \(containerID) must be in started state to stop" + ) + } + + do { + // Check if the vm is even still running + if createdState.vm.state == .stopped { + container.state = .stopped + state.containers[containerID] = container + return + } + + try await process.kill(.kill) + try await process.wait(timeoutInSeconds: 3) + + try await createdState.vm.withAgent { agent in + // Unmount the rootfs + try await agent.umount( + path: Self.guestRootfsPath(containerID), + flags: 0 + ) + } + + // Release the hotplug device and virtiofs shares so they can be reused by new containers + try await createdState.vm.releaseHotplug(id: containerID) + try await createdState.vm.releaseVirtioFS(id: containerID) + + // Clean up the process resources + try await process.delete() + + container.process = nil + container.state = .stopped + state.containers[containerID] = container + } catch { + // Try to release the hotplug device and virtiofs shares even on error + try? await createdState.vm.releaseHotplug(id: containerID) + try? await createdState.vm.releaseVirtioFS(id: containerID) + + container.state = .errored + container.process = nil + state.containers[containerID] = container + + throw error + } + } + } + + /// Stop the pod's VM and all containers. + public func stop() async throws { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("stop") + + do { + try await createdState.relayManager.stopAll() + + // Stop all containers + let containerIDs = Array(state.containers.keys) + + for containerID in containerIDs { + // Stop the container inline + guard var container = state.containers[containerID] else { + continue + } + + if container.state == .stopped { + continue + } + + if let process = container.process, container.state == .started { + if createdState.vm.state != .stopped { + try? await process.kill(.kill) + _ = try? await process.wait(timeoutInSeconds: 3) + + try? await createdState.vm.withAgent { agent in + try await agent.umount( + path: Self.guestRootfsPath(containerID), + flags: 0 + ) + } + } + + try? await process.delete() + container.process = nil + container.state = .stopped + + state.containers[containerID] = container + } + } + + // Unmount pod-level volumes. + if createdState.vm.state != .stopped && !self.config.volumes.isEmpty { + try? await createdState.vm.withAgent { agent in + for volume in self.config.volumes { + try? await agent.umount( + path: Self.guestVolumePath(volume.name), + flags: 0 + ) + } + } + } + + try await createdState.vm.stop() + state.phase = .initialized + } catch { + try? await createdState.vm.stop() + state.phase.setErrored(error: error) + throw error + } + } + } + + /// Send a signal to a container. + public func killContainer(_ containerID: String, signal: Signal) async throws { + try await self.state.withLock { state in + guard let container = state.containers[containerID], let process = container.process else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found or not started" + ) + } + try await process.kill(signal) + } + } + + /// Wait for a container to exit. Returns the exit code. + @discardableResult + public func waitContainer(_ containerID: String, timeoutInSeconds: Int64? = nil) async throws -> ExitStatus { + let process = try await self.state.withLock { state in + guard let container = state.containers[containerID], let process = container.process else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found or not started" + ) + } + return process + } + return try await process.wait(timeoutInSeconds: timeoutInSeconds) + } + + /// Resize a container's terminal (if one was requested). + public func resizeContainer(_ containerID: String, to: Terminal.Size) async throws { + try await self.state.withLock { state in + guard let container = state.containers[containerID], let process = container.process else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found or not started" + ) + } + try await process.resize(to: to) + } + } + + /// Execute a new process in a container. + public func execInContainer( + _ containerID: String, + processID: String, + configuration: @Sendable @escaping (inout LinuxProcessConfiguration) throws -> Void + ) async throws -> LinuxProcess { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("execInContainer") + + guard let container = state.containers[containerID] else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found in pod" + ) + } + + guard container.state == .started else { + throw ContainerizationError( + .invalidState, + message: "container \(containerID) must be started to exec" + ) + } + + var spec = self.generateRuntimeSpec(containerID: containerID, config: container.config, rootfs: container.rootfs) + // Inherit environment variables, working directory, user, capabilities, rlimits from container process. + // Reset: process arguments, terminal, stdio as these are not supposed to be inherited. + var config = container.config.process + config.arguments = [] + config.terminal = false + config.stdin = nil + config.stdout = nil + config.stderr = nil + try configuration(&config) + spec.process = config.toOCI() + + let stdio = IOUtil.setup( + portAllocator: self.hostVsockPorts, + stdin: config.stdin, + stdout: config.stdout, + stderr: config.stderr + ) + let agent = try await createdState.vm.dialAgent() + let process = LinuxProcess( + processID, + containerID: containerID, + spec: spec, + io: stdio, + ociRuntimePath: nil, + agent: agent, + vm: createdState.vm, + logger: self.logger + ) + return process + } + } + + /// List all container IDs in the pod. + public func listContainers() async -> [String] { + await self.state.withLock { state in + Array(state.containers.keys) + } + } + + /// Get statistics for containers in the pod. + public func statistics(containerIDs: [String]? = nil, categories: StatCategory = .all) async throws -> [ContainerStatistics] { + let (createdState, ids) = try await self.state.withLock { state in + let createdState = try state.phase.createdState("statistics") + let ids = containerIDs ?? Array(state.containers.keys) + return (createdState, ids) + } + + let stats = try await createdState.vm.withAgent { agent in + try await agent.containerStatistics(containerIDs: ids, categories: categories) + } + + return stats + } + + /// Dial a vsock port in the pod's VM. + public func dialVsock(port: UInt32) async throws -> FileHandle { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("dialVsock") + return try await createdState.vm.dial(port) + } + } + + /// Provides scoped access to the underlying virtual machine instance. + /// + /// Most users should prefer the higher level APIs on ``LinuxPod`` + /// directly. This is intended for advanced use cases that need to interact + /// with the virtual machine outside of the pod abstraction. + public func withVirtualMachineInstance( + _ fn: @Sendable (any VirtualMachineInstance) async throws -> T + ) async throws -> T { + let vm = try await self.state.withLock { state in + try state.phase.createdState("withVirtualMachineInstance").vm + } + return try await fn(vm) + } + + // Perform filesystem operations in a container. + public func filesystemOperation(_ containerID: String, operation: FilesystemOperation, path: String) async throws { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("filesystemOperation") + + guard let container = state.containers[containerID] else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found in pod" + ) + } + + guard container.state == .started else { + throw ContainerizationError( + .invalidState, + message: "container \(containerID) must be started to perform filesystem operations" + ) + } + + try await createdState.vm.withAgent { agent in + guard let vminitd = agent as? Vminitd else { + throw ContainerizationError(.unsupported, message: "filesystemOperation requires Vminitd agent") + } + let guestPath = URL(filePath: Self.guestRootfsPath(containerID)).appending(path: path).path + try await vminitd.filesystemOperation(operation: operation, path: guestPath) + } + } + } + + /// Close a container's standard input to signal no more input is arriving. + public func closeContainerStdin(_ containerID: String) async throws { + try await self.state.withLock { state in + guard let container = state.containers[containerID], let process = container.process else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found or not started" + ) + } + try await process.closeStdin() + } + } + + /// Relay a unix socket for a container. + public func relayUnixSocket(_ containerID: String, socket: UnixSocketConfiguration) async throws { + try await self.state.withLock { state in + let createdState = try state.phase.createdState("relayUnixSocket") + + guard let _ = state.containers[containerID] else { + throw ContainerizationError( + .notFound, + message: "container \(containerID) not found in pod" + ) + } + + try await createdState.vm.withAgent { agent in + try await self.relayUnixSocket( + socket: socket, + containerID: containerID, + relayManager: createdState.relayManager, + agent: agent + ) + } + } + } + + private func relayUnixSocket( + socket: UnixSocketConfiguration, + containerID: String, + relayManager: UnixSocketRelayManager, + agent: any VirtualMachineAgent + ) async throws { + guard let relayAgent = agent as? SocketRelayAgent else { + throw ContainerizationError( + .unsupported, + message: "VirtualMachineAgent does not support relaySocket surface" + ) + } + + var socket = socket + + // Adjust paths to be relative to the container's rootfs + let rootInGuest = URL(filePath: Self.guestRootfsPath(containerID)) + + let port: UInt32 + if socket.direction == .into { + port = self.hostVsockPorts.wrappingAdd(1, ordering: .relaxed).oldValue + socket.destination = URL(filePath: Self.guestSocketStagingPath(socket.id)) + } else { + port = self.guestVsockPorts.wrappingAdd(1, ordering: .relaxed).oldValue + socket.source = rootInGuest.appending(path: socket.source.path) + } + + try await relayManager.start(port: port, socket: socket) + try await relayAgent.relaySocket(port: port, configuration: socket) + } +} diff --git a/Sources/Containerization/LinuxProcess.swift b/Sources/Containerization/LinuxProcess.swift new file mode 100644 index 0000000..4020ef8 --- /dev/null +++ b/Sources/Containerization/LinuxProcess.swift @@ -0,0 +1,485 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +/// `LinuxProcess` represents a Linux process and is used to +/// setup and control the full lifecycle for the process. +public final class LinuxProcess: Sendable { + /// The ID of the process. This is purely metadata for the caller. + public let id: String + + /// What container owns this process (if any). + public let owningContainer: String? + + package struct StdioSetup: Sendable { + let port: UInt32 + let writer: Writer + } + + package struct StdioReaderSetup { + let port: UInt32 + let reader: ReaderStream + } + + package struct Stdio: Sendable { + let stdin: StdioReaderSetup? + let stdout: StdioSetup? + let stderr: StdioSetup? + } + + private struct StdioHandles: Sendable { + var stdin: FileHandle? + var stdout: FileHandle? + var stderr: FileHandle? + + mutating func close() throws { + if let stdin { + try stdin.close() + stdin.readabilityHandler = nil + self.stdin = nil + } + if let stdout { + try stdout.close() + stdout.readabilityHandler = nil + self.stdout = nil + } + if let stderr { + try stderr.close() + stderr.readabilityHandler = nil + self.stderr = nil + } + } + } + + private struct State { + var spec: ContainerizationOCI.Spec + var pid: Int32 + var stdio: StdioHandles + var stdinRelay: Task<(), Never>? + var ioTracker: IoTracker? + var deletionTask: Task? + + struct IoTracker { + let stream: AsyncStream + let cont: AsyncStream.Continuation + let configuredStreams: Int + } + } + + /// The process ID for the container process. This will be -1 + /// if the process has not been started. + public var pid: Int32 { + state.withLock { $0.pid } + } + + private let state: Mutex + private let ioSetup: Stdio + private let agent: any VirtualMachineAgent + private let vm: any VirtualMachineInstance + private let ociRuntimePath: String? + private let logger: Logger? + private let onDelete: (@Sendable () async -> Void)? + + init( + _ id: String, + containerID: String? = nil, + spec: Spec, + io: Stdio, + ociRuntimePath: String?, + agent: any VirtualMachineAgent, + vm: any VirtualMachineInstance, + logger: Logger?, + onDelete: (@Sendable () async -> Void)? = nil + ) { + self.id = id + self.owningContainer = containerID + self.state = Mutex(.init(spec: spec, pid: -1, stdio: StdioHandles())) + self.ioSetup = io + self.agent = agent + self.ociRuntimePath = ociRuntimePath + self.vm = vm + self.logger = logger + self.onDelete = onDelete + } +} + +extension LinuxProcess { + func setupIO(listeners: [VsockListener?]) async throws -> [FileHandle?] { + // Nested virtualization (x86_64 CI) is dramatically slower to bring the + // guest vsock listeners up than native arm64 virt, so allow a longer + // window there while keeping the arm64 path tight. + #if arch(x86_64) + let ioTimeout: UInt32 = 30 + #else + let ioTimeout: UInt32 = 3 + #endif + let handles = try await Timeout.run(seconds: ioTimeout) { + try await withThrowingTaskGroup(of: (Int, FileHandle?).self) { group in + var results = [FileHandle?](repeating: nil, count: 3) + + for (index, listener) in listeners.enumerated() { + guard let listener else { continue } + + group.addTask { + let first = await listener.first(where: { _ in true }) + try listener.finish() + return (index, first) + } + } + + for try await (index, fileHandle) in group { + results[index] = fileHandle + } + return results + } + } + + // Note: stdin relay is started separately via startStdinRelay() after + // the process has started, to avoid a deadlock where closeStdin is + // called before the process is consuming from the pipe. + + var configuredStreams = 0 + let (stream, cc) = AsyncStream.makeStream() + if let stdout = self.ioSetup.stdout { + configuredStreams += 1 + handles[1]?.readabilityHandler = { handle in + do { + let data = handle.availableData + if data.isEmpty { + // This block is called when the producer (the guest) closes + // the fd it is writing into. + handles[1]?.readabilityHandler = nil + cc.yield() + return + } + try stdout.writer.write(data) + } catch { + self.logger?.error("failed to write to stdout: \(error)") + } + } + } + + if let stderr = self.ioSetup.stderr { + configuredStreams += 1 + handles[2]?.readabilityHandler = { handle in + do { + let data = handle.availableData + if data.isEmpty { + handles[2]?.readabilityHandler = nil + cc.yield() + return + } + try stderr.writer.write(data) + } catch { + self.logger?.error("failed to write to stderr: \(error)") + } + } + } + if configuredStreams > 0 { + self.state.withLock { + $0.ioTracker = .init(stream: stream, cont: cc, configuredStreams: configuredStreams) + } + } + + return handles + } + + func startStdinRelay(handle: FileHandle) { + guard let stdin = self.ioSetup.stdin else { return } + + self.state.withLock { + $0.stdinRelay = Task { + for await data in stdin.reader.stream() { + do { + try handle.write(contentsOf: data) + } catch { + self.logger?.error("failed to write to stdin: \(error)") + break + } + } + + do { + self.logger?.debug("stdin relay finished, closing") + + // There's two ways we can wind up here: + // + // 1. The stream finished on its own (e.g. we wrote all the + // data) and we will close the underlying stdin in the guest below. + // + // 2. The client explicitly called closeStdin() themselves + // which will cancel this relay task AFTER actually closing + // the fds. If the client did that, then this task will be + // cancelled, and the fds are already gone so there's nothing + // for us to do. + if Task.isCancelled { + return + } + + try await self._closeStdin() + } catch { + self.logger?.error("failed to close stdin: \(error)") + } + } + } + } + + /// Start the process. + public func start() async throws { + do { + let spec = self.state.withLock { $0.spec } + var listeners = [VsockListener?](repeating: nil, count: 3) + if let stdin = self.ioSetup.stdin { + listeners[0] = try self.vm.listen(stdin.port) + } + if let stdout = self.ioSetup.stdout { + listeners[1] = try self.vm.listen(stdout.port) + } + if let stderr = self.ioSetup.stderr { + if spec.process!.terminal { + throw ContainerizationError( + .invalidArgument, + message: "stderr should not be configured with terminal=true" + ) + } + listeners[2] = try self.vm.listen(stderr.port) + } + + let t = Task { + try await self.setupIO(listeners: listeners) + } + + try await agent.createProcess( + id: self.id, + containerID: self.owningContainer, + stdinPort: self.ioSetup.stdin?.port, + stdoutPort: self.ioSetup.stdout?.port, + stderrPort: self.ioSetup.stderr?.port, + ociRuntimePath: self.ociRuntimePath, + configuration: spec, + options: nil + ) + + let result = try await t.value + let pid = try await self.agent.startProcess( + id: self.id, + containerID: self.owningContainer + ) + + // Start stdin relay after process launch to avoid filling the pipe + // buffer before the process is even running. + if let stdinHandle = result[0] { + self.startStdinRelay(handle: stdinHandle) + } + + self.state.withLock { + $0.stdio = StdioHandles( + stdin: result[0], + stdout: result[1], + stderr: result[2] + ) + $0.pid = pid + } + } catch { + if let err = error as? ContainerizationError { + throw err + } + throw ContainerizationError( + .internalError, + message: "failed to start process", + cause: error, + ) + } + } + + /// Kill the process with the specified signal. + public func kill(_ signal: Signal) async throws { + do { + try await agent.signalProcess( + id: self.id, + containerID: self.owningContainer, + signal: signal.rawValue + ) + } catch { + throw ContainerizationError( + .internalError, + message: "failed to kill process", + cause: error + ) + } + } + + /// Resize the processes pty (if requested). + public func resize(to: Terminal.Size) async throws { + do { + try await agent.resizeProcess( + id: self.id, + containerID: self.owningContainer, + columns: UInt32(to.width), + rows: UInt32(to.height) + ) + } catch { + throw ContainerizationError( + .internalError, + message: "failed to resize process", + cause: error + ) + } + } + + public func closeStdin() async throws { + do { + try await self._closeStdin() + self.state.withLock { + $0.stdinRelay?.cancel() + } + } catch { + throw ContainerizationError( + .internalError, + message: "failed to close stdin", + cause: error, + ) + } + } + + func _closeStdin() async throws { + try await self.agent.closeProcessStdin( + id: self.id, + containerID: self.owningContainer + ) + } + + /// Wait on the process to exit with an optional timeout. Returns the exit code of the process. + @discardableResult + public func wait(timeoutInSeconds: Int64? = nil) async throws -> ExitStatus { + do { + let exitStatus = try await self.agent.waitProcess( + id: self.id, + containerID: self.owningContainer, + timeoutInSeconds: timeoutInSeconds + ) + await self.waitIoComplete() + return exitStatus + } catch { + if error is ContainerizationError { + throw error + } + throw ContainerizationError( + .internalError, + message: "failed to wait on process", + cause: error + ) + } + } + + /// Wait until the standard output and standard error streams for the process have concluded. + private func waitIoComplete() async { + let ioTracker = self.state.withLock { $0.ioTracker } + guard let ioTracker else { + return + } + do { + try await Timeout.run(seconds: 3) { + var counter = ioTracker.configuredStreams + for await _ in ioTracker.stream { + counter -= 1 + if counter == 0 { + ioTracker.cont.finish() + break + } + } + } + } catch { + self.logger?.error("timeout waiting for IO to complete for process \(id): \(error)") + } + self.state.withLock { + $0.ioTracker = nil + } + } + + /// Cleans up guest state and waits on and closes any host resources (stdio handles). + public func delete() async throws { + try await self._delete() + await self.onDelete?() + } + + func _delete() async throws { + let task = self.state.withLock { state in + if let existingTask = state.deletionTask { + // Deletion already in progress or finished. + return existingTask + } + + let task = Task { + try await self.performDeletion() + } + state.deletionTask = task + return task + } + + try await task.value + } + + private func performDeletion() async throws { + do { + try await self.agent.deleteProcess( + id: self.id, + containerID: self.owningContainer + ) + } catch { + self.state.withLock { + $0.stdinRelay?.cancel() + try? $0.stdio.close() + } + try? await self.agent.close() + throw ContainerizationError( + .internalError, + message: "failed to delete process", + cause: error, + ) + } + + do { + try self.state.withLock { + $0.stdinRelay?.cancel() + try $0.stdio.close() + } + } catch { + try? await self.agent.close() + throw ContainerizationError( + .internalError, + message: "failed to close stdio", + cause: error, + ) + } + + do { + try await self.agent.close() + } catch { + throw ContainerizationError( + .internalError, + message: "failed to close agent connection", + cause: error, + ) + } + } +} diff --git a/Sources/Containerization/LinuxProcessConfiguration.swift b/Sources/Containerization/LinuxProcessConfiguration.swift new file mode 100644 index 0000000..7a15ee0 --- /dev/null +++ b/Sources/Containerization/LinuxProcessConfiguration.swift @@ -0,0 +1,457 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS + +/// A resource limit (rlimit) configuration for a container process. +public struct LinuxRLimit: Sendable, Hashable { + /// The kind of resource limit. + public var kind: Kind + /// The hard limit value. + public var hard: UInt64 + /// The soft limit value. + public var soft: UInt64 + + /// Creates a new resource limit. + /// + /// - Parameters: + /// - kind: The kind of resource limit. + /// - hard: The hard limit value. + /// - soft: The soft limit value. + public init(kind: Kind, hard: UInt64, soft: UInt64) { + self.kind = kind + self.hard = hard + self.soft = soft + } + + /// Creates a new resource limit with the same value for both hard and soft limits. + /// + /// - Parameters: + /// - kind: The kind of resource limit. + /// - limit: The limit value for both hard and soft limits. + public init(kind: Kind, limit: UInt64) { + self.kind = kind + self.hard = limit + self.soft = limit + } + + /// Convert to OCI POSIXRlimit format for transport. + public func toOCI() -> POSIXRlimit { + POSIXRlimit(type: self.kind.description, hard: self.hard, soft: self.soft) + } +} + +extension LinuxRLimit { + /// The kind of resource limit. + public struct Kind: Sendable, Hashable { + private enum Value: Hashable, Sendable, CaseIterable { + case addressSpace + case coreFileSize + case cpuTime + case dataSize + case fileSize + case locks + case lockedMemory + case messageQueue + case nice + case openFiles + case numberOfProcesses + case residentSetSize + case realtimePriority + case realtimeTimeout + case signalsPending + case stackSize + } + + private var value: Value + private init(_ value: Value) { + self.value = value + } + + /// Maximum size of the process's virtual memory (address space) in bytes. + public static var addressSpace: Self { + Self(.addressSpace) + } + + /// Maximum size of a core file in bytes. + public static var coreFileSize: Self { + Self(.coreFileSize) + } + + /// Maximum amount of CPU time the process can consume in seconds. + public static var cpuTime: Self { + Self(.cpuTime) + } + + /// Maximum size of the process's data segment in bytes. + public static var dataSize: Self { + Self(.dataSize) + } + + /// Maximum size of files the process may create in bytes. + public static var fileSize: Self { + Self(.fileSize) + } + + /// Maximum number of file locks. + public static var locks: Self { + Self(.locks) + } + + /// Maximum number of bytes of memory that may be locked into RAM. + public static var lockedMemory: Self { + Self(.lockedMemory) + } + + /// Maximum number of bytes that can be allocated for POSIX message queues. + public static var messageQueue: Self { + Self(.messageQueue) + } + + /// Maximum nice value that can be set. + public static var nice: Self { + Self(.nice) + } + + /// Maximum number of open file descriptors. + public static var openFiles: Self { + Self(.openFiles) + } + + /// Maximum number of processes that can be created by the user. + public static var numberOfProcesses: Self { + Self(.numberOfProcesses) + } + + /// Maximum size of the process's resident set (physical memory) in bytes. + public static var residentSetSize: Self { + Self(.residentSetSize) + } + + /// Maximum real-time scheduling priority. + public static var realtimePriority: Self { + Self(.realtimePriority) + } + + /// Maximum amount of CPU time for real-time scheduling in microseconds. + public static var realtimeTimeout: Self { + Self(.realtimeTimeout) + } + + /// Maximum number of signals that may be queued. + public static var signalsPending: Self { + Self(.signalsPending) + } + + /// Maximum size of the process stack in bytes. + public static var stackSize: Self { + Self(.stackSize) + } + + /// Creates a Kind from its OCI string representation. + /// + /// - Parameter string: The OCI string representation (e.g., "RLIMIT_NOFILE"). + /// - Throws: `ContainerizationError` with code `.invalidArgument` if the string doesn't match a known rlimit kind. + public init(_ string: String) throws { + switch string { + case "RLIMIT_AS": + self = .addressSpace + case "RLIMIT_CORE": + self = .coreFileSize + case "RLIMIT_CPU": + self = .cpuTime + case "RLIMIT_DATA": + self = .dataSize + case "RLIMIT_FSIZE": + self = .fileSize + case "RLIMIT_LOCKS": + self = .locks + case "RLIMIT_MEMLOCK": + self = .lockedMemory + case "RLIMIT_MSGQUEUE": + self = .messageQueue + case "RLIMIT_NICE": + self = .nice + case "RLIMIT_NOFILE": + self = .openFiles + case "RLIMIT_NPROC": + self = .numberOfProcesses + case "RLIMIT_RSS": + self = .residentSetSize + case "RLIMIT_RTPRIO": + self = .realtimePriority + case "RLIMIT_RTTIME": + self = .realtimeTimeout + case "RLIMIT_SIGPENDING": + self = .signalsPending + case "RLIMIT_STACK": + self = .stackSize + default: + throw ContainerizationError(.invalidArgument, message: "invalid rlimit kind: '\(string)'") + } + } + } +} + +extension LinuxRLimit.Kind: CustomStringConvertible { + /// The OCI string representation of the resource limit kind. + public var description: String { + switch self.value { + case .addressSpace: + "RLIMIT_AS" + case .coreFileSize: + "RLIMIT_CORE" + case .cpuTime: + "RLIMIT_CPU" + case .dataSize: + "RLIMIT_DATA" + case .fileSize: + "RLIMIT_FSIZE" + case .locks: + "RLIMIT_LOCKS" + case .lockedMemory: + "RLIMIT_MEMLOCK" + case .messageQueue: + "RLIMIT_MSGQUEUE" + case .nice: + "RLIMIT_NICE" + case .openFiles: + "RLIMIT_NOFILE" + case .numberOfProcesses: + "RLIMIT_NPROC" + case .residentSetSize: + "RLIMIT_RSS" + case .realtimePriority: + "RLIMIT_RTPRIO" + case .realtimeTimeout: + "RLIMIT_RTTIME" + case .signalsPending: + "RLIMIT_SIGPENDING" + case .stackSize: + "RLIMIT_STACK" + } + } +} + +/// User-friendly Linux capabilities configuration +public struct LinuxCapabilities: Sendable { + /// Capabilities that define the maximum set of capabilities a process can have + public var bounding: [CapabilityName] = [] + /// Capabilities that are actually in effect for the current process + public var effective: [CapabilityName] = [] + /// Capabilities that can be inherited by child processes + public var inheritable: [CapabilityName] = [] + /// Capabilities that are currently permitted for the process + public var permitted: [CapabilityName] = [] + /// Capabilities that are preserved across execve() calls + public var ambient: [CapabilityName] = [] + + /// Grant all capabilities + public static let allCapabilities = LinuxCapabilities( + bounding: CapabilityName.allCases, + effective: CapabilityName.allCases, + inheritable: CapabilityName.allCases, + permitted: CapabilityName.allCases, + ambient: CapabilityName.allCases + ) + + /// Default configuration + public static let defaultOCICapabilities = LinuxCapabilities( + bounding: [ + .chown, + .dacOverride, + .fsetid, + .fowner, + .mknod, + .netRaw, + .setgid, + .setuid, + .setfcap, + .setpcap, + .netBindService, + .sysChroot, + .kill, + .auditWrite, + ], + effective: [ + .chown, + .dacOverride, + .fsetid, + .fowner, + .mknod, + .netRaw, + .setgid, + .setuid, + .setfcap, + .setpcap, + .netBindService, + .sysChroot, + .kill, + .auditWrite, + ], + permitted: [ + .chown, + .dacOverride, + .fsetid, + .fowner, + .mknod, + .netRaw, + .setgid, + .setuid, + .setfcap, + .setpcap, + .netBindService, + .sysChroot, + .kill, + .auditWrite, + ], + ) + + public init( + bounding: [CapabilityName] = [], + effective: [CapabilityName] = [], + inheritable: [CapabilityName] = [], + permitted: [CapabilityName] = [], + ambient: [CapabilityName] = [] + ) { + self.bounding = bounding + self.effective = effective + self.inheritable = inheritable + self.permitted = permitted + self.ambient = ambient + } + + /// Convenience initializer that sets the same capabilities to effective, permitted, and bounding sets + /// This matches the typical pattern used by containerd/runc + public init(capabilities: [CapabilityName]) { + self.bounding = capabilities + self.effective = capabilities + self.inheritable = [] + self.permitted = capabilities + self.ambient = [] + } + + /// Convert to OCI format for transport + public func toOCI() -> ContainerizationOCI.LinuxCapabilities { + ContainerizationOCI.LinuxCapabilities( + bounding: bounding.isEmpty ? nil : bounding.map { $0.description }, + effective: effective.isEmpty ? nil : effective.map { $0.description }, + inheritable: inheritable.isEmpty ? nil : inheritable.map { $0.description }, + permitted: permitted.isEmpty ? nil : permitted.map { $0.description }, + ambient: ambient.isEmpty ? nil : ambient.map { $0.description } + ) + } +} + +public struct LinuxProcessConfiguration: Sendable { + /// The default PATH value for a process. + public static let defaultPath = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + /// The arguments for the container process. + public var arguments: [String] = [] + /// The environment variables for the container process. + public var environmentVariables: [String] = ["PATH=\(Self.defaultPath)"] + /// The working directory for the container process. + public var workingDirectory: String = "/" + /// The user the container process will run as. + public var user: ContainerizationOCI.User = .init() + /// The rlimits for the container process. + public var rlimits: [LinuxRLimit] = [] + /// Whether to set the no_new_privileges bit on the container process. When true, the + /// process and its children cannot gain additional privileges via setuid/setgid binaries + /// or file capabilities. + public var noNewPrivileges: Bool = false + /// The Linux capabilities for the container process. Defaults to + /// ``LinuxCapabilities/defaultOCICapabilities`` — the restricted baseline used by + /// runc/containerd, which excludes privileged capabilities such as `CAP_SYS_ADMIN`. + /// Callers that require additional capabilities (for example, privileged containers) + /// must opt in explicitly, e.g. by setting ``LinuxCapabilities/allCapabilities``. + public var capabilities: LinuxCapabilities = .defaultOCICapabilities + /// Whether to allocate a pseudo terminal for the process. If you'd like interactive + /// behavior and are planning to use a terminal for stdin/out/err on the client side, + /// this should likely be set to true. + public var terminal: Bool = false + /// The stdin for the process. + public var stdin: ReaderStream? + /// The stdout for the process. + public var stdout: Writer? + /// The stderr for the process. + public var stderr: Writer? + + public init() {} + + public init( + arguments: [String], + environmentVariables: [String] = ["PATH=\(Self.defaultPath)"], + workingDirectory: String = "/", + user: ContainerizationOCI.User = .init(), + rlimits: [LinuxRLimit] = [], + noNewPrivileges: Bool = false, + capabilities: LinuxCapabilities = .defaultOCICapabilities, + terminal: Bool = false, + stdin: ReaderStream? = nil, + stdout: Writer? = nil, + stderr: Writer? = nil + ) { + self.arguments = arguments + self.environmentVariables = environmentVariables + self.workingDirectory = workingDirectory + self.user = user + self.rlimits = rlimits + self.noNewPrivileges = noNewPrivileges + self.capabilities = capabilities + self.terminal = terminal + self.stdin = stdin + self.stdout = stdout + self.stderr = stderr + } + + public init(from config: ImageConfig) { + self.workingDirectory = config.workingDir ?? "/" + self.environmentVariables = config.env ?? [] + self.arguments = (config.entrypoint ?? []) + (config.cmd ?? []) + self.user = { + if let rawString = config.user { + return User(username: rawString) + } + return User() + }() + } + + /// Sets up IO to be handled by the passed in Terminal, and edits the + /// process configuration to set the necessary state for using a pty. + mutating public func setTerminalIO(terminal: Terminal) { + self.environmentVariables.append("TERM=xterm") + self.terminal = true + self.stdin = terminal + self.stdout = terminal + } + + func toOCI() -> ContainerizationOCI.Process { + ContainerizationOCI.Process( + args: self.arguments, + cwd: self.workingDirectory, + env: self.environmentVariables, + noNewPrivileges: self.noNewPrivileges, + capabilities: self.capabilities.toOCI(), + user: self.user, + rlimits: self.rlimits.map { $0.toOCI() }, + terminal: self.terminal + ) + } +} diff --git a/Sources/Containerization/Mount+CH.swift b/Sources/Containerization/Mount+CH.swift new file mode 100644 index 0000000..2e25e2b --- /dev/null +++ b/Sources/Containerization/Mount+CH.swift @@ -0,0 +1,80 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CloudHypervisor +import Foundation + +extension Mount { + /// Returns a `CloudHypervisor.DiskConfig` describing this mount as a virtio-blk + /// device, or `nil` if the mount is not a block device. + /// + /// The caller supplies the device id; cloud-hypervisor uses it both as a + /// stable handle for hotplug-remove and as the udev/sysfs identifier inside + /// the guest. + /// + /// `imageType` defaults to `.raw` because Containerization mounts are + /// always raw block files (ext4 produced by the EXT4 unpacker, NBD URLs, + /// etc.). When cloud-hypervisor doesn't see an `image_type` it falls + /// back to `Unknown` and silently rejects all writes — see CH's + /// `virtio-devices/src/block.rs` "Attempting to write to sector 0 on a + /// disk without specifying image_type" warning. + public func chDiskConfig(id: String) -> CloudHypervisor.DiskConfig? { + guard case .virtioblk = self.runtimeOptions else { + return nil + } + return CloudHypervisor.DiskConfig( + path: self.source, + readonly: self.options.contains("ro"), + direct: nil, + iommu: nil, + id: id, + pciSegment: nil, + imageType: .raw + ) + } + + /// Returns a `CloudHypervisor.FsConfig` describing this mount as a virtio-fs + /// share served by an out-of-process `virtiofsd`, or `nil` if the mount is + /// not a virtiofs share. + /// + /// `tag` is the guest-side mount tag and `socketPath` is the UDS path the + /// virtiofsd subprocess publishes. Both are owned by the caller. + public func chFsConfig(tag: String, socketPath: String, id: String) -> CloudHypervisor.FsConfig? { + guard case .virtiofs = self.runtimeOptions else { + return nil + } + return CloudHypervisor.FsConfig( + tag: tag, + socket: socketPath, + numQueues: nil, + queueSize: nil, + id: id, + pciSegment: nil + ) + } +} + +/// Build the host-side UDS path for a virtiofsd ↔ cloud-hypervisor socket. +/// +/// `tag` is the full source-hash (used as the FUSE tag advertised to the +/// guest); the socket *path* uses only an 8-char prefix because the full +/// path — `/virtiofs-.sock` with a 36-char tag — overshoots +/// Linux's 108-byte `SUN_LEN` limit. 32 bits of disambiguation is more +/// than enough within a single VM (handful of distinct virtiofs sources). +func chVirtiofsSocketURL(workDir: URL, tag: String) -> URL { + let short = String(tag.prefix(8)) + return workDir.appendingPathComponent("vfs-\(short).sock") +} diff --git a/Sources/Containerization/Mount.swift b/Sources/Containerization/Mount.swift new file mode 100644 index 0000000..b516dea --- /dev/null +++ b/Sources/Containerization/Mount.swift @@ -0,0 +1,452 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation + +#if os(macOS) +import Virtualization +#endif + +#if os(Linux) +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif +#endif + +/// A filesystem mount exposed to a container. +public struct Mount: Sendable { + /// The filesystem or mount type. This is the string + /// that will be used for the mount syscall itself. + public var type: String + /// The source path of the mount. + public var source: String + /// The destination path of the mount. + public var destination: String + /// Filesystem or mount specific options. + public var options: [String] + /// Runtime specific options. This can be used + /// as a way to discern what kind of device a vmm + /// should create for this specific mount (virtioblock + /// virtiofs etc.). + public let runtimeOptions: RuntimeOptions + + /// A type representing a "hint" of what type + /// of mount this really is (block, directory, purely + /// guest mount) and a set of type specific options, if any. + public enum RuntimeOptions: Sendable { + case virtioblk([String]) + case virtiofs([String]) + case shared + case any([String]) + } + + public init( + type: String, + source: String, + destination: String, + options: [String], + runtimeOptions: RuntimeOptions + ) { + self.type = type + self.source = source + self.destination = destination + self.options = options + self.runtimeOptions = runtimeOptions + } + + /// Mount representing a virtio block device. + public static func block( + format: String, + source: String, + destination: String, + options: [String] = [], + runtimeOptions: [String] = [] + ) -> Self { + .init( + type: format, + source: source, + destination: destination, + options: options, + runtimeOptions: .virtioblk(runtimeOptions) + ) + } + + /// Mount representing a virtiofs share. + public static func share( + source: String, + destination: String, + options: [String] = [], + runtimeOptions: [String] = [] + ) -> Self { + .init( + type: "virtiofs", + source: source, + destination: destination, + options: options, + runtimeOptions: .virtiofs(runtimeOptions) + ) + } + + /// A generic mount. + public static func any( + type: String, + source: String, + destination: String, + options: [String] = [], + runtimeOptions: [String] = [] + ) -> Self { + .init( + type: type, + source: source, + destination: destination, + options: options, + runtimeOptions: .any(runtimeOptions) + ) + } + + /// A mount referencing a shared pod volume by name. + public static func sharedMount( + name: String, + destination: String, + options: [String] = [] + ) -> Self { + .init( + type: "none", + source: name, + destination: destination, + options: options, + runtimeOptions: .shared + ) + } + + /// Clone the Mount to the provided path. + /// + /// On macOS this uses `clonefile` (via `FileManager.copyItem`) for a + /// copy-on-write copy when the underlying filesystem supports it. On + /// Linux it tries `ioctl(FICLONE)` first (CoW on btrfs / xfs / bcachefs) + /// and falls back to a `SEEK_DATA`/`SEEK_HOLE` sparse copy that copies + /// only data ranges. This matters for EXT4 images produced by + /// `EXT4+Formatter`, which sparse-allocate via `lseek + 1-byte write` — + /// a non-sparse copy would inflate a ~50 MB alpine rootfs into a + /// fully-allocated 2 GiB clone and exhaust the integration suite's + /// writable layer in ~30 tests. + public func clone(to: String) throws -> Self { + #if os(Linux) + try Self.linuxSparseCopy(from: self.source, to: to) + #else + try FileManager.default.copyItem(atPath: self.source, toPath: to) + #endif + + return .init( + type: self.type, + source: to, + destination: self.destination, + options: self.options, + runtimeOptions: self.runtimeOptions + ) + } + + #if os(Linux) + /// Copy `src` to `dst`, preferring a CoW reflink (`ioctl(FICLONE)`) and + /// falling back to a SEEK_DATA/SEEK_HOLE sparse copy. The reflink path + /// succeeds on btrfs / xfs (`reflink=1`) / bcachefs; on ext4 / tmpfs / + /// overlayfs it fails fast with EOPNOTSUPP/EXDEV/EINVAL and we walk + /// the hole map instead. The sparse-copy path also handles + /// filesystems that don't support hole-seeking (the very first + /// SEEK_DATA returns EINVAL) by copying the remainder verbatim. Mode + /// bits are preserved from the source. + private static func linuxSparseCopy(from src: String, to dst: String) throws { + // Stable Linux ABI since 3.1 (ext4, tmpfs, overlayfs all support it). + // Re-declared here so the build doesn't depend on whether the + // Glibc/Musl Swift overlay re-exports them. + let SEEK_DATA: Int32 = 3 + let SEEK_HOLE: Int32 = 4 + // _IOW(0x94, 9, int) on every Linux arch we target (x86_64, aarch64). + let FICLONE: CUnsignedLong = 0x4004_9409 + + let srcFd = open(src, O_RDONLY | O_CLOEXEC) + guard srcFd >= 0 else { + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + defer { _ = close(srcFd) } + + var st = stat() + guard fstat(srcFd, &st) == 0 else { + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + let size = off_t(st.st_size) + let mode = mode_t(st.st_mode & 0o7777) + + let dstFd = open(dst, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, mode) + guard dstFd >= 0 else { + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + defer { _ = close(dstFd) } + + // FICLONE atomically replaces dst's contents with a CoW clone of + // src — sets size and contents in one shot, no ftruncate needed + // afterwards. On failure FICLONE guarantees dst is untouched, so + // we can safely fall through to the sparse-copy path. ioctl(2) is + // variadic; type-pun via a fixed-arity function pointer (same + // pattern as ContainerizationOS.Socket). + let ioctlFICLONE: @convention(c) (CInt, CUnsignedLong, CInt) -> CInt = ioctl + if ioctlFICLONE(dstFd, FICLONE, srcFd) == 0 { + return + } + + // Set the destination size up front so any trailing hole survives — + // we only ever pwrite data ranges, never zero-fill. + guard ftruncate(dstFd, size) == 0 else { + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + + let bufSize = 1 << 20 // 1 MiB + let buf = UnsafeMutableRawPointer.allocate(byteCount: bufSize, alignment: 16) + defer { buf.deallocate() } + + var pos: off_t = 0 + while pos < size { + let dataStart = lseek(srcFd, pos, SEEK_DATA) + if dataStart < 0 { + // ENXIO: no more data — rest is hole, already covered by ftruncate. + if errno == ENXIO { + break + } + // EINVAL/ENOTSUP: filesystem doesn't support SEEK_DATA. Treat + // the remainder as one big data range and copy it verbatim. + try Self.copyRange(srcFd: srcFd, dstFd: dstFd, start: pos, end: size, buf: buf, bufSize: bufSize) + break + } + + // SEEK_HOLE returns end-of-file when there's no trailing hole. + let dataEnd = lseek(srcFd, dataStart, SEEK_HOLE) + let endOff: off_t = dataEnd < 0 ? size : dataEnd + + try Self.copyRange(srcFd: srcFd, dstFd: dstFd, start: dataStart, end: endOff, buf: buf, bufSize: bufSize) + pos = endOff + } + } + + private static func copyRange( + srcFd: Int32, + dstFd: Int32, + start: off_t, + end: off_t, + buf: UnsafeMutableRawPointer, + bufSize: Int + ) throws { + var off = start + while off < end { + let want = Int(min(off_t(bufSize), end - off)) + let nread = pread(srcFd, buf, want, off) + if nread < 0 { + if errno == EINTR { continue } + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + if nread == 0 { + // Source shorter than fstat reported — shouldn't happen, but + // bail rather than spin. + return + } + var written = 0 + while written < nread { + let nwrite = pwrite(dstFd, buf.advanced(by: written), nread - written, off + off_t(written)) + if nwrite < 0 { + if errno == EINTR { continue } + throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO) + } + written += nwrite + } + off += off_t(nread) + } + } + #endif +} + +#if os(macOS) + +extension Mount { + private enum StorageAttachmentType { + case diskImage + case networkBlockDevice + } + + private var storageAttachmentType: StorageAttachmentType { + let nbdSchemes = ["nbd://", "nbds://", "nbd+unix://", "nbds+unix://"] + if nbdSchemes.contains(where: { self.source.hasPrefix($0) }) { + return .networkBlockDevice + } + return .diskImage + } + + func configure(config: inout VZVirtualMachineConfiguration) throws { + switch self.runtimeOptions { + case .virtioblk(let options): + let device: VZStorageDeviceAttachment + switch self.storageAttachmentType { + case .networkBlockDevice: + device = try VZNetworkBlockDeviceStorageDeviceAttachment.mountToVZAttachment(mount: self, options: options) + case .diskImage: + device = try VZDiskImageStorageDeviceAttachment.mountToVZAttachment(mount: self, options: options) + } + let attachment = VZVirtioBlockDeviceConfiguration(attachment: device) + config.storageDevices.append(attachment) + case .virtiofs(_): + // VirtioFS mounts are handled centrally via VZMultipleDirectoryShare in VZVirtualMachineInstance + // No per-mount device configuration needed + break + case .shared, .any: + break + } + } +} + +extension VZDiskImageStorageDeviceAttachment { + static func mountToVZAttachment(mount: Mount, options: [String]) throws -> VZDiskImageStorageDeviceAttachment { + var synchronizationMode: VZDiskImageSynchronizationMode = .fsync + var cachingMode: VZDiskImageCachingMode = .cached + + for option in options { + let split = option.split(separator: "=") + if split.count != 2 { + continue + } + + let key = String(split[0]) + let value = String(split[1]) + + switch key { + case "vzDiskImageCachingMode": + switch value { + case "automatic": + cachingMode = .automatic + case "cached": + cachingMode = .cached + case "uncached": + cachingMode = .uncached + default: + throw ContainerizationError( + .invalidArgument, + message: "unknown vzDiskImageCachingMode value for virtio block device: \(value)" + ) + } + case "vzDiskImageSynchronizationMode": + switch value { + case "full": + synchronizationMode = .full + case "fsync": + synchronizationMode = .fsync + case "none": + synchronizationMode = .none + default: + throw ContainerizationError( + .invalidArgument, + message: "unknown vzDiskImageSynchronizationMode value for virtio block device: \(value)" + ) + } + default: + throw ContainerizationError( + .invalidArgument, + message: "unknown vmm option encountered: \(key)" + ) + } + } + return try VZDiskImageStorageDeviceAttachment( + url: URL(filePath: mount.source), + readOnly: mount.readonly, + cachingMode: cachingMode, + synchronizationMode: synchronizationMode + ) + } +} + +extension VZNetworkBlockDeviceStorageDeviceAttachment { + static func mountToVZAttachment(mount: Mount, options: [String]) throws -> VZNetworkBlockDeviceStorageDeviceAttachment { + guard let url = URL(string: mount.source) else { + throw ContainerizationError( + .invalidArgument, + message: "invalid NBD URL: \(mount.source)" + ) + } + + var timeout: TimeInterval = 5 + var synchronizationMode: VZDiskSynchronizationMode = .full + + for option in options { + let split = option.split(separator: "=") + if split.count != 2 { + continue + } + + let key = String(split[0]) + let value = String(split[1]) + + switch key { + case "vzTimeout": + guard let t = TimeInterval(value) else { + throw ContainerizationError( + .invalidArgument, + message: "invalid vzTimeout value for NBD device: \(value)" + ) + } + timeout = t + case "vzSynchronizationMode": + switch value { + case "full": + synchronizationMode = .full + case "none": + synchronizationMode = .none + default: + throw ContainerizationError( + .invalidArgument, + message: "unknown vzSynchronizationMode value for NBD device: \(value)" + ) + } + default: + throw ContainerizationError( + .invalidArgument, + message: "unknown vmm option encountered: \(key)" + ) + } + } + + return try VZNetworkBlockDeviceStorageDeviceAttachment( + url: url, + timeout: timeout, + isForcedReadOnly: mount.readonly, + synchronizationMode: synchronizationMode + ) + } +} + +#endif + +extension Mount { + fileprivate var readonly: Bool { + self.options.contains("ro") + } + + /// Returns true if this mount is a virtio block device. + public var isBlock: Bool { + if case .virtioblk = self.runtimeOptions { + return true + } + return false + } +} diff --git a/Sources/Containerization/NATInterface.swift b/Sources/Containerization/NATInterface.swift new file mode 100644 index 0000000..c37fbc0 --- /dev/null +++ b/Sources/Containerization/NATInterface.swift @@ -0,0 +1,42 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras + +public struct NATInterface: Interface { + public var ipv4Address: CIDRv4 + public var ipv4Gateway: IPv4Address? + public var ipv6Address: CIDRv6? + public var ipv6Gateway: IPv6Address? + public var macAddress: MACAddress? + public var mtu: UInt32 + + public init( + ipv4Address: CIDRv4, + ipv4Gateway: IPv4Address?, + ipv6Address: CIDRv6? = nil, + ipv6Gateway: IPv6Address? = nil, + macAddress: MACAddress? = nil, + mtu: UInt32 = 1500 + ) { + self.ipv4Address = ipv4Address + self.ipv4Gateway = ipv4Gateway + self.ipv6Address = ipv6Address + self.ipv6Gateway = ipv6Gateway + self.macAddress = macAddress + self.mtu = mtu + } +} diff --git a/Sources/Containerization/NATNetworkInterface.swift b/Sources/Containerization/NATNetworkInterface.swift new file mode 100644 index 0000000..f4d6392 --- /dev/null +++ b/Sources/Containerization/NATNetworkInterface.swift @@ -0,0 +1,84 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) + +import vmnet +import Virtualization +import ContainerizationError +import ContainerizationExtras +import Synchronization + +/// An interface that uses NAT to provide an IP address for a given +/// container/virtual machine. +@available(macOS 26, *) +public final class NATNetworkInterface: Interface, Sendable { + public let ipv4Address: CIDRv4 + public let ipv4Gateway: IPv4Address? + public let macAddress: MACAddress? + public let mtu: UInt32 + + @available(macOS 26, *) + // `reference` isn't used concurrently. + public nonisolated(unsafe) let reference: vmnet_network_ref! + + @available(macOS 26, *) + public init( + ipv4Address: CIDRv4, + ipv4Gateway: IPv4Address?, + reference: sending vmnet_network_ref, + macAddress: MACAddress? = nil, + mtu: UInt32 = 1500 + ) { + self.ipv4Address = ipv4Address + self.ipv4Gateway = ipv4Gateway + self.macAddress = macAddress + self.mtu = mtu + self.reference = reference + } + + @available(macOS, obsoleted: 26, message: "Use init(ipv4Address:ipv4Gateway:reference:macAddress:) instead") + public init( + ipv4Address: CIDRv4, + ipv4Gateway: IPv4Address?, + macAddress: MACAddress? = nil, + mtu: UInt32 = 1500 + ) { + self.ipv4Address = ipv4Address + self.ipv4Gateway = ipv4Gateway + self.macAddress = macAddress + self.mtu = mtu + self.reference = nil + } +} + +@available(macOS 26, *) +extension NATNetworkInterface: VZInterface { + public func device() throws -> VZVirtioNetworkDeviceConfiguration { + let config = VZVirtioNetworkDeviceConfiguration() + if let macAddress = self.macAddress { + guard let mac = VZMACAddress(string: macAddress.description) else { + throw ContainerizationError(.invalidArgument, message: "invalid mac address \(macAddress)") + } + config.macAddress = mac + } + + config.attachment = VZVmnetNetworkDeviceAttachment(network: self.reference) + return config + } +} + +#endif diff --git a/Sources/Containerization/Network.swift b/Sources/Containerization/Network.swift new file mode 100644 index 0000000..807746e --- /dev/null +++ b/Sources/Containerization/Network.swift @@ -0,0 +1,21 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A network that can allocate and release interfaces for use with containers. +public protocol Network: Sendable { + mutating func createInterface(_ id: String) throws -> Interface? + mutating func releaseInterface(_ id: String) throws +} diff --git a/Sources/Containerization/SandboxContext/SandboxContext.grpc.swift b/Sources/Containerization/SandboxContext/SandboxContext.grpc.swift new file mode 100644 index 0000000..6776ed1 --- /dev/null +++ b/Sources/Containerization/SandboxContext/SandboxContext.grpc.swift @@ -0,0 +1,6833 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// DO NOT EDIT. +// swift-format-ignore-file +// swiftlint:disable all +// +// Generated by the gRPC Swift generator plugin for the protocol buffer compiler. +// Source: SandboxContext.proto +// +// For information on using the generated types, please see the documentation: +// https://github.com/grpc/grpc-swift + +import GRPCCore +import GRPCProtobuf + +// MARK: - com.apple.containerization.sandbox.v3.SandboxContext + +/// Namespace containing generated types for the "com.apple.containerization.sandbox.v3.SandboxContext" service. +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +public enum Com_Apple_Containerization_Sandbox_V3_SandboxContext: Sendable { + /// Service descriptor for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + public static let descriptor = GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext") + /// Namespace for method metadata. + public enum Method: Sendable { + /// Namespace for "Mount" metadata. + public enum Mount: Sendable { + /// Request type for "Mount". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_MountRequest + /// Response type for "Mount". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_MountResponse + /// Descriptor for "Mount". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Mount", + type: .unary + ) + } + /// Namespace for "Umount" metadata. + public enum Umount: Sendable { + /// Request type for "Umount". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_UmountRequest + /// Response type for "Umount". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_UmountResponse + /// Descriptor for "Umount". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Umount", + type: .unary + ) + } + /// Namespace for "Setenv" metadata. + public enum Setenv: Sendable { + /// Request type for "Setenv". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_SetenvRequest + /// Response type for "Setenv". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_SetenvResponse + /// Descriptor for "Setenv". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Setenv", + type: .unary + ) + } + /// Namespace for "Getenv" metadata. + public enum Getenv: Sendable { + /// Request type for "Getenv". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_GetenvRequest + /// Response type for "Getenv". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_GetenvResponse + /// Descriptor for "Getenv". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Getenv", + type: .unary + ) + } + /// Namespace for "Mkdir" metadata. + public enum Mkdir: Sendable { + /// Request type for "Mkdir". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_MkdirRequest + /// Response type for "Mkdir". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_MkdirResponse + /// Descriptor for "Mkdir". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Mkdir", + type: .unary + ) + } + /// Namespace for "Sysctl" metadata. + public enum Sysctl: Sendable { + /// Request type for "Sysctl". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_SysctlRequest + /// Response type for "Sysctl". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_SysctlResponse + /// Descriptor for "Sysctl". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Sysctl", + type: .unary + ) + } + /// Namespace for "SetTime" metadata. + public enum SetTime: Sendable { + /// Request type for "SetTime". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_SetTimeRequest + /// Response type for "SetTime". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_SetTimeResponse + /// Descriptor for "SetTime". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "SetTime", + type: .unary + ) + } + /// Namespace for "SetupEmulator" metadata. + public enum SetupEmulator: Sendable { + /// Request type for "SetupEmulator". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest + /// Response type for "SetupEmulator". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse + /// Descriptor for "SetupEmulator". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "SetupEmulator", + type: .unary + ) + } + /// Namespace for "WriteFile" metadata. + public enum WriteFile: Sendable { + /// Request type for "WriteFile". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_WriteFileRequest + /// Response type for "WriteFile". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_WriteFileResponse + /// Descriptor for "WriteFile". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "WriteFile", + type: .unary + ) + } + /// Namespace for "Copy" metadata. + public enum Copy: Sendable { + /// Request type for "Copy". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_CopyRequest + /// Response type for "Copy". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_CopyResponse + /// Descriptor for "Copy". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Copy", + type: .serverStreaming + ) + } + /// Namespace for "Stat" metadata. + public enum Stat: Sendable { + /// Request type for "Stat". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_StatRequest + /// Response type for "Stat". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_StatResponse + /// Descriptor for "Stat". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Stat", + type: .unary + ) + } + /// Namespace for "FilesystemOperation" metadata. + public enum FilesystemOperation: Sendable { + /// Request type for "FilesystemOperation". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest + /// Response type for "FilesystemOperation". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse + /// Descriptor for "FilesystemOperation". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "FilesystemOperation", + type: .unary + ) + } + /// Namespace for "CreateProcess" metadata. + public enum CreateProcess: Sendable { + /// Request type for "CreateProcess". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest + /// Response type for "CreateProcess". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse + /// Descriptor for "CreateProcess". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "CreateProcess", + type: .unary + ) + } + /// Namespace for "DeleteProcess" metadata. + public enum DeleteProcess: Sendable { + /// Request type for "DeleteProcess". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest + /// Response type for "DeleteProcess". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse + /// Descriptor for "DeleteProcess". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "DeleteProcess", + type: .unary + ) + } + /// Namespace for "StartProcess" metadata. + public enum StartProcess: Sendable { + /// Request type for "StartProcess". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_StartProcessRequest + /// Response type for "StartProcess". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_StartProcessResponse + /// Descriptor for "StartProcess". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "StartProcess", + type: .unary + ) + } + /// Namespace for "KillProcess" metadata. + public enum KillProcess: Sendable { + /// Request type for "KillProcess". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_KillProcessRequest + /// Response type for "KillProcess". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_KillProcessResponse + /// Descriptor for "KillProcess". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "KillProcess", + type: .unary + ) + } + /// Namespace for "WaitProcess" metadata. + public enum WaitProcess: Sendable { + /// Request type for "WaitProcess". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest + /// Response type for "WaitProcess". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse + /// Descriptor for "WaitProcess". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "WaitProcess", + type: .unary + ) + } + /// Namespace for "ResizeProcess" metadata. + public enum ResizeProcess: Sendable { + /// Request type for "ResizeProcess". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest + /// Response type for "ResizeProcess". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse + /// Descriptor for "ResizeProcess". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "ResizeProcess", + type: .unary + ) + } + /// Namespace for "CloseProcessStdin" metadata. + public enum CloseProcessStdin: Sendable { + /// Request type for "CloseProcessStdin". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest + /// Response type for "CloseProcessStdin". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse + /// Descriptor for "CloseProcessStdin". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "CloseProcessStdin", + type: .unary + ) + } + /// Namespace for "ContainerStatistics" metadata. + public enum ContainerStatistics: Sendable { + /// Request type for "ContainerStatistics". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest + /// Response type for "ContainerStatistics". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse + /// Descriptor for "ContainerStatistics". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "ContainerStatistics", + type: .unary + ) + } + /// Namespace for "ProxyVsock" metadata. + public enum ProxyVsock: Sendable { + /// Request type for "ProxyVsock". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest + /// Response type for "ProxyVsock". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse + /// Descriptor for "ProxyVsock". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "ProxyVsock", + type: .unary + ) + } + /// Namespace for "StopVsockProxy" metadata. + public enum StopVsockProxy: Sendable { + /// Request type for "StopVsockProxy". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest + /// Response type for "StopVsockProxy". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse + /// Descriptor for "StopVsockProxy". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "StopVsockProxy", + type: .unary + ) + } + /// Namespace for "IpLinkSet" metadata. + public enum IpLinkSet: Sendable { + /// Request type for "IpLinkSet". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest + /// Response type for "IpLinkSet". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse + /// Descriptor for "IpLinkSet". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "IpLinkSet", + type: .unary + ) + } + /// Namespace for "IpAddrAdd" metadata. + public enum IpAddrAdd: Sendable { + /// Request type for "IpAddrAdd". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest + /// Response type for "IpAddrAdd". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse + /// Descriptor for "IpAddrAdd". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "IpAddrAdd", + type: .unary + ) + } + /// Namespace for "IpRouteAddLink" metadata. + public enum IpRouteAddLink: Sendable { + /// Request type for "IpRouteAddLink". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest + /// Response type for "IpRouteAddLink". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse + /// Descriptor for "IpRouteAddLink". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "IpRouteAddLink", + type: .unary + ) + } + /// Namespace for "IpRouteAddDefault" metadata. + public enum IpRouteAddDefault: Sendable { + /// Request type for "IpRouteAddDefault". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest + /// Response type for "IpRouteAddDefault". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse + /// Descriptor for "IpRouteAddDefault". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "IpRouteAddDefault", + type: .unary + ) + } + /// Namespace for "ConfigureDns" metadata. + public enum ConfigureDns: Sendable { + /// Request type for "ConfigureDns". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest + /// Response type for "ConfigureDns". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse + /// Descriptor for "ConfigureDns". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "ConfigureDns", + type: .unary + ) + } + /// Namespace for "ConfigureHosts" metadata. + public enum ConfigureHosts: Sendable { + /// Request type for "ConfigureHosts". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest + /// Response type for "ConfigureHosts". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse + /// Descriptor for "ConfigureHosts". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "ConfigureHosts", + type: .unary + ) + } + /// Namespace for "Sync" metadata. + public enum Sync: Sendable { + /// Request type for "Sync". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_SyncRequest + /// Response type for "Sync". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_SyncResponse + /// Descriptor for "Sync". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Sync", + type: .unary + ) + } + /// Namespace for "Kill" metadata. + public enum Kill: Sendable { + /// Request type for "Kill". + public typealias Input = Com_Apple_Containerization_Sandbox_V3_KillRequest + /// Response type for "Kill". + public typealias Output = Com_Apple_Containerization_Sandbox_V3_KillResponse + /// Descriptor for "Kill". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext"), + method: "Kill", + type: .unary + ) + } + /// Descriptors for all methods in the "com.apple.containerization.sandbox.v3.SandboxContext" service. + public static let descriptors: [GRPCCore.MethodDescriptor] = [ + Mount.descriptor, + Umount.descriptor, + Setenv.descriptor, + Getenv.descriptor, + Mkdir.descriptor, + Sysctl.descriptor, + SetTime.descriptor, + SetupEmulator.descriptor, + WriteFile.descriptor, + Copy.descriptor, + Stat.descriptor, + FilesystemOperation.descriptor, + CreateProcess.descriptor, + DeleteProcess.descriptor, + StartProcess.descriptor, + KillProcess.descriptor, + WaitProcess.descriptor, + ResizeProcess.descriptor, + CloseProcessStdin.descriptor, + ContainerStatistics.descriptor, + ProxyVsock.descriptor, + StopVsockProxy.descriptor, + IpLinkSet.descriptor, + IpAddrAdd.descriptor, + IpRouteAddLink.descriptor, + IpRouteAddDefault.descriptor, + ConfigureDns.descriptor, + ConfigureHosts.descriptor, + Sync.descriptor, + Kill.descriptor + ] + } +} + +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension GRPCCore.ServiceDescriptor { + /// Service descriptor for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + public static let com_apple_containerization_sandbox_v3_SandboxContext = GRPCCore.ServiceDescriptor(fullyQualifiedService: "com.apple.containerization.sandbox.v3.SandboxContext") +} + +// MARK: com.apple.containerization.sandbox.v3.SandboxContext (server) + +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext { + /// Streaming variant of the service protocol for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + /// + /// This protocol is the lowest-level of the service protocols generated for this service + /// giving you the most flexibility over the implementation of your service. This comes at + /// the cost of more verbose and less strict APIs. Each RPC requires you to implement it in + /// terms of a request stream and response stream. Where only a single request or response + /// message is expected, you are responsible for enforcing this invariant is maintained. + /// + /// Where possible, prefer using the stricter, less-verbose ``ServiceProtocol`` + /// or ``SimpleServiceProtocol`` instead. + /// + /// > Source IDL Documentation: + /// > + /// > Context for interacting with a container's runtime environment. + public protocol StreamingServiceProtocol: GRPCCore.RegistrableRPCService { + /// Handle the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_MountRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_MountResponse` messages. + func mount( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_UmountRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_UmountResponse` messages. + func umount( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_SetenvResponse` messages. + func setenv( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_GetenvResponse` messages. + func getenv( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_MkdirResponse` messages. + func mkdir( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_SysctlResponse` messages. + func sysctl( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_SetTimeResponse` messages. + func setTime( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse` messages. + func setupEmulator( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_WriteFileResponse` messages. + func writeFile( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_CopyRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_CopyResponse` messages. + func copy( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_StatRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_StatResponse` messages. + func stat( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse` messages. + func filesystemOperation( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse` messages. + func createProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse` messages. + func deleteProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_StartProcessResponse` messages. + func startProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_KillProcessResponse` messages. + func killProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse` messages. + func waitProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse` messages. + func resizeProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse` messages. + func closeProcessStdin( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse` messages. + func containerStatistics( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse` messages. + func proxyVsock( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse` messages. + func stopVsockProxy( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse` messages. + func ipLinkSet( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse` messages. + func ipAddrAdd( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse` messages. + func ipRouteAddLink( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse` messages. + func ipRouteAddDefault( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse` messages. + func configureDns( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse` messages. + func configureHosts( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_SyncRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_SyncResponse` messages. + func sync( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - request: A streaming request of `Com_Apple_Containerization_Sandbox_V3_KillRequest` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_KillResponse` messages. + func kill( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + } + + /// Service protocol for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + /// + /// This protocol is higher level than ``StreamingServiceProtocol`` but lower level than + /// the ``SimpleServiceProtocol``, it provides access to request and response metadata and + /// trailing response metadata. If you don't need these then consider using + /// the ``SimpleServiceProtocol``. If you need fine grained control over your RPCs then + /// use ``StreamingServiceProtocol``. + /// + /// > Source IDL Documentation: + /// > + /// > Context for interacting with a container's runtime environment. + public protocol ServiceProtocol: Com_Apple_Containerization_Sandbox_V3_SandboxContext.StreamingServiceProtocol { + /// Handle the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MountRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_MountResponse` message. + func mount( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_UmountRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_UmountResponse` message. + func umount( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_SetenvResponse` message. + func setenv( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_GetenvResponse` message. + func getenv( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_MkdirResponse` message. + func mkdir( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_SysctlResponse` message. + func sysctl( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_SetTimeResponse` message. + func setTime( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse` message. + func setupEmulator( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_WriteFileResponse` message. + func writeFile( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CopyRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A streaming response of `Com_Apple_Containerization_Sandbox_V3_CopyResponse` messages. + func copy( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse + + /// Handle the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StatRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_StatResponse` message. + func stat( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse` message. + func filesystemOperation( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse` message. + func createProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse` message. + func deleteProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_StartProcessResponse` message. + func startProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_KillProcessResponse` message. + func killProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse` message. + func waitProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse` message. + func resizeProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse` message. + func closeProcessStdin( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse` message. + func containerStatistics( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse` message. + func proxyVsock( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse` message. + func stopVsockProxy( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse` message. + func ipLinkSet( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse` message. + func ipAddrAdd( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse` message. + func ipRouteAddLink( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse` message. + func ipRouteAddDefault( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse` message. + func configureDns( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse` message. + func configureHosts( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SyncRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_SyncResponse` message. + func sync( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + + /// Handle the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A response containing a single `Com_Apple_Containerization_Sandbox_V3_KillResponse` message. + func kill( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse + } + + /// Simple service protocol for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + /// + /// This is the highest level protocol for the service. The API is the easiest to use but + /// doesn't provide access to request or response metadata. If you need access to these + /// then use ``ServiceProtocol`` instead. + /// + /// > Source IDL Documentation: + /// > + /// > Context for interacting with a container's runtime environment. + public protocol SimpleServiceProtocol: Com_Apple_Containerization_Sandbox_V3_SandboxContext.ServiceProtocol { + /// Handle the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_MountRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_MountResponse` to respond with. + func mount( + request: Com_Apple_Containerization_Sandbox_V3_MountRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_MountResponse + + /// Handle the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_UmountRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_UmountResponse` to respond with. + func umount( + request: Com_Apple_Containerization_Sandbox_V3_UmountRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_UmountResponse + + /// Handle the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_SetenvResponse` to respond with. + func setenv( + request: Com_Apple_Containerization_Sandbox_V3_SetenvRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SetenvResponse + + /// Handle the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_GetenvResponse` to respond with. + func getenv( + request: Com_Apple_Containerization_Sandbox_V3_GetenvRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_GetenvResponse + + /// Handle the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_MkdirResponse` to respond with. + func mkdir( + request: Com_Apple_Containerization_Sandbox_V3_MkdirRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_MkdirResponse + + /// Handle the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_SysctlResponse` to respond with. + func sysctl( + request: Com_Apple_Containerization_Sandbox_V3_SysctlRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SysctlResponse + + /// Handle the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_SetTimeResponse` to respond with. + func setTime( + request: Com_Apple_Containerization_Sandbox_V3_SetTimeRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SetTimeResponse + + /// Handle the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse` to respond with. + func setupEmulator( + request: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse + + /// Handle the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_WriteFileResponse` to respond with. + func writeFile( + request: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_WriteFileResponse + + /// Handle the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_CopyRequest` message. + /// - response: A response stream of `Com_Apple_Containerization_Sandbox_V3_CopyResponse` messages. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + func copy( + request: Com_Apple_Containerization_Sandbox_V3_CopyRequest, + response: GRPCCore.RPCWriter, + context: GRPCCore.ServerContext + ) async throws + + /// Handle the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_StatRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_StatResponse` to respond with. + func stat( + request: Com_Apple_Containerization_Sandbox_V3_StatRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_StatResponse + + /// Handle the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse` to respond with. + func filesystemOperation( + request: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse + + /// Handle the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse` to respond with. + func createProcess( + request: Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse + + /// Handle the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse` to respond with. + func deleteProcess( + request: Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse + + /// Handle the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_StartProcessResponse` to respond with. + func startProcess( + request: Com_Apple_Containerization_Sandbox_V3_StartProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_StartProcessResponse + + /// Handle the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_KillProcessResponse` to respond with. + func killProcess( + request: Com_Apple_Containerization_Sandbox_V3_KillProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_KillProcessResponse + + /// Handle the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse` to respond with. + func waitProcess( + request: Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse + + /// Handle the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse` to respond with. + func resizeProcess( + request: Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse + + /// Handle the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse` to respond with. + func closeProcessStdin( + request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse + + /// Handle the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse` to respond with. + func containerStatistics( + request: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse + + /// Handle the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse` to respond with. + func proxyVsock( + request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse + + /// Handle the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse` to respond with. + func stopVsockProxy( + request: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse + + /// Handle the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse` to respond with. + func ipLinkSet( + request: Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse + + /// Handle the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse` to respond with. + func ipAddrAdd( + request: Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse + + /// Handle the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse` to respond with. + func ipRouteAddLink( + request: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse + + /// Handle the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse` to respond with. + func ipRouteAddDefault( + request: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse + + /// Handle the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse` to respond with. + func configureDns( + request: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse + + /// Handle the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse` to respond with. + func configureHosts( + request: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse + + /// Handle the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_SyncRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_SyncResponse` to respond with. + func sync( + request: Com_Apple_Containerization_Sandbox_V3_SyncRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SyncResponse + + /// Handle the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - request: A `Com_Apple_Containerization_Sandbox_V3_KillRequest` message. + /// - context: Context providing information about the RPC. + /// - Throws: Any error which occurred during the processing of the request. Thrown errors + /// of type `RPCError` are mapped to appropriate statuses. All other errors are converted + /// to an internal error. + /// - Returns: A `Com_Apple_Containerization_Sandbox_V3_KillResponse` to respond with. + func kill( + request: Com_Apple_Containerization_Sandbox_V3_KillRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_KillResponse + } +} + +// Default implementation of 'registerMethods(with:)'. +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext.StreamingServiceProtocol { + public func registerMethods(with router: inout GRPCCore.RPCRouter) where Transport: GRPCCore.ServerTransport { + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Mount.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.mount( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Umount.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.umount( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Setenv.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.setenv( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Getenv.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.getenv( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Mkdir.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.mkdir( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Sysctl.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.sysctl( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.SetTime.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.setTime( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.SetupEmulator.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.setupEmulator( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.WriteFile.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.writeFile( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Copy.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.copy( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Stat.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.stat( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.FilesystemOperation.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.filesystemOperation( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.CreateProcess.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.createProcess( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.DeleteProcess.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.deleteProcess( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.StartProcess.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.startProcess( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.KillProcess.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.killProcess( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.WaitProcess.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.waitProcess( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ResizeProcess.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.resizeProcess( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.CloseProcessStdin.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.closeProcessStdin( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ContainerStatistics.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.containerStatistics( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ProxyVsock.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.proxyVsock( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.StopVsockProxy.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.stopVsockProxy( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpLinkSet.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.ipLinkSet( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpAddrAdd.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.ipAddrAdd( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpRouteAddLink.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.ipRouteAddLink( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpRouteAddDefault.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.ipRouteAddDefault( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ConfigureDns.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.configureDns( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ConfigureHosts.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.configureHosts( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Sync.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.sync( + request: request, + context: context + ) + } + ) + router.registerHandler( + forMethod: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Kill.descriptor, + deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + handler: { request, context in + try await self.kill( + request: request, + context: context + ) + } + ) + } +} + +// Default implementation of streaming methods from 'StreamingServiceProtocol'. +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext.ServiceProtocol { + public func mount( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.mount( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func umount( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.umount( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func setenv( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.setenv( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func getenv( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.getenv( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func mkdir( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.mkdir( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func sysctl( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.sysctl( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func setTime( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.setTime( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func setupEmulator( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.setupEmulator( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func writeFile( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.writeFile( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func copy( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.copy( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return response + } + + public func stat( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.stat( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func filesystemOperation( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.filesystemOperation( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func createProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.createProcess( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func deleteProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.deleteProcess( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func startProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.startProcess( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func killProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.killProcess( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func waitProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.waitProcess( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func resizeProcess( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.resizeProcess( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func closeProcessStdin( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.closeProcessStdin( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func containerStatistics( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.containerStatistics( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func proxyVsock( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.proxyVsock( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func stopVsockProxy( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.stopVsockProxy( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func ipLinkSet( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.ipLinkSet( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func ipAddrAdd( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.ipAddrAdd( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func ipRouteAddLink( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.ipRouteAddLink( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func ipRouteAddDefault( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.ipRouteAddDefault( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func configureDns( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.configureDns( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func configureHosts( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.configureHosts( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func sync( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.sync( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } + + public func kill( + request: GRPCCore.StreamingServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + let response = try await self.kill( + request: GRPCCore.ServerRequest(stream: request), + context: context + ) + return GRPCCore.StreamingServerResponse(single: response) + } +} + +// Default implementation of methods from 'ServiceProtocol'. +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext.SimpleServiceProtocol { + public func mount( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.mount( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func umount( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.umount( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func setenv( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.setenv( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func getenv( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.getenv( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func mkdir( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.mkdir( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func sysctl( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.sysctl( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func setTime( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.setTime( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func setupEmulator( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.setupEmulator( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func writeFile( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.writeFile( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func copy( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.StreamingServerResponse { + return GRPCCore.StreamingServerResponse( + metadata: [:], + producer: { writer in + try await self.copy( + request: request.message, + response: writer, + context: context + ) + return [:] + } + ) + } + + public func stat( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.stat( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func filesystemOperation( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.filesystemOperation( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func createProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.createProcess( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func deleteProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.deleteProcess( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func startProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.startProcess( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func killProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.killProcess( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func waitProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.waitProcess( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func resizeProcess( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.resizeProcess( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func closeProcessStdin( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.closeProcessStdin( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func containerStatistics( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.containerStatistics( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func proxyVsock( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.proxyVsock( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func stopVsockProxy( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.stopVsockProxy( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func ipLinkSet( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.ipLinkSet( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func ipAddrAdd( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.ipAddrAdd( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func ipRouteAddLink( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.ipRouteAddLink( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func ipRouteAddDefault( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.ipRouteAddDefault( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func configureDns( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.configureDns( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func configureHosts( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.configureHosts( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func sync( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.sync( + request: request.message, + context: context + ), + metadata: [:] + ) + } + + public func kill( + request: GRPCCore.ServerRequest, + context: GRPCCore.ServerContext + ) async throws -> GRPCCore.ServerResponse { + return GRPCCore.ServerResponse( + message: try await self.kill( + request: request.message, + context: context + ), + metadata: [:] + ) + } +} + +// MARK: com.apple.containerization.sandbox.v3.SandboxContext (client) + +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext { + /// Generated client protocol for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + /// + /// You don't need to implement this protocol directly, use the generated + /// implementation, ``Client``. + /// + /// > Source IDL Documentation: + /// > + /// > Context for interacting with a container's runtime environment. + public protocol ClientProtocol: Sendable { + /// Call the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MountRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_MountRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_MountResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func mount( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_UmountRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_UmountRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_UmountResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func umount( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SetenvResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func setenv( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_GetenvResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func getenv( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_MkdirResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func mkdir( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SysctlResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func sysctl( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SetTimeResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func setTime( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func setupEmulator( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_WriteFileResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func writeFile( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CopyRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_CopyRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_CopyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func copy( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.StreamingClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StatRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_StatRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_StatResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func stat( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func filesystemOperation( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func createProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func deleteProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_StartProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func startProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_KillProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func killProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func waitProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func resizeProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func closeProcessStdin( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func containerStatistics( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func proxyVsock( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func stopVsockProxy( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func ipLinkSet( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func ipAddrAdd( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func ipRouteAddLink( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func ipRouteAddDefault( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func configureDns( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func configureHosts( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SyncRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SyncRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SyncResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func sync( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_KillRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_KillResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func kill( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + } + + /// Generated client for the "com.apple.containerization.sandbox.v3.SandboxContext" service. + /// + /// The ``Client`` provides an implementation of ``ClientProtocol`` which wraps + /// a `GRPCCore.GRPCCClient`. The underlying `GRPCClient` provides the long-lived + /// means of communication with the remote peer. + /// + /// > Source IDL Documentation: + /// > + /// > Context for interacting with a container's runtime environment. + public struct Client: ClientProtocol where Transport: GRPCCore.ClientTransport { + private let client: GRPCCore.GRPCClient + + /// Creates a new client wrapping the provided `GRPCCore.GRPCClient`. + /// + /// - Parameters: + /// - client: A `GRPCCore.GRPCClient` providing a communication channel to the service. + public init(wrapping client: GRPCCore.GRPCClient) { + self.client = client + } + + /// Call the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MountRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_MountRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_MountResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func mount( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Mount.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_UmountRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_UmountRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_UmountResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func umount( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Umount.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SetenvResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setenv( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Setenv.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_GetenvResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func getenv( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Getenv.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_MkdirResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func mkdir( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Mkdir.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SysctlResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func sysctl( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Sysctl.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SetTimeResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setTime( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.SetTime.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setupEmulator( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.SetupEmulator.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_WriteFileResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func writeFile( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.WriteFile.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CopyRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_CopyRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_CopyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func copy( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.StreamingClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable { + try await self.client.serverStreaming( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Copy.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StatRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_StatRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_StatResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func stat( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Stat.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func filesystemOperation( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.FilesystemOperation.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func createProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.CreateProcess.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func deleteProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.DeleteProcess.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_StartProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func startProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.StartProcess.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_KillProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func killProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.KillProcess.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func waitProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.WaitProcess.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func resizeProcess( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ResizeProcess.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func closeProcessStdin( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.CloseProcessStdin.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func containerStatistics( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ContainerStatistics.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func proxyVsock( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ProxyVsock.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func stopVsockProxy( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.StopVsockProxy.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipLinkSet( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpLinkSet.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipAddrAdd( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpAddrAdd.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipRouteAddLink( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpRouteAddLink.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipRouteAddDefault( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.IpRouteAddDefault.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func configureDns( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ConfigureDns.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func configureHosts( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.ConfigureHosts.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SyncRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_SyncRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_SyncResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func sync( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Sync.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillRequest` message. + /// - serializer: A serializer for `Com_Apple_Containerization_Sandbox_V3_KillRequest` messages. + /// - deserializer: A deserializer for `Com_Apple_Containerization_Sandbox_V3_KillResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func kill( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Method.Kill.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + } +} + +// Helpers providing default arguments to 'ClientProtocol' methods. +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext.ClientProtocol { + /// Call the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MountRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func mount( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.mount( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_UmountRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func umount( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.umount( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetenvRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setenv( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.setenv( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_GetenvRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func getenv( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.getenv( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_MkdirRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func mkdir( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.mkdir( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SysctlRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func sysctl( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.sysctl( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetTimeRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setTime( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.setTime( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setupEmulator( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.setupEmulator( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WriteFileRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func writeFile( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.writeFile( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CopyRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func copy( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.StreamingClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable { + try await self.copy( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StatRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func stat( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.stat( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func filesystemOperation( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.filesystemOperation( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func createProcess( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.createProcess( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func deleteProcess( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.deleteProcess( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StartProcessRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func startProcess( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.startProcess( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillProcessRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func killProcess( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.killProcess( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func waitProcess( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.waitProcess( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func resizeProcess( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.resizeProcess( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func closeProcessStdin( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.closeProcessStdin( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func containerStatistics( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.containerStatistics( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func proxyVsock( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.proxyVsock( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func stopVsockProxy( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.stopVsockProxy( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipLinkSet( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.ipLinkSet( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipAddrAdd( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.ipAddrAdd( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipRouteAddLink( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.ipRouteAddLink( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipRouteAddDefault( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.ipRouteAddDefault( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func configureDns( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.configureDns( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func configureHosts( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.configureHosts( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_SyncRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func sync( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.sync( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - request: A request containing a single `Com_Apple_Containerization_Sandbox_V3_KillRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func kill( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.kill( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } +} + +// Helpers providing sugared APIs for 'ClientProtocol' methods. +@available(macOS 15.0, iOS 18.0, watchOS 11.0, tvOS 18.0, visionOS 2.0, *) +extension Com_Apple_Containerization_Sandbox_V3_SandboxContext.ClientProtocol { + /// Call the "Mount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Mount a filesystem. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func mount( + _ message: Com_Apple_Containerization_Sandbox_V3_MountRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.mount( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Umount" method. + /// + /// > Source IDL Documentation: + /// > + /// > Unmount a filesystem. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func umount( + _ message: Com_Apple_Containerization_Sandbox_V3_UmountRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.umount( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Setenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set an environment variable on the init process. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setenv( + _ message: Com_Apple_Containerization_Sandbox_V3_SetenvRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.setenv( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Getenv" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get an environment variable from the init process. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func getenv( + _ message: Com_Apple_Containerization_Sandbox_V3_GetenvRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.getenv( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Mkdir" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new directory inside the sandbox. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func mkdir( + _ message: Com_Apple_Containerization_Sandbox_V3_MkdirRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.mkdir( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Sysctl" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set sysctls in the context of the sandbox. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func sysctl( + _ message: Com_Apple_Containerization_Sandbox_V3_SysctlRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.sysctl( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "SetTime" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set time in the guest. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setTime( + _ message: Com_Apple_Containerization_Sandbox_V3_SetTimeRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.setTime( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "SetupEmulator" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set up an emulator in the guest for a specific binary format. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func setupEmulator( + _ message: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.setupEmulator( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "WriteFile" method. + /// + /// > Source IDL Documentation: + /// > + /// > Write data to an existing or new file. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func writeFile( + _ message: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.writeFile( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Copy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Copy a file or directory between the host and guest. + /// > Data transfer happens over a dedicated vsock connection; + /// > the gRPC stream is used only for control/metadata. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func copy( + _ message: Com_Apple_Containerization_Sandbox_V3_CopyRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.StreamingClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.copy( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Stat" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stat a path in the guest filesystem. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func stat( + _ message: Com_Apple_Containerization_Sandbox_V3_StatRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.stat( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "FilesystemOperation" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform a filesystem operation on a mounted filesystem. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func filesystemOperation( + _ message: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.filesystemOperation( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CreateProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Create a new process inside the container. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func createProcess( + _ message: Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.createProcess( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "DeleteProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Delete an existing process inside the container. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func deleteProcess( + _ message: Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.deleteProcess( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "StartProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Start the provided process. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func startProcess( + _ message: Com_Apple_Containerization_Sandbox_V3_StartProcessRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.startProcess( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "KillProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to the provided process. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func killProcess( + _ message: Com_Apple_Containerization_Sandbox_V3_KillProcessRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.killProcess( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "WaitProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Wait for a process to exit and return the exit code. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func waitProcess( + _ message: Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.waitProcess( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ResizeProcess" method. + /// + /// > Source IDL Documentation: + /// > + /// > Resize the tty of a given process. This will error if the process does + /// > not have a pty allocated. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func resizeProcess( + _ message: Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.resizeProcess( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CloseProcessStdin" method. + /// + /// > Source IDL Documentation: + /// > + /// > Close IO for a given process. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func closeProcessStdin( + _ message: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.closeProcessStdin( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ContainerStatistics" method. + /// + /// > Source IDL Documentation: + /// > + /// > Get statistics for containers. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func containerStatistics( + _ message: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.containerStatistics( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ProxyVsock" method. + /// + /// > Source IDL Documentation: + /// > + /// > Proxy a vsock port to a unix domain socket in the guest, or vice versa. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func proxyVsock( + _ message: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.proxyVsock( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "StopVsockProxy" method. + /// + /// > Source IDL Documentation: + /// > + /// > Stop a vsock proxy to a unix domain socket. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func stopVsockProxy( + _ message: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.stopVsockProxy( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpLinkSet" method. + /// + /// > Source IDL Documentation: + /// > + /// > Set the link state of a network interface. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipLinkSet( + _ message: Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.ipLinkSet( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpAddrAdd" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IPv4 address to a network interface. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipAddrAdd( + _ message: Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.ipAddrAdd( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpRouteAddLink" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipRouteAddLink( + _ message: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.ipRouteAddLink( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "IpRouteAddDefault" method. + /// + /// > Source IDL Documentation: + /// > + /// > Add an IP route for a network interface. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func ipRouteAddDefault( + _ message: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.ipRouteAddDefault( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ConfigureDns" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure DNS resolver. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func configureDns( + _ message: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.configureDns( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "ConfigureHosts" method. + /// + /// > Source IDL Documentation: + /// > + /// > Configure /etc/hosts. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func configureHosts( + _ message: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.configureHosts( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Sync" method. + /// + /// > Source IDL Documentation: + /// > + /// > Perform the sync syscall. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func sync( + _ message: Com_Apple_Containerization_Sandbox_V3_SyncRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.sync( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "Kill" method. + /// + /// > Source IDL Documentation: + /// > + /// > Send a signal to a process via the PID. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func kill( + _ message: Com_Apple_Containerization_Sandbox_V3_KillRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.kill( + request: request, + options: options, + onResponse: handleResponse + ) + } +} \ No newline at end of file diff --git a/Sources/Containerization/SandboxContext/SandboxContext.pb.swift b/Sources/Containerization/SandboxContext/SandboxContext.pb.swift new file mode 100644 index 0000000..9bce6b0 --- /dev/null +++ b/Sources/Containerization/SandboxContext/SandboxContext.pb.swift @@ -0,0 +1,4704 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// DO NOT EDIT. +// swift-format-ignore-file +// swiftlint:disable all +// +// Generated by the Swift generator plugin for the protocol buffer compiler. +// Source: SandboxContext.proto +// +// For information on using the generated types, please see the documentation: +// https://github.com/apple/swift-protobuf/ + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif +import SwiftProtobuf + +// If the compiler emits an error on this type, it is because this file +// was generated by a version of the `protoc` Swift plug-in that is +// incompatible with the version of SwiftProtobuf to which you are linking. +// Please ensure that you are building against the same version of the API +// that was used to generate this file. +fileprivate struct _GeneratedWithProtocGenSwiftVersion: SwiftProtobuf.ProtobufAPIVersionCheck { + struct _2: SwiftProtobuf.ProtobufAPIVersion_2 {} + typealias Version = _2 +} + +/// Categories of statistics that can be requested. +public enum Com_Apple_Containerization_Sandbox_V3_StatCategory: SwiftProtobuf.Enum, Swift.CaseIterable { + public typealias RawValue = Int + case unspecified // = 0 + case process // = 1 + case memory // = 2 + case cpu // = 3 + case blockIo // = 4 + case network // = 5 + case memoryEvents // = 6 + case UNRECOGNIZED(Int) + + public init() { + self = .unspecified + } + + public init?(rawValue: Int) { + switch rawValue { + case 0: self = .unspecified + case 1: self = .process + case 2: self = .memory + case 3: self = .cpu + case 4: self = .blockIo + case 5: self = .network + case 6: self = .memoryEvents + default: self = .UNRECOGNIZED(rawValue) + } + } + + public var rawValue: Int { + switch self { + case .unspecified: return 0 + case .process: return 1 + case .memory: return 2 + case .cpu: return 3 + case .blockIo: return 4 + case .network: return 5 + case .memoryEvents: return 6 + case .UNRECOGNIZED(let i): return i + } + } + + // The compiler won't synthesize support with the UNRECOGNIZED case. + public static let allCases: [Com_Apple_Containerization_Sandbox_V3_StatCategory] = [ + .unspecified, + .process, + .memory, + .cpu, + .blockIo, + .network, + .memoryEvents, + ] + +} + +public struct Com_Apple_Containerization_Sandbox_V3_Stdio: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var stdinPort: Int32 { + get {_stdinPort ?? 0} + set {_stdinPort = newValue} + } + /// Returns true if `stdinPort` has been explicitly set. + public var hasStdinPort: Bool {self._stdinPort != nil} + /// Clears the value of `stdinPort`. Subsequent reads from it will return its default value. + public mutating func clearStdinPort() {self._stdinPort = nil} + + public var stdoutPort: Int32 { + get {_stdoutPort ?? 0} + set {_stdoutPort = newValue} + } + /// Returns true if `stdoutPort` has been explicitly set. + public var hasStdoutPort: Bool {self._stdoutPort != nil} + /// Clears the value of `stdoutPort`. Subsequent reads from it will return its default value. + public mutating func clearStdoutPort() {self._stdoutPort = nil} + + public var stderrPort: Int32 { + get {_stderrPort ?? 0} + set {_stderrPort = newValue} + } + /// Returns true if `stderrPort` has been explicitly set. + public var hasStderrPort: Bool {self._stderrPort != nil} + /// Clears the value of `stderrPort`. Subsequent reads from it will return its default value. + public mutating func clearStderrPort() {self._stderrPort = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _stdinPort: Int32? = nil + fileprivate var _stdoutPort: Int32? = nil + fileprivate var _stderrPort: Int32? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var binaryPath: String = String() + + public var name: String = String() + + public var type: String = String() + + public var offset: String = String() + + public var magic: String = String() + + public var mask: String = String() + + public var flags: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SetTimeRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var sec: Int64 = 0 + + public var usec: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SetTimeResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SysctlRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var settings: Dictionary = [:] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SysctlResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var vsockPort: UInt32 = 0 + + public var guestPath: String = String() + + public var guestSocketPermissions: UInt32 { + get {_guestSocketPermissions ?? 0} + set {_guestSocketPermissions = newValue} + } + /// Returns true if `guestSocketPermissions` has been explicitly set. + public var hasGuestSocketPermissions: Bool {self._guestSocketPermissions != nil} + /// Clears the value of `guestSocketPermissions`. Subsequent reads from it will return its default value. + public mutating func clearGuestSocketPermissions() {self._guestSocketPermissions = nil} + + public var action: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest.Action = .into + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public enum Action: SwiftProtobuf.Enum, Swift.CaseIterable { + public typealias RawValue = Int + case into // = 0 + case outOf // = 1 + case UNRECOGNIZED(Int) + + public init() { + self = .into + } + + public init?(rawValue: Int) { + switch rawValue { + case 0: self = .into + case 1: self = .outOf + default: self = .UNRECOGNIZED(rawValue) + } + } + + public var rawValue: Int { + switch self { + case .into: return 0 + case .outOf: return 1 + case .UNRECOGNIZED(let i): return i + } + } + + // The compiler won't synthesize support with the UNRECOGNIZED case. + public static let allCases: [Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest.Action] = [ + .into, + .outOf, + ] + + } + + public init() {} + + fileprivate var _guestSocketPermissions: UInt32? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_MountRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var type: String = String() + + public var source: String = String() + + public var destination: String = String() + + public var options: [String] = [] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_MountResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_UmountRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var path: String = String() + + public var flags: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_UmountResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SetenvRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var key: String = String() + + public var value: String { + get {_value ?? String()} + set {_value = newValue} + } + /// Returns true if `value` has been explicitly set. + public var hasValue: Bool {self._value != nil} + /// Clears the value of `value`. Subsequent reads from it will return its default value. + public mutating func clearValue() {self._value = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _value: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_SetenvResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_GetenvRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var key: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_GetenvResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var value: String { + get {_value ?? String()} + set {_value = newValue} + } + /// Returns true if `value` has been explicitly set. + public var hasValue: Bool {self._value != nil} + /// Clears the value of `value`. Subsequent reads from it will return its default value. + public mutating func clearValue() {self._value = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _value: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var stdin: UInt32 { + get {_stdin ?? 0} + set {_stdin = newValue} + } + /// Returns true if `stdin` has been explicitly set. + public var hasStdin: Bool {self._stdin != nil} + /// Clears the value of `stdin`. Subsequent reads from it will return its default value. + public mutating func clearStdin() {self._stdin = nil} + + public var stdout: UInt32 { + get {_stdout ?? 0} + set {_stdout = newValue} + } + /// Returns true if `stdout` has been explicitly set. + public var hasStdout: Bool {self._stdout != nil} + /// Clears the value of `stdout`. Subsequent reads from it will return its default value. + public mutating func clearStdout() {self._stdout = nil} + + public var stderr: UInt32 { + get {_stderr ?? 0} + set {_stderr = newValue} + } + /// Returns true if `stderr` has been explicitly set. + public var hasStderr: Bool {self._stderr != nil} + /// Clears the value of `stderr`. Subsequent reads from it will return its default value. + public mutating func clearStderr() {self._stderr = nil} + + public var ociRuntimePath: String { + get {_ociRuntimePath ?? String()} + set {_ociRuntimePath = newValue} + } + /// Returns true if `ociRuntimePath` has been explicitly set. + public var hasOciRuntimePath: Bool {self._ociRuntimePath != nil} + /// Clears the value of `ociRuntimePath`. Subsequent reads from it will return its default value. + public mutating func clearOciRuntimePath() {self._ociRuntimePath = nil} + + public var configuration: Data = Data() + + public var options: Data { + get {_options ?? Data()} + set {_options = newValue} + } + /// Returns true if `options` has been explicitly set. + public var hasOptions: Bool {self._options != nil} + /// Clears the value of `options`. Subsequent reads from it will return its default value. + public mutating func clearOptions() {self._options = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil + fileprivate var _stdin: UInt32? = nil + fileprivate var _stdout: UInt32? = nil + fileprivate var _stderr: UInt32? = nil + fileprivate var _ociRuntimePath: String? = nil + fileprivate var _options: Data? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var exitCode: Int32 = 0 + + public var exitedAt: SwiftProtobuf.Google_Protobuf_Timestamp { + get {_exitedAt ?? SwiftProtobuf.Google_Protobuf_Timestamp()} + set {_exitedAt = newValue} + } + /// Returns true if `exitedAt` has been explicitly set. + public var hasExitedAt: Bool {self._exitedAt != nil} + /// Clears the value of `exitedAt`. Subsequent reads from it will return its default value. + public mutating func clearExitedAt() {self._exitedAt = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _exitedAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var rows: UInt32 = 0 + + public var columns: UInt32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_StartProcessRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_StartProcessResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var pid: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_KillProcessRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var signal: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_KillProcessResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var result: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var id: String = String() + + public var containerID: String { + get {_containerID ?? String()} + set {_containerID = newValue} + } + /// Returns true if `containerID` has been explicitly set. + public var hasContainerID: Bool {self._containerID != nil} + /// Clears the value of `containerID`. Subsequent reads from it will return its default value. + public mutating func clearContainerID() {self._containerID = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _containerID: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_MkdirRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var path: String = String() + + public var all: Bool = false + + public var perms: UInt32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_MkdirResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_WriteFileRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var path: String = String() + + public var data: Data = Data() + + public var mode: UInt32 = 0 + + public var flags: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.WriteFileFlags { + get {_flags ?? Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.WriteFileFlags()} + set {_flags = newValue} + } + /// Returns true if `flags` has been explicitly set. + public var hasFlags: Bool {self._flags != nil} + /// Clears the value of `flags`. Subsequent reads from it will return its default value. + public mutating func clearFlags() {self._flags = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public struct WriteFileFlags: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var createParentDirs: Bool = false + + public var append: Bool = false + + public var createIfMissing: Bool = false + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + } + + public init() {} + + fileprivate var _flags: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.WriteFileFlags? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_WriteFileResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_CopyRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// Direction of the copy operation. + public var direction: Com_Apple_Containerization_Sandbox_V3_CopyRequest.Direction = .copyIn + + /// Path in the guest (destination for COPY_IN, source for COPY_OUT). + public var path: String = String() + + /// File mode for single-file COPY_IN (defaults to 0644 if not set). + public var mode: UInt32 = 0 + + /// Create parent directories if they don't exist. + public var createParents: Bool = false + + /// Vsock port the host is listening on for data transfer. + public var vsockPort: UInt32 = 0 + + /// For COPY_IN: indicates the data arriving on vsock is a tar+gzip archive. + public var isArchive: Bool = false + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public enum Direction: SwiftProtobuf.Enum, Swift.CaseIterable { + public typealias RawValue = Int + + /// Copy from host into guest. + case copyIn // = 0 + + /// Copy from guest to host. + case copyOut // = 1 + case UNRECOGNIZED(Int) + + public init() { + self = .copyIn + } + + public init?(rawValue: Int) { + switch rawValue { + case 0: self = .copyIn + case 1: self = .copyOut + default: self = .UNRECOGNIZED(rawValue) + } + } + + public var rawValue: Int { + switch self { + case .copyIn: return 0 + case .copyOut: return 1 + case .UNRECOGNIZED(let i): return i + } + } + + // The compiler won't synthesize support with the UNRECOGNIZED case. + public static let allCases: [Com_Apple_Containerization_Sandbox_V3_CopyRequest.Direction] = [ + .copyIn, + .copyOut, + ] + + } + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_CopyResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// What this response represents. + public var status: Com_Apple_Containerization_Sandbox_V3_CopyResponse.Status = .metadata + + /// For COPY_OUT METADATA: indicates the data on vsock will be a tar+gzip archive. + public var isArchive: Bool = false + + /// For COPY_OUT METADATA: total size in bytes (0 if unknown, e.g. for archives). + public var totalSize: UInt64 = 0 + + /// Non-empty if an error occurred. + public var error: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public enum Status: SwiftProtobuf.Enum, Swift.CaseIterable { + public typealias RawValue = Int + + /// Transfer metadata (first message for COPY_OUT: is_archive, total_size). + case metadata // = 0 + + /// Data transfer completed successfully. + case complete // = 1 + case UNRECOGNIZED(Int) + + public init() { + self = .metadata + } + + public init?(rawValue: Int) { + switch rawValue { + case 0: self = .metadata + case 1: self = .complete + default: self = .UNRECOGNIZED(rawValue) + } + } + + public var rawValue: Int { + switch self { + case .metadata: return 0 + case .complete: return 1 + case .UNRECOGNIZED(let i): return i + } + } + + // The compiler won't synthesize support with the UNRECOGNIZED case. + public static let allCases: [Com_Apple_Containerization_Sandbox_V3_CopyResponse.Status] = [ + .metadata, + .complete, + ] + + } + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_StatRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var path: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_Stat: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// st_dev: ID of device containing file + public var dev: UInt64 = 0 + + /// st_ino: inode number + public var ino: UInt64 = 0 + + /// st_mode: file type and mode (permissions) + public var mode: UInt32 = 0 + + /// st_nlink: number of hard links + public var nlink: UInt64 = 0 + + /// st_uid: user ID of owner + public var uid: UInt32 = 0 + + /// st_gid: group ID of owner + public var gid: UInt32 = 0 + + /// st_rdev: device ID (if special file) + public var rdev: UInt64 = 0 + + /// st_size: total size in bytes + public var size: Int64 = 0 + + /// st_blksize: preferred block size for filesystem I/O + public var blksize: Int64 = 0 + + /// st_blocks: number of 512-byte blocks allocated + public var blocks: Int64 = 0 + + /// st_atim: time of last access + public var atime: SwiftProtobuf.Google_Protobuf_Timestamp { + get {_atime ?? SwiftProtobuf.Google_Protobuf_Timestamp()} + set {_atime = newValue} + } + /// Returns true if `atime` has been explicitly set. + public var hasAtime: Bool {self._atime != nil} + /// Clears the value of `atime`. Subsequent reads from it will return its default value. + public mutating func clearAtime() {self._atime = nil} + + /// st_mtim: time of last modification + public var mtime: SwiftProtobuf.Google_Protobuf_Timestamp { + get {_mtime ?? SwiftProtobuf.Google_Protobuf_Timestamp()} + set {_mtime = newValue} + } + /// Returns true if `mtime` has been explicitly set. + public var hasMtime: Bool {self._mtime != nil} + /// Clears the value of `mtime`. Subsequent reads from it will return its default value. + public mutating func clearMtime() {self._mtime = nil} + + /// st_ctim: time of last status change + public var ctime: SwiftProtobuf.Google_Protobuf_Timestamp { + get {_ctime ?? SwiftProtobuf.Google_Protobuf_Timestamp()} + set {_ctime = newValue} + } + /// Returns true if `ctime` has been explicitly set. + public var hasCtime: Bool {self._ctime != nil} + /// Clears the value of `ctime`. Subsequent reads from it will return its default value. + public mutating func clearCtime() {self._ctime = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _atime: SwiftProtobuf.Google_Protobuf_Timestamp? = nil + fileprivate var _mtime: SwiftProtobuf.Google_Protobuf_Timestamp? = nil + fileprivate var _ctime: SwiftProtobuf.Google_Protobuf_Timestamp? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_StatResponse: @unchecked Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var stat: Com_Apple_Containerization_Sandbox_V3_Stat { + get {_storage._stat ?? Com_Apple_Containerization_Sandbox_V3_Stat()} + set {_uniqueStorage()._stat = newValue} + } + /// Returns true if `stat` has been explicitly set. + public var hasStat: Bool {_storage._stat != nil} + /// Clears the value of `stat`. Subsequent reads from it will return its default value. + public mutating func clearStat() {_uniqueStorage()._stat = nil} + + /// Non-empty if stat failed. + public var error: String { + get {_storage._error} + set {_uniqueStorage()._error = newValue} + } + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _storage = _StorageClass.defaultInstance +} + +public struct Com_Apple_Containerization_Sandbox_V3_FiTrimParams: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var schedule: Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneOf_Schedule? = nil + + public var oneShot: Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot { + get { + if case .oneShot(let v)? = schedule {return v} + return Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot() + } + set {schedule = .oneShot(newValue)} + } + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public enum OneOf_Schedule: Equatable, Sendable { + case oneShot(Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot) + + } + + public struct OneShot: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + } + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_FiFreezeParams: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_FiThawParams: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_FiTrimResult: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var trimmedBytes: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var path: String = String() + + public var operation: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest.OneOf_Operation? = nil + + public var trim: Com_Apple_Containerization_Sandbox_V3_FiTrimParams { + get { + if case .trim(let v)? = operation {return v} + return Com_Apple_Containerization_Sandbox_V3_FiTrimParams() + } + set {operation = .trim(newValue)} + } + + public var freeze: Com_Apple_Containerization_Sandbox_V3_FiFreezeParams { + get { + if case .freeze(let v)? = operation {return v} + return Com_Apple_Containerization_Sandbox_V3_FiFreezeParams() + } + set {operation = .freeze(newValue)} + } + + public var thaw: Com_Apple_Containerization_Sandbox_V3_FiThawParams { + get { + if case .thaw(let v)? = operation {return v} + return Com_Apple_Containerization_Sandbox_V3_FiThawParams() + } + set {operation = .thaw(newValue)} + } + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public enum OneOf_Operation: Equatable, Sendable { + case trim(Com_Apple_Containerization_Sandbox_V3_FiTrimParams) + case freeze(Com_Apple_Containerization_Sandbox_V3_FiFreezeParams) + case thaw(Com_Apple_Containerization_Sandbox_V3_FiThawParams) + + } + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var result: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse.OneOf_Result? = nil + + public var trim: Com_Apple_Containerization_Sandbox_V3_FiTrimResult { + get { + if case .trim(let v)? = result {return v} + return Com_Apple_Containerization_Sandbox_V3_FiTrimResult() + } + set {result = .trim(newValue)} + } + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public enum OneOf_Result: Equatable, Sendable { + case trim(Com_Apple_Containerization_Sandbox_V3_FiTrimResult) + + } + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var interface: String = String() + + public var up: Bool = false + + public var mtu: UInt32 { + get {_mtu ?? 0} + set {_mtu = newValue} + } + /// Returns true if `mtu` has been explicitly set. + public var hasMtu: Bool {self._mtu != nil} + /// Clears the value of `mtu`. Subsequent reads from it will return its default value. + public mutating func clearMtu() {self._mtu = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _mtu: UInt32? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var interface: String = String() + + public var ipv4Address: String = String() + + public var ipv6Address: String { + get {_ipv6Address ?? String()} + set {_ipv6Address = newValue} + } + /// Returns true if `ipv6Address` has been explicitly set. + public var hasIpv6Address: Bool {self._ipv6Address != nil} + /// Clears the value of `ipv6Address`. Subsequent reads from it will return its default value. + public mutating func clearIpv6Address() {self._ipv6Address = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _ipv6Address: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var interface: String = String() + + public var dstIpv4Addr: String = String() + + public var srcIpv4Addr: String = String() + + public var dstIpv6Addr: String { + get {_dstIpv6Addr ?? String()} + set {_dstIpv6Addr = newValue} + } + /// Returns true if `dstIpv6Addr` has been explicitly set. + public var hasDstIpv6Addr: Bool {self._dstIpv6Addr != nil} + /// Clears the value of `dstIpv6Addr`. Subsequent reads from it will return its default value. + public mutating func clearDstIpv6Addr() {self._dstIpv6Addr = nil} + + public var srcIpv6Addr: String { + get {_srcIpv6Addr ?? String()} + set {_srcIpv6Addr = newValue} + } + /// Returns true if `srcIpv6Addr` has been explicitly set. + public var hasSrcIpv6Addr: Bool {self._srcIpv6Addr != nil} + /// Clears the value of `srcIpv6Addr`. Subsequent reads from it will return its default value. + public mutating func clearSrcIpv6Addr() {self._srcIpv6Addr = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _dstIpv6Addr: String? = nil + fileprivate var _srcIpv6Addr: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var interface: String = String() + + public var ipv4Gateway: String = String() + + public var ipv6Gateway: String { + get {_ipv6Gateway ?? String()} + set {_ipv6Gateway = newValue} + } + /// Returns true if `ipv6Gateway` has been explicitly set. + public var hasIpv6Gateway: Bool {self._ipv6Gateway != nil} + /// Clears the value of `ipv6Gateway`. Subsequent reads from it will return its default value. + public mutating func clearIpv6Gateway() {self._ipv6Gateway = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _ipv6Gateway: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var location: String = String() + + public var nameservers: [String] = [] + + public var domain: String { + get {_domain ?? String()} + set {_domain = newValue} + } + /// Returns true if `domain` has been explicitly set. + public var hasDomain: Bool {self._domain != nil} + /// Clears the value of `domain`. Subsequent reads from it will return its default value. + public mutating func clearDomain() {self._domain = nil} + + public var searchDomains: [String] = [] + + public var options: [String] = [] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _domain: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var location: String = String() + + public var entries: [Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.HostsEntry] = [] + + public var comment: String { + get {_comment ?? String()} + set {_comment = newValue} + } + /// Returns true if `comment` has been explicitly set. + public var hasComment: Bool {self._comment != nil} + /// Clears the value of `comment`. Subsequent reads from it will return its default value. + public mutating func clearComment() {self._comment = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public struct HostsEntry: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var ipAddress: String = String() + + public var hostnames: [String] = [] + + public var comment: String { + get {_comment ?? String()} + set {_comment = newValue} + } + /// Returns true if `comment` has been explicitly set. + public var hasComment: Bool {self._comment != nil} + /// Clears the value of `comment`. Subsequent reads from it will return its default value. + public mutating func clearComment() {self._comment = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _comment: String? = nil + } + + public init() {} + + fileprivate var _comment: String? = nil +} + +public struct Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SyncRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_SyncResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_KillRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var pid: Int32 = 0 + + public var signal: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_KillResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var result: Int32 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// Empty = all containers + public var containerIds: [String] = [] + + /// Empty = all categories + public var categories: [Com_Apple_Containerization_Sandbox_V3_StatCategory] = [] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var containers: [Com_Apple_Containerization_Sandbox_V3_ContainerStats] = [] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_ContainerStats: @unchecked Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var containerID: String { + get {_storage._containerID} + set {_uniqueStorage()._containerID = newValue} + } + + public var process: Com_Apple_Containerization_Sandbox_V3_ProcessStats { + get {_storage._process ?? Com_Apple_Containerization_Sandbox_V3_ProcessStats()} + set {_uniqueStorage()._process = newValue} + } + /// Returns true if `process` has been explicitly set. + public var hasProcess: Bool {_storage._process != nil} + /// Clears the value of `process`. Subsequent reads from it will return its default value. + public mutating func clearProcess() {_uniqueStorage()._process = nil} + + public var memory: Com_Apple_Containerization_Sandbox_V3_MemoryStats { + get {_storage._memory ?? Com_Apple_Containerization_Sandbox_V3_MemoryStats()} + set {_uniqueStorage()._memory = newValue} + } + /// Returns true if `memory` has been explicitly set. + public var hasMemory: Bool {_storage._memory != nil} + /// Clears the value of `memory`. Subsequent reads from it will return its default value. + public mutating func clearMemory() {_uniqueStorage()._memory = nil} + + public var cpu: Com_Apple_Containerization_Sandbox_V3_CPUStats { + get {_storage._cpu ?? Com_Apple_Containerization_Sandbox_V3_CPUStats()} + set {_uniqueStorage()._cpu = newValue} + } + /// Returns true if `cpu` has been explicitly set. + public var hasCpu: Bool {_storage._cpu != nil} + /// Clears the value of `cpu`. Subsequent reads from it will return its default value. + public mutating func clearCpu() {_uniqueStorage()._cpu = nil} + + public var blockIo: Com_Apple_Containerization_Sandbox_V3_BlockIOStats { + get {_storage._blockIo ?? Com_Apple_Containerization_Sandbox_V3_BlockIOStats()} + set {_uniqueStorage()._blockIo = newValue} + } + /// Returns true if `blockIo` has been explicitly set. + public var hasBlockIo: Bool {_storage._blockIo != nil} + /// Clears the value of `blockIo`. Subsequent reads from it will return its default value. + public mutating func clearBlockIo() {_uniqueStorage()._blockIo = nil} + + public var networks: [Com_Apple_Containerization_Sandbox_V3_NetworkStats] { + get {_storage._networks} + set {_uniqueStorage()._networks = newValue} + } + + public var memoryEvents: Com_Apple_Containerization_Sandbox_V3_MemoryEventStats { + get {_storage._memoryEvents ?? Com_Apple_Containerization_Sandbox_V3_MemoryEventStats()} + set {_uniqueStorage()._memoryEvents = newValue} + } + /// Returns true if `memoryEvents` has been explicitly set. + public var hasMemoryEvents: Bool {_storage._memoryEvents != nil} + /// Clears the value of `memoryEvents`. Subsequent reads from it will return its default value. + public mutating func clearMemoryEvents() {_uniqueStorage()._memoryEvents = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _storage = _StorageClass.defaultInstance +} + +public struct Com_Apple_Containerization_Sandbox_V3_ProcessStats: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var current: UInt64 = 0 + + /// 0 or max value = unlimited + public var limit: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_MemoryStats: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var usageBytes: UInt64 = 0 + + public var limitBytes: UInt64 = 0 + + public var swapUsageBytes: UInt64 = 0 + + public var swapLimitBytes: UInt64 = 0 + + public var cacheBytes: UInt64 = 0 + + public var kernelStackBytes: UInt64 = 0 + + public var slabBytes: UInt64 = 0 + + public var pageFaults: UInt64 = 0 + + public var majorPageFaults: UInt64 = 0 + + public var inactiveFile: UInt64 = 0 + + public var anon: UInt64 = 0 + + public var workingsetRefaultAnon: UInt64 = 0 + + public var workingsetRefaultFile: UInt64 = 0 + + public var pgstealKswapd: UInt64 = 0 + + public var pgstealDirect: UInt64 = 0 + + public var pgstealKhugepaged: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_CPUStats: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var usageUsec: UInt64 = 0 + + public var userUsec: UInt64 = 0 + + public var systemUsec: UInt64 = 0 + + public var throttlingPeriods: UInt64 = 0 + + public var throttledPeriods: UInt64 = 0 + + public var throttledTimeUsec: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_BlockIOStats: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var devices: [Com_Apple_Containerization_Sandbox_V3_BlockIOEntry] = [] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_BlockIOEntry: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var major: UInt64 = 0 + + public var minor: UInt64 = 0 + + public var readBytes: UInt64 = 0 + + public var writeBytes: UInt64 = 0 + + public var readOperations: UInt64 = 0 + + public var writeOperations: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Com_Apple_Containerization_Sandbox_V3_NetworkStats: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var interface: String = String() + + public var receivedPackets: UInt64 = 0 + + public var transmittedPackets: UInt64 = 0 + + public var receivedBytes: UInt64 = 0 + + public var transmittedBytes: UInt64 = 0 + + public var receivedErrors: UInt64 = 0 + + public var transmittedErrors: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +/// Memory event counters from cgroup2's memory.events file. +public struct Com_Apple_Containerization_Sandbox_V3_MemoryEventStats: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// Number of times the cgroup was reclaimed due to low memory. + public var low: UInt64 = 0 + + /// Number of times the cgroup exceeded its high memory limit. + public var high: UInt64 = 0 + + /// Number of times the cgroup hit its max memory limit. + public var max: UInt64 = 0 + + /// Number of times the cgroup triggered OOM. + public var oom: UInt64 = 0 + + /// Number of processes killed by OOM killer. + public var oomKill: UInt64 = 0 + + /// Number of times charge for memory failed because of limit. + public var oomGroupKill: UInt64 = 0 + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +// MARK: - Code below here is support for the SwiftProtobuf runtime. + +fileprivate let _protobuf_package = "com.apple.containerization.sandbox.v3" + +extension Com_Apple_Containerization_Sandbox_V3_StatCategory: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0STAT_CATEGORY_UNSPECIFIED\0\u{1}STAT_CATEGORY_PROCESS\0\u{1}STAT_CATEGORY_MEMORY\0\u{1}STAT_CATEGORY_CPU\0\u{1}STAT_CATEGORY_BLOCK_IO\0\u{1}STAT_CATEGORY_NETWORK\0\u{1}STAT_CATEGORY_MEMORY_EVENTS\0") +} + +extension Com_Apple_Containerization_Sandbox_V3_Stdio: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".Stdio" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}stdinPort\0\u{1}stdoutPort\0\u{1}stderrPort\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt32Field(value: &self._stdinPort) }() + case 2: try { try decoder.decodeSingularInt32Field(value: &self._stdoutPort) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self._stderrPort) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._stdinPort { + try visitor.visitSingularInt32Field(value: v, fieldNumber: 1) + } }() + try { if let v = self._stdoutPort { + try visitor.visitSingularInt32Field(value: v, fieldNumber: 2) + } }() + try { if let v = self._stderrPort { + try visitor.visitSingularInt32Field(value: v, fieldNumber: 3) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_Stdio, rhs: Com_Apple_Containerization_Sandbox_V3_Stdio) -> Bool { + if lhs._stdinPort != rhs._stdinPort {return false} + if lhs._stdoutPort != rhs._stdoutPort {return false} + if lhs._stderrPort != rhs._stderrPort {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SetupEmulatorRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}binary_path\0\u{1}name\0\u{1}type\0\u{1}offset\0\u{1}magic\0\u{1}mask\0\u{1}flags\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.binaryPath) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.name) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.type) }() + case 4: try { try decoder.decodeSingularStringField(value: &self.offset) }() + case 5: try { try decoder.decodeSingularStringField(value: &self.magic) }() + case 6: try { try decoder.decodeSingularStringField(value: &self.mask) }() + case 7: try { try decoder.decodeSingularStringField(value: &self.flags) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.binaryPath.isEmpty { + try visitor.visitSingularStringField(value: self.binaryPath, fieldNumber: 1) + } + if !self.name.isEmpty { + try visitor.visitSingularStringField(value: self.name, fieldNumber: 2) + } + if !self.type.isEmpty { + try visitor.visitSingularStringField(value: self.type, fieldNumber: 3) + } + if !self.offset.isEmpty { + try visitor.visitSingularStringField(value: self.offset, fieldNumber: 4) + } + if !self.magic.isEmpty { + try visitor.visitSingularStringField(value: self.magic, fieldNumber: 5) + } + if !self.mask.isEmpty { + try visitor.visitSingularStringField(value: self.mask, fieldNumber: 6) + } + if !self.flags.isEmpty { + try visitor.visitSingularStringField(value: self.flags, fieldNumber: 7) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest, rhs: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest) -> Bool { + if lhs.binaryPath != rhs.binaryPath {return false} + if lhs.name != rhs.name {return false} + if lhs.type != rhs.type {return false} + if lhs.offset != rhs.offset {return false} + if lhs.magic != rhs.magic {return false} + if lhs.mask != rhs.mask {return false} + if lhs.flags != rhs.flags {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SetupEmulatorResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse, rhs: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SetTimeRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SetTimeRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}sec\0\u{1}usec\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt64Field(value: &self.sec) }() + case 2: try { try decoder.decodeSingularInt32Field(value: &self.usec) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.sec != 0 { + try visitor.visitSingularInt64Field(value: self.sec, fieldNumber: 1) + } + if self.usec != 0 { + try visitor.visitSingularInt32Field(value: self.usec, fieldNumber: 2) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SetTimeRequest, rhs: Com_Apple_Containerization_Sandbox_V3_SetTimeRequest) -> Bool { + if lhs.sec != rhs.sec {return false} + if lhs.usec != rhs.usec {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SetTimeResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SetTimeResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SetTimeResponse, rhs: Com_Apple_Containerization_Sandbox_V3_SetTimeResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SysctlRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SysctlRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}settings\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeMapField(fieldType: SwiftProtobuf._ProtobufMap.self, value: &self.settings) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.settings.isEmpty { + try visitor.visitMapField(fieldType: SwiftProtobuf._ProtobufMap.self, value: self.settings, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SysctlRequest, rhs: Com_Apple_Containerization_Sandbox_V3_SysctlRequest) -> Bool { + if lhs.settings != rhs.settings {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SysctlResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SysctlResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SysctlResponse, rhs: Com_Apple_Containerization_Sandbox_V3_SysctlResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ProxyVsockRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{3}vsock_port\0\u{1}guestPath\0\u{1}guestSocketPermissions\0\u{1}action\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularUInt32Field(value: &self.vsockPort) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.guestPath) }() + case 4: try { try decoder.decodeSingularUInt32Field(value: &self._guestSocketPermissions) }() + case 5: try { try decoder.decodeSingularEnumField(value: &self.action) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + if self.vsockPort != 0 { + try visitor.visitSingularUInt32Field(value: self.vsockPort, fieldNumber: 2) + } + if !self.guestPath.isEmpty { + try visitor.visitSingularStringField(value: self.guestPath, fieldNumber: 3) + } + try { if let v = self._guestSocketPermissions { + try visitor.visitSingularUInt32Field(value: v, fieldNumber: 4) + } }() + if self.action != .into { + try visitor.visitSingularEnumField(value: self.action, fieldNumber: 5) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, rhs: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs.vsockPort != rhs.vsockPort {return false} + if lhs.guestPath != rhs.guestPath {return false} + if lhs._guestSocketPermissions != rhs._guestSocketPermissions {return false} + if lhs.action != rhs.action {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest.Action: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0INTO\0\u{1}OUT_OF\0") +} + +extension Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ProxyVsockResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse, rhs: Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".StopVsockProxyRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest, rhs: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".StopVsockProxyResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse, rhs: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_MountRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".MountRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}type\0\u{1}source\0\u{1}destination\0\u{1}options\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.type) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.source) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.destination) }() + case 4: try { try decoder.decodeRepeatedStringField(value: &self.options) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.type.isEmpty { + try visitor.visitSingularStringField(value: self.type, fieldNumber: 1) + } + if !self.source.isEmpty { + try visitor.visitSingularStringField(value: self.source, fieldNumber: 2) + } + if !self.destination.isEmpty { + try visitor.visitSingularStringField(value: self.destination, fieldNumber: 3) + } + if !self.options.isEmpty { + try visitor.visitRepeatedStringField(value: self.options, fieldNumber: 4) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_MountRequest, rhs: Com_Apple_Containerization_Sandbox_V3_MountRequest) -> Bool { + if lhs.type != rhs.type {return false} + if lhs.source != rhs.source {return false} + if lhs.destination != rhs.destination {return false} + if lhs.options != rhs.options {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_MountResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".MountResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_MountResponse, rhs: Com_Apple_Containerization_Sandbox_V3_MountResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_UmountRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".UmountRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}path\0\u{1}flags\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.path) }() + case 2: try { try decoder.decodeSingularInt32Field(value: &self.flags) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.path.isEmpty { + try visitor.visitSingularStringField(value: self.path, fieldNumber: 1) + } + if self.flags != 0 { + try visitor.visitSingularInt32Field(value: self.flags, fieldNumber: 2) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_UmountRequest, rhs: Com_Apple_Containerization_Sandbox_V3_UmountRequest) -> Bool { + if lhs.path != rhs.path {return false} + if lhs.flags != rhs.flags {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_UmountResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".UmountResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_UmountResponse, rhs: Com_Apple_Containerization_Sandbox_V3_UmountResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SetenvRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SetenvRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}key\0\u{1}value\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.key) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._value) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.key.isEmpty { + try visitor.visitSingularStringField(value: self.key, fieldNumber: 1) + } + try { if let v = self._value { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SetenvRequest, rhs: Com_Apple_Containerization_Sandbox_V3_SetenvRequest) -> Bool { + if lhs.key != rhs.key {return false} + if lhs._value != rhs._value {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SetenvResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SetenvResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SetenvResponse, rhs: Com_Apple_Containerization_Sandbox_V3_SetenvResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_GetenvRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".GetenvRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}key\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.key) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.key.isEmpty { + try visitor.visitSingularStringField(value: self.key, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_GetenvRequest, rhs: Com_Apple_Containerization_Sandbox_V3_GetenvRequest) -> Bool { + if lhs.key != rhs.key {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_GetenvResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".GetenvResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}value\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self._value) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._value { + try visitor.visitSingularStringField(value: v, fieldNumber: 1) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_GetenvResponse, rhs: Com_Apple_Containerization_Sandbox_V3_GetenvResponse) -> Bool { + if lhs._value != rhs._value {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CreateProcessRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0\u{1}stdin\0\u{1}stdout\0\u{1}stderr\0\u{1}ociRuntimePath\0\u{1}configuration\0\u{1}options\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self._stdin) }() + case 4: try { try decoder.decodeSingularUInt32Field(value: &self._stdout) }() + case 5: try { try decoder.decodeSingularUInt32Field(value: &self._stderr) }() + case 6: try { try decoder.decodeSingularStringField(value: &self._ociRuntimePath) }() + case 7: try { try decoder.decodeSingularBytesField(value: &self.configuration) }() + case 8: try { try decoder.decodeSingularBytesField(value: &self._options) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + try { if let v = self._stdin { + try visitor.visitSingularUInt32Field(value: v, fieldNumber: 3) + } }() + try { if let v = self._stdout { + try visitor.visitSingularUInt32Field(value: v, fieldNumber: 4) + } }() + try { if let v = self._stderr { + try visitor.visitSingularUInt32Field(value: v, fieldNumber: 5) + } }() + try { if let v = self._ociRuntimePath { + try visitor.visitSingularStringField(value: v, fieldNumber: 6) + } }() + if !self.configuration.isEmpty { + try visitor.visitSingularBytesField(value: self.configuration, fieldNumber: 7) + } + try { if let v = self._options { + try visitor.visitSingularBytesField(value: v, fieldNumber: 8) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest, rhs: Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs._stdin != rhs._stdin {return false} + if lhs._stdout != rhs._stdout {return false} + if lhs._stderr != rhs._stderr {return false} + if lhs._ociRuntimePath != rhs._ociRuntimePath {return false} + if lhs.configuration != rhs.configuration {return false} + if lhs._options != rhs._options {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CreateProcessResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse, rhs: Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".WaitProcessRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest, rhs: Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".WaitProcessResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}exitCode\0\u{3}exited_at\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt32Field(value: &self.exitCode) }() + case 2: try { try decoder.decodeSingularMessageField(value: &self._exitedAt) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if self.exitCode != 0 { + try visitor.visitSingularInt32Field(value: self.exitCode, fieldNumber: 1) + } + try { if let v = self._exitedAt { + try visitor.visitSingularMessageField(value: v, fieldNumber: 2) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse, rhs: Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse) -> Bool { + if lhs.exitCode != rhs.exitCode {return false} + if lhs._exitedAt != rhs._exitedAt {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ResizeProcessRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0\u{1}rows\0\u{1}columns\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self.rows) }() + case 4: try { try decoder.decodeSingularUInt32Field(value: &self.columns) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + if self.rows != 0 { + try visitor.visitSingularUInt32Field(value: self.rows, fieldNumber: 3) + } + if self.columns != 0 { + try visitor.visitSingularUInt32Field(value: self.columns, fieldNumber: 4) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, rhs: Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs.rows != rhs.rows {return false} + if lhs.columns != rhs.columns {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ResizeProcessResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse, rhs: Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".DeleteProcessRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest, rhs: Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".DeleteProcessResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse, rhs: Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_StartProcessRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".StartProcessRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_StartProcessRequest, rhs: Com_Apple_Containerization_Sandbox_V3_StartProcessRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_StartProcessResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".StartProcessResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}pid\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt32Field(value: &self.pid) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.pid != 0 { + try visitor.visitSingularInt32Field(value: self.pid, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_StartProcessResponse, rhs: Com_Apple_Containerization_Sandbox_V3_StartProcessResponse) -> Bool { + if lhs.pid != rhs.pid {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_KillProcessRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".KillProcessRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0\u{1}signal\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self.signal) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + if self.signal != 0 { + try visitor.visitSingularInt32Field(value: self.signal, fieldNumber: 3) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_KillProcessRequest, rhs: Com_Apple_Containerization_Sandbox_V3_KillProcessRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs.signal != rhs.signal {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_KillProcessResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".KillProcessResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}result\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt32Field(value: &self.result) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.result != 0 { + try visitor.visitSingularInt32Field(value: self.result, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_KillProcessResponse, rhs: Com_Apple_Containerization_Sandbox_V3_KillProcessResponse) -> Bool { + if lhs.result != rhs.result {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CloseProcessStdinRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}id\0\u{1}containerID\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.id) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._containerID) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.id.isEmpty { + try visitor.visitSingularStringField(value: self.id, fieldNumber: 1) + } + try { if let v = self._containerID { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, rhs: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest) -> Bool { + if lhs.id != rhs.id {return false} + if lhs._containerID != rhs._containerID {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CloseProcessStdinResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse, rhs: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_MkdirRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".MkdirRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}path\0\u{1}all\0\u{1}perms\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.path) }() + case 2: try { try decoder.decodeSingularBoolField(value: &self.all) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self.perms) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.path.isEmpty { + try visitor.visitSingularStringField(value: self.path, fieldNumber: 1) + } + if self.all != false { + try visitor.visitSingularBoolField(value: self.all, fieldNumber: 2) + } + if self.perms != 0 { + try visitor.visitSingularUInt32Field(value: self.perms, fieldNumber: 3) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_MkdirRequest, rhs: Com_Apple_Containerization_Sandbox_V3_MkdirRequest) -> Bool { + if lhs.path != rhs.path {return false} + if lhs.all != rhs.all {return false} + if lhs.perms != rhs.perms {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_MkdirResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".MkdirResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_MkdirResponse, rhs: Com_Apple_Containerization_Sandbox_V3_MkdirResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_WriteFileRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".WriteFileRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}path\0\u{1}data\0\u{1}mode\0\u{1}flags\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.path) }() + case 2: try { try decoder.decodeSingularBytesField(value: &self.data) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self.mode) }() + case 4: try { try decoder.decodeSingularMessageField(value: &self._flags) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.path.isEmpty { + try visitor.visitSingularStringField(value: self.path, fieldNumber: 1) + } + if !self.data.isEmpty { + try visitor.visitSingularBytesField(value: self.data, fieldNumber: 2) + } + if self.mode != 0 { + try visitor.visitSingularUInt32Field(value: self.mode, fieldNumber: 3) + } + try { if let v = self._flags { + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest, rhs: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest) -> Bool { + if lhs.path != rhs.path {return false} + if lhs.data != rhs.data {return false} + if lhs.mode != rhs.mode {return false} + if lhs._flags != rhs._flags {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.WriteFileFlags: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.protoMessageName + ".WriteFileFlags" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}create_parent_dirs\0\u{1}append\0\u{3}create_if_missing\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularBoolField(value: &self.createParentDirs) }() + case 2: try { try decoder.decodeSingularBoolField(value: &self.append) }() + case 3: try { try decoder.decodeSingularBoolField(value: &self.createIfMissing) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.createParentDirs != false { + try visitor.visitSingularBoolField(value: self.createParentDirs, fieldNumber: 1) + } + if self.append != false { + try visitor.visitSingularBoolField(value: self.append, fieldNumber: 2) + } + if self.createIfMissing != false { + try visitor.visitSingularBoolField(value: self.createIfMissing, fieldNumber: 3) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.WriteFileFlags, rhs: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest.WriteFileFlags) -> Bool { + if lhs.createParentDirs != rhs.createParentDirs {return false} + if lhs.append != rhs.append {return false} + if lhs.createIfMissing != rhs.createIfMissing {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_WriteFileResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".WriteFileResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_WriteFileResponse, rhs: Com_Apple_Containerization_Sandbox_V3_WriteFileResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CopyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CopyRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}direction\0\u{1}path\0\u{1}mode\0\u{3}create_parents\0\u{3}vsock_port\0\u{3}is_archive\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularEnumField(value: &self.direction) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.path) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self.mode) }() + case 4: try { try decoder.decodeSingularBoolField(value: &self.createParents) }() + case 5: try { try decoder.decodeSingularUInt32Field(value: &self.vsockPort) }() + case 6: try { try decoder.decodeSingularBoolField(value: &self.isArchive) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.direction != .copyIn { + try visitor.visitSingularEnumField(value: self.direction, fieldNumber: 1) + } + if !self.path.isEmpty { + try visitor.visitSingularStringField(value: self.path, fieldNumber: 2) + } + if self.mode != 0 { + try visitor.visitSingularUInt32Field(value: self.mode, fieldNumber: 3) + } + if self.createParents != false { + try visitor.visitSingularBoolField(value: self.createParents, fieldNumber: 4) + } + if self.vsockPort != 0 { + try visitor.visitSingularUInt32Field(value: self.vsockPort, fieldNumber: 5) + } + if self.isArchive != false { + try visitor.visitSingularBoolField(value: self.isArchive, fieldNumber: 6) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CopyRequest, rhs: Com_Apple_Containerization_Sandbox_V3_CopyRequest) -> Bool { + if lhs.direction != rhs.direction {return false} + if lhs.path != rhs.path {return false} + if lhs.mode != rhs.mode {return false} + if lhs.createParents != rhs.createParents {return false} + if lhs.vsockPort != rhs.vsockPort {return false} + if lhs.isArchive != rhs.isArchive {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CopyRequest.Direction: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0COPY_IN\0\u{1}COPY_OUT\0") +} + +extension Com_Apple_Containerization_Sandbox_V3_CopyResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CopyResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}status\0\u{3}is_archive\0\u{3}total_size\0\u{1}error\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularEnumField(value: &self.status) }() + case 2: try { try decoder.decodeSingularBoolField(value: &self.isArchive) }() + case 3: try { try decoder.decodeSingularUInt64Field(value: &self.totalSize) }() + case 4: try { try decoder.decodeSingularStringField(value: &self.error) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.status != .metadata { + try visitor.visitSingularEnumField(value: self.status, fieldNumber: 1) + } + if self.isArchive != false { + try visitor.visitSingularBoolField(value: self.isArchive, fieldNumber: 2) + } + if self.totalSize != 0 { + try visitor.visitSingularUInt64Field(value: self.totalSize, fieldNumber: 3) + } + if !self.error.isEmpty { + try visitor.visitSingularStringField(value: self.error, fieldNumber: 4) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CopyResponse, rhs: Com_Apple_Containerization_Sandbox_V3_CopyResponse) -> Bool { + if lhs.status != rhs.status {return false} + if lhs.isArchive != rhs.isArchive {return false} + if lhs.totalSize != rhs.totalSize {return false} + if lhs.error != rhs.error {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CopyResponse.Status: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0METADATA\0\u{1}COMPLETE\0") +} + +extension Com_Apple_Containerization_Sandbox_V3_StatRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".StatRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}path\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.path) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.path.isEmpty { + try visitor.visitSingularStringField(value: self.path, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_StatRequest, rhs: Com_Apple_Containerization_Sandbox_V3_StatRequest) -> Bool { + if lhs.path != rhs.path {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_Stat: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".Stat" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}dev\0\u{1}ino\0\u{1}mode\0\u{1}nlink\0\u{1}uid\0\u{1}gid\0\u{1}rdev\0\u{1}size\0\u{1}blksize\0\u{1}blocks\0\u{1}atime\0\u{1}mtime\0\u{1}ctime\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.dev) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.ino) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self.mode) }() + case 4: try { try decoder.decodeSingularUInt64Field(value: &self.nlink) }() + case 5: try { try decoder.decodeSingularUInt32Field(value: &self.uid) }() + case 6: try { try decoder.decodeSingularUInt32Field(value: &self.gid) }() + case 7: try { try decoder.decodeSingularUInt64Field(value: &self.rdev) }() + case 8: try { try decoder.decodeSingularInt64Field(value: &self.size) }() + case 9: try { try decoder.decodeSingularInt64Field(value: &self.blksize) }() + case 10: try { try decoder.decodeSingularInt64Field(value: &self.blocks) }() + case 11: try { try decoder.decodeSingularMessageField(value: &self._atime) }() + case 12: try { try decoder.decodeSingularMessageField(value: &self._mtime) }() + case 13: try { try decoder.decodeSingularMessageField(value: &self._ctime) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if self.dev != 0 { + try visitor.visitSingularUInt64Field(value: self.dev, fieldNumber: 1) + } + if self.ino != 0 { + try visitor.visitSingularUInt64Field(value: self.ino, fieldNumber: 2) + } + if self.mode != 0 { + try visitor.visitSingularUInt32Field(value: self.mode, fieldNumber: 3) + } + if self.nlink != 0 { + try visitor.visitSingularUInt64Field(value: self.nlink, fieldNumber: 4) + } + if self.uid != 0 { + try visitor.visitSingularUInt32Field(value: self.uid, fieldNumber: 5) + } + if self.gid != 0 { + try visitor.visitSingularUInt32Field(value: self.gid, fieldNumber: 6) + } + if self.rdev != 0 { + try visitor.visitSingularUInt64Field(value: self.rdev, fieldNumber: 7) + } + if self.size != 0 { + try visitor.visitSingularInt64Field(value: self.size, fieldNumber: 8) + } + if self.blksize != 0 { + try visitor.visitSingularInt64Field(value: self.blksize, fieldNumber: 9) + } + if self.blocks != 0 { + try visitor.visitSingularInt64Field(value: self.blocks, fieldNumber: 10) + } + try { if let v = self._atime { + try visitor.visitSingularMessageField(value: v, fieldNumber: 11) + } }() + try { if let v = self._mtime { + try visitor.visitSingularMessageField(value: v, fieldNumber: 12) + } }() + try { if let v = self._ctime { + try visitor.visitSingularMessageField(value: v, fieldNumber: 13) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_Stat, rhs: Com_Apple_Containerization_Sandbox_V3_Stat) -> Bool { + if lhs.dev != rhs.dev {return false} + if lhs.ino != rhs.ino {return false} + if lhs.mode != rhs.mode {return false} + if lhs.nlink != rhs.nlink {return false} + if lhs.uid != rhs.uid {return false} + if lhs.gid != rhs.gid {return false} + if lhs.rdev != rhs.rdev {return false} + if lhs.size != rhs.size {return false} + if lhs.blksize != rhs.blksize {return false} + if lhs.blocks != rhs.blocks {return false} + if lhs._atime != rhs._atime {return false} + if lhs._mtime != rhs._mtime {return false} + if lhs._ctime != rhs._ctime {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_StatResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".StatResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}stat\0\u{1}error\0") + + fileprivate class _StorageClass { + var _stat: Com_Apple_Containerization_Sandbox_V3_Stat? = nil + var _error: String = String() + + // This property is used as the initial default value for new instances of the type. + // The type itself is protecting the reference to its storage via CoW semantics. + // This will force a copy to be made of this reference when the first mutation occurs; + // hence, it is safe to mark this as `nonisolated(unsafe)`. + static nonisolated(unsafe) let defaultInstance = _StorageClass() + + private init() {} + + init(copying source: _StorageClass) { + _stat = source._stat + _error = source._error + } + } + + fileprivate mutating func _uniqueStorage() -> _StorageClass { + if !isKnownUniquelyReferenced(&_storage) { + _storage = _StorageClass(copying: _storage) + } + return _storage + } + + public mutating func decodeMessage(decoder: inout D) throws { + _ = _uniqueStorage() + try withExtendedLifetime(_storage) { (_storage: _StorageClass) in + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularMessageField(value: &_storage._stat) }() + case 2: try { try decoder.decodeSingularStringField(value: &_storage._error) }() + default: break + } + } + } + } + + public func traverse(visitor: inout V) throws { + try withExtendedLifetime(_storage) { (_storage: _StorageClass) in + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = _storage._stat { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + if !_storage._error.isEmpty { + try visitor.visitSingularStringField(value: _storage._error, fieldNumber: 2) + } + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_StatResponse, rhs: Com_Apple_Containerization_Sandbox_V3_StatResponse) -> Bool { + if lhs._storage !== rhs._storage { + let storagesAreEqual: Bool = withExtendedLifetime((lhs._storage, rhs._storage)) { (_args: (_StorageClass, _StorageClass)) in + let _storage = _args.0 + let rhs_storage = _args.1 + if _storage._stat != rhs_storage._stat {return false} + if _storage._error != rhs_storage._error {return false} + return true + } + if !storagesAreEqual {return false} + } + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FiTrimParams: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".FiTrimParams" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}one_shot\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { + var v: Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot? + var hadOneofValue = false + if let current = self.schedule { + hadOneofValue = true + if case .oneShot(let m) = current {v = m} + } + try decoder.decodeSingularMessageField(value: &v) + if let v = v { + if hadOneofValue {try decoder.handleConflictingOneOf()} + self.schedule = .oneShot(v) + } + }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if case .oneShot(let v)? = self.schedule { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FiTrimParams, rhs: Com_Apple_Containerization_Sandbox_V3_FiTrimParams) -> Bool { + if lhs.schedule != rhs.schedule {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = Com_Apple_Containerization_Sandbox_V3_FiTrimParams.protoMessageName + ".OneShot" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot, rhs: Com_Apple_Containerization_Sandbox_V3_FiTrimParams.OneShot) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FiFreezeParams: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".FiFreezeParams" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FiFreezeParams, rhs: Com_Apple_Containerization_Sandbox_V3_FiFreezeParams) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FiThawParams: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".FiThawParams" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FiThawParams, rhs: Com_Apple_Containerization_Sandbox_V3_FiThawParams) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FiTrimResult: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".FiTrimResult" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}trimmed_bytes\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.trimmedBytes) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.trimmedBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.trimmedBytes, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FiTrimResult, rhs: Com_Apple_Containerization_Sandbox_V3_FiTrimResult) -> Bool { + if lhs.trimmedBytes != rhs.trimmedBytes {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".FilesystemOperationRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}path\0\u{1}trim\0\u{1}freeze\0\u{1}thaw\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.path) }() + case 2: try { + var v: Com_Apple_Containerization_Sandbox_V3_FiTrimParams? + var hadOneofValue = false + if let current = self.operation { + hadOneofValue = true + if case .trim(let m) = current {v = m} + } + try decoder.decodeSingularMessageField(value: &v) + if let v = v { + if hadOneofValue {try decoder.handleConflictingOneOf()} + self.operation = .trim(v) + } + }() + case 3: try { + var v: Com_Apple_Containerization_Sandbox_V3_FiFreezeParams? + var hadOneofValue = false + if let current = self.operation { + hadOneofValue = true + if case .freeze(let m) = current {v = m} + } + try decoder.decodeSingularMessageField(value: &v) + if let v = v { + if hadOneofValue {try decoder.handleConflictingOneOf()} + self.operation = .freeze(v) + } + }() + case 4: try { + var v: Com_Apple_Containerization_Sandbox_V3_FiThawParams? + var hadOneofValue = false + if let current = self.operation { + hadOneofValue = true + if case .thaw(let m) = current {v = m} + } + try decoder.decodeSingularMessageField(value: &v) + if let v = v { + if hadOneofValue {try decoder.handleConflictingOneOf()} + self.operation = .thaw(v) + } + }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.path.isEmpty { + try visitor.visitSingularStringField(value: self.path, fieldNumber: 1) + } + switch self.operation { + case .trim?: try { + guard case .trim(let v)? = self.operation else { preconditionFailure() } + try visitor.visitSingularMessageField(value: v, fieldNumber: 2) + }() + case .freeze?: try { + guard case .freeze(let v)? = self.operation else { preconditionFailure() } + try visitor.visitSingularMessageField(value: v, fieldNumber: 3) + }() + case .thaw?: try { + guard case .thaw(let v)? = self.operation else { preconditionFailure() } + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) + }() + case nil: break + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest, rhs: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest) -> Bool { + if lhs.path != rhs.path {return false} + if lhs.operation != rhs.operation {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".FilesystemOperationResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}trim\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { + var v: Com_Apple_Containerization_Sandbox_V3_FiTrimResult? + var hadOneofValue = false + if let current = self.result { + hadOneofValue = true + if case .trim(let m) = current {v = m} + } + try decoder.decodeSingularMessageField(value: &v) + if let v = v { + if hadOneofValue {try decoder.handleConflictingOneOf()} + self.result = .trim(v) + } + }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if case .trim(let v)? = self.result { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse, rhs: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse) -> Bool { + if lhs.result != rhs.result {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpLinkSetRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}interface\0\u{1}up\0\u{1}mtu\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.interface) }() + case 2: try { try decoder.decodeSingularBoolField(value: &self.up) }() + case 3: try { try decoder.decodeSingularUInt32Field(value: &self._mtu) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.interface.isEmpty { + try visitor.visitSingularStringField(value: self.interface, fieldNumber: 1) + } + if self.up != false { + try visitor.visitSingularBoolField(value: self.up, fieldNumber: 2) + } + try { if let v = self._mtu { + try visitor.visitSingularUInt32Field(value: v, fieldNumber: 3) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest, rhs: Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest) -> Bool { + if lhs.interface != rhs.interface {return false} + if lhs.up != rhs.up {return false} + if lhs._mtu != rhs._mtu {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpLinkSetResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse, rhs: Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpAddrAddRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}interface\0\u{1}ipv4Address\0\u{1}ipv6Address\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.interface) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.ipv4Address) }() + case 3: try { try decoder.decodeSingularStringField(value: &self._ipv6Address) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.interface.isEmpty { + try visitor.visitSingularStringField(value: self.interface, fieldNumber: 1) + } + if !self.ipv4Address.isEmpty { + try visitor.visitSingularStringField(value: self.ipv4Address, fieldNumber: 2) + } + try { if let v = self._ipv6Address { + try visitor.visitSingularStringField(value: v, fieldNumber: 3) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest, rhs: Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest) -> Bool { + if lhs.interface != rhs.interface {return false} + if lhs.ipv4Address != rhs.ipv4Address {return false} + if lhs._ipv6Address != rhs._ipv6Address {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpAddrAddResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse, rhs: Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpRouteAddLinkRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}interface\0\u{1}dstIpv4Addr\0\u{1}srcIpv4Addr\0\u{1}dstIpv6Addr\0\u{1}srcIpv6Addr\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.interface) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.dstIpv4Addr) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.srcIpv4Addr) }() + case 4: try { try decoder.decodeSingularStringField(value: &self._dstIpv6Addr) }() + case 5: try { try decoder.decodeSingularStringField(value: &self._srcIpv6Addr) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.interface.isEmpty { + try visitor.visitSingularStringField(value: self.interface, fieldNumber: 1) + } + if !self.dstIpv4Addr.isEmpty { + try visitor.visitSingularStringField(value: self.dstIpv4Addr, fieldNumber: 2) + } + if !self.srcIpv4Addr.isEmpty { + try visitor.visitSingularStringField(value: self.srcIpv4Addr, fieldNumber: 3) + } + try { if let v = self._dstIpv6Addr { + try visitor.visitSingularStringField(value: v, fieldNumber: 4) + } }() + try { if let v = self._srcIpv6Addr { + try visitor.visitSingularStringField(value: v, fieldNumber: 5) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest, rhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest) -> Bool { + if lhs.interface != rhs.interface {return false} + if lhs.dstIpv4Addr != rhs.dstIpv4Addr {return false} + if lhs.srcIpv4Addr != rhs.srcIpv4Addr {return false} + if lhs._dstIpv6Addr != rhs._dstIpv6Addr {return false} + if lhs._srcIpv6Addr != rhs._srcIpv6Addr {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpRouteAddLinkResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse, rhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpRouteAddDefaultRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}interface\0\u{1}ipv4Gateway\0\u{1}ipv6Gateway\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.interface) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.ipv4Gateway) }() + case 3: try { try decoder.decodeSingularStringField(value: &self._ipv6Gateway) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.interface.isEmpty { + try visitor.visitSingularStringField(value: self.interface, fieldNumber: 1) + } + if !self.ipv4Gateway.isEmpty { + try visitor.visitSingularStringField(value: self.ipv4Gateway, fieldNumber: 2) + } + try { if let v = self._ipv6Gateway { + try visitor.visitSingularStringField(value: v, fieldNumber: 3) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest, rhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest) -> Bool { + if lhs.interface != rhs.interface {return false} + if lhs.ipv4Gateway != rhs.ipv4Gateway {return false} + if lhs._ipv6Gateway != rhs._ipv6Gateway {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".IpRouteAddDefaultResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse, rhs: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ConfigureDnsRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}location\0\u{1}nameservers\0\u{1}domain\0\u{1}searchDomains\0\u{1}options\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.location) }() + case 2: try { try decoder.decodeRepeatedStringField(value: &self.nameservers) }() + case 3: try { try decoder.decodeSingularStringField(value: &self._domain) }() + case 4: try { try decoder.decodeRepeatedStringField(value: &self.searchDomains) }() + case 5: try { try decoder.decodeRepeatedStringField(value: &self.options) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.location.isEmpty { + try visitor.visitSingularStringField(value: self.location, fieldNumber: 1) + } + if !self.nameservers.isEmpty { + try visitor.visitRepeatedStringField(value: self.nameservers, fieldNumber: 2) + } + try { if let v = self._domain { + try visitor.visitSingularStringField(value: v, fieldNumber: 3) + } }() + if !self.searchDomains.isEmpty { + try visitor.visitRepeatedStringField(value: self.searchDomains, fieldNumber: 4) + } + if !self.options.isEmpty { + try visitor.visitRepeatedStringField(value: self.options, fieldNumber: 5) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest, rhs: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest) -> Bool { + if lhs.location != rhs.location {return false} + if lhs.nameservers != rhs.nameservers {return false} + if lhs._domain != rhs._domain {return false} + if lhs.searchDomains != rhs.searchDomains {return false} + if lhs.options != rhs.options {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ConfigureDnsResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse, rhs: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ConfigureHostsRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}location\0\u{1}entries\0\u{1}comment\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.location) }() + case 2: try { try decoder.decodeRepeatedMessageField(value: &self.entries) }() + case 3: try { try decoder.decodeSingularStringField(value: &self._comment) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.location.isEmpty { + try visitor.visitSingularStringField(value: self.location, fieldNumber: 1) + } + if !self.entries.isEmpty { + try visitor.visitRepeatedMessageField(value: self.entries, fieldNumber: 2) + } + try { if let v = self._comment { + try visitor.visitSingularStringField(value: v, fieldNumber: 3) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest, rhs: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest) -> Bool { + if lhs.location != rhs.location {return false} + if lhs.entries != rhs.entries {return false} + if lhs._comment != rhs._comment {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.HostsEntry: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.protoMessageName + ".HostsEntry" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}ipAddress\0\u{1}hostnames\0\u{1}comment\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.ipAddress) }() + case 2: try { try decoder.decodeRepeatedStringField(value: &self.hostnames) }() + case 3: try { try decoder.decodeSingularStringField(value: &self._comment) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.ipAddress.isEmpty { + try visitor.visitSingularStringField(value: self.ipAddress, fieldNumber: 1) + } + if !self.hostnames.isEmpty { + try visitor.visitRepeatedStringField(value: self.hostnames, fieldNumber: 2) + } + try { if let v = self._comment { + try visitor.visitSingularStringField(value: v, fieldNumber: 3) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.HostsEntry, rhs: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.HostsEntry) -> Bool { + if lhs.ipAddress != rhs.ipAddress {return false} + if lhs.hostnames != rhs.hostnames {return false} + if lhs._comment != rhs._comment {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ConfigureHostsResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse, rhs: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SyncRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SyncRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SyncRequest, rhs: Com_Apple_Containerization_Sandbox_V3_SyncRequest) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_SyncResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".SyncResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap() + + public mutating func decodeMessage(decoder: inout D) throws { + // Load everything into unknown fields + while try decoder.nextFieldNumber() != nil {} + } + + public func traverse(visitor: inout V) throws { + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_SyncResponse, rhs: Com_Apple_Containerization_Sandbox_V3_SyncResponse) -> Bool { + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_KillRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".KillRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}pid\0\u{2}\u{2}signal\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt32Field(value: &self.pid) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self.signal) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.pid != 0 { + try visitor.visitSingularInt32Field(value: self.pid, fieldNumber: 1) + } + if self.signal != 0 { + try visitor.visitSingularInt32Field(value: self.signal, fieldNumber: 3) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_KillRequest, rhs: Com_Apple_Containerization_Sandbox_V3_KillRequest) -> Bool { + if lhs.pid != rhs.pid {return false} + if lhs.signal != rhs.signal {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_KillResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".KillResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}result\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt32Field(value: &self.result) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.result != 0 { + try visitor.visitSingularInt32Field(value: self.result, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_KillResponse, rhs: Com_Apple_Containerization_Sandbox_V3_KillResponse) -> Bool { + if lhs.result != rhs.result {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ContainerStatisticsRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}container_ids\0\u{1}categories\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeRepeatedStringField(value: &self.containerIds) }() + case 2: try { try decoder.decodeRepeatedEnumField(value: &self.categories) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.containerIds.isEmpty { + try visitor.visitRepeatedStringField(value: self.containerIds, fieldNumber: 1) + } + if !self.categories.isEmpty { + try visitor.visitPackedEnumField(value: self.categories, fieldNumber: 2) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest, rhs: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest) -> Bool { + if lhs.containerIds != rhs.containerIds {return false} + if lhs.categories != rhs.categories {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ContainerStatisticsResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}containers\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeRepeatedMessageField(value: &self.containers) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.containers.isEmpty { + try visitor.visitRepeatedMessageField(value: self.containers, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse, rhs: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse) -> Bool { + if lhs.containers != rhs.containers {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ContainerStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ContainerStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}container_id\0\u{1}process\0\u{1}memory\0\u{1}cpu\0\u{3}block_io\0\u{1}networks\0\u{3}memory_events\0") + + fileprivate class _StorageClass { + var _containerID: String = String() + var _process: Com_Apple_Containerization_Sandbox_V3_ProcessStats? = nil + var _memory: Com_Apple_Containerization_Sandbox_V3_MemoryStats? = nil + var _cpu: Com_Apple_Containerization_Sandbox_V3_CPUStats? = nil + var _blockIo: Com_Apple_Containerization_Sandbox_V3_BlockIOStats? = nil + var _networks: [Com_Apple_Containerization_Sandbox_V3_NetworkStats] = [] + var _memoryEvents: Com_Apple_Containerization_Sandbox_V3_MemoryEventStats? = nil + + // This property is used as the initial default value for new instances of the type. + // The type itself is protecting the reference to its storage via CoW semantics. + // This will force a copy to be made of this reference when the first mutation occurs; + // hence, it is safe to mark this as `nonisolated(unsafe)`. + static nonisolated(unsafe) let defaultInstance = _StorageClass() + + private init() {} + + init(copying source: _StorageClass) { + _containerID = source._containerID + _process = source._process + _memory = source._memory + _cpu = source._cpu + _blockIo = source._blockIo + _networks = source._networks + _memoryEvents = source._memoryEvents + } + } + + fileprivate mutating func _uniqueStorage() -> _StorageClass { + if !isKnownUniquelyReferenced(&_storage) { + _storage = _StorageClass(copying: _storage) + } + return _storage + } + + public mutating func decodeMessage(decoder: inout D) throws { + _ = _uniqueStorage() + try withExtendedLifetime(_storage) { (_storage: _StorageClass) in + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &_storage._containerID) }() + case 2: try { try decoder.decodeSingularMessageField(value: &_storage._process) }() + case 3: try { try decoder.decodeSingularMessageField(value: &_storage._memory) }() + case 4: try { try decoder.decodeSingularMessageField(value: &_storage._cpu) }() + case 5: try { try decoder.decodeSingularMessageField(value: &_storage._blockIo) }() + case 6: try { try decoder.decodeRepeatedMessageField(value: &_storage._networks) }() + case 7: try { try decoder.decodeSingularMessageField(value: &_storage._memoryEvents) }() + default: break + } + } + } + } + + public func traverse(visitor: inout V) throws { + try withExtendedLifetime(_storage) { (_storage: _StorageClass) in + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !_storage._containerID.isEmpty { + try visitor.visitSingularStringField(value: _storage._containerID, fieldNumber: 1) + } + try { if let v = _storage._process { + try visitor.visitSingularMessageField(value: v, fieldNumber: 2) + } }() + try { if let v = _storage._memory { + try visitor.visitSingularMessageField(value: v, fieldNumber: 3) + } }() + try { if let v = _storage._cpu { + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) + } }() + try { if let v = _storage._blockIo { + try visitor.visitSingularMessageField(value: v, fieldNumber: 5) + } }() + if !_storage._networks.isEmpty { + try visitor.visitRepeatedMessageField(value: _storage._networks, fieldNumber: 6) + } + try { if let v = _storage._memoryEvents { + try visitor.visitSingularMessageField(value: v, fieldNumber: 7) + } }() + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ContainerStats, rhs: Com_Apple_Containerization_Sandbox_V3_ContainerStats) -> Bool { + if lhs._storage !== rhs._storage { + let storagesAreEqual: Bool = withExtendedLifetime((lhs._storage, rhs._storage)) { (_args: (_StorageClass, _StorageClass)) in + let _storage = _args.0 + let rhs_storage = _args.1 + if _storage._containerID != rhs_storage._containerID {return false} + if _storage._process != rhs_storage._process {return false} + if _storage._memory != rhs_storage._memory {return false} + if _storage._cpu != rhs_storage._cpu {return false} + if _storage._blockIo != rhs_storage._blockIo {return false} + if _storage._networks != rhs_storage._networks {return false} + if _storage._memoryEvents != rhs_storage._memoryEvents {return false} + return true + } + if !storagesAreEqual {return false} + } + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ProcessStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ProcessStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}current\0\u{1}limit\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.current) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.limit) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.current != 0 { + try visitor.visitSingularUInt64Field(value: self.current, fieldNumber: 1) + } + if self.limit != 0 { + try visitor.visitSingularUInt64Field(value: self.limit, fieldNumber: 2) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_ProcessStats, rhs: Com_Apple_Containerization_Sandbox_V3_ProcessStats) -> Bool { + if lhs.current != rhs.current {return false} + if lhs.limit != rhs.limit {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_MemoryStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".MemoryStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}usage_bytes\0\u{3}limit_bytes\0\u{3}swap_usage_bytes\0\u{3}swap_limit_bytes\0\u{3}cache_bytes\0\u{3}kernel_stack_bytes\0\u{3}slab_bytes\0\u{3}page_faults\0\u{3}major_page_faults\0\u{3}inactive_file\0\u{1}anon\0\u{3}workingset_refault_anon\0\u{3}workingset_refault_file\0\u{3}pgsteal_kswapd\0\u{3}pgsteal_direct\0\u{3}pgsteal_khugepaged\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.usageBytes) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.limitBytes) }() + case 3: try { try decoder.decodeSingularUInt64Field(value: &self.swapUsageBytes) }() + case 4: try { try decoder.decodeSingularUInt64Field(value: &self.swapLimitBytes) }() + case 5: try { try decoder.decodeSingularUInt64Field(value: &self.cacheBytes) }() + case 6: try { try decoder.decodeSingularUInt64Field(value: &self.kernelStackBytes) }() + case 7: try { try decoder.decodeSingularUInt64Field(value: &self.slabBytes) }() + case 8: try { try decoder.decodeSingularUInt64Field(value: &self.pageFaults) }() + case 9: try { try decoder.decodeSingularUInt64Field(value: &self.majorPageFaults) }() + case 10: try { try decoder.decodeSingularUInt64Field(value: &self.inactiveFile) }() + case 11: try { try decoder.decodeSingularUInt64Field(value: &self.anon) }() + case 12: try { try decoder.decodeSingularUInt64Field(value: &self.workingsetRefaultAnon) }() + case 13: try { try decoder.decodeSingularUInt64Field(value: &self.workingsetRefaultFile) }() + case 14: try { try decoder.decodeSingularUInt64Field(value: &self.pgstealKswapd) }() + case 15: try { try decoder.decodeSingularUInt64Field(value: &self.pgstealDirect) }() + case 16: try { try decoder.decodeSingularUInt64Field(value: &self.pgstealKhugepaged) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.usageBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.usageBytes, fieldNumber: 1) + } + if self.limitBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.limitBytes, fieldNumber: 2) + } + if self.swapUsageBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.swapUsageBytes, fieldNumber: 3) + } + if self.swapLimitBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.swapLimitBytes, fieldNumber: 4) + } + if self.cacheBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.cacheBytes, fieldNumber: 5) + } + if self.kernelStackBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.kernelStackBytes, fieldNumber: 6) + } + if self.slabBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.slabBytes, fieldNumber: 7) + } + if self.pageFaults != 0 { + try visitor.visitSingularUInt64Field(value: self.pageFaults, fieldNumber: 8) + } + if self.majorPageFaults != 0 { + try visitor.visitSingularUInt64Field(value: self.majorPageFaults, fieldNumber: 9) + } + if self.inactiveFile != 0 { + try visitor.visitSingularUInt64Field(value: self.inactiveFile, fieldNumber: 10) + } + if self.anon != 0 { + try visitor.visitSingularUInt64Field(value: self.anon, fieldNumber: 11) + } + if self.workingsetRefaultAnon != 0 { + try visitor.visitSingularUInt64Field(value: self.workingsetRefaultAnon, fieldNumber: 12) + } + if self.workingsetRefaultFile != 0 { + try visitor.visitSingularUInt64Field(value: self.workingsetRefaultFile, fieldNumber: 13) + } + if self.pgstealKswapd != 0 { + try visitor.visitSingularUInt64Field(value: self.pgstealKswapd, fieldNumber: 14) + } + if self.pgstealDirect != 0 { + try visitor.visitSingularUInt64Field(value: self.pgstealDirect, fieldNumber: 15) + } + if self.pgstealKhugepaged != 0 { + try visitor.visitSingularUInt64Field(value: self.pgstealKhugepaged, fieldNumber: 16) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_MemoryStats, rhs: Com_Apple_Containerization_Sandbox_V3_MemoryStats) -> Bool { + if lhs.usageBytes != rhs.usageBytes {return false} + if lhs.limitBytes != rhs.limitBytes {return false} + if lhs.swapUsageBytes != rhs.swapUsageBytes {return false} + if lhs.swapLimitBytes != rhs.swapLimitBytes {return false} + if lhs.cacheBytes != rhs.cacheBytes {return false} + if lhs.kernelStackBytes != rhs.kernelStackBytes {return false} + if lhs.slabBytes != rhs.slabBytes {return false} + if lhs.pageFaults != rhs.pageFaults {return false} + if lhs.majorPageFaults != rhs.majorPageFaults {return false} + if lhs.inactiveFile != rhs.inactiveFile {return false} + if lhs.anon != rhs.anon {return false} + if lhs.workingsetRefaultAnon != rhs.workingsetRefaultAnon {return false} + if lhs.workingsetRefaultFile != rhs.workingsetRefaultFile {return false} + if lhs.pgstealKswapd != rhs.pgstealKswapd {return false} + if lhs.pgstealDirect != rhs.pgstealDirect {return false} + if lhs.pgstealKhugepaged != rhs.pgstealKhugepaged {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_CPUStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CPUStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}usage_usec\0\u{3}user_usec\0\u{3}system_usec\0\u{3}throttling_periods\0\u{3}throttled_periods\0\u{3}throttled_time_usec\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.usageUsec) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.userUsec) }() + case 3: try { try decoder.decodeSingularUInt64Field(value: &self.systemUsec) }() + case 4: try { try decoder.decodeSingularUInt64Field(value: &self.throttlingPeriods) }() + case 5: try { try decoder.decodeSingularUInt64Field(value: &self.throttledPeriods) }() + case 6: try { try decoder.decodeSingularUInt64Field(value: &self.throttledTimeUsec) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.usageUsec != 0 { + try visitor.visitSingularUInt64Field(value: self.usageUsec, fieldNumber: 1) + } + if self.userUsec != 0 { + try visitor.visitSingularUInt64Field(value: self.userUsec, fieldNumber: 2) + } + if self.systemUsec != 0 { + try visitor.visitSingularUInt64Field(value: self.systemUsec, fieldNumber: 3) + } + if self.throttlingPeriods != 0 { + try visitor.visitSingularUInt64Field(value: self.throttlingPeriods, fieldNumber: 4) + } + if self.throttledPeriods != 0 { + try visitor.visitSingularUInt64Field(value: self.throttledPeriods, fieldNumber: 5) + } + if self.throttledTimeUsec != 0 { + try visitor.visitSingularUInt64Field(value: self.throttledTimeUsec, fieldNumber: 6) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_CPUStats, rhs: Com_Apple_Containerization_Sandbox_V3_CPUStats) -> Bool { + if lhs.usageUsec != rhs.usageUsec {return false} + if lhs.userUsec != rhs.userUsec {return false} + if lhs.systemUsec != rhs.systemUsec {return false} + if lhs.throttlingPeriods != rhs.throttlingPeriods {return false} + if lhs.throttledPeriods != rhs.throttledPeriods {return false} + if lhs.throttledTimeUsec != rhs.throttledTimeUsec {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_BlockIOStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".BlockIOStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}devices\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeRepeatedMessageField(value: &self.devices) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.devices.isEmpty { + try visitor.visitRepeatedMessageField(value: self.devices, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_BlockIOStats, rhs: Com_Apple_Containerization_Sandbox_V3_BlockIOStats) -> Bool { + if lhs.devices != rhs.devices {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_BlockIOEntry: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".BlockIOEntry" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}major\0\u{1}minor\0\u{3}read_bytes\0\u{3}write_bytes\0\u{3}read_operations\0\u{3}write_operations\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.major) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.minor) }() + case 3: try { try decoder.decodeSingularUInt64Field(value: &self.readBytes) }() + case 4: try { try decoder.decodeSingularUInt64Field(value: &self.writeBytes) }() + case 5: try { try decoder.decodeSingularUInt64Field(value: &self.readOperations) }() + case 6: try { try decoder.decodeSingularUInt64Field(value: &self.writeOperations) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.major != 0 { + try visitor.visitSingularUInt64Field(value: self.major, fieldNumber: 1) + } + if self.minor != 0 { + try visitor.visitSingularUInt64Field(value: self.minor, fieldNumber: 2) + } + if self.readBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.readBytes, fieldNumber: 3) + } + if self.writeBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.writeBytes, fieldNumber: 4) + } + if self.readOperations != 0 { + try visitor.visitSingularUInt64Field(value: self.readOperations, fieldNumber: 5) + } + if self.writeOperations != 0 { + try visitor.visitSingularUInt64Field(value: self.writeOperations, fieldNumber: 6) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_BlockIOEntry, rhs: Com_Apple_Containerization_Sandbox_V3_BlockIOEntry) -> Bool { + if lhs.major != rhs.major {return false} + if lhs.minor != rhs.minor {return false} + if lhs.readBytes != rhs.readBytes {return false} + if lhs.writeBytes != rhs.writeBytes {return false} + if lhs.readOperations != rhs.readOperations {return false} + if lhs.writeOperations != rhs.writeOperations {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_NetworkStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".NetworkStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}interface\0\u{1}receivedPackets\0\u{1}transmittedPackets\0\u{1}receivedBytes\0\u{1}transmittedBytes\0\u{1}receivedErrors\0\u{1}transmittedErrors\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.interface) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.receivedPackets) }() + case 3: try { try decoder.decodeSingularUInt64Field(value: &self.transmittedPackets) }() + case 4: try { try decoder.decodeSingularUInt64Field(value: &self.receivedBytes) }() + case 5: try { try decoder.decodeSingularUInt64Field(value: &self.transmittedBytes) }() + case 6: try { try decoder.decodeSingularUInt64Field(value: &self.receivedErrors) }() + case 7: try { try decoder.decodeSingularUInt64Field(value: &self.transmittedErrors) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.interface.isEmpty { + try visitor.visitSingularStringField(value: self.interface, fieldNumber: 1) + } + if self.receivedPackets != 0 { + try visitor.visitSingularUInt64Field(value: self.receivedPackets, fieldNumber: 2) + } + if self.transmittedPackets != 0 { + try visitor.visitSingularUInt64Field(value: self.transmittedPackets, fieldNumber: 3) + } + if self.receivedBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.receivedBytes, fieldNumber: 4) + } + if self.transmittedBytes != 0 { + try visitor.visitSingularUInt64Field(value: self.transmittedBytes, fieldNumber: 5) + } + if self.receivedErrors != 0 { + try visitor.visitSingularUInt64Field(value: self.receivedErrors, fieldNumber: 6) + } + if self.transmittedErrors != 0 { + try visitor.visitSingularUInt64Field(value: self.transmittedErrors, fieldNumber: 7) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_NetworkStats, rhs: Com_Apple_Containerization_Sandbox_V3_NetworkStats) -> Bool { + if lhs.interface != rhs.interface {return false} + if lhs.receivedPackets != rhs.receivedPackets {return false} + if lhs.transmittedPackets != rhs.transmittedPackets {return false} + if lhs.receivedBytes != rhs.receivedBytes {return false} + if lhs.transmittedBytes != rhs.transmittedBytes {return false} + if lhs.receivedErrors != rhs.receivedErrors {return false} + if lhs.transmittedErrors != rhs.transmittedErrors {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Com_Apple_Containerization_Sandbox_V3_MemoryEventStats: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".MemoryEventStats" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}low\0\u{1}high\0\u{1}max\0\u{1}oom\0\u{3}oom_kill\0\u{3}oom_group_kill\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularUInt64Field(value: &self.low) }() + case 2: try { try decoder.decodeSingularUInt64Field(value: &self.high) }() + case 3: try { try decoder.decodeSingularUInt64Field(value: &self.max) }() + case 4: try { try decoder.decodeSingularUInt64Field(value: &self.oom) }() + case 5: try { try decoder.decodeSingularUInt64Field(value: &self.oomKill) }() + case 6: try { try decoder.decodeSingularUInt64Field(value: &self.oomGroupKill) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.low != 0 { + try visitor.visitSingularUInt64Field(value: self.low, fieldNumber: 1) + } + if self.high != 0 { + try visitor.visitSingularUInt64Field(value: self.high, fieldNumber: 2) + } + if self.max != 0 { + try visitor.visitSingularUInt64Field(value: self.max, fieldNumber: 3) + } + if self.oom != 0 { + try visitor.visitSingularUInt64Field(value: self.oom, fieldNumber: 4) + } + if self.oomKill != 0 { + try visitor.visitSingularUInt64Field(value: self.oomKill, fieldNumber: 5) + } + if self.oomGroupKill != 0 { + try visitor.visitSingularUInt64Field(value: self.oomGroupKill, fieldNumber: 6) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Com_Apple_Containerization_Sandbox_V3_MemoryEventStats, rhs: Com_Apple_Containerization_Sandbox_V3_MemoryEventStats) -> Bool { + if lhs.low != rhs.low {return false} + if lhs.high != rhs.high {return false} + if lhs.max != rhs.max {return false} + if lhs.oom != rhs.oom {return false} + if lhs.oomKill != rhs.oomKill {return false} + if lhs.oomGroupKill != rhs.oomGroupKill {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} diff --git a/Sources/Containerization/SandboxContext/SandboxContext.proto b/Sources/Containerization/SandboxContext/SandboxContext.proto new file mode 100644 index 0000000..24fb242 --- /dev/null +++ b/Sources/Containerization/SandboxContext/SandboxContext.proto @@ -0,0 +1,493 @@ +syntax = "proto3"; + +package com.apple.containerization.sandbox.v3; + +import "google/protobuf/timestamp.proto"; + +// Context for interacting with a container's runtime environment. +service SandboxContext { + // Mount a filesystem. + rpc Mount(MountRequest) returns (MountResponse); + // Unmount a filesystem. + rpc Umount(UmountRequest) returns (UmountResponse); + // Set an environment variable on the init process. + rpc Setenv(SetenvRequest) returns (SetenvResponse); + // Get an environment variable from the init process. + rpc Getenv(GetenvRequest) returns (GetenvResponse); + // Create a new directory inside the sandbox. + rpc Mkdir(MkdirRequest) returns (MkdirResponse); + // Set sysctls in the context of the sandbox. + rpc Sysctl(SysctlRequest) returns (SysctlResponse); + // Set time in the guest. + rpc SetTime(SetTimeRequest) returns (SetTimeResponse); + // Set up an emulator in the guest for a specific binary format. + rpc SetupEmulator(SetupEmulatorRequest) returns (SetupEmulatorResponse); + // Write data to an existing or new file. + rpc WriteFile(WriteFileRequest) returns (WriteFileResponse); + // Copy a file or directory between the host and guest. + // Data transfer happens over a dedicated vsock connection; + // the gRPC stream is used only for control/metadata. + rpc Copy(CopyRequest) returns (stream CopyResponse); + // Stat a path in the guest filesystem. + rpc Stat(StatRequest) returns (StatResponse); + // Perform a filesystem operation on a mounted filesystem. + rpc FilesystemOperation(FilesystemOperationRequest) returns (FilesystemOperationResponse); + + // Create a new process inside the container. + rpc CreateProcess(CreateProcessRequest) returns (CreateProcessResponse); + // Delete an existing process inside the container. + rpc DeleteProcess(DeleteProcessRequest) returns (DeleteProcessResponse); + // Start the provided process. + rpc StartProcess(StartProcessRequest) returns (StartProcessResponse); + // Send a signal to the provided process. + rpc KillProcess(KillProcessRequest) returns (KillProcessResponse); + // Wait for a process to exit and return the exit code. + rpc WaitProcess(WaitProcessRequest) returns (WaitProcessResponse); + // Resize the tty of a given process. This will error if the process does + // not have a pty allocated. + rpc ResizeProcess(ResizeProcessRequest) returns (ResizeProcessResponse); + // Close IO for a given process. + rpc CloseProcessStdin(CloseProcessStdinRequest) returns (CloseProcessStdinResponse); + + // Get statistics for containers. + rpc ContainerStatistics(ContainerStatisticsRequest) returns (ContainerStatisticsResponse); + + // Proxy a vsock port to a unix domain socket in the guest, or vice versa. + rpc ProxyVsock(ProxyVsockRequest) returns (ProxyVsockResponse); + // Stop a vsock proxy to a unix domain socket. + rpc StopVsockProxy(StopVsockProxyRequest) returns (StopVsockProxyResponse); + + // Set the link state of a network interface. + rpc IpLinkSet(IpLinkSetRequest) returns (IpLinkSetResponse); + // Add an IPv4 address to a network interface. + rpc IpAddrAdd(IpAddrAddRequest) returns (IpAddrAddResponse); + // Add an IP route for a network interface. + rpc IpRouteAddLink(IpRouteAddLinkRequest) returns (IpRouteAddLinkResponse); + // Add an IP route for a network interface. + rpc IpRouteAddDefault(IpRouteAddDefaultRequest) returns (IpRouteAddDefaultResponse); + // Configure DNS resolver. + rpc ConfigureDns(ConfigureDnsRequest) returns (ConfigureDnsResponse); + // Configure /etc/hosts. + rpc ConfigureHosts(ConfigureHostsRequest) returns (ConfigureHostsResponse); + + // Perform the sync syscall. + rpc Sync(SyncRequest) returns (SyncResponse); + // Send a signal to a process via the PID. + rpc Kill(KillRequest) returns (KillResponse); +} + +message Stdio { + optional int32 stdinPort = 1; + optional int32 stdoutPort = 2; + optional int32 stderrPort = 3; +} + +message SetupEmulatorRequest { + string binary_path = 1; + string name = 2; + string type = 3; + string offset = 4; + string magic = 5; + string mask = 6; + string flags = 7; +} + +message SetupEmulatorResponse {} + +message SetTimeRequest { + int64 sec = 1; + int32 usec = 2; +} + +message SetTimeResponse {} + +message SysctlRequest { map settings = 1; } + +message SysctlResponse {} + +message ProxyVsockRequest { + enum Action { + INTO = 0; + OUT_OF = 1; + } + string id = 1; + uint32 vsock_port = 2; + string guestPath = 3; + optional uint32 guestSocketPermissions = 4; + Action action = 5; +} + +message ProxyVsockResponse {} + +message StopVsockProxyRequest { string id = 1; } + +message StopVsockProxyResponse {} + +message MountRequest { + string type = 1; + string source = 2; + string destination = 3; + repeated string options = 4; +} + +message MountResponse {} + +message UmountRequest { + string path = 1; + int32 flags = 2; +} + +message UmountResponse {} + +message SetenvRequest { + string key = 1; + optional string value = 2; +} + +message SetenvResponse {} + +message GetenvRequest { string key = 1; } + +message GetenvResponse { optional string value = 1; } + +message CreateProcessRequest { + string id = 1; + optional string containerID = 2; + optional uint32 stdin = 3; + optional uint32 stdout = 4; + optional uint32 stderr = 5; + optional string ociRuntimePath = 6; + bytes configuration = 7; + optional bytes options = 8; +} + +message CreateProcessResponse {} + +message WaitProcessRequest { + string id = 1; + optional string containerID = 2; +} + +message WaitProcessResponse { + int32 exitCode = 1; + google.protobuf.Timestamp exited_at = 2; +} + +message ResizeProcessRequest { + string id = 1; + optional string containerID = 2; + uint32 rows = 3; + uint32 columns = 4; +} + +message ResizeProcessResponse {} + +message DeleteProcessRequest { + string id = 1; + optional string containerID = 2; +} + +message DeleteProcessResponse {} + +message StartProcessRequest { + string id = 1; + optional string containerID = 2; +} + +message StartProcessResponse { int32 pid = 1; } + +message KillProcessRequest { + string id = 1; + optional string containerID = 2; + int32 signal = 3; +} + +message KillProcessResponse { int32 result = 1; } + +message CloseProcessStdinRequest { + string id = 1; + optional string containerID = 2; +} + +message CloseProcessStdinResponse {} + +message MkdirRequest { + string path = 1; + bool all = 2; + uint32 perms = 3; +} + +message MkdirResponse {} + +message WriteFileRequest { + message WriteFileFlags { + bool create_parent_dirs = 1; + bool append = 2; + bool create_if_missing = 3; + } + string path = 1; + bytes data = 2; + uint32 mode = 3; + WriteFileFlags flags = 4; +} + +message WriteFileResponse {} + +message CopyRequest { + enum Direction { + // Copy from host into guest. + COPY_IN = 0; + // Copy from guest to host. + COPY_OUT = 1; + } + // Direction of the copy operation. + Direction direction = 1; + // Path in the guest (destination for COPY_IN, source for COPY_OUT). + string path = 2; + // File mode for single-file COPY_IN (defaults to 0644 if not set). + uint32 mode = 3; + // Create parent directories if they don't exist. + bool create_parents = 4; + // Vsock port the host is listening on for data transfer. + uint32 vsock_port = 5; + // For COPY_IN: indicates the data arriving on vsock is a tar+gzip archive. + bool is_archive = 6; +} + +message CopyResponse { + enum Status { + // Transfer metadata (first message for COPY_OUT: is_archive, total_size). + METADATA = 0; + // Data transfer completed successfully. + COMPLETE = 1; + } + // What this response represents. + Status status = 1; + // For COPY_OUT METADATA: indicates the data on vsock will be a tar+gzip archive. + bool is_archive = 2; + // For COPY_OUT METADATA: total size in bytes (0 if unknown, e.g. for archives). + uint64 total_size = 3; + // Non-empty if an error occurred. + string error = 4; +} + +message StatRequest { string path = 1; } + +message Stat { + uint64 dev = 1; // st_dev: ID of device containing file + uint64 ino = 2; // st_ino: inode number + uint32 mode = 3; // st_mode: file type and mode (permissions) + uint64 nlink = 4; // st_nlink: number of hard links + uint32 uid = 5; // st_uid: user ID of owner + uint32 gid = 6; // st_gid: group ID of owner + uint64 rdev = 7; // st_rdev: device ID (if special file) + int64 size = 8; // st_size: total size in bytes + int64 blksize = 9; // st_blksize: preferred block size for filesystem I/O + int64 blocks = 10; // st_blocks: number of 512-byte blocks allocated + google.protobuf.Timestamp atime = 11; // st_atim: time of last access + google.protobuf.Timestamp mtime = 12; // st_mtim: time of last modification + google.protobuf.Timestamp ctime = 13; // st_ctim: time of last status change +} + +message StatResponse { + Stat stat = 1; + string error = 2; // Non-empty if stat failed. +} + +message FiTrimParams { + oneof schedule { + OneShot one_shot = 1; + } + + message OneShot {} +} +message FiFreezeParams {} +message FiThawParams {} + +message FiTrimResult { + uint64 trimmed_bytes = 1; +} + +message FilesystemOperationRequest { + string path = 1; + oneof operation { + FiTrimParams trim = 2; + FiFreezeParams freeze = 3; + FiThawParams thaw = 4; + } +} + +message FilesystemOperationResponse { + oneof result { + FiTrimResult trim = 1; + } +} + +message IpLinkSetRequest { + string interface = 1; + bool up = 2; + optional uint32 mtu = 3; +} + +message IpLinkSetResponse {} + +message IpAddrAddRequest { + string interface = 1; + string ipv4Address = 2; + optional string ipv6Address = 3; +} + +message IpAddrAddResponse {} + +message IpRouteAddLinkRequest { + string interface = 1; + string dstIpv4Addr = 2; + string srcIpv4Addr = 3; + optional string dstIpv6Addr = 4; + optional string srcIpv6Addr = 5; +} + +message IpRouteAddLinkResponse {} + +message IpRouteAddDefaultRequest { + string interface = 1; + string ipv4Gateway = 2; + optional string ipv6Gateway = 3; +} + +message IpRouteAddDefaultResponse {} + +message ConfigureDnsRequest { + string location = 1; + repeated string nameservers = 2; + optional string domain = 3; + repeated string searchDomains = 4; + repeated string options = 5; +} + +message ConfigureDnsResponse {} + +message ConfigureHostsRequest { + message HostsEntry { + string ipAddress = 1; + repeated string hostnames = 2; + optional string comment = 3; + } + string location = 1; + repeated HostsEntry entries = 2; + optional string comment = 3; +} + +message ConfigureHostsResponse {} + +message SyncRequest {} +message SyncResponse {} + +message KillRequest { + int32 pid = 1; + int32 signal = 3; +} + +message KillResponse { int32 result = 1; } + +// Categories of statistics that can be requested. +enum StatCategory { + STAT_CATEGORY_UNSPECIFIED = 0; + STAT_CATEGORY_PROCESS = 1; + STAT_CATEGORY_MEMORY = 2; + STAT_CATEGORY_CPU = 3; + STAT_CATEGORY_BLOCK_IO = 4; + STAT_CATEGORY_NETWORK = 5; + STAT_CATEGORY_MEMORY_EVENTS = 6; +} + +message ContainerStatisticsRequest { + repeated string container_ids = 1; // Empty = all containers + repeated StatCategory categories = 2; // Empty = all categories +} + +message ContainerStatisticsResponse { + repeated ContainerStats containers = 1; +} + +message ContainerStats { + string container_id = 1; + ProcessStats process = 2; + MemoryStats memory = 3; + CPUStats cpu = 4; + BlockIOStats block_io = 5; + repeated NetworkStats networks = 6; + MemoryEventStats memory_events = 7; +} + +message ProcessStats { + uint64 current = 1; + uint64 limit = 2; // 0 or max value = unlimited +} + +message MemoryStats { + uint64 usage_bytes = 1; + uint64 limit_bytes = 2; + uint64 swap_usage_bytes = 3; + uint64 swap_limit_bytes = 4; + uint64 cache_bytes = 5; + uint64 kernel_stack_bytes = 6; + uint64 slab_bytes = 7; + uint64 page_faults = 8; + uint64 major_page_faults = 9; + uint64 inactive_file = 10; + uint64 anon = 11; + uint64 workingset_refault_anon = 12; + uint64 workingset_refault_file = 13; + uint64 pgsteal_kswapd = 14; + uint64 pgsteal_direct = 15; + uint64 pgsteal_khugepaged = 16; +} + +message CPUStats { + uint64 usage_usec = 1; + uint64 user_usec = 2; + uint64 system_usec = 3; + uint64 throttling_periods = 4; + uint64 throttled_periods = 5; + uint64 throttled_time_usec = 6; +} + +message BlockIOStats { + repeated BlockIOEntry devices = 1; +} + +message BlockIOEntry { + uint64 major = 1; + uint64 minor = 2; + uint64 read_bytes = 3; + uint64 write_bytes = 4; + uint64 read_operations = 5; + uint64 write_operations = 6; +} + +message NetworkStats { + string interface = 1; + uint64 receivedPackets = 2; + uint64 transmittedPackets = 3; + uint64 receivedBytes = 4; + uint64 transmittedBytes = 5; + uint64 receivedErrors = 6; + uint64 transmittedErrors = 7; +} + +// Memory event counters from cgroup2's memory.events file. +message MemoryEventStats { + // Number of times the cgroup was reclaimed due to low memory. + uint64 low = 1; + // Number of times the cgroup exceeded its high memory limit. + uint64 high = 2; + // Number of times the cgroup hit its max memory limit. + uint64 max = 3; + // Number of times the cgroup triggered OOM. + uint64 oom = 4; + // Number of processes killed by OOM killer. + uint64 oom_kill = 5; + // Number of times charge for memory failed because of limit. + uint64 oom_group_kill = 6; +} diff --git a/Sources/Containerization/SandboxOverrides.swift b/Sources/Containerization/SandboxOverrides.swift new file mode 100644 index 0000000..b94024e --- /dev/null +++ b/Sources/Containerization/SandboxOverrides.swift @@ -0,0 +1,100 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import Foundation + +/// Per-component opt-ins to weaken the upstream-secure spawn flags for +/// cloud-hypervisor and virtiofsd. Each flag is independent so an operator +/// can target the minimum hardening that needs to come off — e.g. running +/// inside apple/container's `--virtualization` dev container needs both, +/// but a future bare-metal Linux host with a custom seccomp policy might +/// only need one. +/// +/// Read once per process at first reference. Default false (secure). +/// +/// **Legacy alias.** `CONTAINERIZATION_RELAXED_SANDBOX=1` continues to flip +/// every flag here for back-compat with the original combined toggle. New +/// callers should prefer the per-component vars below. +enum SandboxOverrides { + /// When set, cloud-hypervisor is launched with `--seccomp false`. + /// Disables CH's userspace seccomp BPF filter; the kernel's filter + /// (whatever the host policy is) still applies. + /// + /// Env: `CONTAINERIZATION_NO_CH_SECCOMP=1` + static let chSeccompDisabled: Bool = + boolEnv("CONTAINERIZATION_NO_CH_SECCOMP") || legacyRelaxedSandbox + + /// When set, virtiofsd is launched with `--sandbox none`. Disables + /// virtiofsd's userns + pivot_root + seccomp setup. Combined with the + /// vendored cap-drop patch (`scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch`) + /// at build time, the daemon retains its parent's capabilities — so + /// only enable this when the parent process is the trust boundary you + /// want. + /// + /// Env: `CONTAINERIZATION_NO_VIRTIOFSD_SANDBOX=1` + static let virtiofsdSandboxDisabled: Bool = + boolEnv("CONTAINERIZATION_NO_VIRTIOFSD_SANDBOX") || legacyRelaxedSandbox + + /// True if any override is currently in effect — used by callers that + /// want to log a single banner regardless of which flag is set. + static var anyEnabled: Bool { + chSeccompDisabled || virtiofsdSandboxDisabled + } + + /// Back-compat alias: enables every per-component flag in one shot. + private static let legacyRelaxedSandbox: Bool = + boolEnv("CONTAINERIZATION_RELAXED_SANDBOX") + + private static func boolEnv(_ name: String) -> Bool { + ProcessInfo.processInfo.environment[name] == "1" + } +} + +/// Minimal environment allowlist for child processes we spawn (`CHProcess`, +/// `VirtiofsdProcess`). Inheriting the parent's full env exposes any +/// secrets the calling tool happens to have set (`AWS_*`, `KUBE_*`, +/// `*_TOKEN`, etc.) to a binary that has no use for them. Only the +/// variables below are forwarded — extend this list when a new spawn-time +/// dependency surfaces, and document why. +/// +/// - `PATH`, `HOME`: minimum POSIX hygiene; some libc/setuid paths look at +/// these even for self-contained binaries. +/// - `RUST_LOG`, `RUST_BACKTRACE`: cloud-hypervisor and virtiofsd are Rust +/// binaries; pass these through if the operator has set them so +/// debugging is unimpaired. +enum ChildEnvironment { + /// Construct a minimal environment for the child as `KEY=value` strings + /// suitable for `Command.environment`. Variables not present in the + /// parent env are simply omitted. + static func minimal() -> [String] { + let allowlist = ["PATH", "HOME", "RUST_LOG", "RUST_BACKTRACE"] + let parent = ProcessInfo.processInfo.environment + var entries: [String] = [] + // PATH falls back to a sane default since Command's execve needs an + // absolute path anyway, but child Rust binaries occasionally probe + // PATH for helper tools. + let path = parent["PATH"] ?? "/usr/sbin:/usr/bin:/sbin:/bin" + entries.append("PATH=\(path)") + for key in allowlist where key != "PATH" { + if let value = parent[key] { + entries.append("\(key)=\(value)") + } + } + return entries + } +} +#endif diff --git a/Sources/Containerization/Signal.swift b/Sources/Containerization/Signal.swift new file mode 100644 index 0000000..caef367 --- /dev/null +++ b/Sources/Containerization/Signal.swift @@ -0,0 +1,302 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Darwin) +import Darwin +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Musl) +import Musl +#else +#error("Signal not supported on this platform.") +#endif + +/// A unix signal. +public struct Signal: RawRepresentable, Hashable, Sendable { + public let rawValue: Int32 + + public init(rawValue: Int32) { + self.rawValue = rawValue + } + + /// Parse a signal from a string representation (e.g. "SIGKILL", "KILL", "9"). + public init(_ name: String, from map: [String: Int32] = Signal.linux) throws { + var signalUpper = name.uppercased() + signalUpper.trimPrefix("SIG") + if let sig = Int32(signalUpper) { + if !map.values.contains(sig) { + throw SignalError.invalidSignal(name) + } + self.rawValue = sig + return + } + guard let sig = map[signalUpper] else { + throw SignalError.invalidSignal(name) + } + self.rawValue = sig + } + + // Signals that are commonly sent to containers and share the same + // number across macOS/Linux. + public static let hup = Signal(rawValue: 1) + public static let int = Signal(rawValue: 2) + public static let quit = Signal(rawValue: 3) + public static let kill = Signal(rawValue: 9) + public static let term = Signal(rawValue: 15) + public static let winch = Signal(rawValue: 28) + + /// Linux signals. + public enum Linux { + public static let hup = Signal(rawValue: 1) + public static let int = Signal(rawValue: 2) + public static let quit = Signal(rawValue: 3) + public static let ill = Signal(rawValue: 4) + public static let trap = Signal(rawValue: 5) + public static let abrt = Signal(rawValue: 6) + public static let bus = Signal(rawValue: 7) + public static let fpe = Signal(rawValue: 8) + public static let kill = Signal(rawValue: 9) + public static let usr1 = Signal(rawValue: 10) + public static let segv = Signal(rawValue: 11) + public static let usr2 = Signal(rawValue: 12) + public static let pipe = Signal(rawValue: 13) + public static let alrm = Signal(rawValue: 14) + public static let term = Signal(rawValue: 15) + public static let stkflt = Signal(rawValue: 16) + public static let chld = Signal(rawValue: 17) + public static let cont = Signal(rawValue: 18) + public static let stop = Signal(rawValue: 19) + public static let tstp = Signal(rawValue: 20) + public static let ttin = Signal(rawValue: 21) + public static let ttou = Signal(rawValue: 22) + public static let urg = Signal(rawValue: 23) + public static let xcpu = Signal(rawValue: 24) + public static let xfsz = Signal(rawValue: 25) + public static let vtalrm = Signal(rawValue: 26) + public static let prof = Signal(rawValue: 27) + public static let winch = Signal(rawValue: 28) + public static let io = Signal(rawValue: 29) + public static let poll = Signal(rawValue: 29) + public static let pwr = Signal(rawValue: 30) + public static let sys = Signal(rawValue: 31) + + public static func rtmin(offset: Int32 = 0) -> Signal { + Signal(rawValue: 34 + offset) + } + + public static let rtmax = Signal(rawValue: 64) + } + + /// Darwin signals. + public enum Darwin { + public static let hup = Signal(rawValue: 1) + public static let int = Signal(rawValue: 2) + public static let quit = Signal(rawValue: 3) + public static let ill = Signal(rawValue: 4) + public static let trap = Signal(rawValue: 5) + public static let abrt = Signal(rawValue: 6) + public static let emt = Signal(rawValue: 7) + public static let fpe = Signal(rawValue: 8) + public static let kill = Signal(rawValue: 9) + public static let bus = Signal(rawValue: 10) + public static let segv = Signal(rawValue: 11) + public static let sys = Signal(rawValue: 12) + public static let pipe = Signal(rawValue: 13) + public static let alrm = Signal(rawValue: 14) + public static let term = Signal(rawValue: 15) + public static let urg = Signal(rawValue: 16) + public static let stop = Signal(rawValue: 17) + public static let tstp = Signal(rawValue: 18) + public static let cont = Signal(rawValue: 19) + public static let chld = Signal(rawValue: 20) + public static let ttin = Signal(rawValue: 21) + public static let ttou = Signal(rawValue: 22) + public static let io = Signal(rawValue: 23) + public static let xcpu = Signal(rawValue: 24) + public static let xfsz = Signal(rawValue: 25) + public static let vtalrm = Signal(rawValue: 26) + public static let prof = Signal(rawValue: 27) + public static let winch = Signal(rawValue: 28) + public static let info = Signal(rawValue: 29) + public static let usr1 = Signal(rawValue: 30) + public static let usr2 = Signal(rawValue: 31) + } + + /// All Linux signals including real-time signals (RTMIN through RTMAX). + public static let linux: [String: Int32] = [ + "ABRT": 6, + "ALRM": 14, + "BUS": 7, + "CHLD": 17, + "CLD": 17, + "CONT": 18, + "FPE": 8, + "HUP": 1, + "ILL": 4, + "INT": 2, + "IO": 29, + "IOT": 6, + "KILL": 9, + "PIPE": 13, + "POLL": 29, + "PROF": 27, + "PWR": 30, + "QUIT": 3, + "SEGV": 11, + "STKFLT": 16, + "STOP": 19, + "SYS": 31, + "TERM": 15, + "TRAP": 5, + "TSTP": 20, + "TTIN": 21, + "TTOU": 22, + "URG": 23, + "USR1": 10, + "USR2": 12, + "VTALRM": 26, + "WINCH": 28, + "XCPU": 24, + "XFSZ": 25, + "RTMIN": 34, + "RTMIN+1": 35, + "RTMIN+2": 36, + "RTMIN+3": 37, + "RTMIN+4": 38, + "RTMIN+5": 39, + "RTMIN+6": 40, + "RTMIN+7": 41, + "RTMIN+8": 42, + "RTMIN+9": 43, + "RTMIN+10": 44, + "RTMIN+11": 45, + "RTMIN+12": 46, + "RTMIN+13": 47, + "RTMIN+14": 48, + "RTMIN+15": 49, + "RTMIN+16": 50, + "RTMIN+17": 51, + "RTMIN+18": 52, + "RTMIN+19": 53, + "RTMIN+20": 54, + "RTMIN+21": 55, + "RTMIN+22": 56, + "RTMIN+23": 57, + "RTMIN+24": 58, + "RTMIN+25": 59, + "RTMIN+26": 60, + "RTMIN+27": 61, + "RTMIN+28": 62, + "RTMIN+29": 63, + "RTMAX": 64, + ] +} + +#if os(macOS) + +extension Signal { + /// All signals for the macOS host. + public static let platform: [String: Int32] = [ + "ABRT": SIGABRT, + "ALRM": SIGALRM, + "BUS": SIGBUS, + "CHLD": SIGCHLD, + "CONT": SIGCONT, + "EMT": SIGEMT, + "FPE": SIGFPE, + "HUP": SIGHUP, + "ILL": SIGILL, + "INFO": SIGINFO, + "INT": SIGINT, + "IO": SIGIO, + "IOT": SIGIOT, + "KILL": SIGKILL, + "PIPE": SIGPIPE, + "PROF": SIGPROF, + "QUIT": SIGQUIT, + "SEGV": SIGSEGV, + "STOP": SIGSTOP, + "SYS": SIGSYS, + "TERM": SIGTERM, + "TRAP": SIGTRAP, + "TSTP": SIGTSTP, + "TTIN": SIGTTIN, + "TTOU": SIGTTOU, + "URG": SIGURG, + "USR1": SIGUSR1, + "USR2": SIGUSR2, + "VTALRM": SIGVTALRM, + "WINCH": SIGWINCH, + "XCPU": SIGXCPU, + "XFSZ": SIGXFSZ, + ] +} + +#elseif os(Linux) + +extension Signal { + /// All signals for the Linux host. + public static let platform = linux +} + +#endif + +extension Signal { + private static let platformToName: [Int32: String] = + Dictionary(Signal.platform.map { ($0.value, $0.key) }, uniquingKeysWith: { first, _ in first }) + + /// Returns the canonical name for this signal on the current platform. + public func platformName() -> String? { + Self.platformName(self.rawValue) + } + + /// Returns the canonical name for a signal number on the current platform. + public static func platformName(_ signal: Int32) -> String? { + platformToName[signal] + } +} + +#if os(macOS) +extension Signal { + /// Converts a macOS signal to the equivalent Linux signal. + public func linuxSignal() -> Signal? { + guard let name = Self.platformToName[self.rawValue], + let linuxNumber = Signal.linux[name] + else { + return nil + } + return Signal(rawValue: linuxNumber) + } +} +#endif + +extension Signal: ExpressibleByIntegerLiteral { + public init(integerLiteral value: Int32) { + self.rawValue = value + } +} + +/// Errors that can be encountered for converting signals. +public enum SignalError: Error, CustomStringConvertible { + case invalidSignal(String) + + public var description: String { + switch self { + case .invalidSignal(let sig): + return "invalid signal: \(sig)" + } + } +} diff --git a/Sources/Containerization/SystemPlatform.swift b/Sources/Containerization/SystemPlatform.swift new file mode 100644 index 0000000..341ba50 --- /dev/null +++ b/Sources/Containerization/SystemPlatform.swift @@ -0,0 +1,41 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOCI + +/// `SystemPlatform` describes an operating system and architecture pair. +/// This is primarily used to choose what kind of OCI image to pull from a +/// registry. +public struct SystemPlatform: Sendable, Codable { + public enum OS: String, CaseIterable, Sendable, Codable { + case linux + case darwin + } + public let os: OS + + public enum Architecture: String, CaseIterable, Sendable, Codable { + case arm64 + case amd64 + } + public let architecture: Architecture + + public func ociPlatform() -> ContainerizationOCI.Platform { + ContainerizationOCI.Platform(arch: architecture.rawValue, os: os.rawValue) + } + + public static var linuxArm: SystemPlatform { .init(os: .linux, architecture: .arm64) } + public static var linuxAmd: SystemPlatform { .init(os: .linux, architecture: .amd64) } +} diff --git a/Sources/Containerization/TAPDevice.swift b/Sources/Containerization/TAPDevice.swift new file mode 100644 index 0000000..bae6e5a --- /dev/null +++ b/Sources/Containerization/TAPDevice.swift @@ -0,0 +1,155 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import CShim +import ContainerizationError +import ContainerizationExtras +import ContainerizationNetlink +import Foundation +import Synchronization + +#if canImport(Musl) +import Musl +let osClose = Musl.close +#elseif canImport(Glibc) +import Glibc +let osClose = Glibc.close +#endif + +/// A Linux TAP network device whose kernel interface lives only as long as +/// this `TAPDevice` instance. Created via `/dev/net/tun` + `ioctl(TUNSETIFF)`, +/// optionally enslaved to a pre-existing bridge, with MTU/MAC/UP applied via +/// netlink. The fd is held internally; closing it (explicitly or via deinit) +/// removes the interface from the kernel. +/// +/// `TUNSETPERSIST` is never called, so process death also cleans up the +/// device automatically. Cloud-hypervisor opens the same TAP **by name**; +/// the held fd keeps the interface alive across CH's open/close cycle. +/// +/// Requires `CAP_NET_ADMIN`. +public final class TAPDevice: Sendable { + /// The kernel-resolved interface name. May differ from the `name` + /// parameter passed to `init` if the kernel substituted one (e.g. when + /// `nil` was passed and the kernel picked `tapN`). + public let name: String + + public let mtu: UInt32 + + /// The MAC address as set on init, or nil if the kernel auto-assigned one. + /// Not read back from the kernel. + public let macAddress: MACAddress? + + private let _fd: Mutex + + /// Create a TAP device. + /// + /// - Parameters: + /// - name: Desired interface name. Empty or nil = kernel picks (`tap%d`). + /// Length must be < 16 (`IFNAMSIZ - 1`). + /// - bridge: Name of an existing bridge to enslave the TAP to, or nil. + /// - mtu: MTU in bytes (default 1500). + /// - macAddress: Hardware address to set, or nil to leave kernel default. + public init( + name: String? = nil, + bridge: String? = nil, + mtu: UInt32 = 1500, + macAddress: MACAddress? = nil + ) throws { + if let n = name, n.utf8.count >= 16 { + throw ContainerizationError( + .invalidArgument, + message: "TAP name too long: \(n) (must be < 16 chars)" + ) + } + + // 1. Open + TUNSETIFF via CShim. Returns fd on success, -errno on failure. + var resolved = [CChar](repeating: 0, count: 16) + let fd: Int32 = resolved.withUnsafeMutableBufferPointer { buf in + (name ?? "").withCString { reqPtr in + cz_tap_create(reqPtr, buf.baseAddress, 16) + } + } + guard fd >= 0 else { + throw ContainerizationError( + .internalError, + message: "cz_tap_create failed: errno=\(-fd)" + ) + } + + // From here on, any failure must close `fd` to release the kernel iface. + var fdToClean: Int32? = fd + defer { + if let f = fdToClean { + _ = osClose(f) + } + } + + let resolvedName: String = resolved.withUnsafeBufferPointer { buf in + // String(cString:) is deprecated in newer toolchains. Build the + // String from the NUL-terminated UTF-8 bytes directly. + let bytes = buf.prefix(while: { $0 != 0 }).map { UInt8(bitPattern: $0) } + return String(decoding: bytes, as: UTF8.self) + } + + // 2. Apply MAC and master via netlink (single RTM_NEWLINK). + let session = try NetlinkSession(socket: DefaultNetlinkSocket()) + do { + try session.linkSetAttributes( + interface: resolvedName, + macAddress: macAddress, + master: bridge + ) + } catch { + throw ContainerizationError( + .internalError, + message: "linkSetAttributes failed for \(resolvedName): \(error)" + ) + } + + // 3. Bring UP and set MTU. + do { + try session.linkSet(interface: resolvedName, up: true, mtu: mtu) + } catch { + throw ContainerizationError( + .internalError, + message: "linkSet(up:mtu:) failed for \(resolvedName): \(error)" + ) + } + + // 4. Success — store and clear cleanup. + self.name = resolvedName + self.mtu = mtu + self.macAddress = macAddress + self._fd = Mutex(fd) + fdToClean = nil + } + + /// Close the held fd, removing the interface from the kernel. Idempotent. + public func close() { + _fd.withLock { fd in + if let f = fd { + _ = osClose(f) + fd = nil + } + } + } + + deinit { + close() + } +} +#endif diff --git a/Sources/Containerization/TimeSyncer.swift b/Sources/Containerization/TimeSyncer.swift new file mode 100644 index 0000000..b6da252 --- /dev/null +++ b/Sources/Containerization/TimeSyncer.swift @@ -0,0 +1,87 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Logging + +actor TimeSyncer { + private var task: Task? + private var context: Vminitd? + private var paused: Bool + private let logger: Logger? + + init(logger: Logger?) { + self.paused = false + self.logger = logger + } + + func start(context: Vminitd, interval: Duration = .seconds(30)) { + guard self.task == nil else { + return + } + + self.context = context + self.task = Task { + while true { + do { + do { + try await Task.sleep(for: interval) + } catch { + return + } + + guard !paused else { + continue + } + + var timeval = timeval() + guard gettimeofday(&timeval, nil) == 0 else { + throw POSIXError.fromErrno() + } + + try await context.setTime( + sec: Int64(timeval.tv_sec), + usec: Int32(timeval.tv_usec) + ) + } catch { + self.logger?.error("failed to sync time with guest agent: \(error)") + } + } + } + } + + func pause() async { + self.paused = true + } + + func resume() async { + self.paused = false + } + + func close() async throws { + guard let task else { + // Already closed, nop. + return + } + + task.cancel() + await task.value + + try await self.context?.close() + self.task = nil + self.context = nil + } +} diff --git a/Sources/Containerization/UnixSocketConfiguration.swift b/Sources/Containerization/UnixSocketConfiguration.swift new file mode 100644 index 0000000..ec7f941 --- /dev/null +++ b/Sources/Containerization/UnixSocketConfiguration.swift @@ -0,0 +1,70 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage + +/// Represents a UnixSocket that can be shared into or out of a container/guest. +public struct UnixSocketConfiguration: Sendable { + // TODO: Realistically, we can just hash this struct and use it as the "id". + /// The unique identifier for this socket configuration. + public var id: String { + _id + } + + private let _id = UUID().uuidString + + /// The path to the socket you'd like relayed. For .into + /// direction this should be the path on the host to a unix socket. + /// For direction .outOf this should be the path in the container/guest + /// to a unix socket. + public var source: URL + + /// The path you'd like the socket to be relayed to. For .into + /// direction this should be the path in the container/guest. For + /// direction .outOf this should be the path on your host. + public var destination: URL + + /// What to set the file permissions of the unix socket being created + /// to. For .into direction this will be the socket in the guest. For + /// .outOf direction this will be the socket on the host. + public var permissions: FilePermissions? + + /// The direction of the relay. `.into` for sharing a unix socket on your + /// host into the container/guest. `outOf` shares a socket in the container/guest + /// onto your host. + public var direction: Direction + + /// Type that denotes the direction of the unix socket relay. + public enum Direction: Sendable { + /// Share the socket into the container/guest. + case into + /// Share a socket in the container/guest onto the host. + case outOf + } + + public init( + source: URL, + destination: URL, + permissions: FilePermissions? = nil, + direction: Direction = .into + ) { + self.source = source + self.destination = destination + self.permissions = permissions + self.direction = direction + } +} diff --git a/Sources/Containerization/UnixSocketRelay.swift b/Sources/Containerization/UnixSocketRelay.swift new file mode 100644 index 0000000..4069bf4 --- /dev/null +++ b/Sources/Containerization/UnixSocketRelay.swift @@ -0,0 +1,243 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationIO +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +package final class UnixSocketRelay: Sendable { + private let port: UInt32 + private let configuration: UnixSocketConfiguration + private let vm: any VirtualMachineInstance + private let log: Logger? + private let state: Mutex + + private struct State { + var activeRelays: [String: BidirectionalRelay] = [:] + var t: Task<(), Never>? = nil + var listener: VsockListener? = nil + } + + init( + port: UInt32, + socket: UnixSocketConfiguration, + vm: any VirtualMachineInstance, + log: Logger? = nil + ) throws { + self.port = port + self.configuration = socket + self.vm = vm + self.log = log + self.state = Mutex(.init()) + } + + deinit { + state.withLock { $0.t?.cancel() } + } +} + +extension UnixSocketRelay { + func start() async throws { + switch configuration.direction { + case .outOf: + try await setupHostVsockDial() + case .into: + try setupHostVsockListener() + } + } + + func stop() throws { + try state.withLock { + guard let t = $0.t else { + throw ContainerizationError( + .invalidState, + message: "failed to stop socket relay: relay has not been started" + ) + } + t.cancel() + $0.t = nil + for (_, relay) in $0.activeRelays { + relay.stop() + } + $0.activeRelays.removeAll() + + switch configuration.direction { + case .outOf: + // If we created the host conn, lets unlink it also. It's possible it was + // already unlinked if the relay failed earlier. + try? FileManager.default.removeItem(at: self.configuration.destination) + case .into: + try $0.listener?.finish() + } + } + } + + private func setupHostVsockDial() async throws { + let hostConn = configuration.destination + + let socketType = try UnixType( + path: hostConn.path, + unlinkExisting: true + ) + let hostSocket = try Socket(type: socketType) + try hostSocket.listen() + + log?.info( + "listening on host UDS", + metadata: [ + "path": "\(hostConn.path)", + "vport": "\(port)", + ]) + let connectionStream = try hostSocket.acceptStream(closeOnDeinit: false) + state.withLock { + $0.t = Task { + do { + for try await connection in connectionStream { + try await self.handleHostUnixConn( + hostConn: connection, + port: self.port, + vm: self.vm, + log: self.log + ) + } + } catch { + log?.error("failed in unix socket relay loop: \(error)") + } + try? FileManager.default.removeItem(at: hostConn) + } + } + } + + private func setupHostVsockListener() throws { + let hostPath = configuration.source + + let listener = try vm.listen(port) + log?.info( + "listening on guest vsock", + metadata: [ + "path": "\(hostPath)", + "vport": "\(port)", + ]) + + state.withLock { + $0.listener = listener + $0.t = Task { + do { + defer { try? listener.finish() } + for await connection in listener { + try await self.handleGuestVsockConn( + vsockConn: connection, + hostConnectionPath: hostPath, + port: self.port, + log: self.log + ) + } + } catch { + self.log?.error("failed to setup relay between vsock \(self.port) and \(hostPath.path): \(error)") + } + } + } + } + + private func handleHostUnixConn( + hostConn: ContainerizationOS.Socket, + port: UInt32, + vm: any VirtualMachineInstance, + log: Logger? + ) async throws { + do { + let guestConn = try await vm.dial(port) + log?.debug( + "initiating connection from host to guest", + metadata: [ + "vport": "\(port)", + "hostFd": "\(guestConn.fileDescriptor)", + "guestFd": "\(hostConn.fileDescriptor)", + ]) + try await self.relay( + hostConn: hostConn, + guestFd: guestConn.fileDescriptor + ) + } catch { + log?.error("failed to relay between vsock \(port) and \(hostConn)") + throw error + } + } + + private func handleGuestVsockConn( + vsockConn: FileHandle, + hostConnectionPath: URL, + port: UInt32, + log: Logger? + ) async throws { + let hostPath = hostConnectionPath.path + let socketType = try UnixType(path: hostPath) + let hostSocket = try Socket( + type: socketType, + closeOnDeinit: false + ) + log?.debug( + "initiating connection from guest to host", + metadata: [ + "vport": "\(port)", + "hostFd": "\(hostSocket.fileDescriptor)", + "guestFd": "\(vsockConn.fileDescriptor)", + ]) + try hostSocket.connect() + + do { + try await self.relay( + hostConn: hostSocket, + guestFd: vsockConn.fileDescriptor + ) + } catch { + log?.error("failed to relay between vsock \(port) and \(hostPath)") + } + } + + private func relay( + hostConn: Socket, + guestFd: Int32 + ) async throws { + let hostFd = hostConn.fileDescriptor + + let relayID = UUID().uuidString + let relay = BidirectionalRelay( + fd1: hostFd, + fd2: guestFd, + log: log + ) + + state.withLock { + $0.activeRelays[relayID] = relay + } + + do { + try relay.start() + } catch { + state.withLock { $0.activeRelays[relayID] = nil } + throw error + } + + Task { + await relay.waitForCompletion() + state.withLock { $0.activeRelays[relayID] = nil } + } + } +} diff --git a/Sources/Containerization/UnixSocketRelayManager.swift b/Sources/Containerization/UnixSocketRelayManager.swift new file mode 100644 index 0000000..f1f9d3d --- /dev/null +++ b/Sources/Containerization/UnixSocketRelayManager.swift @@ -0,0 +1,73 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation +import Logging + +package actor UnixSocketRelayManager { + private let vm: any VirtualMachineInstance + private var relays: [String: UnixSocketRelay] + private let log: Logger? + + init(vm: any VirtualMachineInstance, log: Logger? = nil) { + self.vm = vm + self.relays = [:] + self.log = log + } +} + +extension UnixSocketRelayManager { + func start(port: UInt32, socket: UnixSocketConfiguration) async throws { + guard relays[socket.id] == nil else { + throw ContainerizationError( + .invalidState, + message: "socket relay \(socket.id) already started" + ) + } + + let relay = try UnixSocketRelay( + port: port, + socket: socket, + vm: vm, + log: log + ) + + do { + relays[socket.id] = relay + try await relay.start() + } catch { + relays.removeValue(forKey: socket.id) + throw error + } + } + + func stop(socket: UnixSocketConfiguration) async throws { + guard let storedRelay = relays.removeValue(forKey: socket.id) else { + throw ContainerizationError( + .notFound, + message: "failed to stop socket relay" + ) + } + try storedRelay.stop() + } + + func stopAll() async throws { + for (_, relay) in relays { + try relay.stop() + } + } +} diff --git a/Sources/Containerization/VMConfiguration.swift b/Sources/Containerization/VMConfiguration.swift new file mode 100644 index 0000000..30faebc --- /dev/null +++ b/Sources/Containerization/VMConfiguration.swift @@ -0,0 +1,103 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOCI +import Foundation + +/// Destination for boot log (serial console) output. +public struct BootLog: Sendable { + /// The underlying representation of the boot log destination. + internal enum Representation: Sendable { + case file(path: URL, append: Bool) + case fileHandle(FileHandle) + } + + internal var base: Representation + + /// Write boot logs to a file at the specified path. + /// + /// - Parameters: + /// - path: The URL of the file to write boot logs to. + /// - append: Whether to append to an existing file or overwrite it. Defaults to true. + /// + /// - Returns: A boot log destination that writes to a file. + public static func file(path: URL, append: Bool = true) -> BootLog { + self.init(base: .file(path: path, append: append)) + } + + /// Write boot logs to a file handle. + /// + /// - Parameter fileHandle: The file handle to write boot logs to. + /// + /// - Returns: A boot log destination that writes to a file handle. + public static func fileHandle(_ fileHandle: FileHandle) -> BootLog { + self.init(base: .fileHandle(fileHandle)) + } +} + +/// Protocol for VM creation configuration. Allows VMMs to extend with specific settings +/// while maintaining a common core configuration. +public protocol VMCreationConfig: Sendable { + /// The common VM configuration that all VMMs must support. + var configuration: VMConfiguration { get } +} + +/// Standard VM creation configuration with only common settings. +public struct StandardVMConfig: VMCreationConfig { + public var configuration: VMConfiguration + + public init(configuration: VMConfiguration) { + self.configuration = configuration + } +} + +/// Configuration for creating a virtual machine instance. +public struct VMConfiguration: Sendable { + /// The amount of CPUs to allocate. + public var cpus: Int + /// The memory in bytes to allocate. + public var memoryInBytes: UInt64 + /// The network interfaces to attach. + public var interfaces: [any Interface] + /// Mounts organized by metadata ID (e.g. container ID). + /// Each ID maps to an array of mounts for that workload. + public var mountsByID: [String: [Mount]] + /// Optional destination for serial boot logs. + public var bootLog: BootLog? + /// Enable nested virtualization support. If the VirtualMachineManager + /// does not support this feature, it MUST return an .unsupported ContainerizationError. + public var nestedVirtualization: Bool + /// Extension objects that participate in the VM instance lifecycle. + /// Extension packages append their types here; VZ-aware extensions + /// should conform to ``VZInstanceExtension``. + public var extensions: [any Sendable] = [] + + public init( + cpus: Int = 4, + memoryInBytes: UInt64 = 1024 * 1024 * 1024, + interfaces: [any Interface] = [], + mountsByID: [String: [Mount]] = [:], + bootLog: BootLog? = nil, + nestedVirtualization: Bool = false + ) { + self.cpus = cpus + self.memoryInBytes = memoryInBytes + self.interfaces = interfaces + self.mountsByID = mountsByID + self.bootLog = bootLog + self.nestedVirtualization = nestedVirtualization + } +} diff --git a/Sources/Containerization/VZVirtualMachine+Helpers.swift b/Sources/Containerization/VZVirtualMachine+Helpers.swift new file mode 100644 index 0000000..2cbadb1 --- /dev/null +++ b/Sources/Containerization/VZVirtualMachine+Helpers.swift @@ -0,0 +1,152 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) +import Foundation +import Logging +import Virtualization +import ContainerizationError + +extension VZVirtualMachine { + nonisolated func connect(queue: DispatchQueue, port: UInt32) async throws -> VZVirtioSocketConnection { + try await withCheckedThrowingContinuation { cont in + queue.sync { + guard let vsock = self.socketDevices[0] as? VZVirtioSocketDevice else { + let error = ContainerizationError(.invalidArgument, message: "no vsock device") + cont.resume(throwing: error) + return + } + vsock.connect(toPort: port) { result in + switch result { + case .success(let conn): + // `conn` isn't used concurrently. + nonisolated(unsafe) let conn = conn + cont.resume(returning: conn) + case .failure(let error): + cont.resume(throwing: error) + } + } + } + } + } + + func listen(queue: DispatchQueue, port: UInt32, listener: VZVirtioSocketListener) throws { + try queue.sync { + guard let vsock = self.socketDevices[0] as? VZVirtioSocketDevice else { + throw ContainerizationError(.invalidArgument, message: "no vsock device") + } + vsock.setSocketListener(listener, forPort: port) + } + } + + func removeListener(queue: DispatchQueue, port: UInt32) throws { + try queue.sync { + guard let vsock = self.socketDevices[0] as? VZVirtioSocketDevice else { + throw ContainerizationError( + .invalidArgument, + message: "no vsock device to remove" + ) + } + vsock.removeSocketListener(forPort: port) + } + } + + func start(queue: DispatchQueue) async throws { + try await withCheckedThrowingContinuation { (cont: CheckedContinuation) in + queue.sync { + self.start { result in + if case .failure(let error) = result { + cont.resume(throwing: error) + return + } + cont.resume() + } + } + } + } + + func stop(queue: DispatchQueue) async throws { + try await withCheckedThrowingContinuation { (cont: CheckedContinuation) in + queue.sync { + self.stop { error in + if let error { + cont.resume(throwing: error) + return + } + cont.resume() + } + } + } + } + + func pause(queue: DispatchQueue) async throws { + try await withCheckedThrowingContinuation { (cont: CheckedContinuation) in + queue.sync { + self.pause { result in + if case .failure(let error) = result { + cont.resume(throwing: error) + return + } + cont.resume() + } + } + } + } + + func resume(queue: DispatchQueue) async throws { + try await withCheckedThrowingContinuation { (cont: CheckedContinuation) in + queue.sync { + self.resume { result in + if case .failure(let error) = result { + cont.resume(throwing: error) + return + } + cont.resume() + } + } + } + } +} + +extension VZVirtualMachine { + func waitForAgent(queue: DispatchQueue) async throws -> FileHandle { + let agentConnectionRetryCount: Int = 200 + let agentConnectionSleepDuration: Duration = .milliseconds(20) + + for _ in 0...agentConnectionRetryCount { + do { + return try await self.connect(queue: queue, port: Vminitd.port).dupHandle() + } catch { + try await Task.sleep(for: agentConnectionSleepDuration) + continue + } + } + throw ContainerizationError(.timeout, message: "failed to get a connection to agent socket") + } +} + +extension VZVirtioSocketConnection { + func dupHandle() throws -> FileHandle { + let fd = dup(self.fileDescriptor) + if fd == -1 { + throw POSIXError.fromErrno() + } + self.close() + return FileHandle(fileDescriptor: fd, closeOnDealloc: false) + } +} + +#endif diff --git a/Sources/Containerization/VZVirtualMachineInstance.swift b/Sources/Containerization/VZVirtualMachineInstance.swift new file mode 100644 index 0000000..160c502 --- /dev/null +++ b/Sources/Containerization/VZVirtualMachineInstance.swift @@ -0,0 +1,587 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) +import Foundation +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Logging +import NIOCore +import NIOPosix +import Synchronization +@preconcurrency import Virtualization + +public final class VZVirtualMachineInstance: Sendable { + public typealias Agent = Vminitd + + /// Attached mounts on the virtual machine, organized by metadata ID. + private let _mounts: Mutex<[String: [AttachedFilesystem]]> + public var mounts: [String: [AttachedFilesystem]] { + _mounts.withLock { $0 } + } + + /// The underlying Virtualization framework virtual machine. + public var vzVirtualMachine: VZVirtualMachine { vm } + + /// The dispatch queue used for VZ operations. + public var vmQueue: DispatchQueue { queue } + + /// Mutate the mount registry. + public func withMountRegistry(_ body: (inout sending [String: [AttachedFilesystem]]) throws -> sending T) rethrows -> T { + try _mounts.withLock(body) + } + + /// Serialize VM operations with the instance lock. + public func withInstanceLock(_ body: @Sendable @escaping () async throws -> T) async throws -> T { + try await lock.withLock { _ in try await body() } + } + + /// The hotplug provider, if hotplug is enabled for this instance. + public var hotplugProvider: (any HotplugProvider)? { + get { _hotplugProvider.withLock { $0 } } + set { _hotplugProvider.withLock { $0 = newValue } } + } + private let _hotplugProvider = Mutex<(any HotplugProvider)?>(nil) + + /// Returns the runtime state of the vm. + public var state: VirtualMachineInstanceState { + vzStateToInstanceState() + } + + /// The virtual machine instance configuration. + private let config: Configuration + public struct Configuration: Sendable { + /// Amount of cpus to allocated. + public var cpus: Int + /// Amount of memory in bytes allocated. + public var memoryInBytes: UInt64 + /// Toggle rosetta's x86_64 emulation support. + public var rosetta: Bool + /// Toggle nested virtualization support. + public var nestedVirtualization: Bool + /// Mount attachments organized by metadata ID. + public var mountsByID: [String: [Mount]] + /// Network interface attachments. + public var interfaces: [any Interface] + /// Kernel image. + public var kernel: Kernel? + /// The root filesystem. + public var initialFilesystem: Mount? + /// Destination for the virtual machine's boot logs. + public var bootLog: BootLog? + /// Extension objects that participate in the VM instance lifecycle. + public var extensions: [any Sendable] = [] + + public init() { + self.cpus = 4 + self.memoryInBytes = 1024.mib() + self.rosetta = false + self.nestedVirtualization = false + self.mountsByID = [:] + self.interfaces = [] + } + } + + // `vm` isn't used concurrently. + private nonisolated(unsafe) let vm: VZVirtualMachine + private let queue: DispatchQueue + private let lock: AsyncLock + private let group: EventLoopGroup + private let ownsGroup: Bool + private let timeSyncer: TimeSyncer + private let logger: Logger? + + public convenience init( + group: EventLoopGroup? = nil, + logger: Logger? = nil, + with: (inout Configuration) throws -> Void + ) throws { + var config = Configuration() + try with(&config) + try self.init(group: group, config: config, logger: logger) + } + + init(group: EventLoopGroup?, config: Configuration, logger: Logger?) throws { + if let group { + self.ownsGroup = false + self.group = group + } else { + self.ownsGroup = true + self.group = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount) + } + + self.config = config + self.lock = .init() + self.queue = DispatchQueue(label: "com.apple.containerization.vzvm.\(UUID().uuidString)") + self.logger = logger + self.timeSyncer = .init(logger: logger) + + let allocator = Character.blockDeviceTagAllocator() + let (mountAttachments, _) = try config.mountAttachments(allocator: allocator) + self._mounts = Mutex(mountAttachments) + + self.vm = VZVirtualMachine( + configuration: try config.toVZ(allocator: allocator), + queue: self.queue + ) + + for ext in config.extensions.compactMap({ $0 as? any VZInstanceExtension }) { + try ext.didCreate(self) + } + } +} + +/// Protocol for extensions that participate in VZVirtualMachineInstance lifecycle. +/// Append conforming types to `Configuration.extensions` to hook into VM setup and teardown. +public protocol VZInstanceExtension: Sendable { + /// Modify the VZ configuration before the VM is created. + func configureVZ( + _ config: inout VZVirtualMachineConfiguration, + allocator: any AddressAllocator, + storageDeviceCount: Int, + mountsByID: [String: [Mount]] + ) throws + + /// Called after the VZVirtualMachine is created but before start. + func didCreate(_ instance: VZVirtualMachineInstance) throws + + /// Called during stop before the VM is shut down. + func willStop(_ instance: VZVirtualMachineInstance) async throws +} + +extension VZInstanceExtension { + public func configureVZ( + _ config: inout VZVirtualMachineConfiguration, + allocator: any AddressAllocator, + storageDeviceCount: Int, + mountsByID: [String: [Mount]] + ) throws {} + + public func didCreate(_ instance: VZVirtualMachineInstance) throws {} + + public func willStop(_ instance: VZVirtualMachineInstance) async throws {} +} + +extension VZVirtualMachineInstance: VirtualMachineInstance { + public func start() async throws { + try await lock.withLock { _ in + guard self.state == .stopped else { + throw ContainerizationError( + .invalidState, + message: "virtual machine is not stopped \(self.state)" + ) + } + + // Do any necessary setup needed prior to starting the guest. + try await self.prestart() + + try await self.vm.start(queue: self.queue) + + let agent = try await Vminitd( + connection: try await self.vm.waitForAgent(queue: self.queue), + group: self.group + ) + + do { + if self.config.rosetta { + try await agent.enableRosetta() + } + } catch { + try await agent.close() + throw error + } + + // Don't close our remote context as we are providing + // it to our time sync routine. + await self.timeSyncer.start(context: agent) + } + } + + public func stop() async throws { + try await lock.withLock { connections in + // NOTE: We should record HOW the vm stopped eventually. If the vm exited + // unexpectedly virtualization framework offers you a way to store + // an error on how it exited. We should report that here instead of the + // generic vm is not running. + guard self.state == .running else { + throw ContainerizationError(.invalidState, message: "vm is not running") + } + + try await self.timeSyncer.close() + + if self.ownsGroup { + try await self.group.shutdownGracefully() + } + + for ext in self.config.extensions.compactMap({ $0 as? any VZInstanceExtension }) { + try? await ext.willStop(self) + } + + try await self.vm.stop(queue: self.queue) + } + } + + // NOTE: Investigate what is the "right" way to handle already vended vsock + // connections for pause and resume. + + public func pause() async throws { + try await lock.withLock { _ in + await self.timeSyncer.pause() + try await self.vm.pause(queue: self.queue) + } + } + + public func resume() async throws { + try await lock.withLock { _ in + try await self.vm.resume(queue: self.queue) + await self.timeSyncer.resume() + } + } + + public func dialAgent() async throws -> Vminitd { + try await lock.withLock { _ in + do { + let conn = try await self.vm.connect( + queue: self.queue, + port: Vminitd.port + ) + let handle = try conn.dupHandle() + return try await Vminitd(connection: handle, group: self.group) + } catch { + if let err = error as? ContainerizationError { + throw err + } + throw ContainerizationError( + .internalError, + message: "failed to dial agent", + cause: error + ) + } + } + } + + public func dial(_ port: UInt32) async throws -> FileHandle { + try await lock.withLock { _ in + do { + let conn = try await self.vm.connect( + queue: self.queue, + port: port + ) + return try conn.dupHandle() + } catch { + if let err = error as? ContainerizationError { + throw err + } + throw ContainerizationError( + .internalError, + message: "failed to dial vsock port", + cause: error + ) + } + } + } + + public func listen(_ port: UInt32) throws -> VsockListener { + let stream = VsockListener(port: port, stopListen: self.stopListen) + let listener = VZVirtioSocketListener() + listener.delegate = stream + + try self.vm.listen( + queue: queue, + port: port, + listener: listener + ) + return stream + } + + private func stopListen(_ port: UInt32) throws { + try self.vm.removeListener( + queue: queue, + port: port + ) + } + + // MARK: - Hotplug + + public func hotplug(_ block: Mount, id: String) async throws -> AttachedFilesystem { + guard let hotplugProvider else { + throw ContainerizationError(.unsupported, message: "hotplug not supported") + } + return try await hotplugProvider.hotplug(block, id: id) + } + + public func registerMounts(id: String, rootfs: AttachedFilesystem, additionalMounts: [Mount]) throws { + guard let hotplugProvider else { return } + try hotplugProvider.registerMounts(id: id, rootfs: rootfs, additionalMounts: additionalMounts) + } + + public func releaseHotplug(id: String) async throws { + guard let hotplugProvider else { return } + try await hotplugProvider.releaseHotplug(id: id) + } + + public func hotplugVirtioFS(_ mounts: [Mount], id: String) async throws { + guard let hotplugProvider else { return } + try await hotplugProvider.hotplugVirtioFS(mounts, id: id) + } + + public func releaseVirtioFS(id: String) async throws { + guard let hotplugProvider else { return } + try await hotplugProvider.releaseVirtioFS(id: id) + } +} + +extension VZVirtualMachineInstance { + func vzStateToInstanceState() -> VirtualMachineInstanceState { + self.queue.sync { + let state: VirtualMachineInstanceState + switch self.vm.state { + case .starting: + state = .starting + case .running: + state = .running + case .stopping: + state = .stopping + case .stopped: + state = .stopped + default: + state = .unknown + } + return state + } + } + + func prestart() async throws { + if self.config.rosetta { + #if arch(arm64) + if VZLinuxRosettaDirectoryShare.availability == .notInstalled { + self.logger?.info("installing rosetta") + try await VZVirtualMachineInstance.Configuration.installRosetta() + } + #else + fatalError("rosetta is only supported on arm64") + #endif + } + } +} + +extension VZVirtualMachineInstance.Configuration { + public static func installRosetta() async throws { + do { + #if arch(arm64) + try await VZLinuxRosettaDirectoryShare.installRosetta() + #else + fatalError("rosetta is only supported on arm64") + #endif + } catch { + throw ContainerizationError( + .internalError, + message: "failed to install rosetta", + cause: error + ) + } + } + + private func serialPort(destination: BootLog) throws -> [VZVirtioConsoleDeviceSerialPortConfiguration] { + let c = VZVirtioConsoleDeviceSerialPortConfiguration() + switch destination.base { + case .file(let path, let append): + c.attachment = try VZFileSerialPortAttachment(url: path, append: append) + case .fileHandle(let fileHandle): + c.attachment = VZFileHandleSerialPortAttachment( + fileHandleForReading: nil, + fileHandleForWriting: fileHandle + ) + } + return [c] + } + + func toVZ(allocator: any AddressAllocator) throws -> VZVirtualMachineConfiguration { + var config = VZVirtualMachineConfiguration() + + config.cpuCount = self.cpus + let mib: UInt64 = 1 << 20 + config.memorySize = (self.memoryInBytes + mib - 1) & ~(mib - 1) + config.entropyDevices = [VZVirtioEntropyDeviceConfiguration()] + config.socketDevices = [VZVirtioSocketDeviceConfiguration()] + + if let bootLog = self.bootLog { + config.serialPorts = try serialPort(destination: bootLog) + } else { + // We always supply a serial console. If no explicit path was provided just send em to the void. + config.serialPorts = try serialPort(destination: .file(path: URL(filePath: "/dev/null"))) + } + + config.networkDevices = try self.interfaces.map { + guard let vzi = $0 as? VZInterface else { + throw ContainerizationError(.invalidArgument, message: "interface type not supported by VZ") + } + return try vzi.device() + } + + if self.rosetta { + #if arch(arm64) + switch VZLinuxRosettaDirectoryShare.availability { + case .notSupported: + throw ContainerizationError( + .invalidArgument, + message: "rosetta was requested but is not supported on this machine" + ) + case .notInstalled: + // NOTE: If rosetta isn't installed, we'll error with a nice error message + // during .start() of the virtual machine instance. + fallthrough + case .installed: + let share = try VZLinuxRosettaDirectoryShare() + let device = VZVirtioFileSystemDeviceConfiguration(tag: "rosetta") + device.share = share + config.directorySharingDevices.append(device) + @unknown default: + throw ContainerizationError( + .invalidArgument, + message: "unknown rosetta availability encountered: \(VZLinuxRosettaDirectoryShare.availability)" + ) + } + #else + fatalError("rosetta is only supported on arm64") + #endif + } + + guard let kernel = self.kernel else { + throw ContainerizationError(.invalidArgument, message: "kernel cannot be nil") + } + + guard let initialFilesystem = self.initialFilesystem else { + throw ContainerizationError(.invalidArgument, message: "rootfs cannot be nil") + } + + let loader = VZLinuxBootLoader(kernelURL: kernel.path) + loader.commandLine = kernel.linuxCommandline(initialFilesystem: initialFilesystem) + config.bootLoader = loader + + try initialFilesystem.configure(config: &config) + + // Track used virtiofs tags to avoid creating duplicate VZ devices. + // The same source directory mounted to multiple destinations shares one device. + var usedVirtioFSTags: Set = [] + for (_, mounts) in self.mountsByID { + for mount in mounts { + if case .virtiofs = mount.runtimeOptions { + let tag = try hashFilePath(path: mount.source) + if usedVirtioFSTags.contains(tag) { + continue + } + usedVirtioFSTags.insert(tag) + } + try mount.configure(config: &config) + } + } + + // Create the unified virtiofs device with VZMultipleDirectoryShare + // This device hosts all virtiofs shares and supports runtime updates + var directories: [String: VZSharedDirectory] = [:] + for (_, mounts) in self.mountsByID { + for mount in mounts { + guard case .virtiofs(_) = mount.runtimeOptions else { continue } + guard FileManager.default.fileExists(atPath: mount.source) else { + throw ContainerizationError(.notFound, message: "directory \(mount.source) does not exist") + } + let name = try hashFilePath(path: mount.source) + directories[name] = VZSharedDirectory( + url: URL(fileURLWithPath: mount.source), + readOnly: mount.options.contains("ro") + ) + } + } + let multiShare = VZMultipleDirectoryShare(directories: directories) + let virtiofsDevice = VZVirtioFileSystemDeviceConfiguration(tag: "virtiofs") + virtiofsDevice.share = multiShare + config.directorySharingDevices.append(virtiofsDevice) + + let storageDeviceCount = config.storageDevices.count + + let platform = VZGenericPlatformConfiguration() + // We shouldn't silently succeed if the user asked for virt and their hardware does + // not support it. + if !VZGenericPlatformConfiguration.isNestedVirtualizationSupported && self.nestedVirtualization { + throw ContainerizationError( + .unsupported, + message: "nested virtualization is not supported on the platform" + ) + } + platform.isNestedVirtualizationEnabled = self.nestedVirtualization + config.platform = platform + + for ext in self.extensions.compactMap({ $0 as? any VZInstanceExtension }) { + try ext.configureVZ(&config, allocator: allocator, storageDeviceCount: storageDeviceCount, mountsByID: self.mountsByID) + } + + try config.validate() + return config + } + + func mountAttachments(allocator: any AddressAllocator) throws -> ( + attachments: [String: [AttachedFilesystem]], storageDeviceCount: Int + ) { + var storageDeviceCount = 0 + + if let initialFilesystem { + // When the initial filesystem is a blk, allocate the first letter "vd(a)" + // as that is what this blk will be attached under. + if initialFilesystem.isBlock { + _ = try allocator.allocate() + storageDeviceCount += 1 + } + } + + var attachmentsByID: [String: [AttachedFilesystem]] = [:] + + for (id, mounts) in self.mountsByID { + var attachments: [AttachedFilesystem] = [] + for mount in mounts { + let attached = try AttachedFilesystem(mount: mount, allocator: allocator) + attachments.append(attached) + if mount.isBlock { + storageDeviceCount += 1 + } + } + attachmentsByID[id] = attachments + } + + return (attachmentsByID, storageDeviceCount) + } +} + +public protocol VZInterface { + func device() throws -> VZVirtioNetworkDeviceConfiguration +} + +extension NATInterface: VZInterface { + public func device() throws -> VZVirtioNetworkDeviceConfiguration { + let config = VZVirtioNetworkDeviceConfiguration() + if let macAddress = self.macAddress { + guard let mac = VZMACAddress(string: macAddress.description) else { + throw ContainerizationError(.invalidArgument, message: "invalid mac address \(macAddress)") + } + config.macAddress = mac + } + config.attachment = VZNATNetworkDeviceAttachment() + return config + } +} + +#endif diff --git a/Sources/Containerization/VZVirtualMachineManager.swift b/Sources/Containerization/VZVirtualMachineManager.swift new file mode 100644 index 0000000..4959bee --- /dev/null +++ b/Sources/Containerization/VZVirtualMachineManager.swift @@ -0,0 +1,84 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) +import ContainerizationError +import ContainerizationOCI +import Foundation +import Logging +import NIOCore + +/// A virtualization.framework backed `VirtualMachineManager` implementation. +public struct VZVirtualMachineManager: VirtualMachineManager { + private let kernel: Kernel + private let initialFilesystem: Mount + private let rosetta: Bool + private let nestedVirtualization: Bool + private let group: EventLoopGroup? + private let logger: Logger? + + public init( + kernel: Kernel, + initialFilesystem: Mount, + rosetta: Bool = false, + nestedVirtualization: Bool = false, + group: EventLoopGroup? = nil, + logger: Logger? = nil + ) { + self.kernel = kernel + self.initialFilesystem = initialFilesystem + self.rosetta = rosetta + self.nestedVirtualization = nestedVirtualization + self.group = group + self.logger = logger + } + + public func create(config: some VMCreationConfig) throws -> any VirtualMachineInstance { + let vmConfig = config.configuration + + // Use nested virtualization if requested in config or set as default in manager + let useNestedVirtualization = vmConfig.nestedVirtualization || self.nestedVirtualization + + // Clamp to system RAM as Virtualization.framework bounds us to this. + let memoryInBytes = min(vmConfig.memoryInBytes, ProcessInfo.processInfo.physicalMemory) + + // Clamp to system CPU count as Virtualization.framework bounds us to this. + let cpus = min(vmConfig.cpus, ProcessInfo.processInfo.activeProcessorCount) + + return try VZVirtualMachineInstance( + group: self.group, + logger: self.logger, + with: { instanceConfig in + instanceConfig.cpus = cpus + instanceConfig.memoryInBytes = memoryInBytes + + instanceConfig.kernel = self.kernel + instanceConfig.initialFilesystem = self.initialFilesystem + + if let bootLog = vmConfig.bootLog { + instanceConfig.bootLog = bootLog + } + + instanceConfig.interfaces = vmConfig.interfaces + instanceConfig.rosetta = self.rosetta + instanceConfig.nestedVirtualization = useNestedVirtualization + + instanceConfig.mountsByID = vmConfig.mountsByID + instanceConfig.extensions = vmConfig.extensions + }) + } +} +#endif diff --git a/Sources/Containerization/VirtiofsdProcess.swift b/Sources/Containerization/VirtiofsdProcess.swift new file mode 100644 index 0000000..7c73bd1 --- /dev/null +++ b/Sources/Containerization/VirtiofsdProcess.swift @@ -0,0 +1,187 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import ContainerizationExtras +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +/// A managed `virtiofsd` subprocess serving a single shared directory. +/// +/// One `VirtiofsdProcess` per virtio-fs share. Cloud Hypervisor connects to +/// the published UDS via its `FsConfig.socket` field. Lifecycle mirrors +/// `CHProcess`: spawn + wait-for-socket on `start()`, SIGTERM/SIGKILL on +/// `terminate()`. +final class VirtiofsdProcess: Sendable { + struct Config: Sendable { + let binary: URL + let socketPath: URL + let sharedDir: URL + let readonly: Bool + } + + private struct State { + var command: Command? + var exitTask: Task? + } + + private let config: Config + private let logger: Logger? + private let state: Mutex + + init(config: Config, logger: Logger?) { + self.config = config + self.logger = logger + self.state = Mutex(State(command: nil, exitTask: nil)) + } + + /// Spawn virtiofsd and wait for its UDS to accept connections. + func start() async throws { + var arguments = [ + "--socket-path", config.socketPath.path, + "--shared-dir", config.sharedDir.path, + ] + if SandboxOverrides.virtiofsdSandboxDisabled { + // virtiofsd defaults to `--sandbox namespace`, which sets up a + // userns + pivot_root + seccomp filter. Inside apple/container's + // --virtualization dev container the default seccomp profile + // SIGSYS-kills processes that hit unfiltered syscalls (same + // reason CH runs with `--seccomp false`). `--sandbox none` + // skips both userns setup and seccomp; safe inside the per-VM + // dev container only. Opt-in via + // CONTAINERIZATION_NO_VIRTIOFSD_SANDBOX=1. + logger?.warning( + "virtiofsd launching with --sandbox none (CONTAINERIZATION_NO_VIRTIOFSD_SANDBOX=1) — userns/pivot_root/seccomp setup disabled" + ) + arguments.append(contentsOf: ["--sandbox", "none"]) + } + if config.readonly { + arguments.append("--readonly") + } + + var command = Command( + config.binary.path, + arguments: arguments, + environment: ChildEnvironment.minimal() + ) + // Inherit stderr so virtiofsd's startup logs surface in the host's + // log stream rather than vanishing into /dev/null (Command's default). + command.stderr = FileHandle.standardError + // Same rationale as CHProcess: keep virtiofsd out of the parent's + // controlling-TTY signal group so Ctrl-C doesn't kill it before our + // own terminate() ladder runs. + command.attrs.setsid = true + do { + try command.start() + } catch { + throw error + } + + let exitTask = Task.detached { [command, logger] in + do { + _ = try command.wait() + } catch { + logger?.error("virtiofsd wait failed: \(error)") + } + } + + state.withLock { + $0.command = command + $0.exitTask = exitTask + } + + try await waitForSocket() + } + + /// SIGTERM → grace window → SIGKILL. Returns once virtiofsd is reaped. + func terminate(graceSeconds: UInt32) async { + guard let command = state.withLock({ $0.command }) else { return } + + _ = command.kill(SIGTERM) + + do { + try await Timeout.run(for: .seconds(Int(graceSeconds))) { + await self.waitForExit() + } + } catch { + logger?.warning("virtiofsd did not exit within \(graceSeconds)s, sending SIGKILL") + _ = command.kill(SIGKILL) + await waitForExit() + } + } + + // MARK: - Private helpers + + private static let socketDeadline: Duration = .seconds(10) + private static let socketPollInterval: Duration = .milliseconds(50) + + private func waitForExit() async { + guard let task = state.withLock({ $0.exitTask }) else { return } + await task.value + } + + private func waitForSocket() async throws { + let clock = ContinuousClock() + let started = clock.now + let deadline = started.advanced(by: Self.socketDeadline) + + while clock.now < deadline { + if Self.isSocketReady(at: config.socketPath) { + let elapsed = clock.now - started + logger?.debug("virtiofsd socket bound in \(elapsed) at \(config.socketPath.path)") + return + } + try? await Task.sleep(for: Self.socketPollInterval) + } + + // Capture diagnostic state before terminating. + let fm = FileManager.default + let socketExists = fm.fileExists(atPath: config.socketPath.path) + let parentExists = fm.fileExists(atPath: config.socketPath.deletingLastPathComponent().path) + let sharedExists = fm.fileExists(atPath: config.sharedDir.path) + let detail = "socketExists=\(socketExists) parentDirExists=\(parentExists) sharedDirExists=\(sharedExists)" + + await terminate(graceSeconds: 5) + throw ContainerizationError( + .timeout, + message: "virtiofsd socket not connectable at \(config.socketPath.path) within \(Self.socketDeadline) [\(detail)]" + ) + } + + private static func isSocketReady(at url: URL) -> Bool { + // Only check that the socket file exists. Do NOT connect — virtiofsd + // runs in vhost-user mode where the first incoming connection is + // treated as the VMM (cloud-hypervisor); when that connection closes, + // virtiofsd exits. A connect-then-close readiness probe therefore + // kills virtiofsd before CH ever gets to it, leaving CH's vm.boot + // failing with "vhost-user: can't connect to peer: No such file + // or directory". + var st = stat() + guard stat(url.path, &st) == 0 else { return false } + return (st.st_mode & S_IFMT) == S_IFSOCK + } + +} +#endif diff --git a/Sources/Containerization/VirtualMachineAgent+Additions.swift b/Sources/Containerization/VirtualMachineAgent+Additions.swift new file mode 100644 index 0000000..2136a56 --- /dev/null +++ b/Sources/Containerization/VirtualMachineAgent+Additions.swift @@ -0,0 +1,22 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Protocol to conform to if your agent is capable of relaying unix domain socket +/// connections. +public protocol SocketRelayAgent { + func relaySocket(port: UInt32, configuration: UnixSocketConfiguration) async throws + func stopSocketRelay(configuration: UnixSocketConfiguration) async throws +} diff --git a/Sources/Containerization/VirtualMachineAgent+Interface.swift b/Sources/Containerization/VirtualMachineAgent+Interface.swift new file mode 100644 index 0000000..e2fe722 --- /dev/null +++ b/Sources/Containerization/VirtualMachineAgent+Interface.swift @@ -0,0 +1,84 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import Logging + +extension VirtualMachineAgent { + /// Configure a single network interface inside the sandbox: assign addresses, + /// bring the link up, and (when requested) install the link/default routes. + func setupInterface( + _ interface: any Interface, + name: String, + setDefaultRoute: Bool, + logger: Logger? + ) async throws { + logger?.debug("setting up interface \(name) with v4 \(interface.ipv4Address) v6 \(interface.ipv6Address?.description ?? "")") + try await addressAdd( + name: name, + address: .init(ipv4Address: interface.ipv4Address, ipv6Address: interface.ipv6Address) + ) + try await up(name: name, mtu: interface.mtu) + + guard setDefaultRoute else { return } + + let ipv4Address = interface.ipv4Address + let ipv4Gateway = interface.ipv4Gateway + let ipv6Gateway = interface.ipv6Gateway + let ipv6Address = interface.ipv6Address + + let needsIPv4LinkRoute: Bool + if let ipv4Gateway { + needsIPv4LinkRoute = !ipv4Address.contains(ipv4Gateway) + } else { + needsIPv4LinkRoute = false + } + + let needsIPv6LinkRoute: Bool + if let ipv6Gateway, let ipv6Address { + needsIPv6LinkRoute = !ipv6Address.contains(ipv6Gateway) + } else { + needsIPv6LinkRoute = false + } + + if needsIPv4LinkRoute, let ipv4Gateway { + logger?.debug("v4 gateway \(ipv4Gateway) is outside subnet \(ipv4Address), adding a route first") + } + if needsIPv6LinkRoute, let ipv6Gateway, let ipv6Address { + logger?.debug("v6 gateway \(ipv6Gateway) is outside subnet \(ipv6Address), adding a route first") + } + + if needsIPv4LinkRoute || needsIPv6LinkRoute { + try await routeAddLink( + name: name, + route: .init( + ipv4Destination: needsIPv4LinkRoute ? ipv4Gateway : nil, + ipv4Source: needsIPv4LinkRoute ? ipv4Address.address : nil, + ipv6Destination: needsIPv6LinkRoute ? ipv6Gateway : nil, + ipv6Source: needsIPv6LinkRoute ? ipv6Address?.address : nil + ) + ) + } + + if ipv4Gateway == nil && ipv6Gateway == nil { + logger?.debug("no gateway for \(name)") + } + try await routeAddDefault( + name: name, + route: .init(ipv4Gateway: ipv4Gateway, ipv6Gateway: ipv6Gateway) + ) + } +} diff --git a/Sources/Containerization/VirtualMachineAgent.swift b/Sources/Containerization/VirtualMachineAgent.swift new file mode 100644 index 0000000..05ea795 --- /dev/null +++ b/Sources/Containerization/VirtualMachineAgent.swift @@ -0,0 +1,110 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +public struct WriteFileFlags { + public var createParentDirectories = false + public var append = false + public var create = false +} + +public enum FilesystemOperation: Sendable { + case freeze + case thaw + case trim +} + +/// A protocol for the agent running inside a virtual machine. If an operation isn't +/// supported the implementation MUST return a ContainerizationError with a code of +/// `.unsupported`. +public protocol VirtualMachineAgent: Sendable { + /// Perform a platform specific standard setup + /// of the runtime environment. + func standardSetup() async throws + /// Close any resources held by the agent. + func close() async throws + // Perform a filesystem operation on the given path. + func filesystemOperation(operation: FilesystemOperation, path: String) async throws + + // POSIX-y + func getenv(key: String) async throws -> String + func setenv(key: String, value: String) async throws + func mount(_ mount: ContainerizationOCI.Mount) async throws + func umount(path: String, flags: Int32) async throws + func mkdir(path: String, all: Bool, perms: UInt32) async throws + @discardableResult + func kill(pid: Int32, signal: Int32) async throws -> Int32 + func sync() async throws + func writeFile(path: String, data: Data, flags: WriteFileFlags, mode: UInt32) async throws + + // Process lifecycle + func createProcess( + id: String, + containerID: String?, + stdinPort: UInt32?, + stdoutPort: UInt32?, + stderrPort: UInt32?, + ociRuntimePath: String?, + configuration: ContainerizationOCI.Spec, + options: Data? + ) async throws + func startProcess(id: String, containerID: String?) async throws -> Int32 + func signalProcess(id: String, containerID: String?, signal: Int32) async throws + func resizeProcess(id: String, containerID: String?, columns: UInt32, rows: UInt32) async throws + func waitProcess(id: String, containerID: String?, timeoutInSeconds: Int64?) async throws -> ExitStatus + func deleteProcess(id: String, containerID: String?) async throws + func closeProcessStdin(id: String, containerID: String?) async throws + + // Networking + func up(name: String, mtu: UInt32?) async throws + func down(name: String) async throws + func addressAdd(name: String, address: InterfaceAddress) async throws + func routeAddLink(name: String, route: LinkRoute) async throws + func routeAddDefault(name: String, route: DefaultRoute) async throws + func configureDNS(config: DNS, location: String) async throws + func configureHosts(config: Hosts, location: String) async throws + + // Container statistics + func containerStatistics(containerIDs: [String], categories: StatCategory) async throws -> [ContainerStatistics] + +} + +extension VirtualMachineAgent { + public func closeProcessStdin(id: String, containerID: String?) async throws { + throw ContainerizationError(.unsupported, message: "closeProcessStdin") + } + + public func configureHosts(config: Hosts, location: String) async throws { + throw ContainerizationError(.unsupported, message: "configureHosts") + } + + public func writeFile(path: String, data: Data, flags: WriteFileFlags, mode: UInt32) async throws { + throw ContainerizationError(.unsupported, message: "writeFile") + } + + public func containerStatistics(containerIDs: [String], categories: StatCategory) async throws -> [ContainerStatistics] { + throw ContainerizationError(.unsupported, message: "containerStatistics") + } + + public func sync() async throws { + throw ContainerizationError(.unsupported, message: "sync") + } + +} diff --git a/Sources/Containerization/VirtualMachineInstance.swift b/Sources/Containerization/VirtualMachineInstance.swift new file mode 100644 index 0000000..302e97a --- /dev/null +++ b/Sources/Containerization/VirtualMachineInstance.swift @@ -0,0 +1,121 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation + +/// The runtime state of the virtual machine instance. +public enum VirtualMachineInstanceState: Sendable { + case starting + case running + case stopped + case stopping + case unknown +} + +/// How the VMM exposes virtiofs devices to the guest. +/// +/// - `unified`: a single virtio-fs device (tag `virtiofs`) carries all +/// shares as subdirectories (Apple's `VZMultipleDirectoryShare` model). +/// - `perTag`: one virtio-fs device per source-hash tag, each mounted +/// separately in the guest (cloud-hypervisor / virtiofsd model). +public enum VirtiofsLayout: Sendable { + case unified + case perTag +} + +/// A live instance of a virtual machine. +public protocol VirtualMachineInstance: Sendable { + associatedtype Agent: VirtualMachineAgent + + // The state of the virtual machine. + var state: VirtualMachineInstanceState { get } + + var mounts: [String: [AttachedFilesystem]] { get } + + /// How this VMM exposes virtiofs devices to the guest. Defaults to + /// `.unified` (the VZ-shaped behavior); CH overrides to `.perTag`. + var virtiofsLayout: VirtiofsLayout { get } + /// Dial the Agent. It's up the VirtualMachineInstance to determine + /// what port the agent is listening on. + func dialAgent() async throws -> Agent + /// Dial a vsock port in the guest. + func dial(_ port: UInt32) async throws -> FileHandle + /// Listen on a host vsock port. + func listen(_ port: UInt32) throws -> VsockListener + /// Start the virtual machine. + func start() async throws + /// Stop the virtual machine. + func stop() async throws + /// Pause the virtual machine. + func pause() async throws + /// Resume the virtual machine. + func resume() async throws + + /// Hotplug a block device, returning the attached filesystem info. + /// Throws if the VMM does not support hotplug or not available + /// - Parameter block: The mount configuration for the block device to hotplug + /// - Parameter id: The metadata ID to associate with this mount (e.g. container ID) + /// - Returns: AttachedFilesystem with the device path in the guest + func hotplug(_ block: Mount, id: String) async throws -> AttachedFilesystem + + /// Register mounts for a container after hotplug. + /// This is used to add the rootfs and additional mounts to the VM's mount registry + /// so they can be found when building the container's OCI spec. + /// - Parameter id: The container ID + /// - Parameter rootfs: The rootfs attachment from hotplug + /// - Parameter additionalMounts: Additional mounts (like /proc, /sys) to register + func registerMounts(id: String, rootfs: AttachedFilesystem, additionalMounts: [Mount]) throws + + /// Release a hotplug device. + /// This should be called when a hotplugged container is stopped or fails to start. + /// - Parameter id: The container ID whose hotplug should be released + func releaseHotplug(id: String) async throws + + /// Hotplug virtiofs directories into the running VM. + /// - Parameter mounts: The virtiofs mounts to add + /// - Parameter id: The container ID that owns these mounts + func hotplugVirtioFS(_ mounts: [Mount], id: String) async throws + + /// Release virtiofs shares for a container. + /// - Parameter id: The container ID whose virtiofs shares should be released + func releaseVirtioFS(id: String) async throws +} + +extension VirtualMachineInstance { + public var virtiofsLayout: VirtiofsLayout { .unified } + public func pause() async throws { + throw ContainerizationError(.unsupported, message: "pause") + } + public func resume() async throws { + throw ContainerizationError(.unsupported, message: "resume") + } + public func hotplug(_ block: Mount, id: String) async throws -> AttachedFilesystem { + throw ContainerizationError(.unsupported, message: "hotplug not supported") + } + public func registerMounts(id: String, rootfs: AttachedFilesystem, additionalMounts: [Mount]) throws { + // no-op default + } + public func releaseHotplug(id: String) async throws { + // no-op default + } + public func hotplugVirtioFS(_ mounts: [Mount], id: String) async throws { + // no-op default + } + public func releaseVirtioFS(id: String) async throws { + // no-op default + } +} diff --git a/Sources/Containerization/VirtualMachineManager.swift b/Sources/Containerization/VirtualMachineManager.swift new file mode 100644 index 0000000..f750bd5 --- /dev/null +++ b/Sources/Containerization/VirtualMachineManager.swift @@ -0,0 +1,20 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A protocol to implement for virtual machine isolated containers. +public protocol VirtualMachineManager: Sendable { + func create(config: some VMCreationConfig) async throws -> any VirtualMachineInstance +} diff --git a/Sources/Containerization/Vminitd+Rosetta.swift b/Sources/Containerization/Vminitd+Rosetta.swift new file mode 100644 index 0000000..af3a12f --- /dev/null +++ b/Sources/Containerization/Vminitd+Rosetta.swift @@ -0,0 +1,35 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOS + +extension Vminitd { + /// Enable Rosetta's x86_64 emulation. + public func enableRosetta() async throws { + let path = "/run/rosetta" + try await self.mount( + .init( + type: "virtiofs", + source: "rosetta", + destination: path + ) + ) + try await self.setupEmulator( + binaryPath: "\(path)/rosetta", + configuration: Binfmt.Entry.amd64() + ) + } +} diff --git a/Sources/Containerization/Vminitd+SocketRelay.swift b/Sources/Containerization/Vminitd+SocketRelay.swift new file mode 100644 index 0000000..cd25831 --- /dev/null +++ b/Sources/Containerization/Vminitd+SocketRelay.swift @@ -0,0 +1,47 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension Vminitd: SocketRelayAgent { + /// Sets up a relay between a host socket to a newly created guest socket, or vice versa. + public func relaySocket(port: UInt32, configuration: UnixSocketConfiguration) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest.with { + $0.id = configuration.id + $0.vsockPort = port + + if let perms = configuration.permissions { + $0.guestSocketPermissions = UInt32(perms.rawValue) + } + + switch configuration.direction { + case .into: + $0.guestPath = configuration.destination.path + $0.action = .into + case .outOf: + $0.guestPath = configuration.source.path + $0.action = .outOf + } + } + _ = try await client.proxyVsock(request) + } + + /// Stops the specified socket relay. + public func stopSocketRelay(configuration: UnixSocketConfiguration) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest.with { + $0.id = configuration.id + } + _ = try await client.stopVsockProxy(request) + } +} diff --git a/Sources/Containerization/Vminitd.swift b/Sources/Containerization/Vminitd.swift new file mode 100644 index 0000000..6af7666 --- /dev/null +++ b/Sources/Containerization/Vminitd.swift @@ -0,0 +1,646 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Foundation +import GRPCCore +import GRPCNIOTransportHTTP2 +import NIO + +/// A remote connection into the vminitd Linux guest agent via a port (vsock). +/// Used to modify the runtime environment of the Linux sandbox. +public struct Vminitd: Sendable { + // Default vsock port that the agent and client use. + public static let port: UInt32 = 1024 + + let client: Com_Apple_Containerization_Sandbox_V3_SandboxContext.Client + public let grpcClient: GRPCClient + private let connectionTask: Task + + public init(connection: FileHandle, group: any EventLoopGroup) async throws { + let transport = try await HTTP2ClientTransport.WrappedChannel.wrapping( + config: .defaults { $0.connection.maxIdleTime = nil }, + serviceConfig: .init() + ) { configure in + try await withCheckedThrowingContinuation { continuation in + ClientBootstrap(group: group) + .channelInitializer { channel in + configure(channel).map { configured in + continuation.resume(returning: configured) + } + } + .withConnectedSocket(connection.fileDescriptor) + .whenFailure { error in + continuation.resume(throwing: error) + } + } + } + let grpcClient = GRPCClient(transport: transport) + self.grpcClient = grpcClient + self.client = Com_Apple_Containerization_Sandbox_V3_SandboxContext.Client(wrapping: self.grpcClient) + // Not very structured concurrency friendly, but we'd need to expose a way on the protocol to "run" the + // agent otherwise, which some agents might not even need. + self.connectionTask = Task { + try await grpcClient.runConnections() + } + } + + /// Close the connection to the guest agent. + public func close() async throws { + self.grpcClient.beginGracefulShutdown() + try await self.connectionTask.value + } +} + +extension Vminitd: VirtualMachineAgent { + /// Perform the standard guest setup necessary for vminitd to be able to + /// run containers. + public func standardSetup() async throws { + try await up(name: "lo") + + try await setenv(key: "PATH", value: LinuxProcessConfiguration.defaultPath) + + // Vminitd mounts /proc, /sys, /sys/fs/cgroup and /run automatically. + let mounts: [ContainerizationOCI.Mount] = [ + .init(type: "tmpfs", source: "tmpfs", destination: "/tmp"), + .init(type: "devpts", source: "devpts", destination: "/dev/pts", options: ["gid=5", "mode=620", "ptmxmode=666"]), + ] + for mount in mounts { + try await self.mount(mount) + } + } + + public func writeFile(path: String, data: Data, flags: WriteFileFlags, mode: UInt32) async throws { + _ = try await client.writeFile( + .with { + $0.path = path + $0.mode = mode + $0.data = data + $0.flags = .with { + $0.append = flags.append + $0.createIfMissing = flags.create + $0.createParentDirs = flags.createParentDirectories + } + }) + } + + /// Get statistics for containers. If `containerIDs` is empty returns stats for all containers + /// in the guest. If `categories` is empty, all categories are returned. + public func containerStatistics(containerIDs: [String], categories: StatCategory) async throws -> [ContainerStatistics] { + let response = try await client.containerStatistics( + .with { + $0.containerIds = containerIDs + $0.categories = categories.toProtoCategories() + }) + + return response.containers.map { protoStats in + ContainerStatistics( + id: protoStats.containerID, + process: categories.contains(.process) && protoStats.hasProcess + ? .init( + current: protoStats.process.current, + limit: protoStats.process.limit + ) : nil, + memory: categories.contains(.memory) && protoStats.hasMemory + ? .init( + usageBytes: protoStats.memory.usageBytes, + limitBytes: protoStats.memory.limitBytes, + swapUsageBytes: protoStats.memory.swapUsageBytes, + swapLimitBytes: protoStats.memory.swapLimitBytes, + cacheBytes: protoStats.memory.cacheBytes, + kernelStackBytes: protoStats.memory.kernelStackBytes, + slabBytes: protoStats.memory.slabBytes, + pageFaults: protoStats.memory.pageFaults, + majorPageFaults: protoStats.memory.majorPageFaults, + inactiveFile: protoStats.memory.inactiveFile, + anon: protoStats.memory.anon, + workingsetRefaultAnon: protoStats.memory.workingsetRefaultAnon, + workingsetRefaultFile: protoStats.memory.workingsetRefaultFile, + pgstealKswapd: protoStats.memory.pgstealKswapd, + pgstealDirect: protoStats.memory.pgstealDirect, + pgstealKhugepaged: protoStats.memory.pgstealKhugepaged + ) : nil, + cpu: categories.contains(.cpu) && protoStats.hasCpu + ? .init( + usageUsec: protoStats.cpu.usageUsec, + userUsec: protoStats.cpu.userUsec, + systemUsec: protoStats.cpu.systemUsec, + throttlingPeriods: protoStats.cpu.throttlingPeriods, + throttledPeriods: protoStats.cpu.throttledPeriods, + throttledTimeUsec: protoStats.cpu.throttledTimeUsec + ) : nil, + blockIO: categories.contains(.blockIO) && protoStats.hasBlockIo + ? .init( + devices: protoStats.blockIo.devices.map { device in + .init( + major: device.major, + minor: device.minor, + readBytes: device.readBytes, + writeBytes: device.writeBytes, + readOperations: device.readOperations, + writeOperations: device.writeOperations + ) + } + ) : nil, + networks: categories.contains(.network) + ? protoStats.networks.map { network in + ContainerStatistics.NetworkStatistics( + interface: network.interface, + receivedPackets: network.receivedPackets, + transmittedPackets: network.transmittedPackets, + receivedBytes: network.receivedBytes, + transmittedBytes: network.transmittedBytes, + receivedErrors: network.receivedErrors, + transmittedErrors: network.transmittedErrors + ) + } : nil, + memoryEvents: categories.contains(.memoryEvents) && protoStats.hasMemoryEvents + ? .init( + low: protoStats.memoryEvents.low, + high: protoStats.memoryEvents.high, + max: protoStats.memoryEvents.max, + oom: protoStats.memoryEvents.oom, + oomKill: protoStats.memoryEvents.oomKill + ) : nil + ) + } + } + + /// Mount a filesystem in the sandbox's environment. + public func mount(_ mount: ContainerizationOCI.Mount) async throws { + _ = try await client.mount( + .with { + $0.type = mount.type + $0.source = mount.source + $0.destination = mount.destination + $0.options = mount.options + }) + } + + /// Unmount a filesystem in the sandbox's environment. + public func umount(path: String, flags: Int32) async throws { + _ = try await client.umount( + .with { + $0.path = path + $0.flags = flags + }) + } + + /// Create a directory inside the sandbox's environment. + public func mkdir(path: String, all: Bool, perms: UInt32) async throws { + _ = try await client.mkdir( + .with { + $0.path = path + $0.all = all + $0.perms = perms + }) + } + + /// Perform a filesystem operation on a path inside the sandbox's environment. + public func filesystemOperation(operation: FilesystemOperation, path: String) async throws { + _ = try await client.filesystemOperation( + .with { + $0.operation = operation.toProtoOperation() + $0.path = path + }) + } + + public func createProcess( + id: String, + containerID: String?, + stdinPort: UInt32?, + stdoutPort: UInt32?, + stderrPort: UInt32?, + ociRuntimePath: String?, + configuration: ContainerizationOCI.Spec, + options: Data? + ) async throws { + let enc = JSONEncoder() + _ = try await client.createProcess( + .with { + $0.id = id + if let stdinPort { + $0.stdin = stdinPort + } + if let stdoutPort { + $0.stdout = stdoutPort + } + if let stderrPort { + $0.stderr = stderrPort + } + if let containerID { + $0.containerID = containerID + } + if let ociRuntimePath { + $0.ociRuntimePath = ociRuntimePath + } + $0.configuration = try enc.encode(configuration) + }) + } + + @discardableResult + public func startProcess(id: String, containerID: String?) async throws -> Int32 { + let request = Com_Apple_Containerization_Sandbox_V3_StartProcessRequest.with { + $0.id = id + if let containerID { + $0.containerID = containerID + } + } + let resp = try await client.startProcess(request) + return resp.pid + } + + public func signalProcess(id: String, containerID: String?, signal: Int32) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_KillProcessRequest.with { + $0.id = id + $0.signal = signal + if let containerID { + $0.containerID = containerID + } + } + _ = try await client.killProcess(request) + } + + public func resizeProcess(id: String, containerID: String?, columns: UInt32, rows: UInt32) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest.with { + if let containerID { + $0.containerID = containerID + } + $0.id = id + $0.columns = columns + $0.rows = rows + } + _ = try await client.resizeProcess(request) + } + + public func waitProcess( + id: String, + containerID: String?, + timeoutInSeconds: Int64? = nil + ) async throws -> ExitStatus { + let request = Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest.with { + $0.id = id + if let containerID { + $0.containerID = containerID + } + } + + var callOpts = GRPCCore.CallOptions.defaults + if let timeoutInSeconds { + callOpts.timeout = .seconds(timeoutInSeconds) + } + + do { + let resp = try await client.waitProcess(request, options: callOpts) + return ExitStatus(exitCode: resp.exitCode, exitedAt: resp.exitedAt.date) + } catch { + if let err = error as? RPCError, err.code == .deadlineExceeded { + throw ContainerizationError( + .timeout, + message: "failed to wait for process exit within timeout of \(timeoutInSeconds!) seconds", + cause: err + ) + } + throw error + } + } + + public func deleteProcess(id: String, containerID: String?) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest.with { + $0.id = id + if let containerID { + $0.containerID = containerID + } + } + _ = try await client.deleteProcess(request) + } + + public func closeProcessStdin(id: String, containerID: String?) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest.with { + $0.id = id + if let containerID { + $0.containerID = containerID + } + } + _ = try await client.closeProcessStdin(request) + } + + public func up(name: String, mtu: UInt32? = nil) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest.with { + $0.interface = name + $0.up = true + if let mtu { $0.mtu = mtu } + } + _ = try await client.ipLinkSet(request) + } + + public func down(name: String) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest.with { + $0.interface = name + $0.up = false + } + _ = try await client.ipLinkSet(request) + } + + /// Get an environment variable from the sandbox's environment. + public func getenv(key: String) async throws -> String { + let response = try await client.getenv( + .with { + $0.key = key + }) + return response.value + } + + /// Set an environment variable in the sandbox's environment. + public func setenv(key: String, value: String) async throws { + _ = try await client.setenv( + .with { + $0.key = key + $0.value = value + }) + } +} + +/// Vminitd specific rpcs. +extension Vminitd { + /// Sets up an emulator in the guest. + public func setupEmulator(binaryPath: String, configuration: Binfmt.Entry) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest.with { + $0.binaryPath = binaryPath + $0.name = configuration.name + $0.type = configuration.type + $0.offset = configuration.offset + $0.magic = configuration.magic + $0.mask = configuration.mask + $0.flags = configuration.flags + } + _ = try await client.setupEmulator(request) + } + + /// Sets the guest time. + public func setTime(sec: Int64, usec: Int32) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_SetTimeRequest.with { + $0.sec = sec + $0.usec = usec + } + _ = try await client.setTime(request) + } + + /// Set the provided sysctls inside the Sandbox's environment. + public func sysctl(settings: [String: String]) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_SysctlRequest.with { + $0.settings = settings + } + _ = try await client.sysctl(request) + } + + /// Add an IP address to the sandbox's network interfaces. + public func addressAdd(name: String, address: InterfaceAddress) async throws { + _ = try await client.ipAddrAdd( + .with { + $0.interface = name + $0.ipv4Address = address.ipv4Address.description + if let ipv6Address = address.ipv6Address { + $0.ipv6Address = ipv6Address.description + } + }) + } + + /// Add a link-scoped route in the sandbox's environment, used to install an + /// on-link host route (a /32 for v4, /128 for v6) to a gateway that lives + /// outside the interface's subnet so the kernel will accept the default route. + /// `route.ipv4Destination`/`route.ipv6Destination` carry the + /// gateway address; the wire format is a CIDR string with the per-family host prefix appended. + public func routeAddLink(name: String, route: LinkRoute) async throws { + _ = try await client.ipRouteAddLink( + .with { + $0.interface = name + if let ipv4Destination = route.ipv4Destination { + $0.dstIpv4Addr = "\(ipv4Destination.description)/32" + } + if let ipv4Source = route.ipv4Source { + $0.srcIpv4Addr = ipv4Source.description + } + if let ipv6Destination = route.ipv6Destination { + $0.dstIpv6Addr = "\(ipv6Destination.description)/128" + } + if let ipv6Source = route.ipv6Source { + $0.srcIpv6Addr = ipv6Source.description + } + }) + } + + /// Set the default route in the sandbox's environment. + public func routeAddDefault(name: String, route: DefaultRoute) async throws { + _ = try await client.ipRouteAddDefault( + .with { + $0.interface = name + $0.ipv4Gateway = route.ipv4Gateway?.description ?? "" + if let ipv6Gateway = route.ipv6Gateway { + $0.ipv6Gateway = ipv6Gateway.description + } + }) + } + + /// Configure DNS within the sandbox's environment. + public func configureDNS(config: DNS, location: String) async throws { + try config.validate() + _ = try await client.configureDns( + .with { + $0.location = location + $0.nameservers = config.nameservers + if let domain = config.domain { + $0.domain = domain + } + $0.searchDomains = config.searchDomains + $0.options = config.options + }) + } + + /// Configure /etc/hosts within the sandbox's environment. + public func configureHosts(config: Hosts, location: String) async throws { + _ = try await client.configureHosts(config.toAgentHostsRequest(location: location)) + } + + /// Perform a sync call. + public func sync() async throws { + _ = try await client.sync(.init()) + } + + public func kill(pid: Int32, signal: Int32) async throws -> Int32 { + let response = try await client.kill( + .with { + $0.pid = pid + $0.signal = signal + }) + return response.result + } + + /// Metadata received from the guest during a copy operation. + public struct CopyMetadata: Sendable { + /// Whether the data on the vsock channel is a tar+gzip archive. + public let isArchive: Bool + /// Total size in bytes (0 if unknown, e.g. for archives). + public let totalSize: UInt64 + } + + /// Stat a path in the guest filesystem and return its metadata. + public func stat( + path: URL + ) async throws -> ContainerizationOS.Stat { + let request = Com_Apple_Containerization_Sandbox_V3_StatRequest.with { + $0.path = path.path + } + + let response: Com_Apple_Containerization_Sandbox_V3_StatResponse + do { + response = try await client.stat(request) + } catch let error as RPCError where error.code == .notFound { + throw ContainerizationError(.notFound, message: "stat: path not found '\(path.path)'", cause: error) + } + guard response.error.isEmpty else { + throw ContainerizationError(.internalError, message: "stat: \(response.error)") + } + + let s = response.stat + return ContainerizationOS.Stat( + dev: s.dev, + ino: s.ino, + mode: s.mode, + nlink: s.nlink, + uid: s.uid, + gid: s.gid, + rdev: s.rdev, + size: s.size, + blksize: s.blksize, + blocks: s.blocks, + atime: TimeSpec(seconds: s.atime.seconds, nanoseconds: s.atime.nanos), + mtime: TimeSpec(seconds: s.mtime.seconds, nanoseconds: s.mtime.nanos), + ctime: TimeSpec(seconds: s.ctime.seconds, nanoseconds: s.ctime.nanos) + ) + } + + /// Unified copy control plane. Sends a CopyRequest over gRPC and processes + /// the response stream. Data transfer happens over a separate vsock connection + /// managed by the caller. + /// + /// For COPY_OUT, the `onMetadata` callback is invoked when the guest sends + /// metadata (is_archive, total_size) before data transfer begins. + /// For COPY_IN, `onMetadata` is not called. + public func copy( + direction: Com_Apple_Containerization_Sandbox_V3_CopyRequest.Direction, + guestPath: URL, + vsockPort: UInt32, + mode: UInt32 = 0, + createParents: Bool = false, + isArchive: Bool = false, + onMetadata: @Sendable @escaping (CopyMetadata) -> Void = { _ in } + ) async throws { + let request = Com_Apple_Containerization_Sandbox_V3_CopyRequest.with { + $0.direction = direction + $0.path = guestPath.path + $0.mode = mode + $0.createParents = createParents + $0.vsockPort = vsockPort + $0.isArchive = isArchive + } + + try await client.copy( + request, + onResponse: { stream in + for try await response in stream.messages { + if !response.error.isEmpty { + throw ContainerizationError(.internalError, message: "copy: \(response.error)") + } + switch response.status { + case .metadata: + onMetadata(CopyMetadata(isArchive: response.isArchive, totalSize: response.totalSize)) + case .complete: + break + case .UNRECOGNIZED(let value): + throw ContainerizationError(.internalError, message: "copy: unrecognized response status \(value)") + } + } + }) + } +} + +extension Hosts { + func toAgentHostsRequest(location: String) -> Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest { + Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.with { + $0.location = location + if let comment { + $0.comment = comment + } + $0.entries = entries.map { + let entry = $0 + return Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest.HostsEntry.with { + if let comment = entry.comment { + $0.comment = comment + } + $0.ipAddress = entry.ipAddress + $0.hostnames = entry.hostnames + } + } + } + } +} + +extension StatCategory { + /// Convert StatCategory to proto enum values. + func toProtoCategories() -> [Com_Apple_Containerization_Sandbox_V3_StatCategory] { + var categories: [Com_Apple_Containerization_Sandbox_V3_StatCategory] = [] + if contains(.process) { + categories.append(.process) + } + if contains(.memory) { + categories.append(.memory) + } + if contains(.cpu) { + categories.append(.cpu) + } + if contains(.blockIO) { + categories.append(.blockIo) + } + if contains(.network) { + categories.append(.network) + } + if contains(.memoryEvents) { + categories.append(.memoryEvents) + } + return categories + } +} + +extension FilesystemOperation { + /// Convert FilesystemOperation to proto oneof value. + fileprivate func toProtoOperation() -> Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest.OneOf_Operation { + switch self { + case .freeze: + return .freeze(.init()) + case .thaw: + return .thaw(.init()) + case .trim: + return .trim( + .with { + $0.oneShot = .init() + }) + } + } +} diff --git a/Sources/Containerization/VmnetNetwork.swift b/Sources/Containerization/VmnetNetwork.swift new file mode 100644 index 0000000..86ec92c --- /dev/null +++ b/Sources/Containerization/VmnetNetwork.swift @@ -0,0 +1,302 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) + +import ContainerizationError +import ContainerizationExtras +import Virtualization +import vmnet + +/// A network backed by vmnet on macOS. +@available(macOS 26.0, *) +public struct VmnetNetwork: Network { + private var allocator: Allocator + // `reference` isn't used concurrently. + nonisolated(unsafe) private let reference: vmnet_network_ref + + /// The IPv4 subnet of this network. + public let subnet: CIDRv4 + + /// The IPv6 prefix of this network. + public let prefixV6: CIDRv6? + + /// The IPv4 gateway address of this network. + public var ipv4Gateway: IPv4Address { + subnet.gateway + } + + /// The IPv6 gateway address of this network, if a prefix exists. + public var ipv6Gateway: IPv6Address? { + prefixV6?.gateway + } + + struct Allocator: Sendable { + private let indexAllocatorV4: any AddressAllocator + private let indexAllocatorV6: (any AddressAllocator)? + private let cidrV4: CIDRv4 + private let cidrV6: CIDRv6? + private var allocations: [String: (v4: UInt32, v6: UInt32?)] + + init(cidrV4: CIDRv4, cidrV6: CIDRv6?) throws { + self.cidrV4 = cidrV4 + self.cidrV6 = cidrV6 + self.allocations = .init() + let v4Size = Int(cidrV4.upper.value - cidrV4.lower.value - 3) + self.indexAllocatorV4 = try UInt32.rotatingAllocator( + lower: cidrV4.lower.value + 2, + size: UInt32(v4Size) + ) + if cidrV6 != nil { + // Independent v6 allocator. The host portion is sourced from a + // UInt32 index regardless of prefix length, and we never need + // more v6 entries than v4 can serve. + self.indexAllocatorV6 = try UInt32.rotatingAllocator( + lower: 2, + size: UInt32(v4Size) + ) + } else { + self.indexAllocatorV6 = nil + } + } + + mutating func allocate(_ id: String) throws -> (CIDRv4, CIDRv6?) { + if allocations[id] != nil { + throw ContainerizationError(.exists, message: "allocation with id \(id) already exists") + } + let v4Index = try indexAllocatorV4.allocate() + let v4 = try CIDRv4(IPv4Address(v4Index), prefix: cidrV4.prefix) + + var v6Index: UInt32? = nil + let v6: CIDRv6? + if let indexAllocatorV6, let cidrV6 { + do { + let idx = try indexAllocatorV6.allocate() + v6Index = idx + let v6Value = (cidrV6.address.value & cidrV6.prefix.prefixMask128) | UInt128(idx) + v6 = try CIDRv6(IPv6Address(v6Value), prefix: cidrV6.prefix) + } catch { + // Roll back v4 so the pair stays atomic. + try? indexAllocatorV4.release(v4Index) + throw error + } + } else { + v6 = nil + } + + allocations[id] = (v4: v4Index, v6: v6Index) + return (v4, v6) + } + + mutating func release(_ id: String) throws { + if let entry = self.allocations[id] { + try indexAllocatorV4.release(entry.v4) + if let v6Index = entry.v6 { + try indexAllocatorV6?.release(v6Index) + } + allocations.removeValue(forKey: id) + } + } + } + + /// A network interface supporting the vmnet_network_ref. + public struct Interface: Containerization.Interface, VZInterface, Sendable { + public let ipv4Address: CIDRv4 + public let ipv4Gateway: IPv4Address? + public let ipv6Address: CIDRv6? + public let ipv6Gateway: IPv6Address? + public let macAddress: MACAddress? + public let mtu: UInt32 + + // `reference` isn't used concurrently. + nonisolated(unsafe) private let reference: vmnet_network_ref + + public init( + reference: vmnet_network_ref, + ipv4Address: CIDRv4, + ipv4Gateway: IPv4Address? = nil, + ipv6Address: CIDRv6? = nil, + ipv6Gateway: IPv6Address? = nil, + macAddress: MACAddress? = nil, + mtu: UInt32 = 1500 + ) { + self.ipv4Address = ipv4Address + self.ipv4Gateway = ipv4Gateway + self.ipv6Address = ipv6Address + self.ipv6Gateway = ipv6Gateway + self.macAddress = macAddress + self.mtu = mtu + self.reference = reference + } + + /// Returns the underlying `VZVirtioNetworkDeviceConfiguration`. + public func device() throws -> VZVirtioNetworkDeviceConfiguration { + let config = VZVirtioNetworkDeviceConfiguration() + if let macAddress = self.macAddress { + guard let mac = VZMACAddress(string: macAddress.description) else { + throw ContainerizationError(.invalidArgument, message: "invalid mac address \(macAddress)") + } + config.macAddress = mac + } + config.attachment = VZVmnetNetworkDeviceAttachment(network: self.reference) + return config + } + } + + /// Creates a new network. + /// - Parameters: + /// - mode: The vmnet operating mode. Defaults to `.VMNET_SHARED_MODE`. + /// - subnetV4: The IPv4 subnet to use for this network. + /// - prefixV6: The IPv6 prefix to use for this network. + public init( + mode: vmnet.operating_modes_t = .VMNET_SHARED_MODE, + subnet: CIDRv4? = nil, + prefixV6: CIDRv6? = nil + ) throws { + var status: vmnet_return_t = .VMNET_FAILURE + guard let config = vmnet_network_configuration_create(mode, &status) else { + throw ContainerizationError(.unsupported, message: "failed to create vmnet config with status \(status)") + } + + vmnet_network_configuration_disable_dhcp(config) + + if let subnet { + try Self.configureSubnetV4(config, subnetV4: subnet) + } + if let prefixV6 { + try Self.configurePrefixV6(config, prefixV6: prefixV6) + } + + guard let ref = vmnet_network_create(config, &status), status == .VMNET_SUCCESS else { + throw ContainerizationError(.unsupported, message: "failed to create vmnet network with status \(status)") + } + + let cidrV4 = try Self.getSubnetV4(ref) + let cidrV6 = Self.getPrefixV6(ref) + + self.allocator = try .init(cidrV4: cidrV4, cidrV6: cidrV6) + self.subnet = cidrV4 + self.prefixV6 = cidrV6 + self.reference = ref + } + + /// Returns a new interface for use with a container. Allocates an IPv4 + /// address from the network's subnet, and — when the network has an IPv6 + /// prefix — an IPv6 address from that prefix. The two allocations are + /// independent. + /// - Parameter id: The container ID. + public mutating func createInterface(_ id: String) throws -> Containerization.Interface? { + let (v4, v6) = try allocator.allocate(id) + return Self.Interface( + reference: self.reference, + ipv4Address: v4, + ipv4Gateway: self.ipv4Gateway, + ipv6Address: v6, + ipv6Gateway: self.ipv6Gateway + ) + } + + /// Returns a new interface for use with a container with a custom MTU. + /// - Parameters: + /// - id: The container ID. + /// - mtu: The MTU for the interface. + public mutating func createInterface(_ id: String, mtu: UInt32) throws -> Containerization.Interface? { + let (v4, v6) = try allocator.allocate(id) + return Self.Interface( + reference: self.reference, + ipv4Address: v4, + ipv4Gateway: self.ipv4Gateway, + ipv6Address: v6, + ipv6Gateway: self.ipv6Gateway, + mtu: mtu + ) + } + + /// Returns a new interface without a default gateway route. Useful for + /// secondary interfaces where another interface already provides the + /// default route. + /// - Parameter id: The container ID. + public mutating func createInterfaceWithoutGateway(_ id: String) throws -> Containerization.Interface? { + let (v4, v6) = try allocator.allocate(id) + return Self.Interface( + reference: self.reference, + ipv4Address: v4, + ipv6Address: v6 + ) + } + + /// Performs cleanup of an interface. + /// - Parameter id: The container ID. + public mutating func releaseInterface(_ id: String) throws { + try allocator.release(id) + } + + private static func getSubnetV4(_ ref: vmnet_network_ref) throws -> CIDRv4 { + var subnet = in_addr() + var mask = in_addr() + vmnet_network_get_ipv4_subnet(ref, &subnet, &mask) + + let sa = UInt32(bigEndian: subnet.s_addr) + let mv = UInt32(bigEndian: mask.s_addr) + + let lower = IPv4Address(sa & mv) + let upper = IPv4Address(lower.value + ~mv) + + return try CIDRv4(lower: lower, upper: upper) + } + + private static func configureSubnetV4(_ config: vmnet_network_configuration_ref, subnetV4: CIDRv4) throws { + let gateway = subnetV4.gateway + + var ga = in_addr() + inet_pton(AF_INET, gateway.description, &ga) + + let mask = IPv4Address(subnetV4.prefix.prefixMask32) + var ma = in_addr() + inet_pton(AF_INET, mask.description, &ma) + + guard vmnet_network_configuration_set_ipv4_subnet(config, &ga, &ma) == .VMNET_SUCCESS else { + throw ContainerizationError(.internalError, message: "failed to set IPv4 subnet \(subnetV4) for network") + } + } + + private static func getPrefixV6(_ ref: vmnet_network_ref) -> CIDRv6? { + var p = in6_addr() + var len: UInt8 = 0 + vmnet_network_get_ipv6_prefix(ref, &p, &len) + + guard len > 0, let prefix = Prefix.ipv6(len) else { + return nil + } + + let bytes: [UInt8] = withUnsafeBytes(of: p) { Array($0) } + guard let address = try? IPv6Address(bytes) else { + return nil + } + return try? CIDRv6(address, prefix: prefix) + } + + private static func configurePrefixV6(_ config: vmnet_network_configuration_ref, prefixV6: CIDRv6) throws { + var p = in6_addr() + inet_pton(AF_INET6, prefixV6.lower.description, &p) + + guard vmnet_network_configuration_set_ipv6_prefix(config, &p, prefixV6.prefix.length) == .VMNET_SUCCESS else { + throw ContainerizationError(.internalError, message: "failed to set IPv6 prefix \(prefixV6) for network") + } + } +} + +#endif diff --git a/Sources/Containerization/Vsock+Linux.swift b/Sources/Containerization/Vsock+Linux.swift new file mode 100644 index 0000000..eacd874 --- /dev/null +++ b/Sources/Containerization/Vsock+Linux.swift @@ -0,0 +1,158 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ContainerizationError +import ContainerizationOS +import Foundation + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +// MARK: - Cloud Hypervisor hybrid vsock host-side helpers +// +// Cloud Hypervisor exposes its vsock device to the host as a Unix-domain +// socket pair, not the kernel AF_VSOCK (this avoids the host needing the +// vhost-vsock kernel module). +// +// - Host → guest dials use the "base" UDS (`VsockConfig.socket`) with a +// one-line `CONNECT \n` request, answered by `OK \n`. After +// that the connection is bridged transparently. +// - Guest → host dials are accepted on per-port UDS files at the +// conventional path `_` that the host pre-creates. +// +// Spec: `docs/vsock.md` in the cloud-hypervisor repository. + +/// Returns the conventional per-port UDS path for guest→host vsock connections, +/// derived by suffixing the base socket path with `_`. +func chVsockListenSocketPath(baseSocket: URL, port: UInt32) -> URL { + URL(fileURLWithPath: "\(baseSocket.path)_\(port)") +} + +/// Bind + listen a fresh AF_UNIX SOCK_STREAM at `path`, unlinking any stale +/// socket file at that path first. Returns the listening fd; ownership is +/// transferred to the caller. +/// +/// The socket file is created with mode `perms` (default `0o600`). The +/// per-VM workDir already restricts access via its own `0o700` mode, but +/// tightening the socket itself is cheap defense-in-depth — vminitd's gRPC +/// surface trusts whoever can `connect(2)` and exposes full container +/// control, so any local-user reach into these sockets is a privilege +/// escalation primitive. +func chVsockBindListener(at path: URL, perms: mode_t = 0o600) throws -> Int32 { + let unix = try UnixType(path: path.path, perms: perms, unlinkExisting: true) + let socket = try Socket(type: unix, closeOnDeinit: false) + do { + try socket.listen() + } catch { + try? socket.close() + throw error + } + return socket.fileDescriptor +} + +/// Dial guest port `port` over the cloud-hypervisor hybrid vsock at +/// `baseSocket`. Returns a `FileHandle` wrapping the connected fd; the +/// FileHandle does **not** close the fd on deinit — ownership of the fd +/// transfers to the caller (typically `Vminitd.init`, which hands it to +/// NIO via `withConnectedSocket`; NIO is then responsible for closing it +/// when the channel is torn down). Callers using the FileHandle directly +/// must close the underlying fd themselves. +func chVsockDial(baseSocket: URL, port: UInt32) async throws -> FileHandle { + try await Task.detached { + try chVsockDialSync(baseSocket: baseSocket, port: port) + }.value +} + +// MARK: - Internals + +private func chVsockDialSync(baseSocket: URL, port: UInt32) throws -> FileHandle { + let unix = try UnixType(path: baseSocket.path) + let socket = try Socket(type: unix, closeOnDeinit: false) + + do { + try socket.connect() + // Bound the bootstrap reply read so a hung cloud-hypervisor muxer + // can't pin this thread forever. CH replies within milliseconds in + // healthy operation; 30 s is well outside that and matches the + // CloudHypervisor REST client default. After bootstrap the fd is + // handed to NIO which puts it in non-blocking mode, where + // SO_RCVTIMEO has no effect — so leaving the timeout in place is + // harmless. + try socket.setTimeout(option: .receive, seconds: 30) + let request = "CONNECT \(port)\n" + _ = try socket.write(data: Data(request.utf8)) + let response = try readLine(fd: socket.fileDescriptor) + // Cloud Hypervisor responds with "OK \n" where + // is the local-side port the muxer allocated for this + // forwarded connection — NOT the peer port we asked for. So we just + // require the response to start with "OK " and parse a UInt32 after. + guard response.hasPrefix("OK "), + UInt32(response.dropFirst(3)) != nil + else { + throw ContainerizationError( + .invalidState, + message: "unexpected vsock CONNECT response: \(response.debugDescription)" + ) + } + return FileHandle(fileDescriptor: socket.fileDescriptor, closeOnDealloc: false) + } catch { + try? socket.close() + throw error + } +} + +/// Read CH's hybrid-vsock `CONNECT` reply line (`OK \n`) one +/// byte at a time. Reads from `fd` until a `\n` is seen or `maxLength` is +/// reached; the returned string excludes the terminating newline. We do +/// this by hand because the fd is still in blocking mode (NIO takes over +/// only after the bootstrap completes) and there's no Foundation / +/// NIO line reader that operates on a raw blocking POSIX fd. +private func readLine(fd: Int32, maxLength: Int = 256) throws -> String { + var bytes: [UInt8] = [] + bytes.reserveCapacity(maxLength) + while bytes.count < maxLength { + var byte: UInt8 = 0 + let n = withUnsafeMutablePointer(to: &byte) { ptr -> ssize_t in + read(fd, ptr, 1) + } + if n == 0 { + break + } + if n < 0 { + let savedErrno = errno + // SO_RCVTIMEO expiry surfaces as EAGAIN / EWOULDBLOCK on a + // blocking socket. Translate to a clear timeout error so callers + // don't have to inspect errno. + if savedErrno == EAGAIN || savedErrno == EWOULDBLOCK { + throw ContainerizationError( + .timeout, + message: "vsock CONNECT response not received within socket receive timeout" + ) + } + throw POSIXError(POSIXErrorCode(rawValue: savedErrno) ?? .EIO) + } + if byte == UInt8(ascii: "\n") { + break + } + bytes.append(byte) + } + return String(decoding: bytes, as: UTF8.self) +} +#endif diff --git a/Sources/Containerization/VsockListener.swift b/Sources/Containerization/VsockListener.swift new file mode 100644 index 0000000..0a20d81 --- /dev/null +++ b/Sources/Containerization/VsockListener.swift @@ -0,0 +1,101 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Synchronization + +#if os(macOS) +import Virtualization +#endif + +/// A stream of vsock connections. +public final class VsockListener: NSObject, Sendable, AsyncSequence { + public typealias Element = FileHandle + + /// The port the connections are for. + public let port: UInt32 + + private let connections: AsyncStream + private let cont: AsyncStream.Continuation + private let stopListening: @Sendable (_ port: UInt32) throws -> Void + private let finished: Mutex + + package init(port: UInt32, stopListen: @Sendable @escaping (_ port: UInt32) throws -> Void) { + self.port = port + let (stream, continuation) = AsyncStream.makeStream(of: FileHandle.self) + self.connections = stream + self.cont = continuation + self.stopListening = stopListen + self.finished = Mutex(false) + } + + /// Idempotent: calling more than once is a no-op. setupIO and the + /// caller-side defer can both call finish without double-closing the + /// listening fd (a double-close would target whatever fd was reallocated + /// in between, hanging the next operation that touched it). + public func finish() throws { + let alreadyFinished = self.finished.withLock { state -> Bool in + if state { + return true + } + state = true + return false + } + if alreadyFinished { + return + } + self.cont.finish() + try self.stopListening(self.port) + } + + /// Push an accepted connection into the listener's stream. Used by + /// VMM-specific accept loops that don't go through a delegate (the + /// cloud-hypervisor backend on Linux). On macOS the VZ delegate hits + /// `cont.yield(_:)` directly via same-class access. + package func yield(_ handle: FileHandle) -> AsyncStream.Continuation.YieldResult { + cont.yield(handle) + } + + public func makeAsyncIterator() -> AsyncStream.AsyncIterator { + connections.makeAsyncIterator() + } +} + +#if os(macOS) + +extension VsockListener: VZVirtioSocketListenerDelegate { + public func listener( + _: VZVirtioSocketListener, shouldAcceptNewConnection conn: VZVirtioSocketConnection, + from _: VZVirtioSocketDevice + ) -> Bool { + let fd = dup(conn.fileDescriptor) + guard fd != -1 else { + return false + } + conn.close() + + let fh = FileHandle(fileDescriptor: fd, closeOnDealloc: false) + let result = cont.yield(fh) + if case .terminated = result { + try? fh.close() + return false + } + + return true + } +} + +#endif diff --git a/Sources/ContainerizationArchive/ArchiveError.swift b/Sources/ContainerizationArchive/ArchiveError.swift new file mode 100644 index 0000000..0caee8b --- /dev/null +++ b/Sources/ContainerizationArchive/ArchiveError.swift @@ -0,0 +1,103 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CArchive +import Foundation + +/// An enumeration of the errors that can be thrown while interacting with an archive. +public enum ArchiveError: Error, CustomStringConvertible { + case unableToCreateArchive + case noUnderlyingArchive + case noArchiveInCallback + case noDelegateConfigured + case delegateFreedBeforeCallback + case unableToSetFormat(CInt, Format) + case unableToAddFilter(CInt, Filter) + case unableToWriteEntryHeader(CInt) + case unableToWriteData(CLong) + case unableToCloseArchive(CInt) + case unableToOpenArchive(CInt) + case unableToSetOption(CInt) + case failedToSetLocale(locales: [String]) + case failedToGetProperty(String, URLResourceKey) + case failedToDetectFilter + case failedToDetectFormat + case failedToExtractArchive(String) + case failedToCreateArchive(String) + case invalidBaseAddressArchiveWrite + + /// Description of the error + public var description: String { + switch self { + case .unableToCreateArchive: + return "unable to create an archive." + case .noUnderlyingArchive: + return "no underlying archive was provided." + case .noArchiveInCallback: + return "no archive was provided in the callback." + case .noDelegateConfigured: + return "no delegate was configured." + case .delegateFreedBeforeCallback: + return "the delegate was freed before the callback was invoked." + case .unableToSetFormat(let code, let name): + return "unable to set the archive format \(name), code \(code)" + case .unableToAddFilter(let code, let name): + return "unable to set the archive filter \(name), code \(code)" + case .unableToWriteEntryHeader(let code): + return "unable to write the entry header to the archive, code \(code)" + case .unableToWriteData(let code): + return "unable to write data to the archive, code \(code)" + case .unableToCloseArchive(let code): + return "unable to close the archive, code \(code)" + case .unableToOpenArchive(let code): + return "unable to open the archive, code \(code)" + case .unableToSetOption(_): + return "unable to set an option on the archive." + case .failedToSetLocale(let locales): + return "failed to set locale to \(locales)" + case .failedToGetProperty(let path, let propertyName): + return "failed to read property \(propertyName) from file at path \(path)" + case .failedToDetectFilter: + return "failed to detect filter from archive." + case .failedToDetectFormat: + return "failed to detect format from archive." + case .failedToExtractArchive(let reason): + return "failed to extract archive: \(reason)" + case .failedToCreateArchive(let reason): + return "failed to create archive: \(reason)" + case .invalidBaseAddressArchiveWrite: + return "got an invalid base address for pointer when writing data to archive" + } + } +} + +public struct LibArchiveError: Error { + public let source: ArchiveError + public let description: String +} + +func wrap(_ f: @autoclosure () -> CInt, _ e: (CInt) -> ArchiveError, underlying: OpaquePointer? = nil) throws { + let result = f() + guard result == ARCHIVE_OK else { + let error = e(result) + guard let underlying = underlying, + let description = archive_error_string(underlying).map(String.init(cString:)) + else { + throw error + } + throw LibArchiveError(source: error, description: description) + } +} diff --git a/Sources/ContainerizationArchive/ArchiveReader.swift b/Sources/ContainerizationArchive/ArchiveReader.swift new file mode 100644 index 0000000..0477d8e --- /dev/null +++ b/Sources/ContainerizationArchive/ArchiveReader.swift @@ -0,0 +1,428 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CArchive +import ContainerizationError +import ContainerizationOS +import Foundation +import SystemPackage + +/// A protocol for reading data in chunks, compatible with both `InputStream` and zero-allocation archive readers. +public protocol ReadableStream { + /// Reads up to `maxLength` bytes into the provided buffer. + /// Returns the number of bytes actually read, 0 for EOF, or -1 for error. + func read(_ buffer: UnsafeMutablePointer, maxLength: Int) -> Int +} + +extension InputStream: ReadableStream {} + +/// Small wrapper type to read data from an archive entry. +public struct ArchiveEntryReader: ReadableStream { + private weak var reader: ArchiveReader? + + init(reader: ArchiveReader) { + self.reader = reader + } + + /// Reads up to `maxLength` bytes into the provided buffer. + /// Returns the number of bytes actually read, 0 for EOF, or -1 for error. + public func read(_ buffer: UnsafeMutablePointer, maxLength: Int) -> Int { + guard let archive = reader?.underlying else { return -1 } + let bytesRead = archive_read_data(archive, buffer, maxLength) + return bytesRead < 0 ? -1 : bytesRead + } +} + +/// A class responsible for reading entries from an archive file. +public final class ArchiveReader { + private static let chunkSize = 4 * 1024 * 1024 + + /// A pointer to the underlying `archive` C structure. + var underlying: OpaquePointer? + /// The file handle associated with the archive file being read. + let fileHandle: FileHandle? + /// Temporary decompressed file URL if the input was zstd-compressed + private var tempDecompressedFile: URL? + + /// Initializes an `ArchiveReader` to read from a specified file URL with an explicit `Format` and `Filter`. + /// Note: This method must be used when it is known that the archive at the specified URL follows the specified + /// `Format` and `Filter`. + public convenience init(format: Format, filter: Filter, file: URL) throws { + // If filter is zstd, decompress it and use filter .none + let fileToRead: URL + let tempFile: URL? + let actualFilter: Filter + + if filter == .zstd { + let decompressed = try Self.decompressZstd(file) + tempFile = decompressed + fileToRead = decompressed + actualFilter = .none + } else { + tempFile = nil + fileToRead = file + actualFilter = filter + } + + do { + let fileHandle = try FileHandle(forReadingFrom: fileToRead) + try self.init(format: format, filter: actualFilter, fileHandle: fileHandle) + } catch { + if let tempFile { + try? FileManager.default.removeItem(at: tempFile.deletingLastPathComponent()) + } + throw error + } + self.tempDecompressedFile = tempFile + } + + /// Initializes an `ArchiveReader` to read from the provided file descriptor with an explicit `Format` and `Filter`. + /// Note: This method must be used when it is known that the archive pointed to by the file descriptor follows the specified + /// `Format` and `Filter`. + public init(format: Format, filter: Filter, fileHandle: FileHandle) throws { + self.underlying = archive_read_new() + self.fileHandle = fileHandle + + try archive_read_set_format(underlying, format.code) + .checkOk(elseThrow: .unableToSetFormat(format.code, format)) + try archive_read_append_filter(underlying, filter.code) + .checkOk(elseThrow: .unableToAddFilter(filter.code, filter)) + + let fd = fileHandle.fileDescriptor + try archive_read_open_fd(underlying, fd, 4096) + .checkOk(elseThrow: { .unableToOpenArchive($0) }) + } + + /// Initialize the `ArchiveReader` to read from a specified file URL + /// by trying to auto determine the archives `Format` and `Filter`. + public init(file: URL) throws { + self.underlying = archive_read_new() + + // Try to decompress as zstd first, fall back to original if it fails + let fileToRead: URL + if let decompressed = try? Self.decompressZstd(file) { + self.tempDecompressedFile = decompressed + fileToRead = decompressed + } else { + fileToRead = file + } + + let fileHandle = try FileHandle(forReadingFrom: fileToRead) + self.fileHandle = fileHandle + try archive_read_support_filter_all(underlying) + .checkOk(elseThrow: .failedToDetectFilter) + try archive_read_support_format_all(underlying) + .checkOk(elseThrow: .failedToDetectFormat) + let fd = fileHandle.fileDescriptor + try archive_read_open_fd(underlying, fd, 4096) + .checkOk(elseThrow: { .unableToOpenArchive($0) }) + } + + /// Decompress a zstd file to a temporary location + public static func decompressZstd(_ source: URL) throws -> URL { + guard let tempDir = createTemporaryDirectory(baseName: "zstd-decompress") else { + throw ArchiveError.failedToDetectFormat + } + let tempFile = tempDir.appendingPathComponent( + source.deletingPathExtension().lastPathComponent + ) + + do { + let srcPath = source.path + let srcFd = open(srcPath, O_RDONLY) + guard srcFd >= 0 else { throw ArchiveError.failedToDetectFormat } + defer { close(srcFd) } + + let dstFd = open(tempFile.path, O_WRONLY | O_CREAT | O_TRUNC, 0o644) + guard dstFd >= 0 else { throw ArchiveError.failedToDetectFormat } + defer { close(dstFd) } + + guard zstd_decompress_fd(srcFd, dstFd) == 0 else { + throw ArchiveError.failedToDetectFormat + } + } catch { + try? FileManager.default.removeItem(at: tempDir) + throw error + } + return tempFile + } + + /// Clean up the temporary directory created by `decompressZstd`. + /// The decompressed file is placed inside a unique temporary directory, + /// so removing that directory cleans up everything. + public static func cleanUpDecompressedZstd(_ file: URL) { + try? FileManager.default.removeItem(at: file.deletingLastPathComponent()) + } + + deinit { + archive_read_free(underlying) + try? fileHandle?.close() + + if let tempFile = tempDecompressedFile { + Self.cleanUpDecompressedZstd(tempFile) + } + } +} + +extension CInt { + fileprivate func checkOk(elseThrow error: @autoclosure () -> ArchiveError) throws { + guard self == ARCHIVE_OK else { throw error() } + } + fileprivate func checkOk(elseThrow error: (CInt) -> ArchiveError) throws { + guard self == ARCHIVE_OK else { throw error(self) } + } + +} + +extension ArchiveReader: Sequence { + public func makeIterator() -> Iterator { + Iterator(reader: self) + } + + public struct Iterator: IteratorProtocol { + var reader: ArchiveReader + + public mutating func next() -> (WriteEntry, Data)? { + let entry = WriteEntry() + let result = archive_read_next_header2(reader.underlying, entry.underlying) + if result == ARCHIVE_EOF { + return nil + } + let data = reader.readDataForEntry(entry) + return (entry, data) + } + } + + /// Returns an iterator that yields archive entries. + public func makeStreamingIterator() -> StreamingIterator { + StreamingIterator(reader: self) + } + + public struct StreamingIterator: Sequence, IteratorProtocol { + var reader: ArchiveReader + + public func makeIterator() -> StreamingIterator { + self + } + + public mutating func next() -> (WriteEntry, ArchiveEntryReader)? { + let entry = WriteEntry() + let result = archive_read_next_header2(reader.underlying, entry.underlying) + if result == ARCHIVE_EOF { + return nil + } + let streamReader = ArchiveEntryReader(reader: reader) + return (entry, streamReader) + } + } + + internal func readDataForEntry(_ entry: WriteEntry) -> Data { + let bufferSize = Int(Swift.min(entry.size ?? 4096, 4096)) + var entry = Data() + var part = Data(count: bufferSize) + while true { + let c = part.withUnsafeMutableBytes { buffer in + guard let baseAddress = buffer.baseAddress else { + return 0 + } + return archive_read_data(self.underlying, baseAddress, buffer.count) + } + guard c > 0 else { break } + part.count = c + entry.append(part) + } + return entry + } +} + +extension ArchiveReader { + public convenience init(name: String, bundle: Data, tempDirectoryBaseName: String? = nil) throws { + let baseName = tempDirectoryBaseName ?? "Unarchiver" + guard let tempDir = createTemporaryDirectory(baseName: baseName) else { + throw ArchiveError.failedToExtractArchive("failed to create temporary directory") + } + let url = tempDir.appendingPathComponent(name) + do { + try bundle.write(to: url, options: .atomic) + try self.init(format: .zip, filter: .none, file: url) + } catch { + try? FileManager.default.removeItem(at: tempDir) + throw error + } + // Register for cleanup in deinit (only needed when the zstd path didn't already set it) + if self.tempDecompressedFile == nil { + self.tempDecompressedFile = url + } + } + + /// Extracts the contents of an archive to the provided directory. + /// Rejects member paths that escape the root directory or traverse + /// symbolic links, and uses a "last entry wins" replacement policy + /// for an existing file at a path to be extracted. + public func extractContents(to directory: URL) throws -> [String] { + // Create the root directory with standard permissions + // and create a FileDescriptor for secure path traversal. + let fm = FileManager.default + let rootFilePath = FilePath(directory.path) + try fm.createDirectory(atPath: directory.path, withIntermediateDirectories: true) + let rootFileDescriptor = try FileDescriptor.open(rootFilePath, .readOnly) + defer { try? rootFileDescriptor.close() } + + // Iterate and extract archive entries, collecting rejected paths. + var foundEntry = false + var rejectedPaths = [String]() + for (entry, dataReader) in self.makeStreamingIterator() { + guard let memberPath = (entry.path.map { FilePath($0) }) else { + continue + } + foundEntry = true + + // Try to extract the entry, catching path validation errors + let extracted = try extractEntry( + entry: entry, + dataReader: dataReader, + memberPath: memberPath, + rootFileDescriptor: rootFileDescriptor + ) + + if !extracted { + rejectedPaths.append(memberPath.string) + } + } + guard foundEntry else { + throw ArchiveError.failedToExtractArchive("no entries found in archive") + } + + return rejectedPaths + } + + /// This method extracts a given file from the archive. + /// This operation modifies the underlying file descriptor's position within the archive, + /// meaning subsequent reads will start from a new location. + /// To reset the underlying file descriptor to the beginning of the archive, close and + /// reopen the archive. + public func extractFile(path: String) throws -> (WriteEntry, Data) { + let entry = WriteEntry() + while archive_read_next_header2(self.underlying, entry.underlying) != ARCHIVE_EOF { + guard let entryPath = entry.path else { continue } + let trimCharSet = CharacterSet(charactersIn: "./") + let trimmedEntry = entryPath.trimmingCharacters(in: trimCharSet) + let trimmedRequired = path.trimmingCharacters(in: trimCharSet) + guard trimmedEntry == trimmedRequired else { continue } + let data = readDataForEntry(entry) + return (entry, data) + } + throw ArchiveError.failedToExtractArchive(" \(path) not found in archive") + } + + /// Extracts a single archive entry. + /// Returns false if the entry was rejected due to path validation errors. + /// Throws on system errors. + private func extractEntry( + entry: WriteEntry, + dataReader: ArchiveEntryReader, + memberPath: FilePath, + rootFileDescriptor: FileDescriptor + ) throws -> Bool { + guard let lastComponent = memberPath.lastComponent else { + return false + } + let relativePath = memberPath.removingLastComponent() + let type = entry.fileType + + do { + switch type { + case .regular: + try FileDescriptorOps.mkdir(rootFileDescriptor, relativePath, makeIntermediates: true) { fd in + // Remove existing entry if present (mimics containerd's "last entry wins" behavior) + try? FileDescriptorOps.unlinkRecursive(fd, filename: lastComponent) + + // Open file for writing using openat with O_NOFOLLOW to prevent TOC-TOU attacks + let fileMode = entry.permissions & 0o777 // Mask to permission bits only + let fileFd = openat(fd.rawValue, lastComponent.string, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, fileMode) + guard fileFd >= 0 else { + throw ArchiveError.failedToExtractArchive("failed to create file: \(memberPath)") + } + defer { close(fileFd) } + + try Self.copyDataReaderToFd(dataReader: dataReader, fileFd: fileFd, memberPath: memberPath) + setFileAttributes(fd: fileFd, entry: entry) + } + case .directory: + try FileDescriptorOps.mkdir(rootFileDescriptor, memberPath, makeIntermediates: true) { fd in + setFileAttributes(fd: fd.rawValue, entry: entry) + } + case .symbolicLink: + guard let targetPath = (entry.symlinkTarget.map { FilePath($0) }) else { + return false + } + var symlinkCreated = false + try FileDescriptorOps.mkdir(rootFileDescriptor, relativePath, makeIntermediates: true) { fd in + // Remove existing entry if present (mimics containerd's "last entry wins" behavior) + try? FileDescriptorOps.unlinkRecursive(fd, filename: lastComponent) + + guard symlinkat(targetPath.string, fd.rawValue, lastComponent.string) == 0 else { + throw ArchiveError.failedToExtractArchive("failed to create symlink: \(targetPath) <- \(memberPath)") + } + symlinkCreated = true + } + return symlinkCreated + default: + return false + } + + return true + } catch let error as FileDescriptorOps.Error { + // Just reject path validation errors, don't fail the extraction + switch error { + case .systemError: + // Fail for system errors + throw error + case .invalidRelativePath, .invalidPathComponent, .cannotFollowSymlink: + return false + } + } + } + + private func setFileAttributes(fd: Int32, entry: WriteEntry) { + fchmod(fd, entry.permissions) + if let owner = entry.owner, let group = entry.group { + fchown(fd, owner, group) + } + } + + private static func copyDataReaderToFd(dataReader: ArchiveEntryReader, fileFd: Int32, memberPath: FilePath) throws { + var buffer = [UInt8](repeating: 0, count: ArchiveReader.chunkSize) + while true { + let bytesRead = buffer.withUnsafeMutableBufferPointer { bufferPtr in + guard let baseAddress = bufferPtr.baseAddress else { return 0 } + return dataReader.read(baseAddress, maxLength: bufferPtr.count) + } + + if bytesRead < 0 { + throw ArchiveError.failedToExtractArchive("failed to read data for: \(memberPath)") + } + if bytesRead == 0 { + break // EOF + } + + let bytesWritten = write(fileFd, buffer, bytesRead) + guard bytesWritten == bytesRead else { + throw ArchiveError.failedToExtractArchive("failed to write data for: \(memberPath)") + } + } + } +} diff --git a/Sources/ContainerizationArchive/ArchiveWriter.swift b/Sources/ContainerizationArchive/ArchiveWriter.swift new file mode 100644 index 0000000..434c51d --- /dev/null +++ b/Sources/ContainerizationArchive/ArchiveWriter.swift @@ -0,0 +1,339 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CArchive +import Foundation +import SystemPackage + +/// A class responsible for writing archives in various formats. +public final class ArchiveWriter { + private static let chunkSize = 4 * 1024 * 1024 + + var underlying: OpaquePointer? + + /// Initialize a new `ArchiveWriter` with the given configuration. + /// This method attempts to initialize an empty archive in memory, failing which it throws a `unableToCreateArchive` error. + public init(configuration: ArchiveWriterConfiguration) throws { + // because for some bizarre reason, UTF8 paths won't work unless this process explicitly sets a locale like en_US.UTF-8 + try Self.attemptSetLocales(locales: configuration.locales) + + guard let underlying = archive_write_new() else { throw ArchiveError.unableToCreateArchive } + self.underlying = underlying + + try setFormat(configuration.format) + try addFilter(configuration.filter) + try setOptions(configuration.options) + } + + /// Initialize a new `ArchiveWriter` for writing into the specified file with the given configuration options. + public convenience init(format: Format, filter: Filter, options: [Options] = [], locales: [String] = ArchiveWriterConfiguration.defaultLocales, file: URL) throws { + let config = ArchiveWriterConfiguration( + format: format, + filter: filter, + options: options, + locales: locales + ) + try self.init(configuration: config) + try self.open(file: file) + } + + /// Opens the given file for writing data into + public func open(file: URL) throws { + guard let underlying = underlying else { throw ArchiveError.noUnderlyingArchive } + let res = archive_write_open_filename(underlying, file.path) + try wrap(res, ArchiveError.unableToOpenArchive, underlying: underlying) + } + + /// Opens the given fd for writing data into + public func open(fileDescriptor: Int32) throws { + guard let underlying = underlying else { throw ArchiveError.noUnderlyingArchive } + let res = archive_write_open_fd(underlying, fileDescriptor) + try wrap(res, ArchiveError.unableToOpenArchive, underlying: underlying) + } + + /// Performs any necessary finalizations on the archive and releases resources. + public func finishEncoding() throws { + guard let u = underlying else { return } + underlying = nil + let r = archive_free(u) + guard r == ARCHIVE_OK else { + throw ArchiveError.unableToCloseArchive(r) + } + } + + deinit { + if let u = underlying { + archive_free(u) + underlying = nil + } + } + + private static func attemptSetLocales(locales: [String]) throws { + for locale in locales { + if setlocale(LC_ALL, locale) != nil { + return + } + } + throw ArchiveError.failedToSetLocale(locales: locales) + } +} + +public class ArchiveWriterTransaction { + private let writer: ArchiveWriter + + fileprivate init(writer: ArchiveWriter) { + self.writer = writer + } + + public func writeHeader(entry: WriteEntry) throws { + try writer.writeHeader(entry: entry) + } + + public func writeChunk(data: UnsafeRawBufferPointer) throws { + try writer.writeData(data: data) + } + + public func finish() throws { + try writer.finishEntry() + } +} + +extension ArchiveWriter { + public func makeTransactionWriter() -> ArchiveWriterTransaction { + ArchiveWriterTransaction(writer: self) + } + + /// Create a new entry in the archive with the given properties. + /// - Parameters: + /// - entry: A `WriteEntry` object describing the metadata of the entry to be created + /// (e.g., name, modification date, permissions). + /// - data: The `Data` object containing the content for the new entry. + public func writeEntry(entry: WriteEntry, data: Data) throws { + try data.withUnsafeBytes { bytes in + try writeEntry(entry: entry, data: bytes) + } + } + + /// Creates a new entry in the archive with the given properties. + /// + /// This method performs the following: + /// 1. Writes the archive header using the provided `WriteEntry` metadata. + /// 2. Writes the content from the `UnsafeRawBufferPointer` into the archive. + /// 3. Finalizes the entry in the archive. + /// + /// - Parameters: + /// - entry: A `WriteEntry` object describing the metadata of the entry to be created + /// (e.g., name, modification date, permissions, type). + /// - data: An optional `UnsafeRawBufferPointer` containing the raw bytes for the new entry's + /// content. Pass `nil` for entries that do not have content data (e.g., directories, symlinks). + public func writeEntry(entry: WriteEntry, data: UnsafeRawBufferPointer?) throws { + try writeHeader(entry: entry) + if let data = data { + try writeData(data: data) + } + try finishEntry() + } + + fileprivate func writeHeader(entry: WriteEntry) throws { + guard let underlying = self.underlying else { throw ArchiveError.noUnderlyingArchive } + + try wrap( + archive_write_header(underlying, entry.underlying), ArchiveError.unableToWriteEntryHeader, + underlying: underlying) + } + + fileprivate func finishEntry() throws { + guard let underlying = self.underlying else { throw ArchiveError.noUnderlyingArchive } + + archive_write_finish_entry(underlying) + } + + fileprivate func writeData(data: UnsafeRawBufferPointer) throws { + guard let underlying = self.underlying else { throw ArchiveError.noUnderlyingArchive } + + var offset = 0 + while offset < data.count { + guard let baseAddress = data.baseAddress?.advanced(by: offset) else { + throw ArchiveError.invalidBaseAddressArchiveWrite + } + let result = archive_write_data(underlying, baseAddress, data.count - offset) + guard result > 0 else { + throw ArchiveError.unableToWriteData(result) + } + offset += Int(result) + } + } +} + +extension ArchiveWriter { + private func archive(_ relativePath: FilePath, dirPath: FilePath) throws { + let fm = FileManager.default + + let fullPath = dirPath.appending(relativePath.string) + + var statInfo = stat() + guard lstat(fullPath.string, &statInfo) == 0 else { + let errNo = errno + let err = POSIXErrorCode(rawValue: errNo) ?? .EINVAL + throw ArchiveError.failedToCreateArchive("lstat failed for '\(fullPath)': \(POSIXError(err))") + } + + let mode = statInfo.st_mode + let uid = statInfo.st_uid + let gid = statInfo.st_gid + var size: Int64 = 0 + let type: URLFileResourceType + + if (mode & S_IFMT) == S_IFREG { + type = .regular + size = Int64(statInfo.st_size) + } else if (mode & S_IFMT) == S_IFDIR { + type = .directory + } else if (mode & S_IFMT) == S_IFLNK { + type = .symbolicLink + } else { + return + } + + #if os(macOS) + let created = Date(timeIntervalSince1970: Double(statInfo.st_ctimespec.tv_sec)) + let access = Date(timeIntervalSince1970: Double(statInfo.st_atimespec.tv_sec)) + let modified = Date(timeIntervalSince1970: Double(statInfo.st_mtimespec.tv_sec)) + #else + let created = Date(timeIntervalSince1970: Double(statInfo.st_ctim.tv_sec)) + let access = Date(timeIntervalSince1970: Double(statInfo.st_atim.tv_sec)) + let modified = Date(timeIntervalSince1970: Double(statInfo.st_mtim.tv_sec)) + #endif + + let entry = WriteEntry() + if type == .symbolicLink { + let targetPath = try fm.destinationOfSymbolicLink(atPath: fullPath.string) + // Resolve the target relative to the symlink's parent, not the archive root. + let symlinkParent = fullPath.removingLastComponent() + let resolvedFull = symlinkParent.appending(targetPath).lexicallyNormalized() + guard resolvedFull.starts(with: dirPath) else { + return + } + entry.symlinkTarget = targetPath + } + + entry.path = relativePath.string + entry.size = size + entry.creationDate = created + entry.modificationDate = modified + entry.contentAccessDate = access + entry.fileType = type + entry.group = gid + entry.owner = uid + entry.permissions = mode + if type == .regular { + let buf = UnsafeMutableRawBufferPointer.allocate(byteCount: Self.chunkSize, alignment: 1) + guard let baseAddress = buf.baseAddress else { + throw ArchiveError.failedToCreateArchive("cannot create temporary buffer of size \(Self.chunkSize)") + } + defer { buf.deallocate() } + let fd = Foundation.open(fullPath.string, O_RDONLY) + guard fd >= 0 else { + let err = POSIXErrorCode(rawValue: errno) ?? .EINVAL + throw ArchiveError.failedToCreateArchive("cannot open file \(fullPath.string) for reading: \(err)") + } + defer { close(fd) } + try self.writeHeader(entry: entry) + while true { + let n = read(fd, baseAddress, Self.chunkSize) + if n == 0 { break } + if n < 0 { + let err = POSIXErrorCode(rawValue: errno) ?? .EIO + throw ArchiveError.failedToCreateArchive("failed to read from file \(fullPath.string): \(err)") + } + try self.writeData(data: UnsafeRawBufferPointer(start: baseAddress, count: n)) + } + try self.finishEntry() + } else { + try self.writeEntry(entry: entry, data: nil) + } + } + + /// Recursively archives the content of a directory. Regular files, symlinks and directories are added into the archive. + /// Note: Symlinks are added to the archive if both the source and target for the symlink are both contained in the top level directory. + public func archiveDirectory(_ dir: URL) throws { + let fm = FileManager.default + let dirPath = FilePath(dir.path) + + guard let enumerator = fm.enumerator(atPath: dirPath.string) else { + throw POSIXError(.ENOTDIR) + } + + // Emit a leading "./" entry for the root directory, matching GNU/BSD tar behavior. + var rootStat = stat() + guard lstat(dirPath.string, &rootStat) == 0 else { + let err = POSIXErrorCode(rawValue: errno) ?? .EINVAL + throw ArchiveError.failedToCreateArchive("lstat failed for '\(dirPath)': \(POSIXError(err))") + } + let rootEntry = WriteEntry() + rootEntry.path = "./" + rootEntry.size = 0 + rootEntry.fileType = .directory + rootEntry.owner = rootStat.st_uid + rootEntry.group = rootStat.st_gid + rootEntry.permissions = rootStat.st_mode + #if os(macOS) + rootEntry.creationDate = Date(timeIntervalSince1970: Double(rootStat.st_ctimespec.tv_sec)) + rootEntry.contentAccessDate = Date(timeIntervalSince1970: Double(rootStat.st_atimespec.tv_sec)) + rootEntry.modificationDate = Date(timeIntervalSince1970: Double(rootStat.st_mtimespec.tv_sec)) + #else + rootEntry.creationDate = Date(timeIntervalSince1970: Double(rootStat.st_ctim.tv_sec)) + rootEntry.contentAccessDate = Date(timeIntervalSince1970: Double(rootStat.st_atim.tv_sec)) + rootEntry.modificationDate = Date(timeIntervalSince1970: Double(rootStat.st_mtim.tv_sec)) + #endif + try self.writeHeader(entry: rootEntry) + + for case let relativePath as String in enumerator { + try archive(FilePath(relativePath), dirPath: dirPath) + } + } + + public func archive(_ paths: [FilePath], base: FilePath) throws { + let fm = FileManager.default + let base = base.lexicallyNormalized() + + for path in paths { + guard path.starts(with: base) else { + throw ArchiveError.failedToCreateArchive("'\(path.string)' is not under '\(base.string)'") + } + + let relativePath = path.components.dropFirst(base.components.count) + .reduce(into: FilePath("")) { $0.append($1) } + + var isDir: ObjCBool = false + _ = fm.fileExists(atPath: path.string, isDirectory: &isDir) + if isDir.boolValue { + guard let enumerator = fm.enumerator(atPath: path.string) else { + throw POSIXError(.ENOTDIR) + } + + try archive(relativePath, dirPath: base) + for case let child as String in enumerator { + let childPath = relativePath.appending(child) + + try archive(childPath, dirPath: base) + } + } else { + try archive(relativePath, dirPath: base) + } + } + } +} diff --git a/Sources/ContainerizationArchive/ArchiveWriterConfiguration.swift b/Sources/ContainerizationArchive/ArchiveWriterConfiguration.swift new file mode 100644 index 0000000..e4e1055 --- /dev/null +++ b/Sources/ContainerizationArchive/ArchiveWriterConfiguration.swift @@ -0,0 +1,200 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CArchive + +/// Represents the configuration settings for an `ArchiveWriter`. +/// +/// This struct allows specifying the archive format, compression filter, +/// various format-specific options, and preferred locales for string encoding. +public struct ArchiveWriterConfiguration { + public static let defaultLocales = ["en_US.UTF-8", "C.UTF-8"] + + /// The desired archive format + public var format: Format + /// The compression filter to apply to the archive + public var filter: Filter + /// An array of format-specific options to apply to the archive. + /// This includes options like compression level and extended attribute format. + public var options: [Options] + /// An array of preferred locale identifiers for string encoding + public var locales: [String] + + /// Initializes a new `ArchiveWriterConfiguration`. + /// + /// Sets up the configuration with the specified format, filter, options, and locales. + public init( + format: Format, filter: Filter, options: [Options] = [], locales: [String] = Self.defaultLocales + ) { + self.format = format + self.filter = filter + self.options = options + self.locales = locales + } +} + +extension ArchiveWriter { + internal func setFormat(_ format: Format) throws { + guard let underlying = self.underlying else { throw ArchiveError.noUnderlyingArchive } + let r = archive_write_set_format(underlying, format.code) + guard r == ARCHIVE_OK else { throw ArchiveError.unableToSetFormat(r, format) } + } + + internal func addFilter(_ filter: Filter) throws { + guard let underlying = self.underlying else { throw ArchiveError.noUnderlyingArchive } + let r = archive_write_add_filter(underlying, filter.code) + guard r == ARCHIVE_OK else { throw ArchiveError.unableToAddFilter(r, filter) } + } + + internal func setOptions(_ options: [Options]) throws { + guard let underlying = self.underlying else { throw ArchiveError.noUnderlyingArchive } + try options.forEach { + switch $0 { + case .compressionLevel(let level): + try wrap( + archive_write_set_option(underlying, nil, "compression-level", "\(level)"), + ArchiveError.unableToSetOption, underlying: self.underlying) + case .compression(.store): + try wrap( + archive_write_set_option(underlying, nil, "compression", "store"), ArchiveError.unableToSetOption, + underlying: self.underlying) + case .compression(.deflate): + try wrap( + archive_write_set_option(underlying, nil, "compression", "deflate"), ArchiveError.unableToSetOption, + underlying: self.underlying) + case .xattrformat(let value): + let v = value.description + try wrap( + archive_write_set_option(underlying, nil, "xattrheader", v), ArchiveError.unableToSetOption, + underlying: self.underlying) + } + } + } +} + +public enum Options { + case compressionLevel(UInt32) + case compression(Compression) + case xattrformat(XattrFormat) + + public enum Compression { + case store + case deflate + } + + public enum XattrFormat: String, CustomStringConvertible { + case schily + case libarchive + case all + + public var description: String { + switch self { + case .libarchive: + return "LIBARCHIVE" + case .schily: + return "SCHILY" + case .all: + return "ALL" + } + } + } +} + +/// An enumeration of the supported archive formats. +public enum Format: String, Sendable { + /// POSIX-standard `ustar` archives + case ustar + case gnutar + /// POSIX `pax interchange format` archives + case pax + case paxRestricted + /// POSIX octet-oriented cpio archives + case cpio + case cpioNewc + /// Zip archive + case zip + /// two different variants of shar archives + case shar + case sharDump + /// ISO9660 CD images + case iso9660 + /// 7-Zip archives + case sevenZip + /// ar archives + case arBSD + case arGNU + /// mtree file tree descriptions + case mtree + /// XAR archives + case xar + + internal var code: CInt { + switch self { + case .ustar: return ARCHIVE_FORMAT_TAR_USTAR + case .pax: return ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE + case .paxRestricted: return ARCHIVE_FORMAT_TAR_PAX_RESTRICTED + case .gnutar: return ARCHIVE_FORMAT_TAR_GNUTAR + case .cpio: return ARCHIVE_FORMAT_CPIO_POSIX + case .cpioNewc: return ARCHIVE_FORMAT_CPIO_AFIO_LARGE + case .zip: return ARCHIVE_FORMAT_ZIP + case .shar: return ARCHIVE_FORMAT_SHAR_BASE + case .sharDump: return ARCHIVE_FORMAT_SHAR_DUMP + case .iso9660: return ARCHIVE_FORMAT_ISO9660 + case .sevenZip: return ARCHIVE_FORMAT_7ZIP + case .arBSD: return ARCHIVE_FORMAT_AR_BSD + case .arGNU: return ARCHIVE_FORMAT_AR_GNU + case .mtree: return ARCHIVE_FORMAT_MTREE + case .xar: return ARCHIVE_FORMAT_XAR + } + } +} + +/// An enumeration of the supported filters (compression / encoding standards) for an archive. +public enum Filter: String, Sendable { + case none + case gzip + case bzip2 + case compress + case lzma + case xz + case uu + case rpm + case lzip + case lrzip + case lzop + case grzip + case lz4 + case zstd + + internal var code: CInt { + switch self { + case .none: return ARCHIVE_FILTER_NONE + case .gzip: return ARCHIVE_FILTER_GZIP + case .bzip2: return ARCHIVE_FILTER_BZIP2 + case .compress: return ARCHIVE_FILTER_COMPRESS + case .lzma: return ARCHIVE_FILTER_LZMA + case .xz: return ARCHIVE_FILTER_XZ + case .uu: return ARCHIVE_FILTER_UU + case .rpm: return ARCHIVE_FILTER_RPM + case .lzip: return ARCHIVE_FILTER_LZIP + case .lrzip: return ARCHIVE_FILTER_LRZIP + case .lzop: return ARCHIVE_FILTER_LZOP + case .grzip: return ARCHIVE_FILTER_GRZIP + case .lz4: return ARCHIVE_FILTER_LZ4 + case .zstd: return ARCHIVE_FILTER_ZSTD + } + } +} diff --git a/Sources/ContainerizationArchive/CArchive/COPYING b/Sources/ContainerizationArchive/CArchive/COPYING new file mode 100644 index 0000000..1b97235 --- /dev/null +++ b/Sources/ContainerizationArchive/CArchive/COPYING @@ -0,0 +1,65 @@ +The libarchive distribution as a whole is Copyright by Tim Kientzle +and is subject to the copyright notice reproduced at the bottom of +this file. + +Each individual file in this distribution should have a clear +copyright/licensing statement at the beginning of the file. If any do +not, please let me know and I will rectify it. The following is +intended to summarize the copyright status of the individual files; +the actual statements in the files are controlling. + +* Except as listed below, all C sources (including .c and .h files) + and documentation files are subject to the copyright notice reproduced + at the bottom of this file. + +* The following source files are also subject in whole or in part to + a 3-clause UC Regents copyright; please read the individual source + files for details: + libarchive/archive_read_support_filter_compress.c + libarchive/archive_write_add_filter_compress.c + libarchive/mtree.5 + +* The following source files are in the public domain: + libarchive/archive_getdate.c + +* The following source files are triple-licensed with the ability to choose + from CC0 1.0 Universal, OpenSSL or Apache 2.0 licenses: + libarchive/archive_blake2.h + libarchive/archive_blake2_impl.h + libarchive/archive_blake2s_ref.c + libarchive/archive_blake2sp_ref.c + +* The build files---including Makefiles, configure scripts, + and auxiliary scripts used as part of the compile process---have + widely varying licensing terms. Please check individual files before + distributing them to see if those restrictions apply to you. + +I intend for all new source code to use the license below and hope over +time to replace code with other licenses with new implementations that +do use the license below. The varying licensing of the build scripts +seems to be an unavoidable mess. + + +Copyright (c) 2003-2018 +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer + in this position and unchanged. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/Sources/ContainerizationArchive/CArchive/archive_swift_bridge.c b/Sources/ContainerizationArchive/CArchive/archive_swift_bridge.c new file mode 100644 index 0000000..a16d32b --- /dev/null +++ b/Sources/ContainerizationArchive/CArchive/archive_swift_bridge.c @@ -0,0 +1,68 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "archive_bridge.h" +#include +#include +#include + +void archive_set_error_wrapper(struct archive *a, int error_number, const char *error_string) { + archive_set_error(a, error_number, "%s", error_string); +} + +int zstd_decompress_fd(int src_fd, int dst_fd) { + ZSTD_DStream *dstream = ZSTD_createDStream(); + if (!dstream) return 1; + + size_t init_result = ZSTD_initDStream(dstream); + if (ZSTD_isError(init_result)) { + ZSTD_freeDStream(dstream); + return 1; + } + + size_t in_size = ZSTD_DStreamInSize(); + size_t out_size = ZSTD_DStreamOutSize(); + void *in_buf = malloc(in_size); + void *out_buf = malloc(out_size); + if (!in_buf || !out_buf) { + free(in_buf); + free(out_buf); + ZSTD_freeDStream(dstream); + return 1; + } + + int rc = 0; + ssize_t bytes_read; + while ((bytes_read = read(src_fd, in_buf, in_size)) > 0) { + ZSTD_inBuffer input = { in_buf, (size_t)bytes_read, 0 }; + while (input.pos < input.size) { + ZSTD_outBuffer output = { out_buf, out_size, 0 }; + size_t result = ZSTD_decompressStream(dstream, &output, &input); + if (ZSTD_isError(result)) { rc = 1; goto done; } + if (output.pos > 0) { + ssize_t written = write(dst_fd, out_buf, output.pos); + if (written != (ssize_t)output.pos) { rc = 1; goto done; } + } + } + } + if (bytes_read < 0) rc = 1; + +done: + free(in_buf); + free(out_buf); + ZSTD_freeDStream(dstream); + return rc; +} diff --git a/Sources/ContainerizationArchive/CArchive/include/archive.h b/Sources/ContainerizationArchive/CArchive/include/archive.h new file mode 100644 index 0000000..5b65475 --- /dev/null +++ b/Sources/ContainerizationArchive/CArchive/include/archive.h @@ -0,0 +1,1214 @@ +/*- + * Copyright (c) 2003-2010 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef ARCHIVE_H_INCLUDED +#define ARCHIVE_H_INCLUDED + +/* + * The version number is expressed as a single integer that makes it + * easy to compare versions at build time: for version a.b.c, the + * version number is printf("%d%03d%03d",a,b,c). For example, if you + * know your application requires version 2.12.108 or later, you can + * assert that ARCHIVE_VERSION_NUMBER >= 2012108. + */ +/* Note: Compiler will complain if this does not match archive_entry.h! */ +#define ARCHIVE_VERSION_NUMBER 3007007 + +#include +#include /* for wchar_t */ +#include /* For FILE * */ +#include /* For time_t */ + +/* + * Note: archive.h is for use outside of libarchive; the configuration + * headers (config.h, archive_platform.h, etc.) are purely internal. + * Do NOT use HAVE_XXX configuration macros to control the behavior of + * this header! If you must conditionalize, use predefined compiler and/or + * platform macros. + */ +#if defined(__BORLANDC__) && __BORLANDC__ >= 0x560 +# include +#elif !defined(__WATCOMC__) && !defined(_MSC_VER) && !defined(__INTERIX) && !defined(__BORLANDC__) && !defined(_SCO_DS) && !defined(__osf__) && !defined(__CLANG_INTTYPES_H) +# include +#endif + +/* Get appropriate definitions of 64-bit integer */ +#if !defined(__LA_INT64_T_DEFINED) +/* Older code relied on the __LA_INT64_T macro; after 4.0 we'll switch to the typedef exclusively. */ +# if ARCHIVE_VERSION_NUMBER < 4000000 +#define __LA_INT64_T la_int64_t +# endif +#define __LA_INT64_T_DEFINED +# if defined(_WIN32) && !defined(__CYGWIN__) && !defined(__WATCOMC__) +typedef __int64 la_int64_t; +# else +# include /* ssize_t */ +# if defined(_SCO_DS) || defined(__osf__) +typedef long long la_int64_t; +# else +typedef int64_t la_int64_t; +# endif +# endif +#endif + +/* The la_ssize_t should match the type used in 'struct stat' */ +#if !defined(__LA_SSIZE_T_DEFINED) +/* Older code relied on the __LA_SSIZE_T macro; after 4.0 we'll switch to the typedef exclusively. */ +# if ARCHIVE_VERSION_NUMBER < 4000000 +#define __LA_SSIZE_T la_ssize_t +# endif +#define __LA_SSIZE_T_DEFINED +# if defined(_WIN32) && !defined(__CYGWIN__) && !defined(__WATCOMC__) +# if defined(_SSIZE_T_DEFINED) || defined(_SSIZE_T_) +typedef ssize_t la_ssize_t; +# elif defined(_WIN64) +typedef __int64 la_ssize_t; +# else +typedef long la_ssize_t; +# endif +# else +# include /* ssize_t */ +typedef ssize_t la_ssize_t; +# endif +#endif + +/* Large file support for Android */ +#if defined(__LIBARCHIVE_BUILD) && defined(__ANDROID__) +#include "android_lf.h" +#endif + +/* + * On Windows, define LIBARCHIVE_STATIC if you're building or using a + * .lib. The default here assumes you're building a DLL. Only + * libarchive source should ever define __LIBARCHIVE_BUILD. + */ +#if ((defined __WIN32__) || (defined _WIN32) || defined(__CYGWIN__)) && (!defined LIBARCHIVE_STATIC) +# ifdef __LIBARCHIVE_BUILD +# ifdef __GNUC__ +# define __LA_DECL __attribute__((dllexport)) extern +# else +# define __LA_DECL __declspec(dllexport) +# endif +# else +# ifdef __GNUC__ +# define __LA_DECL +# else +# define __LA_DECL __declspec(dllimport) +# endif +# endif +#elif defined __LIBARCHIVE_ENABLE_VISIBILITY +# define __LA_DECL __attribute__((visibility("default"))) +#else +/* Static libraries or non-Windows needs no special declaration. */ +# define __LA_DECL +#endif + +#if defined(__GNUC__) && __GNUC__ >= 3 && !defined(__MINGW32__) +#define __LA_PRINTF(fmtarg, firstvararg) \ + __attribute__((__format__ (__printf__, fmtarg, firstvararg))) +#else +#define __LA_PRINTF(fmtarg, firstvararg) /* nothing */ +#endif + +#if defined(__GNUC__) && __GNUC__ >= 3 && __GNUC_MINOR__ >= 1 +# define __LA_DEPRECATED __attribute__((deprecated)) +#else +# define __LA_DEPRECATED +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The version number is provided as both a macro and a function. + * The macro identifies the installed header; the function identifies + * the library version (which may not be the same if you're using a + * dynamically-linked version of the library). Of course, if the + * header and library are very different, you should expect some + * strangeness. Don't do that. + */ +__LA_DECL int archive_version_number(void); + +/* + * Textual name/version of the library, useful for version displays. + */ +#define ARCHIVE_VERSION_ONLY_STRING "3.7.7" +#define ARCHIVE_VERSION_STRING "libarchive " ARCHIVE_VERSION_ONLY_STRING +__LA_DECL const char * archive_version_string(void); + +/* + * Detailed textual name/version of the library and its dependencies. + * This has the form: + * "libarchive x.y.z zlib/a.b.c liblzma/d.e.f ... etc ..." + * the list of libraries described here will vary depending on how + * libarchive was compiled. + */ +__LA_DECL const char * archive_version_details(void); + +/* + * Returns NULL if libarchive was compiled without the associated library. + * Otherwise, returns the version number that libarchive was compiled + * against. + */ +__LA_DECL const char * archive_zlib_version(void); +__LA_DECL const char * archive_liblzma_version(void); +__LA_DECL const char * archive_bzlib_version(void); +__LA_DECL const char * archive_liblz4_version(void); +__LA_DECL const char * archive_libzstd_version(void); + +/* Declare our basic types. */ +struct archive; +struct archive_entry; + +/* + * Error codes: Use archive_errno() and archive_error_string() + * to retrieve details. Unless specified otherwise, all functions + * that return 'int' use these codes. + */ +#define ARCHIVE_EOF 1 /* Found end of archive. */ +#define ARCHIVE_OK 0 /* Operation was successful. */ +#define ARCHIVE_RETRY (-10) /* Retry might succeed. */ +#define ARCHIVE_WARN (-20) /* Partial success. */ +/* For example, if write_header "fails", then you can't push data. */ +#define ARCHIVE_FAILED (-25) /* Current operation cannot complete. */ +/* But if write_header is "fatal," then this archive is dead and useless. */ +#define ARCHIVE_FATAL (-30) /* No more operations are possible. */ + +/* + * As far as possible, archive_errno returns standard platform errno codes. + * Of course, the details vary by platform, so the actual definitions + * here are stored in "archive_platform.h". The symbols are listed here + * for reference; as a rule, clients should not need to know the exact + * platform-dependent error code. + */ +/* Unrecognized or invalid file format. */ +/* #define ARCHIVE_ERRNO_FILE_FORMAT */ +/* Illegal usage of the library. */ +/* #define ARCHIVE_ERRNO_PROGRAMMER_ERROR */ +/* Unknown or unclassified error. */ +/* #define ARCHIVE_ERRNO_MISC */ + +/* + * Callbacks are invoked to automatically read/skip/write/open/close the + * archive. You can provide your own for complex tasks (like breaking + * archives across multiple tapes) or use standard ones built into the + * library. + */ + +/* Returns pointer and size of next block of data from archive. */ +typedef la_ssize_t archive_read_callback(struct archive *, + void *_client_data, const void **_buffer); + +/* Skips at most request bytes from archive and returns the skipped amount. + * This may skip fewer bytes than requested; it may even skip zero bytes. + * If you do skip fewer bytes than requested, libarchive will invoke your + * read callback and discard data as necessary to make up the full skip. + */ +typedef la_int64_t archive_skip_callback(struct archive *, + void *_client_data, la_int64_t request); + +/* Seeks to specified location in the file and returns the position. + * Whence values are SEEK_SET, SEEK_CUR, SEEK_END from stdio.h. + * Return ARCHIVE_FATAL if the seek fails for any reason. + */ +typedef la_int64_t archive_seek_callback(struct archive *, + void *_client_data, la_int64_t offset, int whence); + +/* Returns size actually written, zero on EOF, -1 on error. */ +typedef la_ssize_t archive_write_callback(struct archive *, + void *_client_data, + const void *_buffer, size_t _length); + +typedef int archive_open_callback(struct archive *, void *_client_data); + +typedef int archive_close_callback(struct archive *, void *_client_data); + +typedef int archive_free_callback(struct archive *, void *_client_data); + +/* Switches from one client data object to the next/prev client data object. + * This is useful for reading from different data blocks such as a set of files + * that make up one large file. + */ +typedef int archive_switch_callback(struct archive *, void *_client_data1, + void *_client_data2); + +/* + * Returns a passphrase used for encryption or decryption, NULL on nothing + * to do and give it up. + */ +typedef const char *archive_passphrase_callback(struct archive *, + void *_client_data); + +/* + * Codes to identify various stream filters. + */ +#define ARCHIVE_FILTER_NONE 0 +#define ARCHIVE_FILTER_GZIP 1 +#define ARCHIVE_FILTER_BZIP2 2 +#define ARCHIVE_FILTER_COMPRESS 3 +#define ARCHIVE_FILTER_PROGRAM 4 +#define ARCHIVE_FILTER_LZMA 5 +#define ARCHIVE_FILTER_XZ 6 +#define ARCHIVE_FILTER_UU 7 +#define ARCHIVE_FILTER_RPM 8 +#define ARCHIVE_FILTER_LZIP 9 +#define ARCHIVE_FILTER_LRZIP 10 +#define ARCHIVE_FILTER_LZOP 11 +#define ARCHIVE_FILTER_GRZIP 12 +#define ARCHIVE_FILTER_LZ4 13 +#define ARCHIVE_FILTER_ZSTD 14 + +#if ARCHIVE_VERSION_NUMBER < 4000000 +#define ARCHIVE_COMPRESSION_NONE ARCHIVE_FILTER_NONE +#define ARCHIVE_COMPRESSION_GZIP ARCHIVE_FILTER_GZIP +#define ARCHIVE_COMPRESSION_BZIP2 ARCHIVE_FILTER_BZIP2 +#define ARCHIVE_COMPRESSION_COMPRESS ARCHIVE_FILTER_COMPRESS +#define ARCHIVE_COMPRESSION_PROGRAM ARCHIVE_FILTER_PROGRAM +#define ARCHIVE_COMPRESSION_LZMA ARCHIVE_FILTER_LZMA +#define ARCHIVE_COMPRESSION_XZ ARCHIVE_FILTER_XZ +#define ARCHIVE_COMPRESSION_UU ARCHIVE_FILTER_UU +#define ARCHIVE_COMPRESSION_RPM ARCHIVE_FILTER_RPM +#define ARCHIVE_COMPRESSION_LZIP ARCHIVE_FILTER_LZIP +#define ARCHIVE_COMPRESSION_LRZIP ARCHIVE_FILTER_LRZIP +#endif + +/* + * Codes returned by archive_format. + * + * Top 16 bits identifies the format family (e.g., "tar"); lower + * 16 bits indicate the variant. This is updated by read_next_header. + * Note that the lower 16 bits will often vary from entry to entry. + * In some cases, this variation occurs as libarchive learns more about + * the archive (for example, later entries might utilize extensions that + * weren't necessary earlier in the archive; in this case, libarchive + * will change the format code to indicate the extended format that + * was used). In other cases, it's because different tools have + * modified the archive and so different parts of the archive + * actually have slightly different formats. (Both tar and cpio store + * format codes in each entry, so it is quite possible for each + * entry to be in a different format.) + */ +#define ARCHIVE_FORMAT_BASE_MASK 0xff0000 +#define ARCHIVE_FORMAT_CPIO 0x10000 +#define ARCHIVE_FORMAT_CPIO_POSIX (ARCHIVE_FORMAT_CPIO | 1) +#define ARCHIVE_FORMAT_CPIO_BIN_LE (ARCHIVE_FORMAT_CPIO | 2) +#define ARCHIVE_FORMAT_CPIO_BIN_BE (ARCHIVE_FORMAT_CPIO | 3) +#define ARCHIVE_FORMAT_CPIO_SVR4_NOCRC (ARCHIVE_FORMAT_CPIO | 4) +#define ARCHIVE_FORMAT_CPIO_SVR4_CRC (ARCHIVE_FORMAT_CPIO | 5) +#define ARCHIVE_FORMAT_CPIO_AFIO_LARGE (ARCHIVE_FORMAT_CPIO | 6) +#define ARCHIVE_FORMAT_CPIO_PWB (ARCHIVE_FORMAT_CPIO | 7) +#define ARCHIVE_FORMAT_SHAR 0x20000 +#define ARCHIVE_FORMAT_SHAR_BASE (ARCHIVE_FORMAT_SHAR | 1) +#define ARCHIVE_FORMAT_SHAR_DUMP (ARCHIVE_FORMAT_SHAR | 2) +#define ARCHIVE_FORMAT_TAR 0x30000 +#define ARCHIVE_FORMAT_TAR_USTAR (ARCHIVE_FORMAT_TAR | 1) +#define ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE (ARCHIVE_FORMAT_TAR | 2) +#define ARCHIVE_FORMAT_TAR_PAX_RESTRICTED (ARCHIVE_FORMAT_TAR | 3) +#define ARCHIVE_FORMAT_TAR_GNUTAR (ARCHIVE_FORMAT_TAR | 4) +#define ARCHIVE_FORMAT_ISO9660 0x40000 +#define ARCHIVE_FORMAT_ISO9660_ROCKRIDGE (ARCHIVE_FORMAT_ISO9660 | 1) +#define ARCHIVE_FORMAT_ZIP 0x50000 +#define ARCHIVE_FORMAT_EMPTY 0x60000 +#define ARCHIVE_FORMAT_AR 0x70000 +#define ARCHIVE_FORMAT_AR_GNU (ARCHIVE_FORMAT_AR | 1) +#define ARCHIVE_FORMAT_AR_BSD (ARCHIVE_FORMAT_AR | 2) +#define ARCHIVE_FORMAT_MTREE 0x80000 +#define ARCHIVE_FORMAT_RAW 0x90000 +#define ARCHIVE_FORMAT_XAR 0xA0000 +#define ARCHIVE_FORMAT_LHA 0xB0000 +#define ARCHIVE_FORMAT_CAB 0xC0000 +#define ARCHIVE_FORMAT_RAR 0xD0000 +#define ARCHIVE_FORMAT_7ZIP 0xE0000 +#define ARCHIVE_FORMAT_WARC 0xF0000 +#define ARCHIVE_FORMAT_RAR_V5 0x100000 + +/* + * Codes returned by archive_read_format_capabilities(). + * + * This list can be extended with values between 0 and 0xffff. + * The original purpose of this list was to let different archive + * format readers expose their general capabilities in terms of + * encryption. + */ +#define ARCHIVE_READ_FORMAT_CAPS_NONE (0) /* no special capabilities */ +#define ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA (1<<0) /* reader can detect encrypted data */ +#define ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA (1<<1) /* reader can detect encryptable metadata (pathname, mtime, etc.) */ + +/* + * Codes returned by archive_read_has_encrypted_entries(). + * + * In case the archive does not support encryption detection at all + * ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED is returned. If the reader + * for some other reason (e.g. not enough bytes read) cannot say if + * there are encrypted entries, ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW + * is returned. + */ +#define ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED -2 +#define ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW -1 + +/*- + * Basic outline for reading an archive: + * 1) Ask archive_read_new for an archive reader object. + * 2) Update any global properties as appropriate. + * In particular, you'll certainly want to call appropriate + * archive_read_support_XXX functions. + * 3) Call archive_read_open_XXX to open the archive + * 4) Repeatedly call archive_read_next_header to get information about + * successive archive entries. Call archive_read_data to extract + * data for entries of interest. + * 5) Call archive_read_free to end processing. + */ +__LA_DECL struct archive *archive_read_new(void); + +/* + * The archive_read_support_XXX calls enable auto-detect for this + * archive handle. They also link in the necessary support code. + * For example, if you don't want bzlib linked in, don't invoke + * support_compression_bzip2(). The "all" functions provide the + * obvious shorthand. + */ + +#if ARCHIVE_VERSION_NUMBER < 4000000 +__LA_DECL int archive_read_support_compression_all(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_bzip2(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_compress(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_gzip(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_lzip(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_lzma(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_none(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_program(struct archive *, + const char *command) __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_program_signature + (struct archive *, const char *, + const void * /* match */, size_t) __LA_DEPRECATED; + +__LA_DECL int archive_read_support_compression_rpm(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_uu(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_read_support_compression_xz(struct archive *) + __LA_DEPRECATED; +#endif + +__LA_DECL int archive_read_support_filter_all(struct archive *); +__LA_DECL int archive_read_support_filter_by_code(struct archive *, int); +__LA_DECL int archive_read_support_filter_bzip2(struct archive *); +__LA_DECL int archive_read_support_filter_compress(struct archive *); +__LA_DECL int archive_read_support_filter_gzip(struct archive *); +__LA_DECL int archive_read_support_filter_grzip(struct archive *); +__LA_DECL int archive_read_support_filter_lrzip(struct archive *); +__LA_DECL int archive_read_support_filter_lz4(struct archive *); +__LA_DECL int archive_read_support_filter_lzip(struct archive *); +__LA_DECL int archive_read_support_filter_lzma(struct archive *); +__LA_DECL int archive_read_support_filter_lzop(struct archive *); +__LA_DECL int archive_read_support_filter_none(struct archive *); +__LA_DECL int archive_read_support_filter_program(struct archive *, + const char *command); +__LA_DECL int archive_read_support_filter_program_signature + (struct archive *, const char * /* cmd */, + const void * /* match */, size_t); +__LA_DECL int archive_read_support_filter_rpm(struct archive *); +__LA_DECL int archive_read_support_filter_uu(struct archive *); +__LA_DECL int archive_read_support_filter_xz(struct archive *); +__LA_DECL int archive_read_support_filter_zstd(struct archive *); + +__LA_DECL int archive_read_support_format_7zip(struct archive *); +__LA_DECL int archive_read_support_format_all(struct archive *); +__LA_DECL int archive_read_support_format_ar(struct archive *); +__LA_DECL int archive_read_support_format_by_code(struct archive *, int); +__LA_DECL int archive_read_support_format_cab(struct archive *); +__LA_DECL int archive_read_support_format_cpio(struct archive *); +__LA_DECL int archive_read_support_format_empty(struct archive *); +__LA_DECL int archive_read_support_format_gnutar(struct archive *); +__LA_DECL int archive_read_support_format_iso9660(struct archive *); +__LA_DECL int archive_read_support_format_lha(struct archive *); +__LA_DECL int archive_read_support_format_mtree(struct archive *); +__LA_DECL int archive_read_support_format_rar(struct archive *); +__LA_DECL int archive_read_support_format_rar5(struct archive *); +__LA_DECL int archive_read_support_format_raw(struct archive *); +__LA_DECL int archive_read_support_format_tar(struct archive *); +__LA_DECL int archive_read_support_format_warc(struct archive *); +__LA_DECL int archive_read_support_format_xar(struct archive *); +/* archive_read_support_format_zip() enables both streamable and seekable + * zip readers. */ +__LA_DECL int archive_read_support_format_zip(struct archive *); +/* Reads Zip archives as stream from beginning to end. Doesn't + * correctly handle SFX ZIP files or ZIP archives that have been modified + * in-place. */ +__LA_DECL int archive_read_support_format_zip_streamable(struct archive *); +/* Reads starting from central directory; requires seekable input. */ +__LA_DECL int archive_read_support_format_zip_seekable(struct archive *); + +/* Functions to manually set the format and filters to be used. This is + * useful to bypass the bidding process when the format and filters to use + * is known in advance. + */ +__LA_DECL int archive_read_set_format(struct archive *, int); +__LA_DECL int archive_read_append_filter(struct archive *, int); +__LA_DECL int archive_read_append_filter_program(struct archive *, + const char *); +__LA_DECL int archive_read_append_filter_program_signature + (struct archive *, const char *, const void * /* match */, size_t); + +/* Set various callbacks. */ +__LA_DECL int archive_read_set_open_callback(struct archive *, + archive_open_callback *); +__LA_DECL int archive_read_set_read_callback(struct archive *, + archive_read_callback *); +__LA_DECL int archive_read_set_seek_callback(struct archive *, + archive_seek_callback *); +__LA_DECL int archive_read_set_skip_callback(struct archive *, + archive_skip_callback *); +__LA_DECL int archive_read_set_close_callback(struct archive *, + archive_close_callback *); +/* Callback used to switch between one data object to the next */ +__LA_DECL int archive_read_set_switch_callback(struct archive *, + archive_switch_callback *); + +/* This sets the first data object. */ +__LA_DECL int archive_read_set_callback_data(struct archive *, void *); +/* This sets data object at specified index */ +__LA_DECL int archive_read_set_callback_data2(struct archive *, void *, + unsigned int); +/* This adds a data object at the specified index. */ +__LA_DECL int archive_read_add_callback_data(struct archive *, void *, + unsigned int); +/* This appends a data object to the end of list */ +__LA_DECL int archive_read_append_callback_data(struct archive *, void *); +/* This prepends a data object to the beginning of list */ +__LA_DECL int archive_read_prepend_callback_data(struct archive *, void *); + +/* Opening freezes the callbacks. */ +__LA_DECL int archive_read_open1(struct archive *); + +/* Convenience wrappers around the above. */ +__LA_DECL int archive_read_open(struct archive *, void *_client_data, + archive_open_callback *, archive_read_callback *, + archive_close_callback *); +__LA_DECL int archive_read_open2(struct archive *, void *_client_data, + archive_open_callback *, archive_read_callback *, + archive_skip_callback *, archive_close_callback *); + +/* + * A variety of shortcuts that invoke archive_read_open() with + * canned callbacks suitable for common situations. The ones that + * accept a block size handle tape blocking correctly. + */ +/* Use this if you know the filename. Note: NULL indicates stdin. */ +__LA_DECL int archive_read_open_filename(struct archive *, + const char *_filename, size_t _block_size); +/* Use this for reading multivolume files by filenames. + * NOTE: Must be NULL terminated. Sorting is NOT done. */ +__LA_DECL int archive_read_open_filenames(struct archive *, + const char **_filenames, size_t _block_size); +__LA_DECL int archive_read_open_filename_w(struct archive *, + const wchar_t *_filename, size_t _block_size); +#if defined(_WIN32) && !defined(__CYGWIN__) +__LA_DECL int archive_read_open_filenames_w(struct archive *, + const wchar_t **_filenames, size_t _block_size); +#endif +/* archive_read_open_file() is a deprecated synonym for ..._open_filename(). */ +__LA_DECL int archive_read_open_file(struct archive *, + const char *_filename, size_t _block_size) __LA_DEPRECATED; +/* Read an archive that's stored in memory. */ +__LA_DECL int archive_read_open_memory(struct archive *, + const void * buff, size_t size); +/* A more involved version that is only used for internal testing. */ +__LA_DECL int archive_read_open_memory2(struct archive *a, const void *buff, + size_t size, size_t read_size); +/* Read an archive that's already open, using the file descriptor. */ +__LA_DECL int archive_read_open_fd(struct archive *, int _fd, + size_t _block_size); +/* Read an archive that's already open, using a FILE *. */ +/* Note: DO NOT use this with tape drives. */ +__LA_DECL int archive_read_open_FILE(struct archive *, FILE *_file); + +/* Parses and returns next entry header. */ +__LA_DECL int archive_read_next_header(struct archive *, + struct archive_entry **); + +/* Parses and returns next entry header using the archive_entry passed in */ +__LA_DECL int archive_read_next_header2(struct archive *, + struct archive_entry *); + +/* + * Retrieve the byte offset in UNCOMPRESSED data where last-read + * header started. + */ +__LA_DECL la_int64_t archive_read_header_position(struct archive *); + +/* + * Returns 1 if the archive contains at least one encrypted entry. + * If the archive format not support encryption at all + * ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED is returned. + * If for any other reason (e.g. not enough data read so far) + * we cannot say whether there are encrypted entries, then + * ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW is returned. + * In general, this function will return values below zero when the + * reader is uncertain or totally incapable of encryption support. + * When this function returns 0 you can be sure that the reader + * supports encryption detection but no encrypted entries have + * been found yet. + * + * NOTE: If the metadata/header of an archive is also encrypted, you + * cannot rely on the number of encrypted entries. That is why this + * function does not return the number of encrypted entries but# + * just shows that there are some. + */ +__LA_DECL int archive_read_has_encrypted_entries(struct archive *); + +/* + * Returns a bitmask of capabilities that are supported by the archive format reader. + * If the reader has no special capabilities, ARCHIVE_READ_FORMAT_CAPS_NONE is returned. + */ +__LA_DECL int archive_read_format_capabilities(struct archive *); + +/* Read data from the body of an entry. Similar to read(2). */ +__LA_DECL la_ssize_t archive_read_data(struct archive *, + void *, size_t); + +/* Seek within the body of an entry. Similar to lseek(2). */ +__LA_DECL la_int64_t archive_seek_data(struct archive *, la_int64_t, int); + +/* + * A zero-copy version of archive_read_data that also exposes the file offset + * of each returned block. Note that the client has no way to specify + * the desired size of the block. The API does guarantee that offsets will + * be strictly increasing and that returned blocks will not overlap. + */ +__LA_DECL int archive_read_data_block(struct archive *a, + const void **buff, size_t *size, la_int64_t *offset); + +/*- + * Some convenience functions that are built on archive_read_data: + * 'skip': skips entire entry + * 'into_buffer': writes data into memory buffer that you provide + * 'into_fd': writes data to specified filedes + */ +__LA_DECL int archive_read_data_skip(struct archive *); +__LA_DECL int archive_read_data_into_fd(struct archive *, int fd); + +/* + * Set read options. + */ +/* Apply option to the format only. */ +__LA_DECL int archive_read_set_format_option(struct archive *_a, + const char *m, const char *o, + const char *v); +/* Apply option to the filter only. */ +__LA_DECL int archive_read_set_filter_option(struct archive *_a, + const char *m, const char *o, + const char *v); +/* Apply option to both the format and the filter. */ +__LA_DECL int archive_read_set_option(struct archive *_a, + const char *m, const char *o, + const char *v); +/* Apply option string to both the format and the filter. */ +__LA_DECL int archive_read_set_options(struct archive *_a, + const char *opts); + +/* + * Add a decryption passphrase. + */ +__LA_DECL int archive_read_add_passphrase(struct archive *, const char *); +__LA_DECL int archive_read_set_passphrase_callback(struct archive *, + void *client_data, archive_passphrase_callback *); + + +/*- + * Convenience function to recreate the current entry (whose header + * has just been read) on disk. + * + * This does quite a bit more than just copy data to disk. It also: + * - Creates intermediate directories as required. + * - Manages directory permissions: non-writable directories will + * be initially created with write permission enabled; when the + * archive is closed, dir permissions are edited to the values specified + * in the archive. + * - Checks hardlinks: hardlinks will not be extracted unless the + * linked-to file was also extracted within the same session. (TODO) + */ + +/* The "flags" argument selects optional behavior, 'OR' the flags you want. */ + +/* Default: Do not try to set owner/group. */ +#define ARCHIVE_EXTRACT_OWNER (0x0001) +/* Default: Do obey umask, do not restore SUID/SGID/SVTX bits. */ +#define ARCHIVE_EXTRACT_PERM (0x0002) +/* Default: Do not restore mtime/atime. */ +#define ARCHIVE_EXTRACT_TIME (0x0004) +/* Default: Replace existing files. */ +#define ARCHIVE_EXTRACT_NO_OVERWRITE (0x0008) +/* Default: Try create first, unlink only if create fails with EEXIST. */ +#define ARCHIVE_EXTRACT_UNLINK (0x0010) +/* Default: Do not restore ACLs. */ +#define ARCHIVE_EXTRACT_ACL (0x0020) +/* Default: Do not restore fflags. */ +#define ARCHIVE_EXTRACT_FFLAGS (0x0040) +/* Default: Do not restore xattrs. */ +#define ARCHIVE_EXTRACT_XATTR (0x0080) +/* Default: Do not try to guard against extracts redirected by symlinks. */ +/* Note: With ARCHIVE_EXTRACT_UNLINK, will remove any intermediate symlink. */ +#define ARCHIVE_EXTRACT_SECURE_SYMLINKS (0x0100) +/* Default: Do not reject entries with '..' as path elements. */ +#define ARCHIVE_EXTRACT_SECURE_NODOTDOT (0x0200) +/* Default: Create parent directories as needed. */ +#define ARCHIVE_EXTRACT_NO_AUTODIR (0x0400) +/* Default: Overwrite files, even if one on disk is newer. */ +#define ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER (0x0800) +/* Detect blocks of 0 and write holes instead. */ +#define ARCHIVE_EXTRACT_SPARSE (0x1000) +/* Default: Do not restore Mac extended metadata. */ +/* This has no effect except on Mac OS. */ +#define ARCHIVE_EXTRACT_MAC_METADATA (0x2000) +/* Default: Use HFS+ compression if it was compressed. */ +/* This has no effect except on Mac OS v10.6 or later. */ +#define ARCHIVE_EXTRACT_NO_HFS_COMPRESSION (0x4000) +/* Default: Do not use HFS+ compression if it was not compressed. */ +/* This has no effect except on Mac OS v10.6 or later. */ +#define ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED (0x8000) +/* Default: Do not reject entries with absolute paths */ +#define ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (0x10000) +/* Default: Do not clear no-change flags when unlinking object */ +#define ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS (0x20000) +/* Default: Do not extract atomically (using rename) */ +#define ARCHIVE_EXTRACT_SAFE_WRITES (0x40000) + +__LA_DECL int archive_read_extract(struct archive *, struct archive_entry *, + int flags); +__LA_DECL int archive_read_extract2(struct archive *, struct archive_entry *, + struct archive * /* dest */); +__LA_DECL void archive_read_extract_set_progress_callback(struct archive *, + void (*_progress_func)(void *), void *_user_data); + +/* Record the dev/ino of a file that will not be written. This is + * generally set to the dev/ino of the archive being read. */ +__LA_DECL void archive_read_extract_set_skip_file(struct archive *, + la_int64_t, la_int64_t); + +/* Close the file and release most resources. */ +__LA_DECL int archive_read_close(struct archive *); +/* Release all resources and destroy the object. */ +/* Note that archive_read_free will call archive_read_close for you. */ +__LA_DECL int archive_read_free(struct archive *); +#if ARCHIVE_VERSION_NUMBER < 4000000 +/* Synonym for archive_read_free() for backwards compatibility. */ +__LA_DECL int archive_read_finish(struct archive *) __LA_DEPRECATED; +#endif + +/*- + * To create an archive: + * 1) Ask archive_write_new for an archive writer object. + * 2) Set any global properties. In particular, you should set + * the compression and format to use. + * 3) Call archive_write_open to open the file (most people + * will use archive_write_open_file or archive_write_open_fd, + * which provide convenient canned I/O callbacks for you). + * 4) For each entry: + * - construct an appropriate struct archive_entry structure + * - archive_write_header to write the header + * - archive_write_data to write the entry data + * 5) archive_write_close to close the output + * 6) archive_write_free to cleanup the writer and release resources + */ +__LA_DECL struct archive *archive_write_new(void); +__LA_DECL int archive_write_set_bytes_per_block(struct archive *, + int bytes_per_block); +__LA_DECL int archive_write_get_bytes_per_block(struct archive *); +/* XXX This is badly misnamed; suggestions appreciated. XXX */ +__LA_DECL int archive_write_set_bytes_in_last_block(struct archive *, + int bytes_in_last_block); +__LA_DECL int archive_write_get_bytes_in_last_block(struct archive *); + +/* The dev/ino of a file that won't be archived. This is used + * to avoid recursively adding an archive to itself. */ +__LA_DECL int archive_write_set_skip_file(struct archive *, + la_int64_t, la_int64_t); + +#if ARCHIVE_VERSION_NUMBER < 4000000 +__LA_DECL int archive_write_set_compression_bzip2(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_compress(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_gzip(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_lzip(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_lzma(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_none(struct archive *) + __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_program(struct archive *, + const char *cmd) __LA_DEPRECATED; +__LA_DECL int archive_write_set_compression_xz(struct archive *) + __LA_DEPRECATED; +#endif + +/* A convenience function to set the filter based on the code. */ +__LA_DECL int archive_write_add_filter(struct archive *, int filter_code); +__LA_DECL int archive_write_add_filter_by_name(struct archive *, + const char *name); +__LA_DECL int archive_write_add_filter_b64encode(struct archive *); +__LA_DECL int archive_write_add_filter_bzip2(struct archive *); +__LA_DECL int archive_write_add_filter_compress(struct archive *); +__LA_DECL int archive_write_add_filter_grzip(struct archive *); +__LA_DECL int archive_write_add_filter_gzip(struct archive *); +__LA_DECL int archive_write_add_filter_lrzip(struct archive *); +__LA_DECL int archive_write_add_filter_lz4(struct archive *); +__LA_DECL int archive_write_add_filter_lzip(struct archive *); +__LA_DECL int archive_write_add_filter_lzma(struct archive *); +__LA_DECL int archive_write_add_filter_lzop(struct archive *); +__LA_DECL int archive_write_add_filter_none(struct archive *); +__LA_DECL int archive_write_add_filter_program(struct archive *, + const char *cmd); +__LA_DECL int archive_write_add_filter_uuencode(struct archive *); +__LA_DECL int archive_write_add_filter_xz(struct archive *); +__LA_DECL int archive_write_add_filter_zstd(struct archive *); + + +/* A convenience function to set the format based on the code or name. */ +__LA_DECL int archive_write_set_format(struct archive *, int format_code); +__LA_DECL int archive_write_set_format_by_name(struct archive *, + const char *name); +/* To minimize link pollution, use one or more of the following. */ +__LA_DECL int archive_write_set_format_7zip(struct archive *); +__LA_DECL int archive_write_set_format_ar_bsd(struct archive *); +__LA_DECL int archive_write_set_format_ar_svr4(struct archive *); +__LA_DECL int archive_write_set_format_cpio(struct archive *); +__LA_DECL int archive_write_set_format_cpio_bin(struct archive *); +__LA_DECL int archive_write_set_format_cpio_newc(struct archive *); +__LA_DECL int archive_write_set_format_cpio_odc(struct archive *); +__LA_DECL int archive_write_set_format_cpio_pwb(struct archive *); +__LA_DECL int archive_write_set_format_gnutar(struct archive *); +__LA_DECL int archive_write_set_format_iso9660(struct archive *); +__LA_DECL int archive_write_set_format_mtree(struct archive *); +__LA_DECL int archive_write_set_format_mtree_classic(struct archive *); +/* TODO: int archive_write_set_format_old_tar(struct archive *); */ +__LA_DECL int archive_write_set_format_pax(struct archive *); +__LA_DECL int archive_write_set_format_pax_restricted(struct archive *); +__LA_DECL int archive_write_set_format_raw(struct archive *); +__LA_DECL int archive_write_set_format_shar(struct archive *); +__LA_DECL int archive_write_set_format_shar_dump(struct archive *); +__LA_DECL int archive_write_set_format_ustar(struct archive *); +__LA_DECL int archive_write_set_format_v7tar(struct archive *); +__LA_DECL int archive_write_set_format_warc(struct archive *); +__LA_DECL int archive_write_set_format_xar(struct archive *); +__LA_DECL int archive_write_set_format_zip(struct archive *); +__LA_DECL int archive_write_set_format_filter_by_ext(struct archive *a, const char *filename); +__LA_DECL int archive_write_set_format_filter_by_ext_def(struct archive *a, const char *filename, const char * def_ext); +__LA_DECL int archive_write_zip_set_compression_deflate(struct archive *); +__LA_DECL int archive_write_zip_set_compression_store(struct archive *); +/* Deprecated; use archive_write_open2 instead */ +__LA_DECL int archive_write_open(struct archive *, void *, + archive_open_callback *, archive_write_callback *, + archive_close_callback *); +__LA_DECL int archive_write_open2(struct archive *, void *, + archive_open_callback *, archive_write_callback *, + archive_close_callback *, archive_free_callback *); +__LA_DECL int archive_write_open_fd(struct archive *, int _fd); +__LA_DECL int archive_write_open_filename(struct archive *, const char *_file); +__LA_DECL int archive_write_open_filename_w(struct archive *, + const wchar_t *_file); +/* A deprecated synonym for archive_write_open_filename() */ +__LA_DECL int archive_write_open_file(struct archive *, const char *_file) + __LA_DEPRECATED; +__LA_DECL int archive_write_open_FILE(struct archive *, FILE *); +/* _buffSize is the size of the buffer, _used refers to a variable that + * will be updated after each write into the buffer. */ +__LA_DECL int archive_write_open_memory(struct archive *, + void *_buffer, size_t _buffSize, size_t *_used); + +/* + * Note that the library will truncate writes beyond the size provided + * to archive_write_header or pad if the provided data is short. + */ +__LA_DECL int archive_write_header(struct archive *, + struct archive_entry *); +__LA_DECL la_ssize_t archive_write_data(struct archive *, + const void *, size_t); + +/* This interface is currently only available for archive_write_disk handles. */ +__LA_DECL la_ssize_t archive_write_data_block(struct archive *, + const void *, size_t, la_int64_t); + +__LA_DECL int archive_write_finish_entry(struct archive *); +__LA_DECL int archive_write_close(struct archive *); +/* Marks the archive as FATAL so that a subsequent free() operation + * won't try to close() cleanly. Provides a fast abort capability + * when the client discovers that things have gone wrong. */ +__LA_DECL int archive_write_fail(struct archive *); +/* This can fail if the archive wasn't already closed, in which case + * archive_write_free() will implicitly call archive_write_close(). */ +__LA_DECL int archive_write_free(struct archive *); +#if ARCHIVE_VERSION_NUMBER < 4000000 +/* Synonym for archive_write_free() for backwards compatibility. */ +__LA_DECL int archive_write_finish(struct archive *) __LA_DEPRECATED; +#endif + +/* + * Set write options. + */ +/* Apply option to the format only. */ +__LA_DECL int archive_write_set_format_option(struct archive *_a, + const char *m, const char *o, + const char *v); +/* Apply option to the filter only. */ +__LA_DECL int archive_write_set_filter_option(struct archive *_a, + const char *m, const char *o, + const char *v); +/* Apply option to both the format and the filter. */ +__LA_DECL int archive_write_set_option(struct archive *_a, + const char *m, const char *o, + const char *v); +/* Apply option string to both the format and the filter. */ +__LA_DECL int archive_write_set_options(struct archive *_a, + const char *opts); + +/* + * Set an encryption passphrase. + */ +__LA_DECL int archive_write_set_passphrase(struct archive *_a, const char *p); +__LA_DECL int archive_write_set_passphrase_callback(struct archive *, + void *client_data, archive_passphrase_callback *); + +/*- + * ARCHIVE_WRITE_DISK API + * + * To create objects on disk: + * 1) Ask archive_write_disk_new for a new archive_write_disk object. + * 2) Set any global properties. In particular, you probably + * want to set the options. + * 3) For each entry: + * - construct an appropriate struct archive_entry structure + * - archive_write_header to create the file/dir/etc on disk + * - archive_write_data to write the entry data + * 4) archive_write_free to cleanup the writer and release resources + * + * In particular, you can use this in conjunction with archive_read() + * to pull entries out of an archive and create them on disk. + */ +__LA_DECL struct archive *archive_write_disk_new(void); +/* This file will not be overwritten. */ +__LA_DECL int archive_write_disk_set_skip_file(struct archive *, + la_int64_t, la_int64_t); +/* Set flags to control how the next item gets created. + * This accepts a bitmask of ARCHIVE_EXTRACT_XXX flags defined above. */ +__LA_DECL int archive_write_disk_set_options(struct archive *, + int flags); +/* + * The lookup functions are given uname/uid (or gname/gid) pairs and + * return a uid (gid) suitable for this system. These are used for + * restoring ownership and for setting ACLs. The default functions + * are naive, they just return the uid/gid. These are small, so reasonable + * for applications that don't need to preserve ownership; they + * are probably also appropriate for applications that are doing + * same-system backup and restore. + */ +/* + * The "standard" lookup functions use common system calls to lookup + * the uname/gname, falling back to the uid/gid if the names can't be + * found. They cache lookups and are reasonably fast, but can be very + * large, so they are not used unless you ask for them. In + * particular, these match the specifications of POSIX "pax" and old + * POSIX "tar". + */ +__LA_DECL int archive_write_disk_set_standard_lookup(struct archive *); +/* + * If neither the default (naive) nor the standard (big) functions suit + * your needs, you can write your own and register them. Be sure to + * include a cleanup function if you have allocated private data. + */ +__LA_DECL int archive_write_disk_set_group_lookup(struct archive *, + void * /* private_data */, + la_int64_t (*)(void *, const char *, la_int64_t), + void (* /* cleanup */)(void *)); +__LA_DECL int archive_write_disk_set_user_lookup(struct archive *, + void * /* private_data */, + la_int64_t (*)(void *, const char *, la_int64_t), + void (* /* cleanup */)(void *)); +__LA_DECL la_int64_t archive_write_disk_gid(struct archive *, const char *, la_int64_t); +__LA_DECL la_int64_t archive_write_disk_uid(struct archive *, const char *, la_int64_t); + +/* + * ARCHIVE_READ_DISK API + * + * This is still evolving and somewhat experimental. + */ +__LA_DECL struct archive *archive_read_disk_new(void); +/* The names for symlink modes here correspond to an old BSD + * command-line argument convention: -L, -P, -H */ +/* Follow all symlinks. */ +__LA_DECL int archive_read_disk_set_symlink_logical(struct archive *); +/* Follow no symlinks. */ +__LA_DECL int archive_read_disk_set_symlink_physical(struct archive *); +/* Follow symlink initially, then not. */ +__LA_DECL int archive_read_disk_set_symlink_hybrid(struct archive *); +/* TODO: Handle Linux stat32/stat64 ugliness. */ +__LA_DECL int archive_read_disk_entry_from_file(struct archive *, + struct archive_entry *, int /* fd */, const struct stat *); +/* Look up gname for gid or uname for uid. */ +/* Default implementations are very, very stupid. */ +__LA_DECL const char *archive_read_disk_gname(struct archive *, la_int64_t); +__LA_DECL const char *archive_read_disk_uname(struct archive *, la_int64_t); +/* "Standard" implementation uses getpwuid_r, getgrgid_r and caches the + * results for performance. */ +__LA_DECL int archive_read_disk_set_standard_lookup(struct archive *); +/* You can install your own lookups if you like. */ +__LA_DECL int archive_read_disk_set_gname_lookup(struct archive *, + void * /* private_data */, + const char *(* /* lookup_fn */)(void *, la_int64_t), + void (* /* cleanup_fn */)(void *)); +__LA_DECL int archive_read_disk_set_uname_lookup(struct archive *, + void * /* private_data */, + const char *(* /* lookup_fn */)(void *, la_int64_t), + void (* /* cleanup_fn */)(void *)); +/* Start traversal. */ +__LA_DECL int archive_read_disk_open(struct archive *, const char *); +__LA_DECL int archive_read_disk_open_w(struct archive *, const wchar_t *); +/* + * Request that current entry be visited. If you invoke it on every + * directory, you'll get a physical traversal. This is ignored if the + * current entry isn't a directory or a link to a directory. So, if + * you invoke this on every returned path, you'll get a full logical + * traversal. + */ +__LA_DECL int archive_read_disk_descend(struct archive *); +__LA_DECL int archive_read_disk_can_descend(struct archive *); +__LA_DECL int archive_read_disk_current_filesystem(struct archive *); +__LA_DECL int archive_read_disk_current_filesystem_is_synthetic(struct archive *); +__LA_DECL int archive_read_disk_current_filesystem_is_remote(struct archive *); +/* Request that the access time of the entry visited by traversal be restored. */ +__LA_DECL int archive_read_disk_set_atime_restored(struct archive *); +/* + * Set behavior. The "flags" argument selects optional behavior. + */ +/* Request that the access time of the entry visited by traversal be restored. + * This is the same as archive_read_disk_set_atime_restored. */ +#define ARCHIVE_READDISK_RESTORE_ATIME (0x0001) +/* Default: Do not skip an entry which has nodump flags. */ +#define ARCHIVE_READDISK_HONOR_NODUMP (0x0002) +/* Default: Skip a mac resource fork file whose prefix is "._" because of + * using copyfile. */ +#define ARCHIVE_READDISK_MAC_COPYFILE (0x0004) +/* Default: Traverse mount points. */ +#define ARCHIVE_READDISK_NO_TRAVERSE_MOUNTS (0x0008) +/* Default: Xattrs are read from disk. */ +#define ARCHIVE_READDISK_NO_XATTR (0x0010) +/* Default: ACLs are read from disk. */ +#define ARCHIVE_READDISK_NO_ACL (0x0020) +/* Default: File flags are read from disk. */ +#define ARCHIVE_READDISK_NO_FFLAGS (0x0040) +/* Default: Sparse file information is read from disk. */ +#define ARCHIVE_READDISK_NO_SPARSE (0x0080) + +__LA_DECL int archive_read_disk_set_behavior(struct archive *, + int flags); + +/* + * Set archive_match object that will be used in archive_read_disk to + * know whether an entry should be skipped. The callback function + * _excluded_func will be invoked when an entry is skipped by the result + * of archive_match. + */ +__LA_DECL int archive_read_disk_set_matching(struct archive *, + struct archive *_matching, void (*_excluded_func) + (struct archive *, void *, struct archive_entry *), + void *_client_data); +__LA_DECL int archive_read_disk_set_metadata_filter_callback(struct archive *, + int (*_metadata_filter_func)(struct archive *, void *, + struct archive_entry *), void *_client_data); + +/* Simplified cleanup interface; + * This calls archive_read_free() or archive_write_free() as needed. */ +__LA_DECL int archive_free(struct archive *); + +/* + * Accessor functions to read/set various information in + * the struct archive object: + */ + +/* Number of filters in the current filter pipeline. */ +/* Filter #0 is the one closest to the format, -1 is a synonym for the + * last filter, which is always the pseudo-filter that wraps the + * client callbacks. */ +__LA_DECL int archive_filter_count(struct archive *); +__LA_DECL la_int64_t archive_filter_bytes(struct archive *, int); +__LA_DECL int archive_filter_code(struct archive *, int); +__LA_DECL const char * archive_filter_name(struct archive *, int); + +#if ARCHIVE_VERSION_NUMBER < 4000000 +/* These don't properly handle multiple filters, so are deprecated and + * will eventually be removed. */ +/* As of libarchive 3.0, this is an alias for archive_filter_bytes(a, -1); */ +__LA_DECL la_int64_t archive_position_compressed(struct archive *) + __LA_DEPRECATED; +/* As of libarchive 3.0, this is an alias for archive_filter_bytes(a, 0); */ +__LA_DECL la_int64_t archive_position_uncompressed(struct archive *) + __LA_DEPRECATED; +/* As of libarchive 3.0, this is an alias for archive_filter_name(a, 0); */ +__LA_DECL const char *archive_compression_name(struct archive *) + __LA_DEPRECATED; +/* As of libarchive 3.0, this is an alias for archive_filter_code(a, 0); */ +__LA_DECL int archive_compression(struct archive *) + __LA_DEPRECATED; +#endif + +__LA_DECL int archive_errno(struct archive *); +__LA_DECL const char *archive_error_string(struct archive *); +__LA_DECL const char *archive_format_name(struct archive *); +__LA_DECL int archive_format(struct archive *); +__LA_DECL void archive_clear_error(struct archive *); +__LA_DECL void archive_set_error(struct archive *, int _err, + const char *fmt, ...) __LA_PRINTF(3, 4); +__LA_DECL void archive_copy_error(struct archive *dest, + struct archive *src); +__LA_DECL int archive_file_count(struct archive *); + +/* + * ARCHIVE_MATCH API + */ +__LA_DECL struct archive *archive_match_new(void); +__LA_DECL int archive_match_free(struct archive *); + +/* + * Test if archive_entry is excluded. + * This is a convenience function. This is the same as calling all + * archive_match_path_excluded, archive_match_time_excluded + * and archive_match_owner_excluded. + */ +__LA_DECL int archive_match_excluded(struct archive *, + struct archive_entry *); + +/* + * Test if pathname is excluded. The conditions are set by following functions. + */ +__LA_DECL int archive_match_path_excluded(struct archive *, + struct archive_entry *); +/* Control recursive inclusion of directory content when directory is included. Default on. */ +__LA_DECL int archive_match_set_inclusion_recursion(struct archive *, int); +/* Add exclusion pathname pattern. */ +__LA_DECL int archive_match_exclude_pattern(struct archive *, const char *); +__LA_DECL int archive_match_exclude_pattern_w(struct archive *, + const wchar_t *); +/* Add exclusion pathname pattern from file. */ +__LA_DECL int archive_match_exclude_pattern_from_file(struct archive *, + const char *, int _nullSeparator); +__LA_DECL int archive_match_exclude_pattern_from_file_w(struct archive *, + const wchar_t *, int _nullSeparator); +/* Add inclusion pathname pattern. */ +__LA_DECL int archive_match_include_pattern(struct archive *, const char *); +__LA_DECL int archive_match_include_pattern_w(struct archive *, + const wchar_t *); +/* Add inclusion pathname pattern from file. */ +__LA_DECL int archive_match_include_pattern_from_file(struct archive *, + const char *, int _nullSeparator); +__LA_DECL int archive_match_include_pattern_from_file_w(struct archive *, + const wchar_t *, int _nullSeparator); +/* + * How to get statistic information for inclusion patterns. + */ +/* Return the amount number of unmatched inclusion patterns. */ +__LA_DECL int archive_match_path_unmatched_inclusions(struct archive *); +/* Return the pattern of unmatched inclusion with ARCHIVE_OK. + * Return ARCHIVE_EOF if there is no inclusion pattern. */ +__LA_DECL int archive_match_path_unmatched_inclusions_next( + struct archive *, const char **); +__LA_DECL int archive_match_path_unmatched_inclusions_next_w( + struct archive *, const wchar_t **); + +/* + * Test if a file is excluded by its time stamp. + * The conditions are set by following functions. + */ +__LA_DECL int archive_match_time_excluded(struct archive *, + struct archive_entry *); + +/* + * Flags to tell a matching type of time stamps. These are used for + * following functions. + */ +/* Time flag: mtime to be tested. */ +#define ARCHIVE_MATCH_MTIME (0x0100) +/* Time flag: ctime to be tested. */ +#define ARCHIVE_MATCH_CTIME (0x0200) +/* Comparison flag: Match the time if it is newer than. */ +#define ARCHIVE_MATCH_NEWER (0x0001) +/* Comparison flag: Match the time if it is older than. */ +#define ARCHIVE_MATCH_OLDER (0x0002) +/* Comparison flag: Match the time if it is equal to. */ +#define ARCHIVE_MATCH_EQUAL (0x0010) +/* Set inclusion time. */ +__LA_DECL int archive_match_include_time(struct archive *, int _flag, + time_t _sec, long _nsec); +/* Set inclusion time by a date string. */ +__LA_DECL int archive_match_include_date(struct archive *, int _flag, + const char *_datestr); +__LA_DECL int archive_match_include_date_w(struct archive *, int _flag, + const wchar_t *_datestr); +/* Set inclusion time by a particular file. */ +__LA_DECL int archive_match_include_file_time(struct archive *, + int _flag, const char *_pathname); +__LA_DECL int archive_match_include_file_time_w(struct archive *, + int _flag, const wchar_t *_pathname); +/* Add exclusion entry. */ +__LA_DECL int archive_match_exclude_entry(struct archive *, + int _flag, struct archive_entry *); + +/* + * Test if a file is excluded by its uid ,gid, uname or gname. + * The conditions are set by following functions. + */ +__LA_DECL int archive_match_owner_excluded(struct archive *, + struct archive_entry *); +/* Add inclusion uid, gid, uname and gname. */ +__LA_DECL int archive_match_include_uid(struct archive *, la_int64_t); +__LA_DECL int archive_match_include_gid(struct archive *, la_int64_t); +__LA_DECL int archive_match_include_uname(struct archive *, const char *); +__LA_DECL int archive_match_include_uname_w(struct archive *, + const wchar_t *); +__LA_DECL int archive_match_include_gname(struct archive *, const char *); +__LA_DECL int archive_match_include_gname_w(struct archive *, + const wchar_t *); + +/* Utility functions */ +/* Convenience function to sort a NULL terminated list of strings */ +__LA_DECL int archive_utility_string_sort(char **); + +#ifdef __cplusplus +} +#endif + +/* These are meaningless outside of this header. */ +#undef __LA_DECL + +#endif /* !ARCHIVE_H_INCLUDED */ diff --git a/Sources/ContainerizationArchive/CArchive/include/archive_bridge.h b/Sources/ContainerizationArchive/CArchive/include/archive_bridge.h new file mode 100644 index 0000000..91c3ac2 --- /dev/null +++ b/Sources/ContainerizationArchive/CArchive/include/archive_bridge.h @@ -0,0 +1,12 @@ +// + +#pragma once + +#include "archive.h" +#include + +void archive_set_error_wrapper(struct archive *a, int error_number, const char *error_string); + +/// Decompress a zstd-compressed file at \p src_fd into \p dst_fd. +/// Returns 0 on success, or a non-zero error code on failure. +int zstd_decompress_fd(int src_fd, int dst_fd); diff --git a/Sources/ContainerizationArchive/CArchive/include/archive_entry.h b/Sources/ContainerizationArchive/CArchive/include/archive_entry.h new file mode 100644 index 0000000..97f5cda --- /dev/null +++ b/Sources/ContainerizationArchive/CArchive/include/archive_entry.h @@ -0,0 +1,731 @@ +/*- + * Copyright (c) 2003-2008 Tim Kientzle + * Copyright (c) 2016 Martin Matuska + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef ARCHIVE_ENTRY_H_INCLUDED +#define ARCHIVE_ENTRY_H_INCLUDED + +/* Note: Compiler will complain if this does not match archive.h! */ +#define ARCHIVE_VERSION_NUMBER 3007007 + +/* + * Note: archive_entry.h is for use outside of libarchive; the + * configuration headers (config.h, archive_platform.h, etc.) are + * purely internal. Do NOT use HAVE_XXX configuration macros to + * control the behavior of this header! If you must conditionalize, + * use predefined compiler and/or platform macros. + */ + +#include +#include /* for wchar_t */ +#include +#include + +#if defined(_WIN32) && !defined(__CYGWIN__) +#include +#endif + +/* Get a suitable 64-bit integer type. */ +#if !defined(__LA_INT64_T_DEFINED) +# if ARCHIVE_VERSION_NUMBER < 4000000 +#define __LA_INT64_T la_int64_t +# endif +#define __LA_INT64_T_DEFINED +# if defined(_WIN32) && !defined(__CYGWIN__) && !defined(__WATCOMC__) +typedef __int64 la_int64_t; +# else +#include +# if defined(_SCO_DS) || defined(__osf__) +typedef long long la_int64_t; +# else +typedef int64_t la_int64_t; +# endif +# endif +#endif + +/* The la_ssize_t should match the type used in 'struct stat' */ +#if !defined(__LA_SSIZE_T_DEFINED) +/* Older code relied on the __LA_SSIZE_T macro; after 4.0 we'll switch to the typedef exclusively. */ +# if ARCHIVE_VERSION_NUMBER < 4000000 +#define __LA_SSIZE_T la_ssize_t +# endif +#define __LA_SSIZE_T_DEFINED +# if defined(_WIN32) && !defined(__CYGWIN__) && !defined(__WATCOMC__) +# if defined(_SSIZE_T_DEFINED) || defined(_SSIZE_T_) +typedef ssize_t la_ssize_t; +# elif defined(_WIN64) +typedef __int64 la_ssize_t; +# else +typedef long la_ssize_t; +# endif +# else +# include /* ssize_t */ +typedef ssize_t la_ssize_t; +# endif +#endif + +/* Get a suitable definition for mode_t */ +#if ARCHIVE_VERSION_NUMBER >= 3999000 +/* Switch to plain 'int' for libarchive 4.0. It's less broken than 'mode_t' */ +# define __LA_MODE_T int +#elif defined(_WIN32) && !defined(__CYGWIN__) && !defined(__BORLANDC__) && !defined(__WATCOMC__) +# define __LA_MODE_T unsigned short +#else +# define __LA_MODE_T mode_t +#endif + +/* Large file support for Android */ +#if defined(__LIBARCHIVE_BUILD) && defined(__ANDROID__) +#include "android_lf.h" +#endif + +/* + * On Windows, define LIBARCHIVE_STATIC if you're building or using a + * .lib. The default here assumes you're building a DLL. Only + * libarchive source should ever define __LIBARCHIVE_BUILD. + */ +#if ((defined __WIN32__) || (defined _WIN32) || defined(__CYGWIN__)) && (!defined LIBARCHIVE_STATIC) +# ifdef __LIBARCHIVE_BUILD +# ifdef __GNUC__ +# define __LA_DECL __attribute__((dllexport)) extern +# else +# define __LA_DECL __declspec(dllexport) +# endif +# else +# ifdef __GNUC__ +# define __LA_DECL +# else +# define __LA_DECL __declspec(dllimport) +# endif +# endif +#elif defined __LIBARCHIVE_ENABLE_VISIBILITY +# define __LA_DECL __attribute__((visibility("default"))) +#else +/* Static libraries on all platforms and shared libraries on non-Windows. */ +# define __LA_DECL +#endif + +#if defined(__GNUC__) && __GNUC__ >= 3 && __GNUC_MINOR__ >= 1 +# define __LA_DEPRECATED __attribute__((deprecated)) +#else +# define __LA_DEPRECATED +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Description of an archive entry. + * + * You can think of this as "struct stat" with some text fields added in. + * + * TODO: Add "comment", "charset", and possibly other entries that are + * supported by "pax interchange" format. However, GNU, ustar, cpio, + * and other variants don't support these features, so they're not an + * excruciatingly high priority right now. + * + * TODO: "pax interchange" format allows essentially arbitrary + * key/value attributes to be attached to any entry. Supporting + * such extensions may make this library useful for special + * applications (e.g., a package manager could attach special + * package-management attributes to each entry). + */ +struct archive; +struct archive_entry; + +/* + * File-type constants. These are returned from archive_entry_filetype() + * and passed to archive_entry_set_filetype(). + * + * These values match S_XXX defines on every platform I've checked, + * including Windows, AIX, Linux, Solaris, and BSD. They're + * (re)defined here because platforms generally don't define the ones + * they don't support. For example, Windows doesn't define S_IFLNK or + * S_IFBLK. Instead of having a mass of conditional logic and system + * checks to define any S_XXX values that aren't supported locally, + * I've just defined a new set of such constants so that + * libarchive-based applications can manipulate and identify archive + * entries properly even if the hosting platform can't store them on + * disk. + * + * These values are also used directly within some portable formats, + * such as cpio. If you find a platform that varies from these, the + * correct solution is to leave these alone and translate from these + * portable values to platform-native values when entries are read from + * or written to disk. + */ +/* + * In libarchive 4.0, we can drop the casts here. + * They're needed to work around Borland C's broken mode_t. + */ +#define AE_IFMT ((__LA_MODE_T)0170000) +#define AE_IFREG ((__LA_MODE_T)0100000) +#define AE_IFLNK ((__LA_MODE_T)0120000) +#define AE_IFSOCK ((__LA_MODE_T)0140000) +#define AE_IFCHR ((__LA_MODE_T)0020000) +#define AE_IFBLK ((__LA_MODE_T)0060000) +#define AE_IFDIR ((__LA_MODE_T)0040000) +#define AE_IFIFO ((__LA_MODE_T)0010000) + +/* + * Symlink types + */ +#define AE_SYMLINK_TYPE_UNDEFINED 0 +#define AE_SYMLINK_TYPE_FILE 1 +#define AE_SYMLINK_TYPE_DIRECTORY 2 + +/* + * Basic object manipulation + */ + +__LA_DECL struct archive_entry *archive_entry_clear(struct archive_entry *); +/* The 'clone' function does a deep copy; all of the strings are copied too. */ +__LA_DECL struct archive_entry *archive_entry_clone(struct archive_entry *); +__LA_DECL void archive_entry_free(struct archive_entry *); +__LA_DECL struct archive_entry *archive_entry_new(void); + +/* + * This form of archive_entry_new2() will pull character-set + * conversion information from the specified archive handle. The + * older archive_entry_new(void) form is equivalent to calling + * archive_entry_new2(NULL) and will result in the use of an internal + * default character-set conversion. + */ +__LA_DECL struct archive_entry *archive_entry_new2(struct archive *); + +/* + * Retrieve fields from an archive_entry. + * + * There are a number of implicit conversions among these fields. For + * example, if a regular string field is set and you read the _w wide + * character field, the entry will implicitly convert narrow-to-wide + * using the current locale. Similarly, dev values are automatically + * updated when you write devmajor or devminor and vice versa. + * + * In addition, fields can be "set" or "unset." Unset string fields + * return NULL, non-string fields have _is_set() functions to test + * whether they've been set. You can "unset" a string field by + * assigning NULL; non-string fields have _unset() functions to + * unset them. + * + * Note: There is one ambiguity in the above; string fields will + * also return NULL when implicit character set conversions fail. + * This is usually what you want. + */ +__LA_DECL time_t archive_entry_atime(struct archive_entry *); +__LA_DECL long archive_entry_atime_nsec(struct archive_entry *); +__LA_DECL int archive_entry_atime_is_set(struct archive_entry *); +__LA_DECL time_t archive_entry_birthtime(struct archive_entry *); +__LA_DECL long archive_entry_birthtime_nsec(struct archive_entry *); +__LA_DECL int archive_entry_birthtime_is_set(struct archive_entry *); +__LA_DECL time_t archive_entry_ctime(struct archive_entry *); +__LA_DECL long archive_entry_ctime_nsec(struct archive_entry *); +__LA_DECL int archive_entry_ctime_is_set(struct archive_entry *); +__LA_DECL dev_t archive_entry_dev(struct archive_entry *); +__LA_DECL int archive_entry_dev_is_set(struct archive_entry *); +__LA_DECL dev_t archive_entry_devmajor(struct archive_entry *); +__LA_DECL dev_t archive_entry_devminor(struct archive_entry *); +__LA_DECL __LA_MODE_T archive_entry_filetype(struct archive_entry *); +__LA_DECL int archive_entry_filetype_is_set(struct archive_entry *); +__LA_DECL void archive_entry_fflags(struct archive_entry *, + unsigned long * /* set */, + unsigned long * /* clear */); +__LA_DECL const char *archive_entry_fflags_text(struct archive_entry *); +__LA_DECL la_int64_t archive_entry_gid(struct archive_entry *); +__LA_DECL int archive_entry_gid_is_set(struct archive_entry *); +__LA_DECL const char *archive_entry_gname(struct archive_entry *); +__LA_DECL const char *archive_entry_gname_utf8(struct archive_entry *); +__LA_DECL const wchar_t *archive_entry_gname_w(struct archive_entry *); +__LA_DECL void archive_entry_set_link_to_hardlink(struct archive_entry *); +__LA_DECL const char *archive_entry_hardlink(struct archive_entry *); +__LA_DECL const char *archive_entry_hardlink_utf8(struct archive_entry *); +__LA_DECL const wchar_t *archive_entry_hardlink_w(struct archive_entry *); +__LA_DECL int archive_entry_hardlink_is_set(struct archive_entry *); +__LA_DECL la_int64_t archive_entry_ino(struct archive_entry *); +__LA_DECL la_int64_t archive_entry_ino64(struct archive_entry *); +__LA_DECL int archive_entry_ino_is_set(struct archive_entry *); +__LA_DECL __LA_MODE_T archive_entry_mode(struct archive_entry *); +__LA_DECL time_t archive_entry_mtime(struct archive_entry *); +__LA_DECL long archive_entry_mtime_nsec(struct archive_entry *); +__LA_DECL int archive_entry_mtime_is_set(struct archive_entry *); +__LA_DECL unsigned int archive_entry_nlink(struct archive_entry *); +__LA_DECL const char *archive_entry_pathname(struct archive_entry *); +__LA_DECL const char *archive_entry_pathname_utf8(struct archive_entry *); +__LA_DECL const wchar_t *archive_entry_pathname_w(struct archive_entry *); +__LA_DECL __LA_MODE_T archive_entry_perm(struct archive_entry *); +__LA_DECL int archive_entry_perm_is_set(struct archive_entry *); +__LA_DECL int archive_entry_rdev_is_set(struct archive_entry *); +__LA_DECL dev_t archive_entry_rdev(struct archive_entry *); +__LA_DECL dev_t archive_entry_rdevmajor(struct archive_entry *); +__LA_DECL dev_t archive_entry_rdevminor(struct archive_entry *); +__LA_DECL const char *archive_entry_sourcepath(struct archive_entry *); +__LA_DECL const wchar_t *archive_entry_sourcepath_w(struct archive_entry *); +__LA_DECL la_int64_t archive_entry_size(struct archive_entry *); +__LA_DECL int archive_entry_size_is_set(struct archive_entry *); +__LA_DECL const char *archive_entry_strmode(struct archive_entry *); +__LA_DECL void archive_entry_set_link_to_symlink(struct archive_entry *); +__LA_DECL const char *archive_entry_symlink(struct archive_entry *); +__LA_DECL const char *archive_entry_symlink_utf8(struct archive_entry *); +__LA_DECL int archive_entry_symlink_type(struct archive_entry *); +__LA_DECL const wchar_t *archive_entry_symlink_w(struct archive_entry *); +__LA_DECL la_int64_t archive_entry_uid(struct archive_entry *); +__LA_DECL int archive_entry_uid_is_set(struct archive_entry *); +__LA_DECL const char *archive_entry_uname(struct archive_entry *); +__LA_DECL const char *archive_entry_uname_utf8(struct archive_entry *); +__LA_DECL const wchar_t *archive_entry_uname_w(struct archive_entry *); +__LA_DECL int archive_entry_is_data_encrypted(struct archive_entry *); +__LA_DECL int archive_entry_is_metadata_encrypted(struct archive_entry *); +__LA_DECL int archive_entry_is_encrypted(struct archive_entry *); + +/* + * Set fields in an archive_entry. + * + * Note: Before libarchive 2.4, there were 'set' and 'copy' versions + * of the string setters. 'copy' copied the actual string, 'set' just + * stored the pointer. In libarchive 2.4 and later, strings are + * always copied. + */ + +__LA_DECL void archive_entry_set_atime(struct archive_entry *, time_t, long); +__LA_DECL void archive_entry_unset_atime(struct archive_entry *); +#if defined(_WIN32) && !defined(__CYGWIN__) +__LA_DECL void archive_entry_copy_bhfi(struct archive_entry *, BY_HANDLE_FILE_INFORMATION *); +#endif +__LA_DECL void archive_entry_set_birthtime(struct archive_entry *, time_t, long); +__LA_DECL void archive_entry_unset_birthtime(struct archive_entry *); +__LA_DECL void archive_entry_set_ctime(struct archive_entry *, time_t, long); +__LA_DECL void archive_entry_unset_ctime(struct archive_entry *); +__LA_DECL void archive_entry_set_dev(struct archive_entry *, dev_t); +__LA_DECL void archive_entry_set_devmajor(struct archive_entry *, dev_t); +__LA_DECL void archive_entry_set_devminor(struct archive_entry *, dev_t); +__LA_DECL void archive_entry_set_filetype(struct archive_entry *, unsigned int); +__LA_DECL void archive_entry_set_fflags(struct archive_entry *, + unsigned long /* set */, unsigned long /* clear */); +/* Returns pointer to start of first invalid token, or NULL if none. */ +/* Note that all recognized tokens are processed, regardless. */ +__LA_DECL const char *archive_entry_copy_fflags_text(struct archive_entry *, + const char *); +__LA_DECL const char *archive_entry_copy_fflags_text_len(struct archive_entry *, + const char *, size_t); +__LA_DECL const wchar_t *archive_entry_copy_fflags_text_w(struct archive_entry *, + const wchar_t *); +__LA_DECL void archive_entry_set_gid(struct archive_entry *, la_int64_t); +__LA_DECL void archive_entry_set_gname(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_gname_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_gname(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_gname_w(struct archive_entry *, const wchar_t *); +__LA_DECL int archive_entry_update_gname_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_hardlink(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_hardlink_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_hardlink(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_hardlink_w(struct archive_entry *, const wchar_t *); +__LA_DECL int archive_entry_update_hardlink_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_ino(struct archive_entry *, la_int64_t); +__LA_DECL void archive_entry_set_ino64(struct archive_entry *, la_int64_t); +__LA_DECL void archive_entry_set_link(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_link_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_link(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_link_w(struct archive_entry *, const wchar_t *); +__LA_DECL int archive_entry_update_link_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_mode(struct archive_entry *, __LA_MODE_T); +__LA_DECL void archive_entry_set_mtime(struct archive_entry *, time_t, long); +__LA_DECL void archive_entry_unset_mtime(struct archive_entry *); +__LA_DECL void archive_entry_set_nlink(struct archive_entry *, unsigned int); +__LA_DECL void archive_entry_set_pathname(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_pathname_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_pathname(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_pathname_w(struct archive_entry *, const wchar_t *); +__LA_DECL int archive_entry_update_pathname_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_perm(struct archive_entry *, __LA_MODE_T); +__LA_DECL void archive_entry_set_rdev(struct archive_entry *, dev_t); +__LA_DECL void archive_entry_set_rdevmajor(struct archive_entry *, dev_t); +__LA_DECL void archive_entry_set_rdevminor(struct archive_entry *, dev_t); +__LA_DECL void archive_entry_set_size(struct archive_entry *, la_int64_t); +__LA_DECL void archive_entry_unset_size(struct archive_entry *); +__LA_DECL void archive_entry_copy_sourcepath(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_sourcepath_w(struct archive_entry *, const wchar_t *); +__LA_DECL void archive_entry_set_symlink(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_symlink_type(struct archive_entry *, int); +__LA_DECL void archive_entry_set_symlink_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_symlink(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_symlink_w(struct archive_entry *, const wchar_t *); +__LA_DECL int archive_entry_update_symlink_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_uid(struct archive_entry *, la_int64_t); +__LA_DECL void archive_entry_set_uname(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_uname_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_uname(struct archive_entry *, const char *); +__LA_DECL void archive_entry_copy_uname_w(struct archive_entry *, const wchar_t *); +__LA_DECL int archive_entry_update_uname_utf8(struct archive_entry *, const char *); +__LA_DECL void archive_entry_set_is_data_encrypted(struct archive_entry *, char is_encrypted); +__LA_DECL void archive_entry_set_is_metadata_encrypted(struct archive_entry *, char is_encrypted); +/* + * Routines to bulk copy fields to/from a platform-native "struct + * stat." Libarchive used to just store a struct stat inside of each + * archive_entry object, but this created issues when trying to + * manipulate archives on systems different than the ones they were + * created on. + * + * TODO: On Linux and other LFS systems, provide both stat32 and + * stat64 versions of these functions and all of the macro glue so + * that archive_entry_stat is magically defined to + * archive_entry_stat32 or archive_entry_stat64 as appropriate. + */ +__LA_DECL const struct stat *archive_entry_stat(struct archive_entry *); +__LA_DECL void archive_entry_copy_stat(struct archive_entry *, const struct stat *); + +/* + * Storage for Mac OS-specific AppleDouble metadata information. + * Apple-format tar files store a separate binary blob containing + * encoded metadata with ACL, extended attributes, etc. + * This provides a place to store that blob. + */ + +__LA_DECL const void * archive_entry_mac_metadata(struct archive_entry *, size_t *); +__LA_DECL void archive_entry_copy_mac_metadata(struct archive_entry *, const void *, size_t); + +/* + * Digest routine. This is used to query the raw hex digest for the + * given entry. The type of digest is provided as an argument. + */ +#define ARCHIVE_ENTRY_DIGEST_MD5 0x00000001 +#define ARCHIVE_ENTRY_DIGEST_RMD160 0x00000002 +#define ARCHIVE_ENTRY_DIGEST_SHA1 0x00000003 +#define ARCHIVE_ENTRY_DIGEST_SHA256 0x00000004 +#define ARCHIVE_ENTRY_DIGEST_SHA384 0x00000005 +#define ARCHIVE_ENTRY_DIGEST_SHA512 0x00000006 + +__LA_DECL const unsigned char * archive_entry_digest(struct archive_entry *, int /* type */); + +/* + * ACL routines. This used to simply store and return text-format ACL + * strings, but that proved insufficient for a number of reasons: + * = clients need control over uname/uid and gname/gid mappings + * = there are many different ACL text formats + * = would like to be able to read/convert archives containing ACLs + * on platforms that lack ACL libraries + * + * This last point, in particular, forces me to implement a reasonably + * complete set of ACL support routines. + */ + +/* + * Permission bits. + */ +#define ARCHIVE_ENTRY_ACL_EXECUTE 0x00000001 +#define ARCHIVE_ENTRY_ACL_WRITE 0x00000002 +#define ARCHIVE_ENTRY_ACL_READ 0x00000004 +#define ARCHIVE_ENTRY_ACL_READ_DATA 0x00000008 +#define ARCHIVE_ENTRY_ACL_LIST_DIRECTORY 0x00000008 +#define ARCHIVE_ENTRY_ACL_WRITE_DATA 0x00000010 +#define ARCHIVE_ENTRY_ACL_ADD_FILE 0x00000010 +#define ARCHIVE_ENTRY_ACL_APPEND_DATA 0x00000020 +#define ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY 0x00000020 +#define ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS 0x00000040 +#define ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS 0x00000080 +#define ARCHIVE_ENTRY_ACL_DELETE_CHILD 0x00000100 +#define ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES 0x00000200 +#define ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES 0x00000400 +#define ARCHIVE_ENTRY_ACL_DELETE 0x00000800 +#define ARCHIVE_ENTRY_ACL_READ_ACL 0x00001000 +#define ARCHIVE_ENTRY_ACL_WRITE_ACL 0x00002000 +#define ARCHIVE_ENTRY_ACL_WRITE_OWNER 0x00004000 +#define ARCHIVE_ENTRY_ACL_SYNCHRONIZE 0x00008000 + +#define ARCHIVE_ENTRY_ACL_PERMS_POSIX1E \ + (ARCHIVE_ENTRY_ACL_EXECUTE \ + | ARCHIVE_ENTRY_ACL_WRITE \ + | ARCHIVE_ENTRY_ACL_READ) + +#define ARCHIVE_ENTRY_ACL_PERMS_NFS4 \ + (ARCHIVE_ENTRY_ACL_EXECUTE \ + | ARCHIVE_ENTRY_ACL_READ_DATA \ + | ARCHIVE_ENTRY_ACL_LIST_DIRECTORY \ + | ARCHIVE_ENTRY_ACL_WRITE_DATA \ + | ARCHIVE_ENTRY_ACL_ADD_FILE \ + | ARCHIVE_ENTRY_ACL_APPEND_DATA \ + | ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY \ + | ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS \ + | ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS \ + | ARCHIVE_ENTRY_ACL_DELETE_CHILD \ + | ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES \ + | ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES \ + | ARCHIVE_ENTRY_ACL_DELETE \ + | ARCHIVE_ENTRY_ACL_READ_ACL \ + | ARCHIVE_ENTRY_ACL_WRITE_ACL \ + | ARCHIVE_ENTRY_ACL_WRITE_OWNER \ + | ARCHIVE_ENTRY_ACL_SYNCHRONIZE) + +/* + * Inheritance values (NFS4 ACLs only); included in permset. + */ +#define ARCHIVE_ENTRY_ACL_ENTRY_INHERITED 0x01000000 +#define ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT 0x02000000 +#define ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT 0x04000000 +#define ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT 0x08000000 +#define ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY 0x10000000 +#define ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS 0x20000000 +#define ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS 0x40000000 + +#define ARCHIVE_ENTRY_ACL_INHERITANCE_NFS4 \ + (ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT \ + | ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT \ + | ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT \ + | ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY \ + | ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS \ + | ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS \ + | ARCHIVE_ENTRY_ACL_ENTRY_INHERITED) + +/* We need to be able to specify combinations of these. */ +#define ARCHIVE_ENTRY_ACL_TYPE_ACCESS 0x00000100 /* POSIX.1e only */ +#define ARCHIVE_ENTRY_ACL_TYPE_DEFAULT 0x00000200 /* POSIX.1e only */ +#define ARCHIVE_ENTRY_ACL_TYPE_ALLOW 0x00000400 /* NFS4 only */ +#define ARCHIVE_ENTRY_ACL_TYPE_DENY 0x00000800 /* NFS4 only */ +#define ARCHIVE_ENTRY_ACL_TYPE_AUDIT 0x00001000 /* NFS4 only */ +#define ARCHIVE_ENTRY_ACL_TYPE_ALARM 0x00002000 /* NFS4 only */ +#define ARCHIVE_ENTRY_ACL_TYPE_POSIX1E (ARCHIVE_ENTRY_ACL_TYPE_ACCESS \ + | ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) +#define ARCHIVE_ENTRY_ACL_TYPE_NFS4 (ARCHIVE_ENTRY_ACL_TYPE_ALLOW \ + | ARCHIVE_ENTRY_ACL_TYPE_DENY \ + | ARCHIVE_ENTRY_ACL_TYPE_AUDIT \ + | ARCHIVE_ENTRY_ACL_TYPE_ALARM) + +/* Tag values mimic POSIX.1e */ +#define ARCHIVE_ENTRY_ACL_USER 10001 /* Specified user. */ +#define ARCHIVE_ENTRY_ACL_USER_OBJ 10002 /* User who owns the file. */ +#define ARCHIVE_ENTRY_ACL_GROUP 10003 /* Specified group. */ +#define ARCHIVE_ENTRY_ACL_GROUP_OBJ 10004 /* Group who owns the file. */ +#define ARCHIVE_ENTRY_ACL_MASK 10005 /* Modify group access (POSIX.1e only) */ +#define ARCHIVE_ENTRY_ACL_OTHER 10006 /* Public (POSIX.1e only) */ +#define ARCHIVE_ENTRY_ACL_EVERYONE 10107 /* Everyone (NFS4 only) */ + +/* + * Set the ACL by clearing it and adding entries one at a time. + * Unlike the POSIX.1e ACL routines, you must specify the type + * (access/default) for each entry. Internally, the ACL data is just + * a soup of entries. API calls here allow you to retrieve just the + * entries of interest. This design (which goes against the spirit of + * POSIX.1e) is useful for handling archive formats that combine + * default and access information in a single ACL list. + */ +__LA_DECL void archive_entry_acl_clear(struct archive_entry *); +__LA_DECL int archive_entry_acl_add_entry(struct archive_entry *, + int /* type */, int /* permset */, int /* tag */, + int /* qual */, const char * /* name */); +__LA_DECL int archive_entry_acl_add_entry_w(struct archive_entry *, + int /* type */, int /* permset */, int /* tag */, + int /* qual */, const wchar_t * /* name */); + +/* + * To retrieve the ACL, first "reset", then repeatedly ask for the + * "next" entry. The want_type parameter allows you to request only + * certain types of entries. + */ +__LA_DECL int archive_entry_acl_reset(struct archive_entry *, int /* want_type */); +__LA_DECL int archive_entry_acl_next(struct archive_entry *, int /* want_type */, + int * /* type */, int * /* permset */, int * /* tag */, + int * /* qual */, const char ** /* name */); + +/* + * Construct a text-format ACL. The flags argument is a bitmask that + * can include any of the following: + * + * Flags only for archive entries with POSIX.1e ACL: + * ARCHIVE_ENTRY_ACL_TYPE_ACCESS - Include POSIX.1e "access" entries. + * ARCHIVE_ENTRY_ACL_TYPE_DEFAULT - Include POSIX.1e "default" entries. + * ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT - Include "default:" before each + * default ACL entry. + * ARCHIVE_ENTRY_ACL_STYLE_SOLARIS - Output only one colon after "other" and + * "mask" entries. + * + * Flags only for archive entries with NFSv4 ACL: + * ARCHIVE_ENTRY_ACL_STYLE_COMPACT - Do not output the minus character for + * unset permissions and flags in NFSv4 ACL permission and flag fields + * + * Flags for for archive entries with POSIX.1e ACL or NFSv4 ACL: + * ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID - Include extra numeric ID field in + * each ACL entry. + * ARCHIVE_ENTRY_ACL_STYLE_SEPARATOR_COMMA - Separate entries with comma + * instead of newline. + */ +#define ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID 0x00000001 +#define ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT 0x00000002 +#define ARCHIVE_ENTRY_ACL_STYLE_SOLARIS 0x00000004 +#define ARCHIVE_ENTRY_ACL_STYLE_SEPARATOR_COMMA 0x00000008 +#define ARCHIVE_ENTRY_ACL_STYLE_COMPACT 0x00000010 + +__LA_DECL wchar_t *archive_entry_acl_to_text_w(struct archive_entry *, + la_ssize_t * /* len */, int /* flags */); +__LA_DECL char *archive_entry_acl_to_text(struct archive_entry *, + la_ssize_t * /* len */, int /* flags */); +__LA_DECL int archive_entry_acl_from_text_w(struct archive_entry *, + const wchar_t * /* wtext */, int /* type */); +__LA_DECL int archive_entry_acl_from_text(struct archive_entry *, + const char * /* text */, int /* type */); + +/* Deprecated constants */ +#define OLD_ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID 1024 +#define OLD_ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT 2048 + +/* Deprecated functions */ +__LA_DECL const wchar_t *archive_entry_acl_text_w(struct archive_entry *, + int /* flags */) __LA_DEPRECATED; +__LA_DECL const char *archive_entry_acl_text(struct archive_entry *, + int /* flags */) __LA_DEPRECATED; + +/* Return bitmask of ACL types in an archive entry */ +__LA_DECL int archive_entry_acl_types(struct archive_entry *); + +/* Return a count of entries matching 'want_type' */ +__LA_DECL int archive_entry_acl_count(struct archive_entry *, int /* want_type */); + +/* Return an opaque ACL object. */ +/* There's not yet anything clients can actually do with this... */ +struct archive_acl; +__LA_DECL struct archive_acl *archive_entry_acl(struct archive_entry *); + +/* + * extended attributes + */ + +__LA_DECL void archive_entry_xattr_clear(struct archive_entry *); +__LA_DECL void archive_entry_xattr_add_entry(struct archive_entry *, + const char * /* name */, const void * /* value */, + size_t /* size */); + +/* + * To retrieve the xattr list, first "reset", then repeatedly ask for the + * "next" entry. + */ + +__LA_DECL int archive_entry_xattr_count(struct archive_entry *); +__LA_DECL int archive_entry_xattr_reset(struct archive_entry *); +__LA_DECL int archive_entry_xattr_next(struct archive_entry *, + const char ** /* name */, const void ** /* value */, size_t *); + +/* + * sparse + */ + +__LA_DECL void archive_entry_sparse_clear(struct archive_entry *); +__LA_DECL void archive_entry_sparse_add_entry(struct archive_entry *, + la_int64_t /* offset */, la_int64_t /* length */); + +/* + * To retrieve the xattr list, first "reset", then repeatedly ask for the + * "next" entry. + */ + +__LA_DECL int archive_entry_sparse_count(struct archive_entry *); +__LA_DECL int archive_entry_sparse_reset(struct archive_entry *); +__LA_DECL int archive_entry_sparse_next(struct archive_entry *, + la_int64_t * /* offset */, la_int64_t * /* length */); + +/* + * Utility to match up hardlinks. + * + * The 'struct archive_entry_linkresolver' is a cache of archive entries + * for files with multiple links. Here's how to use it: + * 1. Create a lookup object with archive_entry_linkresolver_new() + * 2. Tell it the archive format you're using. + * 3. Hand each archive_entry to archive_entry_linkify(). + * That function will return 0, 1, or 2 entries that should + * be written. + * 4. Call archive_entry_linkify(resolver, NULL) until + * no more entries are returned. + * 5. Call archive_entry_linkresolver_free(resolver) to free resources. + * + * The entries returned have their hardlink and size fields updated + * appropriately. If an entry is passed in that does not refer to + * a file with multiple links, it is returned unchanged. The intention + * is that you should be able to simply filter all entries through + * this machine. + * + * To make things more efficient, be sure that each entry has a valid + * nlinks value. The hardlink cache uses this to track when all links + * have been found. If the nlinks value is zero, it will keep every + * name in the cache indefinitely, which can use a lot of memory. + * + * Note that archive_entry_size() is reset to zero if the file + * body should not be written to the archive. Pay attention! + */ +struct archive_entry_linkresolver; + +/* + * There are three different strategies for marking hardlinks. + * The descriptions below name them after the best-known + * formats that rely on each strategy: + * + * "Old cpio" is the simplest, it always returns any entry unmodified. + * As far as I know, only cpio formats use this. Old cpio archives + * store every link with the full body; the onus is on the dearchiver + * to detect and properly link the files as they are restored. + * "tar" is also pretty simple; it caches a copy the first time it sees + * any link. Subsequent appearances are modified to be hardlink + * references to the first one without any body. Used by all tar + * formats, although the newest tar formats permit the "old cpio" strategy + * as well. This strategy is very simple for the dearchiver, + * and reasonably straightforward for the archiver. + * "new cpio" is trickier. It stores the body only with the last + * occurrence. The complication is that we might not + * see every link to a particular file in a single session, so + * there's no easy way to know when we've seen the last occurrence. + * The solution here is to queue one link until we see the next. + * At the end of the session, you can enumerate any remaining + * entries by calling archive_entry_linkify(NULL) and store those + * bodies. If you have a file with three links l1, l2, and l3, + * you'll get the following behavior if you see all three links: + * linkify(l1) => NULL (the resolver stores l1 internally) + * linkify(l2) => l1 (resolver stores l2, you write l1) + * linkify(l3) => l2, l3 (all links seen, you can write both). + * If you only see l1 and l2, you'll get this behavior: + * linkify(l1) => NULL + * linkify(l2) => l1 + * linkify(NULL) => l2 (at end, you retrieve remaining links) + * As the name suggests, this strategy is used by newer cpio variants. + * It's noticeably more complex for the archiver, slightly more complex + * for the dearchiver than the tar strategy, but makes it straightforward + * to restore a file using any link by simply continuing to scan until + * you see a link that is stored with a body. In contrast, the tar + * strategy requires you to rescan the archive from the beginning to + * correctly extract an arbitrary link. + */ + +__LA_DECL struct archive_entry_linkresolver *archive_entry_linkresolver_new(void); +__LA_DECL void archive_entry_linkresolver_set_strategy( + struct archive_entry_linkresolver *, int /* format_code */); +__LA_DECL void archive_entry_linkresolver_free(struct archive_entry_linkresolver *); +__LA_DECL void archive_entry_linkify(struct archive_entry_linkresolver *, + struct archive_entry **, struct archive_entry **); +__LA_DECL struct archive_entry *archive_entry_partial_links( + struct archive_entry_linkresolver *res, unsigned int *links); +#ifdef __cplusplus +} +#endif + +/* This is meaningless outside of this header. */ +#undef __LA_DECL + +#endif /* !ARCHIVE_ENTRY_H_INCLUDED */ diff --git a/Sources/ContainerizationArchive/TempDir.swift b/Sources/ContainerizationArchive/TempDir.swift new file mode 100644 index 0000000..6b0f207 --- /dev/null +++ b/Sources/ContainerizationArchive/TempDir.swift @@ -0,0 +1,34 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import Foundation + +internal func createTemporaryDirectory(baseName: String) -> URL? { + let url = FileManager.default.uniqueTemporaryDirectory().appendingPathComponent( + "\(baseName).XXXXXX") + + var path = url.absoluteURL.path + return path.withUTF8 { utf8Bytes in + var mutablePath = Array(utf8Bytes) + [0] + return mutablePath.withUnsafeMutableBufferPointer { buffer -> URL? in + guard let baseAddress = buffer.baseAddress else { return nil } + mkdtemp(baseAddress) + let resultPath = String(decoding: buffer[..<(buffer.count - 1)], as: UTF8.self) + return URL(fileURLWithPath: resultPath, isDirectory: true) + } + } +} diff --git a/Sources/ContainerizationArchive/WriteEntry.swift b/Sources/ContainerizationArchive/WriteEntry.swift new file mode 100644 index 0000000..4330a04 --- /dev/null +++ b/Sources/ContainerizationArchive/WriteEntry.swift @@ -0,0 +1,318 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CArchive +import Foundation + +/// Represents a single entry (e.g., a file, directory, symbolic link) +/// that is to be read/written into an archive. +public final class WriteEntry { + let underlying: OpaquePointer + + public init(_ archive: ArchiveWriter) { + underlying = archive_entry_new2(archive.underlying) + } + + public init() { + underlying = archive_entry_new() + } + + deinit { + archive_entry_free(underlying) + } +} + +extension WriteEntry { + /// The size of the entry in bytes. + public var size: Int64? { + get { + guard archive_entry_size_is_set(underlying) != 0 else { return nil } + return archive_entry_size(underlying) + } + set { + if let s = newValue { + archive_entry_set_size(underlying, s) + } else { + archive_entry_unset_size(underlying) + } + } + } + + /// The mode of the entry. + public var permissions: mode_t { + get { + archive_entry_perm(underlying) + } + set { + archive_entry_set_perm(underlying, newValue) + } + } + + /// The owner id of the entry. + public var owner: uid_t? { + get { + uid_t(exactly: archive_entry_uid(underlying)) + } + set { + archive_entry_set_uid(underlying, Int64(newValue ?? 0)) + } + } + + /// The group id of the entry + public var group: gid_t? { + get { + gid_t(exactly: archive_entry_gid(underlying)) + } + set { + archive_entry_set_gid(underlying, Int64(newValue ?? 0)) + } + } + + /// The path of file this entry hardlinks to + public var hardlink: String? { + get { + guard let cstr = archive_entry_hardlink(underlying) else { + return nil + } + return String(cString: cstr) + } + set { + guard let newValue else { + archive_entry_set_hardlink(underlying, nil) + return + } + newValue.withCString { + archive_entry_set_hardlink(underlying, $0) + } + } + } + + /// The UTF-8 encoded path of file this entry hardlinks to + public var hardlinkUtf8: String? { + get { + guard let cstr = archive_entry_hardlink_utf8(underlying) else { + return nil + } + return String(cString: cstr, encoding: .utf8) + } + set { + guard let newValue else { + archive_entry_set_hardlink_utf8(underlying, nil) + return + } + newValue.withCString { + archive_entry_set_hardlink_utf8(underlying, $0) + } + } + } + + /// The string representation of the permissions of the entry + public var strmode: String? { + if let cstr = archive_entry_strmode(underlying) { + return String(cString: cstr) + } + return nil + } + + /// The type of file this entry represents. + public var fileType: URLFileResourceType { + get { + switch archive_entry_filetype(underlying) { + case S_IFIFO: return .namedPipe + case S_IFCHR: return .characterSpecial + case S_IFDIR: return .directory + case S_IFBLK: return .blockSpecial + case S_IFREG: return .regular + case S_IFLNK: return .symbolicLink + case S_IFSOCK: return .socket + default: return .unknown + } + } + set { + switch newValue { + case .namedPipe: archive_entry_set_filetype(underlying, UInt32(S_IFIFO as mode_t)) + case .characterSpecial: archive_entry_set_filetype(underlying, UInt32(S_IFCHR as mode_t)) + case .directory: archive_entry_set_filetype(underlying, UInt32(S_IFDIR as mode_t)) + case .blockSpecial: archive_entry_set_filetype(underlying, UInt32(S_IFBLK as mode_t)) + case .regular: archive_entry_set_filetype(underlying, UInt32(S_IFREG as mode_t)) + case .symbolicLink: archive_entry_set_filetype(underlying, UInt32(S_IFLNK as mode_t)) + case .socket: archive_entry_set_filetype(underlying, UInt32(S_IFSOCK as mode_t)) + default: archive_entry_set_filetype(underlying, 0) + } + } + } + + /// The date that the entry was last accessed + public var contentAccessDate: Date? { + get { + Date( + underlying, + archive_entry_atime_is_set, + archive_entry_atime, + archive_entry_atime_nsec) + } + set { + setDate( + newValue, + underlying, archive_entry_set_atime, + archive_entry_unset_atime) + } + } + + /// The date that the entry was created + public var creationDate: Date? { + get { + Date( + underlying, + archive_entry_ctime_is_set, + archive_entry_ctime, + archive_entry_ctime_nsec) + } + set { + setDate( + newValue, + underlying, archive_entry_set_ctime, + archive_entry_unset_ctime) + } + } + + /// The date that the entry was modified + public var modificationDate: Date? { + get { + Date( + underlying, + archive_entry_mtime_is_set, + archive_entry_mtime, + archive_entry_mtime_nsec) + } + set { + setDate( + newValue, + underlying, archive_entry_set_mtime, + archive_entry_unset_mtime) + } + } + + /// The file path of the entry + public var path: String? { + get { + guard let pathname = archive_entry_pathname(underlying) else { + return nil + } + return String(cString: pathname) + } + set { + guard let newValue else { + archive_entry_set_pathname(underlying, nil) + return + } + newValue.withCString { + archive_entry_set_pathname(underlying, $0) + } + } + } + + /// The UTF-8 encoded file path of the entry + public var pathUtf8: String? { + get { + guard let pathname = archive_entry_pathname_utf8(underlying) else { + return nil + } + return String(cString: pathname) + } + set { + guard let newValue else { + archive_entry_set_pathname_utf8(underlying, nil) + return + } + newValue.withCString { + archive_entry_set_pathname_utf8(underlying, $0) + } + } + } + + /// The symlink target that the entry points to + public var symlinkTarget: String? { + get { + guard let target = archive_entry_symlink(underlying) else { + return nil + } + return String(cString: target) + } + set { + guard let newValue else { + archive_entry_set_symlink(underlying, nil) + return + } + newValue.withCString { + archive_entry_set_symlink(underlying, $0) + } + } + } + + /// The extended attributes of the entry + public var xattrs: [String: Data] { + get { + archive_entry_xattr_reset(self.underlying) + var attrs: [String: Data] = [:] + var namePtr: UnsafePointer? + var valuePtr: UnsafeRawPointer? + var size: Int = 0 + while archive_entry_xattr_next(self.underlying, &namePtr, &valuePtr, &size) == 0 { + let _name = namePtr.map { String(cString: $0) } + let _value = valuePtr.map { Data(bytes: $0, count: size) } + guard let name = _name, let value = _value else { + continue + } + attrs[name] = value + } + return attrs + } + set { + archive_entry_xattr_clear(self.underlying) + for (key, value) in newValue { + value.withUnsafeBytes { ptr in + archive_entry_xattr_add_entry(self.underlying, key, ptr.baseAddress, [UInt8](value).count) + } + } + } + } + + fileprivate func setDate( + _ date: Date?, _ underlying: OpaquePointer, _ setter: (OpaquePointer, time_t, CLong) -> Void, + _ unset: (OpaquePointer) -> Void + ) { + if let d = date { + let ti = d.timeIntervalSince1970 + let seconds = floor(ti) + let nsec = max(0, min(1_000_000_000, ti - seconds * 1_000_000_000)) + setter(underlying, time_t(seconds), CLong(nsec)) + } else { + unset(underlying) + } + } +} + +extension Date { + init?( + _ underlying: OpaquePointer, _ isSet: (OpaquePointer) -> CInt, _ seconds: (OpaquePointer) -> time_t, + _ nsec: (OpaquePointer) -> CLong + ) { + guard isSet(underlying) != 0 else { return nil } + let ti = TimeInterval(seconds(underlying)) + TimeInterval(nsec(underlying)) * 0.000_000_001 + self.init(timeIntervalSince1970: ti) + } +} diff --git a/Sources/ContainerizationEXT4/Documentation.docc/ext4.md b/Sources/ContainerizationEXT4/Documentation.docc/ext4.md new file mode 100644 index 0000000..8962833 --- /dev/null +++ b/Sources/ContainerizationEXT4/Documentation.docc/ext4.md @@ -0,0 +1,4 @@ +# ``ContainerizationEXT4`` + +`ContainerizationEXT4` provides functionality to read the superblock of an existing ext4 block device and format a new block device with +the ext4 file system. diff --git a/Sources/ContainerizationEXT4/EXT4+Extensions.swift b/Sources/ContainerizationEXT4/EXT4+Extensions.swift new file mode 100644 index 0000000..6442423 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Extensions.swift @@ -0,0 +1,97 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension EXT4.InodeFlag { + public static func | (lhs: Self, rhs: Self) -> Self { + Self(rawValue: lhs.rawValue | rhs.rawValue) + } + + public static func | (lhs: Self, rhs: Self) -> UInt32 { + lhs.rawValue | rhs.rawValue + } + + public static func | (lhs: Self, rhs: UInt32) -> UInt32 { + lhs.rawValue | rhs + } +} + +extension EXT4.CompatFeature { + public static func | (lhs: Self, rhs: Self) -> Self { + EXT4.CompatFeature(rawValue: lhs.rawValue | rhs.rawValue) + } + + public static func | (lhs: Self, rhs: Self) -> UInt32 { + lhs.rawValue | rhs.rawValue + } +} + +extension EXT4.IncompatFeature { + public static func | (lhs: Self, rhs: Self) -> Self { + EXT4.IncompatFeature(rawValue: lhs.rawValue | rhs.rawValue) + } + + public static func | (lhs: Self, rhs: Self) -> UInt32 { + lhs.rawValue | rhs.rawValue + } +} + +extension EXT4.RoCompatFeature { + public static func | (lhs: Self, rhs: Self) -> Self { + EXT4.RoCompatFeature(rawValue: lhs.rawValue | rhs.rawValue) + } + + public static func | (lhs: Self, rhs: Self) -> UInt32 { + lhs.rawValue | rhs.rawValue + } +} + +extension EXT4.FileModeFlag { + public static func | (lhs: Self, rhs: Self) -> Self { + Self(rawValue: lhs.rawValue | rhs.rawValue) + } + + public static func | (lhs: Self, rhs: Self) -> UInt16 { + lhs.rawValue | rhs.rawValue + } +} + +extension EXT4.XAttrEntry { + init(using bytes: [UInt8]) throws { + guard bytes.count == 16 else { + throw EXT4.Error.invalidXattrEntry + } + nameLength = bytes[0] + nameIndex = bytes[1] + let rawValue = Array(bytes[2...3]) + valueOffset = rawValue.withUnsafeBytes { $0.loadLittleEndian(as: UInt16.self) } + + let rawValueInum = Array(bytes[4...7]) + valueInum = rawValueInum.withUnsafeBytes { $0.loadLittleEndian(as: UInt32.self) } + + let rawSize = Array(bytes[8...11]) + valueSize = rawSize.withUnsafeBytes { $0.loadLittleEndian(as: UInt32.self) } + + let rawHash = Array(bytes[12...]) + hash = rawHash.withUnsafeBytes { $0.loadLittleEndian(as: UInt32.self) } + } +} + +extension EXT4 { + static func tupleToArray(_ tuple: T) -> [UInt8] { + let reflection = Mirror(reflecting: tuple) + return reflection.children.compactMap { $0.value as? UInt8 } + } +} diff --git a/Sources/ContainerizationEXT4/EXT4+FileTree.swift b/Sources/ContainerizationEXT4/EXT4+FileTree.swift new file mode 100644 index 0000000..db69c99 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+FileTree.swift @@ -0,0 +1,101 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage + +extension EXT4 { + class FileTree { + class FileTreeNode { + let inode: InodeNumber + let name: String + var children: [Ptr] = [] + var blocks: (start: UInt32, end: UInt32)? + var additionalBlocks: [(start: UInt32, end: UInt32)]? + var link: InodeNumber? + private weak var parent: Ptr? + + init( + inode: InodeNumber, + name: String, + parent: Ptr?, + children: [Ptr] = [], + blocks: (start: UInt32, end: UInt32)? = nil, + additionalBlocks: [(start: UInt32, end: UInt32)]? = nil, + link: InodeNumber? = nil + ) { + self.inode = inode + self.name = name + self.children = children + self.blocks = blocks + self.additionalBlocks = additionalBlocks + self.link = link + self.parent = parent + } + + deinit { + self.children.removeAll() + self.children = [] + self.blocks = nil + self.additionalBlocks = nil + self.link = nil + } + + var path: FilePath? { + var components: [String] = [self.name] + var _ptr = self.parent + while let ptr = _ptr { + components.append(ptr.pointee.name) + _ptr = ptr.pointee.parent + } + let path = components.reversed().joined(separator: "/") + return FilePath(path).lexicallyNormalized() + } + } + + var root: Ptr + + init(_ root: InodeNumber, _ name: String) { + self.root = Ptr(FileTreeNode(inode: root, name: name, parent: nil)) + } + + func lookup(path: FilePath) -> Ptr? { + var components: [String] = path.items + var node = self.root + if components.first == "/" { + components = Array(components.dropFirst()) + } + if components.count == 0 { + return node + } + for component in components { + var found = false + for childPtr in node.pointee.children { + let child = childPtr.pointee + if child.name == component { + node = childPtr + found = true + break + } + } + guard found else { + return nil + } + } + return node + } + } +} diff --git a/Sources/ContainerizationEXT4/EXT4+Formatter.swift b/Sources/ContainerizationEXT4/EXT4+Formatter.swift new file mode 100644 index 0000000..5f7ff44 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Formatter.swift @@ -0,0 +1,1414 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint: disable discouraged_direct_init shorthand_operator syntactic_sugar + +import ContainerizationArchive +import ContainerizationOS +import Foundation +import SystemPackage + +extension EXT4 { + /// The `EXT4.Formatter` class provides methods to format a block device with the ext4 filesystem. + /// It allows customization of block size and maximum disk size. + public class Formatter { + private let logBlockSize: UInt32 + var blockSize: UInt32 { 1024 << logBlockSize } + private var size: UInt64 + private let groupDescriptorSize: UInt32 = 32 + + private var blocksPerGroup: UInt32 { + blockSize * 8 + } + + private var maxInodesPerGroup: UInt32 { + blockSize * 8 // limited by inode bitmap + } + + private var groupsPerDescriptorBlock: UInt32 { + blockSize / groupDescriptorSize + } + + // internally accessed by journal setup + var blockCount: UInt32 { + ((size - 1) / blockSize) + 1 + } + + private var groupCount: UInt32 { + (blockCount - 1) / blocksPerGroup + 1 + } + + private var groupDescriptorBlocks: UInt32 { + ((groupCount - 1) / groupsPerDescriptorBlock + 1) * 32 + } + + /// Initializes an ext4 filesystem formatter. + /// + /// This constructor creates an instance of the ext4 formatter designed to format a block device + /// with the ext4 filesystem. The formatter takes the path to the destination block device and + /// the desired block size of the filesystem as parameters. + /// + /// - Parameters: + /// - devicePath: The path to the block device where the ext4 filesystem will be created. + /// - blockSize: The filesystem block size in bytes. Must be a power of two in the set + /// {1024, 2048, 4096}. Defaults to 4096. + /// - minDiskSize: The minimum usable capacity for the filesystem. When a journal is + /// configured, the actual image size will be larger than this value by the journal size. + /// - journal: The JBD2 journal size and mode, or nil for an unjournalled filesystem. + /// + /// - Note: This ext4 formatter is designed for creating block devices out of container images and does not support all the + /// features and options available in the full ext4 filesystem implementation. It focuses + /// on the core functionality required for formatting a block device with ext4. + /// + /// - Important: Ensure that the destination block device is accessible and has sufficient permissions + /// for formatting. The formatting process will erase all existing data on the device. + public init(_ devicePath: FilePath, blockSize: UInt32 = 4096, minDiskSize: UInt64 = 256.kib(), journal: JournalConfig? = nil) throws { + /// The constructor performs the following steps: + /// + /// 1. Creates the first 10 inodes: + /// - Inode 2 is reserved for the root directory ('/'). + /// - Inodes 1 and 3-10 are reserved for other special purposes. + /// + /// 2. Marks inode 11 as the first inode available for consumption by files, directories, sockets, + /// FIFOs, etc. + /// + /// 3. Initializes a directory tree with the root directory pointing to inode 2. + /// + /// 4. Moves the file descriptor to the start of the block where file metadata and data can be + /// written, which is located past the filesystem superblocks and group descriptor blocks. + /// + /// 5. Creates a "/lost+found" directory to satisfy the requirements of e2fsck (ext2/3/4 filesystem + /// checker). + + guard blockSize >= 1024 && blockSize <= 4096 && blockSize.nonzeroBitCount == 1 else { + throw Error.invalidBlockSize(blockSize) + } + guard minDiskSize / UInt64(blockSize) <= UInt64(UInt32.max) else { + throw Error.cannotResizeFS(minDiskSize) + } + self.logBlockSize = UInt32(blockSize.trailingZeroBitCount) - 10 + if !FileManager.default.fileExists(atPath: devicePath.description) { + _ = FileManager.default.createFile(atPath: devicePath.description, contents: nil) + } + guard let fileHandle = FileHandle(forWritingTo: devicePath) else { + throw Error.notFound(devicePath) + } + self.handle = fileHandle + self.size = minDiskSize + // make this a 0 byte file + guard ftruncate(self.handle.fileDescriptor, 0) == 0 else { + throw Error.cannotTruncateFile(devicePath) + } + // make it a sparse file + guard lseek(self.handle.fileDescriptor, off_t(self.size - 1), 0) == self.size - 1 else { + throw Error.cannotCreateSparseFile(devicePath) + } + let zero: [UInt8] = [0] + try self.handle.write(contentsOf: zero) + // step #1 + self.inodes = [ + Ptr(Inode()), // defective block inode + Ptr(Inode.Root()), + ] + // reserved inodes + for _ in 2.., entry: Ptr)] = pathNode.children.map { (pathPtr, $0) } + var head: Int = 0 + while head < queue.count { + let currNode = queue[head].entry + for childPtr in currNode.pointee.children { + queue.append((currNode, childPtr)) + } + head += 1 + } + + for (parent, entry) in queue.reversed() { + try _unlink(parentNodePtr: parent, pathNodePtr: entry) + } + + guard !directoryWhiteout else { + return + } + + try _unlink(parentNodePtr: parentPtr, pathNodePtr: pathPtr) + } + + private func _unlink(parentNodePtr: Ptr, pathNodePtr: Ptr) throws { + let pathNode = pathNodePtr.pointee + let pathComponent = pathNode.name + let inodeNumber = Int(pathNode.inode) - 1 + let pathInodePtr = self.inodes[inodeNumber] + var pathInode = pathInodePtr.pointee + + let parentNode = parentNodePtr.pointee + let parentInodePtr = self.inodes[Int(parentNode.inode) - 1] + var parentInode = parentInodePtr.pointee + if pathInode.mode.isDir() { + if parentInode.linksCount > 2 { + parentInode.linksCount -= 1 + } + } + parentInodePtr.pointee = parentInode + parentNode.children.removeAll { childPtr in + childPtr.pointee.name == pathComponent + } + parentNodePtr.pointee = parentNode + + if let hardlink = pathNode.link { + // the file we are deleting is a hardlink, decrement the link count + let linkedInodePtr = self.inodes[Int(hardlink - 1)] + var linkedInode = linkedInodePtr.pointee + if linkedInode.linksCount > 1 { + linkedInode.linksCount -= 1 + linkedInodePtr.pointee = linkedInode + } + } + + guard inodeNumber >= FirstInode else { + // Free the inodes and the blocks related to the inode only if its valid + return + } + if let blocks = pathNode.blocks { + if !(blocks.start == blocks.end) { + self.deletedBlocks.append((start: blocks.start, end: blocks.end)) + } + } + for block in pathNode.additionalBlocks ?? [] { + self.deletedBlocks.append((start: block.start, end: block.end)) + } + let now = Date().fs() + pathInode = Inode() + pathInode.dtime = now.lo + pathInodePtr.pointee = pathInode + } + + // Creates a file, directory, or symlink at the specified path, recursively creating parent directories if they don't already exist. + // + // - Parameters: + // - path: The FilePath representing the path where the file, directory, or symlink should be created. + // - link: An optional FilePath representing the target path for a symlink. If `nil`, a regular file or directory will be created. Preceding '/' should be omitted + // - mode: The permissions to set for the created file, directory, or symlink. + // - buf: A `ReadableStream` object providing the contents for the created file. Ignored when creating directories or symlinks. + // + // - Note: + // - This function recursively creates parent directories if they don't already exist. The `uid` and `gid` of the created parent directories are set to the values of their parent's `uid` and `gid`. + // - It is expected that the user sets the permissions explicitly later + // - This function only supports creating files, directories, and symlinks. Attempting to create other types of file system objects will result in an error. + // - In case of symlinks, the preceding '/' should be omitted + // + // - Example usage: + // ```swift + // let formatter = EXT4.Formatter(devicePath: "ext4.img") + // // create a directory + // try formatter.create(path: FilePath("/dir"), + // mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) + // + // // create a file + // let inputStream = InputStream(data: "data".data(using: .utf8)!) + // inputStream.open() + // try formatter.create(path: FilePath("/dir/file"), + // mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: inputStream) + // inputStream.close() + // + // // create a symlink + // try formatter.create(path: FilePath("/symlink"), link: "/dir/file", + // mode: EXT4.Inode.Mode(.S_IFLNK, 0o700)) + // ``` + public func create( + path: FilePath, + link: FilePath? = nil, // to create symbolic links + mode: UInt16, + ts: FileTimestamps = FileTimestamps(), + buf: (any ReadableStream)? = nil, + uid: UInt32? = nil, + gid: UInt32? = nil, + xattrs: [String: Data]? = nil, + recursion: Bool = false, + fileBuffer: UnsafeMutableBufferPointer? = nil + ) throws { + if let nodePtr = self.tree.lookup(path: path) { + let node = nodePtr.pointee + let inodePtr = self.inodes[Int(node.inode) - 1] + let inode = inodePtr.pointee + // Allowed replace + // ----------------------------- + // + // Original Type File Directory Symlink + // ---------------------------------------------- + // File | ✔ | ✘ | ✔ + // Directory | ✘ | ✔ | ✔ + // Symlink | ✔ | ✘ | ✔ + if mode.isDir() { + if !inode.mode.isDir() { + guard inode.mode.isLink() else { + throw Error.notDirectory(path) + } + } + // mkdir -p + if path.base == node.name { + guard !recursion else { + return + } + // create a new tree node to replace this one + var inode = inode + inode.mode = mode + if let uid { + inode.uid = uid.lo + inode.uidHigh = uid.hi + } + if let gid { + inode.gid = gid.lo + inode.gidHigh = gid.hi + } + inodePtr.pointee = inode + return + } + } else if let _ = node.link { // ok to overwrite links + try self.unlink(path: path) + } else { // file can only be overwritten by another file + if inode.mode.isDir() { + guard mode.isLink() else { // unless it is a link, then it can be replaced by a dir + throw Error.notFile(path) + } + // root cannot be replaced with a link + if path.isRoot { + throw Error.unsupportedFiletype + } + } + try self.unlink(path: path) + } + } + // create all predecessors recursively + let parentPath: FilePath = path.dir + try self.create(path: parentPath, mode: Inode.Mode(.S_IFDIR, 0o755), recursion: true) + guard let parentTreeNodePtr = self.tree.lookup(path: parentPath) else { + throw Error.notFound(parentPath) + } + let parentTreeNode = parentTreeNodePtr.pointee + let parentInodePtr = self.inodes[Int(parentTreeNode.inode) - 1] + var parentInode = parentInodePtr.pointee + guard parentInode.linksCount < EXT4.MaxLinks else { + throw Error.maximumLinksExceeded(parentPath) + } + + let childInodePtr = Ptr(Inode()) + var childInode = Inode() + var startBlock: UInt32 = 0 + var endBlock: UInt32 = 0 + defer { // update metadata + childInodePtr.pointee = childInode + parentInodePtr.pointee = parentInode + self.inodes.append(childInodePtr) + let childTreeNodePtr = Ptr( + FileTree.FileTreeNode( + inode: InodeNumber(self.inodes.count), + name: path.base, + parent: parentTreeNodePtr, + children: [], + blocks: (startBlock, endBlock) + )) + parentTreeNode.children.append(childTreeNodePtr) + parentTreeNodePtr.pointee = parentTreeNode + } + childInode.mode = mode + // uid,gid + if let uid { + childInode.uid = UInt16(uid & 0xffff) + childInode.uidHigh = UInt16((uid >> 16) & 0xffff) + } else { + childInode.uid = parentInode.uid + childInode.uidHigh = parentInode.uidHigh + } + if let gid { + childInode.gid = UInt16(gid & 0xffff) + childInode.gidHigh = UInt16((gid >> 16) & 0xffff) + } else { + childInode.gid = parentInode.gid + childInode.gidHigh = parentInode.gidHigh + } + if let xattrs, !xattrs.isEmpty { + var state = FileXattrsState( + inode: UInt32(self.inodes.count), inodeXattrCapacity: EXT4.InodeExtraSize, blockCapacity: blockSize) + try state.add(ExtendedAttribute(name: "system.data", value: [])) + for (s, d) in xattrs { + let attribute = ExtendedAttribute(name: s, value: [UInt8](d)) + try state.add(attribute) + } + if !state.inlineAttributes.isEmpty { + var buffer: [UInt8] = .init(repeating: 0, count: Int(EXT4.InodeExtraSize)) + try state.writeInlineAttributes(buffer: &buffer) + childInode.inlineXattrs = ( + buffer[0], buffer[1], buffer[2], buffer[3], buffer[4], buffer[5], buffer[6], buffer[7], + buffer[8], + buffer[9], + buffer[10], buffer[11], buffer[12], buffer[13], buffer[14], buffer[15], buffer[16], buffer[17], + buffer[18], + buffer[19], + buffer[20], buffer[21], buffer[22], buffer[23], buffer[24], buffer[25], buffer[26], buffer[27], + buffer[28], + buffer[29], + buffer[30], buffer[31], buffer[32], buffer[33], buffer[34], buffer[35], buffer[36], buffer[37], + buffer[38], + buffer[39], + buffer[40], buffer[41], buffer[42], buffer[43], buffer[44], buffer[45], buffer[46], buffer[47], + buffer[48], + buffer[49], + buffer[50], buffer[51], buffer[52], buffer[53], buffer[54], buffer[55], buffer[56], buffer[57], + buffer[58], + buffer[59], + buffer[60], buffer[61], buffer[62], buffer[63], buffer[64], buffer[65], buffer[66], buffer[67], + buffer[68], + buffer[69], + buffer[70], buffer[71], buffer[72], buffer[73], buffer[74], buffer[75], buffer[76], buffer[77], + buffer[78], + buffer[79], + buffer[80], buffer[81], buffer[82], buffer[83], buffer[84], buffer[85], buffer[86], buffer[87], + buffer[88], + buffer[89], + buffer[90], buffer[91], buffer[92], buffer[93], buffer[94], buffer[95] + ) + } + if !state.blockAttributes.isEmpty { + var buffer: [UInt8] = .init(repeating: 0, count: Int(blockSize)) + try state.writeBlockAttributes(buffer: &buffer) + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + childInode.xattrBlockLow = self.currentBlock + try self.handle.write(contentsOf: buffer) + childInode.blocksLow += 1 + } + } + + childInode.atime = ts.accessLo + childInode.atimeExtra = ts.accessHi + // ctime is the last time the inode was changed which is now + childInode.ctime = ts.nowLo + childInode.ctimeExtra = ts.nowHi + childInode.mtime = ts.modificationLo + childInode.mtimeExtra = ts.modificationHi + childInode.crtime = ts.creationLo + childInode.crtimeExtra = ts.creationHi + childInode.linksCount = 1 + childInode.extraIsize = UInt16(EXT4.ExtraIsize) + // flags + childInode.flags = InodeFlag.hugeFile.rawValue + // size check + var size: UInt64 = 0 + // align with block boundary + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + // dir + if childInode.mode.isDir() { + childInode.linksCount += 1 + parentInode.linksCount += 1 + // to pass e2fsck, the convention is to sort children + // before committing to disk. Therefore, we are deferring + // writing dentries until commit() is called + return + } + // symbolic link + if let link { + startBlock = self.currentBlock + let linkPath = link.bytes + if linkPath.count < 60 { + size += UInt64(linkPath.count) + var blockData: [UInt8] = .init(repeating: 0, count: 60) + for i in 0.. + let bufferSize: Int + let shouldDeallocate: Bool + if let fileBuffer { + tempBuf = fileBuffer.baseAddress! + bufferSize = fileBuffer.count + shouldDeallocate = false + } else { + tempBuf = UnsafeMutablePointer.allocate(capacity: Int(self.blockSize)) + bufferSize = Int(self.blockSize) + shouldDeallocate = true + } + defer { + if shouldDeallocate { + tempBuf.deallocate() + } + } + while case let block = buf.read(tempBuf, maxLength: bufferSize), block > 0 { + size += UInt64(block) + if size > EXT4.MaxFileSize { + throw Error.fileTooBig(size) + } + let data = UnsafeRawBufferPointer(start: tempBuf, count: block) + try withUnsafeLittleEndianBuffer(of: data) { b in + try self.handle.write(contentsOf: b) + } + } + } + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + endBlock = self.currentBlock + childInode.sizeLow = size.lo + childInode.sizeHigh = size.hi + childInode = try self.writeExtents(childInode, (startBlock, endBlock)) + return + } + // FIFO, Socket and other types are not handled + throw Error.unsupportedFiletype + } + + // Completes the formatting of an ext4 filesystem after writing the necessary structures. + // + // This function is responsible for finalizing the formatting process of an ext4 filesystem + // after the following structures have been written: + // - JBD2 journal (inode 8): Written first when a journal config is provided. Includes the + // JBD2 superblock and zeroed journal data blocks. self.size is expanded by the journal + // size so that minDiskSize represents usable capacity rather than total image size. + // - Inode table: Contains information about each file and directory in the filesystem. + // - Block bitmap: Tracks the allocation status of each block in the filesystem. + // - Inode bitmap: Tracks the allocation status of each inode in the filesystem. + // - Directory tree: Represents the hierarchical structure of directories and files. + // - Group descriptors: Stores metadata about each block group in the filesystem. + // - Superblock: Contains essential information about the filesystem's configuration. + // + // The function performs any necessary final steps to ensure the integrity and consistency + // of the ext4 filesystem before it can be mounted and used. + public func close() throws { + var breadthWiseChildTree: [(parent: Ptr?, child: Ptr)] = [ + (nil, self.tree.root) + ] + while !breadthWiseChildTree.isEmpty { + let (parent, child) = breadthWiseChildTree.removeFirst() + try self.commit(parent, child) // commit directories iteratively + if child.pointee.link != nil { + continue + } + breadthWiseChildTree.append(contentsOf: child.pointee.children.map { (child, $0) }) + } + + // Generate UUID once; shared by filesystem superblock and JBD2 superblock. + let filesystemUUID = UUID().uuid + + // Journal init MUST precede optimizeBlockGroupLayout() and commitInodeTable(). + // Reason 1: optimizeBlockGroupLayout reads self.currentBlock — journal blocks + // must already be written to be counted in the layout calculation. + // Reason 2: commitInodeTable writes inode 8 to disk — setupJournalInode must + // have updated self.inodes[7] in memory first. + var journalByteCount: UInt64 = 0 + if let config = journalConfig { + // initializeJournal returns the number of blocks written for the journal. + // journalByteCount is fed into the newSize floor below so that minDiskSize + // represents usable capacity: the journal is additive overhead on top of + // the content area. self.size is left unmodified here so the existing + // lseek + write file-extension path handles the physical resize. + let journalBlocks = try initializeJournal(config: config, filesystemUUID: filesystemUUID) + journalByteCount = UInt64(journalBlocks) * self.blockSize + } + + let blockGroupSize = optimizeBlockGroupLayout(blocks: self.currentBlock, inodes: UInt32(self.inodes.count)) + let inodeTableOffset = try self.commitInodeTable( + blockGroups: blockGroupSize.blockGroups, + inodesPerGroup: blockGroupSize.inodesPerGroup + ) + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + // write bitmaps and group descriptors + + let bitmapOffset = self.currentBlock + let bitmapBlocks: UInt32 = blockGroupSize.blockGroups * 2 // each group has two bitmaps - for inodes, and for blocks + let dataBlocks: UInt32 = bitmapOffset + bitmapBlocks // last data block + var diskBlocks = dataBlocks + var contentRequiredBlocks = (blockGroupSize.blockGroups - 1) * self.blocksPerGroup + 1 + if blockGroupSize.blockGroups == 1 { + contentRequiredBlocks = self.blocksPerGroup // at least 1 block group + } + if diskBlocks < contentRequiredBlocks { // for data + metadata + diskBlocks = contentRequiredBlocks + } + let contentRequiredSize = UInt64(contentRequiredBlocks) * self.blockSize + // minDiskSize is usable capacity; the journal is additive on top. + var newSize = self.size + journalByteCount + if newSize < contentRequiredSize { + newSize = contentRequiredSize + } + // number of blocks needed for group descriptors + let groupDescriptorBlockCount: UInt32 = (blockGroupSize.blockGroups - 1) / self.groupsPerDescriptorBlock + 1 + guard groupDescriptorBlockCount <= self.groupDescriptorBlocks else { + throw Error.insufficientSpaceForGroupDescriptorBlocks + } + + var totalBlocks: UInt32 = 0 + var totalInodes: UInt32 = 0 + let inodeTableSizePerGroup: UInt32 = blockGroupSize.inodesPerGroup * EXT4.InodeSize / self.blockSize + var groupDescriptors: [GroupDescriptor] = [] + + let minGroups = (((self.pos / UInt64(self.blockSize)) - 1) / UInt64(self.blocksPerGroup)) + 1 + if newSize < minGroups * blocksPerGroup * blockSize { + newSize = UInt64(minGroups * blocksPerGroup * blockSize) + } + let totalGroups = (((newSize / UInt64(self.blockSize)) - 1) / UInt64(self.blocksPerGroup)) + 1 + + // If the provided disk size is not aligned to a blockgroup boundary, it needs to + // be expanded to the next blockgroup boundary. + // Example: + // Provided disk size: 2 GB + 100MB: 2148 MB + // BlockSize: 4096 + // Blockgroup size: 32768 blocks: 128MB + // Number of blocks: 549888 + // Number of blockgroups = 549888 / 32768 = 16.78125 + // Aligned disk size = 557056 blocks = 17 blockgroups: 2176 MB + if newSize < totalGroups * blocksPerGroup * blockSize { + newSize = UInt64(totalGroups * blocksPerGroup * blockSize) + } + // Snapshot groupDescriptorBlocks before self.size potentially changes: the bitmap + // loop uses this to identify which GDT slots were physically reserved at init time, + // so it can mark any unused slots as free without accidentally freeing content blocks + // written starting at reservedDescriptorBlocks + 1. + let reservedDescriptorBlocks = self.groupDescriptorBlocks + if self.size < newSize { + guard newSize / UInt64(self.blockSize) <= UInt64(UInt32.max) else { + throw Error.cannotResizeFS(newSize) + } + self.size = newSize + let pos = self.pos + guard lseek(self.handle.fileDescriptor, off_t(self.size - 1), 0) == self.size - 1 else { + throw Error.cannotResizeFS(self.size) + } + let zero: [UInt8] = [0] + try self.handle.write(contentsOf: zero) + try self.handle.seek(toOffset: pos) + } + for group in 0..> (j % 8)) & 1) + bitmap[Int(j / 8)] &= ~(1 << (j % 8)) + } + } + + // inodes bitmap goes into second bitmap block + for i in 0.. self.inodes.count { + continue + } + let inode = self.inodes[Int(ino) - 1] + if ino > 10 && inode.pointee.linksCount == 0 { // deleted files + continue + } + bitmap[Int(self.blockSize) + Int(i / 8)] |= 1 << (i % 8) + inodes += 1 + if inode.pointee.mode.isDir() { + dirs += 1 + } + } + + for i in (blockGroupSize.inodesPerGroup / 8)...init(repeating: 0, count: 1024)) + + let computedInodes = totalGroups * blockGroupSize.inodesPerGroup + var blocksCount = totalGroups * self.blocksPerGroup + while blocksCount < totalBlocks { + blocksCount = UInt64(totalBlocks) + } + let totalFreeBlocks: UInt64 + if totalBlocks > blocksCount { + totalFreeBlocks = 0 + } else { + totalFreeBlocks = blocksCount - totalBlocks + } + var superblock = SuperBlock() + superblock.inodesCount = computedInodes.lo + superblock.blocksCountLow = blocksCount.lo + superblock.blocksCountHigh = blocksCount.hi + superblock.freeBlocksCountLow = totalFreeBlocks.lo + superblock.freeBlocksCountHigh = totalFreeBlocks.hi + let freeInodesCount = computedInodes.lo - totalInodes + superblock.freeInodesCount = freeInodesCount + superblock.firstDataBlock = 0 + superblock.logBlockSize = logBlockSize + superblock.logClusterSize = logBlockSize + superblock.blocksPerGroup = self.blocksPerGroup + superblock.clustersPerGroup = self.blocksPerGroup + superblock.inodesPerGroup = blockGroupSize.inodesPerGroup + superblock.magic = EXT4.SuperBlockMagic + superblock.state = 1 // cleanly unmounted + superblock.errors = 1 // continue on error + superblock.creatorOS = 3 // freeBSD + superblock.revisionLevel = 1 // dynamic inode sizes + superblock.firstInode = EXT4.FirstInode + superblock.lpfInode = EXT4.LostAndFoundInode + superblock.inodeSize = UInt16(EXT4.InodeSize) + superblock.featureIncompat = + IncompatFeature.filetype | IncompatFeature.extents | IncompatFeature.flexBg + superblock.featureRoCompat = + RoCompatFeature.largeFile | RoCompatFeature.hugeFile | RoCompatFeature.extraIsize + superblock.minExtraIsize = EXT4.ExtraIsize + superblock.wantExtraIsize = EXT4.ExtraIsize + superblock.logGroupsPerFlex = 31 + superblock.uuid = filesystemUUID + var compatFeatures: UInt32 = CompatFeature.sparseSuper2 | CompatFeature.extAttr + if let config = journalConfig { + compatFeatures |= CompatFeature.hasJournal.rawValue + superblock.journalInum = EXT4.JournalInode + superblock.journalUUID = filesystemUUID + superblock.journalBlocks = journalInodeBlockBackup() + superblock.journalBackupType = 1 // s_jnl_backup_type: 1 = s_jnl_blocks[] holds a valid inode backup + if let mode = config.defaultMode { + switch mode { + case .writeback: superblock.defaultMountOpts = DefaultMountOpts.journalWriteback + case .ordered: superblock.defaultMountOpts = DefaultMountOpts.journalOrdered + case .journal: superblock.defaultMountOpts = DefaultMountOpts.journalData + } + } + } + superblock.featureCompat = compatFeatures + + // Fields intentionally left at zero: + // s_r_blocks_count_lo: no blocks reserved for root + // s_mtime / s_wtime: never mounted/written; kernel updates on first access + // s_mnt_count / s_max_mnt_count: no forced-fsck-after-N-mounts policy + // s_lastcheck / s_checkinterval: no time-based fsck scheduling + // s_def_resuid / s_def_resgid: reserved blocks owned by uid/gid 0 (root) + // s_block_group_nr: this superblock resides in group 0 + // s_volume_name: no volume label + // s_last_mounted: no recorded prior mount path + // s_algorithm_usage_bitmap: obsolete compression field, not used + // s_prealloc_blocks / s_prealloc_dir_blocks: block preallocation not enabled + // s_reserved_gdt_blocks: online resize not supported + // s_journal_dev: journal is internal (inode 8), not on an external device + // s_last_orphan: fresh filesystem, no pending orphan cleanup + // s_hash_seed / s_def_hash_version: kernel initialises htree hash seed at first mount + // s_first_meta_bg: meta block group feature not enabled + // s_mkfs_time: creation timestamp not recorded + // s_raid_stride / s_mmp_interval / s_mmp_block / s_raid_stripe_width: no RAID or MMP + // s_checksum_type / s_checksum_seed: metadata checksums not enabled (no csum feature bit) + // s_snapshot_*: snapshot feature not enabled + // s_error_count / s_first_error_* / s_last_error_*: fresh filesystem, no recorded errors + // s_usr_quota_inum / s_grp_quota_inum / s_prj_quota_inum: quotas not enabled + // s_overhead_clusters: kernel computes dynamically; zero is always safe + // s_backup_bgs: sparse_super2 active but no secondary backup groups requested + // s_encrypt_algos / s_encrypt_pw_salt: encryption not enabled + // s_checksum: superblock checksum not enabled (no metadata_csum feature bit) + + try withUnsafeLittleEndianBytes(of: superblock) { bytes in + try self.handle.write(contentsOf: bytes) + } + try self.handle.write(contentsOf: Array.init(repeating: 0, count: 2048)) + } + + // MARK: Private and internal methods and properties + private var tree: FileTree + private var deletedBlocks: [(start: UInt32, end: UInt32)] = [] + + // internally accessed by journal setup + var handle: FileHandle + var inodes: [Ptr] + let journalConfig: JournalConfig? + + var pos: UInt64 { + guard let offset = try? self.handle.offset() else { + return 0 + } + return offset + } + + var currentBlock: UInt32 { + self.pos / self.blockSize + } + + func seek(block: UInt32) throws { + try self.handle.seek(toOffset: UInt64(block) * blockSize) + } + + private func commitInodeTable(blockGroups: UInt32, inodesPerGroup: UInt32) throws -> UInt64 { + // inodeTable must go into a new block + if self.pos % blockSize != 0 { + try seek(block: currentBlock + 1) + } + let inodeTableOffset = UInt64(currentBlock) + + let inodeSize = MemoryLayout.size + // Write InodeTable + for inode in self.inodes { + try withUnsafeLittleEndianBytes(of: inode.pointee) { bytes in + try handle.write(contentsOf: bytes) + } + try self.handle.write( + contentsOf: Array.init(repeating: 0, count: Int(EXT4.InodeSize) - inodeSize)) + } + let tableSize: UInt64 = UInt64(EXT4.InodeSize) * blockGroups * inodesPerGroup + let rest = tableSize - UInt64(self.inodes.count) * EXT4.InodeSize + let zeroBlock = Array.init(repeating: 0, count: Int(self.blockSize)) + for _ in 0..<(rest / self.blockSize) { + try self.handle.write(contentsOf: zeroBlock) + } + try self.handle.write(contentsOf: Array.init(repeating: 0, count: Int(rest % self.blockSize))) + return inodeTableOffset + } + + // optimizes the distribution of blockGroups to obtain the lowest number of blockGroups needed to + // represent all the inodes and all the blocks in the FS + private func optimizeBlockGroupLayout(blocks: UInt32, inodes: UInt32) -> ( + blockGroups: UInt32, inodesPerGroup: UInt32 + ) { + // counts the number of blockGroups given a particular inodesPerGroup size + let groupCount: (_ blocks: UInt32, _ inodes: UInt32, _ inodesPerGroup: UInt32) -> UInt32 = { + blocks, inodes, inodesPerGroup in + let inodeBlocksPerGroup: UInt32 = inodesPerGroup * EXT4.InodeSize / self.blockSize + let dataBlocksPerGroup: UInt32 = self.blocksPerGroup - inodeBlocksPerGroup - 2 // save room for the bitmaps + // Increase the block count to ensure there are enough groups for all the inodes. + let minBlocks: UInt32 = (inodes - 1) / inodesPerGroup * dataBlocksPerGroup + 1 + var updatedBlocks = blocks + if blocks < minBlocks { + updatedBlocks = minBlocks + } + return (updatedBlocks + dataBlocksPerGroup - 1) / dataBlocksPerGroup + } + + var groups: UInt32 = UInt32.max + var inodesPerGroup: UInt32 = 0 + let inc = Int(self.blockSize * 512) / Int(EXT4.InodeSize) // inodesPerGroup + // minimizes the number of blockGroups needed to its lowest value + for ipg in stride(from: inc, through: Int(self.maxInodesPerGroup), by: inc) { + let g = groupCount(blocks, inodes, UInt32(ipg)) + if g < groups { + groups = g + inodesPerGroup = UInt32(ipg) + } + } + return (groups, inodesPerGroup) + } + + private func commit(_ parentPtr: Ptr?, _ nodePtr: Ptr) throws { + let node = nodePtr.pointee + let inodePtr = self.inodes[Int(node.inode) - 1] + var inode = inodePtr.pointee + guard inode.linksCount > 0 else { + return + } + if node.link != nil { + return + } + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + if inode.mode.isDir() { + let startBlock = self.currentBlock + var left: Int = Int(self.blockSize) + try writeDirEntry(name: ".", inode: node.inode, left: &left) + if let parent = parentPtr { + try writeDirEntry(name: "..", inode: parent.pointee.inode, left: &left) + } else { + try writeDirEntry(name: "..", inode: node.inode, left: &left) + } + var sortedChildren = Array(node.children) + sortedChildren.sort { left, right in + left.pointee.inode < right.pointee.inode + } + for childPtr in sortedChildren { + let child = childPtr.pointee + try writeDirEntry(name: child.name, inode: child.inode, left: &left, link: child.link) + } + try finishDirEntryBlock(&left) + let endBlock = self.currentBlock + let size: UInt64 = UInt64(endBlock - startBlock) * self.blockSize + inode.sizeLow = size.lo + inode.sizeHigh = size.hi + inodePtr.pointee = inode + node.blocks = (startBlock, endBlock) + nodePtr.pointee = node + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + inode = try self.writeExtents(inode, (startBlock, endBlock)) + inodePtr.pointee = inode + } + } + + private func fillExtents( + node: inout ExtentLeafNode, numExtents: UInt32, numBlocks: UInt32, start: UInt32, offset: UInt32 + ) { + for i in 0.. EXT4.MaxBlocksPerExtent { + length = EXT4.MaxBlocksPerExtent + } + let extentStart: UInt32 = start + extentBlock + let extent = ExtentLeaf( + block: extentBlock, + length: UInt16(length), + startHigh: 0, + startLow: extentStart + ) + node.leaves.append(extent) + } + } + + func writeExtents(_ inode: Inode, _ blocks: (start: UInt32, end: UInt32)) throws -> Inode { + var inode = inode + // rest of code assumes that extents MUST go into a new block + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + let dataBlocks = blocks.end - blocks.start + let numExtents = (dataBlocks + EXT4.MaxBlocksPerExtent - 1) / EXT4.MaxBlocksPerExtent + var usedBlocks = dataBlocks + let extentNodeSize = 12 + let extentsPerBlock = self.blockSize / extentNodeSize - 1 + var blockData: [UInt8] = .init(repeating: 0, count: 60) + var blockIndex: Int = 0 + switch numExtents { + case 0: + return inode // noop + case 1..<5: + let extentHeader = ExtentHeader( + magic: EXT4.ExtentHeaderMagic, + entries: UInt16(numExtents), + max: 4, + depth: 0, + generation: 0) + + var node = ExtentLeafNode(header: extentHeader, leaves: []) + fillExtents(node: &node, numExtents: numExtents, numBlocks: dataBlocks, start: blocks.start, offset: 0) + withUnsafeLittleEndianBytes(of: node.header) { bytes in + for b in bytes { + blockData[blockIndex] = b + blockIndex = blockIndex + 1 + } + } + for leaf in node.leaves { + withUnsafeLittleEndianBytes(of: leaf) { bytes in + for b in bytes { + blockData[blockIndex] = b + blockIndex = blockIndex + 1 + } + } + } + case 5..<4 * UInt32(extentsPerBlock) + 1: + let extentBlocks = (numExtents + extentsPerBlock - 1) / extentsPerBlock + usedBlocks += extentBlocks + let extentHeader = ExtentHeader( + magic: EXT4.ExtentHeaderMagic, + entries: UInt16(extentBlocks), + max: 4, + depth: 1, + generation: 0 + ) + var root = ExtentIndexNode(header: extentHeader, indices: []) + for i in 0.. extentsPerBlock { + extentsInBlock = extentsPerBlock + } + let leafHeader = ExtentHeader( + magic: EXT4.ExtentHeaderMagic, + entries: UInt16(extentsInBlock), + max: UInt16(extentsPerBlock), + depth: 0, + generation: 0 + ) + var leafNode = ExtentLeafNode(header: leafHeader, leaves: []) + let offset = i * extentsPerBlock * EXT4.MaxBlocksPerExtent + fillExtents( + node: &leafNode, numExtents: extentsInBlock, numBlocks: dataBlocks, + start: blocks.start, + offset: offset) + try withUnsafeLittleEndianBytes(of: leafNode.header) { bytes in + try self.handle.write(contentsOf: bytes) + } + for leaf in leafNode.leaves { + try withUnsafeLittleEndianBytes(of: leaf) { bytes in + try self.handle.write(contentsOf: bytes) + } + } + let extentTail = ExtentTail(checksum: leafNode.leaves.last!.block) + try withUnsafeLittleEndianBytes(of: extentTail) { bytes in + try self.handle.write(contentsOf: bytes) + } + root.indices.append(extentIdx) + } + withUnsafeLittleEndianBytes(of: root.header) { bytes in + for b in bytes { + blockData[blockIndex] = b + blockIndex = blockIndex + 1 + } + } + for leaf in root.indices { + withUnsafeLittleEndianBytes(of: leaf) { bytes in + for b in bytes { + blockData[blockIndex] = b + blockIndex = blockIndex + 1 + } + } + } + default: + throw Error.fileTooBig(UInt64(dataBlocks) * self.blockSize) + } + inode.block = ( + blockData[0], blockData[1], blockData[2], blockData[3], blockData[4], blockData[5], blockData[6], + blockData[7], + blockData[8], blockData[9], + blockData[10], blockData[11], blockData[12], blockData[13], blockData[14], blockData[15], blockData[16], + blockData[17], blockData[18], blockData[19], + blockData[20], blockData[21], blockData[22], blockData[23], blockData[24], blockData[25], blockData[26], + blockData[27], blockData[28], blockData[29], + blockData[30], blockData[31], blockData[32], blockData[33], blockData[34], blockData[35], blockData[36], + blockData[37], blockData[38], blockData[39], + blockData[40], blockData[41], blockData[42], blockData[43], blockData[44], blockData[45], blockData[46], + blockData[47], blockData[48], blockData[49], + blockData[50], blockData[51], blockData[52], blockData[53], blockData[54], blockData[55], blockData[56], + blockData[57], blockData[58], blockData[59] + ) + // ensure that inode's block count includes extent blocks + inode.blocksLow += usedBlocks + inode.flags = InodeFlag.extents | inode.flags + return inode + } + + // writes a single directory entry + private func writeDirEntry(name: String, inode: InodeNumber, left: inout Int, link: InodeNumber? = nil) throws { + guard self.inodes[Int(inode) - 1].pointee.linksCount > 0 else { + return + } + guard let nameData = name.data(using: .utf8) else { + throw Error.invalidName(name) + } + let directoryEntrySize = MemoryLayout.size + let rlb = directoryEntrySize + nameData.count + let rl = (rlb + 3) & ~3 + if left < rl + 12 { + try self.finishDirEntryBlock(&left) + } + var mode = self.inodes[Int(inode) - 1].pointee.mode + var inodeNum = inode + if let link { + mode = self.inodes[Int(link) - 1].pointee.mode | 0o777 + inodeNum = link + } + let entry = DirectoryEntry( + inode: inodeNum, + recordLength: UInt16(rl), + nameLength: UInt8(nameData.count), + fileType: mode.fileType() + ) + try withUnsafeLittleEndianBytes(of: entry) { bytes in + try self.handle.write(contentsOf: bytes) + } + + try nameData.withUnsafeBytes { buffer in + try withUnsafeLittleEndianBuffer(of: buffer) { b in + try self.handle.write(contentsOf: b) + } + } + try self.handle.write(contentsOf: [UInt8](repeating: 0, count: rl - rlb)) + left = left - rl + } + + private func finishDirEntryBlock(_ left: inout Int) throws { + defer { left = Int(self.blockSize) } + if left <= 0 { + return + } + let entry = DirectoryEntry( + inode: InodeNumber(0), + recordLength: UInt16(left), + nameLength: 0, + fileType: 0 + ) + try withUnsafeLittleEndianBytes(of: entry) { bytes in + try self.handle.write(contentsOf: bytes) + } + left = left - MemoryLayout.size + if left < 4 { + throw Error.noSpaceForTrailingDEntry + } + try self.handle.write(contentsOf: [UInt8](repeating: 0, count: Int(left))) + } + + public enum Error: Swift.Error, CustomStringConvertible, Sendable, Equatable { + case notDirectory(_ path: FilePath) + case notFile(_ path: FilePath) + case notFound(_ path: FilePath) + case alreadyExists(_ path: FilePath) + case unsupportedFiletype + case maximumLinksExceeded(_ path: FilePath) + case fileTooBig(_ size: UInt64) + case invalidLink(_ path: FilePath) + case invalidName(_ name: String) + case noSpaceForTrailingDEntry + case insufficientSpaceForGroupDescriptorBlocks + case cannotCreateHardlinksToDirTarget(_ path: FilePath) + case cannotTruncateFile(_ path: FilePath) + case cannotCreateSparseFile(_ path: FilePath) + case cannotResizeFS(_ size: UInt64) + case invalidBlockSize(_ size: UInt32) + case journalTooSmall(_ size: UInt64) + public var description: String { + switch self { + case .notDirectory(let path): + return "\(path) is not a directory" + case .notFile(let path): + return "\(path) is not a file" + case .notFound(let path): + return "\(path) not found" + case .alreadyExists(let path): + return "\(path) already exists" + case .unsupportedFiletype: + return "file type not supported" + case .maximumLinksExceeded(let path): + return "maximum links exceeded for path: \(path)" + case .fileTooBig(let size): + return "\(size) exceeds max file size (128 GiB)" + case .invalidLink(let path): + return "'\(path)' is an invalid link" + case .invalidName(let name): + return "'\(name)' is an invalid name" + case .noSpaceForTrailingDEntry: + return "not enough space for trailing dentry" + case .insufficientSpaceForGroupDescriptorBlocks: + return "not enough space for group descriptor blocks" + case .cannotCreateHardlinksToDirTarget(let path): + return "cannot create hard links to directory target: \(path)" + case .cannotTruncateFile(let path): + return "cannot truncate file: \(path)" + case .cannotCreateSparseFile(let path): + return "cannot create sparse file at \(path)" + case .cannotResizeFS(let size): + return "cannot set filesystem size to \(size) bytes" + case .invalidBlockSize(let size): + return "invalid block size \(size): must be 1024, 2048, or 4096" + case .journalTooSmall(let size): + return "requested journal size \(size) bytes is too small; minimum is \(EXT4.MinJournalBlocks) blocks (JBD2_MIN_JOURNAL_BLOCKS)" + } + } + } + + deinit { + self.inodes.removeAll() + } + } +} + +extension Date { + func fs() -> UInt64 { + if self == Date.distantPast { + return 0 + } + + let s = self.timeIntervalSince1970 + + if s < -0x8000_0000 { + return 0x8000_0000 + } + + if s > 0x3_7fff_ffff { + return 0x3_7fff_ffff + } + + // 32 bits - base: seconds since January 1, 1970, signed (negative for pre-1970 dates) + // 2 bits - epoch: overflow counter (0-3), how many times the 32-bit seconds field has wrapped + // 30 bits - nanoseconds (0-999,999,999) + let sInt64 = Int64(floor(s)) + let base = Int32(truncatingIfNeeded: sInt64) + let epoch = UInt64(sInt64 - Int64(base)) + let nanoseconds = min(UInt32((s - floor(s)) * 1_000_000_000), 999_999_999) + return UInt64(UInt32(bitPattern: base)) | epoch | (UInt64(nanoseconds) << 34) + } +} diff --git a/Sources/ContainerizationEXT4/EXT4+Journal.swift b/Sources/ContainerizationEXT4/EXT4+Journal.swift new file mode 100644 index 0000000..5e3511f --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Journal.swift @@ -0,0 +1,197 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOS +import Foundation + +// JBD2 on-disk format reference: +// https://www.kernel.org/doc/html/latest/filesystems/ext4/journal.html + +extension EXT4.Formatter { + /// Entry point called from close() when journaling is enabled. + func initializeJournal( + config: EXT4.JournalConfig, + filesystemUUID: ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) + ) throws -> UInt32 { + let journalBlocks = try calculateJournalSize(requestedSize: config.size, usableBlocks: blockCount) + // Align to block boundary before recording start. + if self.pos % self.blockSize != 0 { + try self.seek(block: self.currentBlock + 1) + } + let journalStartBlock = self.currentBlock + try writeJournalSuperblock(journalBlocks: journalBlocks, filesystemUUID: filesystemUUID) + try zeroJournalBlocks(count: journalBlocks - 1) + try setupJournalInode(startBlock: journalStartBlock, blockCount: journalBlocks) + return journalBlocks + } + + // MARK: - Private helpers + + private func calculateJournalSize(requestedSize: UInt64?, usableBlocks: UInt32) throws -> UInt32 { + if let size = requestedSize { + let blocks = size / UInt64(self.blockSize) + // JBD2_MIN_JOURNAL_BLOCKS: the kernel refuses to mount with fewer. + // blocks == 0 would also cause a UInt32 underflow in the caller. + guard blocks >= EXT4.MinJournalBlocks else { + throw EXT4.Formatter.Error.journalTooSmall(size) + } + // Safe: any journal large enough to overflow UInt32 (>16 TiB at 4 KiB block size) + // would fail at the I/O layer before this conversion is reached. + return UInt32(blocks) + } + // Default sizing: scale with the usable content area, with a floor determined by + // JBD2_MIN_JOURNAL_BLOCKS and a ceiling that follows e2fsprogs convention: 128 MiB for + // filesystems up to 128 GiB, and 1 GiB for larger filesystems. The larger ceiling was + // introduced in e2fsprogs 1.43.2: + // https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.2 + let usableBytes = UInt64(usableBlocks) * UInt64(self.blockSize) + let scaledBytes = usableBytes / 64 // 1/64th of the usable area, matching e2fsprogs defaults + let minBytes: UInt64 = UInt64(EXT4.MinJournalBlocks) * UInt64(self.blockSize) + let maxBytes: UInt64 = usableBytes > 128.gib() ? 1.gib() : 128.mib() + let clampedBytes = min(max(scaledBytes, minBytes), maxBytes) + // Safe: clampedBytes ≤ 1 GiB and blockSize ≥ 1, so the quotient fits in UInt32. + return UInt32(clampedBytes / UInt64(self.blockSize)) + } + + private func writeJournalSuperblock( + journalBlocks: UInt32, + filesystemUUID: ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) + ) throws { + // Safe: blockSize is UInt32; widening to Int (64-bit on all supported platforms) never truncates. + var buf = [UInt8](repeating: 0, count: Int(self.blockSize)) + + // JBD2 is a big-endian format regardless of host byte order (§3.6.1). + func writeU32BigEndian(_ value: UInt32, at offset: Int) { + buf[offset] = UInt8((value >> 24) & 0xFF) + buf[offset + 1] = UInt8((value >> 16) & 0xFF) + buf[offset + 2] = UInt8((value >> 8) & 0xFF) + buf[offset + 3] = UInt8(value & 0xFF) + } + + // JBD2 block header (§3.6.3): https://www.kernel.org/doc/html/latest/filesystems/ext4/journal.html#block-header + writeU32BigEndian(EXT4.JournalMagic, at: 0x00) // h_magic + writeU32BigEndian(4, at: 0x04) // h_blocktype = superblock v2 + writeU32BigEndian(1, at: 0x08) // h_sequence + + // JBD2 superblock body (§3.6.4): https://www.kernel.org/doc/html/latest/filesystems/ext4/journal.html#super-block + writeU32BigEndian(self.blockSize, at: 0x0C) // s_blocksize + writeU32BigEndian(journalBlocks, at: 0x10) // s_maxlen + writeU32BigEndian(1, at: 0x14) // s_first (first usable block) + writeU32BigEndian(1, at: 0x18) // s_sequence + // 0x1C s_start: left zero — kernel treats zero as "journal empty, begin at s_first" + // 0x20 s_errno: left zero — no prior abort error + // 0x24 s_feature_compat: left zero — no optional features (e.g. data-block checksums) + // 0x28 s_feature_incompat: left zero — non-zero unrecognised flags would cause mount refusal + // 0x2C s_feature_ro_compat: left zero — no flags defined by the spec + + // s_uuid at 0x30 (16 bytes) + let uuidBytes = [ + filesystemUUID.0, filesystemUUID.1, filesystemUUID.2, filesystemUUID.3, + filesystemUUID.4, filesystemUUID.5, filesystemUUID.6, filesystemUUID.7, + filesystemUUID.8, filesystemUUID.9, filesystemUUID.10, filesystemUUID.11, + filesystemUUID.12, filesystemUUID.13, filesystemUUID.14, filesystemUUID.15, + ] + buf[0x30..<0x40] = uuidBytes[...] + + writeU32BigEndian(1, at: 0x40) // s_nr_users + + let maxTrans = min(journalBlocks / 4, 32768) + writeU32BigEndian(maxTrans, at: 0x48) // s_max_transaction + writeU32BigEndian(maxTrans, at: 0x4C) // s_max_trans_data + + // s_users[0] at 0x100 (first entry of 768-byte users array) + buf[0x100..<0x110] = uuidBytes[...] + + try self.handle.write(contentsOf: buf) + } + + private func zeroJournalBlocks(count: UInt32) throws { + guard count > 0 else { return } + let chunkSize = 1.mib() + // Safe: both operands are UInt32, so their product peaks at ~17 TiB, which fits + // in Int64 (the width of Int on all 64-bit Apple platforms). + let totalBytes = Int(count) * Int(self.blockSize) + let zeroBuf = [UInt8](repeating: 0, count: min(Int(chunkSize), totalBytes)) + var remaining = totalBytes + while remaining > 0 { + let toWrite = min(zeroBuf.count, remaining) + try self.handle.write(contentsOf: zeroBuf[0.. ( + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32 + ) { + let ji = self.inodes[Int(EXT4.JournalInode) - 1].pointee + // s_jnl_blocks layout (§4.1.2): first 15 words = i_block[] extent-tree data, + // 16th word (index 15) = i_size_high, 17th word (index 16) = i_size. + var words = [UInt32](repeating: 0, count: 17) + withUnsafeBytes(of: ji.block) { bytes in + for i in 0..<15 { + words[i] = bytes.load(fromByteOffset: i * 4, as: UInt32.self) + } + } + words[15] = ji.sizeHigh // i_size_high (16th element per spec) + words[16] = ji.sizeLow // i_size (17th element per spec) + return ( + words[0], words[1], words[2], words[3], + words[4], words[5], words[6], words[7], + words[8], words[9], words[10], words[11], + words[12], words[13], words[14], words[15], + words[16] + ) + } +} diff --git a/Sources/ContainerizationEXT4/EXT4+Ptr.swift b/Sources/ContainerizationEXT4/EXT4+Ptr.swift new file mode 100644 index 0000000..bcac4e1 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Ptr.swift @@ -0,0 +1,36 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension EXT4 { + class Ptr { + let underlying: UnsafeMutablePointer + + var pointee: T { + get { underlying.pointee } + set { underlying.pointee = newValue } + } + + init(_ value: T) { + self.underlying = .allocate(capacity: 1) + self.underlying.initialize(to: value) + } + + deinit { + underlying.deinitialize(count: 1) + underlying.deallocate() + } + } +} diff --git a/Sources/ContainerizationEXT4/EXT4+Reader.swift b/Sources/ContainerizationEXT4/EXT4+Reader.swift new file mode 100644 index 0000000..640b16f --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Reader.swift @@ -0,0 +1,277 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage + +extension EXT4 { + /// The `EXT4Reader` opens a block device, parses the superblock, and loads group descriptors & inodes. + public class EXT4Reader { + public var superBlock: EXT4.SuperBlock { + self._superBlock + } + + let handle: FileHandle + let _superBlock: EXT4.SuperBlock + + private var groupDescriptors: [UInt32: EXT4.GroupDescriptor] = [:] + private var inodes: [InodeNumber: EXT4.Inode] = [:] + + var hardlinks: [FilePath: InodeNumber] = [:] + var tree: EXT4.FileTree = EXT4.FileTree(EXT4.RootInode, ".") + var blockSize: UInt64 { UInt64(_superBlock.blockSize) } + + private var groupDescriptorSize: UInt16 { + if _superBlock.featureIncompat & EXT4.IncompatFeature.bit64.rawValue != 0 { + return _superBlock.descSize + } + return UInt16(MemoryLayout.size) + } + + public init(blockDevice: FilePath) throws { + guard FileManager.default.fileExists(atPath: blockDevice.description) else { + throw EXT4.Error.notFound(blockDevice.description) + } + + guard let fileHandle = FileHandle(forReadingAtPath: blockDevice) else { + throw Error.notFound(blockDevice.description) + } + self.handle = fileHandle + try handle.seek(toOffset: EXT4.SuperBlockOffset) + + let superBlockSize = MemoryLayout.size + guard let data = try? self.handle.read(upToCount: superBlockSize) else { + throw EXT4.Error.couldNotReadSuperBlock(blockDevice.description, EXT4.SuperBlockOffset, superBlockSize) + } + let sb = data.withUnsafeBytes { ptr in + ptr.loadLittleEndian(as: EXT4.SuperBlock.self) + } + guard sb.magic == EXT4.SuperBlockMagic else { + throw EXT4.Error.invalidSuperBlock + } + self._superBlock = sb + var items: [(item: Ptr, inode: InodeNumber)] = [ + (self.tree.root, EXT4.RootInode) + ] + while items.count > 0 { + guard let item = items.popLast() else { + break + } + let (itemPtr, inodeNum) = item + let childItems = try self.children(of: inodeNum) + let root = itemPtr.pointee + for (itemName, itemInodeNum) in childItems { + if itemName == "." || itemName == ".." { + continue + } + + if self.inodes[itemInodeNum] != nil { + // we have seen this inode before, we will hard link this file to it + guard let parentPath = itemPtr.pointee.path else { + continue + } + let path = parentPath.join(itemName) + self.hardlinks[path] = itemInodeNum + continue + } + + let blocks = try self.getExtents(inode: itemInodeNum) + let itemTreeNode = FileTree.FileTreeNode( + inode: itemInodeNum, + name: itemName, + parent: itemPtr, + children: [] + ) + if let blocks { + if blocks.count > 1 { + itemTreeNode.additionalBlocks = Array(blocks.dropFirst()) + } + itemTreeNode.blocks = blocks.first + } + let itemTreeNodePtr = Ptr(itemTreeNode) + root.children.append(itemTreeNodePtr) + itemPtr.pointee = root + let itemInode = try self.getInode(number: itemInodeNum) + if itemInode.mode.isDir() { + items.append((itemTreeNodePtr, itemInodeNum)) + } + } + } + } + + deinit { + try? self.handle.close() + } + + private func readGroupDescriptor(_ number: UInt32) throws -> GroupDescriptor { + let bs = self.blockSize + let offset = bs + UInt64(number) * UInt64(self.groupDescriptorSize) + try self.handle.seek(toOffset: offset) + guard let data = try? self.handle.read(upToCount: MemoryLayout.size) else { + throw EXT4.Error.couldNotReadGroup(number) + } + let gd = data.withUnsafeBytes { ptr in + ptr.loadLittleEndian(as: EXT4.GroupDescriptor.self) + } + return gd + } + + private func readInode(_ number: UInt32) throws -> Inode { + let inodeGroupNumber = ((number - 1) / self._superBlock.inodesPerGroup) + let numberInGroup = UInt64((number - 1) % self._superBlock.inodesPerGroup) + + let gd = try getGroupDescriptor(inodeGroupNumber) + let inodeTableStart = UInt64(gd.inodeTableLow) * self.blockSize + + let inodeOffset: UInt64 = inodeTableStart + numberInGroup * UInt64(_superBlock.inodeSize) + try self.handle.seek(toOffset: inodeOffset) + guard let inodeData = try self.handle.read(upToCount: MemoryLayout.size) else { + throw EXT4.Error.couldNotReadInode(number) + } + let inode = inodeData.withUnsafeBytes { ptr in + ptr.loadLittleEndian(as: EXT4.Inode.self) + } + return inode + } + + private func getDirTree(_ number: InodeNumber) throws -> [(String, InodeNumber)] { + var children: [(String, InodeNumber)] = [] + let extents = try getExtents(inode: number) ?? [] + for (start, end) in extents { + try self.seek(block: start) + for i in 0..<(end - start) { + guard let dirEntryBlock = try self.handle.read(upToCount: Int(self.blockSize)) else { + throw EXT4.Error.couldNotReadBlock(start + i) + } + let childEntries = try getDirEntries(dirTree: dirEntryBlock) + children.append(contentsOf: childEntries) + } + } + return children.sorted { a, b in + a.0 < b.0 + } + } + + private func getDirEntries(dirTree: Data) throws -> [(String, InodeNumber)] { + var children: [(String, InodeNumber)] = [] + var offset = 0 + let entrySize = MemoryLayout.size + while offset < dirTree.count { + let dirEntry = dirTree.subdata(in: offset..= entrySize else { + break + } + if dirEntry.inode == 0 { + offset += Int(dirEntry.recordLength) + continue + } + let nameData = dirTree.subdata(in: offset + 8.. [(start: UInt32, end: UInt32)]? { + let inode = try self.getInode(number: inode) + let inodeBlock = Data(tupleToArray(inode.block)) + var offset = 0 + var extents: [(start: UInt32, end: UInt32)] = [] + + let extentHeaderSize = MemoryLayout.size + let extentIndexSize = MemoryLayout.size + let extentLeafSize = MemoryLayout.size + // read extent header + let header = inodeBlock.subdata(in: offset.. Inode { + if let inode = self.inodes[number] { + return inode + } + + let inode = try readInode(number) + self.inodes[number] = inode + return inode + } + + func getGroupDescriptor(_ number: UInt32) throws -> GroupDescriptor { + if let gd = self.groupDescriptors[number] { + return gd + } + let gd = try readGroupDescriptor(number) + self.groupDescriptors[number] = gd + return gd + } + + func children(of number: EXT4.InodeNumber) throws -> [(String, InodeNumber)] { + try getDirTree(number) + } + } +} diff --git a/Sources/ContainerizationEXT4/EXT4+Types.swift b/Sources/ContainerizationEXT4/EXT4+Types.swift new file mode 100644 index 0000000..12eb7b6 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Types.swift @@ -0,0 +1,633 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint:disable large_tuple + +import Foundation + +extension EXT4 { + public struct SuperBlock { + public var inodesCount: UInt32 = 0 + public var blocksCountLow: UInt32 = 0 + public var reservedBlocksCountLow: UInt32 = 0 + public var freeBlocksCountLow: UInt32 = 0 + public var freeInodesCount: UInt32 = 0 + public var firstDataBlock: UInt32 = 0 + public var logBlockSize: UInt32 = 0 + public var logClusterSize: UInt32 = 0 + public var blockSize: UInt32 { 1024 << logBlockSize } + public var blocksPerGroup: UInt32 = 0 + public var clustersPerGroup: UInt32 = 0 + public var inodesPerGroup: UInt32 = 0 + public var mtime: UInt32 = 0 + public var wtime: UInt32 = 0 + public var mountCount: UInt16 = 0 + public var maxMountCount: UInt16 = 0 + public var magic: UInt16 = 0 + public var state: UInt16 = 0 + public var errors: UInt16 = 0 + public var minorRevisionLevel: UInt16 = 0 + public var lastCheck: UInt32 = 0 + public var checkInterval: UInt32 = 0 + public var creatorOS: UInt32 = 0 + public var revisionLevel: UInt32 = 0 + public var defaultReservedUid: UInt16 = 0 + public var defaultReservedGid: UInt16 = 0 + public var firstInode: UInt32 = 0 + public var inodeSize: UInt16 = 0 + public var blockGroupNr: UInt16 = 0 + public var featureCompat: UInt32 = 0 + public var featureIncompat: UInt32 = 0 + public var featureRoCompat: UInt32 = 0 + public var uuid: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var volumeName: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var lastMounted: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var algorithmUsageBitmap: UInt32 = 0 + public var preallocBlocks: UInt8 = 0 + public var preallocDirBlocks: UInt8 = 0 + public var reservedGdtBlocks: UInt16 = 0 + public var journalUUID: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var journalInum: UInt32 = 0 + public var journalDev: UInt32 = 0 + public var lastOrphan: UInt32 = 0 + public var hashSeed: (UInt32, UInt32, UInt32, UInt32) = (0, 0, 0, 0) + public var defHashVersion: UInt8 = 0 + public var journalBackupType: UInt8 = 0 + public var descSize: UInt16 = UInt16(MemoryLayout.size) + public var defaultMountOpts: UInt32 = 0 + public var firstMetaBg: UInt32 = 0 + public var mkfsTime: UInt32 = 0 + public var journalBlocks: + ( + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0 + ) + public var blocksCountHigh: UInt32 = 0 + public var reservedBlocksCountHigh: UInt32 = 0 + public var freeBlocksCountHigh: UInt32 = 0 + public var minExtraIsize: UInt16 = 0 + public var wantExtraIsize: UInt16 = 0 + public var flags: UInt32 = 0 + public var raidStride: UInt16 = 0 + public var mmpInterval: UInt16 = 0 + public var mmpBlock: UInt64 = 0 + public var raidStripeWidth: UInt32 = 0 + public var logGroupsPerFlex: UInt8 = 0 + public var checksumType: UInt8 = 0 + public var reservedPad: UInt16 = 0 + public var kbytesWritten: UInt64 = 0 + public var snapshotInum: UInt32 = 0 + public var snapshotID: UInt32 = 0 + public var snapshotRBlocksCount: UInt64 = 0 + public var snapshotList: UInt32 = 0 + public var errorCount: UInt32 = 0 + public var firstErrorTime: UInt32 = 0 + public var firstErrorInode: UInt32 = 0 + public var firstErrorBlock: UInt64 = 0 + public var firstErrorFunc: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var firstErrorLine: UInt32 = 0 + public var lastErrorTime: UInt32 = 0 + public var lastErrorInode: UInt32 = 0 + public var lastErrorLine: UInt32 = 0 + public var lastErrorBlock: UInt64 = 0 + public var lastErrorFunc: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var mountOpts: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var userQuotaInum: UInt32 = 0 + public var groupQuotaInum: UInt32 = 0 + public var overheadBlocks: UInt32 = 0 + public var backupBgs: (UInt32, UInt32) = (0, 0) + public var encryptAlgos: (UInt8, UInt8, UInt8, UInt8) = (0, 0, 0, 0) + public var encryptPwSalt: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var lpfInode: UInt32 = 0 + public var projectQuotaInum: UInt32 = 0 + public var checksumSeed: UInt32 = 0 + public var wtimeHigh: UInt8 = 0 + public var mtimeHigh: UInt8 = 0 + public var mkfsTimeHigh: UInt8 = 0 + public var lastcheckHigh: UInt8 = 0 + public var firstErrorTimeHigh: UInt8 = 0 + public var lastErrorTimeHigh: UInt8 = 0 + public var pad: (UInt8, UInt8) = (0, 0) + public var reserved: + ( + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, + UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32, UInt32 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var checksum: UInt32 = 0 + } + + static let JournalMagic: UInt32 = 0xC03B_3998 + static let JournalInode: InodeNumber = 8 + static let MinJournalBlocks: UInt32 = 1024 // JBD2_MIN_JOURNAL_BLOCKS + + struct DefaultMountOpts { + static let journalData: UInt32 = 0x0020 // data=journal + static let journalOrdered: UInt32 = 0x0040 // data=ordered + static let journalWriteback: UInt32 = 0x0060 // data=writeback + } + + struct CompatFeature { + let rawValue: UInt32 + + static let dirPrealloc = CompatFeature(rawValue: 0x1) + static let imagicInodes = CompatFeature(rawValue: 0x2) + static let hasJournal = CompatFeature(rawValue: 0x4) + static let extAttr = CompatFeature(rawValue: 0x8) + static let resizeInode = CompatFeature(rawValue: 0x10) + static let dirIndex = CompatFeature(rawValue: 0x20) + static let lazyBg = CompatFeature(rawValue: 0x40) + static let excludeInode = CompatFeature(rawValue: 0x80) + static let excludeBitmap = CompatFeature(rawValue: 0x100) + static let sparseSuper2 = CompatFeature(rawValue: 0x200) + } + + struct IncompatFeature { + let rawValue: UInt32 + + static let compression = IncompatFeature(rawValue: 0x1) + static let filetype = IncompatFeature(rawValue: 0x2) + static let recover = IncompatFeature(rawValue: 0x4) + static let journalDev = IncompatFeature(rawValue: 0x8) + static let metaBg = IncompatFeature(rawValue: 0x10) + static let extents = IncompatFeature(rawValue: 0x40) + static let bit64 = IncompatFeature(rawValue: 0x80) + static let mmp = IncompatFeature(rawValue: 0x100) + static let flexBg = IncompatFeature(rawValue: 0x200) + static let eaInode = IncompatFeature(rawValue: 0x400) + static let dirdata = IncompatFeature(rawValue: 0x1000) + static let csumSeed = IncompatFeature(rawValue: 0x2000) + static let largedir = IncompatFeature(rawValue: 0x4000) + static let inlineData = IncompatFeature(rawValue: 0x8000) + static let encrypt = IncompatFeature(rawValue: 0x10000) + } + + struct RoCompatFeature { + let rawValue: UInt32 + + static let sparseSuper = RoCompatFeature(rawValue: 0x1) + static let largeFile = RoCompatFeature(rawValue: 0x2) + static let btreeDir = RoCompatFeature(rawValue: 0x4) + static let hugeFile = RoCompatFeature(rawValue: 0x8) + static let gdtCsum = RoCompatFeature(rawValue: 0x10) + static let dirNlink = RoCompatFeature(rawValue: 0x20) + static let extraIsize = RoCompatFeature(rawValue: 0x40) + static let hasSnapshot = RoCompatFeature(rawValue: 0x80) + static let quota = RoCompatFeature(rawValue: 0x100) + static let bigalloc = RoCompatFeature(rawValue: 0x200) + static let metadataCsum = RoCompatFeature(rawValue: 0x400) + static let replica = RoCompatFeature(rawValue: 0x800) + static let readonly = RoCompatFeature(rawValue: 0x1000) + static let project = RoCompatFeature(rawValue: 0x2000) + } + + struct BlockGroupFlag { + let rawValue: UInt16 + + static let inodeUninit = BlockGroupFlag(rawValue: 0x1) + static let blockUninit = BlockGroupFlag(rawValue: 0x2) + static let inodeZeroed = BlockGroupFlag(rawValue: 0x4) + } + + struct GroupDescriptor { + let blockBitmapLow: UInt32 + let inodeBitmapLow: UInt32 + let inodeTableLow: UInt32 + let freeBlocksCountLow: UInt16 + let freeInodesCountLow: UInt16 + let usedDirsCountLow: UInt16 + let flags: UInt16 + let excludeBitmapLow: UInt32 + let blockBitmapCsumLow: UInt16 + let inodeBitmapCsumLow: UInt16 + let itableUnusedLow: UInt16 + let checksum: UInt16 + } + + struct GroupDescriptor64 { + let groupDescriptor: GroupDescriptor + let blockBitmapHigh: UInt32 + let inodeBitmapHigh: UInt32 + let inodeTableHigh: UInt32 + let freeBlocksCountHigh: UInt16 + let freeInodesCountHigh: UInt16 + let usedDirsCountHigh: UInt16 + let itableUnusedHigh: UInt16 + let excludeBitmapHigh: UInt32 + let blockBitmapCsumHigh: UInt16 + let inodeBitmapCsumHigh: UInt16 + let reserved: UInt32 + } + + public struct FileModeFlag: Sendable { + let rawValue: UInt16 + + public static let S_IXOTH = FileModeFlag(rawValue: 0x1) + public static let S_IWOTH = FileModeFlag(rawValue: 0x2) + public static let S_IROTH = FileModeFlag(rawValue: 0x4) + public static let S_IXGRP = FileModeFlag(rawValue: 0x8) + public static let S_IWGRP = FileModeFlag(rawValue: 0x10) + public static let S_IRGRP = FileModeFlag(rawValue: 0x20) + public static let S_IXUSR = FileModeFlag(rawValue: 0x40) + public static let S_IWUSR = FileModeFlag(rawValue: 0x80) + public static let S_IRUSR = FileModeFlag(rawValue: 0x100) + public static let S_ISVTX = FileModeFlag(rawValue: 0x200) + public static let S_ISGID = FileModeFlag(rawValue: 0x400) + public static let S_ISUID = FileModeFlag(rawValue: 0x800) + public static let S_IFIFO = FileModeFlag(rawValue: 0x1000) + public static let S_IFCHR = FileModeFlag(rawValue: 0x2000) + public static let S_IFDIR = FileModeFlag(rawValue: 0x4000) + public static let S_IFBLK = FileModeFlag(rawValue: 0x6000) + public static let S_IFREG = FileModeFlag(rawValue: 0x8000) + public static let S_IFLNK = FileModeFlag(rawValue: 0xA000) + public static let S_IFSOCK = FileModeFlag(rawValue: 0xC000) + + public static let TypeMask = FileModeFlag(rawValue: 0xF000) + } + + public typealias InodeNumber = UInt32 + + public struct Inode { + public var mode: UInt16 = 0 + public var uid: UInt16 = 0 + public var sizeLow: UInt32 = 0 + public var atime: UInt32 = 0 + public var ctime: UInt32 = 0 + public var mtime: UInt32 = 0 + public var dtime: UInt32 = 0 + public var gid: UInt16 = 0 + public var linksCount: UInt16 = 0 + public var blocksLow: UInt32 = 0 + public var flags: UInt32 = 0 + public var version: UInt32 = 0 + public var block: + ( + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + ) + public var generation: UInt32 = 0 + public var xattrBlockLow: UInt32 = 0 + public var sizeHigh: UInt32 = 0 + public var obsoleteFragmentAddr: UInt32 = 0 + public var blocksHigh: UInt16 = 0 + public var xattrBlockHigh: UInt16 = 0 + public var uidHigh: UInt16 = 0 + public var gidHigh: UInt16 = 0 + public var checksumLow: UInt16 = 0 + public var reserved: UInt16 = 0 + public var extraIsize: UInt16 = 0 + public var checksumHigh: UInt16 = 0 + public var ctimeExtra: UInt32 = 0 + public var mtimeExtra: UInt32 = 0 + public var atimeExtra: UInt32 = 0 + public var crtime: UInt32 = 0 + public var crtimeExtra: UInt32 = 0 + public var versionHigh: UInt32 = 0 + public var projid: UInt32 = 0 // Size until this point is 160 bytes + public var inlineXattrs: + ( // 96 bytes for extended attributes + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, + UInt8, UInt8, UInt8, UInt8, UInt8, UInt8 + ) = ( + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0 + ) + + public static func Mode(_ mode: FileModeFlag, _ perm: UInt16) -> UInt16 { + mode.rawValue | perm + } + } + + struct InodeFlag { + let rawValue: UInt32 + + static let secRm = InodeFlag(rawValue: 0x1) + static let unRm = InodeFlag(rawValue: 0x2) + static let compressed = InodeFlag(rawValue: 0x4) + static let sync = InodeFlag(rawValue: 0x8) + static let immutable = InodeFlag(rawValue: 0x10) + static let append = InodeFlag(rawValue: 0x20) + static let noDump = InodeFlag(rawValue: 0x40) + static let noAtime = InodeFlag(rawValue: 0x80) + static let dirtyCompressed = InodeFlag(rawValue: 0x100) + static let compressedClusters = InodeFlag(rawValue: 0x200) + static let noCompress = InodeFlag(rawValue: 0x400) + static let encrypted = InodeFlag(rawValue: 0x800) + static let hashedIndex = InodeFlag(rawValue: 0x1000) + static let magic = InodeFlag(rawValue: 0x2000) + static let journalData = InodeFlag(rawValue: 0x4000) + static let noTail = InodeFlag(rawValue: 0x8000) + static let dirSync = InodeFlag(rawValue: 0x10000) + static let topDir = InodeFlag(rawValue: 0x20000) + static let hugeFile = InodeFlag(rawValue: 0x40000) + static let extents = InodeFlag(rawValue: 0x80000) + static let eaInode = InodeFlag(rawValue: 0x200000) + static let eofBlocks = InodeFlag(rawValue: 0x400000) + static let snapfile = InodeFlag(rawValue: 0x0100_0000) + static let snapfileDeleted = InodeFlag(rawValue: 0x0400_0000) + static let snapfileShrunk = InodeFlag(rawValue: 0x0800_0000) + static let inlineData = InodeFlag(rawValue: 0x1000_0000) + static let projectIDInherit = InodeFlag(rawValue: 0x2000_0000) + static let reserved = InodeFlag(rawValue: 0x8000_0000) + } + + struct ExtentHeader { + let magic: UInt16 + let entries: UInt16 + let max: UInt16 + let depth: UInt16 + let generation: UInt32 + } + + struct ExtentIndex { + let block: UInt32 + let leafLow: UInt32 + let leafHigh: UInt16 + let unused: UInt16 + } + + struct ExtentLeaf { + let block: UInt32 + let length: UInt16 + let startHigh: UInt16 + let startLow: UInt32 + } + + struct ExtentTail { + let checksum: UInt32 + } + + struct ExtentIndexNode { + var header: ExtentHeader + var indices: [ExtentIndex] + } + + struct ExtentLeafNode { + var header: ExtentHeader + var leaves: [ExtentLeaf] + } + + struct DirectoryEntry { + let inode: InodeNumber + let recordLength: UInt16 + let nameLength: UInt8 + let fileType: UInt8 + // let name: [UInt8] + } + + enum FileType: UInt8 { + case unknown = 0x0 + case regular = 0x1 + case directory = 0x2 + case character = 0x3 + case block = 0x4 + case fifo = 0x5 + case socket = 0x6 + case symbolicLink = 0x7 + } + + struct DirectoryEntryTail { + let reservedZero1: UInt32 + let recordLength: UInt16 + let reservedZero2: UInt8 + let fileType: UInt8 + let checksum: UInt32 + } + + struct DirectoryTreeRoot { + let dot: DirectoryEntry + let dotName: [UInt8] + let dotDot: DirectoryEntry + let dotDotName: [UInt8] + let reservedZero: UInt32 + let hashVersion: UInt8 + let infoLength: UInt8 + let indirectLevels: UInt8 + let unusedFlags: UInt8 + let limit: UInt16 + let count: UInt16 + let block: UInt32 + // let entries: [DirectoryTreeEntry] + } + + struct DirectoryTreeNode { + let fakeInode: UInt32 + let fakeRecordLength: UInt16 + let nameLength: UInt8 + let fileType: UInt8 + let limit: UInt16 + let count: UInt16 + let block: UInt32 + // let entries: [DirectoryTreeEntry] + } + + struct DirectoryTreeEntry { + let hash: UInt32 + let block: UInt32 + } + + struct DirectoryTreeTail { + let reserved: UInt32 + let checksum: UInt32 + } + + struct XAttrEntry { + let nameLength: UInt8 + let nameIndex: UInt8 + let valueOffset: UInt16 + let valueInum: UInt32 + let valueSize: UInt32 + let hash: UInt32 + } + + struct XAttrHeader { + let magic: UInt32 + let referenceCount: UInt32 + let blocks: UInt32 + let hash: UInt32 + let checksum: UInt32 + let reserved: [UInt32] + } + +} + +extension EXT4.Inode { + public static func Root() -> EXT4.Inode { + var inode = Self() // inode + inode.mode = Self.Mode(.S_IFDIR, 0o755) + inode.linksCount = 2 + inode.uid = 0 + inode.gid = 0 + // time + let now = Date().fs() + let now_lo: UInt32 = now.lo + let now_hi: UInt32 = now.hi + inode.atime = now_lo + inode.atimeExtra = now_hi + inode.ctime = now_lo + inode.ctimeExtra = now_hi + inode.mtime = now_lo + inode.mtimeExtra = now_hi + inode.crtime = now_lo + inode.crtimeExtra = now_hi + inode.flags = EXT4.InodeFlag.hugeFile.rawValue + inode.extraIsize = UInt16(EXT4.ExtraIsize) + return inode + } + +} diff --git a/Sources/ContainerizationEXT4/EXT4+Xattrs.swift b/Sources/ContainerizationEXT4/EXT4+Xattrs.swift new file mode 100644 index 0000000..6ca01d0 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4+Xattrs.swift @@ -0,0 +1,317 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/* + * Note: Both the entries and values for the attributes need to occupy a size that is a multiple of 4, + * meaning, in cases where the attribute name or value is not a multiple of 4, it is padded with 0 + * until it reaches that size. + */ + +extension EXT4 { + public struct ExtendedAttribute { + public static let prefixMap: [Int: String] = [ + 1: "user.", + 2: "system.posix_acl_access", + 3: "system.posix_acl_default", + 4: "trusted.", + 6: "security.", + 7: "system.", + 8: "system.richacl", + ] + + let name: String + let index: UInt8 + let value: [UInt8] + + var sizeValue: UInt32 { + UInt32((value.count + 3) & ~3) + } + + var sizeEntry: UInt32 { + UInt32((name.count + 3) & ~3 + 16) // 16 bytes are needed to store other metadata for the xattr entry + } + + var size: UInt32 { + sizeEntry + sizeValue + } + + var fullName: String { + Self.decompressName(id: Int(index), suffix: name) + } + + var hash: UInt32 { + var hash: UInt32 = 0 + for char in name { + hash = (hash << 5) ^ (hash >> 27) ^ UInt32(char.asciiValue!) + } + var i = 0 + while i + 3 < value.count { + let s = value[i..> 16) ^ v + i += 4 + } + if value.count % 4 != 0 { + let last = value.count & ~3 + var buff: [UInt8] = [0, 0, 0, 0] + for (i, byte) in value[last...].enumerated() { + buff[i] = byte + } + let v = buff.withUnsafeBytes { $0.loadLittleEndian(as: UInt32.self) } + hash = (hash << 16) ^ (hash >> 16) ^ v + } + return hash + } + + init(name: String, value: [UInt8]) { + let compressed = Self.compressName(name) + self.name = compressed.str + self.index = compressed.id + self.value = value + } + + init(idx: UInt8, compressedName name: String, value: [UInt8]) { + self.name = name + self.index = idx + self.value = value + } + + // MARK: Class methods + public static func compressName(_ name: String) -> (id: UInt8, str: String) { + for (id, prefix) in prefixMap.sorted(by: { $1.1.count < $0.1.count }) where name.hasPrefix(prefix) { + return (UInt8(id), String(name.dropFirst(prefix.count))) + } + return (0, name) + } + + public static func decompressName(id: Int, suffix: String) -> String { + guard let prefix = prefixMap[id] else { + return suffix + } + return "\(prefix)\(suffix)" + } + } + + public struct FileXattrsState { + private let inodeCapacity: UInt32 + private let blockCapacity: UInt32 + private let inode: UInt32 // the inode number for which we are tracking these xattrs + + var inlineAttributes: [ExtendedAttribute] = [] + var blockAttributes: [ExtendedAttribute] = [] + private var usedSizeInline: UInt32 = 0 + private var usedSizeBlock: UInt32 = 0 + + private var inodeFreeBytes: UInt32 { + self.inodeCapacity - EXT4.XattrInodeHeaderSize - usedSizeInline - 4 // need to have 4 null bytes b/w xattr entries and values + } + + private var blockFreeBytes: UInt32 { + self.blockCapacity - EXT4.XattrBlockHeaderSize - usedSizeBlock - 4 + } + + init(inode: UInt32, inodeXattrCapacity: UInt32, blockCapacity: UInt32) { + self.inode = inode + self.inodeCapacity = inodeXattrCapacity + self.blockCapacity = blockCapacity + } + + public mutating func add(_ attribute: ExtendedAttribute) throws { + let size = attribute.size + if size <= inodeFreeBytes { + usedSizeInline += size + inlineAttributes.append(attribute) + return + } + if size <= blockFreeBytes { + usedSizeBlock += size + blockAttributes.append(attribute) + return + } + throw Error.insufficientSpace(Int(self.inode)) + } + + public func writeInlineAttributes(buffer: inout [UInt8]) throws { + var idx = 0 + withUnsafeLittleEndianBytes( + of: EXT4.XAttrHeaderMagic, + body: { bytes in + for byte in bytes { + buffer[idx] = byte + idx += 1 + } + }) + try Self.write(buffer: &buffer, attrs: self.inlineAttributes, start: UInt16(idx), delta: 0, inline: true) + } + + public func writeBlockAttributes(buffer: inout [UInt8]) throws { + var idx = 0 + for val in [EXT4.XAttrHeaderMagic, 1, 1] { + withUnsafeLittleEndianBytes( + of: UInt32(val), + body: { bytes in + for byte in bytes { + buffer[idx] = byte + idx += 1 + } + }) + } + while idx != 32 { + buffer[idx] = 0 + idx += 1 + } + var attributes = self.blockAttributes + attributes.sort(by: { + if $0.index != $1.index { + return $0.index < $1.index + } + if $0.name.count != $1.name.count { + return $0.name.count < $1.name.count + } + return $0.name < $1.name + }) + try Self.write(buffer: &buffer, attrs: attributes, start: UInt16(idx), delta: UInt16(idx), inline: false) + } + + /// Writes the specified list of extended attribute entries and their values to the provided + /// This method does not fill in any headers (Inode inline / block level) that may be required to parse these attributes + /// + /// - Parameters: + /// - buffer: An array of [UInt8] where the data will be written into + /// - attrs: The list of ExtendedAttributes to write + /// - start: the index from where data should be put into the buffer - useful when if you dont want this method to be overwriting existing data + /// - delta: index from where the begin the offset calculations + /// - inline: if the byte buffer being written into is an inline data block for an inode: Determines the hash calculation + private static func write( + buffer: inout [UInt8], attrs: [ExtendedAttribute], start: UInt16, delta: UInt16, inline: Bool + ) throws { + var offset: UInt16 = UInt16(buffer.count) + delta - start + var front = Int(start) + var end = buffer.count + + for attribute in attrs { + guard end - front >= 4 else { + throw Error.malformedXattrBuffer + } + + var out: [UInt8] = [] + let v = attribute.sizeValue + offset -= UInt16(v) + out.append(UInt8(attribute.name.count)) + out.append(attribute.index) + withUnsafeLittleEndianBytes( + of: UInt16(offset), + body: { bytes in + out.append(contentsOf: bytes) + }) + out.append(contentsOf: [0, 0, 0, 0]) // these next four bytes indicate that the attr values are in the same block + withUnsafeLittleEndianBytes( + of: UInt32(attribute.value.count), + body: { bytes in + out.append(contentsOf: bytes) + }) + if !inline { + withUnsafeLittleEndianBytes( + of: UInt32(attribute.hash), + body: { bytes in + out.append(contentsOf: bytes) + }) + } else { + out.append(contentsOf: [0, 0, 0, 0]) + } + guard let name = attribute.name.data(using: .ascii) else { + throw Error.convertAsciiString(attribute.name) + } + out.append(contentsOf: [UInt8](name)) + while out.count < Int(attribute.sizeEntry) { // ensure that xattr entry size is a multiple of 4 + out.append(0) + } + for (i, byte) in out.enumerated() { + buffer[front + i] = byte + } + front += out.count + + end -= Int(attribute.sizeValue) + for (i, byte) in attribute.value.enumerated() { + buffer[end + i] = byte + } + } + } + + public static func read(buffer: [UInt8], start: Int, offset: Int) throws -> [ExtendedAttribute] { + var i = start + var attribs: [ExtendedAttribute] = [] + // 16 is the size of 1 XAttrEntry + while i + 16 <= buffer.count { + let attributeStart = i + let rawXattrEntry = Array(buffer[i.. Data blocks. In this implementation, inode size is set to 256 bytes. + Inode table uses extents to efficiently describe the mapping. + + +-----------------------+ + | Inode Table | + +-----------------------+ + | Inode | Metadata | + +-------+---------------+ + | 1 | permissions | + | | size | + | | user ID | + | | group ID | + | | timestamps | + | | block | + | | blocks count | + +-------+---------------+ + | 2 | ... | + +-------+---------------+ + | ... | ... | + +-------+---------------+ + + The length of `block` field in the inode table is 60 bytes. This field contains an extent tree + that holds information about ranges of blocks used by the file. For smaller files, the entire extent + tree can be stored within this field. + + +-----------------------+ + | Inode | + +-----------------------+ + | Metadata | + +-----------------------+ + | Extent Tree | + | +-------------------+ | + | | Extent Leaf Node | | + | +-------------------+ | + | | - Start Block | | + | | - Block Count | | + | | - ... | | + | +-------------------+ | + +-----------------------+ + + For larger files which span across multiple non-contiguous blocks, extent tree's root points to extent + blocks, which in-turn point to the blocks used by the file + + +-----------------------+ + | Extent Tree | + | +-------------------+ | + | | Extent Root | | + | +-------------------+ | + | | - Pointers to | | + | | Extent Blocks | | + | +-------------------+ | + +-----------------------+ + | + v + +-----------------------+ + | Extent Block | + +-----------------------+ + | +-------------------+ | + | | Extent Leaf Node | | + | +-------------------+ | + | | - Start Block | | + | | - Block Count | | + | | - ... | | + | +-------------------+ | + | +-------------------+ | + | | Extent Leaf Node | | + | +-------------------+ | + | | - Start Block | | + | | - Block Count | | + | | - ... | | + | +-------------------+ | + +-----------------------+ + + ## Directory entries + + The data blocks for directory inodes point to a list of directory entries. Each entry + consists of only a name and inode number. The name and inode number correspond to the + name and inode number of the children of the directory + + +-------------------------+ + | Directory Entry | + +-------------------------+ + | inode | rec_len | name | + +-------------------------+ + | 2 | 1 | "." | + +-------------------------+ + | Directory Entry | + +-------------------------+ + | inode | rec_len | name | + +-------------------------+ + | 1 | 2 | ".." | + +-------------------------+ + | Directory Entry | + +-------------------------+ + | inode | rec_len | name | + +-------------------------+ + | 11 | 10 | lost& | + | | | found | + +-------------------------+ + +More details can be found here https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout + +``` +*/ + +/// A type for interacting with ext4 file systems. +/// +/// The `Ext4` class provides functionality to read the superblock of an existing ext4 block device +/// and format a new block device with the ext4 file system. +/// +/// Usage: +/// - To read the superblock of an existing ext4 block device, create an instance of `Ext4` with the +/// path to the block device +/// - To format a new block device with ext4, create an instance of `Ext4.Formatter` with the path to the block +/// device and call the `close()` method. +/// +/// Example 1: Read an existing block device +/// ```swift +/// let blockDevice = URL(filePath: "/dev/sdb") +/// // succeeds if a valid ext4 fs is found at path +/// let ext4 = try Ext4(blockDevice: blockDevice) +/// print("Block size: \(ext4.blockSize)") +/// print("Total size: \(ext4.size)") +/// +/// // Reading the superblock +/// let superblock = ext4.superblock +/// print("Superblock information:") +/// print("Total blocks: \(superblock.blocksCountLow)") +/// ``` +/// +/// Example 2: Format a new block device (Refer [`EXT4.Formatter`](x-source-tag://EXT4.Formatter) for more info) +/// ```swift +/// let devicePath = URL(filePath: "/dev/sdc") +/// let formatter = try EXT4.Formatter(devicePath, blockSize: 4096) +/// try formatter.close() +/// ``` +public enum EXT4 { + public static let SuperBlockMagic: UInt16 = 0xef53 + + static let ExtentHeaderMagic: UInt16 = 0xf30a + static let XAttrHeaderMagic: UInt32 = 0xea02_0000 + + static let DefectiveBlockInode: InodeNumber = 1 + static let RootInode: InodeNumber = 2 + static let FirstInode: InodeNumber = 11 + static let LostAndFoundInode: InodeNumber = 11 + + static let InodeActualSize: UInt32 = 160 // 160 bytes used by metadata + static let InodeExtraSize: UInt32 = 96 // 96 bytes for inline xattrs + static let InodeSize: UInt32 = UInt32(MemoryLayout.size) // 256 bytes. This is the max size of an inode + static let XattrInodeHeaderSize: UInt32 = 4 + static let XattrBlockHeaderSize: UInt32 = 32 + static let ExtraIsize: UInt16 = UInt16(InodeActualSize) - 128 + + static let MaxLinks: UInt32 = 65000 + static let MaxBlocksPerExtent: UInt32 = 0x8000 + static let MaxFileSize: UInt64 = 128.gib() + static let SuperBlockOffset: UInt64 = 1024 + + public struct JournalConfig: Sendable { + public var size: UInt64? + public var defaultMode: JournalMode? + + public enum JournalMode: Sendable { + case writeback + case ordered + case journal + } + + public init(size: UInt64? = nil, defaultMode: JournalMode? = nil) { + self.size = size + self.defaultMode = defaultMode + } + + public static let `default` = JournalConfig() + } +} + +extension EXT4 { + // `EXT4` errors. + public enum Error: Swift.Error, CustomStringConvertible, Sendable, Equatable { + case notFound(_ path: String) + case couldNotReadSuperBlock(_ path: String, _ offset: UInt64, _ size: Int) + case invalidSuperBlock + case deepExtentsUnimplemented + case invalidExtents + case invalidXattrEntry + case couldNotReadBlock(_ block: UInt32) + case invalidPathEncoding(_ path: String) + case couldNotReadInode(_ inode: UInt32) + case couldNotReadGroup(_ group: UInt32) + public var description: String { + switch self { + case .notFound(let path): + return "file at path \(path) not found" + case .couldNotReadSuperBlock(let path, let offset, let size): + return "could not read \(size) bytes of superblock from \(path) at offset \(offset)" + case .invalidSuperBlock: + return "not a valid EXT4 superblock" + case .deepExtentsUnimplemented: + return "deep extents are not supported" + case .invalidExtents: + return "extents invalid or corrupted" + case .invalidXattrEntry: + return "invalid extended attribute entry" + case .couldNotReadBlock(let block): + return "could not read block \(block)" + case .invalidPathEncoding(let path): + return "path encoding for '\(path)' is invalid, must be ascii or utf8" + case .couldNotReadInode(let inode): + return "could not read inode \(inode)" + case .couldNotReadGroup(let group): + return "could not read group descriptor \(group)" + } + } + } +} diff --git a/Sources/ContainerizationEXT4/EXT4Reader+Export.swift b/Sources/ContainerizationEXT4/EXT4Reader+Export.swift new file mode 100644 index 0000000..2fd4109 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4Reader+Export.swift @@ -0,0 +1,215 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationArchive +import Foundation +import SystemPackage + +extension EXT4.EXT4Reader { + public func export(archive: FilePath) throws { + let config = ArchiveWriterConfiguration( + format: .paxRestricted, filter: .none, options: [Options.xattrformat(.schily)]) + let writer = try ArchiveWriter(configuration: config) + try writer.open(file: archive.url) + var items = self.tree.root.pointee.children + let hardlinkedInodes = Set(self.hardlinks.values) + var hardlinkTargets: [EXT4.InodeNumber: FilePath] = [:] + + while items.count > 0 { + let itemPtr = items.removeFirst() + let item = itemPtr.pointee + let inode = try self.getInode(number: item.inode) + let entry = WriteEntry() + let mode = inode.mode + let size: UInt64 = (UInt64(inode.sizeHigh) << 32) | UInt64(inode.sizeLow) + entry.permissions = mode_t(mode) + guard let path = item.path else { + continue + } + if hardlinkedInodes.contains(item.inode) { + hardlinkTargets[item.inode] = path + } + guard self.hardlinks[path] == nil else { + continue + } + var attributes: [EXT4.ExtendedAttribute] = [] + let buffer: [UInt8] = EXT4.tupleToArray(inode.inlineXattrs) + if !buffer.allZeros { + try attributes.append(contentsOf: Self.readInlineExtendedAttributes(from: buffer)) + } + if inode.xattrBlockLow != 0 { + let block = inode.xattrBlockLow + try self.seek(block: block) + guard let buffer = try self.handle.read(upToCount: Int(self.blockSize)) else { + throw EXT4.Error.couldNotReadBlock(block) + } + try attributes.append(contentsOf: Self.readBlockExtendedAttributes(from: [UInt8](buffer))) + } + + var xattrs: [String: Data] = [:] + for attribute in attributes { + guard attribute.fullName != "system.data" else { + continue + } + xattrs[attribute.fullName] = Data(attribute.value) + } + + let pathStr = path.description + entry.path = pathStr + entry.size = Int64(size) + entry.group = gid_t(inode.gidHigh) << 16 | gid_t(inode.gid) + entry.owner = uid_t(inode.uidHigh) << 16 | uid_t(inode.uid) + entry.creationDate = Date(fsTimestamp: UInt64(inode.crtimeExtra) << 32 | UInt64(inode.crtime)) + entry.modificationDate = Date(fsTimestamp: UInt64(inode.mtimeExtra) << 32 | UInt64(inode.mtime)) + entry.contentAccessDate = Date(fsTimestamp: UInt64(inode.atimeExtra) << 32 | UInt64(inode.atime)) + entry.xattrs = xattrs + + if mode.isDir() { + entry.fileType = .directory + for child in item.children { + items.append(child) + } + if pathStr == "" { + continue + } + try writer.writeEntry(entry: entry, data: nil) + } else if mode.isReg() { + entry.fileType = .regular + var data = Data() + var remaining: UInt64 = size + if let block = item.blocks { + for dataBlock in block.start.. self.blockSize { + count = self.blockSize + } else { + count = remaining + } + guard let dataBytes = try self.handle.read(upToCount: Int(count)) else { + throw EXT4.Error.couldNotReadBlock(dataBlock) + } + data.append(dataBytes) + remaining -= UInt64(dataBytes.count) + } + } + if let additionalBlocks = item.additionalBlocks { + for block in additionalBlocks { + for dataBlock in block.start.. self.blockSize { + count = self.blockSize + } else { + count = remaining + } + guard let dataBytes = try self.handle.read(upToCount: Int(count)) else { + throw EXT4.Error.couldNotReadBlock(dataBlock) + } + data.append(dataBytes) + remaining -= UInt64(dataBytes.count) + } + } + } + try writer.writeEntry(entry: entry, data: data) + } else if mode.isLink() { + entry.fileType = .symbolicLink + if size < 60 { + let linkBytes = EXT4.tupleToArray(inode.block) + entry.symlinkTarget = String(bytes: linkBytes.prefix(Int(size)), encoding: .utf8) ?? "" + } else { + if let block = item.blocks { + try self.seek(block: block.start) + guard let linkBytes = try self.handle.read(upToCount: Int(size)) else { + throw EXT4.Error.couldNotReadBlock(block.start) + } + entry.symlinkTarget = String(bytes: linkBytes, encoding: .utf8) ?? "" + } + } + try writer.writeEntry(entry: entry, data: nil) + } else { // do not process sockets, fifo, character and block devices + continue + } + } + for (path, number) in self.hardlinks { + guard let targetPath = hardlinkTargets[number] else { + continue + } + let inode = try self.getInode(number: number) + let entry = WriteEntry() + entry.path = path.description + entry.hardlink = targetPath.description + entry.permissions = mode_t(inode.mode) + entry.group = gid_t(inode.gidHigh) << 16 | gid_t(inode.gid) + entry.owner = uid_t(inode.uidHigh) << 16 | uid_t(inode.uid) + entry.creationDate = Date(fsTimestamp: UInt64(inode.crtimeExtra) << 32 | UInt64(inode.crtime)) + entry.modificationDate = Date(fsTimestamp: UInt64(inode.mtimeExtra) << 32 | UInt64(inode.mtime)) + entry.contentAccessDate = Date(fsTimestamp: UInt64(inode.atimeExtra) << 32 | UInt64(inode.atime)) + try writer.writeEntry(entry: entry, data: nil) + } + try writer.finishEncoding() + } + + @available(*, deprecated, renamed: "readInlineExtendedAttributes(from:)") + public static func readInlineExtenedAttributes(from buffer: [UInt8]) throws -> [EXT4.ExtendedAttribute] { + try readInlineExtendedAttributes(from: buffer) + } + + public static func readInlineExtendedAttributes(from buffer: [UInt8]) throws -> [EXT4.ExtendedAttribute] { + let header = buffer[0..<4].withUnsafeBytes { $0.loadLittleEndian(as: UInt32.self) } + if header != EXT4.XAttrHeaderMagic { + throw EXT4.FileXattrsState.Error.missingXAttrHeader + } + return try EXT4.FileXattrsState.read(buffer: buffer, start: 4, offset: 4) + } + + @available(*, deprecated, renamed: "readBlockExtendedAttributes(from:)") + public static func readBlockExtenedAttributes(from buffer: [UInt8]) throws -> [EXT4.ExtendedAttribute] { + try readBlockExtendedAttributes(from: buffer) + } + + public static func readBlockExtendedAttributes(from buffer: [UInt8]) throws -> [EXT4.ExtendedAttribute] { + let header = buffer[0..<4].withUnsafeBytes { $0.loadLittleEndian(as: UInt32.self) } + if header != EXT4.XAttrHeaderMagic { + throw EXT4.FileXattrsState.Error.missingXAttrHeader + } + + return try EXT4.FileXattrsState.read(buffer: [UInt8](buffer), start: 32, offset: 0) + } + + func seek(block: UInt32) throws { + try self.handle.seek(toOffset: UInt64(block) * blockSize) + } +} + +extension Date { + init(fsTimestamp: UInt64) { + if fsTimestamp == 0 { + self = Date.distantPast + return + } + + // 32 bits - base: seconds since January 1, 1970, signed (negative for pre-1970 dates) + // 2 bits - epoch: overflow counter (0-3), how many times the 32-bit seconds field has wrapped + // 30 bits - nanoseconds (0-999,999,999) + let base = Int32(truncatingIfNeeded: fsTimestamp) + let epoch = Int64(fsTimestamp & 0x3_0000_0000) + let seconds = Int64(base) + epoch + let nanoseconds = Double(fsTimestamp >> 34) / 1_000_000_000 + + self = Date(timeIntervalSince1970: Double(seconds) + nanoseconds) + } +} diff --git a/Sources/ContainerizationEXT4/EXT4Reader+IO.swift b/Sources/ContainerizationEXT4/EXT4Reader+IO.swift new file mode 100644 index 0000000..c2c9364 --- /dev/null +++ b/Sources/ContainerizationEXT4/EXT4Reader+IO.swift @@ -0,0 +1,495 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage + +extension EXT4 { + public enum PathIOError: Swift.Error, CustomStringConvertible { + case notFound(String) + case notAFile(String) + case isDirectory(String) + case notADirectory(String) + case symlinkLoop(String) + case invalidPath(String) + + public var description: String { + switch self { + case .notFound(let p): return "no such file or directory: \(p)" + case .notAFile(let p): return "not a regular file: \(p)" + case .isDirectory(let p): return "is a directory: \(p)" + case .notADirectory(let p): return "not a directory: \(p)" + case .symlinkLoop(let p): return "symlink loop while resolving: \(p)" + case .invalidPath(let p): return "invalid path: \(p)" + } + } + } +} + +// MARK: - Public API + +extension EXT4.EXT4Reader { + /// Return true if a path exists (file or directory) in this ext4 device. + public func exists(_ path: FilePath, followSymlinks: Bool = true) -> Bool { + (try? resolvePath(path, followSymlinks: followSymlinks).inode) != nil + } + + /// Get the total number of blocks in the filesystem + private var totalBlocks: UInt64 { + let lo = UInt64(_superBlock.blocksCountLow) + let hi = UInt64(_superBlock.blocksCountHigh) + return lo | (hi << 32) + } + + /// Validate that a physical block address is within device bounds + private func validateBlockAddress(_ block: UInt32) throws { + guard UInt64(block) < totalBlocks else { + throw EXT4.PathIOError.invalidPath("block address \(block) exceeds device bounds (\(totalBlocks) blocks)") + } + } + + /// Metadata (inode + inode number) for a path. + public func stat(_ path: FilePath, followSymlinks: Bool = true) throws -> (inodeNumber: EXT4.InodeNumber, inode: EXT4.Inode) { + let resolved = try resolvePath(path, followSymlinks: followSymlinks) + return (resolved.inodeNum, try getInode(number: resolved.inodeNum)) + } + + /// List a directory's entries (names only). Does not include "." or "..". + public func listDirectory(_ path: FilePath) throws -> [String] { + let (inoNum, ino) = try stat(path) + guard ino.mode.isDir() else { + throw EXT4.PathIOError.notADirectory(path.description) + } + let children = try children(of: inoNum) + return + children + .map { $0.0 } + .filter { $0 != "." && $0 != ".." } + .sorted() + } + + /// Read bytes from a regular file at `path` into `buffer`, starting at `offset`. + /// Returns the number of bytes written to `buffer` (may be less than `buffer.count` at EOF). + /// - Note: Semantics mirror `read(2)`: partial reads are possible. + @discardableResult + public func readFile( + at path: FilePath, + into buffer: UnsafeMutableRawBufferPointer, + offset: UInt64 = 0, + followSymlinks: Bool = true + ) throws -> Int { + let context = try prepareRead(path: path, offset: offset, followSymlinks: followSymlinks) + if buffer.count == 0 || context.maxReadable == 0 { + return 0 + } + + let want = min(UInt64(buffer.count), context.maxReadable) + return try performRead( + inodeNumber: context.inodeNumber, + start: context.start, + wantedBytes: want, + into: buffer + ) + } + + /// Read bytes from a regular file at `path` starting at `offset`. + /// If `count` is nil, reads to EOF. Returns exactly the requested bytes (or less at EOF). + public func readFile( + at path: FilePath, + offset: UInt64 = 0, + count: Int? = nil, + followSymlinks: Bool = true + ) throws -> Data { + let context = try prepareRead(path: path, offset: offset, followSymlinks: followSymlinks) + let want = count.map { min(UInt64($0), context.maxReadable) } ?? context.maxReadable + if want == 0 { + return Data() + } + + var out = Data(count: Int(want)) + let wrote = try out.withUnsafeMutableBytes { + try performRead( + inodeNumber: context.inodeNumber, + start: context.start, + wantedBytes: want, + into: $0 + ) + } + if wrote < Int(want) { + out.removeSubrange(wrote.. (inodeNumber: EXT4.InodeNumber, start: UInt64, maxReadable: UInt64) { + let (inoNum, inode) = try stat(path, followSymlinks: followSymlinks) + + if inode.mode.isDir() { + throw EXT4.PathIOError.isDirectory(path.description) + } + + if !inode.mode.isReg() { + throw EXT4.PathIOError.notAFile(path.description) + } + + let fileSize: UInt64 = inodeFileSize(inode) + let start = min(offset, fileSize) + let maxReadable = fileSize - start + return (inodeNumber: inoNum, start: start, maxReadable: maxReadable) + } + + private func performRead( + inodeNumber: EXT4.InodeNumber, + start: UInt64, + wantedBytes: UInt64, + into buffer: UnsafeMutableRawBufferPointer + ) throws -> Int { + if wantedBytes == 0 { + return 0 + } + + guard let extents = try self.getExtents(inode: inodeNumber), !extents.isEmpty else { + return 0 + } + + for (physStartBlk, physEndBlk) in extents { + try validateBlockAddress(physStartBlk) + if physEndBlk > physStartBlk { + try validateBlockAddress(physEndBlk - 1) + } + } + + guard let base = buffer.baseAddress else { + return 0 + } + + let desiredBytes = Int(min(wantedBytes, UInt64(buffer.count))) + if desiredBytes == 0 { + return 0 + } + + let blockSizeBytes = self.blockSize + let reqStart = start + let reqEnd = start + UInt64(desiredBytes) + var logicalOffset: UInt64 = 0 + var bytesWritten = 0 + + for (physStartBlk, physEndBlk) in extents { + let extentBytes = UInt64(physEndBlk - physStartBlk) * blockSizeBytes + let logicalEnd = logicalOffset + extentBytes + + if logicalEnd <= reqStart { + logicalOffset = logicalEnd + continue + } + if logicalOffset >= reqEnd { + break + } + + let overlapStart = max(logicalOffset, reqStart) + let overlapEnd = min(logicalEnd, reqEnd) + var remaining = overlapEnd - overlapStart + if remaining == 0 { + logicalOffset = logicalEnd + continue + } + + let offsetIntoExtent = overlapStart - logicalOffset + let absoluteByteOffset = (UInt64(physStartBlk) * blockSizeBytes) + offsetIntoExtent + + do { + try self.handle.seek(toOffset: absoluteByteOffset) + } catch { + if bytesWritten > 0 { + return bytesWritten + } + throw EXT4.PathIOError.invalidPath("failed to seek to offset \(absoluteByteOffset): \(error)") + } + + while remaining > 0 && bytesWritten < desiredBytes { + let chunk = min(desiredBytes - bytesWritten, Int(min(remaining, UInt64(1 << 20)))) + let dest = UnsafeMutableRawBufferPointer( + start: base.advanced(by: bytesWritten), + count: chunk + ) + + do { + guard let data = try self.handle.read(upToCount: chunk) else { + return bytesWritten + } + + if data.count == 0 { + return bytesWritten + } + + // Copy the data to the destination buffer + data.withUnsafeBytes { sourceBytes in + dest.copyMemory(from: UnsafeRawBufferPointer(sourceBytes)) + } + + bytesWritten += data.count + remaining -= UInt64(data.count) + + if data.count < chunk && remaining > 0 { + return bytesWritten + } + } catch { + if bytesWritten > 0 { + return bytesWritten + } + throw error + } + } + + logicalOffset = logicalEnd + if bytesWritten >= desiredBytes { + break + } + } + + return bytesWritten + } + + // MARK: - Internals inside EXT4Reader + public struct ResolvedPath { + let inodeNum: EXT4.InodeNumber + let inode: EXT4.Inode + } + + /// Resolve a path to an inode (optionally following symlinks). + /// Paths may be absolute ("/...") or relative (from "/"). + public func resolvePath(_ path: FilePath, followSymlinks: Bool, maxSymlinks: Int = 40) throws -> ResolvedPath { + var components: [String] = normalize(path: path) + var current: EXT4.InodeNumber = EXT4.RootInode + var parentStack: [EXT4.InodeNumber] = [] // Track parent chain for proper ".." handling + + var symlinkHops = 0 + + // Process components one at a time to handle symlinks in the middle of paths + var componentIndex = 0 + + while componentIndex < components.count { + let name = components[componentIndex] + + if name == "." { + componentIndex += 1 + continue + } + + if name == ".." { + // Handle parent directory traversal + if current == EXT4.RootInode { + // At root, ".." points to itself + componentIndex += 1 + continue + } + + // Use parent stack if available + if !parentStack.isEmpty { + current = parentStack.removeLast() + } else { + // Fallback: look up ".." entry in filesystem + let entries = try children(of: current) + if let parent = entries.first(where: { $0.0 == ".." })?.1 { + current = parent + } + } + componentIndex += 1 + continue + } + + // Regular component: verify current is a directory and look up child + let currentInode = try getInode(number: current) + guard currentInode.mode.isDir() else { + throw EXT4.PathIOError.notADirectory(name) + } + + let entries = try children(of: current) + guard let child = entries.first(where: { $0.0 == name }) else { + throw EXT4.PathIOError.notFound(name) + } + + // Check if child is a symlink + let childInode = try getInode(number: child.1) + if childInode.mode.isLink() && followSymlinks { + // Enforce max symlink depth + symlinkHops += 1 + if symlinkHops > maxSymlinks { + throw EXT4.PathIOError.symlinkLoop(FilePath(components.joined(separator: "/")).description) + } + + // Read symlink target + let linkBytes = try readFileFromInode(inodeNum: child.1) + guard let linkTarget = String(data: linkBytes, encoding: .utf8), !linkTarget.isEmpty else { + throw EXT4.PathIOError.invalidPath("empty symlink target") + } + + // Parse symlink target into components + let targetComponents = normalize(path: FilePath(linkTarget)) + + // Replace current component with symlink target components and continue + if linkTarget.hasPrefix("/") { + // Absolute symlink: reset to root + current = EXT4.RootInode + parentStack = [] + // Replace the symlink component with target components + remaining path + components = targetComponents + Array(components[(componentIndex + 1)...]) + componentIndex = 0 // Start from beginning with new path + } else { + // Relative symlink: continue from current directory + // Replace the symlink component with target components + remaining path + components = Array(components[0.. [String] { + let s = path.description + let trimmed = s.hasPrefix("/") ? String(s.dropFirst()) : s + if trimmed.isEmpty { return [] } + return trimmed.split(separator: "/").map(String.init) + } + + /// Read entire file content of a regular file given an inode (used for symlink targets). + private func readFileFromInode(inodeNum: EXT4.InodeNumber) throws -> Data { + let ino = try getInode(number: inodeNum) + guard ino.mode.isReg() || ino.mode.isLink() else { + return Data() + } + let size = inodeFileSize(ino) + if size == 0 { return Data() } + + // Handle fast symlinks (target stored directly in inode block field) + if ino.mode.isLink() && size < 60 { + // Extract target from inode block field + let blockData = withUnsafeBytes(of: ino.block) { Data($0) } + return blockData.prefix(Int(size)) + } + + return try readFileBytesFromExtents(inodeNum: inodeNum, offset: 0, count: size) + } + + /// Low-level read using extents, with explicit offset & length (in bytes). + private func readFileBytesFromExtents(inodeNum: EXT4.InodeNumber, offset: UInt64, count: UInt64) throws -> Data { + guard let extents = try self.getExtents(inode: inodeNum), !extents.isEmpty else { + return Data() + } + + // Validate all extent blocks are within device bounds + for (startBlk, endBlk) in extents { + try validateBlockAddress(startBlk) + if endBlk > startBlk { + try validateBlockAddress(endBlk - 1) + } + } + + var out = Data(capacity: Int(count)) + var logicalOffset: UInt64 = 0 + var bytesReadSuccessfully: Int = 0 + let reqStart = offset + let reqEnd = offset + count + let bs = self.blockSize + + for (startBlk, endBlk) in extents { + let extentBytes = UInt64(endBlk - startBlk) * bs + let logicalEnd = logicalOffset + extentBytes + if logicalEnd <= reqStart { + logicalOffset = logicalEnd + continue + } + if logicalOffset >= reqEnd { break } + + let ovlStart = max(logicalOffset, reqStart) + let ovlEnd = min(logicalEnd, reqEnd) + let ovlLen = ovlEnd - ovlStart + if ovlLen == 0 { + logicalOffset = logicalEnd + continue + } + + let offsetIntoExtent = ovlStart - logicalOffset + let absByteOffset = UInt64(startBlk) * bs + offsetIntoExtent + + do { + try self.handle.seek(toOffset: absByteOffset) + } catch { + if bytesReadSuccessfully > 0 { + // Return partial data that was successfully read + return out + } + throw EXT4.PathIOError.invalidPath("failed to seek to offset \(absByteOffset): \(error)") + } + + var left = ovlLen + while left > 0 { + let chunk = Int(min(left, 1 << 20)) + + do { + guard let data = try self.handle.read(upToCount: chunk) else { + let blk = UInt32(absByteOffset / bs) + throw EXT4.Error.couldNotReadBlock(blk) + } + + out.append(data) + bytesReadSuccessfully += data.count + left -= UInt64(data.count) + + if data.count < chunk && left > 0 { + // Partial read - return what we have + return out + } + } catch { + if bytesReadSuccessfully > 0 { + // Return partial data on error + return out + } + throw error + } + } + logicalOffset = logicalEnd + if out.count >= Int(count) { break } + } + if out.count > Int(count) { out.removeSubrange(Int(count).. UInt64 { + // The Containerization EXT4 Inode struct exposes mode and block fields; size fields + // are commonly named sizeLo/sizeHigh in this codebase. + // EXT4 supports 64-bit file sizes - always use both low and high parts. + let lo = UInt64(inode.sizeLow) + let hi = UInt64(inode.sizeHigh) + return lo | (hi << 32) + } +} diff --git a/Sources/ContainerizationEXT4/FilePath+Extensions.swift b/Sources/ContainerizationEXT4/FilePath+Extensions.swift new file mode 100644 index 0000000..53bcc20 --- /dev/null +++ b/Sources/ContainerizationEXT4/FilePath+Extensions.swift @@ -0,0 +1,113 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage + +extension FilePath { + public static let Separator: String = "/" + + public var bytes: [UInt8] { + self.withCString { cstr in + var ptr = cstr + var rawBytes: [UInt8] = [] + while UInt(bitPattern: ptr) != 0 { + if ptr.pointee == 0x00 { break } + rawBytes.append(UInt8(bitPattern: ptr.pointee)) + ptr = ptr.successor() + } + return rawBytes + } + } + + public var base: String { + self.lastComponent?.string ?? "/" + } + + public var dir: FilePath { + self.removingLastComponent() + } + + public var url: URL { + URL(fileURLWithPath: self.string) + } + + public var items: [String] { + self.components.map { $0.string } + } + + public var isRoot: Bool { // platform agnostic + self.removingRoot().isEmpty + } + + public init(_ url: URL) { + self.init(url.path(percentEncoded: false)) + } + + public func join(_ path: FilePath) -> FilePath { + self.pushing(path) + } + + public func join(_ path: String) -> FilePath { + self.join(FilePath(path)) + } + + public func split() -> (dir: FilePath, base: String) { + (self.dir, self.base) + } + + public func clean() -> FilePath { + self.lexicallyNormalized() + } + + public static func rel(_ basepath: String, _ targpath: String) -> FilePath { + let base = FilePath(basepath) + let targ = FilePath(targpath) + + if base == targ { + return "." + } + + let baseComponents = base.items + let targComponents = targ.items + + var commonPrefix = 0 + while commonPrefix < min(baseComponents.count, targComponents.count) + && baseComponents[commonPrefix] == targComponents[commonPrefix] + { + commonPrefix += 1 + } + + let upCount = baseComponents.count - commonPrefix + let relComponents = Array(repeating: "..", count: upCount) + targComponents[commonPrefix...] + + return FilePath(relComponents.joined(separator: Self.Separator)) + } +} + +extension FileHandle { + public convenience init?(forWritingTo path: FilePath) { + self.init(forWritingAtPath: path.description) + } + + public convenience init?(forReadingAtPath path: FilePath) { + self.init(forReadingAtPath: path.description) + } + + public convenience init?(forReadingFrom path: FilePath) { + self.init(forReadingAtPath: path.description) + } +} diff --git a/Sources/ContainerizationEXT4/FileTimestamps.swift b/Sources/ContainerizationEXT4/FileTimestamps.swift new file mode 100644 index 0000000..5e81924 --- /dev/null +++ b/Sources/ContainerizationEXT4/FileTimestamps.swift @@ -0,0 +1,67 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +public struct FileTimestamps { + public var access: Date + public var modification: Date + public var creation: Date + public var now: Date + + public var accessLo: UInt32 { + access.fs().lo + } + + public var accessHi: UInt32 { + access.fs().hi + } + + public var modificationLo: UInt32 { + modification.fs().lo + } + + public var modificationHi: UInt32 { + modification.fs().hi + } + + public var creationLo: UInt32 { + creation.fs().lo + } + + public var creationHi: UInt32 { + creation.fs().hi + } + + public var nowLo: UInt32 { + now.fs().lo + } + + public var nowHi: UInt32 { + now.fs().hi + } + + public init(access: Date?, modification: Date?, creation: Date?) { + now = Date() + self.access = access ?? now + self.modification = modification ?? now + self.creation = creation ?? now + } + + public init() { + self.init(access: nil, modification: nil, creation: nil) + } +} diff --git a/Sources/ContainerizationEXT4/Formatter+Unpack.swift b/Sources/ContainerizationEXT4/Formatter+Unpack.swift new file mode 100644 index 0000000..0833eb3 --- /dev/null +++ b/Sources/ContainerizationEXT4/Formatter+Unpack.swift @@ -0,0 +1,255 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationArchive +import ContainerizationExtras +import ContainerizationOS +import Foundation +import SystemPackage + +private typealias Hardlinks = [FilePath: FilePath] + +extension EXT4.Formatter { + /// Unpack the provided archive on to the ext4 filesystem. + public func unpack(reader: ArchiveReader, progress: ProgressHandler? = nil) async throws { + try await self.unpackEntries(reader: reader, progress: progress) + } + + /// Unpack an archive at the source URL on to the ext4 filesystem. + public func unpack( + source: URL, + format: ContainerizationArchive.Format = .paxRestricted, + compression: ContainerizationArchive.Filter = .gzip, + progress: ProgressHandler? = nil + ) async throws { + // For zstd, decompress once and reuse for both passes to avoid double decompression. + let fileToRead: URL + let readerFilter: ContainerizationArchive.Filter + var decompressedFile: URL? + if progress != nil && compression == .zstd { + let decompressed = try ArchiveReader.decompressZstd(source) + fileToRead = decompressed + readerFilter = .none + decompressedFile = decompressed + } else { + fileToRead = source + readerFilter = compression + } + defer { + if let decompressedFile { + ArchiveReader.cleanUpDecompressedZstd(decompressedFile) + } + } + + if let progress { + // First pass: scan headers to get totals (fast, metadata only) + let totals = try Self.scanArchiveHeaders(format: format, filter: readerFilter, file: fileToRead) + var totalEvents: [ProgressEvent] = [] + if totals.size > 0 { + totalEvents.append(.addTotalSize(totals.size)) + } + if totals.items > 0 { + totalEvents.append(.addTotalItems(totals.items)) + } + if !totalEvents.isEmpty { + await progress(totalEvents) + } + } + + // Unpack pass + let reader = try ArchiveReader( + format: format, + filter: readerFilter, + file: fileToRead + ) + try await self.unpackEntries(reader: reader, progress: progress) + } + + /// Scan archive headers to count the total number of bytes in regular files + /// and the total number of entries. + public static func scanArchiveHeaders( + format: ContainerizationArchive.Format, + filter: ContainerizationArchive.Filter, + file: URL + ) throws -> (size: Int64, items: Int) { + let reader = try ArchiveReader(format: format, filter: filter, file: file) + var totalSize: Int64 = 0 + var totalItems: Int = 0 + for (entry, _) in reader.makeStreamingIterator() { + try Task.checkCancellation() + guard entry.path != nil else { continue } + totalItems += 1 + if entry.fileType == .regular, entry.hardlink == nil, let size = entry.size { + totalSize += Int64(size) + } + } + return (size: totalSize, items: totalItems) + } + + /// Core unpack logic. When `progress` is nil the handler calls are skipped. + private func unpackEntries(reader: ArchiveReader, progress: ProgressHandler?) async throws { + var hardlinks: Hardlinks = [:] + // Allocate a single 128KiB reusable buffer for all files to minimize allocations + // and reduce the number of read calls to libarchive. + let bufferSize = 128 * 1024 + let reusableBuffer = UnsafeMutableBufferPointer.allocate(capacity: bufferSize) + defer { reusableBuffer.deallocate() } + + for (entry, streamReader) in reader.makeStreamingIterator() { + try Task.checkCancellation() + guard var pathEntry = entry.path else { + continue + } + + pathEntry = preProcessPath(s: pathEntry) + let path = FilePath(pathEntry) + + if path.base.hasPrefix(".wh.") { + if path.base == ".wh..wh..opq" { // whiteout directory + try self.unlink(path: path.dir, directoryWhiteout: true) + if let progress { + await progress([.addItems(1)]) + } + continue + } + let startIndex = path.base.index(path.base.startIndex, offsetBy: ".wh.".count) + let filePath = String(path.base[startIndex...]) + let dir: FilePath = path.dir + try self.unlink(path: dir.join(filePath)) + if let progress { + await progress([.addItems(1)]) + } + continue + } + + if let hardlink = entry.hardlink { + let hl = preProcessPath(s: hardlink) + hardlinks[path] = FilePath(hl) + if let progress { + await progress([.addItems(1)]) + } + continue + } + let ts = FileTimestamps( + access: entry.contentAccessDate, modification: entry.modificationDate, creation: entry.creationDate) + switch entry.fileType { + case .directory: + try self.create( + path: path, mode: EXT4.Inode.Mode(.S_IFDIR, UInt16(entry.permissions)), ts: ts, uid: entry.owner, + gid: entry.group, + xattrs: entry.xattrs) + case .regular: + try self.create( + path: path, mode: EXT4.Inode.Mode(.S_IFREG, UInt16(entry.permissions)), ts: ts, buf: streamReader, + uid: entry.owner, + gid: entry.group, xattrs: entry.xattrs, fileBuffer: reusableBuffer) + + if let progress, let size = entry.size { + await progress([.addSize(Int64(size))]) + } + case .symbolicLink: + var symlinkTarget: FilePath? + if let target = entry.symlinkTarget { + symlinkTarget = FilePath(target) + } + try self.create( + path: path, link: symlinkTarget, mode: EXT4.Inode.Mode(.S_IFLNK, UInt16(entry.permissions)), ts: ts, + uid: entry.owner, + gid: entry.group, xattrs: entry.xattrs) + default: + if let progress { + await progress([.addItems(1)]) + } + continue + } + + if let progress { + await progress([.addItems(1)]) + } + } + guard hardlinks.acyclic else { + throw UnpackError.circularLinks + } + for (path, _) in hardlinks { + if let resolvedTarget = try hardlinks.resolve(path) { + try self.link(link: path, target: resolvedTarget) + } + } + } + + private func preProcessPath(s: String) -> String { + var p = s + if p.hasPrefix("./") { + p = String(p.dropFirst()) + } + if !p.hasPrefix("/") { + p = "/" + p + } + return p + } +} + +/// Common errors for unpacking an archive onto an ext4 filesystem. +public enum UnpackError: Swift.Error, CustomStringConvertible, Sendable, Equatable { + /// The name is invalid. + case invalidName(_ name: String) + /// A circular link is found. + case circularLinks + + /// The description of the error. + public var description: String { + switch self { + case .invalidName(let name): + return "'\(name)' is an invalid name" + case .circularLinks: + return "circular links found" + } + } +} + +extension Hardlinks { + fileprivate var acyclic: Bool { + for (_, target) in self { + var visited: Set = [target] + var next = target + while let item = self[next] { + if visited.contains(item) { + return false + } + next = item + visited.insert(next) + } + } + return true + } + + fileprivate func resolve(_ key: FilePath) throws -> FilePath? { + let target = self[key] + guard let target else { + return nil + } + var next = target + var visited: Set = [next] + while let item = self[next] { + if visited.contains(item) { + throw UnpackError.circularLinks + } + next = item + visited.insert(next) + } + return next + } +} diff --git a/Sources/ContainerizationEXT4/Integer+Extensions.swift b/Sources/ContainerizationEXT4/Integer+Extensions.swift new file mode 100644 index 0000000..51a07de --- /dev/null +++ b/Sources/ContainerizationEXT4/Integer+Extensions.swift @@ -0,0 +1,131 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension UInt64 { + public var lo: UInt32 { + UInt32(self & 0xffff_ffff) + } + + public var hi: UInt32 { + UInt32(self >> 32) + } + + public static func - (lhs: Self, rhs: UInt32) -> UInt64 { + lhs - UInt64(rhs) + } + + public static func % (lhs: Self, rhs: UInt32) -> UInt64 { + lhs % UInt64(rhs) + } + + public static func / (lhs: Self, rhs: UInt32) -> UInt32 { + UInt32(lhs / UInt64(rhs)) + } + + public static func * (lhs: Self, rhs: UInt32) -> UInt64 { + lhs * UInt64(rhs) + } + + public static func * (lhs: Self, rhs: Int) -> UInt64 { + lhs * UInt64(rhs) + } +} + +extension UInt32 { + public var lo: UInt16 { + UInt16(self & 0xffff) + } + + public var hi: UInt16 { + UInt16(self >> 16) + } + + public static func + (lhs: Self, rhs: Int.IntegerLiteralType) -> UInt32 { + lhs + UInt32(rhs) + } + + public static func - (lhs: Self, rhs: Int.IntegerLiteralType) -> UInt32 { + lhs - UInt32(rhs) + } + + public static func / (lhs: Self, rhs: Int.IntegerLiteralType) -> UInt32 { + lhs / UInt32(rhs) + } + + public static func - (lhs: Self, rhs: UInt16) -> UInt32 { + lhs - UInt32(rhs) + } + + public static func * (lhs: Self, rhs: Int.IntegerLiteralType) -> Int { + Int(lhs) * rhs + } +} + +extension Int { + public static func + (lhs: Self, rhs: UInt32) -> Int { + lhs + Int(rhs) + } + + public static func + (lhs: Self, rhs: UInt32) -> UInt32 { + UInt32(lhs) + rhs + } +} + +extension UInt16 { + func isDir() -> Bool { + self & EXT4.FileModeFlag.TypeMask.rawValue == EXT4.FileModeFlag.S_IFDIR.rawValue + } + + func isLink() -> Bool { + self & EXT4.FileModeFlag.TypeMask.rawValue == EXT4.FileModeFlag.S_IFLNK.rawValue + } + + func isReg() -> Bool { + self & EXT4.FileModeFlag.TypeMask.rawValue == EXT4.FileModeFlag.S_IFREG.rawValue + } + + func fileType() -> UInt8 { + typealias FMode = EXT4.FileModeFlag + typealias FileType = EXT4.FileType + switch self & FMode.TypeMask.rawValue { + case FMode.S_IFREG.rawValue: + return FileType.regular.rawValue + case FMode.S_IFDIR.rawValue: + return FileType.directory.rawValue + case FMode.S_IFCHR.rawValue: + return FileType.character.rawValue + case FMode.S_IFBLK.rawValue: + return FileType.block.rawValue + case FMode.S_IFIFO.rawValue: + return FileType.fifo.rawValue + case FMode.S_IFSOCK.rawValue: + return FileType.socket.rawValue + case FMode.S_IFLNK.rawValue: + return FileType.symbolicLink.rawValue + default: + return FileType.unknown.rawValue + } + } +} + +extension [UInt8] { + var allZeros: Bool { + for num in self where num != 0 { + return false + } + return true + } +} diff --git a/Sources/ContainerizationEXT4/README.md b/Sources/ContainerizationEXT4/README.md new file mode 100644 index 0000000..8962833 --- /dev/null +++ b/Sources/ContainerizationEXT4/README.md @@ -0,0 +1,4 @@ +# ``ContainerizationEXT4`` + +`ContainerizationEXT4` provides functionality to read the superblock of an existing ext4 block device and format a new block device with +the ext4 file system. diff --git a/Sources/ContainerizationEXT4/UnsafeLittleEndianBytes.swift b/Sources/ContainerizationEXT4/UnsafeLittleEndianBytes.swift new file mode 100644 index 0000000..06d3ba4 --- /dev/null +++ b/Sources/ContainerizationEXT4/UnsafeLittleEndianBytes.swift @@ -0,0 +1,78 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CoreFoundation + +// takes a pointer and converts its contents to native endian bytes +public func withUnsafeLittleEndianBytes(of value: T, body: (UnsafeRawBufferPointer) throws -> Result) + rethrows -> Result +{ + switch Endian { + case .little: + return try withUnsafeBytes(of: value) { bytes in + try body(bytes) + } + case .big: + return try withUnsafeBytes(of: value) { buffer in + let reversedBuffer = Array(buffer.reversed()) + return try reversedBuffer.withUnsafeBytes { buf in + try body(buf) + } + } + } +} + +public func withUnsafeLittleEndianBuffer( + of value: UnsafeRawBufferPointer, body: (UnsafeRawBufferPointer) throws -> T +) rethrows -> T { + switch Endian { + case .little: + return try body(value) + case .big: + let reversed = Array(value.reversed()) + return try reversed.withUnsafeBytes { buf in + try body(buf) + } + } +} + +extension UnsafeRawBufferPointer { + // loads littleEndian raw data, converts it native endian format and calls UnsafeRawBufferPointer.load + public func loadLittleEndian(as type: T.Type) -> T { + switch Endian { + case .little: + return self.load(as: T.self) + case .big: + let buffer = Array(self.reversed()) + return buffer.withUnsafeBytes { ptr in + ptr.load(as: T.self) + } + } + } +} + +public enum Endianness { + case little + case big +} + +// returns current endianness +public var Endian: Endianness { + var value: UInt32 = 0x0102_0304 + return withUnsafeBytes(of: &value) { buffer in + buffer.first == 0x04 ? .little : .big + } +} diff --git a/Sources/ContainerizationError/ContainerizationError.swift b/Sources/ContainerizationError/ContainerizationError.swift new file mode 100644 index 0000000..2d1b36f --- /dev/null +++ b/Sources/ContainerizationError/ContainerizationError.swift @@ -0,0 +1,176 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// The core error type for Containerization. +/// +/// Most API surfaces for the core container/process/agent types will +/// return a ContainerizationError. +public struct ContainerizationError: Swift.Error, Sendable { + /// A code describing the error encountered. + public var code: Code + /// A description of the error. + public var message: String + /// The original error which led to this error being thrown. + public var cause: (any Error)? + + /// Creates a new error. + /// + /// - Parameters: + /// - code: The error code. + /// - message: A description of the error. + /// - cause: The original error which led to this error being thrown. + public init(_ code: Code, message: String, cause: (any Error)? = nil) { + self.code = code + self.message = message + self.cause = cause + } + + /// Creates a new error. + /// + /// - Parameters: + /// - rawCode: The error code value as a String. + /// - message: A description of the error. + /// - cause: The original error which led to this error being thrown. + public init(_ rawCode: String, message: String, cause: (any Error)? = nil) { + self.code = Code(rawValue: rawCode) + self.message = message + self.cause = cause + } + + /// Provides a unique hash of the error. + public func hash(into hasher: inout Hasher) { + hasher.combine(self.code) + hasher.combine(self.message) + } + + /// Equality operator for the error. Uses the code and message. + public static func == (lhs: Self, rhs: Self) -> Bool { + lhs.code == rhs.code && lhs.message == rhs.message + } + + /// Checks if the given error has the provided code. + public func isCode(_ code: Code) -> Bool { + self.code == code + } +} + +extension ContainerizationError: CustomStringConvertible { + /// Description of the error. + public var description: String { + guard let cause = self.cause else { + return "\(self.code): \"\(self.message)\"" + } + return "\(self.code): \"\(self.message)\" (cause: \"\(cause)\")" + } +} + +extension ContainerizationError: LocalizedError { + /// A localized message describing what error occurred. + public var errorDescription: String? { + guard let cause = self.cause else { + return message + } + return "\(message) (cause: \"\(cause)\")" + } +} + +extension ContainerizationError { + /// Codes for a `ContainerizationError`. + public struct Code: Sendable, Hashable { + private enum Value: Hashable, Sendable, CaseIterable { + case unknown + case invalidArgument + case internalError + case exists + case notFound + case cancelled + case invalidState + case empty + case timeout + case unsupported + case interrupted + } + + private var value: Value + private init(_ value: Value) { + self.value = value + } + + init(rawValue: String) { + let values = Value.allCases.reduce(into: [String: Value]()) { + $0[String(describing: $1)] = $1 + } + + let match = values[rawValue] + guard let match else { + fatalError("invalid code value \(rawValue)") + } + self.value = match + } + + public static var unknown: Self { + Self(.unknown) + } + + public static var invalidArgument: Self { + Self(.invalidArgument) + } + + public static var internalError: Self { + Self(.internalError) + } + + public static var exists: Self { + Self(.exists) + } + + public static var notFound: Self { + Self(.notFound) + } + + public static var cancelled: Self { + Self(.cancelled) + } + + public static var invalidState: Self { + Self(.invalidState) + } + + public static var empty: Self { + Self(.empty) + } + + public static var timeout: Self { + Self(.timeout) + } + + public static var unsupported: Self { + Self(.unsupported) + } + + public static var interrupted: Self { + Self(.interrupted) + } + } +} + +extension ContainerizationError.Code: CustomStringConvertible { + public var description: String { + String(describing: self.value) + } +} diff --git a/Sources/ContainerizationExtras/AddressAllocator.swift b/Sources/ContainerizationExtras/AddressAllocator.swift new file mode 100644 index 0000000..712aab5 --- /dev/null +++ b/Sources/ContainerizationExtras/AddressAllocator.swift @@ -0,0 +1,65 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Conforming objects can allocate and free various address types. +public protocol AddressAllocator: Sendable { + associatedtype AddressType: Sendable + + /// Allocate a new address. + func allocate() throws -> AddressType + + /// Attempt to reserve a specific address. + func reserve(_ address: AddressType) throws + + /// Free an allocated address. + func release(_ address: AddressType) throws + + /// If no addresses are allocated, prevent future allocations and return true. + func disableAllocator() -> Bool +} + +/// Errors that a type implementing AddressAllocator should throw. +public enum AllocatorError: Swift.Error, CustomStringConvertible, Equatable { + case allocatorDisabled + case allocatorFull + case alreadyAllocated(_ address: String) + case invalidAddress(_ index: String) + case invalidArgument(_ msg: String) + case invalidIndex(_ index: Int) + case notAllocated(_ address: String) + case rangeExceeded + + public var description: String { + switch self { + case .allocatorDisabled: + return "the allocator is shutting down" + case .allocatorFull: + return "no free indices are available for allocation" + case .alreadyAllocated(let address): + return "cannot choose already-allocated address \(address)" + case .invalidAddress(let address): + return "cannot create index using address \(address)" + case .invalidArgument(let msg): + return "invalid argument: \(msg)" + case .invalidIndex(let index): + return "cannot create address using index \(index)" + case .notAllocated(let address): + return "cannot free unallocated address \(address)" + case .rangeExceeded: + return "cannot create allocator that overflows maximum address value" + } + } +} diff --git a/Sources/ContainerizationExtras/AddressError.swift b/Sources/ContainerizationExtras/AddressError.swift new file mode 100644 index 0000000..dda7cd9 --- /dev/null +++ b/Sources/ContainerizationExtras/AddressError.swift @@ -0,0 +1,66 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +public struct AddressError: Error, Equatable, Hashable, CustomStringConvertible { + public var description: String { + String(describing: self.base) + } + + @usableFromInline + enum Base: Equatable, Hashable, Sendable { + case unableToParse + case invalidZoneIdentifier + case invalidIPv4Suffix + case multipleEllipsis + case invalidHexGroup + case malformedAddress + case incompleteAddress + } + + @usableFromInline + let base: Base + + @inlinable + init(_ base: Base) { self.base = base } + + public static var unableToParse: Self { + Self(.unableToParse) + } + + public static var invalidZoneIdentifier: Self { + Self(.invalidZoneIdentifier) + } + + public static var invalidIPv4SuffixInIPv6Address: Self { + Self(.invalidIPv4Suffix) + } + + public static var multipleEllipsis: Self { + Self(.multipleEllipsis) + } + + public static var invalidHexGroup: Self { + Self(.invalidHexGroup) + } + + public static var malformedAddress: Self { + Self(.malformedAddress) + } + + public static var incompleteAddress: Self { + Self(.incompleteAddress) + } +} diff --git a/Sources/ContainerizationExtras/AsyncLock.swift b/Sources/ContainerizationExtras/AsyncLock.swift new file mode 100644 index 0000000..a3c14b4 --- /dev/null +++ b/Sources/ContainerizationExtras/AsyncLock.swift @@ -0,0 +1,61 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Logging + +/// `AsyncLock` provides a familiar locking API, with the main benefit being that it +/// is safe to call async methods while holding the lock. This is primarily used in spots +/// where an actor makes sense, but we may need to ensure we don't fall victim to actor +/// reentrancy issues. +public actor AsyncLock { + private var busy = false + private var queue: ArraySlice> = [] + private var log: Logger? + + public struct Context: Sendable { + fileprivate init() {} + } + + public init(log: Logger? = nil) { + self.log = log + } + + /// withLock provides a scoped locking API to run a function while holding the lock. + public func withLock(logMetadata: Logger.Metadata? = nil, _ body: @Sendable @escaping (Context) async throws -> T) async rethrows -> T { + log?.debug("acquiring lock", metadata: logMetadata) + while self.busy { + await withCheckedContinuation { cc in + self.queue.append(cc) + } + } + + self.busy = true + + defer { + self.busy = false + if let next = self.queue.popFirst() { + next.resume(returning: ()) + } else { + self.queue = [] + } + } + + log?.debug("holding lock", metadata: logMetadata) + defer { log?.debug("releasing lock", metadata: logMetadata) } + let context = Context() + return try await body(context) + } +} diff --git a/Sources/ContainerizationExtras/AsyncMutex.swift b/Sources/ContainerizationExtras/AsyncMutex.swift new file mode 100644 index 0000000..83652de --- /dev/null +++ b/Sources/ContainerizationExtras/AsyncMutex.swift @@ -0,0 +1,59 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// `AsyncMutex` provides a mutex that protects a piece of data, with the main benefit being that it +/// is safe to call async methods while holding the lock. This is primarily used in spots +/// where an actor makes sense, but we may need to ensure we don't fall victim to actor +/// reentrancy issues. +public actor AsyncMutex { + private final class Box: @unchecked Sendable { + var value: T + init(_ value: T) { + self.value = value + } + } + + private var busy = false + private var queue: ArraySlice> = [] + private let box: Box + + public init(_ initialValue: T) { + self.box = Box(initialValue) + } + + /// withLock provides a scoped locking API to run a function while holding the lock. + /// The protected value is passed to the closure for safe access. + public func withLock(_ body: @Sendable @escaping (inout T) async throws -> R) async rethrows -> R { + while self.busy { + await withCheckedContinuation { cc in + self.queue.append(cc) + } + } + + self.busy = true + + defer { + self.busy = false + if let next = self.queue.popFirst() { + next.resume(returning: ()) + } else { + self.queue = [] + } + } + + return try await body(&self.box.value) + } +} diff --git a/Sources/ContainerizationExtras/CIDR.swift b/Sources/ContainerizationExtras/CIDR.swift new file mode 100644 index 0000000..8b562ec --- /dev/null +++ b/Sources/ContainerizationExtras/CIDR.swift @@ -0,0 +1,148 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Describes an IPv4 or IPv6 CIDR address block. +@frozen +public enum CIDR: CustomStringConvertible, Equatable, Sendable, Hashable { + + case v4(IPv4Address, Prefix) + case v6(IPv6Address, Prefix) + + /// Create a CIDR address block. + public init(_ cidr: String) throws { + if let cidrV4 = try? CIDRv4(cidr) { + self = .v4(cidrV4.address, cidrV4.prefix) + } else if let cidrV6 = try? CIDRv6(cidr) { + self = .v6(cidrV6.address, cidrV6.prefix) + } else { + throw Error.invalidCIDR(cidr: cidr) + } + } + + /// Create a CIDR address from a member IP and a prefix length. + public init(_ address: IPAddress, prefix: Prefix) throws { + switch address { + case .v4(let addr): + guard prefix.length <= 32 else { + throw Error.invalidCIDR(cidr: "\(address)/\(prefix)") + } + self = .v4(addr, prefix) + case .v6(let addr): + guard prefix.length <= 128 else { + throw Error.invalidCIDR(cidr: "\(address)/\(prefix)") + } + self = .v6(addr, prefix) + } + } + + /// Create the smallest CIDR block that includes the lower and upper bounds. + /// + /// For type-safe construction, prefer `v4Range(lower:upper:)` or `v6Range(lower:upper:)`. + public init(lower: IPAddress, upper: IPAddress) throws { + switch (lower, upper) { + case (.v4(let lowerAddr), .v4(let upperAddr)): + let cidr = try CIDRv4(lower: lowerAddr, upper: upperAddr) + self = .v4(cidr.address, cidr.prefix) + case (.v6(let lowerAddr), .v6(let upperAddr)): + let cidr = try CIDRv6(lower: lowerAddr, upper: upperAddr) + self = .v6(cidr.address, cidr.prefix) + default: + throw Error.invalidAddressRange(lower: lower.description, upper: upper.description) + } + } + + /// The IP component of this CIDR address. + @inlinable + public var address: IPAddress { + switch self { + case .v4(let addr, _): + return .v4(addr) + case .v6(let addr, _): + return .v6(addr) + } + } + + /// The prefix length of this CIDR address. + @inlinable + public var prefix: Prefix { + switch self { + case .v4(_, let prefix), .v6(_, let prefix): + return prefix + } + } + + /// The lowest address in this CIDR block + @inlinable + public var lower: IPAddress { + switch self { + case (.v4(let addr, let prefix)): + return .v4(IPv4Address(addr.value & prefix.prefixMask32)) + case (.v6(let addr, let prefix)): + return .v6(IPv6Address(addr.value & prefix.prefixMask128)) + } + } + + /// The highest address in this CIDR block (broadcast address). + @inlinable + public var upper: IPAddress { + switch self { + case .v4(let addr, let prefix): + return .v4(IPv4Address(addr.value | prefix.suffixMask32)) + case .v6(let addr, let prefix): + return .v6(IPv6Address(addr.value | prefix.suffixMask128, zone: addr.zone)) + } + } + + /// Return true if the CIDR block contains the specified address. + /// + /// Compares network portion of the given IP address. + @inlinable + public func contains(_ ip: IPAddress) -> Bool { + switch (self, ip) { + case (.v4(let network, let prefix), .v4(let ip)): + return network.value == (ip.value & prefix.prefixMask32) + case (.v6(let network, let prefix), .v6(let ip)): + return (network.zone == ip.zone) && (network.value == (ip.value & prefix.prefixMask128)) + default: + return false + } + } + + /// Retrieve the text representation of the CIDR block. + public var description: String { + "\(address)/\(prefix)" + } +} + +extension CIDR { + public enum Error: Swift.Error { + case invalidCIDR(cidr: String) + case invalidAddressRange(lower: String, upper: String) + } +} + +extension CIDR: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} diff --git a/Sources/ContainerizationExtras/CIDRv4.swift b/Sources/ContainerizationExtras/CIDRv4.swift new file mode 100644 index 0000000..d7823b0 --- /dev/null +++ b/Sources/ContainerizationExtras/CIDRv4.swift @@ -0,0 +1,122 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Describes an IPv4 CIDR address block. +@frozen +public struct CIDRv4: CustomStringConvertible, Equatable, Sendable, Hashable { + /// The IP component of this CIDR address. + public let address: IPv4Address + + /// The prefix length of this CIDR address. + public let prefix: Prefix + + /// Create a CIDR address block. + public init(_ cidr: String) throws { + let split = cidr.split(separator: "/") + guard split.count == 2 else { + throw CIDR.Error.invalidCIDR(cidr: cidr) + } + guard let prefixLength = UInt8(split[1]), let prefix = Prefix(length: prefixLength) else { + throw CIDR.Error.invalidCIDR(cidr: cidr) + } + + let address = try IPv4Address(String(split[0])) + try self.init(address, prefix: prefix) + } + + /// Create a CIDR address from a member IP and a prefix length. + public init(_ address: IPv4Address, prefix: Prefix) throws { + guard prefix.length <= 32 else { + throw CIDR.Error.invalidCIDR(cidr: "\(address)/\(prefix)") + } + self.address = address + self.prefix = prefix + } + + /// Create the smallest IPv4 CIDR block that includes the lower and upper bounds. + /// + /// - Parameters: + /// - lower: The lower bound IPv4 address + /// - upper: The upper bound IPv4 address + /// - Returns: The smallest CIDR block containing both addresses + /// - Throws: If lower > upper + public init(lower: IPv4Address, upper: IPv4Address) throws { + guard lower.value <= upper.value else { + throw CIDR.Error.invalidAddressRange(lower: lower.description, upper: upper.description) + } + + for length in 1...32 { + let prefixLength = Prefix(unchecked: UInt8(length)) + let mask = prefixLength.prefixMask32 + if (lower.value & mask) != (upper.value & mask) { + let prefix = Prefix(unchecked: UInt8(length - 1)) + let networkAddr = IPv4Address(lower.value & prefix.prefixMask32) + try self.init(networkAddr, prefix: prefix) + return + } + } + // Same address - /32 block + let prefix = Prefix(unchecked: 32) + let networkAddr = IPv4Address(lower.value & prefix.prefixMask32) + try self.init(networkAddr, prefix: prefix) + } + + /// The lowest address in this CIDR block + @inlinable + public var lower: IPv4Address { + IPv4Address(address.value & prefix.prefixMask32) + } + + /// The highest address in this CIDR block (broadcast address). + @inlinable + public var upper: IPv4Address { + IPv4Address(address.value | prefix.suffixMask32) + } + + /// Return true if the CIDR block contains the specified address. + /// + /// Compares network portion of the given IP address. + @inlinable + public func contains(_ ip: IPv4Address) -> Bool { + (address.value & prefix.prefixMask32) == (ip.value & prefix.prefixMask32) + } + + /// Retrieve the text representation of the CIDR block. + public var description: String { + "\(address)/\(prefix)" + } +} + +extension CIDRv4: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} + +extension CIDRv4 { + /// The gateway address of the network. Conventionally the first usable + /// address in the subnet (`lower + 1`). + public var gateway: IPv4Address { + IPv4Address(self.lower.value + 1) + } +} diff --git a/Sources/ContainerizationExtras/CIDRv6.swift b/Sources/ContainerizationExtras/CIDRv6.swift new file mode 100644 index 0000000..b336124 --- /dev/null +++ b/Sources/ContainerizationExtras/CIDRv6.swift @@ -0,0 +1,115 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Describes an IPv4 or IPv6 CIDR address block. +@frozen +public struct CIDRv6: CustomStringConvertible, Equatable, Sendable, Hashable { + + /// The IP component of this CIDR address. + public let address: IPv6Address + + /// The prefix length of this CIDR address. + public let prefix: Prefix + + /// Create a CIDR address block. + public init(_ cidr: String) throws { + let split = cidr.split(separator: "/") + guard split.count == 2 else { + throw CIDR.Error.invalidCIDR(cidr: cidr) + } + guard let prefixLength = UInt8(split[1]), let prefix = Prefix(length: prefixLength) else { + throw CIDR.Error.invalidCIDR(cidr: cidr) + } + + let address = try IPv6Address(String(split[0])) + try self.init(address, prefix: prefix) + } + + /// Create a CIDR address from a member IP and a prefix length. + public init(_ address: IPv6Address, prefix: Prefix) throws { + guard prefix.length <= 128 else { + throw CIDR.Error.invalidCIDR(cidr: "\(address)/\(prefix)") + } + self.address = address + self.prefix = prefix + } + + /// Create the smallest IPv6 CIDR block that includes the lower and upper bounds. + /// + /// - Parameters: + /// - lower: The lower bound IPv6 address + /// - upper: The upper bound IPv6 address + /// - Returns: The smallest CIDR block containing both addresses + /// - Throws: If lower > upper or zones don't match + public init(lower: IPv6Address, upper: IPv6Address) throws { + guard lower.value <= upper.value && lower.zone == upper.zone else { + throw CIDR.Error.invalidAddressRange(lower: lower.description, upper: upper.description) + } + + for length in 1...128 { + let prefixLength = Prefix(unchecked: UInt8(length)) + let mask = prefixLength.prefixMask128 + if (lower.value & mask) != (upper.value & mask) { + let prefix = Prefix(unchecked: UInt8(length - 1)) + let networkAddr = IPv6Address(lower.value & prefix.prefixMask128, zone: lower.zone) + try self.init(networkAddr, prefix: prefix) + return + } + } + // Same address - /128 block + let prefix = Prefix(unchecked: 128) + let networkAddr = IPv6Address(lower.value & prefix.prefixMask128, zone: lower.zone) + try self.init(networkAddr, prefix: prefix) + } + + /// The lowest address in this CIDR block + @inlinable + public var lower: IPv6Address { + IPv6Address(address.value & prefix.prefixMask128) + } + + /// The highest address in this CIDR block (broadcast address). + @inlinable + public var upper: IPv6Address { + IPv6Address(address.value | prefix.suffixMask128, zone: address.zone) + } + + /// Return true if the CIDR block contains the specified address. + /// + /// Compares network portion of the given IP address. + @inlinable + public func contains(_ ip: IPv6Address) -> Bool { + (address.zone == ip.zone) && ((address.value & prefix.prefixMask128) == (ip.value & prefix.prefixMask128)) + } + + /// Retrieve the text representation of the CIDR block. + public var description: String { + "\(address)/\(prefix)" + } +} + +extension CIDRv6: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} diff --git a/Sources/ContainerizationExtras/FileManager+Temporary.swift b/Sources/ContainerizationExtras/FileManager+Temporary.swift new file mode 100644 index 0000000..d03acdf --- /dev/null +++ b/Sources/ContainerizationExtras/FileManager+Temporary.swift @@ -0,0 +1,29 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension FileManager { + /// Returns a unique temporary directory to use. + public func uniqueTemporaryDirectory(create: Bool = true) -> URL { + let tempDirectoryURL = temporaryDirectory + let uniqueDirectoryURL = tempDirectoryURL.appendingPathComponent(UUID().uuidString) + if create { + try? createDirectory(at: uniqueDirectoryURL, withIntermediateDirectories: true, attributes: nil) + } + return uniqueDirectoryURL + } +} diff --git a/Sources/ContainerizationExtras/IPAddress.swift b/Sources/ContainerizationExtras/IPAddress.swift new file mode 100644 index 0000000..8b40f16 --- /dev/null +++ b/Sources/ContainerizationExtras/IPAddress.swift @@ -0,0 +1,148 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// Represents an IP address that can be either IPv4 or IPv6. +@frozen +public enum IPAddress: Sendable, Hashable, CustomStringConvertible, Equatable { + /// An IPv4 address + case v4(IPv4Address) + + /// An IPv6 address + case v6(IPv6Address) + + /// Parses an IP address string, automatically detecting IPv4 or IPv6 format. + /// + /// - Parameter string: IP address string to parse + /// - Returns: An `IPAddress` containing either an IPv4 or IPv6 address + /// - Throws: `AddressError.unableToParse` if invalid + public init(_ string: String) throws { + let utf8 = string.utf8 + var hasColon = false + var hasDot = false + + for byte in utf8 { + if byte == 58 { // ASCII ':' + hasColon = true + break + } + if byte == 46 { // ASCII '.' + hasDot = true + } + } + + if hasColon { + let ipv6 = try IPv6Address.parse(string) + self = .v6(ipv6) + } else if hasDot { + let ipv4 = try IPv4Address(string) + self = .v4(ipv4) + } else { + throw AddressError.unableToParse + } + } + + /// String representation of the IP address. + public var description: String { + switch self { + case .v4(let addr): + return addr.description + case .v6(let addr): + return addr.description + } + } + + /// Returns `true` if this is an IPv4 address. + @inlinable + public var isV4: Bool { + if case .v4 = self { + return true + } + return false + } + + /// Returns `true` if this is an IPv6 address. + @inlinable + public var isV6: Bool { + if case .v6 = self { + return true + } + return false + } + + /// Returns the underlying IPv4 address if this is an IPv4 address, otherwise `nil`. + @inlinable + public var ipv4: IPv4Address? { + if case .v4(let addr) = self { + return addr + } + return nil + } + + /// Returns the underlying IPv6 address if this is an IPv6 address, otherwise `nil`. + @inlinable + public var ipv6: IPv6Address? { + if case .v6(let addr) = self { + return addr + } + return nil + } + + /// Returns `true` if this is a loopback address (127.0.0.0/8 or ::1). + @inlinable + public var isLoopback: Bool { + switch self { + case .v4(let addr): + return addr.isLoopback + case .v6(let addr): + return addr.isLoopback + } + } + + /// Returns `true` if this is a multicast address. + @inlinable + public var isMulticast: Bool { + switch self { + case .v4(let addr): + return addr.isMulticast + case .v6(let addr): + return addr.isMulticast + } + } + + /// Returns `true` if this is an unspecified address (0.0.0.0 or ::). + @inlinable + public var isUnspecified: Bool { + switch self { + case .v4(let addr): + return addr.isUnspecified + case .v6(let addr): + return addr.isUnspecified + } + } +} + +extension IPAddress: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} diff --git a/Sources/ContainerizationExtras/IPv4Address.swift b/Sources/ContainerizationExtras/IPv4Address.swift new file mode 100644 index 0000000..eb7546b --- /dev/null +++ b/Sources/ContainerizationExtras/IPv4Address.swift @@ -0,0 +1,250 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +@frozen +public struct IPv4Address: Sendable, Hashable, CustomStringConvertible, Equatable, Comparable { + public let value: UInt32 + + /// Creates an IPv4Address from an unsigned integer. + /// + /// - Parameter string: The integer representation of the address. + @inlinable + public init(_ value: UInt32) { + self.value = value + } + + /// Creates an IPv4Address from 4 bytes. + /// + /// - Parameters: + /// - bytes: 4-byte array in network byte order representing the IPv4 address + /// - Throws: `AddressError.unableToParse` if the byte array length is not 4 + @inlinable + public init(_ bytes: [UInt8]) throws { + guard bytes.count == 4 else { + throw AddressError.unableToParse + } + self.value = + (UInt32(bytes[0]) << 24) + | (UInt32(bytes[1]) << 16) + | (UInt32(bytes[2]) << 8) + | UInt32(bytes[3]) + } + + /// Creates an IPv4Address from a string representation. + /// + /// - Parameter string: The IPv4 address string in dotted decimal notation (e.g., "192.168.1.1") + /// - Throws: `AddressError.unableToParse` if the string is not a valid IPv4 address + @inlinable + public init(_ string: String) throws { + self.value = try Self.parse(string) + } + + @inlinable + public var bytes: [UInt8] { + Self.bytes(value) + } + + @usableFromInline + static func bytes(_ value: UInt32) -> [UInt8] { + var result = [UInt8](repeating: 0, count: 4) + result[0] = UInt8((value >> 24) & 0xff) + result[1] = UInt8((value >> 16) & 0xff) + result[2] = UInt8((value >> 8) & 0xff) + result[3] = UInt8(value & 0xff) + return result + } + + // TODO: spans? + @available(macOS 26.0, *) + @usableFromInline + static func bytes(_ value: UInt32) -> InlineArray<4, UInt8> { + let result: InlineArray<4, UInt8> = [ + UInt8((value >> 24) & 0xff), + UInt8((value >> 16) & 0xff), + UInt8((value >> 8) & 0xff), + UInt8(value & 0xff), + ] + return result + } + + @inlinable + public var description: String { + "\(bytes[0]).\(bytes[1]).\(bytes[2]).\(bytes[3])" + } + + /// Parses an IPv4 address string in dotted decimal notation into a UInt32 representation. + /// + /// ## Validation Rules + /// - Exactly 4 octets separated by dots + /// - Each octet must be 0-255 + /// - No leading zeros (except for "0" itself) + /// - No whitespace characters + /// - Only digits and dots allowed + /// + /// ## Examples + /// ```swift + /// IPv4Address.parse("192.168.1.1") // Returns: 3232235777 + /// IPv4Address.parse("127.0.0.1") // Returns: 2130706433 + /// IPv4Address.parse("0.0.0.0") // Returns: 0 + /// IPv4Address.parse("255.255.255.255") // Returns: 4294967295 + /// + /// // Invalid examples: + /// IPv4Address.parse("192.168.1") // Wrong number of octets + /// IPv4Address.parse("192.168.1.256") // Octet out of range + /// IPv4Address.parse("192.168.001.1") // Leading zeros + /// IPv4Address.parse(" 192.168.1.1 ") // Whitespace + /// ``` + /// + /// - Parameter s: The IPv4 address string to parse + /// - Returns: The 32-bit representation of the IP address, or `nil` if parsing fails + /// - Note: The returned value is in network byte order (big-endian) + @usableFromInline + internal static func parse(_ s: String) throws -> UInt32 { + guard !s.isEmpty, s.count >= 7, s.count <= 15 else { + throw AddressError.unableToParse + } + + // IP addresses should only contain ASCII digits and dots + let utf8 = s.utf8 + for byte in utf8 { + // ASCII whitespace: space(32), tab(9), newline(10), return(13) + if byte == 32 || byte == 9 || byte == 10 || byte == 13 { + throw AddressError.unableToParse + } + } + + // accumulator for the 32bit representation of the IPv4 address + var result: UInt32 = 0 + + // tracking octet count, max 4 allowed + var octetCount = 0 + var currentOctet = 0 + + // number of digits in the string representation of the octet, max 3 + var digitCount = 0 + + for byte in utf8 { + if byte == 46 { // ASCII '.' + // Validate octet before processing + guard octetCount < 3, digitCount > 0, digitCount <= 3, currentOctet <= 255 else { + throw AddressError.unableToParse + } + + // Shift result and add current octet + result = (result << 8) | UInt32(currentOctet) + + // Reset for next octet + octetCount += 1 + currentOctet = 0 + digitCount = 0 + + } else if byte >= 48 && byte <= 57 { // ASCII '0'-'9' + let digit = Int(byte - 48) + + digitCount += 1 + + // Check for invalid leading zeros: "01", "001", etc. + // Allow single "0" but reject multi-digit numbers starting with 0 + if digitCount == 1 && digit == 0 { + // First digit is 0 - this is only valid if it's the only digit + currentOctet = 0 + } else if digitCount > 1 && currentOctet == 0 { + // We had a leading zero and now have more digits - invalid + throw AddressError.unableToParse + } else { + // Normal case: build the octet value + currentOctet = currentOctet * 10 + digit + } + + // Early termination if octet becomes too large + guard currentOctet <= 255, digitCount <= 3 else { + throw AddressError.unableToParse + } + + } else { + throw AddressError.unableToParse + } + } + + // Validate final octet + guard octetCount == 3, digitCount > 0, digitCount <= 3, currentOctet <= 255 else { + throw AddressError.unableToParse + } + + return (result << 8) | UInt32(currentOctet) + } + + // MARK: - Address Classification Methods + + /// Returns `true` if this is the unspecified address (0.0.0.0). + /// + /// Per RFC 791, 0.0.0.0 is the "this network" address. + @inlinable + public var isUnspecified: Bool { + value == 0 + } + + /// Returns `true` if this is a loopback address (127.0.0.0/8). + /// + /// Per RFC 1122 Section 3.2.1.3, the entire 127.0.0.0/8 block is reserved for loopback. + @inlinable + public var isLoopback: Bool { + (value & 0xFF00_0000) == 0x7F00_0000 + } + + /// Returns `true` if this is a multicast address (224.0.0.0/4). + /// + /// Per RFC 1112, addresses in the range 224.0.0.0 to 239.255.255.255 are multicast addresses. + @inlinable + public var isMulticast: Bool { + (value & 0xF000_0000) == 0xE000_0000 + } + + /// Returns `true` if this is a link-local address (169.254.0.0/16). + /// + /// Per RFC 3927, 169.254.0.0/16 is reserved for link-local addresses (APIPA/Auto-IP). + @inlinable + public var isLinkLocal: Bool { + (value & 0xFFFF_0000) == 0xA9FE_0000 + } + + /// Returns `true` if this is the limited broadcast address (255.255.255.255). + /// + /// Per RFC 919/922, 255.255.255.255 is the limited broadcast address. + @inlinable + public var isBroadcast: Bool { + value == 0xFFFF_FFFF + } + + /// Compares two IPv4 addresses numerically. + @inlinable + public static func < (lhs: IPv4Address, rhs: IPv4Address) -> Bool { + lhs.value < rhs.value + } +} + +extension IPv4Address: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} diff --git a/Sources/ContainerizationExtras/IPv6Address+Parse.swift b/Sources/ContainerizationExtras/IPv6Address+Parse.swift new file mode 100644 index 0000000..f6793f7 --- /dev/null +++ b/Sources/ContainerizationExtras/IPv6Address+Parse.swift @@ -0,0 +1,333 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension IPv6Address { + /// Parses an IPv6 address string into an IPv6Address instance. + /// + /// Follows RFC 4291 and RFC 5952. + /// + /// This function supports standard IPv6 notation including: + /// - Full addresses: `2001:0db8:0000:0042:0000:8a2e:0370:7334` + /// - Zero compression: `2001:db8::8a2e:370:7334` + /// - Leading zero omission: `2001:db8:0:42:0:8a2e:370:7334` + /// - Unspecified address: `::` + /// - Zone identifiers: `fe80::1%eth0` + /// + /// - Parameter input: IPv6 address string (with optional zone identifier after %) + /// - Returns: An `IPv6Address` instance representing the parsed address + /// + /// ## Example Usage + /// ```swift + /// let addr1 = try IPv6Address.parse("2001:db8::1") + /// let addr2 = try IPv6Address.parse("::") // Unspecified address + /// let addr3 = try IPv6Address.parse("fe80::1%eth0") // With zone identifier + /// ``` + static func parse(_ input: String) throws -> IPv6Address { + var ipBytes = [UInt8](repeating: 0, count: 16) + var ellipsisPosition: Int? + + // Extract zone identifier + let (address, zone) = try extractZoneIdentifier(from: input) + + // RFC 4291 Section 2.2.3: IPv4 suffix must be at the end (last 32 bits) + var remainingAddress = address + var ipv6ByteLimit = 16 // Maximum bytes available for IPv6 hex groups + var hasIPv4Suffix = false + + // check if the IPv6 address has IPv4 address in it. + if let (ipv6Part, ipv4Bytes) = try extractIPv4Suffix(from: address) { + // If IPv4 present, save directly to last 4 bytes. + ipBytes[12] = ipv4Bytes[0] + ipBytes[13] = ipv4Bytes[1] + ipBytes[14] = ipv4Bytes[2] + ipBytes[15] = ipv4Bytes[3] + + // Update address and limit IPv6 parsing to first 12 bytes (6 groups max) + remainingAddress = ipv6Part + ipv6ByteLimit = 12 + hasIPv4Suffix = true + } + + // Handle leading ellipsis in the IPv6 part + if remainingAddress.utf8.starts(with: [58, 58]) { // "::" + ellipsisPosition = 0 + remainingAddress = String(remainingAddress.dropFirst(2)) + + // Special case: "::" represents the unspecified address (all zeros) + // But if we have IPv4 suffix, the IPv4 bytes are already set correctly + if remainingAddress.isEmpty { + // If we have IPv4 suffix, ipBytes already has the IPv4 data, just return + if hasIPv4Suffix { + return try Self(ipBytes, zone: zone) + } + + // Pure "::" - Return the unspecified address, handling zone identifiers + if let zone = zone, !zone.isEmpty { + return try Self(ipBytes, zone: zone) + } + return .unspecified + } + } + + // Parse IPv6 hex groups up to the byte limit + var byteIndex = 0 + let utf8 = remainingAddress.utf8 + var currentPosition = utf8.startIndex + + while byteIndex < ipv6ByteLimit && currentPosition < utf8.endIndex { + let (hexValue, nextPosition) = try parseHexadecimal( + from: utf8, + startingAt: currentPosition + ) + + // Store the UInt16 in network-byte order + ipBytes[byteIndex] = UInt8(hexValue >> 8) + ipBytes[byteIndex + 1] = UInt8(hexValue & 0xFF) + byteIndex += 2 + currentPosition = nextPosition + + // Terminate early if we have consumed the whole string + if currentPosition == utf8.endIndex { + break + } + + // Parse separator and handle ellipsis detection + currentPosition = try skipColonSeparator( + from: utf8, + at: currentPosition, + currentByteIndex: byteIndex, + ellipsisPosition: &ellipsisPosition + ) + } + + // Validate complete consumption of input + guard currentPosition >= utf8.endIndex else { + throw AddressError.malformedAddress + } + + // Apply ellipsis expansion for the IPv6 portion + try expandEllipsis( + in: &ipBytes, + parsedBytes: byteIndex, + ellipsisPosition: ellipsisPosition, + byteLimit: ipv6ByteLimit + ) + let value = ipBytes.reduce(UInt128(0)) { ($0 << 8) | UInt128($1) } + return Self(value, zone: zone) + } + + // MARK: - Helper Functions + + /// Extracts IPv4 suffix if present at the end of the address + /// + /// Follows: RFC 4291 Section 2.2.3: Alternative form x:x:x:x:x:x:d.d.d.d + /// IPv4 must be the last 32 bits and preceded by a colon + /// + /// - Parameter input: The IPv6 address string to check + /// - Returns: Optional tuple of (IPv6 part without IPv4, IPv4 bytes array) if IPv4 found, nil otherwise + /// - Throws: `AddressError.invalidIPv4Suffix` for invalid IPv4 addresses + internal static func extractIPv4Suffix(from input: String) throws -> (String, [UInt8])? { + // must contain a dot to be IPv4 + guard input.utf8.contains(46) else { // ASCII '.' + return nil + } + + // IPv4 address must be present after last colon + guard let lastColonIndex = input.lastIndex(of: ":") else { + return nil + } + + // TODO: maybe refactor for performance + let afterColon = input.index(after: lastColonIndex) + guard afterColon < input.endIndex else { + return nil + } + + let possibleIPv4 = String(input[afterColon...]) + guard let ipv4Value = try? IPv4Address.parse(possibleIPv4) else { + throw AddressError.invalidIPv4SuffixInIPv6Address + } + + // Check if lastColonIndex is the second ':' of '::'. If so, ensure to include it. + let isDoubleColon = lastColonIndex > input.startIndex && input[input.index(before: lastColonIndex)] == ":" + let ipv6Part = isDoubleColon ? String(input[...lastColonIndex]) : String(input[.. (String, String?) { + guard let percentIndex = input.lastIndex(of: "%") else { + return (input, nil) + } + + let zoneStartIndex = input.index(after: percentIndex) + guard zoneStartIndex < input.endIndex else { + throw AddressError.invalidZoneIdentifier + } + + let addressPart = String(input[.. (UInt16, String.UTF8View.Index) { + var accumulator: UInt16 = 0 + var digitCount = 0 + var currentIndex = startIndex + + while currentIndex < group.endIndex && digitCount < 4 { + let byte = group[currentIndex] + + // Fast hex digit parsing using ASCII values + let hexValue: UInt16 + if byte >= 48 && byte <= 57 { // '0'-'9' + hexValue = UInt16(byte - 48) + } else if byte >= 65 && byte <= 70 { // 'A'-'F' + hexValue = UInt16(byte - 65 + 10) + } else if byte >= 97 && byte <= 102 { // 'a'-'f' + hexValue = UInt16(byte - 97 + 10) + } else { + break // Not a hex digit + } + + accumulator = (accumulator << 4) + hexValue + digitCount += 1 + currentIndex = group.index(after: currentIndex) + } + + guard digitCount > 0 else { + // No hex digits found + throw AddressError.invalidHexGroup + } + return (accumulator, currentIndex) + } + + /// Parses a colon separator between IPv6 groups and detects ellipsis notation (::). + /// + /// - Parameters: + /// - utf8: The UTF-8 view being parsed + /// - position: Current position in the UTF-8 view (must point to a colon) + /// - currentByteIndex: Current byte index in the IP array + /// - ellipsisPosition: Inout parameter tracking ellipsis position + /// - Returns: Next position in the UTF-8 view after parsing separator + /// + /// ## Example + /// ```swift + /// let utf8 = "2001:db8::1".utf8 + /// var ellipsisPos: Int? = nil + /// // After parsing "2001", position points to first ':' + /// let nextPos = try skipColonSeparator(from: utf8, at: position, + /// currentByteIndex: 2, + /// ellipsisPosition: &ellipsisPos) + /// // For single colon: nextPos points to 'd' in 'db8' + /// // For double colon (::): ellipsisPos = 2, nextPos points to '1' + /// ``` + private static func skipColonSeparator( + from group: String.UTF8View, + at position: String.UTF8View.Index, + currentByteIndex: Int, + ellipsisPosition: inout Int? + ) throws -> String.UTF8View.Index { + // Expect colon separator + guard group[position] == 58 else { // ASCII ':' + throw AddressError.malformedAddress + } + + let afterFirstColon = group.index(after: position) + guard afterFirstColon < group.endIndex else { + // Trailing colon not allowed + throw AddressError.malformedAddress + } + + // Check for double colon, return position after that + if group[afterFirstColon] == 58 { // ASCII ':' + guard ellipsisPosition == nil else { + // Multiple :: not allowed + throw AddressError.multipleEllipsis + } + ellipsisPosition = currentByteIndex + let afterSecondColon = group.index(after: afterFirstColon) + return afterSecondColon + } + return afterFirstColon + } + + /// Expands ellipsis for IPv6 addresses + /// + /// - Parameters: + /// - ipBytes: Inout array of IP bytes to modify + /// - parsedBytes: Number of bytes already parsed for IPv6 groups + /// - ellipsisPosition: Optional position where ellipsis was found + /// - byteLimit: Maximum bytes available for IPv6 (16 for pure IPv6, 12 if IPv4 suffix present) + /// - Throws: `AddressError.incompleteAddress` for invalid address lengths + private static func expandEllipsis( + in ipBytes: inout [UInt8], + parsedBytes: Int, + ellipsisPosition: Int?, + byteLimit: Int = 16 + ) throws { + guard let ellipsisPosition = ellipsisPosition else { + // No ellipsis - validate we have exactly filled the available bytes + guard parsedBytes == byteLimit else { + throw AddressError.incompleteAddress // Incomplete address without ellipsis + } + return + } + + // Calculate expansion within the byte limit + let bytesToExpand = byteLimit - parsedBytes + guard bytesToExpand > 0 else { + throw AddressError.malformedAddress // No room for ellipsis expansion + } + + let suffixBytes = Array(ipBytes[ellipsisPosition..> 112) & 0xFFFF), + UInt16((value >> 96) & 0xFFFF), + UInt16((value >> 80) & 0xFFFF), + UInt16((value >> 64) & 0xFFFF), + UInt16((value >> 48) & 0xFFFF), + UInt16((value >> 32) & 0xFFFF), + UInt16((value >> 16) & 0xFFFF), + UInt16(value & 0xFFFF), + ] + + // Find the longest run of consecutive zeros for :: compression + var longestZeroStart = -1 + var longestZeroLength = 0 + var currentZeroStart = -1 + var currentZeroLength = 0 + + for (index, group) in groups.enumerated() { + if group == 0 { + if currentZeroStart == -1 { + currentZeroStart = index + currentZeroLength = 1 + } else { + currentZeroLength += 1 + } + } else { + if currentZeroLength > longestZeroLength { + longestZeroStart = currentZeroStart + longestZeroLength = currentZeroLength + } + currentZeroStart = -1 + currentZeroLength = 0 + } + } + if currentZeroLength > longestZeroLength { + longestZeroStart = currentZeroStart + longestZeroLength = currentZeroLength + } + + let useCompression = longestZeroLength >= 2 + + var result = "" + var index = 0 + + while index < 8 { + if useCompression && index == longestZeroStart { + if index == 0 { + result += "::" + } else { + result += ":" + } + // Skip the compressed zeros + index += longestZeroLength + + // If we compressed to the end, we're done + if index >= 8 { + break + } + } else { + // Add the group in lowercase hex without leading zeros + result += String(groups[index], radix: 16, uppercase: false) + index += 1 + + // Add colon if not at the end + if index < 8 { + result += ":" + } + } + } + + if let zone = zone { + result += "%" + zone + } + + return result + } + + @inlinable + public var bytes: [UInt8] { + Self.bytes(self.value) + } + + @usableFromInline + internal static func bytes(_ value: UInt128) -> [UInt8] { + var result = [UInt8](repeating: 0, count: 16) + result[0] = UInt8((value >> 120) & 0xff) + result[1] = UInt8((value >> 112) & 0xff) + result[2] = UInt8((value >> 104) & 0xff) + result[3] = UInt8((value >> 96) & 0xff) + result[4] = UInt8((value >> 88) & 0xff) + result[5] = UInt8((value >> 80) & 0xff) + result[6] = UInt8((value >> 72) & 0xff) + result[7] = UInt8((value >> 64) & 0xff) + result[8] = UInt8((value >> 56) & 0xff) + result[9] = UInt8((value >> 48) & 0xff) + result[10] = UInt8((value >> 40) & 0xff) + result[11] = UInt8((value >> 32) & 0xff) + result[12] = UInt8((value >> 24) & 0xff) + result[13] = UInt8((value >> 16) & 0xff) + result[14] = UInt8((value >> 8) & 0xff) + result[15] = UInt8(value & 0xff) + return result + } + + @available(macOS 26.0, *) + @usableFromInline + internal static func bytes(_ value: UInt128) -> InlineArray<16, UInt8> { + let result: InlineArray<16, UInt8> = [ + UInt8((value >> 120) & 0xff), + UInt8((value >> 112) & 0xff), + UInt8((value >> 104) & 0xff), + UInt8((value >> 96) & 0xff), + UInt8((value >> 88) & 0xff), + UInt8((value >> 80) & 0xff), + UInt8((value >> 72) & 0xff), + UInt8((value >> 64) & 0xff), + UInt8((value >> 56) & 0xff), + UInt8((value >> 48) & 0xff), + UInt8((value >> 40) & 0xff), + UInt8((value >> 32) & 0xff), + UInt8((value >> 24) & 0xff), + UInt8((value >> 16) & 0xff), + UInt8((value >> 8) & 0xff), + UInt8(value & 0xff), + ] + return result + } + + /// The unspecified IPv6 address (::) + public static let unspecified = IPv6Address(0) + + /// The loopback IPv6 address (::1) + public static let loopback = IPv6Address(1) + + // MARK: - Address Classification Methods + + /// Returns `true` if this is the unspecified address (::). + @inlinable + public var isUnspecified: Bool { + value == 0 + } + + /// Returns `true` if this is the loopback address (::1). + @inlinable + public var isLoopback: Bool { + value == 1 + } + + /// Returns `true` if this is a multicast address (ff00::/8). + @inlinable + public var isMulticast: Bool { + (value >> 120) == 0xFF + } + + /// Returns `true` if this is a link-local unicast address (fe80::/10). + @inlinable + public var isLinkLocal: Bool { + (value >> 118) == 0x3FA // fe80::/10 = top 10 bits are 1111111010 + } + + /// Returns `true` if this is a unique local address (fc00::/7). + @inlinable + public var isUniqueLocal: Bool { + (value >> 121) == 0x7E // fc00::/7 = top 7 bits are 1111110 + } + + /// Returns `true` if this is a global unicast address. + @inlinable + public var isGlobalUnicast: Bool { + !isUnspecified && !isLoopback && !isMulticast && !isLinkLocal && !isUniqueLocal + } + + /// Returns `true` if this is a documentation address (2001:db8::/32). + @inlinable + public var isDocumentation: Bool { + (value >> 96) == 0x2001_0DB8 // 2001:db8::/32 + } + /// Compares two IPv6 addresses numerically, then by zone if values are equal. + @inlinable + public static func < (lhs: IPv6Address, rhs: IPv6Address) -> Bool { + if lhs.value != rhs.value { + return lhs.value < rhs.value + } + // Same value, compare zones lexicographically + return (lhs.zone ?? "") < (rhs.zone ?? "") + } +} + +extension IPv6Address: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} diff --git a/Sources/ContainerizationExtras/IndexedAddressAllocator.swift b/Sources/ContainerizationExtras/IndexedAddressAllocator.swift new file mode 100644 index 0000000..f7e1820 --- /dev/null +++ b/Sources/ContainerizationExtras/IndexedAddressAllocator.swift @@ -0,0 +1,127 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Collections +import Synchronization + +/// Maps a network address to an array index value, or nil in the case of a domain error. +package typealias AddressToIndexTransform = @Sendable (AddressType) -> Int? + +/// Maps an array index value to a network address, or nil in the case of a domain error. +package typealias IndexToAddressTransform = @Sendable (Int) -> AddressType? + +package final class IndexedAddressAllocator: AddressAllocator { + private class State { + var allocations: BitArray + var enabled: Bool + var allocationCount: Int + let addressToIndex: AddressToIndexTransform + let indexToAddress: IndexToAddressTransform + + init( + size: Int, + addressToIndex: @escaping AddressToIndexTransform, + indexToAddress: @escaping IndexToAddressTransform + ) { + self.allocations = BitArray.init(repeating: false, count: size) + self.enabled = true + self.allocationCount = 0 + self.addressToIndex = addressToIndex + self.indexToAddress = indexToAddress + } + } + + private let state: Mutex + + /// Create an allocator with specified size and index mappings. + package init( + size: Int, + addressToIndex: @escaping AddressToIndexTransform, + indexToAddress: @escaping IndexToAddressTransform + ) { + let state = State( + size: size, + addressToIndex: addressToIndex, + indexToAddress: indexToAddress + ) + self.state = Mutex(state) + } + + public func allocate() throws -> AddressType { + try self.state.withLock { state in + guard state.enabled else { + throw AllocatorError.allocatorDisabled + } + + guard let index = state.allocations.firstIndex(of: false) else { + throw AllocatorError.allocatorFull + } + + guard let address = state.indexToAddress(index) else { + throw AllocatorError.invalidIndex(index) + } + + state.allocations[index] = true + state.allocationCount += 1 + return address + } + } + + package func reserve(_ address: AddressType) throws { + try self.state.withLock { state in + guard state.enabled else { + throw AllocatorError.allocatorDisabled + } + + guard let index = state.addressToIndex(address) else { + throw AllocatorError.invalidAddress(address.description) + } + + guard !state.allocations[index] else { + throw AllocatorError.alreadyAllocated("\(address.description)") + } + + state.allocations[index] = true + state.allocationCount += 1 + } + + } + + package func release(_ address: AddressType) throws { + try self.state.withLock { state in + guard let index = state.addressToIndex(address) else { + throw AllocatorError.invalidAddress(address.description) + } + + guard state.allocations[index] else { + throw AllocatorError.notAllocated("\(address.description)") + } + + state.allocations[index] = false + state.allocationCount -= 1 + } + } + + package func disableAllocator() -> Bool { + self.state.withLock { state in + guard state.allocationCount == 0 else { + return false + } + state.enabled = false + return true + } + } +} diff --git a/Sources/ContainerizationExtras/MACAddress.swift b/Sources/ContainerizationExtras/MACAddress.swift new file mode 100644 index 0000000..ea29270 --- /dev/null +++ b/Sources/ContainerizationExtras/MACAddress.swift @@ -0,0 +1,275 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// An EUI-48 MAC address as specified by IEEE 802. +@frozen +public struct MACAddress: Sendable, Hashable, CustomStringConvertible, Equatable, Comparable { + public let value: UInt64 + + /// Creates an MACAddress from an integer. + /// + /// - Parameter value: The big-endian value of the MAC address. + /// The most significant 16 bits of the value are ignored. + @inlinable + public init(_ value: UInt64) { + self.value = value & 0x0000_ffff_ffff_ffff + } + + /// Creates an IPv4Address from 6 bytes. + /// + /// - Parameters: + /// - bytes: 6-byte array in network byte order representing the IPv4 address + /// - Throws: `AddressError.unableToParse` if the byte array length is not 6 + @inlinable + public init(_ bytes: [UInt8]) throws { + guard bytes.count == 6 else { + throw AddressError.unableToParse + } + self.value = + (UInt64(bytes[0]) << 40) + | (UInt64(bytes[1]) << 32) + | (UInt64(bytes[2]) << 24) + | (UInt64(bytes[3]) << 16) + | (UInt64(bytes[4]) << 8) + | UInt64(bytes[5]) + } + + /// Creates an MACAddress from a string representation. + /// + /// - Parameter string: The MAC address string with colon or dash delimiters. + /// - Throws: `AddressError.unableToParse` if the string is not a valid MAC address + @inlinable + public init(_ string: String) throws { + self.value = try Self.parse(string) + } + + @inlinable + public var bytes: [UInt8] { + Self.bytes(value) + } + + @usableFromInline + static func bytes(_ value: UInt64) -> [UInt8] { + var result = [UInt8](repeating: 0, count: 6) + result[0] = UInt8((value >> 40) & 0xff) + result[1] = UInt8((value >> 32) & 0xff) + result[2] = UInt8((value >> 24) & 0xff) + result[3] = UInt8((value >> 16) & 0xff) + result[4] = UInt8((value >> 8) & 0xff) + result[5] = UInt8(value & 0xff) + return result + } + + @available(macOS 26.0, *) + @usableFromInline + static func bytes(_ value: UInt64) -> InlineArray<6, UInt8> { + let result: InlineArray<6, UInt8> = [ + UInt8((value >> 40) & 0xff), + UInt8((value >> 32) & 0xff), + UInt8((value >> 24) & 0xff), + UInt8((value >> 16) & 0xff), + UInt8((value >> 8) & 0xff), + UInt8(value & 0xff), + ] + return result + } + + @inlinable + public var description: String { + bytes.map { String(format: "%02x", $0) }.joined(separator: ":") + } + + /// Parses an MAC address string into a UInt64 representation. + /// + /// ## Validation Rules + /// - Exactly six groups of two hexadecimal digits, separated by colons + /// or dashes + /// - No whitespace characters + /// - Only hexadecimal digits and colons allowed + /// + /// ## Examples + /// ```swift + /// MACAddress.parse("01:23:45:67:89:ab") // Returns: 0x0000_0123_4567_89ab + /// MACAddress.parse("01-23-45-67-89-AB") // Returns: 0x0000_0123_4567_89ab + /// MACAddress.parse("00:00:00:00:00:00") // Returns: 0x0000_0000_0000_0000 + /// MACAddress.parse("ff:ff:ff:ff:ff:ff") // Returns: 0x0000_ffff_ffff_ffff + /// + /// // Invalid examples: + /// MACAddress.parse("01:23:45:67:89") // Wrong number of octets + /// MACAddress.parse("01:23:45:67:89:a") // Invalid octet length + /// MACAddress.parse("01:23:45:67:89:hi") // Invalid octet content + /// MACAddress.parse("01:23-45:67-89:ab") // Inconsistent separators + /// MACAddress.parse(" 01:23:45:67:89:ab ") // Whitespace + /// ``` + /// + /// - Parameter s: The MAC address string to parse + /// - Returns: The 64-bit representation of the IP address, or `nil` if parsing fails + /// - Note: The returned value is in network byte order (big-endian) + @usableFromInline + internal static func parse(_ s: String) throws -> UInt64 { + guard !s.isEmpty, s.count == 17 else { + throw AddressError.unableToParse + } + + // MAC addresses should only contain ASCII hex digits and dots + let utf8 = s.utf8 + for byte in utf8 { + // ASCII whitespace: space(32), tab(9), newline(10), return(13) + if byte == 32 || byte == 9 || byte == 10 || byte == 13 { + throw AddressError.unableToParse + } + } + + // accumulator for the 64 bit representation of the MAC address + var result: UInt64 = 0 + + // tracking octet count, max 6 allowed + var octetCount = 0 + var currentOctet = 0 + + // number of digits in the string representation of the octet + var digitCount = 0 + + // separator character to use + var separator: String.UTF8View.Element? + + for byte in utf8 { + if byte == 0x3a || byte == 0x2d { // ASCII ':' + // Ensure separator is consistent + guard separator == nil || byte == separator else { + throw AddressError.unableToParse + } + separator = byte + + // Validate octet before processing + guard octetCount < 5, digitCount == 2 else { + throw AddressError.unableToParse + } + + // Shift result and add current octet + result = (result << 8) | UInt64(currentOctet) + + // Reset for next octet + octetCount += 1 + currentOctet = 0 + digitCount = 0 + + } else if byte >= 0x30 && byte <= 0x39 { // ASCII '0'-'9' + let digit = Int(byte - 0x30) + + digitCount += 1 + currentOctet = (currentOctet << 4) + digit + + // Early termination if octet becomes too large + guard digitCount <= 2 else { + throw AddressError.unableToParse + } + + } else if byte >= 0x41 && byte <= 0x46 { // ASCII 'A'-'F' + let digit = Int(byte - 0x41 + 10) + + digitCount += 1 + currentOctet = (currentOctet << 4) + digit + + // Early termination if octet becomes too large + guard digitCount <= 2 else { + throw AddressError.unableToParse + } + + } else if byte >= 0x61 && byte <= 0x66 { // ASCII 'A'-'F' + let digit = Int(byte - 0x61 + 10) + + digitCount += 1 + currentOctet = (currentOctet << 4) + digit + + // Early termination if octet becomes too large + guard digitCount <= 2 else { + throw AddressError.unableToParse + } + + } else { + throw AddressError.unableToParse + } + } + + // Validate final octet + guard octetCount == 5, digitCount == 2 else { + throw AddressError.unableToParse + } + + return (result << 8) | UInt64(currentOctet) + } + + // MARK: - Address Classification Methods + + /// Returns `true` if the MAC address is locally administered. + /// + /// IEEE 802 specifies that the second-least-significant bit of + /// the first octet of the MAC address determines whether the + /// address is globally unique (bit cleared) or locally + /// administered (bit set). + @inlinable + public var isLocallyAdministered: Bool { + (value & 0x0000_0200_0000_0000) != 0 + } + + /// Returns `true` if the MAC address is multicast. + /// + /// IEEE 802 specifies that the least-significant bit of + /// the first octet of the MAC address determines whether the + /// address is unicast (bit cleared) or multicast (bit set). + @inlinable + public var isMulticast: Bool { + (value & 0x0000_0100_0000_0000) != 0 + } + + /// Returns the link local IP address based on the EUI-64 version + /// of the MAC address. + /// + /// - Parameter network: The IPv6 address to use for the network prefix + /// - Returns: The link local IP address for the MAC address + @inlinable + public func ipv6Address(network: IPv6Address) throws -> IPv6Address { + let prefixBytes = network.bytes + return try IPv6Address([ + prefixBytes[0], prefixBytes[1], prefixBytes[2], prefixBytes[3], + prefixBytes[4], prefixBytes[5], prefixBytes[6], prefixBytes[7], + bytes[0] ^ 0x02, bytes[1], bytes[2], 0xff, + 0xfe, bytes[3], bytes[4], bytes[5], + ]) + } + + /// Compares two IPv4 addresses numerically. + @inlinable + public static func < (lhs: MACAddress, rhs: MACAddress) -> Bool { + lhs.value < rhs.value + } +} + +extension MACAddress: Codable { + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let string = try container.decode(String.self) + try self.init(string) + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } +} diff --git a/Sources/ContainerizationExtras/NetworkAddress+Allocator.swift b/Sources/ContainerizationExtras/NetworkAddress+Allocator.swift new file mode 100644 index 0000000..995bc6e --- /dev/null +++ b/Sources/ContainerizationExtras/NetworkAddress+Allocator.swift @@ -0,0 +1,108 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension IPv4Address { + /// Creates an allocator for IPv4 addresses. + public static func allocator(lower: UInt32, size: Int) throws -> any AddressAllocator { + // NOTE: 2^31 - 1 size limit in the very improbable case that we run on 32-bit. + guard size > 0 && size < Int.max && 0xffff_ffff - lower >= size - 1 else { + throw AllocatorError.rangeExceeded + } + return IndexedAddressAllocator( + size: size, + addressToIndex: { address in + guard address.value >= lower && address.value - lower <= UInt32(size) else { + return nil + } + return Int(address.value - lower) + }, + indexToAddress: { IPv4Address(lower + UInt32($0)) } + ) + } +} + +extension UInt16 { + /// Creates an allocator for TCP/UDP ports and other UInt16 values. + public static func allocator(lower: UInt16, size: Int) throws -> any AddressAllocator { + guard 0xffff - lower + 1 >= size else { + throw AllocatorError.rangeExceeded + } + + return IndexedAddressAllocator( + size: size, + addressToIndex: { address in + guard address >= lower && address <= lower + UInt16(size) else { + return nil + } + return Int(address - lower) + }, + indexToAddress: { lower + UInt16($0) } + ) + } +} + +extension UInt32 { + /// Creates an allocator for vsock ports, or any UInt32 values. + public static func allocator(lower: UInt32, size: Int) throws -> any AddressAllocator { + guard 0xffff_ffff - lower + 1 >= size else { + throw AllocatorError.rangeExceeded + } + + return IndexedAddressAllocator( + size: size, + addressToIndex: { address in + guard address >= lower && address <= lower + UInt32(size) else { + return nil + } + return Int(address - lower) + }, + indexToAddress: { lower + UInt32($0) } + ) + } + + /// Creates a rotating allocator for vsock ports, or any UInt32 values. + public static func rotatingAllocator(lower: UInt32, size: UInt32) throws -> any AddressAllocator { + guard 0xffff_ffff - lower + 1 >= size else { + throw AllocatorError.rangeExceeded + } + + return RotatingAddressAllocator( + size: size, + addressToIndex: { address in + guard address >= lower && address <= lower + UInt32(size) else { + return nil + } + return Int(address - lower) + }, + indexToAddress: { lower + UInt32($0) } + ) + } +} + +extension Character { + private static let deviceLetters = Array("abcdefghijklmnopqrstuvwxyz") + + /// Creates an allocator for block device tags, or any character values. + public static func blockDeviceTagAllocator() -> any AddressAllocator { + IndexedAddressAllocator( + size: Self.deviceLetters.count, + addressToIndex: { address in + Self.deviceLetters.firstIndex(of: address) + }, + indexToAddress: { Self.deviceLetters[$0] } + ) + } +} diff --git a/Sources/ContainerizationExtras/NetworkConfiguration.swift b/Sources/ContainerizationExtras/NetworkConfiguration.swift new file mode 100644 index 0000000..a72a5f4 --- /dev/null +++ b/Sources/ContainerizationExtras/NetworkConfiguration.swift @@ -0,0 +1,57 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A network interface's addresses. +public struct InterfaceAddress: Sendable, Hashable { + public var ipv4Address: CIDRv4 + public var ipv6Address: CIDRv6? + + public init(ipv4Address: CIDRv4, ipv6Address: CIDRv6? = nil) { + self.ipv4Address = ipv4Address + self.ipv6Address = ipv6Address + } +} + +/// A link-scoped route — a destination directly reachable on an interface. +public struct LinkRoute: Sendable, Hashable { + public var ipv4Destination: IPv4Address? + public var ipv4Source: IPv4Address? + public var ipv6Destination: IPv6Address? + public var ipv6Source: IPv6Address? + + public init( + ipv4Destination: IPv4Address? = nil, + ipv4Source: IPv4Address? = nil, + ipv6Destination: IPv6Address? = nil, + ipv6Source: IPv6Address? = nil + ) { + self.ipv4Destination = ipv4Destination + self.ipv4Source = ipv4Source + self.ipv6Destination = ipv6Destination + self.ipv6Source = ipv6Source + } +} + +/// The default-route gateway for a network interface. +public struct DefaultRoute: Sendable, Hashable { + public var ipv4Gateway: IPv4Address? + public var ipv6Gateway: IPv6Address? + + public init(ipv4Gateway: IPv4Address? = nil, ipv6Gateway: IPv6Address? = nil) { + self.ipv4Gateway = ipv4Gateway + self.ipv6Gateway = ipv6Gateway + } +} diff --git a/Sources/ContainerizationExtras/Prefix.swift b/Sources/ContainerizationExtras/Prefix.swift new file mode 100644 index 0000000..70500a0 --- /dev/null +++ b/Sources/ContainerizationExtras/Prefix.swift @@ -0,0 +1,88 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// CIDR prefix length (e.g., `/24` for a 24-bit network mask). +@frozen +public struct Prefix: Sendable, CustomStringConvertible, Hashable, Codable { + public let length: UInt8 + + /// Create a prefix (0-128). Use `ipv4(_:)` or `ipv6(_:)` for version-specific validation. + public init?(length: UInt8) { + guard length <= 128 else { return nil } + self.length = length + } + + /// Create an IPv4 prefix (0-32). Returns `nil` if length > 32. + public static func ipv4(_ length: UInt8) -> Prefix? { + guard length <= 32 else { return nil } + return Prefix(unchecked: length) + } + + /// Create an IPv6 prefix (0-128). Returns `nil` if length > 128. + public static func ipv6(_ length: UInt8) -> Prefix? { + guard length <= 128 else { return nil } + return Prefix(unchecked: length) + } + + /// Internal unchecked initializer for known-valid values. + internal init(unchecked length: UInt8) { + self.length = length + } + + public var description: String { + "\(length)" + } +} + +extension Prefix { + /// Computes a 32-bit mask for the suffix (host) portion of an IPv4 address. + /// + /// Example: Prefix `/24` → `0x0000_00FF` (255 host addresses) + @inlinable + public var suffixMask32: UInt32 { + if self.length <= 0 { + return 0xffff_ffff + } + return self.length >= 32 ? 0x0000_0000 : (1 << (32 - self.length)) - 1 + } + + /// Network portion mask (high-order bits) for IPv4. + /// + /// Example: Prefix `/24` → `0xFFFF_FF00` (255.255.255.0) + @inlinable + public var prefixMask32: UInt32 { + ~self.suffixMask32 + } + + /// Computes a 128-bit mask for the suffix (host) portion of an IPv6 address. + /// + /// Example: Prefix `/64` → `0x0000_0000_0000_0000_FFFF_FFFF_FFFF_FFFF` + @inlinable + public var suffixMask128: UInt128 { + if self.length <= 0 { + return UInt128.max + } + return self.length >= 128 ? 0 : (1 << (128 - self.length)) - 1 + } + + /// Network portion mask (high-order bits) for IPv6. + /// + /// Example: Prefix `/64` → `0xFFFF_FFFF_FFFF_FFFF_0000_0000_0000_0000` + @inlinable + public var prefixMask128: UInt128 { + ~self.suffixMask128 + } +} diff --git a/Sources/ContainerizationExtras/ProgressEvent.swift b/Sources/ContainerizationExtras/ProgressEvent.swift new file mode 100644 index 0000000..38e80bb --- /dev/null +++ b/Sources/ContainerizationExtras/ProgressEvent.swift @@ -0,0 +1,51 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A progress update event. +public enum ProgressEvent: Sendable { + /// The possible values: + /// - `add-items`: Increment the number of processed items by `value`. + /// - `add-total-items`: Increment the total number of items to process by `value`. + /// - `add-size`: Increment the size of processed items by `value`. + /// - `add-total-size`: Increment the total size of items to process by `value`. + case addItems(Int) + case addTotalItems(Int) + case addSize(Int64) + case addTotalSize(Int64) + + /// The event name. + public var event: String { + switch self { + case .addItems: "add-items" + case .addTotalItems: "add-total-items" + case .addSize: "add-size" + case .addTotalSize: "add-total-size" + } + } + + /// The event value. + public var value: any Sendable { + switch self { + case .addItems(let value): value + case .addTotalItems(let value): value + case .addSize(let value): value + case .addTotalSize(let value): value + } + } +} + +/// The progress update handler. +public typealias ProgressHandler = @Sendable (_ events: [ProgressEvent]) async -> Void diff --git a/Sources/ContainerizationExtras/ProxyUtils.swift b/Sources/ContainerizationExtras/ProxyUtils.swift new file mode 100644 index 0000000..63804c1 --- /dev/null +++ b/Sources/ContainerizationExtras/ProxyUtils.swift @@ -0,0 +1,77 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation + +/// A small utility to resolve proxy settings (HTTP(S)_PROXY / NO_PROXY). +public enum ProxyUtils { + /// Resolves the proxy URL for a given host based on environment variables. + /// Malformed http_proxy or https_proxy URLs are ignored. + /// Uses Go-style handling rules: + /// - Uppercase environment variables take priority over lowercase counterparts. + /// - Leading dot on no_proxy component implies prefix matching. + /// + /// - Parameters: + /// - scheme: The request scheme. + /// - host: The request hostname. + /// - env: Environment variables to check, dafaulting to the process environment. + /// + /// - Returns: The proxy URL to use, or `nil` for transparent connection. + public static func proxyFromEnvironment( + scheme: String?, + host: String, + env: [String: String] = ProcessInfo.processInfo.environment + ) -> URL? { + guard let scheme else { + return nil + } + + let httpProxy = env["HTTP_PROXY"] ?? env["http_proxy"] + let httpsProxy = env["HTTPS_PROXY"] ?? env["https_proxy"] + let noProxy = env["NO_PROXY"] ?? env["no_proxy"] + + // If NO_PROXY matches → skip proxy + if let noProxy, shouldBypassProxy(host: host, noProxy: noProxy) { + return nil + } + + // Select proxy based on scheme, defaulting to http. + let proxy = scheme == "https" ? httpsProxy : httpProxy + guard let proxy, let proxyUrl = URL(string: proxy) else { + return nil + } + + return proxyUrl + } + + /// Check if a host should bypass proxy according to NO_PROXY. + /// - Example: NO_PROXY=".example.com,localhost,127.0.0.1" + private static func shouldBypassProxy(host: String, noProxy: String) -> Bool { + let entries = noProxy.split(separator: ",").map { $0.trimmingCharacters(in: .whitespaces) } + for entry in entries { + if entry.isEmpty { continue } + if entry == "*" { return true } + if host == entry { return true } + if entry.hasPrefix("*.") { + let suffix = String(entry.dropFirst()) + if host.hasSuffix(suffix) { return true } + } + if entry.hasPrefix(".") && host.hasSuffix(entry) { return true } + } + return false + } +} diff --git a/Sources/ContainerizationExtras/RotatingAddressAllocator.swift b/Sources/ContainerizationExtras/RotatingAddressAllocator.swift new file mode 100644 index 0000000..c2a2960 --- /dev/null +++ b/Sources/ContainerizationExtras/RotatingAddressAllocator.swift @@ -0,0 +1,124 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Synchronization + +package final class RotatingAddressAllocator: AddressAllocator { + package typealias AddressType = UInt32 + + private struct State { + var allocations: [AddressType] + var enabled: Bool + var allocationCount: Int + let addressToIndex: AddressToIndexTransform + let indexToAddress: IndexToAddressTransform + + init( + size: UInt32, + addressToIndex: @escaping AddressToIndexTransform, + indexToAddress: @escaping IndexToAddressTransform + ) { + self.allocations = [UInt32](0.. + + /// Create an allocator with specified size and index mappings. + package init( + size: UInt32, + addressToIndex: @escaping AddressToIndexTransform, + indexToAddress: @escaping IndexToAddressTransform + ) { + let state = State( + size: size, + addressToIndex: addressToIndex, + indexToAddress: indexToAddress + ) + self.state = Mutex(state) + } + + public func allocate() throws -> AddressType { + try self.state.withLock { state in + guard state.enabled else { + throw AllocatorError.allocatorDisabled + } + + guard state.allocations.count > 0 else { + throw AllocatorError.allocatorFull + } + + let value = state.allocations.removeFirst() + + guard let address = state.indexToAddress(Int(value)) else { + throw AllocatorError.invalidIndex(Int(value)) + } + + state.allocationCount += 1 + return address + } + } + + package func reserve(_ address: AddressType) throws { + try self.state.withLock { state in + guard state.enabled else { + throw AllocatorError.allocatorDisabled + } + + guard let index = state.addressToIndex(address) else { + throw AllocatorError.invalidAddress(address.description) + } + + let i = state.allocations.firstIndex(of: UInt32(index)) + guard let i else { + throw AllocatorError.alreadyAllocated("\(address.description)") + } + + _ = state.allocations.remove(at: i) + state.allocationCount += 1 + } + } + + package func release(_ address: AddressType) throws { + try self.state.withLock { state in + guard let index = (state.addressToIndex(address)) else { + throw AllocatorError.invalidAddress(address.description) + } + let value = UInt32(index) + + guard !state.allocations.contains(value) else { + throw AllocatorError.notAllocated("\(address.description)") + } + + state.allocations.append(value) + state.allocationCount -= 1 + } + } + + package func disableAllocator() -> Bool { + self.state.withLock { state in + guard state.allocationCount == 0 else { + return false + } + state.enabled = false + return true + } + } +} diff --git a/Sources/ContainerizationExtras/TLSUtils.swift b/Sources/ContainerizationExtras/TLSUtils.swift new file mode 100644 index 0000000..af1b057 --- /dev/null +++ b/Sources/ContainerizationExtras/TLSUtils.swift @@ -0,0 +1,39 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import NIO +import NIOSSL + +public enum TLSUtils { + + public static func makeEnvironmentAwareTLSConfiguration() -> TLSConfiguration { + var tlsConfig = TLSConfiguration.makeClientConfiguration() + + // Check standard SSL environment variables in priority order + let customCAPath = + ProcessInfo.processInfo.environment["SSL_CERT_FILE"] + ?? ProcessInfo.processInfo.environment["CURL_CA_BUNDLE"] + ?? ProcessInfo.processInfo.environment["REQUESTS_CA_BUNDLE"] + + if let caPath = customCAPath { + tlsConfig.trustRoots = .file(caPath) + } + // else: use .default + + return tlsConfig + } +} diff --git a/Sources/ContainerizationExtras/Timeout.swift b/Sources/ContainerizationExtras/Timeout.swift new file mode 100644 index 0000000..f2f04b3 --- /dev/null +++ b/Sources/ContainerizationExtras/Timeout.swift @@ -0,0 +1,67 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// `Timeout` contains helpers to run an operation and error out if +/// the operation does not finish within a provided time. +public struct Timeout { + /// Performs the passed in `operation` and throws a `CancellationError` if the operation + /// doesn't finish in the provided `seconds` amount. + public static func run( + seconds: UInt32, + operation: @escaping @Sendable () async throws -> T + ) async throws -> T { + try await withThrowingTaskGroup(of: T.self) { group in + group.addTask { + try await operation() + } + + group.addTask { + try await Task.sleep(for: .seconds(seconds)) + throw CancellationError() + } + + guard let result = try await group.next() else { + fatalError() + } + + group.cancelAll() + return result + } + } + + public static func run( + for duration: Duration, + operation: @escaping @Sendable () async throws -> T + ) async throws -> T { + try await withThrowingTaskGroup(of: T.self) { group in + group.addTask { + try await operation() + } + + group.addTask { + try await Task.sleep(for: duration) + throw CancellationError() + } + + guard let result = try await group.next() else { + fatalError() + } + + group.cancelAll() + return result + } + } +} diff --git a/Sources/ContainerizationExtras/UInt8+DataBinding.swift b/Sources/ContainerizationExtras/UInt8+DataBinding.swift new file mode 100644 index 0000000..40abedd --- /dev/null +++ b/Sources/ContainerizationExtras/UInt8+DataBinding.swift @@ -0,0 +1,100 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +package enum BindError: Error, CustomStringConvertible { + case recvMarshalFailure(type: String, field: String) + case sendMarshalFailure(type: String, field: String) + + package var description: String { + switch self { + case .recvMarshalFailure(let type, let field): + return "failed to unmarshal \(type).\(field)" + case .sendMarshalFailure(let type, let field): + return "failed to marshal \(type).\(field)" + } + } +} + +package protocol Bindable: Sendable { + static var size: Int { get } + func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int + mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int +} + +extension ArraySlice { + package func hexEncodedString() -> String { + self.map { String(format: "%02hhx", $0) }.joined() + } +} + +extension [UInt8] { + package func hexEncodedString() -> String { + self.map { String(format: "%02hhx", $0) }.joined() + } + + package mutating func bind(as type: T.Type, offset: Int = 0, size: Int? = nil) -> UnsafeMutablePointer? { + guard self.count >= (size ?? MemoryLayout.size) + offset else { + return nil + } + + return self.withUnsafeMutableBytes { $0.baseAddress?.advanced(by: offset).assumingMemoryBound(to: T.self) } + } + + package mutating func copyIn(as type: T.Type, value: T, offset: Int = 0, size: Int? = nil) -> Int? { + let size = size ?? MemoryLayout.size + guard self.count >= size + offset else { + return nil + } + + return self.withUnsafeMutableBytes { + $0.baseAddress?.advanced(by: offset).assumingMemoryBound(to: T.self).pointee = value + return offset + MemoryLayout.size + } + } + + package func copyOut(as type: T.Type, offset: Int = 0, size: Int? = nil) -> (Int, T)? { + guard self.count >= (size ?? MemoryLayout.size) + offset else { + return nil + } + + return self.withUnsafeBytes { + guard let value = $0.baseAddress?.advanced(by: offset).assumingMemoryBound(to: T.self).pointee else { + return nil + } + return (offset + MemoryLayout.size, value) + } + } + + package mutating func copyIn(buffer: [UInt8], offset: Int = 0) -> Int? { + guard offset + buffer.count <= self.count else { + return nil + } + + self[offset.. Int? { + guard offset + buffer.count <= self.count else { + return nil + } + + buffer[0.. { + AsyncStream { cont in + self._stream.open() + defer { self._stream.close() } + + let readBuffer = UnsafeMutablePointer.allocate(capacity: buffSize) + + while true { + let byteRead = self._stream.read(readBuffer, maxLength: buffSize) + if byteRead <= 0 { + readBuffer.deallocate() + cont.finish() + break + } else { + let data = Data(bytes: readBuffer, count: byteRead) + let buffer = ByteBuffer(bytes: data) + cont.yield(buffer) + } + } + } + } + + /// Get access to an `AsyncStream` of `Data` objects from the input source. + public var dataStream: AsyncStream { + AsyncStream { cont in + self._stream.open() + defer { self._stream.close() } + + let readBuffer = UnsafeMutablePointer.allocate(capacity: self.buffSize) + while true { + let byteRead = self._stream.read(readBuffer, maxLength: self.buffSize) + if byteRead <= 0 { + readBuffer.deallocate() + cont.finish() + break + } else { + let data = Data(bytes: readBuffer, count: byteRead) + cont.yield(data) + } + } + } + } +} + +extension ReadStream { + /// Errors that can be encountered while using a `ReadStream`. + public enum Error: Swift.Error, CustomStringConvertible { + case failedToCreateStream + case noSuchFileOrDirectory(_ p: URL) + + public var description: String { + switch self { + case .failedToCreateStream: + return "failed to create stream" + case .noSuchFileOrDirectory(let p): + return "no such file or directory: \(p.path)" + } + } + } +} diff --git a/Sources/ContainerizationNetlink/NetlinkSession.swift b/Sources/ContainerizationNetlink/NetlinkSession.swift new file mode 100644 index 0000000..c6438ad --- /dev/null +++ b/Sources/ContainerizationNetlink/NetlinkSession.swift @@ -0,0 +1,1006 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import ContainerizationOS +import Logging + +/// `NetlinkSession` facilitates interacting with netlink via a provided `NetlinkSocket`. This is +/// the core high-level type offered to perform actions to the netlink surface in the kernel. +public struct NetlinkSession { + private static let receiveDataLength = 65536 + private static let mtu: UInt32 = 1280 + private let socket: any NetlinkSocket + private let log: Logger + + /// Creates a new `NetlinkSession`. + /// - Parameters: + /// - socket: The `NetlinkSocket` to use for netlink interaction. + /// - log: The logger to use. The default value is `nil`. + public init(socket: any NetlinkSocket, log: Logger? = nil) { + self.socket = socket + self.log = log ?? Logger(label: "com.apple.containerization.netlink") + } + + /// Errors that may occur during netlink interaction. + public enum Error: Swift.Error, CustomStringConvertible, Equatable { + case invalidIpAddress + case invalidPrefixLength + case unexpectedInfo(type: UInt16) + case unexpectedOffset(offset: Int, size: Int) + case unexpectedResidualPackets + case unexpectedResultSet(count: Int, expected: Int) + + /// The description of the errors. + public var description: String { + switch self { + case .invalidIpAddress: + return "invalid IP address" + case .invalidPrefixLength: + return "invalid prefix length" + case .unexpectedInfo(let type): + return "unexpected response information, type = \(type)" + case .unexpectedOffset(let offset, let size): + return "unexpected buffer state, offset = \(offset), size = \(size)" + case .unexpectedResidualPackets: + return "unexpected residual response packets" + case .unexpectedResultSet(let count, let expected): + return "unexpected result set size, count = \(count), expected = \(expected)" + } + } + } + + /// Performs a link set command on an interface. + /// - Parameters: + /// - interface: The name of the interface. + /// - up: The value to set the interface state to. + public func linkSet(interface: String, up: Bool, mtu: UInt32? = nil) throws { + // ip link set dev [interface] [up|down] + let interfaceIndex = try getInterfaceIndex(interface) + // build the attribute only when mtu is supplied + let attr: RTAttribute? = + (mtu != nil) + ? RTAttribute( + len: UInt16(RTAttribute.size + MemoryLayout.size), + type: LinkAttributeType.IFLA_MTU) + : nil + let requestSize = NetlinkMessageHeader.size + InterfaceInfo.size + (attr?.paddedLen ?? 0) + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let requestHeader = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWLINK, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK, + pid: socket.pid) + requestOffset = try requestHeader.appendBuffer(&requestBuffer, offset: requestOffset) + + let flags = up ? InterfaceFlags.IFF_UP : 0 + let requestInfo = InterfaceInfo( + family: UInt8(AddressFamily.AF_PACKET), + index: interfaceIndex, + flags: flags, + change: InterfaceFlags.DEFAULT_CHANGE) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + if let attr = attr, let m = mtu { + requestOffset = try attr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + let newRequestOffset = + requestBuffer.copyIn(as: UInt32.self, value: m, offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_MTU") + } + requestOffset = newRequestOffset + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWLINK) { InterfaceInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Set link attributes (MAC and/or bridge master) on an existing interface. + /// Either argument may be omitted; if both are nil this is a no-op. + /// + /// Sends a single `RTM_NEWLINK` carrying any of: + /// - `IFLA_ADDRESS` — the new hardware address (6 bytes for an Ethernet MAC). + /// - `IFLA_MASTER` — the index of the bridge to enslave the link to. The + /// bridge is identified by name; the index is resolved internally. + /// + /// - Parameters: + /// - interface: The name of the interface to update. + /// - macAddress: If non-nil, the new MAC address. + /// - master: If non-nil, the name of a bridge to enslave the interface to. + public func linkSetAttributes( + interface: String, + macAddress: MACAddress? = nil, + master: String? = nil + ) throws { + if macAddress == nil && master == nil { + return + } + + let interfaceIndex = try getInterfaceIndex(interface) + + var masterIndex: Int32? = nil + if let master { + masterIndex = try getInterfaceIndex(master) + } + + // Build the attribute list. MAC is 6 raw bytes; master is a 4-byte + // integer holding the bridge's interface index. + let macAttr: RTAttribute? = + (macAddress != nil) + ? RTAttribute( + len: UInt16(RTAttribute.size + 6), + type: LinkAttributeType.IFLA_ADDRESS) + : nil + let masterAttr: RTAttribute? = + (masterIndex != nil) + ? RTAttribute( + len: UInt16(RTAttribute.size + MemoryLayout.size), + type: LinkAttributeType.IFLA_MASTER) + : nil + + let requestSize = + NetlinkMessageHeader.size + + InterfaceInfo.size + + (macAttr?.paddedLen ?? 0) + + (masterAttr?.paddedLen ?? 0) + + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let requestHeader = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWLINK, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK, + pid: socket.pid) + requestOffset = try requestHeader.appendBuffer(&requestBuffer, offset: requestOffset) + + // No flag changes — passing 0/0 means "do not modify IFF_* flags". + let requestInfo = InterfaceInfo( + family: UInt8(AddressFamily.AF_PACKET), + index: interfaceIndex, + flags: 0, + change: 0) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + if let macAttr, let macAddress { + requestOffset = try macAttr.appendBuffer(&requestBuffer, offset: requestOffset) + for byte in macAddress.bytes { + guard let next = requestBuffer.copyIn(as: UInt8.self, value: byte, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_ADDRESS") + } + requestOffset = next + } + // Pad attribute payload to 4-byte boundary (NLA_ALIGN). + let payloadLen = 6 + let padded = ((payloadLen + 3) >> 2) << 2 + requestOffset += padded - payloadLen + } + + if let masterAttr, let masterIndex { + requestOffset = try masterAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + let next = requestBuffer.copyIn(as: Int32.self, value: masterIndex, offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_MASTER") + } + requestOffset = next + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWLINK) { InterfaceInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Create a Linux bridge link via `RTM_NEWLINK` carrying + /// `IFLA_LINKINFO/IFLA_INFO_KIND="bridge"`. + /// + /// Sends `NLM_F_CREATE | NLM_F_EXCL`, so the kernel returns `EEXIST` if a + /// link with the same name already exists. Callers wanting idempotent + /// creation should catch and inspect the thrown error. + public func linkAddBridge(name: String) throws { + let nameBytes = Array(name.utf8) + [0] + let ifnameAttr = RTAttribute( + len: UInt16(RTAttribute.size + nameBytes.count), + type: LinkAttributeType.IFLA_IFNAME) + + let kindBytes = Array("bridge".utf8) + [0] + let kindAttr = RTAttribute( + len: UInt16(RTAttribute.size + kindBytes.count), + type: LinkInfoAttributeType.IFLA_INFO_KIND) + // IFLA_LINKINFO is a nest containing IFLA_INFO_KIND. + let linkInfoAttr = RTAttribute( + len: UInt16(RTAttribute.size + kindAttr.paddedLen), + type: LinkAttributeType.IFLA_LINKINFO) + + let requestSize = + NetlinkMessageHeader.size + + InterfaceInfo.size + + ifnameAttr.paddedLen + + linkInfoAttr.paddedLen + + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWLINK, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK + | NetlinkFlags.NLM_F_CREATE | NetlinkFlags.NLM_F_EXCL, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let info = InterfaceInfo( + family: UInt8(AddressFamily.AF_UNSPEC), + index: 0, + flags: 0, + change: 0) + requestOffset = try info.appendBuffer(&requestBuffer, offset: requestOffset) + + // IFLA_IFNAME + requestOffset = try ifnameAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let next = requestBuffer.copyIn(buffer: nameBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_IFNAME") + } + // Pad NUL-terminated name to NLA 4-byte boundary. + requestOffset = next + (ifnameAttr.paddedLen - RTAttribute.size - nameBytes.count) + + // IFLA_LINKINFO -> IFLA_INFO_KIND + requestOffset = try linkInfoAttr.appendBuffer(&requestBuffer, offset: requestOffset) + requestOffset = try kindAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let after = requestBuffer.copyIn(buffer: kindBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_INFO_KIND") + } + requestOffset = after + (kindAttr.paddedLen - RTAttribute.size - kindBytes.count) + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWLINK) { InterfaceInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Remove a link by name via `RTM_DELLINK`. + /// + /// Throws on netlink error. Callers wanting idempotent removal should + /// catch and inspect the thrown error (e.g. `ENODEV` ⇒ already gone). + public func linkDel(name: String) throws { + let interfaceIndex = try getInterfaceIndex(name) + let requestSize = NetlinkMessageHeader.size + InterfaceInfo.size + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_DELLINK, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let info = InterfaceInfo( + family: UInt8(AddressFamily.AF_UNSPEC), + index: interfaceIndex, + flags: 0, + change: 0) + requestOffset = try info.appendBuffer(&requestBuffer, offset: requestOffset) + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_DELLINK) { InterfaceInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Performs a link get command on an interface. + /// Returns information about the interface. + /// - Parameter interface: The name of the interface to query. + public func linkGet(interface: String? = nil, includeStats: Bool = false) throws -> [LinkResponse] { + // ip link ip show + let maskAttr = RTAttribute( + len: UInt16(RTAttribute.size + MemoryLayout.size), type: LinkAttributeType.IFLA_EXT_MASK) + let interfaceName = try interface.map { try getInterfaceName($0) } + let interfaceNameAttr = interfaceName.map { + RTAttribute(len: UInt16(RTAttribute.size + $0.count), type: LinkAttributeType.IFLA_IFNAME) + } + let requestSize = + NetlinkMessageHeader.size + InterfaceInfo.size + maskAttr.paddedLen + (interfaceNameAttr?.paddedLen ?? 0) + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let flags = + interface != nil ? NetlinkFlags.NLM_F_REQUEST : (NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_DUMP) + let requestHeader = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_GETLINK, + flags: flags, + pid: socket.pid) + requestOffset = try requestHeader.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = InterfaceInfo( + family: UInt8(AddressFamily.AF_PACKET), + index: 0, + flags: InterfaceFlags.IFF_UP, + change: InterfaceFlags.DEFAULT_CHANGE) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + var filters = LinkAttributeMaskFilter.RTEXT_FILTER_VF + if !includeStats { + filters |= LinkAttributeMaskFilter.RTEXT_FILTER_SKIP_STATS + } + + requestOffset = try maskAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + var requestOffset = requestBuffer.copyIn( + as: UInt32.self, + value: filters, + offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_EXT_MASK") + } + + if let interfaceNameAttr { + if let interfaceName { + requestOffset = try interfaceNameAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let updatedRequestOffset = requestBuffer.copyIn(buffer: interfaceName, offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFLA_IFNAME") + } + requestOffset = updatedRequestOffset + } + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, attrDataLists) = try parseResponse(infoType: NetlinkType.RTM_NEWLINK) { InterfaceInfo() } + var linkResponses: [LinkResponse] = [] + for i in 0...size * ipAddressBytes.count + let requestSize = NetlinkMessageHeader.size + AddressInfo.size + 2 * addressAttrSize + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWADDR, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK | NetlinkFlags.NLM_F_EXCL + | NetlinkFlags.NLM_F_CREATE, + seq: 0, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = AddressInfo( + family: UInt8(AddressFamily.AF_INET), + prefixLength: ipv4Address.prefix.length, + flags: 0, + scope: NetlinkScope.RT_SCOPE_UNIVERSE, + index: UInt32(interfaceIndex)) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + let ipLocalAttr = RTAttribute(len: UInt16(addressAttrSize), type: AddressAttributeType.IFA_LOCAL) + requestOffset = try ipLocalAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard var requestOffset = requestBuffer.copyIn(buffer: ipAddressBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFA_LOCAL") + } + + let ipAddressAttr = RTAttribute(len: UInt16(addressAttrSize), type: AddressAttributeType.IFA_ADDRESS) + requestOffset = try ipAddressAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let requestOffset = requestBuffer.copyIn(buffer: ipAddressBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFA_ADDRESS") + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWADDR) { AddressInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Adds an IPv6 address to an interface. + /// - Parameters: + /// - interface: The name of the interface. + /// - ipv6Address: The CIDRv6 address describing the interface IP and subnet prefix length. + public func addressAdd(interface: String, ipv6Address: CIDRv6) throws { + let interfaceIndex = try getInterfaceIndex(interface) + + let ipAddressBytes = ipv6Address.address.bytes + let addressAttrSize = RTAttribute.size + MemoryLayout.size * ipAddressBytes.count + let requestSize = NetlinkMessageHeader.size + AddressInfo.size + addressAttrSize + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWADDR, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK | NetlinkFlags.NLM_F_EXCL + | NetlinkFlags.NLM_F_CREATE, + seq: 0, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = AddressInfo( + family: UInt8(AddressFamily.AF_INET6), + prefixLength: ipv6Address.prefix.length, + flags: AddressFlags.IFA_F_PERMANENT | AddressFlags.IFA_F_NODAD, + scope: NetlinkScope.RT_SCOPE_UNIVERSE, + index: UInt32(interfaceIndex)) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + let ipAddressAttr = RTAttribute(len: UInt16(addressAttrSize), type: AddressAttributeType.IFA_ADDRESS) + requestOffset = try ipAddressAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let requestOffset = requestBuffer.copyIn(buffer: ipAddressBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "IFA_ADDRESS") + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWADDR) { AddressInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Adds an IPv4 route to an interface. + /// - Parameters: + /// - interface: The name of the interface. + /// - dstIpv4Addr: The CIDRv4 address describing the gateway IP and subnet prefix length. + /// - srcIpv4Addr: The source IPv4 address to route from. + public func routeAdd( + interface: String, + dstIpv4Addr: CIDRv4, + srcIpv4Addr: IPv4Address? + ) throws { + // ip route add [dest-cidr] dev [interface] [src [src-addr]] proto kernel + let interfaceIndex = try getInterfaceIndex(interface) + + let dstAddrBytes = dstIpv4Addr.address.bytes + let dstAddrAttrSize = RTAttribute.size + dstAddrBytes.count + let srcAddrAttrSize: Int + if let srcIpv4Addr { + let srcAddrBytes = srcIpv4Addr.bytes + srcAddrAttrSize = RTAttribute.size + srcAddrBytes.count + } else { + srcAddrAttrSize = 0 + } + let interfaceAttrSize = RTAttribute.size + MemoryLayout.size + let requestSize = + NetlinkMessageHeader.size + RouteInfo.size + dstAddrAttrSize + srcAddrAttrSize + interfaceAttrSize + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWROUTE, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK | NetlinkFlags.NLM_F_EXCL + | NetlinkFlags.NLM_F_CREATE, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = RouteInfo( + family: UInt8(AddressFamily.AF_INET), + dstLen: dstIpv4Addr.prefix.length, + srcLen: 0, + tos: 0, + table: RouteTable.MAIN, + proto: RouteProtocol.KERNEL, + scope: RouteScope.LINK, + type: RouteType.UNICAST, + flags: 0) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + let dstAddrAttr = RTAttribute(len: UInt16(dstAddrAttrSize), type: RouteAttributeType.DST) + requestOffset = try dstAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard var requestOffset = requestBuffer.copyIn(buffer: dstAddrBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_DST") + } + + if let srcIpv4Addr { + let srcAddrBytes = srcIpv4Addr.bytes + let srcAddrAttr = RTAttribute(len: UInt16(srcAddrAttrSize), type: RouteAttributeType.PREFSRC) + requestOffset = try srcAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let newOffset = requestBuffer.copyIn(buffer: srcAddrBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_PREFSRC") + } + requestOffset = newOffset + } + + let interfaceAttr = RTAttribute(len: UInt16(interfaceAttrSize), type: RouteAttributeType.OIF) + requestOffset = try interfaceAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + let requestOffset = requestBuffer.copyIn( + as: UInt32.self, + value: UInt32(interfaceIndex), + offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_OIF") + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWROUTE) { AddressInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Adds a default IPv4 route to an interface. + /// - Parameters: + /// - interface: The name of the interface. + /// - ipv4Gateway: The gateway address, or nil. + public func routeAddDefault( + interface: String, + ipv4Gateway: IPv4Address? + ) throws { + // ip route add default via [gateway] dev [interface] or + // ip route add default dev [interface] + let dstAddrBytes = ipv4Gateway?.bytes + let dstAddrAttrSize: Int + if let dstAddrBytes { + dstAddrAttrSize = RTAttribute.size + dstAddrBytes.count + } else { + dstAddrAttrSize = 0 + } + + let interfaceAttrSize = RTAttribute.size + MemoryLayout.size + let interfaceIndex = try getInterfaceIndex(interface) + let requestSize = NetlinkMessageHeader.size + RouteInfo.size + dstAddrAttrSize + interfaceAttrSize + + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWROUTE, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK | NetlinkFlags.NLM_F_EXCL + | NetlinkFlags.NLM_F_CREATE, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = RouteInfo( + family: UInt8(AddressFamily.AF_INET), + dstLen: 0, + srcLen: 0, + tos: 0, + table: RouteTable.MAIN, + proto: RouteProtocol.BOOT, + scope: ipv4Gateway != nil ? RouteScope.UNIVERSE : RouteScope.LINK, + type: RouteType.UNICAST, + flags: 0) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + if let dstAddrBytes { + let dstAddrAttr = RTAttribute(len: UInt16(dstAddrAttrSize), type: RouteAttributeType.GATEWAY) + requestOffset = try dstAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let newOffset = requestBuffer.copyIn(buffer: dstAddrBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_GATEWAY") + } + requestOffset = newOffset + } + + let interfaceAttr = RTAttribute(len: UInt16(interfaceAttrSize), type: RouteAttributeType.OIF) + requestOffset = try interfaceAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + let requestOffset = requestBuffer.copyIn( + as: UInt32.self, + value: UInt32(interfaceIndex), + offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_OIF") + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWROUTE) { AddressInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Adds an IPv6 route to an interface. Used to install an on-link host + /// route (typically a /128) to a gateway that lives outside the interface's + /// subnet, so the kernel will accept the v6 default route. The chosen + /// `proto STATIC, scope LINK` matches what `iproute2` emits for explicit + /// `ip -6 route add /128 dev `. + /// - Parameters: + /// - interface: The name of the interface. + /// - dstIpv6Addr: The CIDRv6 address describing the destination network and prefix length. + /// - srcIpv6Addr: The source IPv6 address to route from. + public func routeAdd( + interface: String, + dstIpv6Addr: CIDRv6, + srcIpv6Addr: IPv6Address? + ) throws { + let interfaceIndex = try getInterfaceIndex(interface) + + let dstAddrBytes = dstIpv6Addr.address.bytes + let dstAddrAttrSize = RTAttribute.size + dstAddrBytes.count + let srcAddrAttrSize: Int + if let srcIpv6Addr { + let srcAddrBytes = srcIpv6Addr.bytes + srcAddrAttrSize = RTAttribute.size + srcAddrBytes.count + } else { + srcAddrAttrSize = 0 + } + let interfaceAttrSize = RTAttribute.size + MemoryLayout.size + let requestSize = + NetlinkMessageHeader.size + RouteInfo.size + dstAddrAttrSize + srcAddrAttrSize + interfaceAttrSize + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWROUTE, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK | NetlinkFlags.NLM_F_EXCL + | NetlinkFlags.NLM_F_CREATE, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = RouteInfo( + family: UInt8(AddressFamily.AF_INET6), + dstLen: dstIpv6Addr.prefix.length, + srcLen: 0, + tos: 0, + table: RouteTable.MAIN, + proto: RouteProtocol.STATIC, + scope: RouteScope.LINK, + type: RouteType.UNICAST, + flags: 0) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + let dstAddrAttr = RTAttribute(len: UInt16(dstAddrAttrSize), type: RouteAttributeType.DST) + requestOffset = try dstAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard var requestOffset = requestBuffer.copyIn(buffer: dstAddrBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_DST") + } + + if let srcIpv6Addr { + let srcAddrBytes = srcIpv6Addr.bytes + let srcAddrAttr = RTAttribute(len: UInt16(srcAddrAttrSize), type: RouteAttributeType.PREFSRC) + requestOffset = try srcAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard let newOffset = requestBuffer.copyIn(buffer: srcAddrBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_PREFSRC") + } + requestOffset = newOffset + } + + let interfaceAttr = RTAttribute(len: UInt16(interfaceAttrSize), type: RouteAttributeType.OIF) + requestOffset = try interfaceAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + let requestOffset = requestBuffer.copyIn( + as: UInt32.self, + value: UInt32(interfaceIndex), + offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_OIF") + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWROUTE) { AddressInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + /// Adds a default IPv6 route to an interface. + /// - Parameters: + /// - interface: The name of the interface. + /// - ipv6Gateway: The gateway address. + public func routeAddDefault( + interface: String, + ipv6Gateway: IPv6Address + ) throws { + let gatewayBytes = ipv6Gateway.bytes + let gatewaySize = RTAttribute.size + gatewayBytes.count + + let interfaceAttrSize = RTAttribute.size + MemoryLayout.size + let interfaceIndex = try getInterfaceIndex(interface) + let requestSize = NetlinkMessageHeader.size + RouteInfo.size + gatewaySize + interfaceAttrSize + + var requestBuffer = [UInt8](repeating: 0, count: requestSize) + var requestOffset = 0 + + let header = NetlinkMessageHeader( + len: UInt32(requestBuffer.count), + type: NetlinkType.RTM_NEWROUTE, + flags: NetlinkFlags.NLM_F_REQUEST | NetlinkFlags.NLM_F_ACK | NetlinkFlags.NLM_F_EXCL + | NetlinkFlags.NLM_F_CREATE, + pid: socket.pid) + requestOffset = try header.appendBuffer(&requestBuffer, offset: requestOffset) + + let requestInfo = RouteInfo( + family: UInt8(AddressFamily.AF_INET6), + dstLen: 0, + srcLen: 0, + tos: 0, + table: RouteTable.MAIN, + proto: RouteProtocol.BOOT, + scope: RouteScope.UNIVERSE, + type: RouteType.UNICAST, + flags: 0) + requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset) + + let dstAddrAttr = RTAttribute(len: UInt16(gatewaySize), type: RouteAttributeType.GATEWAY) + requestOffset = try dstAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard var requestOffset = requestBuffer.copyIn(buffer: gatewayBytes, offset: requestOffset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_GATEWAY") + } + let interfaceAttr = RTAttribute(len: UInt16(interfaceAttrSize), type: RouteAttributeType.OIF) + requestOffset = try interfaceAttr.appendBuffer(&requestBuffer, offset: requestOffset) + guard + let requestOffset = requestBuffer.copyIn( + as: UInt32.self, + value: UInt32(interfaceIndex), + offset: requestOffset) + else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_OIF") + } + + guard requestOffset == requestSize else { + throw Error.unexpectedOffset(offset: requestOffset, size: requestSize) + } + + try sendRequest(buffer: &requestBuffer) + let (infos, _) = try parseResponse(infoType: NetlinkType.RTM_NEWROUTE) { AddressInfo() } + guard infos.count == 0 else { + throw Error.unexpectedResultSet(count: infos.count, expected: 0) + } + } + + private func getInterfaceName(_ interface: String) throws -> [UInt8] { + guard let interfaceNameData = interface.data(using: .utf8) else { + throw BindError.sendMarshalFailure(type: "String", field: "interface") + } + + var interfaceName = [UInt8](interfaceNameData) + interfaceName.append(0) + + while interfaceName.count % MemoryLayout.size != 0 { + interfaceName.append(0) + } + + return interfaceName + } + + private func getInterfaceIndex(_ interface: String) throws -> Int32 { + let linkResponses = try linkGet(interface: interface) + guard linkResponses.count == 1 else { + throw Error.unexpectedResultSet(count: linkResponses.count, expected: 1) + } + + return linkResponses[0].interfaceIndex + } + + private func sendRequest(buffer: inout [UInt8]) throws { + log.trace("SEND-LENGTH: \(buffer.count)") + log.trace("SEND-DUMP: \(buffer[0.. ([UInt8], Int) { + var buffer = [UInt8](repeating: 0, count: Self.receiveDataLength) + let size = try socket.recv(buf: &buffer, len: Self.receiveDataLength, flags: 0) + log.trace("RECV-LENGTH: \(size)") + log.trace("RECV-DUMP: \(buffer[0..(infoType: UInt16? = nil, _ infoProvider: () -> T) throws -> ( + [T], [[RTAttributeData]] + ) { + var infos: [T] = [] + var attrDataLists: [[RTAttributeData]] = [] + + var moreResponses = false + repeat { + var (buffer, size) = try receiveResponse() + var offset = 0 + + // A single buffer may contain multiple netlink messages + while offset < size { + let messageStart = offset + let header: NetlinkMessageHeader + (header, offset) = try parseHeader(buffer: &buffer, offset: offset) + + if let infoType { + if header.type == infoType { + log.trace( + "RECV-INFO-DUMP: dump = \(buffer[offset.. (Int32, Int) { + guard let errorPtr = buffer.bind(as: Int32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "NetlinkErrorMessage", field: "error") + } + + let rc = errorPtr.pointee + log.trace("RECV-ERR-CODE: \(rc)") + + return (rc, offset + MemoryLayout.size) + } + + private func parseErrorResponse(buffer: inout [UInt8], offset: Int) throws -> Int { + var (rc, offset) = try parseErrorCode(buffer: &buffer, offset: offset) + log.trace( + "RECV-ERR-HEADER-DUMP: dump = \(buffer[offset.. (NetlinkMessageHeader, Int) { + log.trace("RECV-HEADER-DUMP: dump = \(buffer[offset.. ( + [RTAttributeData], Int + ) { + var attrDatas: [RTAttributeData] = [] + var offset = offset + var residualCount = residualCount + log.trace("RECV-RESIDUAL: \(residualCount)") + + while residualCount > 0 { + var attr = RTAttribute() + log.trace(" RECV-ATTR-DUMP: dump = \(buffer[offset..= 0 { + log.trace(" RECV-ATTR-DATA-DUMP: dump = \(buffer[offset.. Int + func recv(buf: UnsafeMutableRawPointer!, len: Int, flags: Int32) throws -> Int +} + +/// A netlink socket provider. +public typealias NetlinkSocketProvider = () throws -> any NetlinkSocket + +/// Errors thrown when interacting with a netlink socket. +public enum NetlinkSocketError: Swift.Error, CustomStringConvertible, Equatable { + case socketFailure(rc: Int32) + case bindFailure(rc: Int32) + case sendFailure(rc: Int32) + case recvFailure(rc: Int32) + case notImplemented + + /// The description of the errors. + public var description: String { + switch self { + case .socketFailure(let rc): + return "could not create netlink socket, rc = \(rc)" + case .bindFailure(let rc): + return "could not bind netlink socket, rc = \(rc)" + case .sendFailure(let rc): + return "could not send netlink packet, rc = \(rc)" + case .recvFailure(let rc): + return "could not receive netlink packet, rc = \(rc)" + case .notImplemented: + return "socket function not implemented for platform" + } + } +} + +#if os(Linux) +#if canImport(Musl) +import Musl +let osSocket = Musl.socket +let osBind = Musl.bind +let osSend = Musl.send +let osRecv = Musl.recv +#elseif canImport(Glibc) +import Glibc +let osSocket = Glibc.socket +let osBind = Glibc.bind +let osSend = Glibc.send +let osRecv = Glibc.recv +#endif + +/// A default implementation of `NetlinkSocket`. +public class DefaultNetlinkSocket: NetlinkSocket { + private let sockfd: Int32 + + /// The process identifier of the process creating this socket. + public let pid: UInt32 + + /// Creates a new instance. + public init() throws { + pid = UInt32(getpid()) + sockfd = osSocket(Int32(AddressFamily.AF_NETLINK), SocketType.SOCK_RAW, NetlinkProtocol.NETLINK_ROUTE) + guard sockfd >= 0 else { + throw NetlinkSocketError.socketFailure(rc: errno) + } + + let addr = SockaddrNetlink(family: AddressFamily.AF_NETLINK, pid: pid) + var buffer = [UInt8](repeating: 0, count: SockaddrNetlink.size) + _ = try addr.appendBuffer(&buffer, offset: 0) + guard let ptr = buffer.bind(as: sockaddr.self, size: buffer.count) else { + throw NetlinkSocketError.bindFailure(rc: 0) + } + guard osBind(sockfd, ptr, UInt32(buffer.count)) >= 0 else { + throw NetlinkSocketError.bindFailure(rc: errno) + } + } + + deinit { + close(sockfd) + } + + /// Sends a request to a netlink socket. + /// Returns the number of bytes sent. + /// - Parameters: + /// - buf: The buffer to send. + /// - len: The length of the buffer to send. + /// - flags: The send flags. + public func send(buf: UnsafeRawPointer!, len: Int, flags: Int32) throws -> Int { + let count = osSend(sockfd, buf, len, flags) + guard count >= 0 else { + throw NetlinkSocketError.sendFailure(rc: errno) + } + + return count + } + + /// Receives a response from a netlink socket. + /// Returns the number of bytes received. + /// - Parameters: + /// - buf: The buffer to receive into. + /// - len: The maximum number of bytes to receive. + /// - flags: The receive flags. + public func recv(buf: UnsafeMutableRawPointer!, len: Int, flags: Int32) throws -> Int { + let count = osRecv(sockfd, buf, len, flags) + guard count >= 0 else { + throw NetlinkSocketError.recvFailure(rc: errno) + } + + return count + } +} +#else +public class DefaultNetlinkSocket: NetlinkSocket { + public var pid: UInt32 { 0 } + + public init() throws {} + + public func send(buf: UnsafeRawPointer!, len: Int, flags: Int32) throws -> Int { + throw NetlinkSocketError.notImplemented + } + + public func recv(buf: UnsafeMutableRawPointer!, len: Int, flags: Int32) throws -> Int { + throw NetlinkSocketError.notImplemented + } +} +#endif diff --git a/Sources/ContainerizationNetlink/Types.swift b/Sources/ContainerizationNetlink/Types.swift new file mode 100644 index 0000000..81d62e2 --- /dev/null +++ b/Sources/ContainerizationNetlink/Types.swift @@ -0,0 +1,889 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras + +struct SocketType { + static let SOCK_RAW: Int32 = 3 +} + +struct AddressFamily { + static let AF_UNSPEC: UInt16 = 0 + static let AF_INET: UInt16 = 2 + static let AF_INET6: UInt16 = 10 + static let AF_NETLINK: UInt16 = 16 + static let AF_PACKET: UInt16 = 17 +} + +struct ArpHardware { + static let ARPHRD_ETHER: UInt16 = 1 +} + +struct NetlinkProtocol { + static let NETLINK_ROUTE: Int32 = 0 +} + +struct NetlinkType { + static let NLMSG_NOOP: UInt16 = 1 + static let NLMSG_ERROR: UInt16 = 2 + static let NLMSG_DONE: UInt16 = 3 + static let NLMSG_OVERRUN: UInt16 = 4 + static let RTM_NEWLINK: UInt16 = 16 + static let RTM_DELLINK: UInt16 = 17 + static let RTM_GETLINK: UInt16 = 18 + static let RTM_NEWADDR: UInt16 = 20 + static let RTM_NEWROUTE: UInt16 = 24 +} + +struct NetlinkFlags { + static let NLM_F_REQUEST: UInt16 = 0x01 + static let NLM_F_MULTI: UInt16 = 0x02 + static let NLM_F_ACK: UInt16 = 0x04 + static let NLM_F_ECHO: UInt16 = 0x08 + static let NLM_F_DUMP_INTR: UInt16 = 0x10 + static let NLM_F_DUMP_FILTERED: UInt16 = 0x20 + + // GET request + static let NLM_F_ROOT: UInt16 = 0x100 + static let NLM_F_MATCH: UInt16 = 0x200 + static let NLM_F_ATOMIC: UInt16 = 0x400 + static let NLM_F_DUMP: UInt16 = NetlinkFlags.NLM_F_ROOT | NetlinkFlags.NLM_F_MATCH + + // NEW request flags + static let NLM_F_REPLACE: UInt16 = 0x100 + static let NLM_F_EXCL: UInt16 = 0x200 + static let NLM_F_CREATE: UInt16 = 0x400 + static let NLM_F_APPEND: UInt16 = 0x800 +} + +struct NetlinkScope { + static let RT_SCOPE_UNIVERSE: UInt8 = 0 +} + +struct InterfaceFlags { + static let IFF_UP: UInt32 = 1 << 0 + static let IFF_LOOPBACK: UInt32 = 1 << 3 + static let IFF_POINTOPOINT: UInt32 = 1 << 4 + static let DEFAULT_CHANGE: UInt32 = 0xffff_ffff +} + +struct LinkAttributeType { + static let IFLA_ADDRESS: UInt16 = 1 + static let IFLA_BROADCAST: UInt16 = 2 + static let IFLA_IFNAME: UInt16 = 3 + static let IFLA_MTU: UInt16 = 4 + static let IFLA_MASTER: UInt16 = 10 + static let IFLA_LINKINFO: UInt16 = 18 + static let IFLA_STATS64: UInt16 = 23 + static let IFLA_EXT_MASK: UInt16 = 29 +} + +/// Nested attribute types inside `IFLA_LINKINFO`. +struct LinkInfoAttributeType { + static let IFLA_INFO_KIND: UInt16 = 1 +} + +struct LinkAttributeMaskFilter { + static let RTEXT_FILTER_VF: UInt32 = 1 << 0 + static let RTEXT_FILTER_SKIP_STATS: UInt32 = 1 << 3 +} + +struct AddressAttributeType { + // subnet mask + static let IFA_ADDRESS: UInt16 = 1 + // IPv4 address + static let IFA_LOCAL: UInt16 = 2 +} + +struct AddressFlags { + static let IFA_F_NODAD: UInt8 = 0x02 + static let IFA_F_PERMANENT: UInt8 = 0x80 +} + +struct RouteTable { + static let MAIN: UInt8 = 254 +} + +struct RouteProtocol { + static let UNSPEC: UInt8 = 0 + static let REDIRECT: UInt8 = 1 + static let KERNEL: UInt8 = 2 + static let BOOT: UInt8 = 3 + static let STATIC: UInt8 = 4 +} + +struct RouteScope { + static let UNIVERSE: UInt8 = 0 + static let LINK: UInt8 = 253 +} + +struct RouteType { + static let UNSPEC: UInt8 = 0 + static let UNICAST: UInt8 = 1 +} + +struct RouteAttributeType { + static let UNSPEC: UInt16 = 0 + static let DST: UInt16 = 1 + static let SRC: UInt16 = 2 + static let IIF: UInt16 = 3 + static let OIF: UInt16 = 4 + static let GATEWAY: UInt16 = 5 + static let PRIORITY: UInt16 = 6 + static let PREFSRC: UInt16 = 7 +} + +struct SockaddrNetlink: Bindable, Equatable { + static let size = 12 + + var family: UInt16 + var _pad: UInt16 = 0 + var pid: UInt32 + var groups: UInt32 + + init(family: UInt16 = 0, pid: UInt32 = 0, groups: UInt32 = 0) { + self.family = family + self.pid = pid + self.groups = groups + } + + func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let offset = buffer.copyIn(as: UInt16.self, value: family, offset: offset) else { + throw BindError.sendMarshalFailure(type: "SockaddrNetlink", field: "family") + } + guard let offset = buffer.copyIn(as: UInt16.self, value: 0, offset: offset) else { + throw BindError.sendMarshalFailure(type: "SockaddrNetlink", field: "_pad") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: pid, offset: offset) else { + throw BindError.sendMarshalFailure(type: "SockaddrNetlink", field: "pid") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: groups, offset: offset) else { + throw BindError.sendMarshalFailure(type: "SockaddrNetlink", field: "groups") + } + + return offset + } + + mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "SockaddrNetlink", field: "family") + } + family = value + + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "SockaddrNetlink", field: "_pad") + } + _pad = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "SockaddrNetlink", field: "pid") + } + pid = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "SockaddrNetlink", field: "groups") + } + groups = value + + return offset + } +} + +struct NetlinkMessageHeader: Bindable, Equatable { + static let size = 16 + + var len: UInt32 + var type: UInt16 + var flags: UInt16 + var seq: UInt32 + var pid: UInt32 + + init(len: UInt32 = 0, type: UInt16 = 0, flags: UInt16 = 0, seq: UInt32? = nil, pid: UInt32 = 0) { + self.len = len + self.type = type + self.flags = flags + self.seq = seq ?? UInt32.random(in: 0.. Int { + guard let offset = buffer.copyIn(as: UInt32.self, value: len, offset: offset) else { + throw BindError.sendMarshalFailure(type: "NetlinkMessageHeader", field: "len") + } + guard let offset = buffer.copyIn(as: UInt16.self, value: type, offset: offset) else { + throw BindError.sendMarshalFailure(type: "NetlinkMessageHeader", field: "type") + } + guard let offset = buffer.copyIn(as: UInt16.self, value: flags, offset: offset) else { + throw BindError.sendMarshalFailure(type: "NetlinkMessageHeader", field: "flags") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: seq, offset: offset) else { + throw BindError.sendMarshalFailure(type: "NetlinkMessageHeader", field: "seq") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: pid, offset: offset) else { + throw BindError.sendMarshalFailure(type: "NetlinkMessageHeader", field: "pid") + } + + return offset + } + + mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "NetlinkMessageHeader", field: "len") + } + len = value + + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "NetlinkMessageHeader", field: "type") + } + type = value + + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "NetlinkMessageHeader", field: "flags") + } + flags = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "NetlinkMessageHeader", field: "seq") + } + seq = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "NetlinkMessageHeader", field: "pid") + } + pid = value + + return offset + } + + var moreResponses: Bool { + (self.flags & NetlinkFlags.NLM_F_MULTI) != 0 + && (self.type != NetlinkType.NLMSG_DONE && self.type != NetlinkType.NLMSG_ERROR + && self.type != NetlinkType.NLMSG_OVERRUN) + } +} + +struct InterfaceInfo: Bindable, Equatable { + static let size = 16 + + var family: UInt8 + var _pad: UInt8 = 0 + var type: UInt16 + var index: Int32 + var flags: UInt32 + var change: UInt32 + + init( + family: UInt8 = UInt8(AddressFamily.AF_UNSPEC), type: UInt16 = 0, index: Int32 = 0, flags: UInt32 = 0, + change: UInt32 = 0 + ) { + self.family = family + self.type = type + self.index = index + self.flags = flags + self.change = change + } + + func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let offset = buffer.copyIn(as: UInt8.self, value: family, offset: offset) else { + throw BindError.sendMarshalFailure(type: "InterfaceInfo", field: "family") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: _pad, offset: offset) else { + throw BindError.sendMarshalFailure(type: "InterfaceInfo", field: "_pad") + } + guard let offset = buffer.copyIn(as: UInt16.self, value: type, offset: offset) else { + throw BindError.sendMarshalFailure(type: "InterfaceInfo", field: "type") + } + guard let offset = buffer.copyIn(as: Int32.self, value: index, offset: offset) else { + throw BindError.sendMarshalFailure(type: "InterfaceInfo", field: "index") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: flags, offset: offset) else { + throw BindError.sendMarshalFailure(type: "InterfaceInfo", field: "flags") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: change, offset: offset) else { + throw BindError.sendMarshalFailure(type: "InterfaceInfo", field: "change") + } + + return offset + } + + mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "InterfaceInfo", field: "family") + } + family = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "InterfaceInfo", field: "_pad") + } + _pad = value + + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "InterfaceInfo", field: "type") + } + type = value + + guard let (offset, value) = buffer.copyOut(as: Int32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "InterfaceInfo", field: "index") + } + index = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "InterfaceInfo", field: "flags") + } + flags = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "InterfaceInfo", field: "change") + } + change = value + + return offset + } +} + +struct AddressInfo: Bindable, Equatable { + static let size = 8 + + var family: UInt8 + var prefixLength: UInt8 + var flags: UInt8 + var scope: UInt8 + var index: UInt32 + + init( + family: UInt8 = UInt8(AddressFamily.AF_UNSPEC), prefixLength: UInt8 = 32, flags: UInt8 = 0, scope: UInt8 = 0, + index: UInt32 = 0 + ) { + self.family = family + self.prefixLength = prefixLength + self.flags = flags + self.scope = scope + self.index = index + } + + func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let offset = buffer.copyIn(as: UInt8.self, value: family, offset: offset) else { + throw BindError.sendMarshalFailure(type: "AddressInfo", field: "family") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: prefixLength, offset: offset) else { + throw BindError.sendMarshalFailure(type: "AddressInfo", field: "prefixLength") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: flags, offset: offset) else { + throw BindError.sendMarshalFailure(type: "AddressInfo", field: "flags") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: scope, offset: offset) else { + throw BindError.sendMarshalFailure(type: "AddressInfo", field: "scope") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: index, offset: offset) else { + throw BindError.sendMarshalFailure(type: "AddressInfo", field: "index") + } + + return offset + } + + mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "AddressInfo", field: "family") + } + family = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "AddressInfo", field: "prefixLength") + } + prefixLength = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "AddressInfo", field: "flags") + } + flags = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "AddressInfo", field: "scope") + } + scope = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "AddressInfo", field: "index") + } + index = value + + return offset + } +} + +struct RouteInfo: Bindable, Equatable { + static let size = 12 + + var family: UInt8 + var dstLen: UInt8 + var srcLen: UInt8 + var tos: UInt8 + var table: UInt8 + var proto: UInt8 + var scope: UInt8 + var type: UInt8 + var flags: UInt32 + + init( + family: UInt8 = UInt8(AddressFamily.AF_INET), + dstLen: UInt8, + srcLen: UInt8, + tos: UInt8, + table: UInt8, + proto: UInt8, + scope: UInt8, + type: UInt8, + flags: UInt32 + ) { + self.family = family + self.dstLen = dstLen + self.srcLen = srcLen + self.tos = tos + self.table = table + self.proto = proto + self.scope = scope + self.type = type + self.flags = flags + } + + func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let offset = buffer.copyIn(as: UInt8.self, value: family, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "family") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: dstLen, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "dstLen") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: srcLen, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "srcLen") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: tos, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "tos") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: table, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "table") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: proto, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "proto") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: scope, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "scope") + } + guard let offset = buffer.copyIn(as: UInt8.self, value: type, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "type") + } + guard let offset = buffer.copyIn(as: UInt32.self, value: flags, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RouteInfo", field: "flags") + } + + return offset + } + + mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "family") + } + family = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "dstLen") + } + dstLen = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "srcLen") + } + srcLen = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "tos") + } + tos = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "table") + } + table = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "proto") + } + proto = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "scope") + } + scope = value + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "type") + } + type = value + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RouteInfo", field: "flags") + } + flags = value + + return offset + } +} + +/// A route information. +public struct RTAttribute: Bindable, Equatable { + package static let size = 4 + + public var len: UInt16 + public var type: UInt16 + public var paddedLen: Int { Int(((len + 3) >> 2) << 2) } + + init(len: UInt16 = 0, type: UInt16 = 0) { + self.len = len + self.type = type + } + + package func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let offset = buffer.copyIn(as: UInt16.self, value: len, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "len") + } + guard let offset = buffer.copyIn(as: UInt16.self, value: type, offset: offset) else { + throw BindError.sendMarshalFailure(type: "RTAttribute", field: "type") + } + + return offset + } + + package mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RTAttribute", field: "len") + } + len = value + + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "RTAttribute", field: "type") + } + type = value + + return offset + } +} + +/// A route information with data. +public struct RTAttributeData { + public let attribute: RTAttribute + public let data: [UInt8] +} + +/// A response from the get link command. +public struct LinkResponse { + public let interfaceIndex: Int32 + public let interfaceFlags: UInt32 + public let interfaceType: UInt16 + public let attrDatas: [RTAttributeData] + + public var isLoopback: Bool { + (interfaceFlags & InterfaceFlags.IFF_LOOPBACK) != 0 + } + + public var isEthernet: Bool { + interfaceType == ArpHardware.ARPHRD_ETHER + && (interfaceFlags & (InterfaceFlags.IFF_LOOPBACK | InterfaceFlags.IFF_POINTOPOINT)) == 0 + } + + public var address: [UInt8]? { + attrDatas + .filter { $0.attribute.type == LinkAttributeType.IFLA_ADDRESS } + .first + .map { $0.data } + } + + /// Extract network interface statistics from the response attributes + public func getStatistics() throws -> LinkStatistics64? { + for attrData in attrDatas { + if attrData.attribute.type == LinkAttributeType.IFLA_STATS64 { + var stats = LinkStatistics64() + var buffer = attrData.data + _ = try stats.bindBuffer(&buffer, offset: 0) + return stats + } + } + + return nil + } +} + +/// Network interface statistics (64-bit version) +public struct LinkStatistics64: Bindable, Equatable { + package static let size = 23 * 8 + + public var rxPackets: UInt64 + public var txPackets: UInt64 + public var rxBytes: UInt64 + public var txBytes: UInt64 + public var rxErrors: UInt64 + public var txErrors: UInt64 + public var rxDropped: UInt64 + public var txDropped: UInt64 + public var multicast: UInt64 + public var collisions: UInt64 + public var rxLengthErrors: UInt64 + public var rxOverErrors: UInt64 + public var rxCrcErrors: UInt64 + public var rxFrameErrors: UInt64 + public var rxFifoErrors: UInt64 + public var rxMissedErrors: UInt64 + public var txAbortedErrors: UInt64 + public var txCarrierErrors: UInt64 + public var txFifoErrors: UInt64 + public var txHeartbeatErrors: UInt64 + public var txWindowErrors: UInt64 + public var rxCompressed: UInt64 + public var txCompressed: UInt64 + + public init() { + self.rxPackets = 0 + self.txPackets = 0 + self.rxBytes = 0 + self.txBytes = 0 + self.rxErrors = 0 + self.txErrors = 0 + self.rxDropped = 0 + self.txDropped = 0 + self.multicast = 0 + self.collisions = 0 + self.rxLengthErrors = 0 + self.rxOverErrors = 0 + self.rxCrcErrors = 0 + self.rxFrameErrors = 0 + self.rxFifoErrors = 0 + self.rxMissedErrors = 0 + self.txAbortedErrors = 0 + self.txCarrierErrors = 0 + self.txFifoErrors = 0 + self.txHeartbeatErrors = 0 + self.txWindowErrors = 0 + self.rxCompressed = 0 + self.txCompressed = 0 + } + + package func appendBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let offset = buffer.copyIn(as: UInt64.self, value: rxPackets, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxPackets") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txPackets, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txPackets") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxBytes, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxBytes") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txBytes, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txBytes") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxDropped, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxDropped") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txDropped, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txDropped") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: multicast, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "multicast") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: collisions, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "collisions") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxLengthErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxLengthErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxOverErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxOverErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxCrcErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxCrcErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxFrameErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxFrameErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxFifoErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxFifoErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxMissedErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxMissedErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txAbortedErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txAbortedErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txCarrierErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txCarrierErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txFifoErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txFifoErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txHeartbeatErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txHeartbeatErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txWindowErrors, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txWindowErrors") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: rxCompressed, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "rxCompressed") + } + guard let offset = buffer.copyIn(as: UInt64.self, value: txCompressed, offset: offset) else { + throw BindError.sendMarshalFailure(type: "LinkStatistics64", field: "txCompressed") + } + + return offset + } + + package mutating func bindBuffer(_ buffer: inout [UInt8], offset: Int) throws -> Int { + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxPackets") + } + rxPackets = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txPackets") + } + txPackets = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxBytes") + } + rxBytes = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txBytes") + } + txBytes = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxErrors") + } + rxErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txErrors") + } + txErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxDropped") + } + rxDropped = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txDropped") + } + txDropped = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "multicast") + } + multicast = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "collisions") + } + collisions = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxLengthErrors") + } + rxLengthErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxOverErrors") + } + rxOverErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxCrcErrors") + } + rxCrcErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxFrameErrors") + } + rxFrameErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxFifoErrors") + } + rxFifoErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxMissedErrors") + } + rxMissedErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txAbortedErrors") + } + txAbortedErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txCarrierErrors") + } + txCarrierErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txFifoErrors") + } + txFifoErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txHeartbeatErrors") + } + txHeartbeatErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txWindowErrors") + } + txWindowErrors = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "rxCompressed") + } + rxCompressed = value + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: offset) else { + throw BindError.recvMarshalFailure(type: "LinkStatistics64", field: "txCompressed") + } + txCompressed = value + + return offset + } +} + +/// Errors thrown when parsing netlink data. +public enum NetlinkDataError: Swift.Error, CustomStringConvertible, Equatable { + case responseError(rc: Int32) + case unsupportedPlatform + + /// The description of the errors. + public var description: String { + switch self { + case .responseError(let rc): + return "netlink response indicates error, rc = \(rc)" + case .unsupportedPlatform: + return "unsupported platform" + } + } +} diff --git a/Sources/ContainerizationOCI/AnnotationKeys.swift b/Sources/ContainerizationOCI/AnnotationKeys.swift new file mode 100644 index 0000000..73f8889 --- /dev/null +++ b/Sources/ContainerizationOCI/AnnotationKeys.swift @@ -0,0 +1,24 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// AnnotationKeys contains a subset of "dictionary keys" for commonly used annotations in an OCI Image Descriptor +/// https://github.com/opencontainers/image-spec/blob/main/annotations.md +public struct AnnotationKeys: Codable, Sendable { + public static let containerizationIndexIndirect = "com.apple.containerization.index.indirect" + public static let containerizationImageName = "com.apple.containerization.image.name" + public static let containerdImageName = "io.containerd.image.name" + public static let openContainersImageName = "org.opencontainers.image.ref.name" +} diff --git a/Sources/ContainerizationOCI/Bundle.swift b/Sources/ContainerizationOCI/Bundle.swift new file mode 100644 index 0000000..fd10e89 --- /dev/null +++ b/Sources/ContainerizationOCI/Bundle.swift @@ -0,0 +1,146 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation + +#if canImport(Musl) +import Musl +private let _mount = Musl.mount +private let _umount = Musl.umount2 +#elseif canImport(Glibc) +import Glibc +private let _mount = Glibc.mount +private let _umount = Glibc.umount2 +#endif + +/// `Bundle` represents an OCI runtime spec bundle for running +/// a container. +public struct Bundle: Sendable { + /// The path to the bundle. + public let path: URL + + /// The path to the OCI runtime spec config.json file. + public var configPath: URL { + self.path.appending(path: "config.json") + } + + /// The path to a rootfs mount inside the bundle. + public var rootfsPath: URL { + self.path.appending(path: "rootfs") + } + + /// Create the OCI bundle. + /// + /// - Parameters: + /// - path: A URL pointing to where to create the bundle on the filesystem. + /// - spec: A data blob that should contain an OCI runtime spec. This will be written + /// to the bundle as a "config.json" file. + public static func create(path: URL, spec: Data) throws -> Bundle { + try self.init(path: path, spec: spec) + } + + /// Create the OCI bundle. + /// + /// - Parameters: + /// - path: A URL pointing to where to create the bundle on the filesystem. + /// - spec: An OCI runtime spec that will be written to the bundle as a "config.json" + /// file. + public static func create(path: URL, spec: ContainerizationOCI.Spec) throws -> Bundle { + try self.init(path: path, spec: spec) + } + + /// Load an OCI bundle from the provided path. + /// + /// - Parameters: + /// - path: A URL pointing to where to load the bundle from on the filesystem. + public static func load(path: URL) throws -> Bundle { + try self.init(path: path) + } + + private init(path: URL) throws { + let fm = FileManager.default + if !fm.fileExists(atPath: path.path) { + throw ContainerizationError(.invalidArgument, message: "no bundle at \(path.path)") + } + self.path = path + } + + // This constructor does not do any validation that data is actually a + // valid OCI spec. + private init(path: URL, spec: Data) throws { + self.path = path + + let fm = FileManager.default + try fm.createDirectory( + atPath: self.path.appending(component: "rootfs").path, + withIntermediateDirectories: true + ) + + try spec.write(to: self.configPath) + } + + private init(path: URL, spec: ContainerizationOCI.Spec) throws { + self.path = path + + let fm = FileManager.default + try fm.createDirectory( + atPath: self.path.appending(component: "rootfs").path, + withIntermediateDirectories: true + ) + + let specData = try JSONEncoder().encode(spec) + try specData.write(to: self.configPath) + } + + /// Delete the OCI bundle from the filesystem. + public func delete() throws { + // Unmount, and then blow away the dir. + #if os(Linux) + let rootfs = self.rootfsPath + if Self.isMountpoint(rootfs) { + guard _umount(rootfs.path, 0) == 0 else { + throw POSIXError.fromErrno() + } + } + #endif + // removeItem is recursive so should blow away the rootfs dir inside as well. + let fm = FileManager.default + try fm.removeItem(at: self.path) + } + + /// Load and return the OCI runtime spec written to the bundle. + public func loadConfig() throws -> ContainerizationOCI.Spec { + let data = try Data(contentsOf: self.configPath) + return try JSONDecoder().decode(ContainerizationOCI.Spec.self, from: data) + } + + private static func isMountpoint(_ path: URL) -> Bool { + var st = stat() + var parent_st = stat() + + guard stat(path.path, &st) == 0 else { + return false + } + + let parentPath = path.deletingLastPathComponent() + guard stat(parentPath.path, &parent_st) == 0 else { + return false + } + + return st.st_dev != parent_st.st_dev + } +} diff --git a/Sources/ContainerizationOCI/Client/Authentication.swift b/Sources/ContainerizationOCI/Client/Authentication.swift new file mode 100644 index 0000000..9ba79c5 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/Authentication.swift @@ -0,0 +1,50 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// Abstraction for returning a token needed for logging into an OCI compliant registry. +public protocol Authentication: Sendable { + func token() async throws -> String +} + +/// Type representing authentication information for client to access the registry. +public struct BasicAuthentication: Authentication { + /// The username for the authentication. + let username: String + /// The password or identity token for the user. + let password: String + + public init(username: String, password: String) { + self.username = username + self.password = password + } + + /// Get a token using the provided username and password. This will be a + /// base64 encoded string of the username and password delimited by a colon. + public func token() async throws -> String { + let credentials = "\(username):\(password)" + if let authenticationData = credentials.data(using: .utf8)?.base64EncodedString() { + return "Basic \(authenticationData)" + } + throw Error.invalidCredentials + } + + /// `BasicAuthentication` errors. + public enum Error: Swift.Error { + case invalidCredentials + } +} diff --git a/Sources/ContainerizationOCI/Client/KeychainHelper.swift b/Sources/ContainerizationOCI/Client/KeychainHelper.swift new file mode 100644 index 0000000..7d64b8f --- /dev/null +++ b/Sources/ContainerizationOCI/Client/KeychainHelper.swift @@ -0,0 +1,142 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) +import Foundation +import ContainerizationOS + +/// Helper type to lookup registry related values in the macOS keychain. +public struct KeychainHelper: Sendable { + private let securityDomain: String + private let accessGroup: String? + + /// Create a new keychain helper. + /// - Parameters: + /// - securityDomain: The security domain used to fetch registry entries in the keychain. + /// - accessGroup: If present, the access group used to fetch registry entries in the keychain. + public init(securityDomain: String, accessGroup: String? = nil) { + self.securityDomain = securityDomain + self.accessGroup = accessGroup + } + + /// Lookup authentication data for a given registry hostname. + /// - Parameters: + /// - hostname: The hostname for the registry. + /// - Returns: The authentication object for the registry. + /// - Throws: An error if the keychain query fails. + public func lookup(hostname: String) throws -> Authentication { + let kq = KeychainQuery() + + do { + guard + let fetched = try kq.get( + securityDomain: self.securityDomain, + accessGroup: self.accessGroup, + hostname: hostname) + else { + throw Self.Error.keyNotFound + } + return BasicAuthentication( + username: fetched.username, + password: fetched.password + ) + } catch let err as KeychainQuery.Error { + switch err { + case .keyNotPresent(_): + throw Self.Error.keyNotFound + default: + throw Self.Error.queryError("query failure: \(String(describing: err))") + } + } + } + + /// Lists all registry entries for this security domain. + /// - Returns: An array of registry metadata for each matching entry, or an empty array if none are found. + /// - Throws: An error if the keychain query fails. + public func list() throws -> [RegistryInfo] { + let kq = KeychainQuery() + return try kq.list(securityDomain: self.securityDomain, accessGroup: self.accessGroup) + } + + /// Delete authorization data for a given hostname from the keychain. + /// - Parameters: + /// - hostname: The hostname for the registry. + /// - Throws: An error if the keychain query fails. + public func delete(hostname: String) throws { + let kq = KeychainQuery() + try kq.delete(securityDomain: self.securityDomain, accessGroup: self.accessGroup, hostname: hostname) + } + + /// Save authorization data for a given hostname to the keychain. + /// - Parameters: + /// - hostname: The hostname for the registry. + /// - username: The username to present to the registry. + /// - password: The password to present to the registry. + /// - Throws: An error if the keychain query fails or returns unexpected data. + public func save(hostname: String, username: String, password: String) throws { + let kq = KeychainQuery() + try kq.save( + securityDomain: self.securityDomain, + accessGroup: self.accessGroup, + hostname: hostname, + username: username, + password: password + ) + } + + /// Prompt for authorization data for a given hostname to be saved to the keychain. + /// This will cause the current terminal to enter a password prompt state where + /// key strokes are hidden. + public func credentialPrompt(hostname: String) throws -> Authentication { + let username = try userPrompt(hostname: hostname) + let password = try passwordPrompt() + return BasicAuthentication(username: username, password: password) + } + + /// Prompts the current stdin for a username entry and then returns the value. + public func userPrompt(hostname: String) throws -> String { + print("Provide registry username \(hostname): ", terminator: "") + guard let username = readLine() else { + throw Self.Error.invalidInput + } + return username + } + + /// Prompts the current stdin for a password entry and then returns the value. + /// This will cause the current stdin (if it is a terminal) to hide keystrokes + /// by disabling echo. + public func passwordPrompt() throws -> String { + print("Provide registry password: ", terminator: "") + let console = try Terminal.current + defer { console.tryReset() } + try console.disableEcho() + + guard let password = readLine() else { + throw Self.Error.invalidInput + } + return password + } +} + +extension KeychainHelper { + /// `KeychainHelper` errors. + public enum Error: Swift.Error { + case keyNotFound + case invalidInput + case queryError(String) + } +} +#endif diff --git a/Sources/ContainerizationOCI/Client/LocalOCILayoutClient.swift b/Sources/ContainerizationOCI/Client/LocalOCILayoutClient.swift new file mode 100644 index 0000000..7e0f79d --- /dev/null +++ b/Sources/ContainerizationOCI/Client/LocalOCILayoutClient.swift @@ -0,0 +1,242 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import ContainerizationExtras +import Crypto +import Foundation +import NIOCore +import NIOFoundationCompat + +package final class LocalOCILayoutClient: ContentClient { + let cs: LocalContentStore + + package init(root: URL) throws { + self.cs = try LocalContentStore(path: root) + } + + private func _fetch(digest: String) async throws -> Content { + guard let c: Content = try await self.cs.get(digest: digest) else { + throw Error.missingContent(digest) + } + return c + } + + private func calculateFileDigest(at url: URL) throws -> SHA256Digest { + let fileHandle = try FileHandle(forReadingFrom: url) + defer { + try? fileHandle.close() + } + + var hasher = SHA256() + let chunkSize = Int(getpagesize()) * 1024 + + while true { + let chunk = fileHandle.readData(ofLength: chunkSize) + if chunk.isEmpty { + break + } + hasher.update(data: chunk) + } + + return hasher.finalize() + } + + package func fetch(name: String, descriptor: Descriptor) async throws -> T { + let c = try await self._fetch(digest: descriptor.digest) + return try c.decode() + } + + package func fetchBlob(name: String, descriptor: Descriptor, into file: URL, progress: ProgressHandler?) async throws -> (Int64, SHA256Digest) { + let c = try await self._fetch(digest: descriptor.digest) + let fileManager = FileManager.default + let filePath = file.absolutePath() + + do { + let src = c.path + try fileManager.copyItem(at: src, to: file) + + if let progress, let fileSize = fileManager.fileSize(atPath: filePath) { + await progress([ + .addSize(fileSize) + ]) + } + } catch let error as NSError { + guard error.code == NSFileWriteFileExistsError else { + throw error + } + + do { + let expectedDigest = try c.digest() + let existingDigest = try calculateFileDigest(at: file) + + guard existingDigest.digestString == expectedDigest.digestString else { + throw ContainerizationError( + .internalError, + message: + "file \(filePath) exists but contains different content, expected digest: \(expectedDigest.digestString), existing digest: \(existingDigest.digestString)" + ) + } + + if let progress, let fileSize = fileManager.fileSize(atPath: filePath) { + await progress([ + .addSize(fileSize) + ]) + } + } catch { + throw error + } + } + + let size = try Int64(c.size()) + let digest = try c.digest() + return (size, digest) + } + + package func fetchData(name: String, descriptor: Descriptor) async throws -> Data { + let c = try await self._fetch(digest: descriptor.digest) + return try c.data() + } + + package func push( + name: String, + ref: String, + descriptor: Descriptor, + streamGenerator: () throws -> T, + progress: ProgressHandler? + ) async throws where T.Element == ByteBuffer { + let input = try streamGenerator() + + let (id, dir) = try await self.cs.newIngestSession() + do { + let into = dir.appendingPathComponent(descriptor.digest.trimmingDigestPrefix) + guard FileManager.default.createFile(atPath: into.path, contents: nil) else { + throw Error.cannotCreateFile + } + let fd = try FileHandle(forWritingTo: into) + defer { + try? fd.close() + } + var wrote = 0 + var hasher = SHA256() + + for try await buffer in input { + wrote += buffer.readableBytes + try fd.write(contentsOf: buffer.readableBytesView) + hasher.update(data: buffer.readableBytesView) + } + try await self.cs.completeIngestSession(id) + } catch { + try await self.cs.cancelIngestSession(id) + } + } +} + +extension LocalOCILayoutClient { + private static let ociLayoutFileName = "oci-layout" + private static let ociLayoutVersionString = "imageLayoutVersion" + private static let ociLayoutIndexFileName = "index.json" + + package func loadIndexFromOCILayout(directory: URL) throws -> ContainerizationOCI.Index { + let fm = FileManager.default + let decoder = JSONDecoder() + + let ociLayoutFile = directory.appendingPathComponent(Self.ociLayoutFileName) + guard fm.fileExists(atPath: ociLayoutFile.absolutePath()) else { + throw ContainerizationError(.notFound, message: ociLayoutFile.absolutePath()) + } + var data = try Data(contentsOf: ociLayoutFile) + let ociLayout = try decoder.decode([String: String].self, from: data) + guard ociLayout[Self.ociLayoutVersionString] != nil else { + throw ContainerizationError(.empty, message: "missing key \(Self.ociLayoutVersionString) in \(ociLayoutFile.absolutePath())") + } + + let indexFile = directory.appendingPathComponent(Self.ociLayoutIndexFileName) + guard fm.fileExists(atPath: indexFile.absolutePath()) else { + throw ContainerizationError(.notFound, message: indexFile.absolutePath()) + } + data = try Data(contentsOf: indexFile) + let index = try decoder.decode(ContainerizationOCI.Index.self, from: data) + return index + } + + package func createOCILayoutStructure(directory: URL, manifests: [Descriptor]) throws { + let fm = FileManager.default + let encoder = JSONEncoder() + encoder.outputFormatting = [.withoutEscapingSlashes] + + let ingestDir = directory.appendingPathComponent("ingest") + try? fm.removeItem(at: ingestDir) + let ociLayoutContent: [String: String] = [ + Self.ociLayoutVersionString: "1.0.0" + ] + + var data = try encoder.encode(ociLayoutContent) + var p = directory.appendingPathComponent(Self.ociLayoutFileName).absolutePath() + guard fm.createFile(atPath: p, contents: data) else { + throw ContainerizationError(.internalError, message: "failed to create file \(p)") + } + let idx = ContainerizationOCI.Index(schemaVersion: 2, manifests: manifests) + data = try encoder.encode(idx) + p = directory.appendingPathComponent(Self.ociLayoutIndexFileName).absolutePath() + guard fm.createFile(atPath: p, contents: data) else { + throw ContainerizationError(.internalError, message: "failed to create file \(p)") + } + } + + package func setImageReferenceAnnotation(descriptor: inout Descriptor, reference: String) { + var annotations = descriptor.annotations ?? [:] + annotations[AnnotationKeys.containerizationImageName] = reference + annotations[AnnotationKeys.containerdImageName] = reference + annotations[AnnotationKeys.openContainersImageName] = reference + descriptor.annotations = annotations + } + + package func getImageReferencefromDescriptor(descriptor: Descriptor) -> String { + let annotations = descriptor.annotations + + // Annotations here do not conform to the OCI image specification. + // The interpretation of the annotations "org.opencontainers.image.ref.name" and + // "io.containerd.image.name" is under debate: + // - OCI spec examples suggest it should be the image tag: + // https://github.com/opencontainers/image-spec/blob/fbb4662eb53b80bd38f7597406cf1211317768f0/image-layout.md?plain=1#L175 + // - Buildkitd maintainers argue it should represent the full image name: + // https://github.com/moby/buildkit/issues/4615#issuecomment-2521810830 + // Until a consensus is reached, the preference is given to "com.apple.containerization.image.name" and then to + // using "io.containerd.image.name" as it is the next safest choice + if let annotations { + if let name = annotations[AnnotationKeys.containerizationImageName] { + return name + } + if let name = annotations[AnnotationKeys.containerdImageName] { + return name + } + if let name = annotations[AnnotationKeys.openContainersImageName] { + return name + } + } + + // Fallback: Generate digest-based reference for images without annotations + // This makes sure OCI spec compliance as annotations are optional + return "untagged@\(descriptor.digest)" + } + + package enum Error: Swift.Error { + case missingContent(_ digest: String) + case unsupportedInput + case cannotCreateFile + } +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient+Catalog.swift b/Sources/ContainerizationOCI/Client/RegistryClient+Catalog.swift new file mode 100644 index 0000000..38cbee9 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient+Catalog.swift @@ -0,0 +1,85 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationError +import Foundation +import NIOFoundationCompat + +private struct CatalogResponse: Sendable, Decodable { + let repositories: [String] +} + +extension RegistryClient { + /// List repositories in the registry. + /// + /// Implements GET /v2/_catalog from the OCI Distribution Spec with pagination. + /// When prefix is provided, pagination skips ahead to the relevant portion of + /// the lexically-sorted catalog and stops once results move past the prefix. + /// + /// - Parameter prefix: Optional prefix to filter repository names. Must be at least + /// two characters long to enable the skip-ahead optimization; shorter values are + /// treated as no prefix. + /// - Returns: An array of repository names matching the prefix (or all repositories + /// if no prefix is given). + public func catalog(prefix: String? = nil) async throws -> [String] { + let effectivePrefix = prefix.flatMap { $0.count >= 2 ? $0 : nil } + + var allRepos: [String] = [] + // When a prefix is provided, skip ahead in the lexically-sorted catalog + // by setting last to one position before the prefix. The OCI spec + // returns entries that sort after last, so dropping the last character + // of the prefix positions the cursor just before matching entries. + var last: String? = effectivePrefix.map { String($0.dropLast()) } + let pageSize = 100 + + while true { + var components = base + components.path = "/v2/_catalog" + var queryItems = [URLQueryItem(name: "n", value: String(pageSize))] + if let last { + queryItems.append(URLQueryItem(name: "last", value: last)) + } + components.queryItems = queryItems + + let repos: [String] = try await request(components: components) { response in + guard response.status == .ok else { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + let buffer = try await response.body.collect(upTo: self.bufferSize) + return try JSONDecoder().decode(CatalogResponse.self, from: buffer).repositories + } + + if let effectivePrefix { + let matching = repos.filter { $0.hasPrefix(effectivePrefix) } + allRepos.append(contentsOf: matching) + if let lastRepo = repos.last, !lastRepo.hasPrefix(effectivePrefix) && lastRepo > effectivePrefix { + break + } + } else { + allRepos.append(contentsOf: repos) + } + + if repos.count < pageSize { break } + last = repos.last + } + + return allRepos + } +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient+Error.swift b/Sources/ContainerizationOCI/Client/RegistryClient+Error.swift new file mode 100644 index 0000000..29e1794 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient+Error.swift @@ -0,0 +1,69 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import Foundation +import NIOHTTP1 + +extension RegistryClient { + /// `RegistryClient` errors. + public enum Error: Swift.Error, CustomStringConvertible { + case invalidStatus(url: String, HTTPResponseStatus, reason: String? = nil) + + /// Description of the errors. + public var description: String { + switch self { + case .invalidStatus(let u, let response, let reason): + return "HTTP request to \(u) failed with response: \(response.description). Reason: \(reason ?? "Unknown")" + } + } + } + + /// The container registry typically returns actionable failure reasons in the response body + /// of the failing HTTP Request. This type models the structure of the error message. + /// Reference: https://distribution.github.io/distribution/spec/api/#errors + internal struct ErrorResponse: Codable { + let errors: [RemoteError] + + internal struct RemoteError: Codable { + let code: String + let message: String + let detail: String? + } + + internal static func fromResponseBody(_ body: HTTPClientResponse.Body) async -> ErrorResponse? { + guard var buffer = try? await body.collect(upTo: Int(1.mib())) else { + return nil + } + guard let bytes = buffer.readBytes(length: buffer.readableBytes) else { + return nil + } + let data = Data(bytes) + guard let jsonError = try? JSONDecoder().decode(ErrorResponse.self, from: data) else { + return nil + } + return jsonError + } + + public var jsonString: String { + let data = try? JSONEncoder().encode(self) + guard let data else { + return "{}" + } + return String(data: data, encoding: .utf8) ?? "{}" + } + } +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient+Fetch.swift b/Sources/ContainerizationOCI/Client/RegistryClient+Fetch.swift new file mode 100644 index 0000000..08bece0 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient+Fetch.swift @@ -0,0 +1,237 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationError +import ContainerizationExtras +import Crypto +import Foundation +import NIOFoundationCompat + +#if os(macOS) +import _NIOFileSystem +#endif + +extension RegistryClient { + /// Resolve sends a HEAD request to the registry to find root manifest descriptor. + /// This descriptor serves as an entry point to retrieve resources from the registry. + public func resolve(name: String, tag: String) async throws -> Descriptor { + var components = base + + // Make HEAD request to retrieve the digest header + components.path = "/v2/\(name)/manifests/\(tag)" + + // The client should include an Accept header indicating which manifest content types it supports. + let mediaTypes = [ + MediaTypes.dockerManifest, + MediaTypes.dockerManifestList, + MediaTypes.imageManifest, + MediaTypes.index, + "*/*", + ] + + let headers = [ + ("Accept", mediaTypes.joined(separator: ", ")) + ] + + return try await request(components: components, method: .HEAD, headers: headers) { response in + guard response.status == .ok else { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + guard let digest = response.headers.first(name: "Docker-Content-Digest") else { + throw ContainerizationError(.invalidArgument, message: "missing required header Docker-Content-Digest") + } + + guard let type = response.headers.first(name: "Content-Type") else { + throw ContainerizationError(.invalidArgument, message: "missing required header Content-Type") + } + + guard let sizeStr = response.headers.first(name: "Content-Length") else { + throw ContainerizationError(.invalidArgument, message: "missing required header Content-Length") + } + + guard let size = Int64(sizeStr) else { + throw ContainerizationError(.invalidArgument, message: "cannot convert \(sizeStr) to Int64") + } + + return Descriptor(mediaType: type, digest: digest, size: size) + } + } + + /// Fetch resource (either manifest or blob) to memory with JSON decoding. + public func fetch(name: String, descriptor: Descriptor) async throws -> T { + var components = base + + let manifestTypes = [ + MediaTypes.dockerManifest, + MediaTypes.dockerManifestList, + MediaTypes.imageManifest, + MediaTypes.index, + ] + + let isManifest = manifestTypes.contains(where: { $0 == descriptor.mediaType }) + let resource = isManifest ? "manifests" : "blobs" + + components.path = "/v2/\(name)/\(resource)/\(descriptor.digest)" + + let mediaType = descriptor.mediaType + if mediaType.isEmpty { + throw ContainerizationError(.invalidArgument, message: "missing media type for descriptor \(descriptor.digest)") + } + + let headers = [ + ("Accept", mediaType) + ] + + return try await requestJSON(components: components, headers: headers) + } + + /// Fetch resource (either manifest or blob) to memory as raw `Data`. + public func fetchData(name: String, descriptor: Descriptor) async throws -> Data { + var components = base + + let manifestTypes = [ + MediaTypes.dockerManifest, + MediaTypes.dockerManifestList, + MediaTypes.imageManifest, + MediaTypes.index, + ] + + let isManifest = manifestTypes.contains(where: { $0 == descriptor.mediaType }) + let resource = isManifest ? "manifests" : "blobs" + + components.path = "/v2/\(name)/\(resource)/\(descriptor.digest)" + + let mediaType = descriptor.mediaType + if mediaType.isEmpty { + throw ContainerizationError(.invalidArgument, message: "missing media type for descriptor \(descriptor.digest)") + } + + let headers = [ + ("Accept", mediaType) + ] + + return try await requestData(components: components, headers: headers) + } + + /// Fetch a blob from remote registry. + /// This method is suitable for streaming data. + public func fetchBlob( + name: String, + descriptor: Descriptor, + closure: (Int64, HTTPClientResponse.Body) async throws -> Void + ) async throws { + var components = base + components.path = "/v2/\(name)/blobs/\(descriptor.digest)" + + let mediaType = descriptor.mediaType + if mediaType.isEmpty { + throw ContainerizationError(.invalidArgument, message: "missing media type for descriptor \(descriptor.digest)") + } + + let headers = [ + ("Accept", mediaType) + ] + + try await request(components: components, headers: headers) { response in + guard response.status == .ok else { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + // How many bytes to expect + guard let expectedBytes = response.headers.first(name: "Content-Length").flatMap(Int64.init) else { + throw ContainerizationError(.invalidArgument, message: "missing required header Content-Length") + } + + try await closure(expectedBytes, response.body) + } + } + + #if os(macOS) + /// Fetch a blob from remote registry and write the contents into a file in the provided directory. + public func fetchBlob(name: String, descriptor: Descriptor, into file: URL, progress: ProgressHandler?) async throws -> (Int64, SHA256Digest) { + var hasher = SHA256() + var received: Int64 = 0 + let fs = _NIOFileSystem.FileSystem.shared + let handle = try await fs.openFile(forWritingAt: FilePath(file.absolutePath()), options: .newFile(replaceExisting: true)) + var writer = handle.bufferedWriter() + do { + try await self.fetchBlob(name: name, descriptor: descriptor) { (size, body) in + var itr = body.makeAsyncIterator() + while let buf = try await itr.next() { + let readBytes = Int64(buf.readableBytes) + received += readBytes + let written = try await writer.write(contentsOf: buf) + await progress?([ + .addSize(written) + ]) + guard written == readBytes else { + throw ContainerizationError( + .internalError, + message: "could not write \(readBytes) bytes to file \(file)" + ) + } + hasher.update(data: buf.readableBytesView) + } + } + try await writer.flush() + try await handle.close() + } catch { + do { + try await handle.close() + } catch { + // Use `detachUnsafeFileDescriptor()` as suggested by the error message to prevent a leak detection crash when `close()` fails. + _ = try handle.detachUnsafeFileDescriptor() + } + throw error + } + let computedDigest = hasher.finalize() + return (received, computedDigest) + } + #else + /// Fetch a blob from remote registry and write the contents into a file in the provided directory. + public func fetchBlob(name: String, descriptor: Descriptor, into file: URL, progress: ProgressHandler?) async throws -> (Int64, SHA256Digest) { + var hasher = SHA256() + var received: Int64 = 0 + guard FileManager.default.createFile(atPath: file.path, contents: nil) else { + throw ContainerizationError(.internalError, message: "cannot create file at path \(file.path)") + } + try await self.fetchBlob(name: name, descriptor: descriptor) { (size, body) in + let fd = try FileHandle(forWritingTo: file) + defer { + try? fd.close() + } + var itr = body.makeAsyncIterator() + while let buf = try await itr.next() { + let readBytes = Int64(buf.readableBytes) + received += readBytes + await progress?([ + .addSize(readBytes) + ]) + try fd.write(contentsOf: buf.readableBytesView) + hasher.update(data: buf.readableBytesView) + } + } + let computedDigest = hasher.finalize() + return (received, computedDigest) + } + #endif +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient+Push.swift b/Sources/ContainerizationOCI/Client/RegistryClient+Push.swift new file mode 100644 index 0000000..dc056ba --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient+Push.swift @@ -0,0 +1,181 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationError +import ContainerizationExtras +import Foundation +import NIO + +extension RegistryClient { + /// Pushes the content specified by a descriptor to a remote registry. + /// - Parameters: + /// - name: The namespace which the descriptor should belong under. + /// - tag: The tag or digest for uniquely identifying the manifest. + /// By convention, any portion that may be a partial or whole digest + /// will be proceeded by an `@`. Anything preceding the `@` will be referred + /// to as "tag". + /// This is usually broken down into the following possibilities: + /// 1. + /// 2. @ + /// 3. @ + /// The tag is anything except `@` and `:`, and digest is anything after the `@` + /// - descriptor: The OCI descriptor of the content to be pushed. + /// - streamGenerator: A closure that produces an`AsyncStream` of `ByteBuffer` + /// for streaming data to the `HTTPClientRequest.Body`. + /// The caller is responsible for providing the `AsyncStream` where the data may come from + /// a file on disk, data in memory, etc. + /// - progress: The progress handler to invoke as data is sent. + public func push( + name: String, + ref tag: String, + descriptor: Descriptor, + streamGenerator: () throws -> T, + progress: ProgressHandler? + ) async throws where T.Element == ByteBuffer { + var components = base + + let mediaType = descriptor.mediaType + if mediaType.isEmpty { + throw ContainerizationError(.invalidArgument, message: "missing media type for descriptor \(descriptor.digest)") + } + + var isManifest = false + var existCheck: [String] = [] + + switch mediaType { + case MediaTypes.dockerManifest, MediaTypes.dockerManifestList, MediaTypes.imageManifest, MediaTypes.index: + isManifest = true + existCheck = self.getManifestPath(tag: tag, digest: descriptor.digest) + default: + existCheck = ["blobs", descriptor.digest] + } + + // Check if the content already exists. + components.path = "/v2/\(name)/\(existCheck.joined(separator: "/"))" + + let mediaTypes = [ + mediaType, + "*/*", + ] + + var headers = [ + ("Accept", mediaTypes.joined(separator: ", ")) + ] + + try await request(components: components, method: .HEAD, headers: headers) { response in + if response.status == .ok { + var exists = false + if isManifest && existCheck[1] != descriptor.digest { + if descriptor.digest == response.headers.first(name: "Docker-Content-Digest") { + exists = true + } + } else { + exists = true + } + + if exists { + throw ContainerizationError(.exists, message: "content already exists \(descriptor.digest)") + } + } else if response.status != .notFound { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + } + + if isManifest { + let path = self.getManifestPath(tag: tag, digest: descriptor.digest) + components.path = "/v2/\(name)/\(path.joined(separator: "/"))" + headers = [ + ("Content-Type", mediaType) + ] + } else { + // Start upload request for blobs. + components.path = "/v2/\(name)/blobs/uploads/" + try await request(components: components, method: .POST) { response in + switch response.status { + case .ok, .accepted, .noContent: + break + case .created: + throw ContainerizationError(.exists, message: "content already exists \(descriptor.digest)") + default: + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + // Get the location to upload the blob. + guard let location = response.headers.first(name: "Location") else { + throw ContainerizationError(.invalidArgument, message: "missing required header Location") + } + + guard let urlComponents = URLComponents(string: location) else { + throw ContainerizationError(.invalidArgument, message: "invalid url \(location)") + } + var queryItems = urlComponents.queryItems ?? [] + queryItems.append(URLQueryItem(name: "digest", value: descriptor.digest)) + components.path = urlComponents.path + components.queryItems = queryItems + headers = [ + ("Content-Type", "application/octet-stream"), + ("Content-Length", String(descriptor.size)), + ] + } + } + + // We have to pass a body closure rather than a body to reset the stream when retrying. + let bodyClosure = { + let stream = try streamGenerator() + let body = HTTPClientRequest.Body.stream(stream, length: .known(descriptor.size)) + return body + } + + return try await request(components: components, method: .PUT, bodyClosure: bodyClosure, headers: headers) { response in + switch response.status { + case .ok, .created, .noContent: + break + default: + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + guard descriptor.digest == response.headers.first(name: "Docker-Content-Digest") else { + let required = response.headers.first(name: "Docker-Content-Digest") ?? "" + throw ContainerizationError(.internalError, message: "digest mismatch \(descriptor.digest) != \(required)") + } + } + } + + private func getManifestPath(tag: String, digest: String) -> [String] { + var object = tag + if let i = tag.firstIndex(of: "@") { + let index = tag.index(after: i) + if String(tag[index...]) != digest { + object = "" + } else { + object = String(tag[...i]) + } + } + + if object == "" { + return ["manifests", digest] + } + + return ["manifests", object] + } +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient+Referrers.swift b/Sources/ContainerizationOCI/Client/RegistryClient+Referrers.swift new file mode 100644 index 0000000..2c076a1 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient+Referrers.swift @@ -0,0 +1,91 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationError +import Foundation +import NIOFoundationCompat + +extension RegistryClient { + /// Query the OCI referrers API for artifacts that reference a given manifest digest. + /// + /// Implements `GET /v2/{name}/referrers/{digest}` from the OCI Distribution Spec v1.1. + /// Falls back to the referrers tag schema when the API is not available (404). + /// + /// - Parameters: + /// - name: The repository name (e.g., "library/ubuntu"). + /// - digest: The digest of the subject manifest (e.g., "sha256:abc123..."). + /// - artifactType: Optional filter to return only referrers with a matching artifactType. + /// - Returns: An `Index` whose `manifests` array contains descriptors of referring artifacts. + /// Returns an empty index if the registry does not support the referrers API + /// and no tag schema fallback is available. + public func referrers(name: String, digest: String, artifactType: String? = nil) async throws -> Index { + var components = base + components.path = "/v2/\(name)/referrers/\(digest)" + + if let artifactType { + components.queryItems = [URLQueryItem(name: "artifactType", value: artifactType)] + } + + let headers = [("Accept", MediaTypes.index)] + + let result: Index = try await request(components: components, method: .GET, headers: headers) { response in + if response.status == .notFound { + return await self.referrersTagFallback(name: name, digest: digest, artifactType: artifactType) + } + + guard response.status == .ok else { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + let buffer = try await response.body.collect(upTo: self.bufferSize) + return try JSONDecoder().decode(Index.self, from: buffer) + } + + return result + } + + /// Fallback for registries that don't support the referrers API. + /// + /// Uses the OCI referrers tag schema: referrers for a digest are stored as an + /// index at the tag `-` (e.g., `sha256-abc123...`). + private func referrersTagFallback(name: String, digest: String, artifactType: String? = nil) async -> Index { + let referrerTag = digest.replacingOccurrences(of: ":", with: "-") + + let descriptor: Descriptor + do { + descriptor = try await resolve(name: name, tag: referrerTag) + } catch { + return Index(schemaVersion: 2, manifests: []) + } + + let index: Index + do { + index = try await fetch(name: name, descriptor: descriptor) + } catch { + return Index(schemaVersion: 2, manifests: []) + } + + guard let artifactType else { + return index + } + + let filtered = index.manifests.filter { $0.artifactType == artifactType } + return Index(schemaVersion: 2, manifests: filtered) + } +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient+Token.swift b/Sources/ContainerizationOCI/Client/RegistryClient+Token.swift new file mode 100644 index 0000000..5dd9350 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient+Token.swift @@ -0,0 +1,210 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationError +import Foundation + +struct TokenRequest { + public static let authenticateHeaderName = "WWW-Authenticate" + + /// The credentials that will be used in the authentication header when fetching the token. + let authentication: Authentication? + /// The realm against which the token should be requested. + let realm: String + /// The name of the service which hosts the resource. + let service: String + /// Whether to return a refresh token along with the bearer token. + let offlineToken: Bool + /// String identifying the client. + let clientId: String + /// The resource in question, formatted as one of the space-delimited entries from the scope parameters from the WWW-Authenticate header shown above. + let scope: String? + + init( + realm: String, + service: String, + clientId: String, + scope: String?, + offlineToken: Bool = false, + authentication: Authentication? = nil + ) { + self.realm = realm + self.service = service + self.offlineToken = offlineToken + self.clientId = clientId + self.scope = scope + self.authentication = authentication + } +} + +struct TokenResponse: Codable, Hashable { + /// An opaque Bearer token that clients should supply to subsequent requests in the Authorization header. + let token: String? + /// For compatibility with OAuth 2.0, we will also accept token under the name access_token. + /// At least one of these fields must be specified, but both may also appear (for compatibility with older clients). + /// When both are specified, they should be equivalent; if they differ the client's choice is undefined. + let accessToken: String? + /// The duration in seconds since the token was issued that it will remain valid. + /// When omitted, this defaults to 60 seconds. + let expiresIn: UInt? + /// The RFC3339-serialized UTC standard time at which a given token was issued. + /// If issued_at is omitted, the expiration is from when the token exchange completed. + let issuedAt: String? + /// Token which can be used to get additional access tokens for the same subject with different scopes. + /// This token should be kept secure by the client and only sent to the authorization server which issues bearer tokens. + /// This field will only be set when `offline_token=true` is provided in the request. + let refreshToken: String? + + var scope: String? + + private enum CodingKeys: String, CodingKey { + case token = "token" + case accessToken = "access_token" + case expiresIn = "expires_in" + case issuedAt = "issued_at" + case refreshToken = "refresh_token" + } + + func getToken() -> String? { + if let t = token ?? accessToken { + return "Bearer \(t)" + } + return nil + } + + func isValid(scope: String?) -> Bool { + guard let issuedAt else { + return false + } + let isoFormatter = ISO8601DateFormatter() + isoFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds] + guard let issued = isoFormatter.date(from: issuedAt) else { + return false + } + let expiresIn = expiresIn ?? 0 + let now = Date() + let elapsed = now.timeIntervalSince(issued) + guard elapsed < Double(expiresIn) else { + return false + } + if let requiredScope = scope { + return requiredScope == self.scope + } + return false + } +} + +struct AuthenticateChallenge: Equatable { + let type: String + let realm: String? + let service: String? + let scope: String? + let error: String? + + init(type: String, realm: String?, service: String?, scope: String?, error: String?) { + self.type = type + self.realm = realm + self.service = service + self.scope = scope + self.error = error + } + + init(type: String, values: [String: String]) { + self.type = type + self.realm = values["realm"] + self.service = values["service"] + self.scope = values["scope"] + self.error = values["error"] + } +} + +extension RegistryClient { + /// Fetch an auto token for all subsequent HTTP requests + /// See https://docs.docker.com/registry/spec/auth/token/ + internal func fetchToken(request: TokenRequest) async throws -> TokenResponse { + guard var components = URLComponents(string: request.realm) else { + throw ContainerizationError(.invalidArgument, message: "cannot create URL from \(request.realm)") + } + components.queryItems = [ + URLQueryItem(name: "client_id", value: request.clientId), + URLQueryItem(name: "service", value: request.service), + ] + var scope = "" + if let reqScope = request.scope { + scope = reqScope + components.queryItems?.append(URLQueryItem(name: "scope", value: reqScope)) + } + + if request.offlineToken { + components.queryItems?.append(URLQueryItem(name: "offline_token", value: "true")) + } + var response: TokenResponse = try await requestJSON(components: components, headers: []) + response.scope = scope + return response + } + + internal func createTokenRequest(parsing authenticateHeaders: [String]) throws -> TokenRequest { + let parsedHeaders = Self.parseWWWAuthenticateHeaders(headers: authenticateHeaders) + let bearerChallenge = parsedHeaders.first { $0.type == "Bearer" } + guard let bearerChallenge else { + throw ContainerizationError(.invalidArgument, message: "missing Bearer challenge in \(TokenRequest.authenticateHeaderName) header") + } + guard let realm = bearerChallenge.realm else { + throw ContainerizationError(.invalidArgument, message: "cannot parse realm from \(TokenRequest.authenticateHeaderName) header") + } + guard let service = bearerChallenge.service else { + throw ContainerizationError(.invalidArgument, message: "cannot parse service from \(TokenRequest.authenticateHeaderName) header") + } + let scope = bearerChallenge.scope + let tokenRequest = TokenRequest(realm: realm, service: service, clientId: self.clientID, scope: scope, authentication: self.authentication) + return tokenRequest + } + + internal static func parseWWWAuthenticateHeaders(headers: [String]) -> [AuthenticateChallenge] { + var parsed: [String: [String: String]] = [:] + for challenge in headers { + let trimmedChallenge = challenge.trimmingCharacters(in: .whitespacesAndNewlines) + let parts = trimmedChallenge.split(separator: " ", maxSplits: 1) + guard parts.count == 2 else { + continue + } + guard let scheme = parts.first else { + continue + } + var params: [String: String] = [:] + let header = String(parts[1]) + let pattern = #"(\w+)="([^"]+)"# + let regex = try! NSRegularExpression(pattern: pattern, options: []) + let matches = regex.matches(in: header, options: [], range: NSRange(header.startIndex..., in: header)) + for match in matches { + if let keyRange = Range(match.range(at: 1), in: header), + let valueRange = Range(match.range(at: 2), in: header) + { + let key = String(header[keyRange]) + let value = String(header[valueRange]) + params[key] = value + } + } + parsed[String(scheme)] = params + } + var parsedChallenges: [AuthenticateChallenge] = [] + for (type, values) in parsed { + parsedChallenges.append(.init(type: type, values: values)) + } + return parsedChallenges + } +} diff --git a/Sources/ContainerizationOCI/Client/RegistryClient.swift b/Sources/ContainerizationOCI/Client/RegistryClient.swift new file mode 100644 index 0000000..14f3142 --- /dev/null +++ b/Sources/ContainerizationOCI/Client/RegistryClient.swift @@ -0,0 +1,306 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationError +import ContainerizationExtras +import ContainerizationOS +import Foundation +import Logging +import NIO +import NIOHTTP1 +import NIOSSL + +#if os(macOS) +import Network +#endif + +/// Data used to control retry behavior for `RegistryClient`. +public struct RetryOptions: Sendable { + /// The maximum number of retries to attempt before failing. + public var maxRetries: Int + /// The retry interval in nanoseconds. + public var retryInterval: UInt64 + /// A provided closure to handle if a given HTTP response should be + /// retried. + public var shouldRetry: (@Sendable (HTTPClientResponse) -> Bool)? + + public init(maxRetries: Int, retryInterval: UInt64, shouldRetry: (@Sendable (HTTPClientResponse) -> Bool)? = nil) { + self.maxRetries = maxRetries + self.retryInterval = retryInterval + self.shouldRetry = shouldRetry + } +} + +/// A client for interacting with OCI compliant container registries. +public final class RegistryClient: ContentClient { + private static let defaultRetryOptions = RetryOptions( + maxRetries: 3, + retryInterval: 1_000_000_000, + shouldRetry: ({ response in + response.status.code >= 500 + }) + ) + + let client: HTTPClient + let proxyURL: URL? + let base: URLComponents + let clientID: String + let authentication: Authentication? + let retryOptions: RetryOptions? + let bufferSize: Int + + public convenience init( + reference: String, + insecure: Bool = false, + auth: Authentication? = nil, + tlsConfiguration: TLSConfiguration? = nil, + logger: Logger? = nil, + ) throws { + let ref = try Reference.parse(reference) + guard let domain = ref.resolvedDomain else { + throw ContainerizationError(.invalidArgument, message: "invalid domain for image reference \(reference)") + } + let scheme = insecure ? "http" : "https" + let _url = "\(scheme)://\(domain)" + guard let url = URL(string: _url) else { + throw ContainerizationError(.invalidArgument, message: "cannot convert \(_url) to URL") + } + guard let host = url.host else { + throw ContainerizationError(.invalidArgument, message: "invalid host \(domain)") + } + let port = url.port + self.init( + host: host, + scheme: scheme, + port: port, + authentication: auth, + retryOptions: Self.defaultRetryOptions, + tlsConfiguration: tlsConfiguration, + ) + } + + public init( + host: String, + scheme: String? = "https", + port: Int? = nil, + authentication: Authentication? = nil, + clientID: String? = nil, + retryOptions: RetryOptions? = nil, + bufferSize: Int = Int(4.mib()), + tlsConfiguration: TLSConfiguration? = nil, + logger: Logger? = nil, + ) { + var components = URLComponents() + components.scheme = scheme + components.host = host + components.port = port + + self.base = components + self.clientID = clientID ?? "containerization-registry-client" + self.authentication = authentication + self.retryOptions = retryOptions + self.bufferSize = bufferSize + var httpConfiguration = HTTPClient.Configuration() + + // proxy configuration assumes all client requests will go to `base` URL + self.proxyURL = ProxyUtils.proxyFromEnvironment(scheme: scheme, host: host) + if let proxyURL = self.proxyURL, let proxyHost = proxyURL.host { + let proxyPort = proxyURL.port ?? (proxyURL.scheme == "https" ? 443 : 80) + httpConfiguration.proxy = HTTPClient.Configuration.Proxy.server(host: proxyHost, port: proxyPort) + } + if tlsConfiguration != nil { + httpConfiguration.tlsConfiguration = tlsConfiguration + } + + if let logger { + self.client = HTTPClient(eventLoopGroupProvider: .singleton, configuration: httpConfiguration, backgroundActivityLogger: logger) + } else { + self.client = HTTPClient(eventLoopGroupProvider: .singleton, configuration: httpConfiguration) + } + } + + deinit { + _ = client.shutdown() + } + + func host() -> String { + base.host ?? "" + } + + internal func request( + components: URLComponents, + method: HTTPMethod = .GET, + bodyClosure: () throws -> HTTPClientRequest.Body? = { nil }, + headers: [(String, String)]? = nil, + closure: (HTTPClientResponse) async throws -> T + ) async throws -> T { + guard let path = components.url?.absoluteString else { + throw ContainerizationError(.invalidArgument, message: "invalid url \(components.path)") + } + + var request = HTTPClientRequest(url: path) + request.method = method + + var currentToken: TokenResponse? + let token: String? = try await { + if let basicAuth = authentication { + return try await basicAuth.token() + } + return nil + }() + + if let token { + request.headers.add(name: "Authorization", value: "\(token)") + } + + // Add any arbitrary headers + headers?.forEach { (k, v) in request.headers.add(name: k, value: v) } + var retryCount = 0 + var response: HTTPClientResponse? + while true { + request.body = try bodyClosure() + do { + let _response = try await client.execute(request, deadline: .distantFuture) + response = _response + if _response.status == .unauthorized || _response.status == .forbidden { + let authHeader = _response.headers[TokenRequest.authenticateHeaderName] + let tokenRequest: TokenRequest + do { + tokenRequest = try self.createTokenRequest(parsing: authHeader) + } catch { + // The server did not tell us how to authenticate our requests, + // Or we do not support scheme the server is requesting for. + // Throw the 401/403 to the caller, and let them decide how to proceed. + throw RegistryClient.Error.invalidStatus(url: path, _response.status, reason: String(describing: error)) + } + if let ct = currentToken, ct.isValid(scope: tokenRequest.scope) { + break + } + + do { + let _currentToken = try await fetchToken(request: tokenRequest) + guard let token = _currentToken.getToken() else { + throw ContainerizationError(.internalError, message: "failed to fetch Bearer token") + } + currentToken = _currentToken + request.headers.replaceOrAdd(name: "Authorization", value: token) + retryCount += 1 + } catch let err as RegistryClient.Error { + guard case .invalidStatus(_, let status, _) = err else { + throw err + } + if status == .unauthorized || status == .forbidden { + throw RegistryClient.Error.invalidStatus(url: path, _response.status, reason: "access denied or wrong credentials") + } + + throw err + } + + continue + } else if _response.status == .badRequest && request.headers.contains(name: "Authorization") { + // Retry without basic auth + request.headers.remove(name: "Authorization") + retryCount += 1 + continue + } + guard let retryOptions = self.retryOptions else { + break + } + guard retryCount < retryOptions.maxRetries else { + break + } + guard let shouldRetry = retryOptions.shouldRetry, shouldRetry(_response) else { + break + } + retryCount += 1 + try await Task.sleep(nanoseconds: retryOptions.retryInterval) + continue + } catch let err as RegistryClient.Error { + throw err + } catch { + #if os(macOS) + if let err = error as? NWError { + if err.errorCode == kDNSServiceErr_NoSuchRecord { + let message: String + if let proxyURL = self.proxyURL, let proxyHost = proxyURL.host { + message = "failed to resolve either repository hostname \(host()) or proxy hostname \(proxyHost)" + } else { + message = "failed to resolve either repository hostname \(host())" + } + throw ContainerizationError(.internalError, message: message) + } + } + #endif + guard let retryOptions = self.retryOptions, retryCount < retryOptions.maxRetries else { + throw error + } + retryCount += 1 + try await Task.sleep(nanoseconds: retryOptions.retryInterval) + } + } + guard let response else { + throw ContainerizationError(.internalError, message: "invalid response") + } + return try await closure(response) + } + + internal func requestData( + components: URLComponents, + headers: [(String, String)]? = nil + ) async throws -> Data { + let bytes: ByteBuffer = try await requestBuffer(components: components, headers: headers) + return Data(buffer: bytes) + } + + internal func requestBuffer( + components: URLComponents, + headers: [(String, String)]? = nil + ) async throws -> ByteBuffer { + try await request(components: components, method: .GET, headers: headers) { response in + guard response.status == .ok else { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + + return try await response.body.collect(upTo: self.bufferSize) + } + } + + internal func requestJSON( + components: URLComponents, + headers: [(String, String)]? = nil + ) async throws -> T { + let buffer = try await self.requestBuffer(components: components, headers: headers) + return try JSONDecoder().decode(T.self, from: buffer) + } + + /// A minimal endpoint, mounted at /v2/ will provide version support information based on its response statuses. + /// See https://distribution.github.io/distribution/spec/api/#api-version-check + public func ping() async throws { + var components = base + components.path = "/v2/" + + try await request(components: components) { response in + guard response.status == .ok else { + let url = components.url?.absoluteString ?? "unknown" + let reason = await ErrorResponse.fromResponseBody(response.body)?.jsonString + throw Error.invalidStatus(url: url, response.status, reason: reason) + } + } + } +} diff --git a/Sources/ContainerizationOCI/Content/AsyncTypes.swift b/Sources/ContainerizationOCI/Content/AsyncTypes.swift new file mode 100644 index 0000000..518ab9c --- /dev/null +++ b/Sources/ContainerizationOCI/Content/AsyncTypes.swift @@ -0,0 +1,56 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +package actor AsyncStore { + private var _value: T? + + package init(_ value: T? = nil) { + self._value = value + } + + package func get() -> T? { + self._value + } + + package func set(_ value: T) { + self._value = value + } +} + +package actor AsyncSet { + private var buffer: Set + + package init(_ elements: S) where S.Element == T { + buffer = Set(elements) + } + + package var count: Int { + buffer.count + } + + package func insert(_ element: T) { + buffer.insert(element) + } + + @discardableResult + package func remove(_ element: T) -> T? { + buffer.remove(element) + } + + package func contains(_ element: T) -> Bool { + buffer.contains(element) + } +} diff --git a/Sources/ContainerizationOCI/Content/Content.swift b/Sources/ContainerizationOCI/Content/Content.swift new file mode 100644 index 0000000..acaacfc --- /dev/null +++ b/Sources/ContainerizationOCI/Content/Content.swift @@ -0,0 +1,59 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import Crypto +import Foundation +import NIOCore + +/// Protocol for defining a single OCI content +public protocol Content: Sendable { + /// URL to the content + var path: URL { get } + + /// sha256 of content + func digest() throws -> SHA256.Digest + + /// Size of content + func size() throws -> UInt64 + + /// Data representation of entire content + func data() throws -> Data + + /// Data representation partial content + func data(offset: UInt64, length: Int) throws -> Data? + + /// Decode the content into an object + func decode() throws -> T where T: Decodable +} + +/// Protocol defining methods to fetch and push OCI content +public protocol ContentClient: Sendable { + func fetch(name: String, descriptor: Descriptor) async throws -> T + + func fetchBlob(name: String, descriptor: Descriptor, into file: URL, progress: ProgressHandler?) async throws -> (Int64, SHA256Digest) + + func fetchData(name: String, descriptor: Descriptor) async throws -> Data + + func push( + name: String, + ref: String, + descriptor: Descriptor, + streamGenerator: () throws -> T, + progress: ProgressHandler? + ) async throws where T.Element == ByteBuffer + +} diff --git a/Sources/ContainerizationOCI/Content/ContentStoreProtocol.swift b/Sources/ContainerizationOCI/Content/ContentStoreProtocol.swift new file mode 100644 index 0000000..29bd139 --- /dev/null +++ b/Sources/ContainerizationOCI/Content/ContentStoreProtocol.swift @@ -0,0 +1,67 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Crypto +import Foundation + +/// Protocol for defining a content store where OCI image metadata and layers will be managed +/// and manipulated. +public protocol ContentStore: Sendable { + /// Retrieves a piece of Content based on the digest string. + /// Returns `nil` if the requested digest is not found. + func get(digest: String) async throws -> Content? + + /// Retrieves a specific content metadata type based on the digest string. + /// Returns `nil` if the requested digest is not found. + func get(digest: String) async throws -> T? + + /// Remove a list of digests in the content store. + @discardableResult + func delete(digests: [String]) async throws -> ([String], UInt64) + + /// Removes all content from the store except for the digests in the provided list. + @discardableResult + func delete(keeping: [String]) async throws -> ([String], UInt64) + + /// Creates a transactional write to the content store. + /// The function takes a closure given a temporary `URL` of the base directory which all contents should be written to. + /// This is transaction write where any failed operation in the closure (caught exception) will result in all contents written + /// in the closure to be deleted. + /// + /// If the closure succeeds, then all the content that have been written to the temporary `URL` will be moved into the actual + /// blobs path of the content store. + @discardableResult + func ingest(_ body: @Sendable @escaping (URL) async throws -> Void) async throws -> [String] + + /// Creates a new ingest session and returns the session ID and temporary ingest directory corresponding to the session. + /// The contents from the ingest directory are processed and moved into the content store once the session is marked complete. + /// This can be done by invoking the `completeIngestSession` method with the returned session ID. + func newIngestSession() async throws -> (id: String, ingestDir: URL) + + /// Completes a previously started ingest session corresponding to `id`. + /// The contents from the ingest directory from the session are moved into the content store atomically. + /// Any failure encountered will result in a transaction failure causing none of the contents to be ingested into the store. + @discardableResult + func completeIngestSession(_ id: String) async throws -> [String] + + /// Cancels a previously started ingest session corresponding to `id`. + /// The contents from the ingest directory corresponding to the session are removed. + func cancelIngestSession(_ id: String) async throws + + /// Total bytes allocated on disk for the content store, covering + /// committed blobs and any active ingest sessions. + func totalAllocatedSize() async throws -> UInt64 +} diff --git a/Sources/ContainerizationOCI/Content/ContentWriter.swift b/Sources/ContainerizationOCI/Content/ContentWriter.swift new file mode 100644 index 0000000..87b4c38 --- /dev/null +++ b/Sources/ContainerizationOCI/Content/ContentWriter.swift @@ -0,0 +1,137 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Crypto +import Foundation +import NIOCore + +/// Provides a context to write data into a directory. +public class ContentWriter { + private let base: URL + private let encoder = JSONEncoder() + + /// Create a new ContentWriter. + /// - Parameters: + /// - base: The URL to write content to. If this is not a directory a + /// ContainerizationError will be thrown with a code of .internalError. + public init(for base: URL) throws { + self.encoder.outputFormatting = [JSONEncoder.OutputFormatting.sortedKeys] + + self.base = base + var isDirectory = ObjCBool(true) + let exists = FileManager.default.fileExists(atPath: base.path, isDirectory: &isDirectory) + + guard exists && isDirectory.boolValue else { + throw ContainerizationError(.internalError, message: "cannot create ContentWriter for path \(base.absolutePath()), not a directory") + } + } + + /// Writes the data blob to the base URL provided in the constructor. + /// - Parameters: + /// - data: The data blob to write to a file under the base path. + @discardableResult + public func write(_ data: Data) throws -> (size: Int64, digest: SHA256.Digest) { + let digest = SHA256.hash(data: data) + let destination = base.appendingPathComponent(digest.encoded) + try data.write(to: destination) + return (Int64(data.count), digest) + } + + /// Reads the data present in the passed in URL and writes it to the base path. + /// - Parameters: + /// - url: The URL to read the data from. + @discardableResult + public func create(from url: URL) throws -> (size: Int64, digest: SHA256.Digest) { + let sourceFD = Foundation.open(url.path, O_RDONLY) + guard sourceFD >= 0 else { + let errCode = POSIXErrorCode(rawValue: errno) ?? .EINVAL + let err = POSIXError(errCode) + throw ContainerizationError(.internalError, message: "failed to open \(url.path) for reading", cause: err) + } + defer { close(sourceFD) } + + let tempURL = base.appendingPathComponent(UUID().uuidString) + let destFD = Foundation.open(tempURL.path, O_WRONLY | O_CREAT | O_TRUNC, 0o644) + guard destFD >= 0 else { + let errCode = POSIXErrorCode(rawValue: errno) ?? .EINVAL + let err = POSIXError(errCode) + throw ContainerizationError(.internalError, message: "failed to create temporary file at \(tempURL.absolutePath())", cause: err) + } + + let chunkSize = 1024 * 1024 // 1 MiB + let buf = UnsafeMutableRawBufferPointer.allocate(byteCount: chunkSize, alignment: 1) + defer { buf.deallocate() } + guard let baseAddress = buf.baseAddress else { + close(destFD) + try? FileManager.default.removeItem(at: tempURL) + throw ContainerizationError(.internalError, message: "failed to allocate read buffer of size \(chunkSize)") + } + + var hasher = SHA256() + var totalSize: Int64 = 0 + while true { + let n = read(sourceFD, baseAddress, chunkSize) + if n == 0 { break } + if n < 0 { + close(destFD) + let errCode = POSIXErrorCode(rawValue: errno) ?? .EINVAL + let err = POSIXError(errCode) + try? FileManager.default.removeItem(at: tempURL) + throw ContainerizationError(.internalError, message: "failed to read from \(url.path)", cause: err) + } + hasher.update(data: UnsafeRawBufferPointer(start: baseAddress, count: n)) + var written = 0 + while written < n { + let w = Foundation.write(destFD, baseAddress.advanced(by: written), n - written) + if w < 0 { + close(destFD) + let errCode = POSIXErrorCode(rawValue: errno) ?? .EINVAL + let err = POSIXError(errCode) + try? FileManager.default.removeItem(at: tempURL) + throw ContainerizationError(.internalError, message: "failed to write to \(tempURL.absolutePath())", cause: err) + } + written += w + } + totalSize += Int64(n) + } + close(destFD) + + let digest = hasher.finalize() + let destination = base.appendingPathComponent(digest.encoded) + do { + try FileManager.default.moveItem(at: tempURL, to: destination) + } catch let error as NSError { + guard error.code == NSFileWriteFileExistsError else { + throw error + } + try? FileManager.default.removeItem(at: tempURL) + } catch { + try? FileManager.default.removeItem(at: tempURL) + throw error + } + return (totalSize, digest) + } + + /// Encodes the passed in type as a JSON blob and writes it to the base path. + /// - Parameters: + /// - content: The type to convert to JSON. + @discardableResult + public func create(from content: T) throws -> (size: Int64, digest: SHA256.Digest) { + let data = try self.encoder.encode(content) + return try self.write(data) + } +} diff --git a/Sources/ContainerizationOCI/Content/LocalContent.swift b/Sources/ContainerizationOCI/Content/LocalContent.swift new file mode 100644 index 0000000..24a8e2f --- /dev/null +++ b/Sources/ContainerizationOCI/Content/LocalContent.swift @@ -0,0 +1,78 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Crypto +import Foundation + +public final class LocalContent: Content { + public let path: URL + private let file: FileHandle + + public init(path: URL) throws { + guard FileManager.default.fileExists(atPath: path.path) else { + throw ContainerizationError(.notFound, message: "content at path \(path.absolutePath())") + } + + self.file = try FileHandle(forReadingFrom: path) + self.path = path + } + + public func digest() throws -> SHA256.Digest { + let bufferSize = 64 * 1024 // 64 KB + var hasher = SHA256() + + try self.file.seek(toOffset: 0) + while case let data = file.readData(ofLength: bufferSize), !data.isEmpty { + hasher.update(data: data) + } + + let digest = hasher.finalize() + + try self.file.seek(toOffset: 0) + return digest + } + + public func data(offset: UInt64 = 0, length size: Int = 0) throws -> Data? { + try file.seek(toOffset: offset) + if size == 0 { + return try file.readToEnd() + } + return try file.read(upToCount: size) + } + + public func data() throws -> Data { + try Data(contentsOf: self.path) + } + + public func size() throws -> UInt64 { + let fileAttrs = try FileManager.default.attributesOfItem(atPath: self.path.absolutePath()) + if let size = fileAttrs[FileAttributeKey.size] as? UInt64 { + return size + } + throw ContainerizationError(.internalError, message: "could not determine file size for \(path.absolutePath())") + } + + public func decode() throws -> T where T: Decodable { + let json = JSONDecoder() + let data = try Data(contentsOf: self.path) + return try json.decode(T.self, from: data) + } + + deinit { + try? self.file.close() + } +} diff --git a/Sources/ContainerizationOCI/Content/LocalContentStore.swift b/Sources/ContainerizationOCI/Content/LocalContentStore.swift new file mode 100644 index 0000000..8594d8b --- /dev/null +++ b/Sources/ContainerizationOCI/Content/LocalContentStore.swift @@ -0,0 +1,230 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint:disable unused_optional_binding + +import ContainerizationError +import ContainerizationExtras +import Crypto +import Foundation + +/// A `ContentStore` implementation that stores content on the local filesystem. +public actor LocalContentStore: ContentStore { + private static let encoder = JSONEncoder() + + private let _basePath: URL + private let _ingestPath: URL + private let _blobPath: URL + private let _lock: AsyncLock + + private var activeIngestSessions: AsyncSet = AsyncSet([]) + + /// Create a new `LocalContentStore`. + /// + /// - Parameters: + /// - path: The path where content should be written under. + public init(path: URL) throws { + let ingestPath = path.appendingPathComponent("ingest") + let blobPath = path.appendingPathComponent("blobs/sha256") + + let fileManager = FileManager.default + try fileManager.createDirectory(at: ingestPath, withIntermediateDirectories: true) + try fileManager.createDirectory(at: blobPath, withIntermediateDirectories: true) + + self._basePath = path + self._ingestPath = ingestPath + self._blobPath = blobPath + self._lock = AsyncLock() + Self.encoder.outputFormatting = .sortedKeys + } + + /// Get a piece of content from the store. Returns nil if not + /// found. + /// + /// - Parameters: + /// - digest: The string digest of the content. + public func get(digest: String) throws -> Content? { + let d = digest.trimmingDigestPrefix + let path = self._blobPath.appendingPathComponent(d) + do { + return try LocalContent(path: path) + } catch let err as ContainerizationError { + switch err.code { + case .notFound: + return nil + default: + throw err + } + } + } + + /// Get a piece of content from the store and return the decoded version of + /// it. + /// + /// - Parameters: + /// - digest: The string digest of the content. + public func get(digest: String) throws -> T? { + guard let content: Content = try self.get(digest: digest) else { + return nil + } + return try content.decode() + } + + /// Delete all content besides a set provided. + /// + /// - Parameters: + /// - keeping: The set of string digests to keep. + public func delete(keeping: [String]) async throws -> ([String], UInt64) { + let fileManager = FileManager.default + let all = try fileManager.contentsOfDirectory(at: self._blobPath, includingPropertiesForKeys: nil) + let allDigests = Set(all.map { $0.lastPathComponent }) + let toDelete = allDigests.subtracting(keeping) + return try await self.delete(digests: Array(toDelete)) + } + + /// Delete a specific set of content. + /// + /// - Parameters: + /// - digests: Array of strings denoting the digests of the content to delete. + @discardableResult + public func delete(digests: [String]) async throws -> ([String], UInt64) { + let store = AsyncStore<([String], UInt64)>() + try await self._lock.withLock { context in + let fileManager = FileManager.default + var deleted: [String] = [] + var deletedBytes: UInt64 = 0 + for toDelete in digests { + let p = self._blobPath.appendingPathComponent(toDelete) + guard let content = try? LocalContent(path: p) else { + continue + } + deletedBytes += try content.size() + try fileManager.removeItem(at: p) + deleted.append(toDelete) + } + await store.set((deleted, deletedBytes)) + } + return await store.get() ?? ([], 0) + } + + /// Creates a transactional write to the content store. + /// + /// - Parameters: + /// - body: Closure that is given a temporary `URL` of the base directory which all contents should be written to. + /// This is a transaction write where any failed operation in the closure (caught exception) will result in all contents written + /// in the closure to be deleted. If the closure succeeds, then all the content that have been written to the temporary `URL` + /// will be moved into the actual blobs path of the content store. + @discardableResult + public func ingest(_ body: @Sendable @escaping (URL) async throws -> Void) async throws -> [String] { + let (id, tempPath) = try await self.newIngestSession() + try await body(tempPath) + return try await self.completeIngestSession(id) + } + + /// Creates a new ingest session and returns the session ID and temporary ingest directory corresponding to the session. + /// The contents from the ingest directory are processed and moved into the content store once the session is marked complete. + /// This can be done by invoking the `completeIngestSession` method with the returned session ID. + public func newIngestSession() async throws -> (id: String, ingestDir: URL) { + let id = UUID().uuidString + let temporaryPath = self._ingestPath.appendingPathComponent(id) + let fileManager = FileManager.default + try fileManager.createDirectory(atPath: temporaryPath.path, withIntermediateDirectories: true) + await self.activeIngestSessions.insert(id) + return (id, temporaryPath) + } + + /// Completes a previously started ingest session corresponding to `id`. The contents from the ingest + /// directory from the session are moved into the content store atomically. Any failure encountered will + /// result in a transaction failure causing none of the contents to be ingested into the store. + /// - Parameters: + /// - id: id of the ingest session to complete. + @discardableResult + public func completeIngestSession(_ id: String) async throws -> [String] { + guard await activeIngestSessions.contains(id) else { + throw ContainerizationError(.internalError, message: "invalid session id \(id)") + } + await activeIngestSessions.remove(id) + let temporaryPath = self._ingestPath.appendingPathComponent(id) + let fileManager = FileManager.default + defer { + try? fileManager.removeItem(at: temporaryPath) + } + let tempDigests: [URL] = try fileManager.contentsOfDirectory(at: temporaryPath, includingPropertiesForKeys: nil) + return try await self._lock.withLock { context in + var moved: [String] = [] + let fileManager = FileManager.default + do { + try tempDigests.forEach { + let digest = $0.lastPathComponent + let target = self._blobPath.appendingPathComponent(digest) + // only ingest if not exists + if !fileManager.fileExists(atPath: target.path) { + try fileManager.moveItem(at: $0, to: target) + moved.append(digest) + } + } + } catch { + moved.forEach { + try? fileManager.removeItem(at: self._blobPath.appendingPathComponent($0)) + } + throw error + } + return tempDigests.map { $0.lastPathComponent } + } + } + + /// Cancels a previously started ingest session corresponding to `id`. + /// The contents from the ingest directory corresponding to the session are removed. + /// - Parameters: + /// - id: id of the ingest session to complete. + public func cancelIngestSession(_ id: String) async throws { + guard let _ = await self.activeIngestSessions.remove(id) else { + return + } + let temporaryPath = self._ingestPath.appendingPathComponent(id) + let fileManager = FileManager.default + try? fileManager.removeItem(at: temporaryPath) + } + + /// Total bytes allocated on disk for the content store, covering + /// committed blobs and any active ingest sessions. + public func totalAllocatedSize() throws -> UInt64 { + let fileManager = FileManager.default + guard + let enumerator = fileManager.enumerator( + at: self._basePath, + includingPropertiesForKeys: [.totalFileAllocatedSizeKey, .isRegularFileKey], + options: [.skipsHiddenFiles] + ) + else { + throw ContainerizationError(.internalError, message: "failed to enumerate content store at \(self._basePath.path)") + } + var size: UInt64 = 0 + for case let fileURL as URL in enumerator { + guard let values = try? fileURL.resourceValues(forKeys: [.totalFileAllocatedSizeKey, .isRegularFileKey]), values.isRegularFile == true, + let fileSize = values.totalFileAllocatedSize + else { + // Skip directories and other non-regular entries. On Linux, + // `.totalFileAllocatedSizeKey` reports block allocation for + // directories, which would otherwise count empty-store + // inode overhead as content. + continue + } + size += UInt64(fileSize) + } + return size + } +} diff --git a/Sources/ContainerizationOCI/Content/SHA256+Extensions.swift b/Sources/ContainerizationOCI/Content/SHA256+Extensions.swift new file mode 100644 index 0000000..783a848 --- /dev/null +++ b/Sources/ContainerizationOCI/Content/SHA256+Extensions.swift @@ -0,0 +1,32 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Crypto +import Foundation + +extension SHA256.Digest { + /// Returns the digest as a string. + public var digestString: String { + let parts = self.description.split(separator: ": ") + return "sha256:\(parts[1])" + } + + /// Returns the digest without a 'sha256:' prefix. + public var encoded: String { + let parts = self.description.split(separator: ": ") + return String(parts[1]) + } +} diff --git a/Sources/ContainerizationOCI/Content/String+Extension.swift b/Sources/ContainerizationOCI/Content/String+Extension.swift new file mode 100644 index 0000000..cff8cbd --- /dev/null +++ b/Sources/ContainerizationOCI/Content/String+Extension.swift @@ -0,0 +1,26 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension String { + /// Removes any prefix (sha256:) from a digest string. + public var trimmingDigestPrefix: String { + let split = self.split(separator: ":") + if split.count == 2 { + return String(split[1]) + } + return self + } +} diff --git a/Sources/ContainerizationOCI/Content/URL+Extensions.swift b/Sources/ContainerizationOCI/Content/URL+Extensions.swift new file mode 100644 index 0000000..6c6fd06 --- /dev/null +++ b/Sources/ContainerizationOCI/Content/URL+Extensions.swift @@ -0,0 +1,36 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension URL { + /// Returns the unescaped absolutePath of a URL joined by separator. + public func absolutePath() -> String { + #if os(macOS) + return self.path(percentEncoded: false) + #else + return self.path + #endif + } + + /// Returns the domain name of a registry. + public var domain: String? { + guard let host = self.absoluteString.split(separator: ":").first else { + return nil + } + return String(host) + } +} diff --git a/Sources/ContainerizationOCI/Descriptor.swift b/Sources/ContainerizationOCI/Descriptor.swift new file mode 100644 index 0000000..4606ade --- /dev/null +++ b/Sources/ContainerizationOCI/Descriptor.swift @@ -0,0 +1,62 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// Source: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/descriptor.go + +import Foundation + +/// Descriptor describes the disposition of targeted content. +/// This structure provides `application/vnd.oci.descriptor.v1+json` mediatype +/// when marshalled to JSON. +public struct Descriptor: Codable, Sendable, Equatable { + /// mediaType is the media type of the object this schema refers to. + public let mediaType: String + + /// digest is the digest of the targeted content. + public let digest: String + + /// size specifies the size in bytes of the blob. + public let size: Int64 + + /// urls specifies a list of URLs from which this object MAY be downloaded. + public let urls: [String]? + + /// annotations contains arbitrary metadata relating to the targeted content. + public var annotations: [String: String]? + + /// platform describes the platform which the image in the manifest runs on. + /// + /// This should only be used when referring to a manifest. + public var platform: Platform? + + /// artifactType specifies the IANA media type of the artifact. + /// + /// Used in referrers API responses to indicate the type of each referring artifact. + public let artifactType: String? + + public init( + mediaType: String, digest: String, size: Int64, urls: [String]? = nil, annotations: [String: String]? = nil, + platform: Platform? = nil, artifactType: String? = nil + ) { + self.mediaType = mediaType + self.digest = digest + self.size = size + self.urls = urls + self.annotations = annotations + self.platform = platform + self.artifactType = artifactType + } +} diff --git a/Sources/ContainerizationOCI/FileManager+Size.swift b/Sources/ContainerizationOCI/FileManager+Size.swift new file mode 100644 index 0000000..fdbcf3b --- /dev/null +++ b/Sources/ContainerizationOCI/FileManager+Size.swift @@ -0,0 +1,31 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension FileManager { + func fileSize(atPath path: String) -> Int64? { + do { + let attributes = try attributesOfItem(atPath: path) + guard let fileSize = attributes[.size] as? NSNumber else { + return nil + } + return fileSize.int64Value + } catch { + return nil + } + } +} diff --git a/Sources/ContainerizationOCI/ImageConfig.swift b/Sources/ContainerizationOCI/ImageConfig.swift new file mode 100644 index 0000000..fcd20be --- /dev/null +++ b/Sources/ContainerizationOCI/ImageConfig.swift @@ -0,0 +1,173 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// Source: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/config.go + +import Foundation + +/// ImageConfig defines the execution parameters which should be used as a base when running a container using an image. +public struct ImageConfig: Codable, Sendable { + enum CodingKeys: String, CodingKey { + case user = "User" + case env = "Env" + case entrypoint = "Entrypoint" + case cmd = "Cmd" + case workingDir = "WorkingDir" + case labels = "Labels" + case stopSignal = "StopSignal" + } + + /// user defines the username or UID which the process in the container should run as. + public let user: String? + + /// env is a list of environment variables to be used in a container. + public let env: [String]? + + /// entrypoint defines a list of arguments to use as the command to execute when the container starts. + public let entrypoint: [String]? + + /// cmd defines the default arguments to the entrypoint of the container. + public let cmd: [String]? + + /// workingDir sets the current working directory of the entrypoint process in the container. + public let workingDir: String? + + /// labels contains arbitrary metadata for the container. + public let labels: [String: String]? + + /// stopSignal contains the system call signal that will be sent to the container to exit. + public let stopSignal: String? + + public init( + user: String? = nil, env: [String]? = nil, entrypoint: [String]? = nil, cmd: [String]? = nil, + workingDir: String? = nil, labels: [String: String]? = nil, stopSignal: String? = nil + ) { + self.user = user + self.env = env + self.entrypoint = entrypoint + self.cmd = cmd + self.workingDir = workingDir + self.labels = labels + self.stopSignal = stopSignal + } +} + +/// RootFS describes a layer content addresses +public struct Rootfs: Codable, Sendable { + enum CodingKeys: String, CodingKey { + case type + case diffIDs = "diff_ids" + } + + /// type is the type of the rootfs. + public let type: String + + /// diffIDs is an array of layer content hashes (DiffIDs), in order from bottom-most to top-most. + public let diffIDs: [String] + + public init(type: String, diffIDs: [String]) { + self.type = type + self.diffIDs = diffIDs + } +} + +/// History describes the history of a layer. +public struct History: Codable, Sendable { + enum CodingKeys: String, CodingKey { + case created + case createdBy = "created_by" + case author + case comment + case emptyLayer = "empty_layer" + } + + /// created is the combined date and time at which the layer was created, formatted as defined by RFC 3339, section 5.6. + public let created: String? + + /// createdBy is the command which created the layer. + public let createdBy: String? + + /// author is the author of the build point. + public let author: String? + + /// comment is a custom message set when creating the layer. + public let comment: String? + + /// emptyLayer is used to mark if the history item created a filesystem diff. + public let emptyLayer: Bool? + + public init( + created: String? = nil, createdBy: String? = nil, author: String? = nil, comment: String? = nil, + emptyLayer: Bool? = nil + ) { + self.created = created + self.createdBy = createdBy + self.author = author + self.comment = comment + self.emptyLayer = emptyLayer + } +} + +/// Image is the JSON structure which describes some basic information about the image. +/// This provides the `application/vnd.oci.image.config.v1+json` mediatype when marshalled to JSON. +public struct Image: Codable, Sendable { + /// created is the combined date and time at which the image was created, formatted as defined by RFC 3339, section 5.6. + public let created: String? + + /// author defines the name and/or email address of the person or entity which created and is responsible for maintaining the image. + public let author: String? + + /// architecture field specifies the CPU architecture, for example `amd64` or `ppc64`. + public let architecture: String + + /// os specifies the operating system, for example `linux` or `windows`. + public let os: String + + /// osVersion is an optional field specifying the operating system version, for example on Windows `10.0.14393.1066`. + public let osVersion: String? + + /// osFeatures is an optional field specifying an array of strings, each listing a required OS feature (for example on Windows `win32k`). + public let osFeatures: [String]? + + /// variant is an optional field specifying a variant of the CPU, for example `v7` to specify ARMv7 when architecture is `arm`. + public let variant: String? + + /// config defines the execution parameters which should be used as a base when running a container using the image. + public let config: ImageConfig? + + /// rootfs references the layer content addresses used by the image. + public let rootfs: Rootfs + + /// history describes the history of each layer. + public let history: [History]? + + public init( + created: String? = nil, author: String? = nil, architecture: String, os: String, osVersion: String? = nil, + osFeatures: [String]? = nil, variant: String? = nil, config: ImageConfig? = nil, rootfs: Rootfs, + history: [History]? = nil + ) { + self.created = created + self.author = author + self.architecture = architecture + self.os = os + self.osVersion = osVersion + self.osFeatures = osFeatures + self.variant = variant + self.config = config + self.rootfs = rootfs + self.history = history + } +} diff --git a/Sources/ContainerizationOCI/Index.swift b/Sources/ContainerizationOCI/Index.swift new file mode 100644 index 0000000..26f7c47 --- /dev/null +++ b/Sources/ContainerizationOCI/Index.swift @@ -0,0 +1,64 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// Source: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/index.go + +import Foundation + +/// Index references manifests for various platforms. +/// This structure provides `application/vnd.oci.image.index.v1+json` mediatype when marshalled to JSON. +public struct Index: Codable, Sendable { + /// schemaVersion is the image manifest schema that this image follows + public let schemaVersion: Int + + /// mediaType specifies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json` + /// This field is optional per the OCI Image Index Specification (omitempty) + public let mediaType: String + + /// manifests references platform specific manifests. + public var manifests: [Descriptor] + + /// annotations contains arbitrary metadata for the image index. + public var annotations: [String: String]? + + /// `subject` references another manifest this index is an artifact of. + public let subject: Descriptor? + + /// `artifactType` specifies the IANA media type of the artifact this index represents. + public let artifactType: String? + + public init( + schemaVersion: Int = 2, mediaType: String = MediaTypes.index, manifests: [Descriptor], + annotations: [String: String]? = nil, subject: Descriptor? = nil, artifactType: String? = nil + ) { + self.schemaVersion = schemaVersion + self.mediaType = mediaType + self.manifests = manifests + self.annotations = annotations + self.subject = subject + self.artifactType = artifactType + } + + public init(from decoder: Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + self.schemaVersion = try container.decode(Int.self, forKey: .schemaVersion) + self.mediaType = try container.decodeIfPresent(String.self, forKey: .mediaType) ?? "" + self.manifests = try container.decode([Descriptor].self, forKey: .manifests) + self.annotations = try container.decodeIfPresent([String: String].self, forKey: .annotations) + self.subject = try container.decodeIfPresent(Descriptor.self, forKey: .subject) + self.artifactType = try container.decodeIfPresent(String.self, forKey: .artifactType) + } +} diff --git a/Sources/ContainerizationOCI/Manifest.swift b/Sources/ContainerizationOCI/Manifest.swift new file mode 100644 index 0000000..ad3560e --- /dev/null +++ b/Sources/ContainerizationOCI/Manifest.swift @@ -0,0 +1,57 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// Source: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/manifest.go + +import Foundation + +/// Manifest provides `application/vnd.oci.image.manifest.v1+json` mediatype structure when marshalled to JSON. +public struct Manifest: Codable, Sendable { + /// `schemaVersion` is the image manifest schema that this image follows. + public let schemaVersion: Int + + /// `mediaType` specifies the type of this document data structure, e.g. `application/vnd.oci.image.manifest.v1+json`. + public let mediaType: String? + + /// `config` references a configuration object for a container, by digest. + /// The referenced configuration object is a JSON blob that the runtime uses to set up the container. + public let config: Descriptor + + /// `layers` is an indexed list of layers referenced by the manifest. + public let layers: [Descriptor] + + /// `annotations` contains arbitrary metadata for the image manifest. + public let annotations: [String: String]? + + /// `subject` references another manifest this manifest is an artifact of. + public let subject: Descriptor? + + /// `artifactType` specifies the IANA media type of the artifact this manifest represents. + public let artifactType: String? + + public init( + schemaVersion: Int = 2, mediaType: String = MediaTypes.imageManifest, config: Descriptor, layers: [Descriptor], + annotations: [String: String]? = nil, subject: Descriptor? = nil, artifactType: String? = nil + ) { + self.schemaVersion = schemaVersion + self.mediaType = mediaType + self.config = config + self.layers = layers + self.annotations = annotations + self.subject = subject + self.artifactType = artifactType + } +} diff --git a/Sources/ContainerizationOCI/MediaType.swift b/Sources/ContainerizationOCI/MediaType.swift new file mode 100644 index 0000000..89a1fb3 --- /dev/null +++ b/Sources/ContainerizationOCI/MediaType.swift @@ -0,0 +1,67 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// MediaTypes represent all supported OCI image content types for both metadata and layer formats. +/// Follows all distributable media types in: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/mediatype.go +public struct MediaTypes: Codable, Sendable { + /// Specifies the media type for a content descriptor. + public static let descriptor = "application/vnd.oci.descriptor.v1+json" + + /// Specifies the media type for the oci-layout. + public static let layoutHeader = "application/vnd.oci.layout.header.v1+json" + + /// Specifies the media type for an image index. + public static let index = "application/vnd.oci.image.index.v1+json" + + /// Specifies the media type for an image manifest. + public static let imageManifest = "application/vnd.oci.image.manifest.v1+json" + + /// Specifies the media type for the image configuration. + public static let imageConfig = "application/vnd.oci.image.config.v1+json" + + /// Specifies the media type for an unused blob containing the value "{}". + public static let emptyJSON = "application/vnd.oci.empty.v1+json" + + /// Specifies the media type for a Docker image manifest. + public static let dockerManifest = "application/vnd.docker.distribution.manifest.v2+json" + + /// Specifies the media type for a Docker image manifest list. + public static let dockerManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" + + /// The Docker media type used for image configurations. + public static let dockerImageConfig = "application/vnd.docker.container.image.v1+json" + + /// The media type used for layers referenced by the manifest. + public static let imageLayer = "application/vnd.oci.image.layer.v1.tar" + + /// The media type used for gzipped layers referenced by the manifest. + public static let imageLayerGzip = "application/vnd.oci.image.layer.v1.tar+gzip" + + /// The media type used for zstd compressed layers referenced by the manifest. + public static let imageLayerZstd = "application/vnd.oci.image.layer.v1.tar+zstd" + + /// The Docker media type used for uncompressed layers referenced by an image manifest. + public static let dockerImageLayer = "application/vnd.docker.image.rootfs.diff.tar" + + /// The Docker media type used for gzipped layers referenced by an image manifest. + public static let dockerImageLayerGzip = "application/vnd.docker.image.rootfs.diff.tar.gzip" + + /// The Docker media type used for zstd compressed layers referenced by an image manifest. + public static let dockerImageLayerZstd = "application/vnd.docker.image.rootfs.diff.tar.zstd" + + /// The media type used for in-toto attestations blobs. + public static let inTotoAttestationBlob = "application/vnd.in-toto+json" +} diff --git a/Sources/ContainerizationOCI/Platform.swift b/Sources/ContainerizationOCI/Platform.swift new file mode 100644 index 0000000..7455e01 --- /dev/null +++ b/Sources/ContainerizationOCI/Platform.swift @@ -0,0 +1,340 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// Source: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/config.go + +import ContainerizationError +import Foundation + +/// Platform describes the platform which the image in the manifest runs on. +public struct Platform: Sendable, Equatable { + /// Normalizes a raw architecture string (e.g. from uname) to its OCI equivalent. + static func normalizeArch(_ raw: String) -> (arch: String, variant: String?) { + switch raw { + case "aarch64", "arm64": + return ("arm64", "v8") + case "x86_64", "x86-64", "amd64": + return ("amd64", nil) + case "arm", "armhf", "armel": + return ("arm", "v7") + default: + return (raw, nil) + } + } + + public static var current: Self { + var systemInfo = utsname() + uname(&systemInfo) + let arch = withUnsafePointer(to: &systemInfo.machine) { + $0.withMemoryRebound(to: CChar.self, capacity: 1) { + String(cString: $0) + } + } + let normalized = normalizeArch(arch) + return .init(arch: normalized.arch, os: "linux", variant: normalized.variant) + } + + /// The computed description, for example, `linux/arm64/v8`. + public var description: String { + let architecture = architecture + if let variant = variant { + return "\(os)/\(architecture)/\(variant)" + } + return "\(os)/\(architecture)" + } + + /// The CPU architecture, for example, `amd64` or `arm64`. + public var architecture: String { + Self.normalizeArch(_rawArch).arch + } + + /// The operating system, for example, `linux` or `windows`. + public var os: String { + _rawOS + } + + /// An optional field specifying the operating system version, for example on Windows `10.0.14393.1066`. + public var osVersion: String? + + /// An optional field specifying an array of strings, each listing a required OS feature (for example on Windows `win32k`). + public var osFeatures: [String]? + + /// An optional field specifying a variant of the CPU, for example `v7` to specify ARMv7 when architecture is `arm`. + public var variant: String? + + /// The operation system of the image (eg. `linux`). + private let _rawOS: String + /// The CPU architecture (eg. `arm64`). + private let _rawArch: String + + public init(arch: String, os: String, osVersion: String? = nil, osFeatures: [String]? = nil, variant: String? = nil) { + self._rawArch = arch + self._rawOS = os + self.osVersion = osVersion + self.osFeatures = osFeatures + self.variant = variant + } + + /// Initializes a new platform from a string. + /// - Parameters: + /// - platform: A `string` value representing the platform. + /// ```swift + /// // Create a new `ImagePlatform` from string. + /// let platform = try Platform(from: "linux/amd64") + /// ``` + /// ## Throws ## + /// - Throws: `Error.missingOS` if input is empty + /// - Throws: `Error.invalidOS` if os is not `linux` + /// - Throws: `Error.missingArch` if only one `/` is present + /// - Throws: `Error.invalidArch` if an unrecognized architecture is provided + /// - Throws: `Error.invalidVariant` if a variant is provided, and it does not apply to the specified architecture + public init(from platform: String) throws { + let items = platform.split(separator: "/", maxSplits: 1) + guard let osValue = items.first else { + throw ContainerizationError(.invalidArgument, message: "missing OS in \(platform)") + } + switch osValue { + case "linux", "windows", "darwin": + _rawOS = osValue.description + default: + throw ContainerizationError(.invalidArgument, message: "unknown OS in \(osValue)") + } + guard items.count > 1 else { + throw ContainerizationError(.invalidArgument, message: "missing architecture in \(platform)") + } + + guard let archItems = items.last?.split(separator: "/", maxSplits: 1, omittingEmptySubsequences: false) else { + throw ContainerizationError(.invalidArgument, message: "missing architecture in \(platform)") + } + + guard let archName = archItems.first else { + throw ContainerizationError(.invalidArgument, message: "missing architecture in \(platform)") + } + + switch archName { + case "arm", "armhf", "armel": + _rawArch = "arm" + variant = "v7" + case "aarch64", "arm64": + variant = "v8" + _rawArch = "arm64" + case "x86_64", "x86-64", "amd64": + _rawArch = "amd64" + default: + _rawArch = archName.description + } + + if archItems.count == 2 { + guard let archVariant = archItems.last else { + throw ContainerizationError(.invalidArgument, message: "missing variant in \(platform)") + } + + switch archName { + case "arm": + switch archVariant { + case "v5", "v6", "v7", "v8": + variant = archVariant.description + default: + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + } + case "armhf": + switch archVariant { + case "v7": + variant = "v7" + default: + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + } + case "armel": + switch archVariant { + case "v6": + variant = "v6" + default: + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + } + case "aarch64", "arm64": + switch archVariant { + case "v8", "8": + variant = "v8" + default: + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + } + case "x86_64", "x86-64", "amd64": + switch archVariant { + case "v1": + variant = nil + default: + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + } + case "i386", "386", "ppc64le", "riscv64": + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + default: + throw ContainerizationError(.invalidArgument, message: "invalid variant \(archVariant)") + } + } + } + +} + +extension Platform: Hashable { + /// `~=` compares two platforms to check if **lhs** platform images are compatible with **rhs** platform + /// This operator can be used to check if an image of **lhs** platform can run on **rhs**: + /// - `true`: when **rhs**=`arm/v8`, **lhs** is any of `arm/v8`, `arm/v7`, `arm/v6` and `arm/v5` + /// - `true`: when **rhs**=`arm/v7`, **lhs** is any of `arm/v7`, `arm/v6` and `arm/v5` + /// - `true`: when **rhs**=`arm/v6`, **lhs** is any of `arm/v6` and `arm/v5` + /// - `true`: when **rhs**=`amd64`, **lhs** is any of `amd64` and `386` + /// - `true`: when **rhs**=**lhs** + /// - `false`: otherwise + /// - Parameters: + /// - lhs: platform whose compatibility is being checked + /// - rhs: platform against which compatibility is being checked + /// - Returns: `true | false` + public static func ~= (lhs: Platform, rhs: Platform) -> Bool { + if lhs.os == rhs.os { + if lhs._rawArch == rhs._rawArch { + switch rhs._rawArch { + case "arm": + guard let lVariant = lhs.variant else { + return lhs == rhs + } + guard let rVariant = rhs.variant else { + return lhs == rhs + } + switch rVariant { + case "v8": + switch lVariant { + case "v5", "v6", "v7", "v8": + return true + default: + return false + } + case "v7": + switch lVariant { + case "v5", "v6", "v7": + return true + default: + return false + } + case "v6": + switch lVariant { + case "v5", "v6": + return true + default: + return false + } + default: + return lhs == rhs + } + default: + return lhs == rhs + } + } + if lhs._rawArch == "386" && rhs._rawArch == "amd64" { + return true + } + } + return false + } + + /// `==` compares if **lhs** and **rhs** are the exact same platforms. + public static func == (lhs: Platform, rhs: Platform) -> Bool { + // NOTE: + // If the platform struct was created by setting the fields directly and not using (from: String) + // then, there is a possibility that for arm64 architecture, the variant may be set to nil + // In that case, the variant should be assumed to v8 + if lhs.architecture == "arm64" && rhs.architecture == "arm64" { + // The following checks effectively verify + // that one operand has nil value and other has "v8" + if lhs.variant == nil || rhs.variant == nil { + if lhs.variant == "v8" || rhs.variant == "v8" { + return true + } + } + } + + let osEqual = lhs.os == rhs.os + let archEqual = lhs.architecture == rhs.architecture + let variantEqual = lhs.variant == rhs.variant + + return osEqual && archEqual && variantEqual + } + + public func hash(into hasher: inout Swift.Hasher) { + hasher.combine(os) + hasher.combine(architecture) + // arm64 with no variant is equivalent to arm64/v8 per the == implementation + if architecture == "arm64" { + hasher.combine(variant ?? "v8") + } else { + hasher.combine(variant) + } + } +} + +extension Platform: Codable { + + enum CodingKeys: String, CodingKey { + case os = "os" + case architecture = "architecture" + case variant = "variant" + } + + public func encode(to encoder: Encoder) throws { + var container = encoder.container(keyedBy: CodingKeys.self) + try container.encode(os, forKey: .os) + try container.encode(architecture, forKey: .architecture) + try container.encodeIfPresent(variant, forKey: .variant) + } + + public init(from decoder: Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let architecture = try container.decodeIfPresent(String.self, forKey: .architecture) + guard let architecture else { + throw ContainerizationError(.invalidArgument, message: "missing architecture") + } + let os = try container.decodeIfPresent(String.self, forKey: .os) + guard let os else { + throw ContainerizationError(.invalidArgument, message: "missing OS") + } + let variant = try container.decodeIfPresent(String.self, forKey: .variant) + self.init(arch: architecture, os: os, variant: variant) + } +} + +public func createPlatformMatcher(for platform: Platform?) -> @Sendable (Platform) -> Bool { + if let platform { + return { other in + platform == other + } + } + return { _ in + true + } +} + +public func filterPlatforms(matcher: (Platform) -> Bool, _ descriptors: [Descriptor]) throws -> [Descriptor] { + var outDescriptors: [Descriptor] = [] + for desc in descriptors { + guard let p = desc.platform else { + // pass along descriptor if the platform is not defined + outDescriptors.append(desc) + continue + } + if matcher(p) { + outDescriptors.append(desc) + } + } + return outDescriptors +} diff --git a/Sources/ContainerizationOCI/Reference.swift b/Sources/ContainerizationOCI/Reference.swift new file mode 100644 index 0000000..af5d25e --- /dev/null +++ b/Sources/ContainerizationOCI/Reference.swift @@ -0,0 +1,285 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation + +// nameTotalLengthMax matches the OCI distribution spec which allows up to 255 bytes for the +// repository name component (domain + "/" + path). +private let nameTotalLengthMax = 255 +// referenceTotalLengthMax is the upper bound for the full reference string: max name (255) + +// separator (1) + max tag length (128) = 384. +private let tagLengthMax = 128 +private let referenceTotalLengthMax = nameTotalLengthMax + 1 + tagLengthMax +private let legacyDockerRegistryHost = "docker.io" +private let dockerRegistryHost = "registry-1.docker.io" +private let defaultDockerRegistryRepo = "library" +private let defaultTag = "latest" + +/// A Reference is composed of the various parts of an OCI image reference. +/// For example: +/// let imageReference = "my-registry.com/repository/image:tag2" +/// let reference = Reference.parse(imageReference) +/// print(reference.domain!) // gives us "my-registry.com" +/// print(reference.name) // gives us "my-registry.com/repository/image" +/// print(reference.path) // gives us "repository/image" +/// print(reference.tag!) // gives us "tag2" +/// print(reference.digest) // gives us "nil" +public class Reference: CustomStringConvertible { + private var _domain: String? + public var domain: String? { + _domain + } + public var resolvedDomain: String? { + if let d = _domain { + return Self.resolveDomain(domain: d) + } + return nil + } + + private var _path: String + public var path: String { + _path + } + + private var _tag: String? + public var tag: String? { + _tag + } + + private var _digest: String? + public var digest: String? { + _digest + } + + public var name: String { + if let domain, !domain.isEmpty { + return "\(domain)/\(path)" + } + return path + } + + public var description: String { + if let tag { + return "\(name):\(tag)" + } + if let digest { + return "\(name)@\(digest)" + } + return name + } + + static let identifierPattern = "([a-f0-9]{64})" + + static let domainPattern = { + let domainNameComponent = "(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])" + let optionalPort = "(?::[0-9]+)?" + let ipv6address = "\\[(?:[a-fA-F0-9:]+)\\]" + let domainName = "\(domainNameComponent)(?:\\.\(domainNameComponent))*" + let host = "(?:\(domainName)|\(ipv6address))" + let domainAndPort = "\(host)\(optionalPort)" + return domainAndPort + }() + + static let pathPattern = "(?(?:[a-z0-9]+(?:[._]|__|-|/)?)*[a-z0-9]+)" + static let tagPattern = "(?::(?[\\w][\\w.-]{0,127}))?(?:@(?sha256:[0-9a-fA-F]{64}))?" + static let pathTagPattern = "\(pathPattern)\(tagPattern)" + + public init(path: String, domain: String? = nil, tag: String? = nil, digest: String? = nil) throws { + if let domain, !domain.isEmpty { + self._domain = domain + } + + self._path = path + self._tag = tag + self._digest = digest + } + + public static func parse(_ s: String) throws -> Reference { + if s.count > referenceTotalLengthMax { + throw ContainerizationError(.invalidArgument, message: "reference length \(s.count) greater than \(referenceTotalLengthMax)") + } + + let identifierRegex = try Regex(Self.identifierPattern) + guard try identifierRegex.wholeMatch(in: s) == nil else { + throw ContainerizationError(.invalidArgument, message: "cannot specify 64 byte hex string as reference") + } + + let (domain, remainder) = try Self.parseDomain(from: s) + let constructedRawReference: String = remainder + if let domain { + let domainRegex = try Regex(domainPattern) + guard try domainRegex.wholeMatch(in: domain) != nil else { + throw ContainerizationError(.invalidArgument, message: "invalid domain \(domain) for reference \(s)") + } + } + let fields = try constructedRawReference.matches(regex: pathTagPattern) + guard let path = fields["path"] else { + throw ContainerizationError(.invalidArgument, message: "cannot parse path for reference \(s)") + } + + let ref = try Reference(path: path, domain: domain) + if ref.name.count > nameTotalLengthMax { + throw ContainerizationError(.invalidArgument, message: "repo length \(ref.name.count) greater than \(nameTotalLengthMax)") + } + + // Extract tag and digest + let tag = fields["tag"] ?? "" + let digest = fields["digest"] ?? "" + + if !digest.isEmpty { + return try ref.withDigest(digest) + } else if !tag.isEmpty { + return try ref.withTag(tag) + } + return ref + } + + private static func parseDomain(from s: String) throws -> (domain: String?, remainder: String) { + var domain: String? = nil + var path: String = s + let charset = CharacterSet(charactersIn: ".:") + let splits = s.split(separator: "/", maxSplits: 1) + guard splits.count == 2 else { + if s.starts(with: "localhost") { + return (s, "") + } + return (nil, s) + } + let _domain = String(splits[0]) + let _path = String(splits[1]) + if _domain.starts(with: "localhost") || _domain.rangeOfCharacter(from: charset) != nil { + domain = _domain + path = _path + } + return (domain, path) + } + + public static func withName(_ name: String) throws -> Reference { + if name.count > nameTotalLengthMax { + throw ContainerizationError(.invalidArgument, message: "name length \(name.count) greater than \(nameTotalLengthMax)") + } + let fields = try name.matches(regex: Self.domainPattern) + // Extract domain and path + let domain = fields["domain"] ?? "" + let path = fields["path"] ?? "" + + if domain.isEmpty || path.isEmpty { + throw ContainerizationError(.invalidArgument, message: "image reference domain or path is empty") + } + + return try Reference(path: path, domain: domain) + } + + public func withTag(_ tag: String) throws -> Reference { + var tag = tag + if !tag.starts(with: ":") { + tag = ":" + tag + } + let fields = try tag.matches(regex: Self.tagPattern) + tag = fields["tag"] ?? "" + + if tag.isEmpty { + throw ContainerizationError(.invalidArgument, message: "invalid format for image reference, missing tag") + } + return try Reference(path: self.path, domain: self.domain, tag: tag) + } + + public func withDigest(_ digest: String) throws -> Reference { + var digest = digest + if !digest.starts(with: "@") { + digest = "@" + digest + } + let fields = try digest.matches(regex: Self.tagPattern) + digest = fields["digest"] ?? "" + + if digest.isEmpty { + throw ContainerizationError(.invalidArgument, message: "invalid format for image reference, missing digest") + } + return try Reference(path: self.path, domain: self.domain, digest: digest) + } + + private static func splitDomain(_ name: String) -> (domain: String, path: String) { + let parts = name.split(separator: "/") + guard parts.count == 2 else { + return ("", name) + } + return (String(parts[0]), String(parts[1])) + } + + /// Normalize the reference object. + /// Normalization is useful in cases where the reference object is to be used to + /// fetch/push an image from/to a remote registry. + /// It does the following: + /// - Adds a default tag of "latest" if the reference had no tag/digest set. + /// - If the domain is "registry-1.docker.io" or "docker.io" and the path has no repository set, + /// it adds a default "library/" repository name. + public func normalize() { + if let domain = self.domain, domain == dockerRegistryHost || domain == legacyDockerRegistryHost { + // Check if the image is being referenced by a named tag. + // If it is, and a repository is not specified, prefix it with "library/". + // This needs to be done only if we are using the Docker registry. + if !self.path.contains("/") { + self._path = "\(defaultDockerRegistryRepo)/\(self._path)" + } + } + let identifier = self._tag ?? self._digest + if identifier == nil { + // If the user did not specify a tag or a digest for the reference, set the tag to "latest". + self._tag = defaultTag + } + } + + public static func resolveDomain(domain: String) -> String { + if domain == legacyDockerRegistryHost { + return dockerRegistryHost + } + return domain + } +} + +extension String { + func matches(regex: String) throws -> [String: String] { + do { + let regex = try NSRegularExpression(pattern: regex, options: []) + let nsRange = NSRange(self.startIndex.. [String] { + let pattern = self.pattern + let regex = try NSRegularExpression(pattern: "\\(\\?<(\\w+)>", options: []) + let nsRange = NSRange(pattern.startIndex.. { + let (stream, cont) = AsyncStream.makeStream(of: Int32.self) + self.state.withLock { + $0.conts.append(cont) + } + cont.onTermination = { @Sendable _ in + self.cancel() + } + return stream + } + + /// Cancel every AsyncStream of signals, as well as the underlying + /// DispatchSignalSource's for each registered signal. + public func cancel() { + self.state.withLock { + if $0.conts.isEmpty { + return + } + + for cont in $0.conts { + cont.finish() + } + for source in $0.sources { + source.cancel() + } + $0.conts.removeAll() + $0.sources.removeAll() + } + } + + struct State: Sendable { + var conts: [AsyncStream.Continuation] = [] + // `sources` isn't used concurrently. + nonisolated(unsafe) var sources: [any DispatchSourceSignal] = [] + } + + // We keep a reference to the continuation object that is created for + // our AsyncStream and tell our signal handler to yield a value to it + // returning a value to the consumer + private func handler(_ sig: Int32) { + self.state.withLock { + for cont in $0.conts { + cont.yield(sig) + } + } + } + + private let state: Mutex = .init(State()) + + /// Create a new `AsyncSignalHandler` that catches all signals. + public static func catchAll() -> AsyncSignalHandler { + #if os(macOS) + let range = 1...31 + #else + let range = 1...64 + #endif + return create(notify: range.map { Int32($0) }) + } + + /// Create a new `AsyncSignalHandler` for the list of given signals `notify`. + /// The default signal handlers for these signals are removed and async handlers + /// added in their place. The async signal handlers that are installed simply + /// yield to a stream if and when a signal is caught. + public static func create(notify on: [Int32]) -> AsyncSignalHandler { + let out = AsyncSignalHandler() + var sources = [any DispatchSourceSignal]() + for sig in on { + signal(sig, SIG_IGN) + let source = DispatchSource.makeSignalSource(signal: sig) + source.setEventHandler { + out.handler(sig) + } + source.resume() + // Retain a reference to our signal sources so that they + // do not go out of scope. + sources.append(source) + } + out.state.withLock { $0.sources = sources } + return out + } +} diff --git a/Sources/ContainerizationOS/BinaryInteger+Extensions.swift b/Sources/ContainerizationOS/BinaryInteger+Extensions.swift new file mode 100644 index 0000000..59c813a --- /dev/null +++ b/Sources/ContainerizationOS/BinaryInteger+Extensions.swift @@ -0,0 +1,49 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +extension BinaryInteger { + private func toUnsignedMemoryAmount(_ amount: UInt64) -> UInt64 { + guard self >= 0 else { + fatalError("encountered negative number during conversion to memory amount") + } + let val = UInt64(self) + let (newVal, overflow) = val.multipliedReportingOverflow(by: amount) + guard !overflow else { + fatalError("UInt64 overflow when converting to memory amount") + } + return newVal + } + + public func kib() -> UInt64 { + self.toUnsignedMemoryAmount(1 << 10) + } + + public func mib() -> UInt64 { + self.toUnsignedMemoryAmount(1 << 20) + } + + public func gib() -> UInt64 { + self.toUnsignedMemoryAmount(1 << 30) + } + + public func tib() -> UInt64 { + self.toUnsignedMemoryAmount(1 << 40) + } + + public func pib() -> UInt64 { + self.toUnsignedMemoryAmount(1 << 50) + } +} diff --git a/Sources/ContainerizationOS/Command.swift b/Sources/ContainerizationOS/Command.swift new file mode 100644 index 0000000..63fbe7b --- /dev/null +++ b/Sources/ContainerizationOS/Command.swift @@ -0,0 +1,338 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CShim +import Foundation +import Synchronization + +#if canImport(Darwin) +import Darwin +private let _kill = Darwin.kill +#elseif canImport(Musl) +import Musl +private let _kill = Musl.kill +#elseif canImport(Glibc) +import Glibc +private let _kill = Glibc.kill +#endif + +/// Use a command to run an executable. +public struct Command: Sendable { + /// Path to the executable binary. + public var executable: String + /// Arguments provided to the binary. + public var arguments: [String] + /// Environment variables for the process. + public var environment: [String] + /// The directory where the process should execute. + public var directory: String? + /// Additional files to pass to the process. + public var extraFiles: [FileHandle] + /// The standard input. + public var stdin: FileHandle? + /// The standard output. + public var stdout: FileHandle? + /// The standard error. + public var stderr: FileHandle? + + private let state: State + + /// System level attributes to set on the process. + public struct Attrs: Sendable { + /// Set pgroup for the new process. + public var setPGroup: Bool + /// Make the new process group the foreground process group (requires setPGroup). + public var setForegroundPGroup: Bool + /// Inherit the real uid/gid of the parent. + public var resetIDs: Bool + /// Reset the child's signal handlers to the default. + public var setSignalDefault: Bool + /// The initial signal mask for the process. + public var signalMask: UInt32 + /// Create a new session for the process. + public var setsid: Bool + /// Set the controlling terminal for the process to fd 0. + public var setctty: Bool + /// Set the process user ID. + public var uid: UInt32? + /// Set the process group ID. + public var gid: UInt32? + /// Signal to send when parent process dies (Linux only). + public var pdeathSignal: Int32? + + public init( + setPGroup: Bool = false, + setForegroundPGroup: Bool = false, + resetIDs: Bool = false, + setSignalDefault: Bool = true, + signalMask: UInt32 = 0, + setsid: Bool = false, + setctty: Bool = false, + uid: UInt32? = nil, + gid: UInt32? = nil, + pdeathSignal: Int32? = nil + ) { + self.setPGroup = setPGroup + self.setForegroundPGroup = setForegroundPGroup + self.resetIDs = resetIDs + self.setSignalDefault = setSignalDefault + self.signalMask = signalMask + self.setsid = setsid + self.setctty = setctty + self.uid = uid + self.gid = gid + self.pdeathSignal = pdeathSignal + } + } + + private final class State: Sendable { + let pid: Atomic = Atomic(-1) + } + + /// Attributes to set on the process. + public var attrs = Attrs() + + /// System level process identifier. + public var pid: Int32 { self.state.pid.load(ordering: .acquiring) } + + public init( + _ executable: String, + arguments: [String] = [], + environment: [String] = environment(), + directory: String? = nil, + extraFiles: [FileHandle] = [] + ) { + self.executable = executable + self.arguments = arguments + self.environment = environment + self.extraFiles = extraFiles + self.directory = directory + self.state = State() + } + + public static func environment() -> [String] { + ProcessInfo.processInfo.environment + .map { "\($0)=\($1)" } + } +} + +extension Command { + public enum Error: Swift.Error, CustomStringConvertible { + case processRunning + + public var description: String { + switch self { + case .processRunning: + return "the process is already running" + } + } + } +} + +extension Command { + @discardableResult + public func kill(_ signal: Int32) -> Int32? { + let pid = self.pid + guard pid > 0 else { + return nil + } + return _kill(pid, signal) + } +} + +extension Command { + /// Start the process. + public func start() throws { + guard self.pid == -1 else { + throw Error.processRunning + } + let child = try execute() + self.state.pid.store(child, ordering: .releasing) + } + + /// Wait for the process to exit and return the exit status. + @discardableResult + public func wait() throws -> Int32 { + var rus = rusage() + var ws = Int32() + + let pid = self.pid + guard pid > 0 else { + return -1 + } + + let result = wait4(pid, &ws, 0, &rus) + guard result == pid else { + throw POSIXError(.init(rawValue: errno)!) + } + return Self.toExitStatus(ws) + } + + private func execute() throws -> pid_t { + var attrs = exec_command_attrs() + exec_command_attrs_init(&attrs) + + let set = try createFileset() + defer { + for nullHandle in set.nullHandles { + try? nullHandle.close() + } + } + var fds = [Int32](repeating: 0, count: set.handles.count) + for (i, handle) in set.handles.enumerated() { + fds[i] = handle.fileDescriptor + } + + attrs.setsid = self.attrs.setsid ? 1 : 0 + attrs.setctty = self.attrs.setctty ? 1 : 0 + attrs.setpgid = self.attrs.setPGroup ? 1 : 0 + attrs.setfgpgrp = self.attrs.setForegroundPGroup ? 1 : 0 + + var cwdPath: UnsafeMutablePointer? + if let chdir = self.directory { + cwdPath = strdup(chdir) + } + defer { + if let cwdPath { + free(cwdPath) + } + } + + if let uid = self.attrs.uid { + attrs.uid = uid + } + if let gid = self.attrs.gid { + attrs.gid = gid + } + + if let pdeathSignal = self.attrs.pdeathSignal { + attrs.pdeathSignal = pdeathSignal + } + + var pid: pid_t = 0 + var argv = ([executable] + arguments).map { strdup($0) } + [nil] + defer { + for arg in argv where arg != nil { + free(arg) + } + } + + let env = environment.map { strdup($0) } + [nil] + defer { + for e in env where e != nil { + free(e) + } + } + + let result = fds.withUnsafeBufferPointer { file_handles in + exec_command( + &pid, + argv[0], + &argv, + env, + file_handles.baseAddress!, Int32(file_handles.count), + cwdPath ?? nil, + &attrs) + } + guard result == 0 else { + throw POSIXError(.init(rawValue: errno)!) + } + + return pid + } + + /// Create a posix_spawn file actions set of fds to pass to the new process + private func createFileset() throws -> (nullHandles: [FileHandle], handles: [FileHandle]) { + // grab dev null handles for different purposes + let nullRead = try openDevNull(flags: O_RDONLY) + let nullWrite = try openDevNull(flags: O_WRONLY) + var files = [FileHandle]() + files.append(stdin ?? nullRead) + files.append(stdout ?? nullWrite) + files.append(stderr ?? nullWrite) + files.append(contentsOf: extraFiles) + return (nullHandles: [nullRead, nullWrite], handles: files) + } + + /// Returns a file handle to /dev/null with the specified flags. + private func openDevNull(flags: Int32) throws -> FileHandle { + let fd = open("/dev/null", flags, 0) + guard fd >= 0 else { + throw POSIXError(.init(rawValue: errno)!) + } + return FileHandle(fileDescriptor: fd, closeOnDealloc: false) + } +} + +extension Command { + private static let signalOffset: Int32 = 128 + + private static let shift: Int32 = 8 + private static let mask: Int32 = 0x7F + private static let stopped: Int32 = 0x7F + private static let exited: Int32 = 0x00 + + static func signaled(_ ws: Int32) -> Bool { + ws & mask != stopped && ws & mask != exited + } + + static func exited(_ ws: Int32) -> Bool { + ws & mask == exited + } + + static func exitStatus(_ ws: Int32) -> Int32 { + let r: Int32 + #if os(Linux) + r = ws >> shift & 0xFF + #else + r = ws >> shift + #endif + return r + } + + public static func toExitStatus(_ ws: Int32) -> Int32 { + if signaled(ws) { + // We use the offset as that is how existing container + // runtimes minic bash for the status when signaled. + return Int32(Self.signalOffset + ws & mask) + } + if exited(ws) { + return exitStatus(ws) + } + return ws + } + +} + +private func WIFEXITED(_ status: Int32) -> Bool { + _WSTATUS(status) == 0 +} + +private func _WSTATUS(_ status: Int32) -> Int32 { + status & 0x7f +} + +private func WIFSIGNALED(_ status: Int32) -> Bool { + (_WSTATUS(status) != 0) && (_WSTATUS(status) != 0x7f) +} + +private func WEXITSTATUS(_ status: Int32) -> Int32 { + (status >> 8) & 0xff +} + +private func WTERMSIG(_ status: Int32) -> Int32 { + status & 0x7f +} diff --git a/Sources/ContainerizationOS/File.swift b/Sources/ContainerizationOS/File.swift new file mode 100644 index 0000000..25cd05e --- /dev/null +++ b/Sources/ContainerizationOS/File.swift @@ -0,0 +1,144 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#endif + +#if canImport(FoundationEssentials) +import struct FoundationEssentials.URL +#else +import struct Foundation.URL +#endif + +/// Trivial type to discover information about a given file (uid, gid, mode...). +public struct File: Sendable { + /// `File` errors. + public enum Error: Swift.Error, CustomStringConvertible { + case errno(_ e: Int32) + + public var description: String { + switch self { + case .errno(let code): + return "errno \(code)" + } + } + } + + /// Returns a `FileInfo` struct with information about the file. + /// - Parameters: + /// - url: The path to the file. + public static func info(_ url: URL) throws -> FileInfo { + try info(url.path) + } + + /// Returns a `FileInfo` struct with information about the file. + /// - Parameters: + /// - path: The path to the file as a string. + public static func info(_ path: String) throws -> FileInfo { + var st = stat() + guard lstat(path, &st) == 0 else { + throw Error.errno(errno) + } + return FileInfo(path, stat: st) + } +} + +/// `FileInfo` holds and provides easy access to stat(2) data +/// for a file. +public struct FileInfo: Sendable { + private let _stat_t: stat + private let _path: String + + init(_ path: String, stat: stat) { + self._path = path + self._stat_t = stat + } + + /// mode_t for the file. + public var mode: mode_t { + self._stat_t.st_mode + } + + /// The files uid. + public var uid: Int { + Int(self._stat_t.st_uid) + } + + /// The files gid. + public var gid: Int { + Int(self._stat_t.st_gid) + } + + /// The filesystem ID the file belongs to. + public var dev: Int { + Int(self._stat_t.st_dev) + } + + /// The files inode number. + public var ino: Int { + Int(self._stat_t.st_ino) + } + + /// The size of the file. + public var size: Int { + Int(self._stat_t.st_size) + } + + /// The path to the file. + public var path: String { + self._path + } + + /// Returns if the file is a directory. + public var isDirectory: Bool { + mode & S_IFMT == S_IFDIR + } + + /// Returns if the file is a pipe. + public var isPipe: Bool { + mode & S_IFMT == S_IFIFO + } + + /// Returns if the file is a socket. + public var isSocket: Bool { + mode & S_IFMT == S_IFSOCK + } + + /// Returns if the file is a link. + public var isLink: Bool { + mode & S_IFMT == S_IFLNK + } + + /// Returns if the file is a regular file. + public var isRegularFile: Bool { + mode & S_IFMT == S_IFREG + } + + /// Returns if the file is a block device. + public var isBlock: Bool { + mode & S_IFMT == S_IFBLK + } + + /// Returns if the file is a character device. + public var isChar: Bool { + mode & S_IFMT == S_IFCHR + } +} diff --git a/Sources/ContainerizationOS/FileDescriptorOps.swift b/Sources/ContainerizationOS/FileDescriptorOps.swift new file mode 100644 index 0000000..4ade9a5 --- /dev/null +++ b/Sources/ContainerizationOS/FileDescriptorOps.swift @@ -0,0 +1,346 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import SystemPackage + +#if canImport(Darwin) +import Darwin +private let os_dup = Darwin.dup +private let os_S_IFMT = mode_t(Darwin.S_IFMT) +private let os_S_IFREG = mode_t(Darwin.S_IFREG) +private let os_S_IFDIR = mode_t(Darwin.S_IFDIR) +private let os_S_IFLNK = mode_t(Darwin.S_IFLNK) +#elseif canImport(Musl) +import CSystem +import Musl +private let os_dup = Musl.dup +private let os_S_IFMT = Musl.S_IFMT +private let os_S_IFREG = Musl.S_IFREG +private let os_S_IFDIR = Musl.S_IFDIR +private let os_S_IFLNK = Musl.S_IFLNK +#elseif canImport(Glibc) +import Glibc +private let os_dup = Glibc.dup +private let os_S_IFMT = mode_t(Glibc.S_IFMT) +private let os_S_IFREG = mode_t(Glibc.S_IFREG) +private let os_S_IFDIR = mode_t(Glibc.S_IFDIR) +private let os_S_IFLNK = mode_t(Glibc.S_IFLNK) +#endif + +/// Static utility functions for secure, symlink-safe filesystem operations +/// anchored to a file descriptor. +/// +/// All operations use `openat`/`mkdirat`/`unlinkat` anchored to the supplied +/// file descriptor, preventing path traversal and TOCTOU races. The type is +/// never instantiated; it exists solely as a namespace. +public enum FileDescriptorOps { + + // MARK: - Nested types + + public enum Error: Swift.Error, CustomStringConvertible, Equatable { + case invalidRelativePath + case invalidPathComponent + case cannotFollowSymlink + case systemError(String, Int32) + + public var description: String { + switch self { + case .invalidRelativePath: + return "invalid relative path supplied to file descriptor operation" + case .invalidPathComponent: + return "an intermediate path component is missing or is not a directory" + case .cannotFollowSymlink: + return "cannot follow a symlink in a file descriptor operation" + case .systemError(let operation, let err): + return "\(operation) returned error: \(err)" + } + } + } + + /// The type of a directory entry yielded by ``enumerate(_:_:)``. + public enum EntryType: Sendable, Equatable { + /// A regular file. + case regular + /// A directory. The entry is recursed into; symlinks to directories are + /// reported as `.symlink` and are never recursed. + case directory + /// A symbolic link (to a file or directory). + case symlink + /// Any other entry type (device node, named pipe, socket, etc.). + case other + } + + // MARK: - Public API + + /// Creates a directory relative to `fd`, rejecting paths that traverse symlinks. + /// + /// - Parameters: + /// - fd: An open file descriptor for the parent directory. + /// - relativePath: The path to create, relative to `fd`. + /// - permissions: The permissions to give the directory (default 0o755). + /// - makeIntermediates: Create or replace intermediate components as needed. + /// - completion: A function that operates on the new directory fd. + /// - Throws: `FileDescriptorOps.Error` if path validation or system errors occur. + public static func mkdir( + _ fd: FileDescriptor, + _ relativePath: FilePath, + permissions: FilePermissions? = nil, + makeIntermediates: Bool = false, + completion: (FileDescriptor) throws -> Void = { _ in } + ) throws { + try validateRelativePath(relativePath) + try mkdir( + fd, + relativePath.components, + permissions: permissions, + makeIntermediates: makeIntermediates, + completion: completion + ) + } + + /// Recursively removes a direct child of the directory at `fd`. + /// + /// - Parameters: + /// - fd: An open file descriptor for the parent directory. + /// - filename: The name of the child to remove. + /// - Throws: `FileDescriptorOps.Error` if system errors occur. + public static func unlinkRecursive(_ fd: FileDescriptor, filename: FilePath.Component) throws { + guard filename.string != "." && filename.string != ".." else { + return + } + + guard unlinkat(fd.rawValue, filename.string, 0) != 0 else { + return + } + + guard errno != ENOENT else { + return + } + + guard errno == EPERM || errno == EISDIR else { + throw Error.systemError("file removal during file descriptor unlink", errno) + } + + let componentFd = openat(fd.rawValue, filename.string, O_NOFOLLOW | O_RDONLY | O_DIRECTORY) + guard componentFd >= 0 else { + throw Error.systemError("directory open during file descriptor unlink", errno) + } + let componentFileDescriptor = FileDescriptor(rawValue: componentFd) + defer { try? componentFileDescriptor.close() } + + // Open the directory stream using a duplicate fd that closedir() will close. + let ownedFd = os_dup(componentFd) + guard let dir = fdopendir(ownedFd) else { + throw Error.systemError("directory opendir during file descriptor unlink", errno) + } + defer { closedir(dir) } + + while let entry = readdir(dir) { + let childComponent = withUnsafePointer(to: entry.pointee.d_name) { + $0.withMemoryRebound(to: UInt8.self, capacity: Int(NAME_MAX) + 1) { + let name = String(decodingCString: $0, as: UTF8.self) + return FilePath.Component(name) + } + } + guard let childComponent else { + throw Error.systemError("directory entry processing during file descriptor unlink", errno) + } + try unlinkRecursive(componentFileDescriptor, filename: childComponent) + } + + if unlinkat(fd.rawValue, filename.string, AT_REMOVEDIR) != 0 { + throw Error.systemError("directory removal during file descriptor unlink", errno) + } + } + + /// Recursively enumerates the contents of `fd` without following symbolic links. + /// + /// Each entry — file, directory, symlink, or other type — is reported to + /// `body` with a path relative to `fd`. Directories are reported before their + /// contents (pre-order) and then recursed. A symlink whose target is a directory + /// is reported as `.symlink` and is never followed, so traversal cannot escape + /// the tree rooted at `fd` regardless of where symlinks point. + /// + /// `fd` must be an open file descriptor for a directory. + /// + /// - Parameters: + /// - fd: An open file descriptor for the root directory to enumerate. + /// - body: Called once per entry. `path` is relative to `fd`; `type` + /// identifies the kind of entry; `parentFd` is the open file descriptor + /// for the directory that contains the entry. The last component of `path` + /// is the entry's filename; together with `parentFd` it allows the body to + /// open the entry via + /// `openat(parentFd.rawValue, path.lastComponent!.string, O_NOFOLLOW …)` + /// without reconstructing an absolute path, preserving the TOCTOU safety + /// of the traversal end-to-end. `parentFd` must not be closed within the + /// body call, or used after the call returns. Throw to abort. + /// - Throws: `FileDescriptorOps.Error` on system errors; any error thrown by + /// `body` is propagated unchanged. + public static func enumerate( + _ fd: FileDescriptor, + _ body: (_ path: FilePath, _ type: EntryType, _ parentFd: FileDescriptor) throws -> Void + ) throws { + try enumerateHelper(fd, relativePath: FilePath(""), body: body) + } + + // MARK: - Canonical path + + #if canImport(Darwin) + /// Returns the canonical path for `fd` using `F_GETPATH`. + public static func getCanonicalPath(_ fd: FileDescriptor) throws -> FilePath { + var buffer = [CChar](repeating: 0, count: Int(PATH_MAX)) + guard fcntl(fd.rawValue, F_GETPATH, &buffer) != -1 else { + throw Errno(rawValue: errno) + } + let bytes = buffer.prefix { $0 != 0 }.map { UInt8(bitPattern: $0) } + return FilePath(String(decoding: bytes, as: UTF8.self)) + } + #elseif canImport(Glibc) || canImport(Musl) + /// Returns the canonical path for `fd` via `/proc/self/fd`. + public static func getCanonicalPath(_ fd: FileDescriptor) throws -> FilePath { + let fdPath = "/proc/self/fd/\(fd.rawValue)" + var buffer = [CChar](repeating: 0, count: 4096) + let len = readlink(fdPath, &buffer, buffer.count - 1) + guard len > 0 else { + throw Error.systemError("readlink", errno) + } + let bytes = buffer.prefix(len).map { UInt8(bitPattern: $0) } + return FilePath(String(decoding: bytes, as: UTF8.self)) + } + #endif + + // MARK: - Private helpers + + private static func mkdir( + _ fd: FileDescriptor, + _ relativeComponents: FilePath.ComponentView, + permissions: FilePermissions? = nil, + makeIntermediates: Bool, + completion: (FileDescriptor) throws -> Void + ) throws { + guard let currentComponent = relativeComponents.first else { + try completion(fd) + return + } + let childComponents = FilePath.ComponentView(relativeComponents.dropFirst()) + + var componentFd = openat(fd.rawValue, currentComponent.string, O_NOFOLLOW | O_RDONLY | O_DIRECTORY) + if componentFd < 0 { + guard makeIntermediates || childComponents.isEmpty else { + throw Error.invalidPathComponent + } + if errno != ENOENT { + try unlinkRecursive(fd, filename: currentComponent) + } + + guard mkdirat(fd.rawValue, currentComponent.string, permissions?.rawValue ?? 0o755) == 0 else { + throw Error.systemError("directory creation during file descriptor mkdir", errno) + } + + componentFd = openat(fd.rawValue, currentComponent.string, O_NOFOLLOW | O_RDONLY | O_DIRECTORY) + guard componentFd >= 0 else { + throw Error.systemError("directory open during file descriptor mkdir", errno) + } + } + + let componentFileDescriptor = FileDescriptor(rawValue: componentFd) + defer { try? componentFileDescriptor.close() } + + guard !childComponents.isEmpty else { + try completion(componentFileDescriptor) + return + } + + try mkdir( + componentFileDescriptor, childComponents, + permissions: permissions, makeIntermediates: makeIntermediates, completion: completion) + } + + private static func enumerateHelper( + _ fd: FileDescriptor, + relativePath: FilePath, + body: (_ path: FilePath, _ type: EntryType, _ parentFd: FileDescriptor) throws -> Void + ) throws { + // fdopendir takes ownership of the fd passed to it and closes it via + // closedir. Duplicate so the caller's fd remains open. + let dupFd = os_dup(fd.rawValue) + guard dupFd >= 0 else { + throw Error.systemError("dup during file descriptor enumerate", errno) + } + guard let dir = fdopendir(dupFd) else { + let savedErrno = errno + try? FileDescriptor(rawValue: dupFd).close() + throw Error.systemError("fdopendir during file descriptor enumerate", savedErrno) + } + defer { closedir(dir) } + + while let entry = readdir(dir) { + let name = withUnsafePointer(to: entry.pointee.d_name) { + $0.withMemoryRebound(to: UInt8.self, capacity: Int(NAME_MAX) + 1) { + String(decodingCString: $0, as: UTF8.self) + } + } + guard name != "." && name != ".." else { continue } + guard let component = FilePath.Component(name) else { continue } + + let entryPath = relativePath.appending(component) + let entryType = resolveEntryType(parentFd: fd.rawValue, name: name, dtype: entry.pointee.d_type) + + // Pass fd (the parent directory) so the body can use + // openat(parentFd.rawValue, path.lastComponent!.string, O_NOFOLLOW …) + // rather than reconstructing an absolute path, keeping the fd chain unbroken. + try body(entryPath, entryType, fd) + + guard entryType == .directory else { continue } + + // Open the child directory with O_NOFOLLOW to guarantee we are + // entering a real directory and not a symlink that was swapped in + // between readdir and here. + let childFd = openat(fd.rawValue, name, O_NOFOLLOW | O_RDONLY | O_DIRECTORY) + guard childFd >= 0 else { + throw Error.systemError("openat during file descriptor enumerate", errno) + } + let childDescriptor = FileDescriptor(rawValue: childFd) + defer { try? childDescriptor.close() } + try enumerateHelper(childDescriptor, relativePath: entryPath, body: body) + } + } + + private static func resolveEntryType(parentFd: Int32, name: String, dtype: UInt8) -> EntryType { + switch dtype { + case UInt8(DT_REG): return .regular + case UInt8(DT_DIR): return .directory + case UInt8(DT_LNK): return .symlink + case UInt8(DT_UNKNOWN): + // Some filesystems (NFS, ext2/3) report DT_UNKNOWN; fall back to fstatat. + var stbuf = stat() + guard fstatat(parentFd, name, &stbuf, AT_SYMLINK_NOFOLLOW) == 0 else { return .other } + switch stbuf.st_mode & os_S_IFMT { + case os_S_IFREG: return .regular + case os_S_IFDIR: return .directory + case os_S_IFLNK: return .symlink + default: return .other + } + default: return .other + } + } + + private static func validateRelativePath(_ path: FilePath) throws { + guard !(path.components.contains { $0 == ".." }) else { + throw Error.invalidRelativePath + } + } +} diff --git a/Sources/ContainerizationOS/FilePathOps.swift b/Sources/ContainerizationOS/FilePathOps.swift new file mode 100644 index 0000000..7dbc14a --- /dev/null +++ b/Sources/ContainerizationOS/FilePathOps.swift @@ -0,0 +1,38 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage + +/// Static utility functions for path operations. +/// +/// The type is never instantiated; it exists solely as a namespace. +public enum FilePathOps { + /// Returns an absolute version of `path`. + /// + /// This is a purely lexical operation: it does not resolve symlinks, + /// perform tilde expansion, and does not access the file system. If `path` + /// is already absolute, this returns `path` unchanged. + public static func absolutePath(_ path: FilePath) -> FilePath { + guard !path.isAbsolute else { + return path + } + + return FilePath(FileManager.default.currentDirectoryPath) + .appending(path.components) + .lexicallyNormalized() + } +} diff --git a/Sources/ContainerizationOS/Keychain/KeychainQuery.swift b/Sources/ContainerizationOS/Keychain/KeychainQuery.swift new file mode 100644 index 0000000..0c45df9 --- /dev/null +++ b/Sources/ContainerizationOS/Keychain/KeychainQuery.swift @@ -0,0 +1,243 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// Holds the result of a query to the keychain. +public struct KeychainQueryResult { + public var username: String + public var password: String + public var modifiedDate: Date + public var createdDate: Date +} + +/// Type that facilitates interacting with the macOS keychain. +public struct KeychainQuery { + public init() {} + + /// Save a value to the keychain. + /// - Parameters: + /// - securityDomain: The security domain used to fetch keychain entries. + /// - accessGroup: If present, the access group used to fetch keychain entries. + /// - hostname: The hostname for the authenticating server. + /// - username: The username to present to the server. + /// - password: The password to present to the server. + /// - Throws: An error if the keychain query fails or returns unexpected data. + public func save( + securityDomain: String, + accessGroup: String? = nil, + hostname: String, + username: String, + password: String + ) throws { + if try exists(securityDomain: securityDomain, accessGroup: accessGroup, hostname: hostname) { + try delete(securityDomain: securityDomain, accessGroup: accessGroup, hostname: hostname) + } + + guard let passwordEncoded = password.data(using: String.Encoding.utf8) else { + throw Self.Error.invalidPasswordConversion + } + var query: [String: Any] = [ + kSecClass as String: kSecClassInternetPassword, + kSecAttrSecurityDomain as String: securityDomain, + kSecAttrServer as String: hostname, + kSecAttrAccount as String: username, + kSecValueData as String: passwordEncoded, + kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlock, + kSecAttrSynchronizable as String: false, + ] + if let accessGroup { + query[kSecAttrAccessGroup as String] = accessGroup + } + + let status = SecItemAdd(query as CFDictionary, nil) + guard status == errSecSuccess else { throw Self.Error.unhandledError(status: status) } + } + + /// Delete a value from the keychain. + /// - Parameters: + /// - securityDomain: The security domain used to fetch keychain entries. + /// - accessGroup: If present, the access group used to fetch keychain entries. + /// - hostname: The hostname for the authenticating server. + /// - Throws: An error if the keychain query fails or returns unexpected data. + public func delete(securityDomain: String, accessGroup: String? = nil, hostname: String) throws { + var query: [String: Any] = [ + kSecClass as String: kSecClassInternetPassword, + kSecAttrSecurityDomain as String: securityDomain, + kSecAttrServer as String: hostname, + kSecMatchLimit as String: kSecMatchLimitOne, + ] + if let accessGroup { + query[kSecAttrAccessGroup as String] = accessGroup + } + let status = SecItemDelete(query as CFDictionary) + guard status == errSecSuccess || status == errSecItemNotFound else { + throw Self.Error.unhandledError(status: status) + } + } + + /// Retrieve a value from the keychain. + /// - Parameters: + /// - securityDomain: The security domain used to fetch keychain entries. + /// - accessGroup: If present, the access group used to fetch keychain entries. + /// - hostname: The hostname for the authenticating server. + /// - Returns: The keychain entry. + /// - Throws: An error if the keychain query fails or returns unexpected data. + public func get(securityDomain: String, accessGroup: String? = nil, hostname: String) throws -> KeychainQueryResult? { + var query: [String: Any] = [ + kSecClass as String: kSecClassInternetPassword, + kSecAttrSecurityDomain as String: securityDomain, + kSecAttrServer as String: hostname, + kSecReturnAttributes as String: true, + kSecMatchLimit as String: kSecMatchLimitOne, + kSecReturnData as String: true, + ] + if let accessGroup { + query[kSecAttrAccessGroup as String] = accessGroup + } + var item: CFTypeRef? + let status = SecItemCopyMatching(query as CFDictionary, &item) + let exists = try isQuerySuccessful(status) + if !exists { + return nil + } + + guard let fetched = item as? [String: Any] else { + throw Self.Error.unexpectedDataFetched + } + guard let data = fetched[kSecValueData as String] as? Data else { + throw Self.Error.keyNotPresent(key: kSecValueData as String) + } + guard let password = String(data: data, encoding: String.Encoding.utf8) else { + throw Self.Error.unexpectedDataFetched + } + guard let username = fetched[kSecAttrAccount as String] as? String else { + throw Self.Error.keyNotPresent(key: kSecAttrAccount as String) + } + guard let modifiedDate = fetched[kSecAttrModificationDate as String] as? Date else { + throw Self.Error.keyNotPresent(key: kSecAttrModificationDate as String) + } + guard let createdDate = fetched[kSecAttrCreationDate as String] as? Date else { + throw Self.Error.keyNotPresent(key: kSecAttrCreationDate as String) + } + return KeychainQueryResult( + username: username, + password: password, + modifiedDate: modifiedDate, + createdDate: createdDate + ) + } + + /// List all keychain entries for a domain. + /// - Parameters: + /// - securityDomain: The security domain used to fetch keychain entries. + /// - accessGroup: If present, the access group used to fetch keychain entries. + /// - Returns: An array of keychain metadata for each matching entry, or an empty array if none are found. + /// - Throws: An error if the keychain query fails or returns unexpected data. + public func list(securityDomain: String, accessGroup: String? = nil) throws -> [RegistryInfo] { + var query: [String: Any] = [ + kSecClass as String: kSecClassInternetPassword, + kSecAttrSecurityDomain as String: securityDomain, + kSecReturnAttributes as String: true, + kSecReturnData as String: false, + kSecMatchLimit as String: kSecMatchLimitAll, + ] + if let accessGroup { + query[kSecAttrAccessGroup as String] = accessGroup + } + var item: CFTypeRef? + let status = SecItemCopyMatching(query as CFDictionary, &item) + let exists = try isQuerySuccessful(status) + if !exists { + return [] + } + + guard let fetched = item as? [[String: Any]] else { + throw Self.Error.unexpectedDataFetched + } + + return try fetched.map { registry in + guard let hostname = registry[kSecAttrServer as String] as? String else { + throw Self.Error.keyNotPresent(key: kSecAttrServer as String) + } + guard let username = registry[kSecAttrAccount as String] as? String else { + throw Self.Error.keyNotPresent(key: kSecAttrAccount as String) + } + guard let modifiedDate = registry[kSecAttrModificationDate as String] as? Date else { + throw Self.Error.keyNotPresent(key: kSecAttrModificationDate as String) + } + guard let createdDate = registry[kSecAttrCreationDate as String] as? Date else { + throw Self.Error.keyNotPresent(key: kSecAttrCreationDate as String) + } + + return RegistryInfo( + hostname: hostname, + username: username, + modifiedDate: modifiedDate, + createdDate: createdDate + ) + } + } + + /// Check if a value exists in the keychain. + /// - Parameters: + /// - securityDomain: The security domain used to fetch keychain entries. + /// - accessGroup: If present, the access group used to fetch keychain entries. + /// - hostname: The hostname for the authenticating server. + /// - Returns: `true` if the entry exists, `false` otherwise. + /// - Throws: An error if the keychain query fails. + public func exists(securityDomain: String, accessGroup: String? = nil, hostname: String) throws -> Bool { + var query: [String: Any] = [ + kSecClass as String: kSecClassInternetPassword, + kSecAttrSecurityDomain as String: securityDomain, + kSecAttrServer as String: hostname, + kSecReturnAttributes as String: true, + kSecMatchLimit as String: kSecMatchLimitOne, + kSecReturnData as String: false, + ] + if let accessGroup { + query[kSecAttrAccessGroup as String] = accessGroup + } + + let status = SecItemCopyMatching(query as CFDictionary, nil) + return try isQuerySuccessful(status) + } + + private func isQuerySuccessful(_ status: Int32) throws -> Bool { + guard status != errSecItemNotFound else { + return false + } + guard status == errSecSuccess else { + throw Self.Error.unhandledError(status: status) + } + return true + } +} + +extension KeychainQuery { + public enum Error: Swift.Error { + case unhandledError(status: Int32) + case unexpectedDataFetched + case keyNotPresent(key: String) + case invalidPasswordConversion + } +} +#endif diff --git a/Sources/ContainerizationOS/Keychain/RegistryInfo.swift b/Sources/ContainerizationOS/Keychain/RegistryInfo.swift new file mode 100644 index 0000000..d81bd0d --- /dev/null +++ b/Sources/ContainerizationOS/Keychain/RegistryInfo.swift @@ -0,0 +1,33 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// Holds the stored attributes for a registry. +public struct RegistryInfo: Sendable { + /// The registry host as a domain name with an optional port. + public var hostname: String + /// The username used to authenticate with the registry. + public var username: String + /// The date the registry was last modified. + public let modifiedDate: Date + /// The date the registry was created. + public let createdDate: Date +} diff --git a/Sources/ContainerizationOS/Linux/Binfmt.swift b/Sources/ContainerizationOS/Linux/Binfmt.swift new file mode 100644 index 0000000..e065f7d --- /dev/null +++ b/Sources/ContainerizationOS/Linux/Binfmt.swift @@ -0,0 +1,109 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +#if canImport(Musl) +import Musl +private let _mount = Musl.mount +#elseif canImport(Glibc) +import Glibc +private let _mount = Glibc.mount +#endif + +/// `Binfmt` is a utility type that contains static helpers and types for +/// mounting the Linux binfmt_misc filesystem, and creating new binfmt entries. +public struct Binfmt: Sendable { + /// Default mount path for binfmt_misc. + public static let path = "/proc/sys/fs/binfmt_misc" + + /// Entry models a binfmt_misc entry. + /// https://docs.kernel.org/admin-guide/binfmt-misc.html + public struct Entry { + public var name: String + public var type: String + public var offset: String + public var magic: String + public var mask: String + public var flags: String + + public init( + name: String, + type: String = "M", + offset: String = "", + magic: String, + mask: String, + flags: String = "CF" + ) { + self.name = name + self.type = type + self.offset = offset + self.magic = magic + self.mask = mask + self.flags = flags + } + + /// Returns a binfmt `Entry` for amd64 ELF binaries. + public static func amd64() -> Self { + Binfmt.Entry( + name: "x86_64", + magic: #"\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00"#, + mask: #"\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff"# + ) + } + + #if os(Linux) + /// Register the passed in `binaryPath` as the interpreter for a new binfmt_misc entry. + public func register(binaryPath: String) throws { + let registration = ":\(self.name):\(self.type):\(self.offset):\(self.magic):\(self.mask):\(binaryPath):\(self.flags)" + + try registration.write( + to: URL(fileURLWithPath: Binfmt.path).appendingPathComponent("register"), + atomically: false, + encoding: .ascii + ) + } + + /// Deregister the binfmt_misc entry described by the current object. + public func deregister() throws { + let data = "-1" + try data.write( + to: URL(fileURLWithPath: Binfmt.path).appendingPathComponent(self.name), + atomically: false, + encoding: .ascii + ) + } + #endif // os(Linux) + } + + #if os(Linux) + /// Crude check to see if /proc/sys/fs/binfmt_misc/register exists. + public static func mounted() -> Bool { + FileManager.default.fileExists(atPath: "\(Self.path)/register") + } + + /// Mount the binfmt_misc filesystem. + public static func mount() throws { + guard _mount("binfmt_misc", Self.path, "binfmt_misc", 0, "") == 0 else { + throw POSIXError.fromErrno() + } + } + #endif // os(Linux) +} diff --git a/Sources/ContainerizationOS/Linux/Capabilities.swift b/Sources/ContainerizationOS/Linux/Capabilities.swift new file mode 100644 index 0000000..651d8b0 --- /dev/null +++ b/Sources/ContainerizationOS/Linux/Capabilities.swift @@ -0,0 +1,670 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CShim + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +// MARK: - Configuration Types + +public enum CapabilityParsingError: Swift.Error, CustomStringConvertible { + case invalidCapabilitySet(String) + case invalidCapabilityName(String) + + public var description: String { + switch self { + case .invalidCapabilitySet(let value): + return "invalid CapabilitySet value '\(value)'" + case .invalidCapabilityName(let value): + return "invalid CapabilityName '\(value)'" + } + } +} + +public struct CapabilitySet: Sendable, Hashable { + private enum Value: Hashable, Sendable, CaseIterable { + case bounding + case effective + case inheritable + case permitted + case ambient + } + + private var value: Value + private init(_ value: Value) { + self.value = value + } + + public init(rawValue: String) throws { + let values = Value.allCases.reduce(into: [String: Value]()) { + $0[String(describing: $1).lowercased()] = $1 + } + + guard let match = values[rawValue.lowercased()] else { + throw CapabilityParsingError.invalidCapabilitySet(rawValue) + } + self.value = match + } + + public static var bounding: Self { Self(.bounding) } + public static var effective: Self { Self(.effective) } + public static var inheritable: Self { Self(.inheritable) } + public static var permitted: Self { Self(.permitted) } + public static var ambient: Self { Self(.ambient) } +} + +extension CapabilitySet: CustomStringConvertible { + public var description: String { + String(describing: self.value) + } +} + +public struct CapabilityName: Sendable, Hashable { + private enum Value: Hashable, Sendable, CaseIterable { + case chown + case dacOverride + case dacReadSearch + case fowner + case fsetid + case kill + case setgid + case setuid + case setpcap + case linuxImmutable + case netBindService + case netBroadcast + case netAdmin + case netRaw + case ipcLock + case ipcOwner + case sysModule + case sysRawio + case sysChroot + case sysPtrace + case sysPacct + case sysAdmin + case sysBoot + case sysNice + case sysResource + case sysTime + case sysTtyConfig + case mknod + case lease + case auditWrite + case auditControl + case setfcap + case macOverride + case macAdmin + case syslog + case wakeAlarm + case blockSuspend + case auditRead + case perfmon + case bpf + case checkpointRestore + } + + private var value: Value + private init(_ value: Value) { + self.value = value + } + + public init(rawValue: String) throws { + let uppercased = rawValue.uppercased() + let normalized = uppercased.hasPrefix("CAP_") ? uppercased : "CAP_\(uppercased)" + + let capNameMap: [String: Value] = [ + "CAP_CHOWN": .chown, + "CAP_DAC_OVERRIDE": .dacOverride, + "CAP_DAC_READ_SEARCH": .dacReadSearch, + "CAP_FOWNER": .fowner, + "CAP_FSETID": .fsetid, + "CAP_KILL": .kill, + "CAP_SETGID": .setgid, + "CAP_SETUID": .setuid, + "CAP_SETPCAP": .setpcap, + "CAP_LINUX_IMMUTABLE": .linuxImmutable, + "CAP_NET_BIND_SERVICE": .netBindService, + "CAP_NET_BROADCAST": .netBroadcast, + "CAP_NET_ADMIN": .netAdmin, + "CAP_NET_RAW": .netRaw, + "CAP_IPC_LOCK": .ipcLock, + "CAP_IPC_OWNER": .ipcOwner, + "CAP_SYS_MODULE": .sysModule, + "CAP_SYS_RAWIO": .sysRawio, + "CAP_SYS_CHROOT": .sysChroot, + "CAP_SYS_PTRACE": .sysPtrace, + "CAP_SYS_PACCT": .sysPacct, + "CAP_SYS_ADMIN": .sysAdmin, + "CAP_SYS_BOOT": .sysBoot, + "CAP_SYS_NICE": .sysNice, + "CAP_SYS_RESOURCE": .sysResource, + "CAP_SYS_TIME": .sysTime, + "CAP_SYS_TTY_CONFIG": .sysTtyConfig, + "CAP_MKNOD": .mknod, + "CAP_LEASE": .lease, + "CAP_AUDIT_WRITE": .auditWrite, + "CAP_AUDIT_CONTROL": .auditControl, + "CAP_SETFCAP": .setfcap, + "CAP_MAC_OVERRIDE": .macOverride, + "CAP_MAC_ADMIN": .macAdmin, + "CAP_SYSLOG": .syslog, + "CAP_WAKE_ALARM": .wakeAlarm, + "CAP_BLOCK_SUSPEND": .blockSuspend, + "CAP_AUDIT_READ": .auditRead, + "CAP_PERFMON": .perfmon, + "CAP_BPF": .bpf, + "CAP_CHECKPOINT_RESTORE": .checkpointRestore, + ] + + guard let match = capNameMap[normalized] else { + throw CapabilityParsingError.invalidCapabilityName(rawValue) + } + self.value = match + } + + public var capValue: UInt32 { + switch self.value { + case .chown: return 0 + case .dacOverride: return 1 + case .dacReadSearch: return 2 + case .fowner: return 3 + case .fsetid: return 4 + case .kill: return 5 + case .setgid: return 6 + case .setuid: return 7 + case .setpcap: return 8 + case .linuxImmutable: return 9 + case .netBindService: return 10 + case .netBroadcast: return 11 + case .netAdmin: return 12 + case .netRaw: return 13 + case .ipcLock: return 14 + case .ipcOwner: return 15 + case .sysModule: return 16 + case .sysRawio: return 17 + case .sysChroot: return 18 + case .sysPtrace: return 19 + case .sysPacct: return 20 + case .sysAdmin: return 21 + case .sysBoot: return 22 + case .sysNice: return 23 + case .sysResource: return 24 + case .sysTime: return 25 + case .sysTtyConfig: return 26 + case .mknod: return 27 + case .lease: return 28 + case .auditWrite: return 29 + case .auditControl: return 30 + case .setfcap: return 31 + case .macOverride: return 32 + case .macAdmin: return 33 + case .syslog: return 34 + case .wakeAlarm: return 35 + case .blockSuspend: return 36 + case .auditRead: return 37 + case .perfmon: return 38 + case .bpf: return 39 + case .checkpointRestore: return 40 + } + } + + public static var chown: Self { Self(.chown) } + public static var dacOverride: Self { Self(.dacOverride) } + public static var dacReadSearch: Self { Self(.dacReadSearch) } + public static var fowner: Self { Self(.fowner) } + public static var fsetid: Self { Self(.fsetid) } + public static var kill: Self { Self(.kill) } + public static var setgid: Self { Self(.setgid) } + public static var setuid: Self { Self(.setuid) } + public static var setpcap: Self { Self(.setpcap) } + public static var linuxImmutable: Self { Self(.linuxImmutable) } + public static var netBindService: Self { Self(.netBindService) } + public static var netBroadcast: Self { Self(.netBroadcast) } + public static var netAdmin: Self { Self(.netAdmin) } + public static var netRaw: Self { Self(.netRaw) } + public static var ipcLock: Self { Self(.ipcLock) } + public static var ipcOwner: Self { Self(.ipcOwner) } + public static var sysModule: Self { Self(.sysModule) } + public static var sysRawio: Self { Self(.sysRawio) } + public static var sysChroot: Self { Self(.sysChroot) } + public static var sysPtrace: Self { Self(.sysPtrace) } + public static var sysPacct: Self { Self(.sysPacct) } + public static var sysAdmin: Self { Self(.sysAdmin) } + public static var sysBoot: Self { Self(.sysBoot) } + public static var sysNice: Self { Self(.sysNice) } + public static var sysResource: Self { Self(.sysResource) } + public static var sysTime: Self { Self(.sysTime) } + public static var sysTtyConfig: Self { Self(.sysTtyConfig) } + public static var mknod: Self { Self(.mknod) } + public static var lease: Self { Self(.lease) } + public static var auditWrite: Self { Self(.auditWrite) } + public static var auditControl: Self { Self(.auditControl) } + public static var setfcap: Self { Self(.setfcap) } + public static var macOverride: Self { Self(.macOverride) } + public static var macAdmin: Self { Self(.macAdmin) } + public static var syslog: Self { Self(.syslog) } + public static var wakeAlarm: Self { Self(.wakeAlarm) } + public static var blockSuspend: Self { Self(.blockSuspend) } + public static var auditRead: Self { Self(.auditRead) } + public static var perfmon: Self { Self(.perfmon) } + public static var bpf: Self { Self(.bpf) } + public static var checkpointRestore: Self { Self(.checkpointRestore) } + + public static var allCases: [CapabilityName] { + Value.allCases.map { CapabilityName($0) } + } +} + +extension CapabilityName: CustomStringConvertible { + public var description: String { + switch self.value { + case .chown: return "CAP_CHOWN" + case .dacOverride: return "CAP_DAC_OVERRIDE" + case .dacReadSearch: return "CAP_DAC_READ_SEARCH" + case .fowner: return "CAP_FOWNER" + case .fsetid: return "CAP_FSETID" + case .kill: return "CAP_KILL" + case .setgid: return "CAP_SETGID" + case .setuid: return "CAP_SETUID" + case .setpcap: return "CAP_SETPCAP" + case .linuxImmutable: return "CAP_LINUX_IMMUTABLE" + case .netBindService: return "CAP_NET_BIND_SERVICE" + case .netBroadcast: return "CAP_NET_BROADCAST" + case .netAdmin: return "CAP_NET_ADMIN" + case .netRaw: return "CAP_NET_RAW" + case .ipcLock: return "CAP_IPC_LOCK" + case .ipcOwner: return "CAP_IPC_OWNER" + case .sysModule: return "CAP_SYS_MODULE" + case .sysRawio: return "CAP_SYS_RAWIO" + case .sysChroot: return "CAP_SYS_CHROOT" + case .sysPtrace: return "CAP_SYS_PTRACE" + case .sysPacct: return "CAP_SYS_PACCT" + case .sysAdmin: return "CAP_SYS_ADMIN" + case .sysBoot: return "CAP_SYS_BOOT" + case .sysNice: return "CAP_SYS_NICE" + case .sysResource: return "CAP_SYS_RESOURCE" + case .sysTime: return "CAP_SYS_TIME" + case .sysTtyConfig: return "CAP_SYS_TTY_CONFIG" + case .mknod: return "CAP_MKNOD" + case .lease: return "CAP_LEASE" + case .auditWrite: return "CAP_AUDIT_WRITE" + case .auditControl: return "CAP_AUDIT_CONTROL" + case .setfcap: return "CAP_SETFCAP" + case .macOverride: return "CAP_MAC_OVERRIDE" + case .macAdmin: return "CAP_MAC_ADMIN" + case .syslog: return "CAP_SYSLOG" + case .wakeAlarm: return "CAP_WAKE_ALARM" + case .blockSuspend: return "CAP_BLOCK_SUSPEND" + case .auditRead: return "CAP_AUDIT_READ" + case .perfmon: return "CAP_PERFMON" + case .bpf: return "CAP_BPF" + case .checkpointRestore: return "CAP_CHECKPOINT_RESTORE" + } + } +} + +// MARK: - Linux Implementation + +#if os(Linux) + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +import CShim + +/// Capability type flags +public struct CapType: OptionSet, Sendable { + public let rawValue: UInt32 + + public init(rawValue: UInt32) { + self.rawValue = rawValue + } + + // Individual capability sets (for Get/Set/Unset/etc) + public static let effective = CapType(rawValue: 1 << 0) + public static let permitted = CapType(rawValue: 1 << 1) + public static let inheritable = CapType(rawValue: 1 << 2) + public static let bounding = CapType(rawValue: 1 << 3) + public static let ambient = CapType(rawValue: 1 << 4) + + // Bulk operation flags (for Apply/Fill/Clear) + public static let caps = CapType(rawValue: 1 << 8) // CAPS - effective, permitted, inheritable + public static let bounds = CapType(rawValue: 1 << 9) // BOUNDS - bounding set + public static let ambs = CapType(rawValue: 1 << 10) // AMBS - ambient capabilities +} + +private struct CapabilityHeader { + var version: UInt32 + var pid: Int32 + + init(pid: Int32 = 0) { + self.version = 0x2008_0522 + self.pid = pid + } +} + +private struct CapabilityData { + var effective1: UInt32 + var permitted1: UInt32 + var inheritable1: UInt32 + var effective2: UInt32 + var permitted2: UInt32 + var inheritable2: UInt32 + + init( + effective1: UInt32 = 0, + permitted1: UInt32 = 0, + inheritable1: UInt32 = 0, + effective2: UInt32 = 0, + permitted2: UInt32 = 0, + inheritable2: UInt32 = 0 + ) { + self.effective1 = effective1 + self.permitted1 = permitted1 + self.inheritable1 = inheritable1 + self.effective2 = effective2 + self.permitted2 = permitted2 + self.inheritable2 = inheritable2 + } +} + +/// Interface with Linux capabilities +/// https://linux.die.net/man/7/capabilities +public struct LinuxCapabilities: Sendable { + private var effectiveSet: UInt64 = 0 + private var permittedSet: UInt64 = 0 + private var inheritableSet: UInt64 = 0 + private var boundingSet: UInt64 = 0 + private var ambientSet: UInt64 = 0 + + public init() {} + + /// Get the highest supported capability from the kernel + public static func getLastSupported() throws -> CapabilityName { + guard let data = try? String(contentsOfFile: "/proc/sys/kernel/cap_last_cap", encoding: .ascii), + let lastCap = UInt32(data.trimmingCharacters(in: .whitespacesAndNewlines)) + else { + throw LinuxCapabilities.Error.invalidCapabilitySet("failed to read /proc/sys/kernel/cap_last_cap") + } + + guard let capability = CapabilityName.allCases.first(where: { $0.capValue == lastCap }) else { + throw LinuxCapabilities.Error.invalidCapabilitySet("no capability found for kernel max cap \(lastCap)") + } + + return capability + } + + /// Set keep caps + public static func setKeepCaps() throws { + let result = CZ_prctl_set_keepcaps() + if result != 0 { + throw LinuxCapabilities.Error.prctlFailed(errno: errno, operation: "PR_SET_KEEPCAPS") + } + } + + /// Clear keep caps + public static func clearKeepCaps() throws { + let result = CZ_prctl_clear_keepcaps() + if result != 0 { + throw LinuxCapabilities.Error.prctlFailed(errno: errno, operation: "PR_CLEAR_KEEPCAPS") + } + } + + /// Load current process capabilities from kernel + public mutating func load() throws { + let data = try getCurrentCapabilities() + self.effectiveSet = UInt64(data.effective1) + self.permittedSet = UInt64(data.permitted1) + self.inheritableSet = UInt64(data.inheritable1) + } + + /// Check if capability is present in the given set + public func get(which: CapType, what: CapabilityName) -> Bool { + let bit = UInt64(1) << what.capValue + + if which.contains(.effective) { + return (effectiveSet & bit) != 0 + } else if which.contains(.permitted) { + return (permittedSet & bit) != 0 + } else if which.contains(.inheritable) { + return (inheritableSet & bit) != 0 + } else if which.contains(.bounding) { + return (boundingSet & bit) != 0 + } else if which.contains(.ambient) { + return (ambientSet & bit) != 0 + } + return false + } + + /// Set capabilities in the given sets + public mutating func set(which: CapType, caps: [CapabilityName]) { + let mask = caps.reduce(UInt64(0)) { result, cap in + result | (UInt64(1) << cap.capValue) + } + + if which.contains(.effective) { + effectiveSet |= mask + } + if which.contains(.permitted) { + permittedSet |= mask + } + if which.contains(.inheritable) { + inheritableSet |= mask + } + if which.contains(.bounding) { + boundingSet |= mask + } + if which.contains(.ambient) { + ambientSet |= mask + } + } + + /// Unset capabilities from the given sets + public mutating func unset(which: CapType, caps: [CapabilityName]) { + let mask = caps.reduce(UInt64(0)) { result, cap in + result | (UInt64(1) << cap.capValue) + } + + if which.contains(.effective) { + effectiveSet &= ~mask + } + if which.contains(.permitted) { + permittedSet &= ~mask + } + if which.contains(.inheritable) { + inheritableSet &= ~mask + } + if which.contains(.bounding) { + boundingSet &= ~mask + } + if which.contains(.ambient) { + ambientSet &= ~mask + } + } + + /// Fill all bits of given capability types + public mutating func fill(kind: CapType) { + if kind.contains(.caps) { + effectiveSet = 0xFFFF_FFFF_FFFF_FFFF + permittedSet = 0xFFFF_FFFF_FFFF_FFFF + inheritableSet = 0 + } + if kind.contains(.bounds) { + boundingSet = 0xFFFF_FFFF_FFFF_FFFF + } + if kind.contains(.ambs) { + ambientSet = 0xFFFF_FFFF_FFFF_FFFF + } + } + + /// Clear all bits of given capability types + public mutating func clear(kind: CapType) { + if kind.contains(.caps) { + effectiveSet = 0 + permittedSet = 0 + inheritableSet = 0 + } + if kind.contains(.bounds) { + boundingSet = 0 + } + if kind.contains(.ambs) { + ambientSet = 0 + } + } + + /// Apply capabilities to current process + public func apply(kind: CapType) throws { + // Apply bounding set (requires CAP_SETPCAP) + if kind.contains(.bounds) { + try applyBoundingSet() + } + + // Apply main capabilities (effective, permitted, inheritable) + if kind.contains(.caps) { + try applyMainCapabilities() + } + + // Apply ambient capabilities + if kind.contains(.ambs) { + try applyAmbientCapabilities() + } + } + + private func applyBoundingSet() throws { + let currentData = try getCurrentCapabilities() + let hasSetPCap = (currentData.effective1 & (1 << CapabilityName.setpcap.capValue)) != 0 + + if hasSetPCap { + // Get the last supported capability to avoid trying to drop unsupported ones + let lastSupported = try Self.getLastSupported() + + for cap in CapabilityName.allCases { + // Skip capabilities higher than what the kernel supports + guard cap.capValue <= lastSupported.capValue else { continue } + + let capBit = UInt64(1) << cap.capValue + if (boundingSet & capBit) == 0 { + let result = CZ_prctl_capbset_drop(cap.capValue) + if result != 0 && errno != EINVAL { + throw Error.prctlFailed(errno: errno, operation: "PR_CAPBSET_DROP") + } + } + } + } + } + + private func applyMainCapabilities() throws { + let data = CapabilityData( + effective1: UInt32(effectiveSet & 0xFFFF_FFFF), + permitted1: UInt32(permittedSet & 0xFFFF_FFFF), + inheritable1: UInt32(inheritableSet & 0xFFFF_FFFF) + ) + + try setCapabilities(data: data) + } + + private func applyAmbientCapabilities() throws { + // Clear all ambient capabilities first + let clearResult = CZ_prctl_cap_ambient_clear_all() + if clearResult != 0 && errno != EINVAL { + throw Error.prctlFailed(errno: errno, operation: "PR_CAP_AMBIENT_CLEAR_ALL") + } + + // Get the last supported capability to avoid trying to set unsupported ones + let lastSupported = try Self.getLastSupported() + + // Set each ambient capability + for cap in CapabilityName.allCases { + // Skip capabilities higher than what the kernel supports + guard cap.capValue <= lastSupported.capValue else { continue } + + let capBit = UInt64(1) << cap.capValue + if (ambientSet & capBit) != 0 { + let result = CZ_prctl_cap_ambient_raise(cap.capValue) + if result != 0 && errno != EINVAL { + throw Error.prctlFailed(errno: errno, operation: "PR_CAP_AMBIENT_RAISE") + } + } + } + } + + private func getCurrentCapabilities() throws -> CapabilityData { + var header = CapabilityHeader() + var data = CapabilityData() + + let result = withUnsafeMutablePointer(to: &header) { headerPtr in + withUnsafeMutablePointer(to: &data) { dataPtr in + CZ_capget(headerPtr, dataPtr) + } + } + + if result != 0 { + throw Error.capgetFailed(errno: errno) + } + + return data + } + + private func setCapabilities(data: CapabilityData) throws { + var header = CapabilityHeader() + var mutableData = data + + let result = withUnsafeMutablePointer(to: &header) { headerPtr in + withUnsafeMutablePointer(to: &mutableData) { dataPtr in + CZ_capset(headerPtr, dataPtr) + } + } + + if result != 0 { + throw Error.capsetFailed(errno: errno) + } + } +} + +extension LinuxCapabilities { + public enum Error: Swift.Error, CustomStringConvertible { + case unsupportedCapability(name: String) + case capsetFailed(errno: Int32) + case capgetFailed(errno: Int32) + case prctlFailed(errno: Int32, operation: String) + case invalidCapabilitySet(String) + + public var description: String { + switch self { + case .unsupportedCapability(let name): + return "unsupported capability: \(name)" + case .capsetFailed(let errno): + return "capset failed with errno \(errno): \(String(cString: strerror(errno)))" + case .capgetFailed(let errno): + return "capget failed with errno \(errno): \(String(cString: strerror(errno)))" + case .prctlFailed(let errno, let operation): + return "prctl(\(operation)) failed with errno \(errno): \(String(cString: strerror(errno)))" + case .invalidCapabilitySet(let message): + return "invalid capability set configuration: \(message)" + } + } + } +} + +#endif diff --git a/Sources/ContainerizationOS/Linux/Epoll.swift b/Sources/ContainerizationOS/Linux/Epoll.swift new file mode 100644 index 0000000..3566e17 --- /dev/null +++ b/Sources/ContainerizationOS/Linux/Epoll.swift @@ -0,0 +1,189 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +#if canImport(Musl) +import Musl +private let _write = Musl.write +#elseif canImport(Glibc) +import Glibc +private let _write = Glibc.write +#endif + +import CShim + +// On glibc, epoll constants are EPOLL_EVENTS enum values. On musl they're +// plain UInt32. These helpers normalize them to UInt32/Int32. +private func epollMask(_ value: UInt32) -> UInt32 { value } +private func epollMask(_ value: Int32) -> UInt32 { UInt32(bitPattern: value) } +#if canImport(Glibc) +private func epollMask(_ value: EPOLL_EVENTS) -> UInt32 { value.rawValue } +private func epollFlag(_ value: EPOLL_EVENTS) -> Int32 { Int32(bitPattern: value.rawValue) } +#endif + +/// A thin wrapper around the Linux epoll syscall surface. +public final class Epoll: Sendable { + /// A set of epoll event flags. + public struct Mask: OptionSet, Sendable { + public let rawValue: UInt32 + + public init(rawValue: UInt32) { + self.rawValue = rawValue + } + + public static let input = Mask(rawValue: epollMask(EPOLLIN)) + public static let output = Mask(rawValue: epollMask(EPOLLOUT)) + + public var isHangup: Bool { + !self.isDisjoint(with: Mask(rawValue: epollMask(EPOLLHUP) | epollMask(EPOLLERR))) + } + + public var isRemoteHangup: Bool { + !self.isDisjoint(with: Mask(rawValue: epollMask(EPOLLRDHUP))) + } + + public var readyToRead: Bool { + self.contains(.input) + } + + public var readyToWrite: Bool { + self.contains(.output) + } + } + + /// An event returned by `wait()`. + public struct Event: Sendable { + public let fd: Int32 + public let mask: Mask + } + + private let epollFD: Int32 + private let eventFD: Int32 + + public init() throws { + let efd = epoll_create1(Int32(EPOLL_CLOEXEC)) + guard efd >= 0 else { + throw POSIXError.fromErrno() + } + + let evfd = eventfd(0, Int32(EFD_CLOEXEC | EFD_NONBLOCK)) + guard evfd >= 0 else { + let evfdErrno = POSIXError.fromErrno() + close(efd) + throw evfdErrno + } + + self.epollFD = efd + self.eventFD = evfd + + // Register the eventfd with epoll for shutdown signaling. + var event = epoll_event() + event.events = epollMask(EPOLLIN) + event.data.fd = self.eventFD + let ctlResult = withUnsafeMutablePointer(to: &event) { ptr in + epoll_ctl(efd, EPOLL_CTL_ADD, self.eventFD, ptr) + } + guard ctlResult == 0 else { + let ctlErrno = POSIXError.fromErrno() + close(evfd) + close(efd) + throw ctlErrno + } + } + + deinit { + close(epollFD) + close(eventFD) + } + + /// Register a file descriptor for edge-triggered monitoring. + public func add(_ fd: Int32, mask: Mask) throws { + guard fcntl(fd, F_SETFL, O_NONBLOCK) == 0 else { + throw POSIXError.fromErrno() + } + + let events = epollMask(EPOLLET) | mask.rawValue + + var event = epoll_event() + event.events = events + event.data.fd = fd + + try withUnsafeMutablePointer(to: &event) { ptr in + if epoll_ctl(self.epollFD, EPOLL_CTL_ADD, fd, ptr) == -1 { + throw POSIXError.fromErrno() + } + } + } + + /// Remove a file descriptor from the monitored collection. + public func delete(_ fd: Int32) throws { + var event = epoll_event() + let result = withUnsafeMutablePointer(to: &event) { ptr in + epoll_ctl(self.epollFD, EPOLL_CTL_DEL, fd, ptr) as Int32 + } + if result != 0 { + throw POSIXError.fromErrno() + } + } + + /// Wait for events. + /// + /// Returns ready events, an empty array on timeout, or `nil` on shutdown. + public func wait(maxEvents: Int = 128, timeout: Int32 = -1) -> [Event]? { + var events: [epoll_event] = .init(repeating: epoll_event(), count: maxEvents) + + while true { + let n = epoll_wait(self.epollFD, &events, Int32(events.count), timeout) + if n < 0 { + if errno == EINTR || errno == EAGAIN { + continue + } + preconditionFailure("epoll_wait failed unexpectedly: \(POSIXError.fromErrno())") + } + + if n == 0 { + return [] + } + + var result: [Event] = [] + result.reserveCapacity(Int(n)) + for i in 0...size) + precondition(n == MemoryLayout.size, "eventfd write failed: \(POSIXError.fromErrno())") + } + +} + +#endif // os(Linux) diff --git a/Sources/ContainerizationOS/Mount/Mount.swift b/Sources/ContainerizationOS/Mount/Mount.swift new file mode 100644 index 0000000..b4f4061 --- /dev/null +++ b/Sources/ContainerizationOS/Mount/Mount.swift @@ -0,0 +1,410 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CShim + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +#if canImport(Musl) +import Musl +private let _mount = Musl.mount +private let _umount = Musl.umount2 +#elseif canImport(Glibc) +import Glibc +private let _mount = Glibc.mount +private let _umount = Glibc.umount2 +#endif + +// Mount package modeled closely from containerd's: https://github.com/containerd/containerd/tree/main/core/mount + +/// `Mount` models a Linux mount (although potentially could be used on other unix platforms), and +/// provides a simple interface to mount what the type describes. +public struct Mount: Sendable { + // Type specifies the host-specific of the mount. + public var type: String + // Source specifies where to mount from. Depending on the host system, this + // can be a source path or device. + public var source: String + // Target specifies an optional subdirectory as a mountpoint. + public var target: String + // Options contains zero or more fstab-style mount options. + public var options: [String] + + public init(type: String, source: String, target: String, options: [String]) { + self.type = type + self.source = source + self.target = target + self.options = options + } +} + +extension Mount { + #if canImport(Glibc) + internal typealias Flag = Int + #else + internal typealias Flag = Int32 + #endif + + internal struct FlagBehavior { + let clear: Bool + let flag: Flag + + public init(_ clear: Bool, _ flag: Flag) { + self.clear = clear + self.flag = flag + } + } + + #if os(Linux) + internal static let flagsDictionary: [String: FlagBehavior] = [ + "async": .init(true, MS_SYNCHRONOUS), + "atime": .init(true, MS_NOATIME), + "bind": .init(false, MS_BIND), + "defaults": .init(false, 0), + "dev": .init(true, MS_NODEV), + "diratime": .init(true, MS_NODIRATIME), + "dirsync": .init(false, MS_DIRSYNC), + "exec": .init(true, MS_NOEXEC), + "mand": .init(false, MS_MANDLOCK), + "noatime": .init(false, MS_NOATIME), + "nodev": .init(false, MS_NODEV), + "nodiratime": .init(false, MS_NODIRATIME), + "noexec": .init(false, MS_NOEXEC), + "nomand": .init(true, MS_MANDLOCK), + "norelatime": .init(true, MS_RELATIME), + "nostrictatime": .init(true, MS_STRICTATIME), + "nosuid": .init(false, MS_NOSUID), + "rbind": .init(false, MS_BIND | MS_REC), + "relatime": .init(false, MS_RELATIME), + "remount": .init(false, MS_REMOUNT), + "ro": .init(false, MS_RDONLY), + "rw": .init(true, MS_RDONLY), + "strictatime": .init(false, MS_STRICTATIME), + "suid": .init(true, MS_NOSUID), + "sync": .init(false, MS_SYNCHRONOUS), + ] + + internal struct MountOptions { + var flags: Int32 + var data: [String] + + public init(_ flags: Int32 = 0, data: [String] = []) { + self.flags = flags + self.data = data + } + } + + /// Whether the mount is read only. + public var readOnly: Bool { + for option in self.options { + if option == "ro" { + return true + } + } + return false + } + + /// Mount the mount relative to `root` with the current set of data in the object. + /// + /// Optionally provide `createWithPerms` to set the permissions for the directory that + /// it will be mounted at. + public func mount(root: String, createWithPerms: Int16? = nil) throws { + let fd = try secureResolveInRoot(root: root) + defer { close(fd) } + + let realPath = try readlinkProc(fd: fd) + try self.mountToTarget(target: realPath, createWithPerms: createWithPerms, targetResolved: true) + } + + /// Open a path relative to `dirFd` using `openat2(2)` with `RESOLVE_IN_ROOT`. + /// + /// All symlink resolution is confined to the directory tree beneath `dirFd`. + /// Returns the file descriptor on success, or -1 on failure (with errno set). + private func openInRoot(dirFd: Int32, path: String, flags: Int32, mode: UInt64 = 0) -> Int32 { + path.withCString { cPath in + var how = cz_open_how( + flags: UInt64(flags), + mode: mode, + resolve: UInt64(RESOLVE_IN_ROOT) + ) + return CZ_openat2(dirFd, cPath, &how, MemoryLayout.size) + } + } + + private func secureResolveInRoot(root: String) throws -> Int32 { + let rootFd = open(root, O_RDONLY | O_DIRECTORY | O_CLOEXEC) + guard rootFd >= 0 else { + throw Error.errno(errno, "failed to open rootfs '\(root)'") + } + + // Determine if the leaf mount point should be a file or directory. + let opts = parseMountOptions() + let isBindMount = (opts.flags & Int32(MS_BIND)) != 0 + var leafIsFile = false + if isBindMount { + var sourceStat = stat() + if stat(self.source, &sourceStat) == 0 { + leafIsFile = (sourceStat.st_mode & S_IFMT) != S_IFDIR + } + } + + // Normalize target to a relative path for openat2. + let relativePath = self.target + .split(separator: "/", omittingEmptySubsequences: true) + .joined(separator: "/") + + guard !relativePath.isEmpty else { + return rootFd + } + + // Fast path: try openat2 with RESOLVE_IN_ROOT for the full path. + let openFlags: Int32 = + leafIsFile + ? (O_RDONLY | O_CLOEXEC) + : (O_RDONLY | O_DIRECTORY | O_CLOEXEC) + let fd = openInRoot(dirFd: rootFd, path: relativePath, flags: openFlags) + if fd >= 0 { + close(rootFd) + return fd + } + + guard errno == ENOENT else { + let savedErrno = errno + close(rootFd) + throw Error.errno(savedErrno, "failed to resolve '\(self.target)' in rootfs") + } + + // Part of the path doesn't exist. Use openat2 to find the deepest + // existing ancestor, then create the missing components. + return try createMountTarget( + rootFd: rootFd, relativePath: relativePath, leafIsFile: leafIsFile + ) + } + + private func createMountTarget( + rootFd: Int32, + relativePath: String, + leafIsFile: Bool + ) throws -> Int32 { + let components = relativePath.split(separator: "/").map(String.init) + var currentFd = rootFd + var resultFd: Int32 = -1 + + // Centralized cleanup. On success resultFd holds the fd we return, + // so we avoid closing it. On error resultFd is -1 and we close + // everything. + defer { + if currentFd != rootFd && currentFd != resultFd { close(currentFd) } + if rootFd != resultFd { close(rootFd) } + } + + func fail(_ savedErrno: Int32, _ message: String) throws -> Never { + throw Error.errno(savedErrno, message) + } + + // Find the deepest existing directory using openat2 with RESOLVE_IN_ROOT. + var firstMissing = 0 + for i in 0..= 0 else { + try fail(errno, "failed to re-open mount point file '\(component)'") + } + resultFd = pathFd + return resultFd + } + + guard mkdirat(currentFd, component, 0o755) == 0 else { + try fail(errno, "failed to create directory '\(component)'") + } + + let dirFd = openat(currentFd, component, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC) + guard dirFd >= 0 else { + try fail(errno, "failed to open created directory '\(component)'") + } + + if isLast { + resultFd = dirFd + return resultFd + } + + if currentFd != rootFd { close(currentFd) } + currentFd = dirFd + } + + // All components already existed. + resultFd = currentFd + return resultFd + } + + /// Resolve the real filesystem path for an open fd via /proc/self/fd. + private func readlinkProc(fd: Int32) throws -> String { + let procPath = "/proc/self/fd/\(fd)" + var buffer = [CChar](repeating: 0, count: Int(PATH_MAX) + 1) + let len = readlink(procPath, &buffer, buffer.count - 1) + guard len > 0 else { + throw Error.errno(errno, "readlink failed for '\(procPath)'") + } + return buffer.prefix(len).withUnsafeBufferPointer { buf in + String(decoding: buf.map { UInt8(bitPattern: $0) }, as: UTF8.self) + } + } + + /// Mount the mount with the current set of data in the object. Optionally + /// provide `createWithPerms` to set the permissions for the directory that + /// it will be mounted at. + public func mount(createWithPerms: Int16? = nil) throws { + try self.mountToTarget(target: self.target, createWithPerms: createWithPerms) + } + + private func mountToTarget(target: String, createWithPerms: Int16?, targetResolved: Bool = false) throws { + let pageSize = sysconf(Int32(_SC_PAGESIZE)) + + let opts = parseMountOptions() + let dataString = opts.data.joined(separator: ",") + if dataString.count > pageSize { + throw Error.validation("data string exceeds page size (\(dataString.count) > \(pageSize))") + } + + let propagationTypes: Int32 = Int32(MS_SHARED) | Int32(MS_PRIVATE) | Int32(MS_SLAVE) | Int32(MS_UNBINDABLE) + + // Ensure propagation type change flags aren't included in other calls. + let originalFlags = opts.flags & ~(propagationTypes) + + // When targetResolved is true, the target path has already been securely + // resolved and the mount point created by secureResolveInRoot. Skip + // directory/file creation to avoid following symlinks in the target path. + if !targetResolved { + let targetURL = URL(fileURLWithPath: target) + let targetParent = targetURL.deletingLastPathComponent().path + if let perms = createWithPerms { + try mkdirAll(targetParent, perms) + } + + // For bind mounts, check if the source is a file and create the target accordingly. + let isBindMount = (originalFlags & Int32(MS_BIND)) != 0 + if isBindMount { + var sourceIsNonDir = false + var sourceStat = stat() + if stat(self.source, &sourceStat) == 0 { + sourceIsNonDir = (sourceStat.st_mode & S_IFMT) != S_IFDIR + } + + if sourceIsNonDir { + // Create parent directories and touch the target file + try mkdirAll(targetParent, 0o755) + let fd = open(target, O_WRONLY | O_CREAT, 0o644) + if fd >= 0 { + close(fd) + } + } else { + try mkdirAll(target, 0o755) + } + } else { + try mkdirAll(target, 0o755) + } + } + + if opts.flags & Int32(MS_REMOUNT) == 0 || !dataString.isEmpty { + guard _mount(self.source, target, self.type, UInt(originalFlags), dataString) == 0 else { + throw Error.errno( + errno, + "failed initial mount source=\(self.source) target=\(target) type=\(self.type) data=\(dataString)" + ) + } + } + + if opts.flags & propagationTypes != 0 { + // Change the propagation type. + let pflags = propagationTypes | Int32(MS_REC) | Int32(MS_SILENT) + guard _mount("", target, "", UInt(opts.flags & pflags), "") == 0 else { + throw Error.errno(errno, "failed propagation change mount") + } + } + + let bindReadOnlyFlags = Int32(MS_BIND) | Int32(MS_RDONLY) + if originalFlags & bindReadOnlyFlags == bindReadOnlyFlags { + guard _mount("", target, "", UInt(originalFlags | Int32(MS_REMOUNT)), "") == 0 else { + throw Error.errno(errno, "failed bind mount") + } + } + } + + private func mkdirAll(_ name: String, _ perm: Int16) throws { + try FileManager.default.createDirectory( + atPath: name, + withIntermediateDirectories: true, + attributes: [.posixPermissions: perm] + ) + } + + private func parseMountOptions() -> MountOptions { + var mountOpts = MountOptions() + for option in self.options { + if let entry = Self.flagsDictionary[option], entry.flag != 0 { + if entry.clear { + mountOpts.flags &= ~Int32(entry.flag) + } else { + mountOpts.flags |= Int32(entry.flag) + } + } else { + mountOpts.data.append(option) + } + } + return mountOpts + } + + /// `Mount` errors + public enum Error: Swift.Error, CustomStringConvertible { + case errno(Int32, String) + case validation(String) + + public var description: String { + switch self { + case .errno(let errno, let message): + return "mount failed with errno \(errno): \(message)" + case .validation(let message): + return "failed during validation: \(message)" + } + } + } + #endif +} diff --git a/Sources/ContainerizationOS/POSIXError+Helpers.swift b/Sources/ContainerizationOS/POSIXError+Helpers.swift new file mode 100644 index 0000000..233e78d --- /dev/null +++ b/Sources/ContainerizationOS/POSIXError+Helpers.swift @@ -0,0 +1,38 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#endif + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +extension POSIXError { + public static func fromErrno() -> POSIXError { + guard let errCode = POSIXErrorCode(rawValue: errno) else { + fatalError("failed to convert errno to POSIXErrorCode") + } + return POSIXError(errCode) + } +} diff --git a/Sources/ContainerizationOS/Path.swift b/Sources/ContainerizationOS/Path.swift new file mode 100644 index 0000000..1281a84 --- /dev/null +++ b/Sources/ContainerizationOS/Path.swift @@ -0,0 +1,88 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// `Path` provides utilities to look for binaries in the current PATH, +/// or to return the current PATH. +public struct Path { + /// lookPath looks up an executable's path from $PATH + public static func lookPath(_ name: String) -> URL? { + lookup(name, path: getCurrentPath()) + } + + public static func lookPath(_ name: String, path: String) -> URL? { + lookup(name, path: path) + } + + // getEnv returns the default environment of the process + // with the default $PATH added for the context of a macOS application bundle + public static func getEnv() -> [String: String] { + var env = ProcessInfo.processInfo.environment + env["PATH"] = getCurrentPath() + return env + } + + private static func lookup(_ name: String, path: String) -> URL? { + // Return nil for empty names + if name.isEmpty { + return nil + } + + if name.contains("/") { + if findExec(name) { + return URL(fileURLWithPath: name) + } + return nil + } + + for var lookdir in path.split(separator: ":") { + if lookdir.isEmpty { + lookdir = "." + } + let file = URL(fileURLWithPath: String(lookdir)).appendingPathComponent(name) + if findExec(file.path) { + return file + } + } + return nil + } + + /// getPath returns $PATH for the current process + public static func getCurrentPath() -> String { + let env = ProcessInfo.processInfo.environment + return env["PATH"] ?? "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" + } + + // findPath returns a string containing the 'PATH' environment variable + public static func findPath(_ env: [String]?) -> String? { + guard let env = env else { + return nil + } + return env.first(where: { $0.hasPrefix("PATH=") }) + .map { String($0.dropFirst(5)) } + } + + // findExec returns true if the provided path is an executable + private static func findExec(_ path: String) -> Bool { + let fm = FileManager.default + return fm.isExecutableFile(atPath: path) + } +} diff --git a/Sources/ContainerizationOS/Pipe+Close.swift b/Sources/ContainerizationOS/Pipe+Close.swift new file mode 100644 index 0000000..748bd67 --- /dev/null +++ b/Sources/ContainerizationOS/Pipe+Close.swift @@ -0,0 +1,43 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension Pipe { + /// Close both sides of the pipe. + public func close() throws { + var err: Swift.Error? + do { + try self.fileHandleForReading.close() + } catch { + err = error + } + try self.fileHandleForWriting.close() + if let err { + throw err + } + } + + /// Ensure that both sides of the pipe are set with O_CLOEXEC. + public func setCloexec() throws { + if fcntl(self.fileHandleForWriting.fileDescriptor, F_SETFD, FD_CLOEXEC) == -1 { + throw POSIXError(.init(rawValue: errno)!) + } + if fcntl(self.fileHandleForReading.fileDescriptor, F_SETFD, FD_CLOEXEC) == -1 { + throw POSIXError(.init(rawValue: errno)!) + } + } +} diff --git a/Sources/ContainerizationOS/README.md b/Sources/ContainerizationOS/README.md new file mode 100644 index 0000000..7027797 --- /dev/null +++ b/Sources/ContainerizationOS/README.md @@ -0,0 +1,3 @@ +## OS + +This target contains general useful OS related definitions or wrappers. \ No newline at end of file diff --git a/Sources/ContainerizationOS/Reaper.swift b/Sources/ContainerizationOS/Reaper.swift new file mode 100644 index 0000000..84a31db --- /dev/null +++ b/Sources/ContainerizationOS/Reaper.swift @@ -0,0 +1,60 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#endif +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// A process reaper that returns exited processes along +/// with their exit status. +public struct Reaper { + /// Process's pid and exit status. + typealias Exit = (pid: Int32, status: Int32) + + /// Reap all pending processes and return the pid and exit status. + public static func reap() -> [Int32: Int32] { + var reaped = [Int32: Int32]() + while true { + guard let exit = wait() else { + return reaped + } + reaped[exit.pid] = exit.status + } + return reaped + } + + /// Returns the exit status of the last process that exited. + /// nil is returned when no pending processes exist. + private static func wait() -> Exit? { + var rus = rusage() + var ws = Int32() + + let pid = wait4(-1, &ws, WNOHANG, &rus) + if pid <= 0 { + return nil + } + return (pid: pid, status: Command.toExitStatus(ws)) + } +} diff --git a/Sources/ContainerizationOS/Socket/BidirectionalRelay.swift b/Sources/ContainerizationOS/Socket/BidirectionalRelay.swift new file mode 100644 index 0000000..649a212 --- /dev/null +++ b/Sources/ContainerizationOS/Socket/BidirectionalRelay.swift @@ -0,0 +1,419 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Dispatch +import Logging +import Synchronization + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#endif + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// Manages bidirectional data relay between two file descriptors using `DispatchSource`. +/// +/// Uses non-blocking I/O with backpressure: when a destination fd's buffer is full, +/// the relay suspends reading from the source and installs a `DispatchSourceWrite` +/// to resume once the destination is writable again. This prevents blocking the +/// dispatch queue and avoids head-of-line blocking across connections. +/// +/// ## Concurrency model +/// +/// The class has two distinct synchronization domains: +/// +/// - **Serial dispatch queue** — owns all I/O state: the `Direction` objects (`d1`, `d2`) +/// and their read buffers (`buf1`, `buf2`). Every event handler, cancel handler, and +/// `stop()` call runs on this queue. No locks are needed for that state because the +/// queue is the exclusive executor. Fields in this domain are marked `nonisolated(unsafe)`. +/// +/// - **Mutexes** — protect the two pieces of state that cross the queue boundary: +/// `activeDirections` (written by `start()`, which may run off-queue) and +/// `completionState` (read by `waitForCompletion()` from any async context). +public final class BidirectionalRelay: Sendable { + private let fd1: Int32 + private let fd2: Int32 + private let log: Logger? + private let queue: DispatchQueue + private static let queueKey = DispatchSpecificKey() + + /// Owns one direction of the relay: its read source, optional write source, and + /// any data buffered due to backpressure. + /// + /// All methods must be called only from the relay's serial dispatch queue. + private final class Direction { + var readSource: DispatchSourceRead? + var writeSource: DispatchSourceWrite? + var pendingData: [UInt8] = [] + var pendingOffset: Int = 0 + private var readSuspended = false + + func suspendRead() { + guard let src = readSource, !src.isCancelled, !readSuspended else { return } + readSuspended = true + src.suspend() + } + + func resumeRead() { + guard let src = readSource, !src.isCancelled, readSuspended else { return } + readSuspended = false + src.resume() + } + + /// Resumes the read source before cancelling it if it is suspended. + /// GCD does not deliver a cancel handler for a suspended source until it is resumed. + func cancelRead() { + guard let src = readSource, !src.isCancelled else { return } + if readSuspended { + readSuspended = false + src.resume() + } + src.cancel() + } + } + + private enum CompletionState { + case pending + case waiting(CheckedContinuation) + case completed + } + + private enum CopyResult { + case ok + case blocked + case eof + } + + // Queue-owned state. Written by start() before activate(), so all subsequent + // accesses from event/cancel handlers observe the initialized values without + // additional synchronization. nonisolated(unsafe) declares that we are taking + // responsibility for this; the serial queue is the enforcing mechanism. + private nonisolated(unsafe) let d1 = Direction() // fd1 → fd2 + private nonisolated(unsafe) let d2 = Direction() // fd2 → fd1 + private nonisolated(unsafe) let buf1: UnsafeMutableBufferPointer + private nonisolated(unsafe) let buf2: UnsafeMutableBufferPointer + + // Counts active read sources. Set to 2 in start() (possibly off-queue) and + // decremented in cancel handlers (always on the queue). The Mutex provides the + // cross-thread visibility guarantee for the initial write from start(). Whichever + // cancel handler drives the count to zero calls closeBothFds() exactly once — + // no cross-source isCancelled checks, no possibility of double-close. + private let activeDirections: Mutex + + // May be read from any async context (waitForCompletion) and written from the + // queue (closeBothFds), so it needs a Mutex rather than queue-only protection. + private let completionState: Mutex + + /// Creates a new bidirectional relay between two file descriptors. + /// + /// - Parameters: + /// - fd1: The first file descriptor. + /// - fd2: The second file descriptor. + /// - queue: The dispatch queue to use for I/O operations. If nil, a new queue is created. + /// - log: The optional logger for debugging. + public init( + fd1: Int32, + fd2: Int32, + queue: DispatchQueue? = nil, + log: Logger? = nil + ) { + self.fd1 = fd1 + self.fd2 = fd2 + self.queue = queue ?? DispatchQueue(label: "com.apple.containerization.bidirectional-relay") + self.queue.setSpecific(key: Self.queueKey, value: ()) + self.log = log + self.activeDirections = Mutex(0) + self.completionState = Mutex(.pending) + + let pageSize = Int(getpagesize()) + self.buf1 = UnsafeMutableBufferPointer.allocate(capacity: pageSize) + self.buf2 = UnsafeMutableBufferPointer.allocate(capacity: pageSize) + } + + deinit { + buf1.deallocate() + buf2.deallocate() + } + + private static func setNonBlocking(_ fd: Int32) throws { + let flags = fcntl(fd, F_GETFL) + guard flags != -1 else { + throw ContainerizationError( + .internalError, + message: "fcntl F_GETFL failed on fd \(fd): errno \(errno)" + ) + } + guard fcntl(fd, F_SETFL, flags | O_NONBLOCK) != -1 else { + throw ContainerizationError( + .internalError, + message: "fcntl F_SETFL O_NONBLOCK failed on fd \(fd): errno \(errno)" + ) + } + } + + /// Starts the bidirectional relay to copy data between fd1 and fd2. + public func start() throws { + try Self.setNonBlocking(fd1) + try Self.setNonBlocking(fd2) + + let src1 = DispatchSource.makeReadSource(fileDescriptor: fd1, queue: queue) + let src2 = DispatchSource.makeReadSource(fileDescriptor: fd2, queue: queue) + d1.readSource = src1 + d2.readSource = src2 + activeDirections.withLock { $0 = 2 } + + src1.setEventHandler { [self] in handleRead(d1, from: fd1, to: fd2, buffer: buf1) } + src2.setEventHandler { [self] in handleRead(d2, from: fd2, to: fd1, buffer: buf2) } + + src1.setCancelHandler { [self] in + d1.writeSource?.cancel() + d1.writeSource = nil + directionFinished() + } + src2.setCancelHandler { [self] in + d2.writeSource?.cancel() + d2.writeSource = nil + directionFinished() + } + + src1.activate() + src2.activate() + } + + /// Stops the relay and closes both file descriptors. + public func stop() { + runOnQueue { + d1.cancelRead() + d2.cancelRead() + } + } + + /// Waits for the relay to complete. + public func waitForCompletion() async { + await withCheckedContinuation { c in + completionState.withLock { state in + switch state { + case .pending: + state = .waiting(c) + case .waiting: + fatalError("waitForCompletion called multiple times") + case .completed: + c.resume() + } + } + } + } + + private func runOnQueue(_ work: () -> Void) { + if DispatchQueue.getSpecific(key: Self.queueKey) != nil { + work() + } else { + queue.sync(execute: work) + } + } + + private func directionFinished() { + let remaining = activeDirections.withLock { count -> Int in + count -= 1 + return count + } + if remaining == 0 { + closeBothFds() + } + } + + private func handleRead( + _ dir: Direction, + from srcFd: Int32, + to dstFd: Int32, + buffer: UnsafeMutableBufferPointer + ) { + do { + switch try Self.copy(buffer: buffer, from: srcFd, to: dstFd, direction: dir) { + case .ok: + break + + case .eof: + log?.debug( + "source EOF", + metadata: ["sourceFd": "\(srcFd)", "destinationFd": "\(dstFd)"] + ) + dir.cancelRead() + if shutdown(dstFd, Int32(SHUT_WR)) != 0 { + log?.debug( + "shutdown(SHUT_WR) failed", + metadata: ["fd": "\(dstFd)", "errno": "\(errno)"] + ) + } + + case .blocked: + log?.debug( + "write blocked, applying backpressure", + metadata: [ + "sourceFd": "\(srcFd)", + "destinationFd": "\(dstFd)", + "pendingBytes": "\(dir.pendingData.count)", + ] + ) + dir.suspendRead() + installWriteSource(for: dir, from: srcFd, to: dstFd) + } + } catch { + log?.warning( + "I/O error", + metadata: [ + "sourceFd": "\(srcFd)", + "destinationFd": "\(dstFd)", + "error": "\(error)", + ] + ) + dir.cancelRead() + if shutdown(dstFd, Int32(SHUT_RDWR)) != 0 { + log?.warning( + "shutdown(SHUT_RDWR) failed", + metadata: ["fd": "\(dstFd)", "errno": "\(errno)"] + ) + } + } + } + + private func installWriteSource(for dir: Direction, from srcFd: Int32, to dstFd: Int32) { + let ws = DispatchSource.makeWriteSource(fileDescriptor: dstFd, queue: queue) + dir.writeSource = ws + ws.setEventHandler { [self] in drainPending(dir: dir, from: srcFd, to: dstFd) } + // No cancel handler: clearing pendingData from a cancel handler would race with + // a newly installed write source if drainPending completes and the read source + // immediately produces another blocked write, installing a fresh write source + // before the old cancel handler fires. pendingData is cleared explicitly by + // drainPending on success, and freed with Direction when the relay is torn down. + ws.activate() + } + + private func drainPending(dir: Direction, from srcFd: Int32, to dstFd: Int32) { + let remaining = dir.pendingData.count - dir.pendingOffset + guard remaining > 0 else { return } + + let n = dir.pendingData.withUnsafeBufferPointer { buf in + write(dstFd, buf.baseAddress!.advanced(by: dir.pendingOffset), remaining) + } + + if n > 0 { + dir.pendingOffset += n + if dir.pendingOffset >= dir.pendingData.count { + dir.writeSource?.cancel() + dir.writeSource = nil + dir.pendingData = [] + dir.pendingOffset = 0 + log?.debug( + "backpressure relieved, resuming reads", + metadata: ["sourceFd": "\(srcFd)", "destinationFd": "\(dstFd)"] + ) + dir.resumeRead() + } + } else if n == -1 && errno == EAGAIN { + // Spurious write-ready notification; wait for the next one. + } else { + log?.warning( + "write error during pending drain", + metadata: ["destinationFd": "\(dstFd)", "errno": "\(errno)"] + ) + dir.writeSource?.cancel() + dir.writeSource = nil + dir.cancelRead() + if shutdown(dstFd, Int32(SHUT_RDWR)) != 0 { + log?.warning( + "shutdown(SHUT_RDWR) failed after drain error", + metadata: ["fd": "\(dstFd)", "errno": "\(errno)"] + ) + } + } + } + + /// Drains srcFd into dstFd in a loop until EAGAIN/EWOULDBLOCK or EOF. + /// + /// Looping until EAGAIN is required on Linux: libdispatch uses FIONREAD to decide + /// whether to fire the read event, so when the only remaining readable condition is + /// EOF (FIONREAD == 0), the event is suppressed. Reading in a loop here ensures we + /// observe read() == 0 on the same handler invocation that drained the last bytes. + private static func copy( + buffer: UnsafeMutableBufferPointer, + from srcFd: Int32, + to dstFd: Int32, + direction: Direction + ) throws -> CopyResult { + guard let base = buffer.baseAddress else { + throw ContainerizationError(.invalidState, message: "buffer has no base address") + } + + readLoop: while true { + let nr = read(srcFd, base, buffer.count) + if nr == 0 { return .eof } + if nr < 0 { + if errno == EAGAIN || errno == EWOULDBLOCK { return .ok } + if errno == EINTR { continue readLoop } + throw ContainerizationError( + .internalError, + message: "read failed: fd \(srcFd), errno \(errno)" + ) + } + + var offset = 0 + while offset < nr { + let nw = write(dstFd, base.advanced(by: offset), nr - offset) + if nw > 0 { + offset += nw + } else if nw < 0 { + if errno == EINTR { continue } + if errno == EAGAIN || errno == EWOULDBLOCK { + direction.pendingData = Array( + UnsafeBufferPointer(start: base.advanced(by: offset), count: nr - offset) + ) + direction.pendingOffset = 0 + return .blocked + } + throw ContainerizationError( + .internalError, + message: "write failed: fd \(dstFd), errno \(errno)" + ) + } else { + throw ContainerizationError( + .internalError, + message: "zero-byte write on fd \(dstFd)" + ) + } + } + } + } + + private func closeBothFds() { + log?.debug("closing fds", metadata: ["fd1": "\(fd1)", "fd2": "\(fd2)"]) + close(fd1) + close(fd2) + completionState.withLock { state in + if case .waiting(let c) = state { c.resume() } + state = .completed + } + } +} diff --git a/Sources/ContainerizationOS/Socket/Socket.swift b/Sources/ContainerizationOS/Socket/Socket.swift new file mode 100644 index 0000000..3c97d3b --- /dev/null +++ b/Sources/ContainerizationOS/Socket/Socket.swift @@ -0,0 +1,494 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CShim +import Foundation +import Synchronization + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#else +#error("Socket not supported on this platform.") +#endif + +#if !os(Windows) +let sysFchmod = fchmod +let sysRead = read +let sysUnlink = unlink +let sysSend = send +let sysClose = close +let sysShutdown = shutdown +let sysBind = bind +let sysSocket = socket +let sysSetsockopt = setsockopt +let sysGetsockopt = getsockopt +let sysListen = listen +let sysAccept = accept +let sysConnect = connect +let sysIoctl: @convention(c) (CInt, CUnsignedLong, UnsafeMutableRawPointer) -> CInt = ioctl +let sysRecvmsg = recvmsg +#endif + +/// Thread-safe socket wrapper. +public final class Socket: Sendable { + public enum TimeoutOption { + case send + case receive + } + + public enum ShutdownOption { + case read + case write + case readWrite + } + + private enum SocketState { + case created + case connected + case listening + } + + private struct State { + let socketState: SocketState + let handle: FileHandle? + let type: SocketType + let acceptSource: DispatchSourceRead? + } + + private let _closeOnDeinit: Bool + private let _queue: DispatchQueue + + private let state: Mutex + + public var fileDescriptor: Int32 { + guard let handle = state.withLock({ $0.handle }) else { + return -1 + } + return handle.fileDescriptor + } + + public convenience init(type: SocketType, closeOnDeinit: Bool = true) throws { + let sockFD = sysSocket(type.domain, type.type, 0) + if sockFD < 0 { + throw SocketError.withErrno("failed to create socket: \(sockFD)", errno: errno) + } + self.init(fd: sockFD, type: type, closeOnDeinit: closeOnDeinit) + } + + init(fd: Int32, type: SocketType, closeOnDeinit: Bool) { + _queue = DispatchQueue(label: "com.apple.containerization.socket") + _closeOnDeinit = closeOnDeinit + let state = State( + socketState: .created, + handle: FileHandle(fileDescriptor: fd, closeOnDealloc: false), + type: type, + acceptSource: nil + ) + self.state = Mutex(state) + } + + /// Internal initializer for wrapping already-connected file descriptors (e.g., from socketpair) + /// Ideally we just get rid of the state machine in this class. Not sure how much value it provides.. + init(fd: Int32, type: SocketType, closeOnDeinit: Bool, connected: Bool) { + _queue = DispatchQueue(label: "com.apple.containerization.socket") + _closeOnDeinit = closeOnDeinit + let state = State( + socketState: connected ? .connected : .created, + handle: FileHandle(fileDescriptor: fd, closeOnDealloc: false), + type: type, + acceptSource: nil + ) + self.state = Mutex(state) + } + + deinit { + if _closeOnDeinit { + try? close() + } + } +} + +extension Socket { + static func errnoToError(msg: String) -> SocketError { + SocketError.withErrno("\(msg) (\(_errnoString(errno)))", errno: errno) + } + + public func connect() throws { + try state.withLock { currentState in + guard currentState.socketState == .created else { + throw SocketError.invalidOperationOnSocket("connect") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + + var res: Int32 = 0 + try currentState.type.withSockAddr { (ptr, length) in + res = Syscall.retrying { + sysConnect(handle.fileDescriptor, ptr, length) + } + } + + if res == -1 { + throw Socket.errnoToError(msg: "could not connect to socket \(currentState.type)") + } + + currentState = State( + socketState: .connected, + handle: handle, + type: currentState.type, + acceptSource: currentState.acceptSource + ) + } + } + + public func listen() throws { + try state.withLock { currentState in + guard currentState.socketState == .created else { + throw SocketError.invalidOperationOnSocket("listen") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + + try currentState.type.beforeBind(fd: handle.fileDescriptor) + + var rc: Int32 = 0 + try currentState.type.withSockAddr { (ptr, length) in + rc = sysBind(handle.fileDescriptor, ptr, length) + } + + if rc < 0 { + throw Socket.errnoToError(msg: "could not bind to \(currentState.type)") + } + + try currentState.type.beforeListen(fd: handle.fileDescriptor) + + if sysListen(handle.fileDescriptor, SOMAXCONN) < 0 { + throw Socket.errnoToError(msg: "listen failed on \(currentState.type)") + } + + currentState = State( + socketState: .listening, + handle: handle, + type: currentState.type, + acceptSource: currentState.acceptSource + ) + } + } + + public func close() throws { + try state.withLock { currentState in + guard let handle = currentState.handle else { + // Already closed. + return + } + + let acceptSource = currentState.acceptSource + + acceptSource?.cancel() + try handle.close() + + currentState = State( + socketState: currentState.socketState, + handle: nil, + type: currentState.type, + acceptSource: nil + ) + } + } + + public func write(data: any DataProtocol) throws -> Int { + let handle = try state.withLock { currentState in + guard currentState.socketState == .connected else { + throw SocketError.invalidOperationOnSocket("write") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + return handle + } + + if data.isEmpty { + return 0 + } + + try handle.write(contentsOf: data) + return data.count + } + + public func acceptStream(closeOnDeinit: Bool = true) throws -> AsyncThrowingStream { + let source = try state.withLock { currentState -> DispatchSourceRead in + guard currentState.socketState == .listening else { + throw SocketError.invalidOperationOnSocket("accept") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + guard currentState.acceptSource == nil else { + throw SocketError.acceptStreamExists + } + + let source = DispatchSource.makeReadSource( + fileDescriptor: handle.fileDescriptor, + queue: _queue + ) + + currentState = State( + socketState: currentState.socketState, + handle: handle, + type: currentState.type, + acceptSource: source + ) + + return source + } + + return AsyncThrowingStream { cont in + source.setCancelHandler { + cont.finish() + } + source.setEventHandler(handler: { + if source.data == 0 { + source.cancel() + return + } + + do { + let connection = try self.accept(closeOnDeinit: closeOnDeinit) + cont.yield(connection) + } catch SocketError.closed { + source.cancel() + } catch { + cont.yield(with: .failure(error)) + source.cancel() + } + }) + source.activate() + } + } + + public func accept(closeOnDeinit: Bool = true) throws -> Socket { + let (handle, socketType) = try state.withLock { currentState in + guard currentState.socketState == .listening else { + throw SocketError.invalidOperationOnSocket("accept") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + return (handle, currentState.type) + } + + let (clientFD, newSocketType) = try socketType.accept(fd: handle.fileDescriptor) + return Socket( + fd: clientFD, + type: newSocketType, + closeOnDeinit: closeOnDeinit, + connected: true + ) + } + + /// Receive a file descriptor via SCM_RIGHTS control message. + /// This is commonly used for passing file descriptors between processes via Unix domain sockets. + public func receiveFileDescriptor() throws -> Int32 { + let handle = try state.withLock { currentState in + guard currentState.socketState == .connected else { + throw SocketError.invalidOperationOnSocket("receiveFileDescriptor") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + return handle + } + + var msg = msghdr() + var iov = iovec() + var buf: UInt8 = 0 + + iov.iov_base = withUnsafeMutablePointer(to: &buf) { UnsafeMutableRawPointer($0) } + iov.iov_len = 1 + + msg.msg_iov = withUnsafeMutablePointer(to: &iov) { $0 } + msg.msg_iovlen = 1 + + var cmsgBuf = [UInt8](repeating: 0, count: Int(CZ_CMSG_SPACE(Int(MemoryLayout.size)))) + msg.msg_control = withUnsafeMutablePointer(to: &cmsgBuf[0]) { UnsafeMutableRawPointer($0) } + msg.msg_controllen = numericCast(cmsgBuf.count) + + let recvResult = withUnsafeMutablePointer(to: &msg) { msgPtr in + sysRecvmsg(handle.fileDescriptor, msgPtr, 0) + } + + guard recvResult >= 0 else { + throw Socket.errnoToError(msg: "recvmsg failed") + } + + // Extract file descriptor from control message + let cmsgPtr = withUnsafeMutablePointer(to: &msg) { CZ_CMSG_FIRSTHDR($0) } + guard let cmsg = cmsgPtr else { + throw SocketError.invalidFileDescriptor + } + + guard cmsg.pointee.cmsg_level == SOL_SOCKET, + cmsg.pointee.cmsg_type == SCM_RIGHTS + else { + throw SocketError.invalidFileDescriptor + } + + guard let dataPtr = CZ_CMSG_DATA(cmsg) else { + throw SocketError.invalidFileDescriptor + } + + let fdPtr = dataPtr.assumingMemoryBound(to: Int32.self) + let fd = fdPtr.pointee + guard fd >= 0 else { + throw SocketError.invalidFileDescriptor + } + + return fd + } + + public func read(buffer: inout Data) throws -> Int { + let handle = try state.withLock { currentState in + guard currentState.socketState == .connected else { + throw SocketError.invalidOperationOnSocket("read") + } + guard let handle = currentState.handle else { + throw SocketError.closed + } + return handle + } + + var bytesRead = 0 + let bufferSize = buffer.count + try buffer.withUnsafeMutableBytes { pointer in + guard let baseAddress = pointer.baseAddress else { + throw SocketError.missingBaseAddress + } + + bytesRead = Syscall.retrying { + sysRead(handle.fileDescriptor, baseAddress, bufferSize) + } + if bytesRead < 0 { + throw Socket.errnoToError(msg: "error reading from connection") + } else if bytesRead == 0 { + throw SocketError.closed + } + } + return bytesRead + } + + public func shutdown(how: ShutdownOption) throws { + let handle = try state.withLock { currentState in + guard let handle = currentState.handle else { + throw SocketError.closed + } + return handle + } + + var howOpt: Int32 = 0 + switch how { + case .read: + howOpt = Int32(SHUT_RD) + case .write: + howOpt = Int32(SHUT_WR) + case .readWrite: + howOpt = Int32(SHUT_RDWR) + } + + if sysShutdown(handle.fileDescriptor, howOpt) < 0 { + throw Socket.errnoToError(msg: "shutdown failed") + } + } + + public func setSockOpt(sockOpt: Int32 = 0, ptr: UnsafeRawPointer, stride: UInt32) throws { + let handle = try state.withLock { currentState in + guard let handle = currentState.handle else { + throw SocketError.closed + } + return handle + } + + if setsockopt(handle.fileDescriptor, SOL_SOCKET, sockOpt, ptr, stride) < 0 { + throw Socket.errnoToError(msg: "failed to set sockopt") + } + } + + public func setTimeout(option: TimeoutOption, seconds: Int) throws { + let handle = try state.withLock { currentState in + guard let handle = currentState.handle else { + throw SocketError.closed + } + return handle + } + + var sockOpt: Int32 = 0 + switch option { + case .receive: + sockOpt = SO_RCVTIMEO + case .send: + sockOpt = SO_SNDTIMEO + } + + var timer = timeval() + timer.tv_sec = seconds + timer.tv_usec = 0 + + if setsockopt( + handle.fileDescriptor, + SOL_SOCKET, + sockOpt, + &timer, + socklen_t(MemoryLayout.size) + ) < 0 { + throw Socket.errnoToError(msg: "failed to set read timeout") + } + } + + static func _errnoString(_ err: Int32?) -> String { + String(validatingCString: strerror(errno)) ?? "error: \(errno)" + } +} + +public enum SocketError: Error, Equatable, CustomStringConvertible { + case closed + case acceptStreamExists + case invalidOperationOnSocket(String) + case missingBaseAddress + case withErrno(_ msg: String, errno: Int32) + case invalidFileDescriptor + + public var description: String { + switch self { + case .closed: + return "socket: closed" + case .acceptStreamExists: + return "accept stream already exists" + case .invalidOperationOnSocket(let operation): + return "socket: invalid operation on socket '\(operation)'" + case .missingBaseAddress: + return "socket: missing base address" + case .withErrno(let msg, _): + return "socket: error \(msg)" + case .invalidFileDescriptor: + return "socket: invalid file descriptor received" + } + } +} diff --git a/Sources/ContainerizationOS/Socket/SocketType.swift b/Sources/ContainerizationOS/Socket/SocketType.swift new file mode 100644 index 0000000..acc05f6 --- /dev/null +++ b/Sources/ContainerizationOS/Socket/SocketType.swift @@ -0,0 +1,48 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#else +#error("SocketType not supported on this platform.") +#endif + +/// Protocol used to describe the family of socket to be created with `Socket`. +public protocol SocketType: Sendable, CustomStringConvertible { + /// The domain for the socket (AF_UNIX, AF_VSOCK etc.) + var domain: Int32 { get } + /// The type of socket (SOCK_STREAM). + var type: Int32 { get } + + /// Actions to perform before calling bind(2). + func beforeBind(fd: Int32) throws + /// Actions to perform before calling listen(2). + func beforeListen(fd: Int32) throws + + /// Handle accept(2) for an implementation of a socket type. + func accept(fd: Int32) throws -> (Int32, SocketType) + /// Provide a sockaddr pointer (by casting a socket specific type like sockaddr_un for example). + func withSockAddr(_ closure: (_ ptr: UnsafePointer, _ len: UInt32) throws -> Void) throws +} + +extension SocketType { + public func beforeBind(fd: Int32) {} + public func beforeListen(fd: Int32) {} +} diff --git a/Sources/ContainerizationOS/Socket/UnixType.swift b/Sources/ContainerizationOS/Socket/UnixType.swift new file mode 100644 index 0000000..b05fb77 --- /dev/null +++ b/Sources/ContainerizationOS/Socket/UnixType.swift @@ -0,0 +1,160 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Musl) +import Musl +let _SOCK_STREAM = SOCK_STREAM +#elseif canImport(Glibc) +import Glibc +let _SOCK_STREAM = Int32(SOCK_STREAM.rawValue) +#elseif canImport(Darwin) +import Darwin +let _SOCK_STREAM = SOCK_STREAM +#else +#error("UnixType not supported on this platform.") +#endif + +/// Unix domain socket variant of `SocketType`. +public struct UnixType: SocketType, Sendable, CustomStringConvertible { + public var domain: Int32 { AF_UNIX } + public var type: Int32 { _SOCK_STREAM } + public var description: String { + path + } + + public let path: String + public let perms: mode_t? + private let _addr: sockaddr_un + private let _unlinkExisting: Bool + + private init(sockaddr: sockaddr_un) { + let pathname: String = withUnsafePointer(to: sockaddr.sun_path) { ptr in + let charPtr = UnsafeRawPointer(ptr).assumingMemoryBound(to: CChar.self) + return String(cString: charPtr) + } + self._addr = sockaddr + self.path = pathname + self._unlinkExisting = false + self.perms = nil + } + + /// Mode and unlinkExisting only used if the socket is going to be a listening socket. + public init( + path: String, + perms: mode_t? = nil, + unlinkExisting: Bool = false + ) throws { + self.path = path + self.perms = perms + self._unlinkExisting = unlinkExisting + var addr = sockaddr_un() + addr.sun_family = sa_family_t(AF_UNIX) + + let socketName = path + let nameLength = socketName.utf8.count + + #if os(macOS) + // Funnily enough, this isn't limited by sun path on macOS even though + // it's stated as so. + let lengthLimit = 253 + #elseif os(Linux) + let lengthLimit = MemoryLayout.size(ofValue: addr.sun_path) + #endif + + guard nameLength < lengthLimit else { + throw Error.nameTooLong(path) + } + + _ = withUnsafeMutablePointer(to: &addr.sun_path.0) { ptr in + socketName.withCString { strncpy(ptr, $0, nameLength) } + } + + #if os(macOS) + addr.sun_len = UInt8(MemoryLayout.size + MemoryLayout.size + socketName.utf8.count + 1) + #endif + self._addr = addr + } + + public func accept(fd: Int32) throws -> (Int32, SocketType) { + var clientFD: Int32 = -1 + var addr = sockaddr_un() + + clientFD = Syscall.retrying { + var size = socklen_t(MemoryLayout.stride) + return withUnsafeMutablePointer(to: &addr) { pointer in + pointer.withMemoryRebound(to: sockaddr.self, capacity: 1) { pointer in + sysAccept(fd, pointer, &size) + } + } + } + if clientFD < 0 { + throw Socket.errnoToError(msg: "accept failed") + } + + return (clientFD, UnixType(sockaddr: addr)) + } + + public func beforeBind(fd: Int32) throws { + #if os(Linux) + // Only Linux supports setting the mode of a socket before binding. + if let perms = self.perms { + guard fchmod(fd, perms) == 0 else { + throw Socket.errnoToError(msg: "fchmod failed") + } + } + #endif + + var rc: Int32 = 0 + if self._unlinkExisting { + rc = sysUnlink(self.path) + if rc != 0 && errno != ENOENT { + throw Socket.errnoToError(msg: "failed to remove old socket at \(self.path)") + } + } + } + + public func beforeListen(fd: Int32) throws { + #if os(macOS) + if let perms = self.perms { + guard chmod(self.path, perms) == 0 else { + throw Socket.errnoToError(msg: "chmod failed") + } + } + #endif + } + + public func withSockAddr(_ closure: (UnsafePointer, UInt32) throws -> Void) throws { + var addr = self._addr + try withUnsafePointer(to: &addr) { + let addrBytes = UnsafeRawPointer($0).assumingMemoryBound(to: sockaddr.self) + try closure(addrBytes, UInt32(MemoryLayout.stride)) + } + } +} + +extension UnixType { + /// `UnixType` errors. + public enum Error: Swift.Error, CustomStringConvertible { + case nameTooLong(_: String) + + public var description: String { + switch self { + case .nameTooLong(let name): + return "\(name) is too long for a Unix Domain Socket path" + } + } + } +} diff --git a/Sources/ContainerizationOS/Socket/VsockType.swift b/Sources/ContainerizationOS/Socket/VsockType.swift new file mode 100644 index 0000000..f819881 --- /dev/null +++ b/Sources/ContainerizationOS/Socket/VsockType.swift @@ -0,0 +1,108 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CShim + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#else +#error("VsockType not supported on this platform.") +#endif + +/// Vsock variant of `SocketType`. +public struct VsockType: SocketType, Sendable { + public var domain: Int32 { AF_VSOCK } + public var type: Int32 { _SOCK_STREAM } + public var description: String { + "\(cid):\(port)" + } + + public static let anyCID: UInt32 = UInt32(bitPattern: -1) + public static let hypervisorCID: UInt32 = 0x0 + // Supported on Linux 5.6+; otherwise, will need to use getLocalCID(). + public static let localCID: UInt32 = 0x1 + public static let hostCID: UInt32 = 0x2 + + // socketFD is unused on Linux. + public static func getLocalCID(socketFD: Int32) throws -> UInt32 { + let request = VsockLocalCIDIoctl + #if os(Linux) + let fd = open("/dev/vsock", O_RDONLY | O_CLOEXEC) + if fd == -1 { + throw Socket.errnoToError(msg: "failed to open /dev/vsock") + } + defer { close(fd) } + #else + let fd = socketFD + #endif + var cid: UInt32 = 0 + guard sysIoctl(fd, numericCast(request), &cid) != -1 else { + throw Socket.errnoToError(msg: "failed to get local cid") + } + return cid + } + + public let port: UInt32 + public let cid: UInt32 + + private let _addr: sockaddr_vm + + public init(port: UInt32, cid: UInt32) { + self.cid = cid + self.port = port + var sockaddr = sockaddr_vm() + sockaddr.svm_family = sa_family_t(AF_VSOCK) + sockaddr.svm_cid = cid + sockaddr.svm_port = port + self._addr = sockaddr + } + + private init(sockaddr: sockaddr_vm) { + self._addr = sockaddr + self.cid = sockaddr.svm_cid + self.port = sockaddr.svm_port + } + + public func accept(fd: Int32) throws -> (Int32, SocketType) { + var clientFD: Int32 = -1 + var addr = sockaddr_vm() + + while clientFD < 0 { + var size = socklen_t(MemoryLayout.stride) + clientFD = withUnsafeMutablePointer(to: &addr) { pointer in + pointer.withMemoryRebound(to: sockaddr.self, capacity: 1) { pointer in + sysAccept(fd, pointer, &size) + } + } + if clientFD < 0 && errno != EINTR { + throw Socket.errnoToError(msg: "accept failed") + } + } + return (clientFD, VsockType(sockaddr: addr)) + } + + public func withSockAddr(_ closure: (UnsafePointer, UInt32) throws -> Void) throws { + var addr = self._addr + try withUnsafePointer(to: &addr) { + let addrBytes = UnsafeRawPointer($0).assumingMemoryBound(to: sockaddr.self) + try closure(addrBytes, UInt32(MemoryLayout.stride)) + } + } +} diff --git a/Sources/ContainerizationOS/Stat.swift b/Sources/ContainerizationOS/Stat.swift new file mode 100644 index 0000000..df9590a --- /dev/null +++ b/Sources/ContainerizationOS/Stat.swift @@ -0,0 +1,88 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A timestamp with second and nanosecond precision. +public struct TimeSpec: Sendable, Hashable { + /// Seconds since the Unix epoch. + public var seconds: Int64 + /// Nanoseconds past the second. + public var nanoseconds: Int32 + + public init(seconds: Int64, nanoseconds: Int32) { + self.seconds = seconds + self.nanoseconds = nanoseconds + } +} + +/// File metadata returned by a `stat` call. +public struct Stat: Sendable, Hashable { + /// ID of device containing file (`st_dev`). + public var dev: UInt64 + /// Inode number (`st_ino`). + public var ino: UInt64 + /// File type and mode (`st_mode`). + public var mode: UInt32 + /// Number of hard links (`st_nlink`). + public var nlink: UInt64 + /// User ID of owner (`st_uid`). + public var uid: UInt32 + /// Group ID of owner (`st_gid`). + public var gid: UInt32 + /// Device ID, if special file (`st_rdev`). + public var rdev: UInt64 + /// Total size in bytes (`st_size`). + public var size: Int64 + /// Preferred I/O block size (`st_blksize`). + public var blksize: Int64 + /// Number of 512-byte blocks allocated (`st_blocks`). + public var blocks: Int64 + /// Time of last access (`st_atim`). + public var atime: TimeSpec + /// Time of last modification (`st_mtim`). + public var mtime: TimeSpec + /// Time of last status change (`st_ctim`). + public var ctime: TimeSpec + + public init( + dev: UInt64, + ino: UInt64, + mode: UInt32, + nlink: UInt64, + uid: UInt32, + gid: UInt32, + rdev: UInt64, + size: Int64, + blksize: Int64, + blocks: Int64, + atime: TimeSpec, + mtime: TimeSpec, + ctime: TimeSpec + ) { + self.dev = dev + self.ino = ino + self.mode = mode + self.nlink = nlink + self.uid = uid + self.gid = gid + self.rdev = rdev + self.size = size + self.blksize = blksize + self.blocks = blocks + self.atime = atime + self.mtime = mtime + self.ctime = ctime + } +} diff --git a/Sources/ContainerizationOS/Syscall.swift b/Sources/ContainerizationOS/Syscall.swift new file mode 100644 index 0000000..097f314 --- /dev/null +++ b/Sources/ContainerizationOS/Syscall.swift @@ -0,0 +1,39 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#else +#error("retryingSyscall not supported on this platform.") +#endif + +/// Helper type to deal with running system calls. +public struct Syscall { + /// Retry a syscall on EINTR. + public static func retrying(_ closure: () -> T) -> T { + while true { + let res = closure() + if res == -1 && errno == EINTR { + continue + } + return res + } + } +} diff --git a/Sources/ContainerizationOS/Sysctl.swift b/Sources/ContainerizationOS/Sysctl.swift new file mode 100644 index 0000000..7a265f5 --- /dev/null +++ b/Sources/ContainerizationOS/Sysctl.swift @@ -0,0 +1,39 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(Darwin) +import Darwin +#endif +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// Helper type to deal with system control functionalities. +public struct Sysctl { + #if os(macOS) + /// Simple `sysctlbyname` wrapper. + public static func byName(_ name: String) throws -> Int64 { + var num: Int64 = 0 + var size = MemoryLayout.size + if sysctlbyname(name, &num, &size, nil, 0) != 0 { + throw POSIXError.fromErrno() + } + return num + } + #endif +} diff --git a/Sources/ContainerizationOS/Terminal.swift b/Sources/ContainerizationOS/Terminal.swift new file mode 100644 index 0000000..8522b7c --- /dev/null +++ b/Sources/ContainerizationOS/Terminal.swift @@ -0,0 +1,209 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// `Terminal` provides a clean interface to deal with terminal interactions on Unix platforms. +public struct Terminal: Sendable { + private let initState: termios? + + private var descriptor: Int32 { + handle.fileDescriptor + } + public let handle: FileHandle + + public init(descriptor: Int32, setInitState: Bool = true) throws { + if setInitState { + self.initState = try Self.getattr(descriptor) + } else { + initState = nil + } + self.handle = .init(fileDescriptor: descriptor, closeOnDealloc: false) + } + + /// Write the provided data to the tty device. + public func write(_ data: Data) throws { + try handle.write(contentsOf: data) + } + + /// The winsize for a pty. + public struct Size: Sendable { + let size: winsize + + /// The width or `col` of the pty. + public var width: UInt16 { + size.ws_col + } + /// The height or `rows` of the pty. + public var height: UInt16 { + size.ws_row + } + + init(_ size: winsize) { + self.size = size + } + + /// Set the size for use with a pty. + public init(width cols: UInt16, height rows: UInt16) { + self.size = winsize(ws_row: rows, ws_col: cols, ws_xpixel: 0, ws_ypixel: 0) + } + } + + /// Return the current pty attached to any of the STDIO descriptors. + public static var current: Terminal { + get throws { + for i in [STDERR_FILENO, STDOUT_FILENO, STDIN_FILENO] { + do { + return try Terminal(descriptor: i) + } catch {} + } + throw Error.notAPty + } + } + + /// The current window size for the pty. + public var size: Size { + get throws { + var ws = winsize() + try fromSyscall(ioctl(descriptor, UInt(TIOCGWINSZ), &ws)) + return Size(ws) + } + } + + /// Create a new pty pair. + /// - Parameter initialSize: An initial size of the child pty. + public static func create(initialSize: Size? = nil) throws -> (parent: Terminal, child: Terminal) { + var parent: Int32 = 0 + var child: Int32 = 0 + let size = initialSize ?? Size(width: 120, height: 40) + var ws = size.size + + try fromSyscall(openpty(&parent, &child, nil, nil, &ws)) + return ( + parent: try Terminal(descriptor: parent, setInitState: false), + child: try Terminal(descriptor: child, setInitState: false) + ) + } +} + +// MARK: Errors + +extension Terminal { + public enum Error: Swift.Error, CustomStringConvertible { + case notAPty + + public var description: String { + switch self { + case .notAPty: + return "the provided fd is not a pty" + } + } + } +} + +extension Terminal { + /// Resize the current pty from the size of the provided pty. + /// - Parameter pty: A pty to resize from. + public func resize(from pty: Terminal) throws { + var ws = try pty.size + try fromSyscall(ioctl(descriptor, UInt(TIOCSWINSZ), &ws)) + } + + /// Resize the pty to the provided window size. + /// - Parameter size: A window size for a pty. + public func resize(size: Size) throws { + var ws = size.size + try fromSyscall(ioctl(descriptor, UInt(TIOCSWINSZ), &ws)) + } + + /// Resize the pty to the provided window size. + /// - Parameter width: A width or cols of the terminal. + /// - Parameter height: A height or rows of the terminal. + public func resize(width: UInt16, height: UInt16) throws { + var ws = Size(width: width, height: height) + try fromSyscall(ioctl(descriptor, UInt(TIOCSWINSZ), &ws)) + } +} + +extension Terminal { + /// Enable raw mode for the pty. + public func setraw() throws { + var attr = try Self.getattr(descriptor) + cfmakeraw(&attr) + attr.c_oflag = attr.c_oflag | tcflag_t(OPOST) + try fromSyscall(tcsetattr(descriptor, TCSANOW, &attr)) + } + + /// Enable echo support. + /// Chars typed will be displayed to the terminal. + public func enableEcho() throws { + var attr = try Self.getattr(descriptor) + attr.c_iflag &= ~tcflag_t(ICRNL) + attr.c_lflag &= ~tcflag_t(ICANON | ECHO) + try fromSyscall(tcsetattr(descriptor, TCSANOW, &attr)) + } + + /// Disable echo support. + /// Chars typed will not be displayed back to the terminal. + public func disableEcho() throws { + var attr = try Self.getattr(descriptor) + attr.c_lflag &= ~tcflag_t(ECHO) + try fromSyscall(tcsetattr(descriptor, TCSANOW, &attr)) + } + + private static func getattr(_ fd: Int32) throws -> termios { + var attr = termios() + try fromSyscall(tcgetattr(fd, &attr)) + return attr + } +} + +// MARK: Reset + +extension Terminal { + /// Close this pty's file descriptor. + public func close() throws { + do { + // Use FileHandle's close directly as it sets the underlying fd in the object + // to -1 for us. + try self.handle.close() + } catch { + if let error = error as NSError?, error.domain == NSPOSIXErrorDomain { + throw POSIXError(.init(rawValue: Int32(error.code))!) + } + throw error + } + } + + /// Reset the pty to its initial state. + public func reset() throws { + if var attr = initState { + try fromSyscall(tcsetattr(descriptor, TCSANOW, &attr)) + } + } + + /// Reset the pty to its initial state masking any errors. + /// This is commonly used in a `defer` body to reset the current pty where the error code is not generally useful. + public func tryReset() { + try? reset() + } +} + +private func fromSyscall(_ status: Int32) throws { + guard status == 0 else { + throw POSIXError(.init(rawValue: errno)!) + } +} diff --git a/Sources/ContainerizationOS/URL+Extensions.swift b/Sources/ContainerizationOS/URL+Extensions.swift new file mode 100644 index 0000000..a5c6331 --- /dev/null +++ b/Sources/ContainerizationOS/URL+Extensions.swift @@ -0,0 +1,71 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Darwin) +import Darwin +#endif + +/// The `resolvingSymlinksInPath` method of the `URL` struct does not resolve the symlinks +/// for directories under `/private` which include`tmp`, `var` and `etc` +/// hence adding a method to build up on the existing `resolvingSymlinksInPath` that prepends `/private` to those paths +extension URL { + /// returns the unescaped absolutePath of a URL joined by separator + func absolutePath(_ separator: String = "/") -> String { + self.pathComponents + .joined(separator: separator) + .dropFirst("/".count) + .description + } + + public func resolvingSymlinksInPathWithPrivate() -> URL { + let url = self.resolvingSymlinksInPath() + #if os(macOS) + let parts = url.pathComponents + if parts.count > 1 { + if (parts.first == "/") && ["tmp", "var", "etc"].contains(parts[1]) { + var resolved = URL(filePath: "/private") + for part in parts[1...] { + resolved.append(path: part) + } + return resolved + } + } + #endif + return url + } + + public var isDirectory: Bool { + var st = stat() + guard stat(self.path, &st) == 0 else { return false } + return (st.st_mode & S_IFMT) == S_IFDIR + } + + public var isSymlink: Bool { + var st = stat() + guard lstat(self.path, &st) == 0 else { return false } + return (st.st_mode & S_IFMT) == S_IFLNK + } +} diff --git a/Sources/ContainerizationOS/User.swift b/Sources/ContainerizationOS/User.swift new file mode 100644 index 0000000..b76098a --- /dev/null +++ b/Sources/ContainerizationOS/User.swift @@ -0,0 +1,284 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError + +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif + +/// `User` provides utilities to ensure that a given username exists in +/// /etc/passwd (and /etc/group). Largely inspired by runc (and moby's) +/// `user` packages. +public enum User { + public static let passwdFilePath = URL(filePath: "/etc/passwd") + public static let groupFilePath = URL(filePath: "/etc/group") + + private static let minID: UInt32 = 0 + private static let maxID: UInt32 = 2_147_483_647 + + public struct ExecUser: Sendable { + public var uid: UInt32 + public var gid: UInt32 + public var sgids: [UInt32] + public var home: String + public var shell: String + + public init(uid: UInt32, gid: UInt32, sgids: [UInt32], home: String, shell: String) { + self.uid = uid + self.gid = gid + self.sgids = sgids + self.home = home + self.shell = shell + } + } + + public struct User { + public var name: String + public var password: String + public var uid: UInt32 + public var gid: UInt32 + public var gecos: String + public var home: String + public var shell: String + + /// The argument `rawString` must follow the below format. + /// Name:Password:Uid:Gid:Gecos:Home:Shell + init(rawString: String) throws { + let args = rawString.split(separator: ":", omittingEmptySubsequences: false) + guard args.count == 7 else { + throw Error.parseError("cannot parse User from '\(rawString)'") + } + guard let uid = UInt32(args[2]) else { + throw Error.parseError("cannot parse uid from '\(args[2])'") + } + guard let gid = UInt32(args[3]) else { + throw Error.parseError("cannot parse gid from '\(args[3])'") + } + self.name = String(args[0]) + self.password = String(args[1]) + self.uid = uid + self.gid = gid + self.gecos = String(args[4]) + self.home = String(args[5]) + self.shell = String(args[6]) + } + } + + struct Group { + var name: String + var password: String + var gid: UInt32 + var users: [String] + + /// The argument `rawString` must follow the below format. + /// Name:Password:Gid:user1,user2 + init(rawString: String) throws { + let args = rawString.split(separator: ":", omittingEmptySubsequences: false) + guard args.count == 4 else { + throw Error.parseError("cannot parse Group from '\(rawString)'") + } + guard let gid = UInt32(args[2]) else { + throw Error.parseError("cannot parse gid from '\(args[2])'") + } + self.name = String(args[0]) + self.password = String(args[1]) + self.gid = gid + self.users = args[3].split(separator: ",").map { String($0) } + } + } +} + +// MARK: Private methods + +extension User { + private static func parse(file: URL, handler: (_ line: String) throws -> Void) throws { + let fm = FileManager.default + guard fm.fileExists(atPath: file.absolutePath()) else { + throw Error.missingFile(file.absolutePath()) + } + let content = try String(contentsOf: file, encoding: .ascii) + let lines = content.components(separatedBy: .newlines) + for line in lines { + let trimmed = line.trimmingCharacters(in: .whitespaces) + guard !trimmed.isEmpty else { + continue + } + guard !trimmed.hasPrefix("#") else { + continue + } + try handler(trimmed) + } + } + + /// Parse the contents of the passwd file with a provided filter function. + static func parsePasswd(passwdFile: URL, filter: ((User) -> Bool)? = nil) throws -> [User] { + var users: [User] = [] + try self.parse(file: passwdFile) { line in + let user = try User(rawString: line) + if let filter { + guard filter(user) else { + return + } + } + users.append(user) + } + return users + } + + /// Parse the contents of the group file with a provided filter function. + static func parseGroup(groupFile: URL, filter: ((Group) -> Bool)? = nil) throws -> [Group] { + var groups: [Group] = [] + try self.parse(file: groupFile) { line in + let group = try Group(rawString: line) + if let filter { + guard filter(group) else { + return + } + } + groups.append(group) + } + return groups + } +} + +// MARK: Public methods + +extension User { + /// Looks up uid in the password file specified by `passwdPath`. + public static func lookupUid(passwdPath: URL = Self.passwdFilePath, uid: UInt32) throws -> User { + let users = try parsePasswd( + passwdFile: passwdPath, + filter: { u in + u.uid == uid + }) + if users.count == 0 { + throw Error.noPasswdEntries + } + return users[0] + } + + /// Parses a user string in any of the following formats: + /// "user, uid, user:group, uid:gid, uid:group, user:gid" + /// and returns an ExecUser type from the information. + public static func getExecUser( + userString: String, + defaults: ExecUser? = nil, + passwdPath: URL = Self.passwdFilePath, + groupPath: URL = Self.groupFilePath + ) throws -> ExecUser { + let defaults = defaults ?? ExecUser(uid: 0, gid: 0, sgids: [], home: "/", shell: "") + + var user = ExecUser( + uid: defaults.uid, + gid: defaults.gid, + sgids: defaults.sgids, + home: defaults.home, + shell: defaults.shell + ) + + let parts = userString.split( + separator: ":", + maxSplits: 1, + omittingEmptySubsequences: false + ) + let userArg = parts.isEmpty ? "" : String(parts[0]) + let groupArg = parts.count > 1 ? String(parts[1]) : "" + + let uidArg = UInt32(userArg) + let notUID = uidArg == nil + let gidArg = UInt32(groupArg) + let notGID = gidArg == nil + + let users: [User] + do { + users = try parsePasswd(passwdFile: passwdPath) { u in + if userArg.isEmpty { + return u.uid == user.uid + } + if !notUID { + return uidArg! == u.uid + } + return u.name == userArg + } + } catch Error.missingFile { + users = [] + } + + var matchedUserName = "" + if !users.isEmpty { + let matchedUser = users[0] + matchedUserName = matchedUser.name + user.uid = matchedUser.uid + user.gid = matchedUser.gid + user.home = matchedUser.home + user.shell = matchedUser.shell + } else if !userArg.isEmpty { + if notUID { + throw Error.noPasswdEntries + } + + user.uid = uidArg! + if user.uid < minID || user.uid > maxID { + throw Error.range + } + } + + if !groupArg.isEmpty || !matchedUserName.isEmpty { + let groups: [Group] + do { + groups = try parseGroup(groupFile: groupPath) { g in + if groupArg.isEmpty { + return g.users.contains(matchedUserName) + } + if !notGID { + return gidArg! == g.gid + } + return g.name == groupArg + } + } catch Error.missingFile { + groups = [] + } + + if !groupArg.isEmpty { + if !groups.isEmpty { + user.gid = groups[0].gid + } else { + if notGID { + throw Error.noGroupEntries + } + + user.gid = gidArg! + if user.gid < minID || user.gid > maxID { + throw Error.range + } + } + } + user.sgids = groups.map { $0.gid } + } + return user + } + + public enum Error: Swift.Error { + case missingFile(String) + case range + case noPasswdEntries + case noGroupEntries + case parseError(String) + } +} diff --git a/Sources/Integration/ContainerTests.swift b/Sources/Integration/ContainerTests.swift new file mode 100644 index 0000000..9c8edd8 --- /dev/null +++ b/Sources/Integration/ContainerTests.swift @@ -0,0 +1,5675 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationEXT4 +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Crypto +import Foundation +import Logging +import SystemPackage + +extension IntegrationSuite { + func testProcessTrue() async throws { + let id = "test-process-true" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/true"] + config.memoryInBytes = 250_000_000 + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + } + + func testProcessFalse() async throws { + let id = "test-process-false" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/false"] + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 1 else { + throw IntegrationError.assert(msg: "process status \(status) != 1") + } + } + + final class DiscardingWriter: @unchecked Sendable, Writer { + var count: Int = 0 + + func write(_ data: Data) throws { + count += data.count + } + + func close() throws { + return + } + } + + final class BufferWriter: Writer { + // `data` isn't used concurrently. + nonisolated(unsafe) var data = Data() + + func write(_ data: Data) throws { + guard data.count > 0 else { + return + } + self.data.append(data) + } + + func close() throws { + return + } + } + + final class StdinBuffer: ReaderStream { + let data: Data + + init(data: Data) { + self.data = data + } + + func stream() -> AsyncStream { + let (stream, cont) = AsyncStream.makeStream() + cont.yield(self.data) + cont.finish() + return stream + } + } + + final class ChunkedStdinBuffer: ReaderStream { + let chunks: [Data] + let delayMs: Int + + init(chunks: [Data], delayMs: Int = 0) { + self.chunks = chunks + self.delayMs = delayMs + } + + func stream() -> AsyncStream { + let chunks = self.chunks + let delayMs = self.delayMs + return AsyncStream { cont in + Task { + for chunk in chunks { + if delayMs > 0 { + try? await Task.sleep(for: .milliseconds(delayMs)) + } + cont.yield(chunk) + } + cont.finish() + } + } + } + } + + func testProcessEchoHi() async throws { + let id = "test-process-echo-hi" + let bs = try await bootstrap(id) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/echo", "hi"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 1") + } + + guard String(data: buffer.data, encoding: .utf8) == "hi\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout 'hi' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testProcessNoExecutable() async throws { + let id = "test-process-no-executable" + let bs = try await bootstrap(id) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["foobarbaz"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let _ = try await container.wait() + try await container.stop() + + throw IntegrationError.assert(msg: "process didn't throw 'no executable' error") + } catch { + try? await container.stop() + guard let err = error as? ContainerizationError, + err.isCode(.internalError), err.description.contains("failed to find target executable") + else { + throw error + } + } + } + + func testMultipleConcurrentProcesses() async throws { + let id = "test-concurrent-processes" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + try await withThrowingTaskGroup(of: Void.self) { group in + for i in 0...80 { + let exec = try await container.exec("exec-\(i)") { config in + config.arguments = ["/bin/true"] + } + + group.addTask { + try await exec.start() + let status = try await exec.wait() + if status.exitCode != 0 { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + try await exec.delete() + } + } + + try await group.waitForAll() + + try await container.stop() + } + } catch { + throw error + } + } + + func testMultipleConcurrentProcessesOutputStress() async throws { + let id = "test-concurrent-processes-output-stress" + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let buffer = BufferWriter() + let exec = try await container.exec("expected-value") { config in + config.arguments = [ + "sh", + "-c", + "dd if=/dev/random of=/tmp/bytes bs=1M count=20 status=none ; sha256sum /tmp/bytes", + ] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + if status.exitCode != 0 { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let output = String(data: buffer.data, encoding: .utf8)! + let expected = String(output.split(separator: " ").first!) + try await withThrowingTaskGroup(of: Void.self) { group in + for i in 0...80 { + let idx = i + group.addTask { + let buffer = BufferWriter() + let exec = try await container.exec("exec-\(idx)") { config in + config.arguments = ["cat", "/tmp/bytes"] + config.stdout = buffer + } + try await exec.start() + + let status = try await exec.wait() + if status.exitCode != 0 { + throw IntegrationError.assert(msg: "process \(idx) status \(status) != 0") + } + + var hasher = SHA256() + hasher.update(data: buffer.data) + let hash = hasher.finalize().digestString.trimmingDigestPrefix + guard hash == expected else { + throw IntegrationError.assert( + msg: "process \(idx) output \(hash) != expected \(expected)") + } + try await exec.delete() + } + } + + try await group.waitForAll() + } + try await exec.delete() + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } + } + + func testProcessUser() async throws { + let id = "test-process-user" + + let bs = try await bootstrap(id) + var buffer = BufferWriter() + var container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/usr/bin/id"] + config.process.user = .init(uid: 1, gid: 1, additionalGids: [1]) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + var status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + var expected = "uid=1(bin) gid=1(bin) groups=1(bin)" + guard String(data: buffer.data, encoding: .utf8) == "\(expected)\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout '\(expected)' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + + buffer = BufferWriter() + container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/usr/bin/id"] + // Try some uid that doesn't exist. This is supported. + config.process.user = .init(uid: 40000, gid: 40000) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + expected = "uid=40000 gid=40000 groups=40000" + guard String(data: buffer.data, encoding: .utf8) == "\(expected)\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout '\(expected)' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + + buffer = BufferWriter() + container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/usr/bin/id"] + // Try some uid that doesn't exist. This is supported. + config.process.user = .init(username: "40000:40000") + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + expected = "uid=40000 gid=40000 groups=40000" + guard String(data: buffer.data, encoding: .utf8) == "\(expected)\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout '\(expected)' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + + buffer = BufferWriter() + container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/usr/bin/id"] + // Now for our final trick, try and run a username that doesn't exist. + config.process.user = .init(username: "thisdoesntexist") + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + do { + try await container.start() + } catch { + return + } + throw IntegrationError.assert(msg: "container start should have failed") + } + + // Ensure if we ask for a terminal we set TERM. + func testProcessTtyEnvvar() async throws { + let id = "test-process-tty-envvar" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["env"] + config.process.terminal = true + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let str = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert( + msg: "failed to convert standard output to a UTF8 string") + } + + let homeEnvvar = "TERM=xterm" + guard str.contains(homeEnvvar) else { + throw IntegrationError.assert( + msg: "process should have TERM environment variable defined") + } + } + + // Make sure we set HOME by default if we can find it in /etc/passwd in the guest. + func testProcessHomeEnvvar() async throws { + let id = "test-process-home-envvar" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["env"] + config.process.user = .init(uid: 0, gid: 0) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let str = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert( + msg: "failed to convert standard output to a UTF8 string") + } + + let homeEnvvar = "HOME=/root" + guard str.contains(homeEnvvar) else { + throw IntegrationError.assert( + msg: "process should have HOME environment variable defined") + } + } + + func testProcessCustomHomeEnvvar() async throws { + let id = "test-process-custom-home-envvar" + + let bs = try await bootstrap(id) + let customHomeEnvvar = "HOME=/tmp/custom/home" + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sh", "-c", "echo HOME=$HOME"] + config.process.environmentVariables.append(customHomeEnvvar) + config.process.user = .init(uid: 0, gid: 0) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.contains(customHomeEnvvar) else { + throw IntegrationError.assert(msg: "process should have preserved custom HOME environment variable, expected \(customHomeEnvvar), got: \(output)") + } + } + + func testHostname() async throws { + let id = "test-container-hostname" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/hostname"] + config.hostname = "foo-bar" + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + let expected = "foo-bar" + + guard String(data: buffer.data, encoding: .utf8) == "\(expected)\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout '\(expected)' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testHostnameDefaultsToContainerID() async throws { + let id = "test-container-hostname-default" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/hostname"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "\(id)\n" else { + throw IntegrationError.assert( + msg: "hostname should default to container id '\(id)', got '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testHostsFile() async throws { + let id = "test-container-hosts-file" + + let bs = try await bootstrap(id) + let entry = Hosts.Entry.localHostIPV4(comment: "Testaroo") + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.hosts = Hosts(entries: [entry]) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let expected = entry.rendered + guard String(data: buffer.data, encoding: .utf8) == "\(expected)\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout '\(expected)' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testProcessStdin() async throws { + let id = "test-container-stdin" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat"] + config.process.stdin = StdinBuffer(data: "Hello from test".data(using: .utf8)!) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + let expected = "Hello from test" + + guard String(data: buffer.data, encoding: .utf8) == "\(expected)" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout '\(expected)' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testMounts() async throws { + let id = "test-cat-mount" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + let directory = try createMountDirectory() + config.process.arguments = ["/bin/cat", "/mnt/hi.txt"] + config.mounts.append(.share(source: directory.path, destination: "/mnt")) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let value = String(data: buffer.data, encoding: .utf8) + guard value == "hello" else { + throw IntegrationError.assert( + msg: "process should have returned from file 'hello' != '\(String(data: buffer.data, encoding: .utf8)!)") + + } + } + + #if os(macOS) + func testNestedVirtualizationEnabled() async throws { + let id = "test-nested-virt" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/true"] + config.virtualization = true + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + } catch { + if let err = error as? ContainerizationError { + if err.code == .unsupported { + throw SkipTest(reason: err.message) + } + } + } + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + } + + func testContainerManagerCreate() async throws { + let id = "test-container-manager" + + let bs = try await bootstrap(id) + + var manager = try ContainerManager(vmm: bs.vmm) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs + ) { config in + config.process.arguments = ["/bin/echo", "ContainerManager test"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let output = String(data: buffer.data, encoding: .utf8) + guard output == "ContainerManager test\n" else { + throw IntegrationError.assert( + msg: "process should have returned 'ContainerManager test' != '\(output ?? "nil")'") + } + } + + func testContainerStopIdempotency() async throws { + let id = "test-container-stop-idempotency" + + let bs = try await bootstrap(id) + + var manager = try ContainerManager(vmm: bs.vmm) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs + ) { config in + config.process.arguments = ["/bin/echo", "please stop me"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + try await container.stop() + try await container.stop() + + let output = String(data: buffer.data, encoding: .utf8) + guard output == "please stop me\n" else { + throw IntegrationError.assert( + msg: "process should have returned 'ContainerManager test' != '\(output ?? "nil")'") + } + } + + func testContainerReuse() async throws { + let id = "test-container-reuse" + + let bs = try await bootstrap(id) + + var manager = try ContainerManager(vmm: bs.vmm) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs + ) { config in + config.process.arguments = ["/bin/echo", "ContainerManager test"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + var status = try await container.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + try await container.stop() + + try await container.create() + try await container.start() + + // Wait for completion.. again. + status = try await container.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let output = String(data: buffer.data, encoding: .utf8) + let expected = "ContainerManager test\nContainerManager test\n" + guard output == expected else { + throw IntegrationError.assert( + msg: "process should have returned '\(expected)' != '\(output ?? "nil")'") + } + } + + func testContainerDevConsole() async throws { + let id = "test-container-devconsole" + + let bs = try await bootstrap(id) + + var manager = try ContainerManager(vmm: bs.vmm) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs + ) { config in + // We mount devtmpfs by default, and while this includes creating + // /dev/console typically that'll be pointing to /dev/hvc0 (the + // virtio serial console). This is just a character device, so a trivial + // way to check that our bind mounted console setup worked is by just + // parsing `mount`'s output and looking for /dev/console as it wouldn't + // be there normally without our dance. + config.process.arguments = ["mount"] + config.process.terminal = true + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let str = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert( + msg: "failed to convert standard output to a UTF8 string") + } + + let devConsole = "/dev/console" + guard str.contains(devConsole) else { + throw IntegrationError.assert( + msg: "process should have \(devConsole) in `mount` output") + } + } + + #endif + + func testContainerStatistics() async throws { + let id = "test-container-statistics" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "infinity"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let stats = try await container.statistics() + + guard stats.id == id else { + throw IntegrationError.assert(msg: "stats container ID '\(stats.id)' != '\(id)'") + } + + guard let process = stats.process, process.current > 0 else { + throw IntegrationError.assert(msg: "process count should be > 0, got \(stats.process?.current ?? 0)") + } + + guard let memory = stats.memory, memory.usageBytes > 0 else { + throw IntegrationError.assert(msg: "memory usage should be > 0, got \(stats.memory?.usageBytes ?? 0)") + } + + guard let cpu = stats.cpu, cpu.usageUsec > 0 else { + throw IntegrationError.assert(msg: "CPU usage should be > 0, got \(stats.cpu?.usageUsec ?? 0)") + } + + print("Container statistics:") + print(" Processes: \(process.current)") + print(" Memory: \(memory.usageBytes) bytes") + print(" CPU: \(cpu.usageUsec) usec") + print(" Networks: \(stats.networks?.count ?? 0) interfaces") + + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCgroupLimits() async throws { + let id = "test-cgroup-limits" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "infinity"] + config.cpus = 2 + config.memoryInBytes = 512.mib() + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Start an exec with sleep infinity + let sleepExec = try await container.exec("sleep-exec") { config in + config.arguments = ["sleep", "infinity"] + } + try await sleepExec.start() + + // Verify we have 3 PIDs in cgroup.procs: init, exec sleep, and cat itself + let procsBuffer = BufferWriter() + let procsExec = try await container.exec("check-procs") { config in + config.arguments = ["cat", "/sys/fs/cgroup/cgroup.procs"] + config.stdout = procsBuffer + } + try await procsExec.start() + var status = try await procsExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-procs status \(status) != 0") + } + try await procsExec.delete() + + guard let procsContent = String(data: procsBuffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to parse cgroup.procs") + } + let pids = procsContent.split(separator: "\n").filter { !$0.isEmpty } + guard pids.count == 3 else { + throw IntegrationError.assert(msg: "expected 3 PIDs in cgroup.procs, got \(pids.count): \(procsContent)") + } + + // Verify memory limit + let memoryBuffer = BufferWriter() + let memoryExec = try await container.exec("check-memory") { config in + config.arguments = ["cat", "/sys/fs/cgroup/memory.max"] + config.stdout = memoryBuffer + } + try await memoryExec.start() + status = try await memoryExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-memory status \(status) != 0") + } + try await memoryExec.delete() + + guard let memoryLimit = String(data: memoryBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse memory.max") + } + let expectedMemory = "\(512.mib())" + guard memoryLimit == expectedMemory else { + throw IntegrationError.assert(msg: "memory.max \(memoryLimit) != expected \(expectedMemory)") + } + + // Verify CPU limit + let cpuBuffer = BufferWriter() + let cpuExec = try await container.exec("check-cpu") { config in + config.arguments = ["cat", "/sys/fs/cgroup/cpu.max"] + config.stdout = cpuBuffer + } + try await cpuExec.start() + status = try await cpuExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-cpu status \(status) != 0") + } + try await cpuExec.delete() + + guard let cpuLimit = String(data: cpuBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse cpu.max") + } + let expectedCpu = "200000 100000" // 2 CPUs: quota=200000, period=100000 + guard cpuLimit == expectedCpu else { + throw IntegrationError.assert(msg: "cpu.max '\(cpuLimit)' != expected '\(expectedCpu)'") + } + + try await sleepExec.delete() + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testMemoryEventsOOMKill() async throws { + let id = "test-memory-events-oom-kill" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "infinity"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Run a process that will exceed the memory limit and get OOM-killed + let exec = try await container.exec("oom-trigger") { config in + // First set a 2MB memory limit on the container's cgroup, then allocate more + config.arguments = [ + "sh", + "-c", + "echo 2097152 > /sys/fs/cgroup/memory.max && dd if=/dev/zero of=/dev/null bs=100M", + ] + } + + try await exec.start() + let status = try await exec.wait() + if status.exitCode == 0 { + throw IntegrationError.assert(msg: "expected exit code > 0") + } + try await exec.delete() + + let stats = try await container.statistics(categories: .memoryEvents) + + guard let events = stats.memoryEvents else { + throw IntegrationError.assert(msg: "expected memoryEvents to be present") + } + + print("Memory events for container \(id):") + print(" low: \(events.low)") + print(" high: \(events.high)") + print(" max: \(events.max)") + print(" oom: \(events.oom)") + print(" oomKill: \(events.oomKill)") + + guard events.oomKill > 0 else { + throw IntegrationError.assert(msg: "expected oomKill > 0, got \(events.oomKill)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testNoSerialConsole() async throws { + let id = "test-no-serial-console" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/true"] + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + } + + func testUnixSocketIntoGuest() async throws { + let id = "test-unixsocket-into-guest" + + let bs = try await bootstrap(id) + + let hostSocketPath = try createHostUnixSocket() + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.sockets = [ + UnixSocketConfiguration( + source: URL(filePath: hostSocketPath), + destination: URL(filePath: "/tmp/test.sock"), + direction: .into + ) + ] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Execute ls -l to check the socket exists and is indeed a socket + let lsExec = try await container.exec("ls-socket") { config in + config.arguments = ["ls", "-l", "/tmp/test.sock"] + config.stdout = buffer + } + + try await lsExec.start() + let status = try await lsExec.wait() + try await lsExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls command failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert ls output to UTF8") + } + + // Socket files in ls -l output start with 's' + guard output.hasPrefix("s") else { + throw IntegrationError.assert( + msg: "expected socket file (starting with 's'), got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + // NOTE: Once upon a time our guest agent created any proxied unix sockets at + // a path that contained the container ID in it. The problem here is if the container + // ID is comically long we exceed the max length of a unix domain socket path. + func testUnixSocketIntoGuestLongContainerID() async throws { + let id = "test-unixsocket-long-id-" + String(repeating: "a", count: 40) + + let bs = try await bootstrap(id) + + let hostSocketPath = try createHostUnixSocket() + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.sockets = [ + UnixSocketConfiguration( + source: URL(filePath: hostSocketPath), + destination: URL(filePath: "/tmp/test.sock"), + direction: .into + ) + ] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let lsExec = try await container.exec("ls-socket") { config in + config.arguments = ["ls", "-l", "/tmp/test.sock"] + config.stdout = buffer + } + + try await lsExec.start() + let status = try await lsExec.wait() + try await lsExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls command failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert ls output to UTF8") + } + + guard output.hasPrefix("s") else { + throw IntegrationError.assert( + msg: "expected socket file (starting with 's'), got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testNonClosureConstructor() async throws { + let id = "test-container-non-closure-constructor" + + let bs = try await bootstrap(id) + let config = LinuxContainer.Configuration( + process: LinuxProcessConfiguration(arguments: ["/bin/true"]) + ) + let container = try LinuxContainer( + id, + rootfs: bs.rootfs, + vmm: bs.vmm, + configuration: config + ) + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + } + + private func createHostUnixSocket() throws -> String { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + let socketPath = dir.appendingPathComponent("test.sock").path + + let socket = try Socket(type: UnixType(path: socketPath)) + try socket.listen() + + return socketPath + } + + private func createMountDirectory() throws -> URL { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + try "hello".write(to: dir.appendingPathComponent("hi.txt"), atomically: true, encoding: .utf8) + return dir + } + + func testUnixSocketIntoGuestSymlink() async throws { + let id = "test-unixsocket-into-guest-symlink" + + let bs = try await bootstrap(id) + + let hostSocketPath = try createHostUnixSocket() + + let buffer = BufferWriter() + // Use /var/run/test.sock. Alpine has /var/run -> /run symlink + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.sockets = [ + UnixSocketConfiguration( + source: URL(filePath: hostSocketPath), + destination: URL(filePath: "/var/run/test.sock"), + direction: .into + ) + ] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let lsExec = try await container.exec("ls-socket") { config in + config.arguments = ["ls", "-l", "/var/run/test.sock"] + config.stdout = buffer + } + + try await lsExec.start() + let status = try await lsExec.wait() + try await lsExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls command failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert ls output to UTF8") + } + + // Socket files in ls -l output start with 's' + guard output.hasPrefix("s") else { + throw IntegrationError.assert( + msg: "expected socket file (starting with 's'), got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testBootLogFileHandle() async throws { + let id = "test-bootlog-filehandle" + + let bs = try await bootstrap(id) + + // Create a pipe to capture boot log data + let pipe = Pipe() + let bootLog = BootLog.fileHandle(pipe.fileHandleForWriting) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/echo", "test complete"] + config.bootLog = bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + try pipe.fileHandleForWriting.close() + let bootLogData = try pipe.fileHandleForReading.readToEnd() + guard let bootLogData = bootLogData, bootLogData.count > 0 else { + throw IntegrationError.assert( + msg: "expected to receive boot log data from pipe, but got no data") + } + + guard let bootLogString = String(data: bootLogData, encoding: .utf8) else { + throw IntegrationError.assert( + msg: "failed to convert boot log data to UTF8 string") + } + + guard bootLogString.count > 100 else { + throw IntegrationError.assert( + msg: "boot log output smaller than expected: got \(bootLogString.count)") + } + } catch { + try? await container.stop() + throw error + } + } + + func testLargeStdioOutput() async throws { + let id = "test-large-stdout-stderr-output" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let stdoutBuffer = DiscardingWriter() + let stderrBuffer = DiscardingWriter() + + let exec = try await container.exec("large-output") { config in + config.arguments = [ + "sh", + "-c", + """ + dd if=/dev/zero bs=1M count=250 status=none && \ + dd if=/dev/zero bs=1M count=250 status=none >&2 + """, + ] + config.stdout = stdoutBuffer + config.stderr = stderrBuffer + } + + let started = Date().timeIntervalSinceReferenceDate + + try await exec.start() + let status = try await exec.wait() + + let lasted = Date().timeIntervalSinceReferenceDate - started + print("Test \(id) finished process ingesting stdio in \(lasted)") + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec process status \(status) != 0") + } + + try await exec.delete() + + let expectedSize = 250 * 1024 * 1024 + guard stdoutBuffer.count == expectedSize else { + throw IntegrationError.assert( + msg: "stdout size \(stdoutBuffer.count) != expected \(expectedSize)") + } + + guard stderrBuffer.count == expectedSize else { + throw IntegrationError.assert( + msg: "stderr size \(stderrBuffer.count) != expected \(expectedSize)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testProcessDeleteIdempotency() async throws { + let id = "test-process-delete-idempotency" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Create an exec process + let exec = try await container.exec("test-exec") { config in + config.arguments = ["/bin/true"] + } + + try await exec.start() + let status = try await exec.wait() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec process status \(status) != 0") + } + + // Call delete twice to verify idempotency + try await exec.delete() + try await exec.delete() // Should be a no-op + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testMultipleExecsWithoutDelete() async throws { + let id = "test-multiple-execs-without-delete" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Create 3 exec processes without deleting them + let exec1 = try await container.exec("exec-1") { config in + config.arguments = ["/bin/true"] + } + try await exec1.start() + let status1 = try await exec1.wait() + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec1 process status \(status1) != 0") + } + + let exec2 = try await container.exec("exec-2") { config in + config.arguments = ["/bin/true"] + } + try await exec2.start() + let status2 = try await exec2.wait() + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec2 process status \(status2) != 0") + } + + let exec3 = try await container.exec("exec-3") { config in + config.arguments = ["/bin/true"] + } + try await exec3.start() + let status3 = try await exec3.wait() + guard status3.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec3 process status \(status3) != 0") + } + + // Stop should handle cleanup of all exec processes gracefully + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testNonExistentBinary() async throws { + let id = "test-non-existent-binary" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["foo-bar-baz"] + config.bootLog = bs.bootLog + } + + try await container.create() + do { + try await container.start() + } catch { + return + } + try await container.stop() + throw IntegrationError.assert(msg: "container start should have failed") + } + + // MARK: - Capability Tests + + func testCapabilitiesSysAdmin() async throws { + let id = "test-capabilities-sysadmin" + + let bs = try await bootstrap(id) + + // First test: without CAP_SYS_ADMIN (should be denied) + let bufferDenied = BufferWriter() + let containerWithoutSysAdmin = try LinuxContainer("\(id)-denied", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = LinuxCapabilities() + config.process.arguments = ["/bin/sh", "-c", "mount -t tmpfs tmpfs /tmp || echo 'mount failed as expected'"] + config.process.stdout = bufferDenied + config.bootLog = bs.bootLog + } + + try await containerWithoutSysAdmin.create() + try await containerWithoutSysAdmin.start() + + var status = try await containerWithoutSysAdmin.wait() + try await containerWithoutSysAdmin.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container should have run successfully, got exit code \(status.exitCode)") + } + + guard let outputDenied = String(data: bufferDenied.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard outputDenied.contains("mount failed as expected") else { + throw IntegrationError.assert(msg: "expected mount failure message, got: \(outputDenied)") + } + + // Second test: with CAP_SYS_ADMIN (should succeed) + let containerWithSysAdmin = try LinuxContainer("\(id)-allowed", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = LinuxCapabilities(capabilities: [.sysAdmin]) + config.process.arguments = ["/bin/sh", "-c", "mount -t tmpfs tmpfs /tmp"] + config.bootLog = bs.bootLog + } + + try await containerWithSysAdmin.create() + try await containerWithSysAdmin.start() + + status = try await containerWithSysAdmin.wait() + try await containerWithSysAdmin.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container with CAP_SYS_ADMIN should mount successfully, got exit code \(status.exitCode)") + } + } + + func testCapabilitiesNetAdmin() async throws { + let id = "test-capabilities-netadmin" + + let bs = try await bootstrap(id) + + // First test: without CAP_NET_ADMIN (should be denied) + let bufferDenied = BufferWriter() + let containerWithoutNetAdmin = try LinuxContainer("\(id)-denied", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = LinuxCapabilities() + config.process.arguments = ["/bin/sh", "-c", "ip link set lo down 2>/dev/null || echo 'network operation denied as expected'"] + config.process.stdout = bufferDenied + config.bootLog = bs.bootLog + } + + try await containerWithoutNetAdmin.create() + try await containerWithoutNetAdmin.start() + + var status = try await containerWithoutNetAdmin.wait() + try await containerWithoutNetAdmin.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container should handle network denial gracefully, got exit code \(status.exitCode)") + } + + guard let outputDenied = String(data: bufferDenied.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard outputDenied.contains("network operation denied as expected") else { + throw IntegrationError.assert(msg: "expected network denial message, got: \(outputDenied)") + } + + // Second test: with CAP_NET_ADMIN (should succeed) + let bufferAllowed = BufferWriter() + let containerWithNetAdmin = try LinuxContainer("\(id)-allowed", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = LinuxCapabilities(capabilities: [.netAdmin]) + config.process.arguments = ["/bin/sh", "-c", "ip link set lo down && ip link set lo up"] + config.process.stdout = bufferAllowed + config.bootLog = bs.bootLog + } + + try await containerWithNetAdmin.create() + try await containerWithNetAdmin.start() + + status = try await containerWithNetAdmin.wait() + try await containerWithNetAdmin.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container with CAP_NET_ADMIN should perform network operations, got exit code \(status.exitCode)") + } + } + + func testCapabilitiesOCIDefault() async throws { + let id = "test-capabilities-OCI-default" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + // Use default capability set + config.process.capabilities = .defaultOCICapabilities + config.process.arguments = ["/bin/sh", "-c", "echo 'Running with OCI default capabilities'"] + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container with OCI default capabilities should run, got exit code \(status.exitCode)") + } + } + + func testCapabilitiesAllCapabilities() async throws { + let id = "test-capabilities-all" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = .allCapabilities + config.process.arguments = ["/bin/sh", "-c", "mount -t tmpfs tmpfs /tmp && ip link set lo down"] + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container with all capabilities should perform all operations, got exit code \(status.exitCode)") + } + } + + func testCapabilitiesFileOwnership() async throws { + let id = "test-capabilities-chown" + + let bs = try await bootstrap(id) + + // First test: without CAP_CHOWN + let bufferDenied = BufferWriter() + let containerWithoutChown = try LinuxContainer("\(id)-denied", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = LinuxCapabilities() + config.process.arguments = ["/bin/sh", "-c", "touch /tmp/testfile && chown 1000:1000 /tmp/testfile 2>/dev/null || echo 'chown denied as expected'"] + config.process.stdout = bufferDenied + config.bootLog = bs.bootLog + } + + try await containerWithoutChown.create() + try await containerWithoutChown.start() + + var status = try await containerWithoutChown.wait() + try await containerWithoutChown.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container should handle chown denial gracefully, got exit code \(status.exitCode)") + } + + guard let outputDenied = String(data: bufferDenied.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard outputDenied.contains("chown denied as expected") else { + throw IntegrationError.assert(msg: "expected chown denial message, got: \(outputDenied)") + } + + // Second test: with CAP_CHOWN + let bufferAllowed = BufferWriter() + let containerWithChown = try LinuxContainer("\(id)-allowed", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.capabilities = LinuxCapabilities(capabilities: [.chown]) + config.process.arguments = ["/bin/sh", "-c", "touch /tmp/testfile && chown 1000:1000 /tmp/testfile"] + config.process.stdout = bufferAllowed + config.bootLog = bs.bootLog + } + + try await containerWithChown.create() + try await containerWithChown.start() + + status = try await containerWithChown.wait() + try await containerWithChown.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container with CAP_CHOWN should succeed, got exit code \(status.exitCode)") + } + } + + func testDefaultMaskedAndReadonlyPaths() async throws { + let id = "test-masked-readonly-defaults" + + // A default container (default capabilities + default masked/readonly + // paths) must have the OCI standard set enforced by vmexec without any + // opt-in. Probe from inside the guest: + // 1. readonlyPaths: writing under /proc/sys fails with EROFS. EROFS + // (not EPERM) proves the read-only remount rather than a mere + // capability denial — the default (restricted) caps already lack + // CAP_SYS_ADMIN, so a writable /proc/sys would fail with EPERM. + // The write is wrapped in a brace group so the shell's redirection + // failure ("can't create ...: Read-only file system") is captured: + // a trailing `2>&1` on the command misses it, because the failing + // `>` redirection aborts before `2>&1` is applied. + // 2. maskedPaths: at least one default-masked path is mounted over + // (visible in /proc/self/mountinfo). Checked via mountinfo rather + // than reading the target, since some masked paths (e.g. + // /proc/kcore) require CAP_SYS_RAWIO to read and would appear empty + // even if masking were broken, yielding a false pass. + let probe = """ + set -u + rerr=$( { echo x > /proc/sys/kernel/hostname; } 2>&1 ) + case "$rerr" in + *"Read-only file system"*) ;; + *) echo "RO-FAIL: writing /proc/sys expected EROFS, got: ${rerr:-}"; exit 1 ;; + esac + masked=0 + for p in /proc/kcore /proc/keys /proc/scsi /proc/sched_debug /sys/firmware /sys/devices/virtual/powercap; do + grep -q " $p " /proc/self/mountinfo && masked=$((masked + 1)) + done + if [ "$masked" -eq 0 ]; then + echo "MASK-FAIL: no default masked path mounted" + cat /proc/self/mountinfo + exit 1 + fi + echo "MASKED-RO-OK masked=$masked" + """ + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + // Intentionally leave config.maskedPaths / readonlyPaths / + // process.capabilities untouched — the point is that the defaults + // are secure out of the box. + config.process.arguments = ["/bin/sh", "-c", probe] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + let output = String(data: buffer.data, encoding: .utf8) ?? "" + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "default masked/readonly enforcement failed (exit \(status.exitCode)): \(output)") + } + guard output.contains("MASKED-RO-OK") else { + throw IntegrationError.assert(msg: "expected MASKED-RO-OK sentinel, got: \(output)") + } + } + + func testStat() async throws { + let id = "test-stat" + + let bs = try await bootstrap(id) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + func assertExec(_ container: LinuxContainer, id: String, cmd: String) async throws { + let exec = try await container.exec(id) { config in + config.arguments = ["sh", "-c", cmd] + } + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "\(id) failed with exit code \(status.exitCode)") + } + } + + do { + try await container.create() + try await container.start() + + // regular file: "regular file" is exactly 12 bytes + try await assertExec(container, id: "create-regular-file", cmd: "echo -n 'regular file' > /tmp/regular-file.txt") + // directory + try await assertExec(container, id: "create-dir", cmd: "mkdir /tmp/test-dir") + // relative symlink so stat() resolves the target within the same directory + try await assertExec(container, id: "create-symlink", cmd: "ln -s regular-file.txt /tmp/test-link") + // FIFO + try await assertExec(container, id: "create-fifo", cmd: "mkfifo /tmp/test-fifo") + + let vsock = try await container.dialVsock(port: 1024) + let vminitd = try await Vminitd(connection: vsock, group: Self.eventLoop) + + let root = URL(filePath: container.root) + + // --- regular file --- + let regularStat = try await vminitd.stat(path: root.appending(path: "tmp/regular-file.txt")) + guard (regularStat.mode & UInt32(S_IFMT)) == S_IFREG else { + throw IntegrationError.assert(msg: "regular file: expected S_IFREG, got mode 0x\(String(regularStat.mode, radix: 16))") + } + guard regularStat.size == 12 else { + throw IntegrationError.assert(msg: "regular file: expected size 12, got \(regularStat.size)") + } + guard regularStat.ino > 0 else { + throw IntegrationError.assert(msg: "regular file: expected non-zero inode, got \(regularStat.ino)") + } + guard regularStat.nlink >= 1 else { + throw IntegrationError.assert(msg: "regular file: expected nlink >= 1, got \(regularStat.nlink)") + } + + // --- directory --- + let dirStat = try await vminitd.stat(path: root.appending(path: "tmp/test-dir")) + guard (dirStat.mode & UInt32(S_IFMT)) == S_IFDIR else { + throw IntegrationError.assert(msg: "directory: expected S_IFDIR, got mode 0x\(String(dirStat.mode, radix: 16))") + } + // A directory always has at least 2 hard links (. and its entry in the parent) + guard dirStat.nlink >= 2 else { + throw IntegrationError.assert(msg: "directory: expected nlink >= 2, got \(dirStat.nlink)") + } + + // --- symlink --- + // stat(2) follows symlinks, so the result reflects the target regular file + let symlinkStat = try await vminitd.stat(path: root.appending(path: "tmp/test-link")) + guard (symlinkStat.mode & UInt32(S_IFMT)) == S_IFREG else { + throw IntegrationError.assert(msg: "symlink (followed): expected S_IFREG, got mode 0x\(String(symlinkStat.mode, radix: 16))") + } + guard symlinkStat.size == regularStat.size else { + throw IntegrationError.assert(msg: "symlink (followed): expected size \(regularStat.size), got \(symlinkStat.size)") + } + + // --- FIFO --- + let fifoStat = try await vminitd.stat(path: root.appending(path: "tmp/test-fifo")) + guard (fifoStat.mode & UInt32(S_IFMT)) == S_IFIFO else { + throw IntegrationError.assert(msg: "FIFO: expected S_IFIFO, got mode 0x\(String(fifoStat.mode, radix: 16))") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyIn() async throws { + let id = "test-copy-in" + + let bs = try await bootstrap(id) + + // Create a temp file on the host with known content + let testContent = "Hello from the host! This is a copyIn test." + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("test-input.txt") + try testContent.write(to: hostFile, atomically: true, encoding: .utf8) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Copy the file into the container + try await container.copyIn( + from: hostFile, + to: URL(filePath: "/tmp/copied-file.txt") + ) + + // Verify the file exists and has correct content + let exec = try await container.exec("verify-copy") { config in + config.arguments = ["cat", "/tmp/copied-file.txt"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "cat command failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output == testContent else { + throw IntegrationError.assert( + msg: "copied file content mismatch: expected '\(testContent)', got '\(output)'") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyInFileToExistingDirectory() async throws { + let id = "test-copy-in-file-to-dir" + + let bs = try await bootstrap(id) + + let testContent = "copy into an existing guest directory" + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("host-file.txt") + try testContent.write(to: hostFile, atomically: true, encoding: .utf8) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let mkdir = try await container.exec("create-copy-target") { config in + config.arguments = ["mkdir", "-p", "/tmp/copy-target"] + } + try await mkdir.start() + let mkdirStatus = try await mkdir.wait() + try await mkdir.delete() + + guard mkdirStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "mkdir failed with status \(mkdirStatus)") + } + + try await container.copyIn( + from: hostFile, + to: URL(filePath: "/tmp/copy-target") + ) + + let buffer = BufferWriter() + let verify = try await container.exec("verify-copy-target") { config in + config.arguments = ["cat", "/tmp/copy-target/host-file.txt"] + config.stdout = buffer + } + try await verify.start() + let verifyStatus = try await verify.wait() + try await verify.delete() + + guard verifyStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "cat copied file failed with status \(verifyStatus)") + } + guard String(data: buffer.data, encoding: .utf8) == testContent else { + throw IntegrationError.assert(msg: "copied file should land under the existing destination directory") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyInFileToMissingDirectoryFails() async throws { + let id = "test-copy-in-file-missing-dir" + + let bs = try await bootstrap(id) + + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("host-file.txt") + try "missing destination directory".write(to: hostFile, atomically: true, encoding: .utf8) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + do { + try await container.copyIn( + from: hostFile, + to: URL(filePath: "/tmp/missing-copy-target/") + ) + throw IntegrationError.assert(msg: "copyIn should fail when copying a file to a missing destination directory") + } catch let error as ContainerizationError where error.code == .invalidArgument { + guard error.description.contains("destination directory does not exist") else { + throw IntegrationError.assert(msg: "unexpected copyIn error: \(error)") + } + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyInDirectoryOverExistingFileFails() async throws { + let id = "test-copy-in-dir-over-file" + + let bs = try await bootstrap(id) + + let hostDir = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("host-dir") + try FileManager.default.createDirectory(at: hostDir, withIntermediateDirectories: true) + try "directory content".write(to: hostDir.appendingPathComponent("file.txt"), atomically: true, encoding: .utf8) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let createFile = try await container.exec("create-existing-file") { config in + config.arguments = ["sh", "-c", "echo -n existing > /tmp/existing-file"] + } + try await createFile.start() + let createStatus = try await createFile.wait() + try await createFile.delete() + + guard createStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "failed to create existing file, status \(createStatus)") + } + + do { + try await container.copyIn( + from: hostDir, + to: URL(filePath: "/tmp/existing-file") + ) + throw IntegrationError.assert(msg: "copyIn should fail when copying a directory over an existing file") + } catch let error as ContainerizationError where error.code == .invalidArgument { + guard error.description.contains("cannot copy directory over existing file") else { + throw IntegrationError.assert(msg: "unexpected copyIn error: \(error)") + } + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyOut() async throws { + let id = "test-copy-out" + + let bs = try await bootstrap(id) + + let testContent = "Hello from the guest! This is a copyOut test." + let hostDestination = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("test-output.txt") + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Create a file inside the container + let exec = try await container.exec("create-file") { config in + config.arguments = ["sh", "-c", "echo -n '\(testContent)' > /tmp/guest-file.txt"] + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "failed to create file in guest, status \(status)") + } + + // Copy the file out of the container + try await container.copyOut( + from: URL(filePath: "/tmp/guest-file.txt"), + to: hostDestination + ) + + // Verify the file was copied correctly + let copiedContent = try String(contentsOf: hostDestination, encoding: .utf8) + + guard copiedContent == testContent else { + throw IntegrationError.assert( + msg: "copied file content mismatch: expected '\(testContent)', got '\(copiedContent)'") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyLargeFile() async throws { + let id = "test-copy-large-file" + + let bs = try await bootstrap(id) + + // Create a 10MB file on the host with a repeating pattern + let fileSize = 10 * 1024 * 1024 + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("large-file.bin") + + // Generate data with a repeating pattern + let pattern = Data("ContainerizationCopyTest".utf8) + var testData = Data(capacity: fileSize) + while testData.count < fileSize { + testData.append(pattern) + } + testData = testData.prefix(fileSize) + try testData.write(to: hostFile) + + let hostDestination = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("large-file-out.bin") + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Copy large file into the container + try await container.copyIn( + from: hostFile, + to: URL(filePath: "/tmp/large-file.bin") + ) + + // Copy it back out + try await container.copyOut( + from: URL(filePath: "/tmp/large-file.bin"), + to: hostDestination + ) + + // Verify the content matches + let copiedData = try Data(contentsOf: hostDestination) + + guard copiedData.count == testData.count else { + throw IntegrationError.assert( + msg: "file size mismatch: expected \(testData.count), got \(copiedData.count)") + } + + guard copiedData == testData else { + throw IntegrationError.assert(msg: "file content mismatch after round-trip copy") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyInDirectory() async throws { + let id = "test-copy-in-dir" + + let bs = try await bootstrap(id) + + // Create a temp directory with files, a subdirectory, and a symlink. + let hostDir = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("test-dir") + try FileManager.default.createDirectory(at: hostDir, withIntermediateDirectories: true) + try "file1 content".write(to: hostDir.appendingPathComponent("file1.txt"), atomically: true, encoding: .utf8) + + let subDir = hostDir.appendingPathComponent("subdir") + try FileManager.default.createDirectory(at: subDir, withIntermediateDirectories: true) + try "file2 content".write(to: subDir.appendingPathComponent("file2.txt"), atomically: true, encoding: .utf8) + + try FileManager.default.createSymbolicLink( + at: hostDir.appendingPathComponent("link.txt"), + withDestinationURL: hostDir.appendingPathComponent("file1.txt") + ) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Copy the directory into the container. + try await container.copyIn( + from: hostDir, + to: URL(filePath: "/tmp/copied-dir") + ) + + // Verify file1.txt exists with correct content. + let buffer1 = BufferWriter() + let exec1 = try await container.exec("verify-file1") { config in + config.arguments = ["cat", "/tmp/copied-dir/file1.txt"] + config.stdout = buffer1 + } + try await exec1.start() + let status1 = try await exec1.wait() + try await exec1.delete() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "cat file1.txt failed with status \(status1)") + } + guard String(data: buffer1.data, encoding: .utf8) == "file1 content" else { + throw IntegrationError.assert(msg: "file1.txt content mismatch") + } + + // Verify subdir/file2.txt exists with correct content. + let buffer2 = BufferWriter() + let exec2 = try await container.exec("verify-file2") { config in + config.arguments = ["cat", "/tmp/copied-dir/subdir/file2.txt"] + config.stdout = buffer2 + } + try await exec2.start() + let status2 = try await exec2.wait() + try await exec2.delete() + + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "cat subdir/file2.txt failed with status \(status2)") + } + guard String(data: buffer2.data, encoding: .utf8) == "file2 content" else { + throw IntegrationError.assert(msg: "subdir/file2.txt content mismatch") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyOutDirectory() async throws { + let id = "test-copy-out-dir" + + let bs = try await bootstrap(id) + + let hostDestination = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("copied-out-dir") + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Create a directory structure inside the container. + let exec = try await container.exec("create-dir") { config in + config.arguments = [ + "sh", "-c", + "mkdir -p /tmp/guest-dir/subdir && echo -n 'guest file1' > /tmp/guest-dir/file1.txt && echo -n 'guest file2' > /tmp/guest-dir/subdir/file2.txt", + ] + } + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "failed to create directory in guest, status \(status)") + } + + // Copy the directory out of the container. + try await container.copyOut( + from: URL(filePath: "/tmp/guest-dir"), + to: hostDestination + ) + + // Verify file1.txt was copied correctly. + let file1Content = try String(contentsOf: hostDestination.appendingPathComponent("file1.txt"), encoding: .utf8) + guard file1Content == "guest file1" else { + throw IntegrationError.assert( + msg: "file1.txt content mismatch: expected 'guest file1', got '\(file1Content)'") + } + + // Verify subdir/file2.txt was copied correctly. + let file2Content = try String( + contentsOf: hostDestination.appendingPathComponent("subdir").appendingPathComponent("file2.txt"), + encoding: .utf8 + ) + guard file2Content == "guest file2" else { + throw IntegrationError.assert( + msg: "subdir/file2.txt content mismatch: expected 'guest file2', got '\(file2Content)'") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyEmptyFile() async throws { + let id = "test-copy-empty-file" + + let bs = try await bootstrap(id) + + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("empty.txt") + try Data().write(to: hostFile) + + let hostDestination = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("empty-out.txt") + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Copy empty file in. + try await container.copyIn( + from: hostFile, + to: URL(filePath: "/tmp/empty.txt") + ) + + // Verify it exists and is empty in the guest. + let buffer = BufferWriter() + let exec = try await container.exec("verify-empty") { config in + config.arguments = ["stat", "-c", "%s", "/tmp/empty.txt"] + config.stdout = buffer + } + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "stat failed with status \(status)") + } + let sizeStr = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard sizeStr == "0" else { + throw IntegrationError.assert(msg: "empty file should have size 0, got '\(sizeStr ?? "nil")'") + } + + // Copy it back out. + try await container.copyOut( + from: URL(filePath: "/tmp/empty.txt"), + to: hostDestination + ) + + let copiedData = try Data(contentsOf: hostDestination) + guard copiedData.isEmpty else { + throw IntegrationError.assert(msg: "round-tripped empty file should be empty, got \(copiedData.count) bytes") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyEmptyDirectory() async throws { + let id = "test-copy-empty-dir" + + let bs = try await bootstrap(id) + + let hostDir = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("empty-dir") + try FileManager.default.createDirectory(at: hostDir, withIntermediateDirectories: true) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Copy empty directory in. + try await container.copyIn( + from: hostDir, + to: URL(filePath: "/tmp/empty-dir") + ) + + // Verify it exists and is a directory. + let buffer = BufferWriter() + let exec = try await container.exec("verify-empty-dir") { config in + config.arguments = ["sh", "-c", "test -d /tmp/empty-dir && ls -a /tmp/empty-dir | wc -l"] + config.stdout = buffer + } + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "empty dir check failed with status \(status)") + } + + // ls -a shows . and .. so count should be 2 for an empty dir. + let countStr = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard countStr == "2" else { + throw IntegrationError.assert(msg: "empty dir should have 2 entries (. and ..), got '\(countStr ?? "nil")'") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testCopyBinaryFile() async throws { + let id = "test-copy-binary" + + let bs = try await bootstrap(id) + + // Create a file with all 256 byte values to test binary safety. + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("binary.bin") + var binaryData = Data(count: 256 * 64) + for i in 0.. /tmp/custom-bin/mytest && chmod +x /tmp/custom-bin/mytest", + ] + } + try await setup.start() + let setupStatus = try await setup.wait() + try await setup.delete() + guard setupStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "setup failed: \(setupStatus)") + } + + // Exec bare command with custom PATH — this exercises ExecCommand.swift + let buffer = BufferWriter() + let exec = try await container.exec("custom-path") { config in + config.arguments = ["mytest"] + config.environmentVariables = ["PATH=/tmp/custom-bin"] + config.stdout = buffer + } + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec with custom PATH failed: \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to read output") + } + guard output.contains("CUSTOM_PATH_OK") else { + throw IntegrationError.assert(msg: "expected CUSTOM_PATH_OK, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testStdinExplicitClose() async throws { + let id = "test-stdin-explicit-close" + let bs = try await bootstrap(id) + + let inputData = "explicit close test\n".data(using: .utf8)! + let buffer = BufferWriter() + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let exec = try await container.exec("stdin-close-exec") { config in + config.arguments = ["head", "-n", "1"] + config.stdin = StdinBuffer(data: inputData) + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec status \(status) != 0") + } + + guard buffer.data == inputData else { + throw IntegrationError.assert(msg: "output mismatch") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testStdinBinaryData() async throws { + let id = "test-stdin-binary-data" + let bs = try await bootstrap(id) + + var inputData = Data() + for i: UInt8 in 0...255 { + inputData.append(contentsOf: [UInt8](repeating: i, count: 256)) + } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat"] + config.process.stdin = StdinBuffer(data: inputData) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard buffer.data == inputData else { + throw IntegrationError.assert(msg: "binary data mismatch") + } + } catch { + try? await container.stop() + throw error + } + } + + func testStdinMultipleChunks() async throws { + let id = "test-stdin-multiple-chunks" + let bs = try await bootstrap(id) + + let chunks = (0..<10).map { i in + Data(repeating: UInt8(0x30 + i), count: 10 * 1024) + } + let expectedData = chunks.reduce(Data()) { $0 + $1 } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat"] + config.process.stdin = ChunkedStdinBuffer(chunks: chunks, delayMs: 10) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard buffer.data == expectedData else { + throw IntegrationError.assert(msg: "chunked data mismatch") + } + } catch { + try? await container.stop() + throw error + } + } + + func testStdinVeryLarge() async throws { + let id = "test-stdin-very-large" + let bs = try await bootstrap(id) + + let inputSize = 10 * 1024 * 1024 + let inputData = Data(repeating: 0x58, count: inputSize) + + let stdout = DiscardingWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["wc", "-c"] + config.process.stdin = StdinBuffer(data: inputData) + config.process.stdout = stdout + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard stdout.count > 0 else { + throw IntegrationError.assert(msg: "no output from wc") + } + } catch { + try? await container.stop() + throw error + } + } + + #if os(macOS) + @available(macOS 26.0, *) + func testInterfaceMTU() async throws { + let id = "test-interface-mtu" + let bs = try await bootstrap(id) + + let customMTU: UInt32 = 1400 + var network = try VmnetNetwork() + defer { + try? network.releaseInterface(id) + } + + guard let interface = try network.createInterface(id, mtu: customMTU) else { + throw IntegrationError.assert(msg: "failed to create network interface") + } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Check the MTU of eth0 + let exec = try await container.exec("check-mtu") { config in + config.arguments = ["ip", "link", "show", "eth0"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip link show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // Output should contain "mtu 1400" + guard output.contains("mtu \(customMTU)") else { + throw IntegrationError.assert( + msg: "expected MTU \(customMTU) in output, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + #endif + + func testSingleFileMount() async throws { + let id = "test-single-file-mount" + + let bs = try await bootstrap(id) + + // Create a temp file with known content + let testContent = "Hello from single file mount!" + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("config.txt") + try testContent.write(to: hostFile, atomically: true, encoding: .utf8) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat", "/etc/myconfig.txt"] + // Mount a single file using virtiofs share + config.mounts.append(.share(source: hostFile.path, destination: "/etc/myconfig.txt")) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output == testContent else { + throw IntegrationError.assert( + msg: "expected '\(testContent)', got '\(output)'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testSingleFileMountReadOnly() async throws { + let id = "test-single-file-mount-readonly" + + let bs = try await bootstrap(id) + + // Create a temp file with known content + let testContent = "Read-only file content" + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("readonly.txt") + try testContent.write(to: hostFile, atomically: true, encoding: .utf8) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + // Mount a single file as read-only + config.mounts.append(.share(source: hostFile.path, destination: "/etc/readonly.txt", options: ["ro"])) + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // First verify we can read the file + let readBuffer = BufferWriter() + let readExec = try await container.exec("read-file") { config in + config.arguments = ["cat", "/etc/readonly.txt"] + config.stdout = readBuffer + } + try await readExec.start() + var status = try await readExec.wait() + try await readExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read status \(status) != 0") + } + + guard String(data: readBuffer.data, encoding: .utf8) == testContent else { + throw IntegrationError.assert(msg: "file content mismatch") + } + + // Now try to write to the file - should fail + let writeExec = try await container.exec("write-file") { config in + config.arguments = ["sh", "-c", "echo 'modified' > /etc/readonly.txt"] + } + try await writeExec.start() + status = try await writeExec.wait() + try await writeExec.delete() + + // Write should fail on a read-only mount + guard status.exitCode != 0 else { + throw IntegrationError.assert(msg: "write should have failed on read-only mount") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testSingleFileMountWriteBack() async throws { + let id = "test-single-file-mount-write-back" + + let bs = try await bootstrap(id) + + // Create a temp file with initial content + let initialContent = "initial content" + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("writeable.txt") + try initialContent.write(to: hostFile, atomically: true, encoding: .utf8) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + // Mount a single file (writable by default) + config.mounts.append(.share(source: hostFile.path, destination: "/etc/writeable.txt")) + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Write new content from inside the container + let newContent = "modified from container" + let writeExec = try await container.exec("write-file") { config in + config.arguments = ["sh", "-c", "echo -n '\(newContent)' > /etc/writeable.txt"] + } + try await writeExec.start() + let status = try await writeExec.wait() + try await writeExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "write status \(status) != 0") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + + let hostContent = try String(contentsOf: hostFile, encoding: .utf8) + guard hostContent == newContent else { + throw IntegrationError.assert( + msg: "expected '\(newContent)' on host, got '\(hostContent)'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testSingleFileMountSymlink() async throws { + let id = "test-single-file-mount-symlink" + + let bs = try await bootstrap(id) + + // Create a temp directory with a real file and a symlink to it + let tempDir = FileManager.default.uniqueTemporaryDirectory(create: true) + let realFile = tempDir.appendingPathComponent("realfile.txt") + let symlinkFile = tempDir.appendingPathComponent("symlink.txt") + + let initialContent = "content via symlink" + try initialContent.write(to: realFile, atomically: true, encoding: .utf8) + try FileManager.default.createSymbolicLink(at: symlinkFile, withDestinationURL: realFile) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + // Mount the symlink (should resolve to real file) + config.mounts.append(.share(source: symlinkFile.path, destination: "/etc/config.txt")) + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Read the file to verify content + let readBuffer = BufferWriter() + let readExec = try await container.exec("read-file") { config in + config.arguments = ["cat", "/etc/config.txt"] + config.stdout = readBuffer + } + try await readExec.start() + var status = try await readExec.wait() + try await readExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read status \(status) != 0") + } + + guard String(data: readBuffer.data, encoding: .utf8) == initialContent else { + throw IntegrationError.assert(msg: "content mismatch on read") + } + + // Write new content from container + let newContent = "modified via symlink mount" + let writeExec = try await container.exec("write-file") { config in + config.arguments = ["sh", "-c", "echo -n '\(newContent)' > /etc/config.txt"] + } + try await writeExec.start() + status = try await writeExec.wait() + try await writeExec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "write status \(status) != 0") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + + // Verify the REAL file (not symlink) was modified on the host + let hostContent = try String(contentsOf: realFile, encoding: .utf8) + guard hostContent == newContent else { + throw IntegrationError.assert( + msg: "expected '\(newContent)' in real file, got '\(hostContent)'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testRLimitOpenFiles() async throws { + let id = "test-rlimit-open-files" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sh", "-c", "ulimit -n"] + config.process.rlimits = [ + LinuxRLimit(kind: .openFiles, hard: 2048, soft: 1024) + ] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + // ulimit -n returns the soft limit + guard output == "1024" else { + throw IntegrationError.assert(msg: "expected soft limit '1024', got '\(output)'") + } + } + + func testRLimitMultiple() async throws { + let id = "test-rlimit-multiple" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + // Read /proc/self/limits to verify multiple rlimits are set + config.process.arguments = ["cat", "/proc/self/limits"] + config.process.rlimits = [ + LinuxRLimit(kind: .openFiles, hard: 4096, soft: 2048), + LinuxRLimit(kind: .stackSize, hard: 16_777_216, soft: 8_388_608), + LinuxRLimit(kind: .coreFileSize, hard: 0, soft: 0), + ] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + // Parse /proc/self/limits and verify the values + // Format: "Limit Name Soft Limit Hard Limit Units" + let lines = output.split(separator: "\n") + + // Helper to find and verify a limit line + func verifyLimit(name: String, expectedSoft: String, expectedHard: String) throws { + guard let line = lines.first(where: { $0.contains(name) }) else { + throw IntegrationError.assert(msg: "limit '\(name)' not found in output") + } + let parts = line.split(whereSeparator: { $0.isWhitespace }).map(String.init) + // The line format varies, but soft and hard are typically the last numeric values before units + guard parts.contains(expectedSoft) && parts.contains(expectedHard) else { + throw IntegrationError.assert( + msg: "limit '\(name)' expected soft=\(expectedSoft) hard=\(expectedHard), got: \(line)") + } + } + + try verifyLimit(name: "Max open files", expectedSoft: "2048", expectedHard: "4096") + try verifyLimit(name: "Max stack size", expectedSoft: "8388608", expectedHard: "16777216") + try verifyLimit(name: "Max core file size", expectedSoft: "0", expectedHard: "0") + } + + func testRLimitExec() async throws { + let id = "test-rlimit-exec" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Exec a process with rlimits set + let buffer = BufferWriter() + let exec = try await container.exec("rlimit-exec") { config in + config.arguments = ["sh", "-c", "ulimit -n"] + config.rlimits = [ + LinuxRLimit(kind: .openFiles, hard: 512, soft: 256) + ] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output == "256" else { + throw IntegrationError.assert(msg: "expected soft limit '256', got '\(output)'") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testDuplicateVirtiofsMount() async throws { + let id = "test-duplicate-virtiofs-mount" + + let bs = try await bootstrap(id) + + // Create a temp directory with a file + let sharedDir = FileManager.default.uniqueTemporaryDirectory(create: true) + try "shared content".write(to: sharedDir.appendingPathComponent("data.txt"), atomically: true, encoding: .utf8) + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + // Mount the same source directory to two different destinations + config.mounts.append(.share(source: sharedDir.path, destination: "/mnt1")) + config.mounts.append(.share(source: sharedDir.path, destination: "/mnt2")) + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Verify both mounts work. Read from /mnt1, then /mnt2 + let exec1 = try await container.exec("read-mnt1") { config in + config.arguments = ["cat", "/mnt1/data.txt"] + config.stdout = buffer1 + } + try await exec1.start() + var status = try await exec1.wait() + try await exec1.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read from /mnt1 failed with status \(status)") + } + + guard String(data: buffer1.data, encoding: .utf8) == "shared content" else { + throw IntegrationError.assert(msg: "unexpected content from /mnt1") + } + + let exec2 = try await container.exec("read-mnt2") { config in + config.arguments = ["cat", "/mnt2/data.txt"] + config.stdout = buffer2 + } + try await exec2.start() + status = try await exec2.wait() + try await exec2.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read from /mnt2 failed with status \(status)") + } + + guard String(data: buffer2.data, encoding: .utf8) == "shared content" else { + throw IntegrationError.assert(msg: "unexpected content from /mnt2") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testDuplicateVirtiofsMountViaSymlink() async throws { + let id = "test-duplicate-virtiofs-mount-symlink" + + let bs = try await bootstrap(id) + + // Create a temp directory with a file, and a symlink to the same directory + let tempDir = FileManager.default.uniqueTemporaryDirectory(create: true) + let realDir = tempDir.appendingPathComponent("realdir") + let symlinkDir = tempDir.appendingPathComponent("symlinkdir") + + try FileManager.default.createDirectory(at: realDir, withIntermediateDirectories: true) + try "symlink test content".write(to: realDir.appendingPathComponent("file.txt"), atomically: true, encoding: .utf8) + try FileManager.default.createSymbolicLink(at: symlinkDir, withDestinationURL: realDir) + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.mounts.append(.share(source: realDir.path, destination: "/mnt1")) + config.mounts.append(.share(source: symlinkDir.path, destination: "/mnt2")) + config.bootLog = bs.bootLog + } + + do { + // This should succeed as the symlink should resolve to the same directory + try await container.create() + try await container.start() + + let exec1 = try await container.exec("read-mnt1") { config in + config.arguments = ["cat", "/mnt1/file.txt"] + config.stdout = buffer1 + } + try await exec1.start() + var status = try await exec1.wait() + try await exec1.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read from /mnt1 failed with status \(status)") + } + + guard String(data: buffer1.data, encoding: .utf8) == "symlink test content" else { + throw IntegrationError.assert(msg: "unexpected content from /mnt1") + } + + // Verify mount via symlink works now + let exec2 = try await container.exec("read-mnt2") { config in + config.arguments = ["cat", "/mnt2/file.txt"] + config.stdout = buffer2 + } + try await exec2.start() + status = try await exec2.wait() + try await exec2.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read from /mnt2 failed with status \(status)") + } + + guard String(data: buffer2.data, encoding: .utf8) == "symlink test content" else { + throw IntegrationError.assert(msg: "unexpected content from /mnt2") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testWritableLayer() async throws { + let id = "test-writable-layer" + + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter(FilePath(writableLayerPath.absolutePath()), minDiskSize: 512.mib()) + try filesystem.close() + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + // Write a file, then read it back to verify writes work + config.process.arguments = ["/bin/sh", "-c", "echo 'writable layer test' > /tmp/testfile && cat /tmp/testfile"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.trimmingCharacters(in: .whitespacesAndNewlines) == "writable layer test" else { + throw IntegrationError.assert(msg: "unexpected output: \(output)") + } + } + + // Validates the on-disk structure of a journaled EXT4 image on the host before + // attempting a container mount. This catches geometry mismatches (superblock block + // count vs. physical file size) and missing journal metadata without requiring + // e2fsck to be present in the container image. + // + // Uses raw values for internal constants because integration tests cannot use + // @testable import: CompatFeature.hasJournal = 0x4, EXT4.JournalInode = 8. + private func verifyJournalFilesystem( + at path: URL, + minDiskSize: UInt64, + expectedMountOpts: UInt32 + ) throws { + let attrs = try FileManager.default.attributesOfItem(atPath: path.absolutePath()) + guard let fileSize = attrs[.size] as? UInt64 else { + throw IntegrationError.assert(msg: "could not read file size for \(path.lastPathComponent)") + } + let reader = try EXT4.EXT4Reader(blockDevice: FilePath(path.absolutePath())) + let sb = reader.superBlock + let blocksCount = UInt64(sb.blocksCountLow) | (UInt64(sb.blocksCountHigh) << 32) + let blockSize = UInt64(sb.blockSize) + guard fileSize == blocksCount * blockSize else { + throw IntegrationError.assert( + msg: "geometry mismatch: fileSize=\(fileSize), blocksCount=\(blocksCount), blockSize=\(blockSize)") + } + guard fileSize > minDiskSize else { + throw IntegrationError.assert( + msg: "journal did not grow the image: fileSize=\(fileSize), minDiskSize=\(minDiskSize)") + } + guard sb.featureCompat & 0x4 != 0 else { + throw IntegrationError.assert( + msg: "COMPAT_HAS_JOURNAL not set in featureCompat (0x\(String(sb.featureCompat, radix: 16)))") + } + guard sb.journalInum == 8 else { + throw IntegrationError.assert(msg: "journalInum=\(sb.journalInum), expected 8") + } + guard sb.defaultMountOpts == expectedMountOpts else { + throw IntegrationError.assert( + msg: "defaultMountOpts=0x\(String(sb.defaultMountOpts, radix: 16)), expected 0x\(String(expectedMountOpts, radix: 16)))") + } + } + + func testWritableLayerJournalWriteback() async throws { + let id = "test-writable-layer-journal-writeback" + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter( + FilePath(writableLayerPath.absolutePath()), + minDiskSize: 512.mib(), + journal: .init(defaultMode: .writeback) + ) + try filesystem.close() + // 0x0060 = data=writeback | barrier + try verifyJournalFilesystem(at: writableLayerPath, minDiskSize: 512.mib(), expectedMountOpts: 0x0060) + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sh", "-c", "echo 'journal writeback' > /tmp/testfile && cat /tmp/testfile"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + guard output.trimmingCharacters(in: .whitespacesAndNewlines) == "journal writeback" else { + throw IntegrationError.assert(msg: "unexpected output: \(output)") + } + } + + func testWritableLayerJournalOrdered() async throws { + let id = "test-writable-layer-journal-ordered" + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter( + FilePath(writableLayerPath.absolutePath()), + minDiskSize: 512.mib(), + journal: .init(defaultMode: .ordered) + ) + try filesystem.close() + // 0x0040 = data=ordered | barrier + try verifyJournalFilesystem(at: writableLayerPath, minDiskSize: 512.mib(), expectedMountOpts: 0x0040) + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sh", "-c", "echo 'journal ordered' > /tmp/testfile && cat /tmp/testfile"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + guard output.trimmingCharacters(in: .whitespacesAndNewlines) == "journal ordered" else { + throw IntegrationError.assert(msg: "unexpected output: \(output)") + } + } + + func testWritableLayerJournalData() async throws { + let id = "test-writable-layer-journal-data" + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter( + FilePath(writableLayerPath.absolutePath()), + minDiskSize: 512.mib(), + journal: .init(defaultMode: .journal) + ) + try filesystem.close() + // 0x0020 = data=journal | barrier + try verifyJournalFilesystem(at: writableLayerPath, minDiskSize: 512.mib(), expectedMountOpts: 0x0020) + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sh", "-c", "echo 'journal data' > /tmp/testfile && cat /tmp/testfile"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + guard output.trimmingCharacters(in: .whitespacesAndNewlines) == "journal data" else { + throw IntegrationError.assert(msg: "unexpected output: \(output)") + } + } + + func testWritableLayerPreservesLowerLayer() async throws { + let id = "test-writable-layer-preserves-lower" + + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter(FilePath(writableLayerPath.absolutePath()), minDiskSize: 512.mib()) + try filesystem.close() + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + // Get the size of /bin/sh before any modifications + let buffer1 = BufferWriter() + let container1 = try LinuxContainer("\(id)-1", rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + // Modify a file in /bin. This should go in the writable layer. + config.process.arguments = ["/bin/sh", "-c", "ls -la /bin/sh && echo 'modified' > /bin/test-file"] + config.process.stdout = buffer1 + config.bootLog = bs.bootLog + } + + try await container1.create() + try await container1.start() + let status1 = try await container1.wait() + try await container1.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "first container failed with status \(status1)") + } + + // Now run a second container with the SAME rootfs but without the writable layer + // The /bin/test-file should NOT exist because it was written to the writable layer + let buffer2 = BufferWriter() + let container2 = try LinuxContainer("\(id)-2", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sh", "-c", "test -f /bin/test-file && echo 'exists' || echo 'not-exists'"] + config.process.stdout = buffer2 + config.bootLog = bs.bootLog + } + + try await container2.create() + try await container2.start() + let status2 = try await container2.wait() + try await container2.stop() + + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "second container failed with status \(status2)") + } + + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output2.trimmingCharacters(in: .whitespacesAndNewlines) == "not-exists" else { + throw IntegrationError.assert(msg: "expected 'not-exists' but got: \(output2)") + } + } + + func testWritableLayerReadsFromLower() async throws { + let id = "test-writable-layer-reads-lower" + + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter(FilePath(writableLayerPath.absolutePath()), minDiskSize: 512.mib()) + try filesystem.close() + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + config.process.arguments = ["head", "-1", "/etc/passwd"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + // Alpine's first line of /etc/passwd should be root + guard output.hasPrefix("root:") else { + throw IntegrationError.assert(msg: "expected /etc/passwd to start with 'root:', got: \(output)") + } + } + + func testWritableLayerWithReadOnlyLower() async throws { + let id = "test-writable-layer-ro-lower" + + let bs = try await bootstrap(id) + var rootfs = bs.rootfs + rootfs.options.append("ro") + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter(FilePath(writableLayerPath.absolutePath()), minDiskSize: 512.mib()) + try filesystem.close() + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + // Even though lower layer is ro, writes should succeed via overlay + config.process.arguments = ["/bin/sh", "-c", "echo 'overlay write test' > /tmp/test && cat /tmp/test"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.trimmingCharacters(in: .whitespacesAndNewlines) == "overlay write test" else { + throw IntegrationError.assert(msg: "unexpected output: \(output)") + } + } + + func testWritableLayerSize() async throws { + let id = "test-writable-layer-size" + + let bs = try await bootstrap(id) + + // Create a 1 GiB writable layer + let expectedSizeBytes: UInt64 = 1.gib() + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter(FilePath(writableLayerPath.absolutePath()), minDiskSize: expectedSizeBytes) + try filesystem.close() + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + // Use df to check the available space on the root filesystem + // The overlay will report the size of the upper layer's backing store + config.process.arguments = ["/bin/sh", "-c", "df -B1 / | tail -1 | awk '{print $2}'"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard let reportedSize = UInt64(output.trimmingCharacters(in: .whitespacesAndNewlines)) else { + throw IntegrationError.assert(msg: "failed to parse df output as UInt64: \(output)") + } + + // The reported size should be close to our expected size (within 10%) + let minExpected: UInt64 = (expectedSizeBytes * 90) / 100 + let maxExpected: UInt64 = (expectedSizeBytes * 110) / 100 + + guard reportedSize >= minExpected && reportedSize <= maxExpected else { + throw IntegrationError.assert(msg: "expected size ~\(expectedSizeBytes) bytes, but df reported \(reportedSize) bytes") + } + } + + func testWritableLayerWithDNSAndHosts() async throws { + let id = "test-writable-layer-dns-hosts" + + let bs = try await bootstrap(id) + + let writableLayerPath = Self.testDir.appending(component: "\(id)-writable.ext4") + try? FileManager.default.removeItem(at: writableLayerPath) + let filesystem = try EXT4.Formatter(FilePath(writableLayerPath.absolutePath()), minDiskSize: 512.mib()) + try filesystem.close() + let writableLayer = Mount.block( + format: "ext4", + source: writableLayerPath.absolutePath(), + destination: "/", + options: [] + ) + + let buffer = BufferWriter() + let dnsEntry = "8.8.8.8" + let hostsEntry = Hosts.Entry.localHostIPV4(comment: "WritableLayerTest") + let container = try LinuxContainer(id, rootfs: bs.rootfs, writableLayer: writableLayer, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sh", "-c", "cat /etc/resolv.conf && echo '---' && cat /etc/hosts"] + config.process.stdout = buffer + config.dns = DNS(nameservers: [dnsEntry]) + config.hosts = Hosts(entries: [hostsEntry]) + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.contains(dnsEntry) else { + throw IntegrationError.assert(msg: "expected /etc/resolv.conf to contain \(dnsEntry), got: \(output)") + } + + guard output.contains("WritableLayerTest") else { + throw IntegrationError.assert(msg: "expected /etc/hosts to contain our entry, got: \(output)") + } + } + + func testFrozenExt4Clone() async throws { + let id = "test-frozen-ext4-clone" + let bs = try await bootstrap(id) + + let diskImageURL = Self.testDir.appending(component: "\(id)-data.ext4") + try? FileManager.default.removeItem(at: diskImageURL) + + let filesystem = try EXT4.Formatter(FilePath(diskImageURL.absolutePath()), minDiskSize: 64.mib()) + try filesystem.close() + + let cloneImageURL = Self.testDir.appending(component: "\(id)-data-clone.ext4") + try? FileManager.default.removeItem(at: cloneImageURL) + + let writerContainer = try LinuxContainer("\(id)-writer", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.mounts.append( + Mount.block( + format: "ext4", + source: diskImageURL.absolutePath(), + destination: "/data" + )) + config.bootLog = bs.bootLog + } + + do { + try await writerContainer.create() + try await writerContainer.start() + + try await writerContainer.filesystemOperation(operation: .freeze, path: "/data") + + let writeExec = try await writerContainer.exec("write-hello") { config in + config.arguments = ["/bin/sh", "-c", "echo hello > /data/hello.txt"] + } + try await writeExec.start() + let writeStatus = try await writeExec.wait() + try await writeExec.delete() + guard writeStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "write exec failed with status \(writeStatus)") + } + + try FileManager.default.copyItem(at: diskImageURL, to: cloneImageURL) + + try await writerContainer.filesystemOperation(operation: .thaw, path: "/data") + + try await writerContainer.kill(.kill) + _ = try await writerContainer.wait() + try await writerContainer.stop() + } catch { + try? await writerContainer.filesystemOperation(operation: .thaw, path: "/data") + try? await writerContainer.stop() + throw error + } + + let verifyContainer = try LinuxContainer("\(id)-reader", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.mounts.append( + Mount.block( + format: "ext4", + source: cloneImageURL.absolutePath(), + destination: "/data" + )) + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await verifyContainer.create() + try await verifyContainer.start() + + let mountBuffer = BufferWriter() + let mountExec = try await verifyContainer.exec("verify-mount") { config in + config.arguments = ["/bin/sh", "-c", "grep ' /data ' /proc/mounts"] + config.stdout = mountBuffer + } + try await mountExec.start() + var status = try await mountExec.wait() + try await mountExec.delete() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "failed to verify /data mount, status \(status)") + } + + let mountOutput = String(decoding: mountBuffer.data, as: UTF8.self) + guard mountOutput.contains(" /data ") && mountOutput.contains(" ext4 ") else { + throw IntegrationError.assert(msg: "expected ext4 mount at /data, got: \(mountOutput)") + } + + let lsBuffer = BufferWriter() + let lsExec = try await verifyContainer.exec("verify-no-hello") { config in + config.arguments = ["ls", "-1", "/data"] + config.stdout = lsBuffer + } + try await lsExec.start() + status = try await lsExec.wait() + try await lsExec.delete() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls /data failed with status \(status)") + } + + let lsOutput = String(decoding: lsBuffer.data, as: UTF8.self) + let listedFiles = Set(lsOutput.split(whereSeparator: \.isNewline).map(String.init)) + guard !listedFiles.contains("hello.txt") else { + throw IntegrationError.assert(msg: "expected cloned /data to not contain hello.txt, got: \(lsOutput)") + } + + try await verifyContainer.kill(.kill) + _ = try await verifyContainer.wait() + try await verifyContainer.stop() + } catch { + try? await verifyContainer.stop() + throw error + } + } + + func testTrimExt4Clone() async throws { + let id = "test-trim-ext4-clone" + let bs = try await bootstrap(id) + + let diskImageURL = Self.testDir.appending(component: "\(id)-data.ext4") + try? FileManager.default.removeItem(at: diskImageURL) + + let filesystem = try EXT4.Formatter(FilePath(diskImageURL.absolutePath()), minDiskSize: 64.mib()) + try filesystem.close() + + let cloneImageURL = Self.testDir.appending(component: "\(id)-data-clone.ext4") + try? FileManager.default.removeItem(at: cloneImageURL) + + let writerContainer = try LinuxContainer("\(id)-writer", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.mounts.append( + Mount.block( + format: "ext4", + source: diskImageURL.absolutePath(), + destination: "/data" + )) + config.bootLog = bs.bootLog + } + + do { + try await writerContainer.create() + try await writerContainer.start() + + let writeExec = try await writerContainer.exec("write-temp") { config in + config.arguments = [ + "/bin/sh", + "-c", + "dd if=/dev/zero of=/data/trim.dat bs=1M count=8 status=none && sync && rm /data/trim.dat && sync", + ] + } + try await writeExec.start() + let writeStatus = try await writeExec.wait() + try await writeExec.delete() + guard writeStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "trim setup exec failed with status \(writeStatus)") + } + + try await writerContainer.filesystemOperation(operation: .trim, path: "/data") + + try FileManager.default.copyItem(at: diskImageURL, to: cloneImageURL) + + try await writerContainer.kill(.kill) + _ = try await writerContainer.wait() + try await writerContainer.stop() + } catch { + try? await writerContainer.stop() + throw error + } + + let verifyContainer = try LinuxContainer("\(id)-reader", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.mounts.append( + Mount.block( + format: "ext4", + source: cloneImageURL.absolutePath(), + destination: "/data" + )) + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await verifyContainer.create() + try await verifyContainer.start() + + let mountBuffer = BufferWriter() + let mountExec = try await verifyContainer.exec("verify-mount") { config in + config.arguments = ["/bin/sh", "-c", "grep ' /data ' /proc/mounts"] + config.stdout = mountBuffer + } + try await mountExec.start() + var status = try await mountExec.wait() + try await mountExec.delete() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "failed to verify /data mount, status \(status)") + } + + let mountOutput = String(decoding: mountBuffer.data, as: UTF8.self) + guard mountOutput.contains(" /data ") && mountOutput.contains(" ext4 ") else { + throw IntegrationError.assert(msg: "expected ext4 mount at /data, got: \(mountOutput)") + } + + let lsBuffer = BufferWriter() + let lsExec = try await verifyContainer.exec("verify-no-hello") { config in + config.arguments = ["ls", "-1", "/data"] + config.stdout = lsBuffer + } + try await lsExec.start() + status = try await lsExec.wait() + try await lsExec.delete() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls /data failed with status \(status)") + } + + let lsOutput = String(decoding: lsBuffer.data, as: UTF8.self) + let listedFiles = Set(lsOutput.split(whereSeparator: \.isNewline).map(String.init)) + guard !listedFiles.contains("trim.dat") else { + throw IntegrationError.assert(msg: "expected cloned /data to not contain trim.dat, got: \(lsOutput)") + } + + try await verifyContainer.kill(.kill) + _ = try await verifyContainer.wait() + try await verifyContainer.stop() + } catch { + try? await verifyContainer.stop() + throw error + } + } + + func testUseInitBasic() async throws { + let id = "test-use-init-basic" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/echo", "hello from init"] + config.process.stdout = buffer + config.useInit = true + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "hello from init\n" else { + throw IntegrationError.assert( + msg: "expected 'hello from init', got '\(String(data: buffer.data, encoding: .utf8) ?? "nil")'") + } + } + + func testUseInitExitCodePropagation() async throws { + let id = "test-use-init-exit-code" + + let bs = try await bootstrap(id) + + // Test exit code 0 + var container = try LinuxContainer("\(id)-success", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/true"] + config.useInit = true + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + var status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "expected exit code 0, got \(status.exitCode)") + } + + // Test non-zero exit code + container = try LinuxContainer("\(id)-failure", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/false"] + config.useInit = true + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + status = try await container.wait() + try await container.stop() + + guard status.exitCode == 1 else { + throw IntegrationError.assert(msg: "expected exit code 1, got \(status.exitCode)") + } + + // Test custom exit code + container = try LinuxContainer("\(id)-custom", rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sh", "-c", "exit 42"] + config.useInit = true + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + status = try await container.wait() + try await container.stop() + + guard status.exitCode == 42 else { + throw IntegrationError.assert(msg: "expected exit code 42, got \(status.exitCode)") + } + } + + func testUseInitSignalForwarding() async throws { + let id = "test-use-init-signal" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "300"] + config.useInit = true + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + try await Task.sleep(for: .milliseconds(100)) + + try await container.kill(.term) + + let status = try await container.wait(timeoutInSeconds: 5) + try await container.stop() + + // SIGTERM should result in exit code 128 + 15 = 143 + guard status.exitCode == 143 else { + throw IntegrationError.assert(msg: "expected exit code 143 (SIGTERM), got \(status.exitCode)") + } + } catch { + try? await container.stop() + throw error + } + } + + func testUseInitZombieReaping() async throws { + let id = "test-use-init-zombie-reaping" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + // This script creates an orphaned process that init must reap. + // The subshell exits immediately, orphaning the sleep process. + // Init should reap it when it exits. + config.process.arguments = [ + "/bin/sh", "-c", + """ + # Create orphans: subshell exits before its children + (/bin/sleep 0.1 &) + (/bin/sleep 0.1 &) + # Wait for orphans to complete + /bin/sleep 0.3 + # Check for zombie processes (Z state) + zombies=$(ps -eo stat 2>/dev/null | grep -c '^Z' || echo 0) + echo "zombie_count:$zombies" + """, + ] + config.process.stdout = buffer + config.useInit = true + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // Should report 0 zombies + guard output.contains("zombie_count:0") else { + throw IntegrationError.assert(msg: "expected zero zombies, got: \(output)") + } + } catch { + try? await container.stop() + throw error + } + } + + func testUseInitWithTerminal() async throws { + let id = "test-use-init-terminal" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sh", "-c", "tty && echo 'has tty'"] + config.process.terminal = true + config.process.stdout = buffer + config.useInit = true + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output.contains("has tty") else { + throw IntegrationError.assert(msg: "expected 'has tty' in output, got: \(output)") + } + } + + func testUseInitWithStdin() async throws { + let id = "test-use-init-stdin" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat"] + config.process.stdin = StdinBuffer(data: "input through init\n".data(using: .utf8)!) + config.process.stdout = buffer + config.useInit = true + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "input through init\n" else { + throw IntegrationError.assert( + msg: "expected 'input through init', got '\(String(data: buffer.data, encoding: .utf8) ?? "nil")'") + } + } + + #if os(macOS) + @available(macOS 26.0, *) + func testNetworkingDisabled() async throws { + let id = "test-networking-disabled" + let bs = try await bootstrap(id) + + let network = try VmnetNetwork() + var manager = try ContainerManager(vmm: bs.vmm, network: network) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs, + networking: false + ) { config in + config.process.arguments = ["ls", "-1", "/sys/class/net/"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls /sys/class/net/ failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // With networking disabled check we don't have an eth0. + let interfaces = output.trimmingCharacters(in: .whitespacesAndNewlines) + .split(separator: "\n") + .map { $0.trimmingCharacters(in: .whitespaces) } + + guard !interfaces.contains("eth0") else { + throw IntegrationError.assert( + msg: "expected no 'eth0' interface") + } + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testNetworkingEnabled() async throws { + let id = "test-networking-enabled" + let bs = try await bootstrap(id) + + let network = try VmnetNetwork() + var manager = try ContainerManager(vmm: bs.vmm, network: network) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs + ) { config in + config.process.arguments = ["ls", "-1", "/sys/class/net/"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls /sys/class/net/ failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // With networking enabled (default), eth0 should be present alongside lo + let interfaces = Set( + output.trimmingCharacters(in: .whitespacesAndNewlines) + .split(separator: "\n") + .map { $0.trimmingCharacters(in: .whitespaces) } + ) + guard interfaces.contains("lo") else { + throw IntegrationError.assert(msg: "expected 'lo' interface, got: \(interfaces)") + } + guard interfaces.contains("eth0") else { + throw IntegrationError.assert(msg: "expected 'eth0' interface, got: \(interfaces)") + } + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testNetworkingEnabledIPv6() async throws { + let id = "test-networking-enabled-ipv6" + let bs = try await bootstrap(id) + + let network = try VmnetNetwork() + var manager = try ContainerManager(vmm: bs.vmm, network: network) + defer { + try? manager.delete(id) + } + + let buffer = BufferWriter() + let container = try await manager.create( + id, + image: bs.image, + rootfs: bs.rootfs + ) { config in + config.process.arguments = ["ip", "-6", "addr", "show", "eth0", "scope", "global"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 addr show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output.contains("inet6 fd") else { + throw IntegrationError.assert( + msg: "expected a global-scope IPv6 address on eth0, got: \(output)") + } + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testIPv6AddressAdd() async throws { + let id = "test-ipv6-address" + let bs = try await bootstrap(id) + + // Pin the v6 prefix so the allocator's first allocation yields fd00::2. + var network = try VmnetNetwork(prefixV6: try CIDRv6("fd00::/64")) + defer { + try? network.releaseInterface(id) + } + + guard let interface = try network.createInterface(id) else { + throw IntegrationError.assert(msg: "failed to create network interface") + } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Check that the IPv6 address was assigned to eth0. + let exec = try await container.exec("check-ipv6") { config in + config.arguments = ["ip", "-6", "addr", "show", "eth0"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 addr show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output.contains("fd00::2") else { + throw IntegrationError.assert( + msg: "expected fd00::2 in output, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testIPv6DefaultRoute() async throws { + let id = "test-ipv6-default-route" + let bs = try await bootstrap(id) + + // Pin the network's v6 prefix so the gateway is deterministically fd00::1 + // and the allocator's first allocation yields fd00::2. + var network = try VmnetNetwork(prefixV6: try CIDRv6("fd00::/64")) + defer { + try? network.releaseInterface(id) + } + + guard let interface = try network.createInterface(id) else { + throw IntegrationError.assert(msg: "failed to create network interface") + } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Inspect IPv6 routes inside the container. + let exec = try await container.exec("check-v6-route") { config in + config.arguments = ["ip", "-6", "route", "show"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 route show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // The default v6 route must point at the gateway we configured, on eth0. + guard output.contains("default via fd00::1 dev eth0") else { + throw IntegrationError.assert( + msg: "expected 'default via fd00::1 dev eth0' in v6 routes, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testIPv6GatewayOutsideSubnet() async throws { + let id = "test-ipv6-gateway-outside-subnet" + let bs = try await bootstrap(id) + + // Address in fd00::/120, gateway in fd01::/120 — subnets don't overlap, so the + // LinuxContainer wiring must add a /128 link route to the gateway before the + // default route. The two prefixes are independent so we drive this directly + // via NATInterface rather than the VmnetNetwork allocator (which always + // derives the gateway from the network's own prefix). + let interface = NATInterface( + ipv4Address: try CIDRv4("192.0.2.2/24"), + ipv4Gateway: try IPv4Address("192.0.2.1"), + ipv6Address: try CIDRv6("fd00::2/120"), + ipv6Gateway: try IPv6Address("fd01::1")) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let exec = try await container.exec("check-v6-routes") { config in + config.arguments = ["ip", "-6", "route", "show"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 route show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // Both the link-scoped route to the gateway AND the default via that gateway + // must be present. Without the link route, the kernel would refuse the default. + // Match the link route on a line that starts with the gateway address (no "via") + // so it can't be satisfied by a substring of the default-via line. + let lines = output.split(separator: "\n").map(String.init) + let hasLinkRoute = lines.contains { $0.hasPrefix("fd01::1 ") && $0.contains("dev eth0") && !$0.contains("via") } + guard hasLinkRoute else { + throw IntegrationError.assert( + msg: "expected an on-link route 'fd01::1 ... dev eth0' (no 'via') in v6 routes, got: \(output)") + } + guard output.contains("default via fd01::1 dev eth0") else { + throw IntegrationError.assert( + msg: "expected 'default via fd01::1 dev eth0' in v6 routes, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testIPv6OnlyDefaultRoute() async throws { + let id = "test-ipv6-only-default-route" + let bs = try await bootstrap(id) + + // Construct a NATInterface with a nil IPv4 gateway and a v6 gateway, so + // LinuxContainer takes the no-v4-gateway branch in setupInterface. The v4 + // address comes from TEST-NET-1; nothing in the test traffics over v4. + let interface = NATInterface( + ipv4Address: try CIDRv4("192.0.2.2/24"), + ipv4Gateway: nil, + ipv6Address: try CIDRv6("fd00::2/64"), + ipv6Gateway: try IPv6Address("fd00::1")) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let exec = try await container.exec("check-v6-route") { config in + config.arguments = ["ip", "-6", "route", "show"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 route show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output.contains("default via fd00::1 dev eth0") else { + throw IntegrationError.assert( + msg: "expected 'default via fd00::1 dev eth0' in v6 routes when ipv4Gateway is nil, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testIPv6OnlyGatewayOutsideSubnet() async throws { + let id = "test-ipv6-only-gateway-outside-subnet" + let bs = try await bootstrap(id) + + // No v4 gateway AND v6 gateway is outside the v6 subnet. Exercises + // setupInterface's "no v4 gateway, but v6 link route required before + // v6 default route" branch — the exact bug the helper extraction fixed. + let interface = NATInterface( + ipv4Address: try CIDRv4("192.0.2.2/24"), + ipv4Gateway: nil, + ipv6Address: try CIDRv6("fd00::2/120"), + ipv6Gateway: try IPv6Address("fd01::1")) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let exec = try await container.exec("check-v6-routes") { config in + config.arguments = ["ip", "-6", "route", "show"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 route show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + // Both the on-link route to the gateway AND the default via it must be present. + // Without the link route the kernel rejects the default — that was the bug. + let lines = output.split(separator: "\n").map(String.init) + let hasLinkRoute = lines.contains { $0.hasPrefix("fd01::1 ") && $0.contains("dev eth0") && !$0.contains("via") } + guard hasLinkRoute else { + throw IntegrationError.assert( + msg: "expected an on-link route 'fd01::1 ... dev eth0' (no 'via') in v6 routes, got: \(output)") + } + guard output.contains("default via fd01::1 dev eth0") else { + throw IntegrationError.assert( + msg: "expected 'default via fd01::1 dev eth0' in v6 routes, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + @available(macOS 26.0, *) + func testIPv6DualStack() async throws { + let id = "test-ipv6-dual-stack" + let bs = try await bootstrap(id) + + // Pin the network's v6 prefix so the gateway is deterministically fd00::1 + // and the allocator's first allocation yields fd00::2. + var network = try VmnetNetwork(prefixV6: try CIDRv6("fd00::/64")) + defer { + try? network.releaseInterface(id) + } + + guard let interface = try network.createInterface(id) else { + throw IntegrationError.assert(msg: "failed to create network interface") + } + + // Capture the v4 address vmnet allocated so we can assert it ends up on eth0. + let expectedV4 = interface.ipv4Address.address.description + + let addrBuffer = BufferWriter() + let routeBuffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.interfaces = [interface] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // `ip addr show` (no family flag) lists both v4 and v6. + let addrExec = try await container.exec("check-dual-stack-addr") { config in + config.arguments = ["ip", "addr", "show", "eth0"] + config.stdout = addrBuffer + } + try await addrExec.start() + let addrStatus = try await addrExec.wait() + try await addrExec.delete() + + guard addrStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip addr show failed with status \(addrStatus)") + } + + guard let addrOutput = String(data: addrBuffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert addr output to UTF8") + } + + guard addrOutput.contains(expectedV4) else { + throw IntegrationError.assert( + msg: "expected v4 address \(expectedV4) on eth0, got: \(addrOutput)") + } + guard addrOutput.contains("fd00::2") else { + throw IntegrationError.assert( + msg: "expected v6 address fd00::2 on eth0, got: \(addrOutput)") + } + + // The dual-stack default routes must both be installed. + let routeExec = try await container.exec("check-dual-stack-route") { config in + config.arguments = ["ip", "-6", "route", "show"] + config.stdout = routeBuffer + } + try await routeExec.start() + let routeStatus = try await routeExec.wait() + try await routeExec.delete() + + guard routeStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 route show failed with status \(routeStatus)") + } + + guard let routeOutput = String(data: routeBuffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert route output to UTF8") + } + + guard routeOutput.contains("default via fd00::1 dev eth0") else { + throw IntegrationError.assert( + msg: "expected 'default via fd00::1 dev eth0' in v6 routes, got: \(routeOutput)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + #endif + + func testSysctl() async throws { + let id = "test-container-sysctl" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.sysctl = [ + "net.core.somaxconn": "4096" + ] + config.process.arguments = ["cat", "/proc/sys/net/core/somaxconn"] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output == "4096" else { + throw IntegrationError.assert( + msg: "sysctl net.core.somaxconn should be '4096', got '\(output ?? "nil")'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testSysctlMultiple() async throws { + let id = "test-container-sysctl-multiple" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.sysctl = [ + "net.core.somaxconn": "2048", + "net.ipv4.ip_forward": "1", + ] + config.process.arguments = [ + "/bin/sh", "-c", + "cat /proc/sys/net/core/somaxconn && cat /proc/sys/net/ipv4/ip_forward", + ] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + let lines = output?.split(separator: "\n").map { $0.trimmingCharacters(in: .whitespaces) } + guard lines == ["2048", "1"] else { + throw IntegrationError.assert( + msg: "expected sysctls ['2048', '1'], got '\(output ?? "nil")'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testNoNewPrivileges() async throws { + let id = "test-no-new-privileges" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat", "/proc/self/status"] + config.process.noNewPrivileges = true + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + // /proc/self/status contains "NoNewPrivs:\t1" when the bit is set + guard output.contains("NoNewPrivs:\t1") else { + throw IntegrationError.assert(msg: "expected NoNewPrivs to be 1, got: \(output)") + } + } + + func testNoNewPrivilegesDisabled() async throws { + let id = "test-no-new-privileges-disabled" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["cat", "/proc/self/status"] + // noNewPrivileges defaults to false + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + // When noNewPrivileges is not set, NoNewPrivs should be 0 + guard output.contains("NoNewPrivs:\t0") else { + throw IntegrationError.assert(msg: "expected NoNewPrivs to be 0, got: \(output)") + } + } + + func testWorkingDirCreated() async throws { + let id = "test-working-dir-created" + let bs = try await bootstrap(id) + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/pwd"] + config.process.workingDirectory = "/does/not/exist" + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process with non-existent workingDir failed: \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to read stdout") + } + + guard output == "/does/not/exist" else { + throw IntegrationError.assert(msg: "expected cwd '/does/not/exist', got '\(output)'") + } + } catch { + try? await container.stop() + throw error + } + } + + func testWorkingDirExecCreated() async throws { + let id = "test-working-dir-exec-created" + let bs = try await bootstrap(id) + + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let buffer = BufferWriter() + let exec = try await container.exec("cwd-exec") { config in + config.arguments = ["/bin/pwd"] + config.workingDirectory = "/a/b/c/d" + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec with non-existent workingDir failed: \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to read stdout") + } + + guard output == "/a/b/c/d" else { + throw IntegrationError.assert(msg: "expected cwd '/a/b/c/d', got '\(output)'") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testNoNewPrivilegesExec() async throws { + let id = "test-no-new-privileges-exec" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "100"] + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + // Exec a process with noNewPrivileges set + let buffer = BufferWriter() + let exec = try await container.exec("nnp-exec") { config in + config.arguments = ["cat", "/proc/self/status"] + config.noNewPrivileges = true + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.contains("NoNewPrivs:\t1") else { + throw IntegrationError.assert(msg: "expected NoNewPrivs to be 1 in exec, got: \(output)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + func testVMResourceOverhead() async throws { + let id = "test-vm-resource-overhead" + + let bs = try await bootstrap(id) + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["sleep", "infinity"] + config.cpus = 2 + config.memoryInBytes = 256.mib() + config.cpuOverhead = 2 + config.memoryOverhead = 1024.mib() + config.bootLog = bs.bootLog + } + + do { + try await container.create() + try await container.start() + + let cpuBuffer = BufferWriter() + let cpuExec = try await container.exec("check-nproc") { config in + config.arguments = ["nproc"] + config.stdout = cpuBuffer + } + try await cpuExec.start() + var status = try await cpuExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "nproc status \(status) != 0") + } + try await cpuExec.delete() + + guard let cpuStr = String(data: cpuBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines), + let cpuCount = Int(cpuStr) + else { + throw IntegrationError.assert(msg: "failed to parse nproc output") + } + let expectedCpus = 4 + guard cpuCount == expectedCpus else { + throw IntegrationError.assert(msg: "nproc \(cpuCount) != expected \(expectedCpus)") + } + + let memBuffer = BufferWriter() + let memExec = try await container.exec("check-meminfo") { config in + config.arguments = ["sh", "-c", "grep MemTotal /proc/meminfo | awk '{print $2}'"] + config.stdout = memBuffer + } + try await memExec.start() + status = try await memExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "meminfo status \(status) != 0") + } + try await memExec.delete() + + guard let memStr = String(data: memBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines), + let memTotalKiB = UInt64(memStr) + else { + throw IntegrationError.assert(msg: "failed to parse MemTotal") + } + let memTotalBytes = memTotalKiB * 1024 + let expectedMin: UInt64 = 1024.mib() + guard memTotalBytes > expectedMin else { + throw IntegrationError.assert( + msg: "MemTotal \(memTotalBytes) should exceed \(expectedMin)") + } + + try await container.kill(.kill) + try await container.wait() + try await container.stop() + } catch { + try? await container.stop() + throw error + } + } + + // Verify that mounts are sorted by destination path depth so that a + // higher-level mount (e.g. /mnt) doesn't shadow a deeper mount + // (e.g. /mnt/deep/nested). Both directories are separate virtiofs + // shares; the sort ensures /mnt is mounted first and /mnt/deep/nested + // on top of it. + func testMountsSortedByDepth() async throws { + let id = "test-mount-sort-depth" + + let bs = try await bootstrap(id) + let buffer = BufferWriter() + + // Create two separate mount directories with distinct files. + let deepDir = FileManager.default.uniqueTemporaryDirectory(create: true) + try "deep-content".write(to: deepDir.appendingPathComponent("deep.txt"), atomically: true, encoding: .utf8) + + let shallowDir = FileManager.default.uniqueTemporaryDirectory(create: true) + try "shallow-content".write(to: shallowDir.appendingPathComponent("shallow.txt"), atomically: true, encoding: .utf8) + + // Add deeper mount first, then shallower mount. Without sorting the + // shallower mount would shadow the deeper one. + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.process.arguments = ["/bin/cat", "/mnt/deep/nested/deep.txt"] + config.mounts.append(.share(source: deepDir.path, destination: "/mnt/deep/nested")) + config.mounts.append(.share(source: shallowDir.path, destination: "/mnt")) + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let value = String(data: buffer.data, encoding: .utf8) + guard value == "deep-content" else { + throw IntegrationError.assert( + msg: "expected 'deep-content' but got '\(value ?? "")'") + } + } +} diff --git a/Sources/Integration/NBDServer.swift b/Sources/Integration/NBDServer.swift new file mode 100644 index 0000000..982c875 --- /dev/null +++ b/Sources/Integration/NBDServer.swift @@ -0,0 +1,383 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Foundation +import Logging +import NIOCore +import NIOPosix + +#if os(macOS) +/// A minimal NBD server for integration testing. +/// +/// Serves a file-backed block device using the NBD newstyle handshake protocol. +/// Supports both TCP and Unix domain socket transports. +final class NBDServer: Sendable { + private let channel: Channel + private let socketPath: String? + private let group: EventLoopGroup + let url: String + + init(filePath: String, socketPath: String, logger: Logger? = nil) throws { + self.socketPath = socketPath + self.group = MultiThreadedEventLoopGroup(numberOfThreads: 1) + + try? FileManager.default.removeItem(atPath: socketPath) + + self.channel = try Self.bootstrap(group: self.group, filePath: filePath, logger: logger) + .bind(unixDomainSocketPath: socketPath) + .wait() + self.url = "nbd+unix:///?socket=\(socketPath)" + } + + init(filePath: String, port: Int, logger: Logger? = nil) throws { + self.socketPath = nil + self.group = MultiThreadedEventLoopGroup(numberOfThreads: 1) + + self.channel = try Self.bootstrap(group: self.group, filePath: filePath, logger: logger) + .bind(host: "127.0.0.1", port: port) + .wait() + + guard let boundPort = channel.localAddress?.port, boundPort > 0 else { + throw ContainerizationError(.internalError, message: "NBD server failed to bind to a port") + } + self.url = "nbd://127.0.0.1:\(boundPort)" + } + + func stop() { + try? channel.close().wait() + try? group.syncShutdownGracefully() + if let socketPath { + try? FileManager.default.removeItem(atPath: socketPath) + } + } + + private static func bootstrap(group: EventLoopGroup, filePath: String, logger: Logger?) -> ServerBootstrap { + ServerBootstrap(group: group) + .serverChannelOption(.socketOption(.so_reuseaddr), value: 1) + .childChannelInitializer { channel in + channel.eventLoop.makeCompletedFuture { + try channel.pipeline.syncOperations.addHandler( + NBDConnectionHandler(filePath: filePath, logger: logger) + ) + } + } + } +} + +private final class NBDConnectionHandler: ChannelInboundHandler { + typealias InboundIn = ByteBuffer + typealias OutboundOut = ByteBuffer + + // Protocol constants + static let magic: UInt64 = 0x4e42_444d_4147_4943 + static let ihaveopt: UInt64 = 0x4948_4156_454f_5054 + static let replyMagic: UInt64 = 0x3_e889_0455_65a9 + static let requestMagic: UInt32 = 0x2560_9513 + static let simpleReplyMagic: UInt32 = 0x6744_6698 + + static let optExportName: UInt32 = 1 + static let optAbort: UInt32 = 2 + static let optInfo: UInt32 = 6 + static let optGo: UInt32 = 7 + + static let cmdRead: UInt16 = 0 + static let cmdWrite: UInt16 = 1 + static let cmdDisc: UInt16 = 2 + static let cmdFlush: UInt16 = 3 + + static let flagFixedNewstyle: UInt16 = 0x1 + static let flagNoZeroes: UInt16 = 0x2 + static let clientFlagFixedNewstyle: UInt32 = 0x1 + static let clientFlagNoZeroes: UInt32 = 0x2 + static let transmitHasFlags: UInt16 = 0x1 + static let transmitSendFlush: UInt16 = 0x4 + static let transmitSendFUA: UInt16 = 0x8 + + static let repACK: UInt32 = 1 + static let repInfo: UInt32 = 3 + static let repErrUnsup: UInt32 = 0x8000_0001 + static let infoExport: UInt16 = 0 + static let infoBlockSize: UInt16 = 3 + + // NBD error codes + static let errOK: UInt32 = 0 + static let errIO: UInt32 = 5 + static let errNotsup: UInt32 = 95 + + private let fileFD: Int32 + private let fileSize: UInt64 + private let logger: Logger? + private var buffer: ByteBuffer = ByteBuffer() + private var state: ConnectionState = .handshake + + private enum ConnectionState { + case handshake + case options(noZeroes: Bool) + case transmission + } + + init(filePath: String, logger: Logger?) { + self.fileFD = open(filePath, O_RDWR) + self.logger = logger + guard fileFD >= 0 else { + self.fileSize = 0 + logger?.error("NBD server: failed to open \(filePath), errno=\(errno)") + return + } + var st = stat() + if fstat(self.fileFD, &st) == 0 { + self.fileSize = UInt64(st.st_size) + } else { + self.fileSize = 0 + } + } + + func channelActive(context: ChannelHandlerContext) { + guard fileFD >= 0 else { + context.close(promise: nil) + return + } + // Send initial handshake. + var buf = context.channel.allocator.buffer(capacity: 18) + buf.writeInteger(Self.magic) + buf.writeInteger(Self.ihaveopt) + buf.writeInteger(Self.flagFixedNewstyle | Self.flagNoZeroes) + context.writeAndFlush(wrapOutboundOut(buf), promise: nil) + } + + func channelInactive(context: ChannelHandlerContext) { + if fileFD >= 0 { + close(fileFD) + } + } + + func channelRead(context: ChannelHandlerContext, data: NIOAny) { + var incoming = unwrapInboundIn(data) + buffer.writeBuffer(&incoming) + processBuffer(context: context) + } + + private func processBuffer(context: ChannelHandlerContext) { + while true { + switch state { + case .handshake: + guard buffer.readableBytes >= 4, + let clientFlags = buffer.readInteger(as: UInt32.self) + else { + return + } + guard clientFlags & Self.clientFlagFixedNewstyle != 0 else { + context.close(promise: nil) + return + } + let noZeroes = clientFlags & Self.clientFlagNoZeroes != 0 + state = .options(noZeroes: noZeroes) + + case .options(let noZeroes): + guard buffer.readableBytes >= 16 else { + return + } + // Peek at the header without consuming. + let readerIndex = buffer.readerIndex + guard let magic = buffer.getInteger(at: readerIndex, as: UInt64.self), + let optType = buffer.getInteger(at: readerIndex + 8, as: UInt32.self), + let dataLen = buffer.getInteger(at: readerIndex + 12, as: UInt32.self) + else { + context.close(promise: nil) + return + } + + // Wait until we have the full option data. + guard buffer.readableBytes >= 16 + Int(dataLen) else { + return + } + // Consume the header. + buffer.moveReaderIndex(forwardBy: 16) + + guard magic == Self.ihaveopt else { + context.close(promise: nil) + return + } + + let transmitFlags = Self.transmitHasFlags | Self.transmitSendFlush | Self.transmitSendFUA + + switch optType { + case Self.optExportName: + if dataLen > 0 { + buffer.moveReaderIndex(forwardBy: Int(dataLen)) + } + var reply = context.channel.allocator.buffer(capacity: 10) + reply.writeInteger(fileSize) + reply.writeInteger(transmitFlags) + if !noZeroes { + reply.writeRepeatingByte(0, count: 124) + } + context.writeAndFlush(wrapOutboundOut(reply), promise: nil) + state = .transmission + + case Self.optInfo, Self.optGo: + // Parse InfoRequest to check for block size request. + var requestedBlockSize = false + if dataLen >= 6 { + let optDataStart = buffer.readerIndex + let nameLen = Int(buffer.getInteger(at: optDataStart, as: UInt32.self) ?? 0) + let infoOffset = optDataStart + 4 + nameLen + if infoOffset + 2 <= optDataStart + Int(dataLen) { + let numReqs = Int(buffer.getInteger(at: infoOffset, as: UInt16.self) ?? 0) + for i in 0.. 0 { + buffer.moveReaderIndex(forwardBy: Int(dataLen)) + } + + // Send NBD_INFO_EXPORT reply. + var exportInfo = context.channel.allocator.buffer(capacity: 32) + writeOptReply(&exportInfo, optType: optType, replyType: Self.repInfo, dataLen: 12) + exportInfo.writeInteger(Self.infoExport) + exportInfo.writeInteger(fileSize) + exportInfo.writeInteger(transmitFlags) + + // Send NBD_INFO_BLOCK_SIZE if requested. + if requestedBlockSize { + writeOptReply(&exportInfo, optType: optType, replyType: Self.repInfo, dataLen: 14) + exportInfo.writeInteger(Self.infoBlockSize) + exportInfo.writeInteger(UInt32(1)) // minimum + exportInfo.writeInteger(UInt32(4096)) // preferred + exportInfo.writeInteger(UInt32(4096 * 32)) // maximum + } + + writeOptReply(&exportInfo, optType: optType, replyType: Self.repACK, dataLen: 0) + context.writeAndFlush(wrapOutboundOut(exportInfo), promise: nil) + + if optType == Self.optGo { + state = .transmission + } + + case Self.optAbort: + if dataLen > 0 { + buffer.moveReaderIndex(forwardBy: Int(dataLen)) + } + context.close(promise: nil) + return + + default: + if dataLen > 0 { + buffer.moveReaderIndex(forwardBy: Int(dataLen)) + } + var reply = context.channel.allocator.buffer(capacity: 20) + writeOptReply(&reply, optType: optType, replyType: Self.repErrUnsup, dataLen: 0) + context.writeAndFlush(wrapOutboundOut(reply), promise: nil) + } + + case .transmission: + // Request header: 4 magic + 2 flags + 2 type + 8 cookie + 8 offset + 4 length = 28 + guard buffer.readableBytes >= 28 else { + return + } + let readerIndex = buffer.readerIndex + guard let magic = buffer.getInteger(at: readerIndex, as: UInt32.self), + let cmdType = buffer.getInteger(at: readerIndex + 6, as: UInt16.self), + let cookie = buffer.getInteger(at: readerIndex + 8, as: UInt64.self), + let offset = buffer.getInteger(at: readerIndex + 16, as: UInt64.self), + let length = buffer.getInteger(at: readerIndex + 24, as: UInt32.self) + else { + context.close(promise: nil) + return + } + guard magic == Self.requestMagic else { + context.close(promise: nil) + return + } + + switch cmdType { + case Self.cmdWrite: + // Need the full write payload before processing. + guard buffer.readableBytes >= 28 + Int(length) else { + return + } + buffer.moveReaderIndex(forwardBy: 28) + var writeData = [UInt8](repeating: 0, count: Int(length)) + buffer.readWithUnsafeReadableBytes { ptr in + writeData.withUnsafeMutableBytes { dst in + guard let dstBase = dst.baseAddress, let srcBase = ptr.baseAddress else { + return + } + _ = memcpy(dstBase, srcBase, Int(length)) + } + return Int(length) + } + let n = pwrite(fileFD, &writeData, Int(length), off_t(offset)) + var reply = context.channel.allocator.buffer(capacity: 16) + writeSimpleReply(&reply, cookie: cookie, error: n < 0 ? Self.errIO : Self.errOK) + context.writeAndFlush(wrapOutboundOut(reply), promise: nil) + + case Self.cmdRead: + buffer.moveReaderIndex(forwardBy: 28) + var readBuf = [UInt8](repeating: 0, count: Int(length)) + let n = pread(fileFD, &readBuf, Int(length), off_t(offset)) + var reply = context.channel.allocator.buffer(capacity: 16 + Int(length)) + writeSimpleReply(&reply, cookie: cookie, error: n < 0 ? Self.errIO : Self.errOK) + if n >= 0 { + reply.writeBytes(readBuf[0.. Containerization.Mount { + let clonePath = Self.testDir.appending(component: "\(testID)-\(containerID).ext4").absolutePath() + try? FileManager.default.removeItem(atPath: clonePath) + return try rootfs.clone(to: clonePath) + } + + func testPodSingleContainer() async throws { + let id = "test-pod-single-container" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/true"] + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + } + + func testPodMultipleContainers() async throws { + let id = "test-pod-multiple-containers" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/true"] + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/echo", "hello"] + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 status \(status1) != 0") + } + + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 status \(status2) != 0") + } + } + + func testPodContainerOutput() async throws { + let id = "test-pod-container-output" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/echo", "hello from pod"] + config.process.stdout = buffer + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "hello from pod\n" else { + throw IntegrationError.assert( + msg: "process should have returned on stdout 'hello from pod' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testPodConcurrentContainers() async throws { + let id = "test-pod-concurrent-containers" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + // Add 5 containers + for i in 0..<5 { + try await pod.addContainer("container\(i)", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container\(i)")) { config in + config.process.arguments = ["/bin/sleep", "1"] + } + } + + try await pod.create() + + // Start all containers concurrently + try await withThrowingTaskGroup(of: Void.self) { group in + for i in 0..<5 { + group.addTask { + try await pod.startContainer("container\(i)") + } + } + try await group.waitForAll() + } + + // Wait for all containers concurrently + try await withThrowingTaskGroup(of: Void.self) { group in + for i in 0..<5 { + group.addTask { + let status = try await pod.waitContainer("container\(i)") + if status.exitCode != 0 { + throw IntegrationError.assert(msg: "container\(i) status \(status) != 0") + } + } + } + try await group.waitForAll() + } + + try await pod.stop() + } + + func testPodExecInContainer() async throws { + let id = "test-pod-exec-in-container" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/sleep", "100"] + } + + try await pod.create() + try await pod.startContainer("container1") + + let buffer = BufferWriter() + let exec = try await pod.execInContainer("container1", processID: "exec1") { config in + config.arguments = ["/bin/echo", "exec test"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + try await pod.killContainer("container1", signal: .kill) + try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "exec test\n" else { + throw IntegrationError.assert( + msg: "exec should have returned 'exec test' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testPodExecInContainerEnv() async throws { + let id = "test-pod-exec-in-container-env" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/sleep", "100"] + config.process.environmentVariables.append("MY_VAR=hello_from_container") + } + + try await pod.create() + try await pod.startContainer("container1") + + let buffer = BufferWriter() + let exec = try await pod.execInContainer("container1", processID: "exec1") { config in + config.arguments = ["/bin/sh", "-c", "printenv MY_VAR"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + try await pod.killContainer("container1", signal: .kill) + try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec env status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "hello_from_container\n" else { + throw IntegrationError.assert( + msg: "exec should have inherited container env MY_VAR=hello_from_container, got '\(String(data: buffer.data, encoding: .utf8) ?? "nil")'") + } + } + + func testPodContainerHostname() async throws { + let id = "test-pod-container-hostname" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/hostname"] + config.hostname = "my-pod-container" + config.process.stdout = buffer + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "my-pod-container\n" else { + throw IntegrationError.assert( + msg: "hostname should be 'my-pod-container' != '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testPodContainerHostnameDefaultsToContainerID() async throws { + let id = "test-pod-container-hostname-default" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/hostname"] + config.process.stdout = buffer + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "container1\n" else { + throw IntegrationError.assert( + msg: "hostname should default to container id 'container1', got '\(String(data: buffer.data, encoding: .utf8)!)'") + } + } + + func testPodStopContainerIdempotency() async throws { + let id = "test-pod-stop-container-idempotency" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/true"] + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + // Stop container twice - should not fail + try await pod.stopContainer("container1") + try await pod.stopContainer("container1") + + try await pod.stop() + } + + func testPodListContainers() async throws { + let id = "test-pod-list-containers" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let containerIDs = ["container1", "container2", "container3"] + for containerID in containerIDs { + try await pod.addContainer(containerID, rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: containerID)) { config in + config.process.arguments = ["/bin/true"] + } + } + + let listedContainers = await pod.listContainers() + + guard Set(listedContainers) == Set(containerIDs) else { + throw IntegrationError.assert( + msg: "listed containers \(listedContainers) != expected \(containerIDs)") + } + + try await pod.create() + try await pod.stop() + } + + func testPodContainerStatistics() async throws { + let id = "test-pod-container-statistics" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + try await pod.startContainer("container2") + + let stats = try await pod.statistics() + + guard stats.count == 2 else { + throw IntegrationError.assert(msg: "expected 2 container stats, got \(stats.count)") + } + + let containerIDs = Set(stats.map { $0.id }) + guard containerIDs == Set(["container1", "container2"]) else { + throw IntegrationError.assert(msg: "unexpected container IDs in stats: \(containerIDs)") + } + + for stat in stats { + guard let process = stat.process, process.current > 0 else { + throw IntegrationError.assert(msg: "container \(stat.id) process count should be > 0") + } + + guard let memory = stat.memory, memory.usageBytes > 0 else { + throw IntegrationError.assert(msg: "container \(stat.id) memory usage should be > 0") + } + + print("Container \(stat.id) statistics:") + print(" Processes: \(process.current)") + print(" Memory: \(memory.usageBytes) bytes") + print(" CPU: \(stat.cpu?.usageUsec ?? 0) usec") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodMemoryEventsOOMKill() async throws { + let id = "test-pod-memory-events-oom-kill" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + let exec = try await pod.execInContainer("container1", processID: "oom-trigger") { config in + config.arguments = [ + "sh", + "-c", + "echo 2097152 > /sys/fs/cgroup/memory.max && dd if=/dev/zero of=/dev/null bs=100M", + ] + } + + try await exec.start() + let status = try await exec.wait() + if status.exitCode == 0 { + throw IntegrationError.assert(msg: "expected exit code > 0") + } + try await exec.delete() + + let stats = try await pod.statistics(containerIDs: ["container1"], categories: .memoryEvents) + + guard let containerStats = stats.first, let events = containerStats.memoryEvents else { + throw IntegrationError.assert(msg: "expected memoryEvents to be present") + } + + print("Memory events for pod container container1:") + print(" low: \(events.low)") + print(" high: \(events.high)") + print(" max: \(events.max)") + print(" oom: \(events.oom)") + print(" oomKill: \(events.oomKill)") + + guard events.oomKill > 0 else { + throw IntegrationError.assert(msg: "expected oomKill > 0, got \(events.oomKill)") + } + + try await pod.killContainer("container1", signal: .kill) + try await pod.waitContainer("container1") + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodContainerResourceLimits() async throws { + let id = "test-pod-container-resource-limits" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + config.cpus = 2 + config.memoryInBytes = 256.mib() + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + // Verify memory limit + let memoryBuffer = BufferWriter() + let memoryExec = try await pod.execInContainer("container1", processID: "check-memory") { config in + config.arguments = ["cat", "/sys/fs/cgroup/memory.max"] + config.stdout = memoryBuffer + } + try await memoryExec.start() + var status = try await memoryExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-memory status \(status) != 0") + } + try await memoryExec.delete() + + guard let memoryLimit = String(data: memoryBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse memory.max") + } + let expectedMemory = "\(256.mib())" + guard memoryLimit == expectedMemory else { + throw IntegrationError.assert(msg: "memory.max \(memoryLimit) != expected \(expectedMemory)") + } + + // Verify CPU limit + let cpuBuffer = BufferWriter() + let cpuExec = try await pod.execInContainer("container1", processID: "check-cpu") { config in + config.arguments = ["cat", "/sys/fs/cgroup/cpu.max"] + config.stdout = cpuBuffer + } + try await cpuExec.start() + status = try await cpuExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-cpu status \(status) != 0") + } + try await cpuExec.delete() + + guard let cpuLimit = String(data: cpuBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse cpu.max") + } + let expectedCpu = "200000 100000" // 2 CPUs: quota=200000, period=100000 + guard cpuLimit == expectedCpu else { + throw IntegrationError.assert(msg: "cpu.max '\(cpuLimit)' != expected '\(expectedCpu)'") + } + + try await pod.killContainer("container1", signal: .kill) + try await pod.waitContainer("container1") + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodContainerFilesystemIsolation() async throws { + let id = "test-pod-container-filesystem-isolation" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + try await pod.startContainer("container2") + + // Write a file in container1 + let writeExec = try await pod.execInContainer("container1", processID: "write-file") { config in + config.arguments = ["sh", "-c", "echo 'secret data' > /tmp/container1-secret.txt"] + } + try await writeExec.start() + var status = try await writeExec.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "write-file status \(status) != 0") + } + try await writeExec.delete() + + // Verify the file exists in container1 + let readBuffer1 = BufferWriter() + let readExec1 = try await pod.execInContainer("container1", processID: "read-file-1") { config in + config.arguments = ["cat", "/tmp/container1-secret.txt"] + config.stdout = readBuffer1 + } + try await readExec1.start() + status = try await readExec1.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "read-file-1 status \(status) != 0") + } + try await readExec1.delete() + + guard String(data: readBuffer1.data, encoding: .utf8) == "secret data\n" else { + throw IntegrationError.assert(msg: "file content in container1 should be 'secret data'") + } + + // Try to read the file from container2 - should fail + let readExec2 = try await pod.execInContainer("container2", processID: "read-file-2") { config in + config.arguments = ["cat", "/tmp/container1-secret.txt"] + } + try await readExec2.start() + status = try await readExec2.wait() + try await readExec2.delete() + + // File should NOT exist in container2, so cat should fail + guard status.exitCode != 0 else { + throw IntegrationError.assert(msg: "file should NOT be accessible from container2") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodContainerPIDNamespaceIsolation() async throws { + let id = "test-pod-container-pid-isolation" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + try await pod.startContainer("container2") + + // Start a unique process in container1 + let sleepExec1 = try await pod.execInContainer("container1", processID: "unique-sleep-1") { config in + config.arguments = ["/bin/sleep", "9999"] + } + try await sleepExec1.start() + + // List processes in container1 - should see sleep 9999 + let ps1Buffer = BufferWriter() + let psExec1 = try await pod.execInContainer("container1", processID: "ps-1") { config in + config.arguments = ["ps", "aux"] + config.stdout = ps1Buffer + } + try await psExec1.start() + var status = try await psExec1.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ps-1 status \(status) != 0") + } + try await psExec1.delete() + + guard let ps1Output = String(data: ps1Buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to parse ps output from container1") + } + + // Verify sleep 9999 is visible in container1 + guard ps1Output.contains("sleep 9999") else { + throw IntegrationError.assert(msg: "sleep 9999 should be visible in container1") + } + + // List processes in container2 - should NOT see sleep 9999 + let ps2Buffer = BufferWriter() + let psExec2 = try await pod.execInContainer("container2", processID: "ps-2") { config in + config.arguments = ["ps", "aux"] + config.stdout = ps2Buffer + } + try await psExec2.start() + status = try await psExec2.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ps-2 status \(status) != 0") + } + try await psExec2.delete() + + guard let ps2Output = String(data: ps2Buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to parse ps output from container2") + } + + // Verify sleep 9999 is NOT visible in container2 + guard !ps2Output.contains("sleep 9999") else { + throw IntegrationError.assert(msg: "sleep 9999 should NOT be visible in container2 (PID namespace isolation failed)") + } + + try await sleepExec1.delete() + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodContainerIndependentResourceLimits() async throws { + let id = "test-pod-container-independent-limits" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + // Container1 with 1 CPU and 128 MiB memory + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + config.cpus = 1 + config.memoryInBytes = 128.mib() + } + + // Container2 with 2 CPUs and 256 MiB memory + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/sleep", "infinity"] + config.cpus = 2 + config.memoryInBytes = 256.mib() + } + + do { + try await pod.create() + try await pod.startContainer("container1") + try await pod.startContainer("container2") + + // Verify container1 memory limit + let mem1Buffer = BufferWriter() + let memExec1 = try await pod.execInContainer("container1", processID: "check-mem-1") { config in + config.arguments = ["cat", "/sys/fs/cgroup/memory.max"] + config.stdout = mem1Buffer + } + try await memExec1.start() + var status = try await memExec1.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-mem-1 status \(status) != 0") + } + try await memExec1.delete() + + guard let mem1Limit = String(data: mem1Buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse memory.max from container1") + } + + let expectedMem1 = "\(128.mib())" + guard mem1Limit == expectedMem1 else { + throw IntegrationError.assert(msg: "container1 memory.max \(mem1Limit) != expected \(expectedMem1)") + } + + // Verify container1 CPU limit + let cpu1Buffer = BufferWriter() + let cpuExec1 = try await pod.execInContainer("container1", processID: "check-cpu-1") { config in + config.arguments = ["cat", "/sys/fs/cgroup/cpu.max"] + config.stdout = cpu1Buffer + } + try await cpuExec1.start() + status = try await cpuExec1.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-cpu-1 status \(status) != 0") + } + try await cpuExec1.delete() + + guard let cpu1Limit = String(data: cpu1Buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse cpu.max from container1") + } + + let expectedCpu1 = "100000 100000" // 1 CPU + guard cpu1Limit == expectedCpu1 else { + throw IntegrationError.assert(msg: "container1 cpu.max '\(cpu1Limit)' != expected '\(expectedCpu1)'") + } + + // Verify container2 memory limit + let mem2Buffer = BufferWriter() + let memExec2 = try await pod.execInContainer("container2", processID: "check-mem-2") { config in + config.arguments = ["cat", "/sys/fs/cgroup/memory.max"] + config.stdout = mem2Buffer + } + try await memExec2.start() + status = try await memExec2.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-mem-2 status \(status) != 0") + } + try await memExec2.delete() + + guard let mem2Limit = String(data: mem2Buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse memory.max from container2") + } + + let expectedMem2 = "\(256.mib())" + guard mem2Limit == expectedMem2 else { + throw IntegrationError.assert(msg: "container2 memory.max \(mem2Limit) != expected \(expectedMem2)") + } + + // Verify container2 CPU limit + let cpu2Buffer = BufferWriter() + let cpuExec2 = try await pod.execInContainer("container2", processID: "check-cpu-2") { config in + config.arguments = ["cat", "/sys/fs/cgroup/cpu.max"] + config.stdout = cpu2Buffer + } + try await cpuExec2.start() + status = try await cpuExec2.wait() + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "check-cpu-2 status \(status) != 0") + } + try await cpuExec2.delete() + + guard let cpu2Limit = String(data: cpu2Buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to parse cpu.max from container2") + } + + let expectedCpu2 = "200000 100000" // 2 CPUs + guard cpu2Limit == expectedCpu2 else { + throw IntegrationError.assert(msg: "container2 cpu.max '\(cpu2Limit)' != expected '\(expectedCpu2)'") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodSharedPIDNamespace() async throws { + let id = "test-pod-shared-pid-namespace" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.shareProcessNamespace = true + } + + // First container runs a long-running process + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/sleep", "300"] + } + + // Second container checks if it can see container1's sleep process + let psBuffer = BufferWriter() + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/sh", "-c", "ps aux | grep 'sleep 300' | grep -v grep"] + config.process.stdout = psBuffer + } + + try await pod.create() + try await pod.startContainer("container1") + try await Task.sleep(for: .milliseconds(100)) + + try await pod.startContainer("container2") + let status = try await pod.waitContainer("container2") + + try await pod.killContainer("container1", signal: .kill) + _ = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 should have found the sleep process (status: \(status))") + } + + let output = String(data: psBuffer.data, encoding: .utf8) ?? "" + guard output.contains("sleep 300") else { + throw IntegrationError.assert(msg: "ps output should contain 'sleep 300', got: '\(output)'") + } + } + + func testPodReadOnlyRootfs() async throws { + let id = "test-pod-readonly-rootfs" + + let bs = try await bootstrap(id) + var rootfs = bs.rootfs + rootfs.options.append("ro") + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: rootfs) { config in + config.process.arguments = ["touch", "/testfile"] + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + // touch should fail on a read-only rootfs + guard status.exitCode != 0 else { + throw IntegrationError.assert(msg: "touch should have failed on read-only rootfs") + } + } + + func testPodReadOnlyRootfsDNSConfigured() async throws { + let id = "test-pod-readonly-rootfs-dns" + + let bs = try await bootstrap(id) + var rootfs = bs.rootfs + rootfs.options.append("ro") + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: rootfs) { config in + // Verify /etc/resolv.conf was written before rootfs was remounted read-only + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer + config.dns = DNS(nameservers: ["8.8.8.8", "8.8.4.4"]) + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "cat /etc/resolv.conf failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.contains("8.8.8.8") && output.contains("8.8.4.4") else { + throw IntegrationError.assert(msg: "expected /etc/resolv.conf to contain DNS servers, got: \(output)") + } + } + + func testPodSingleFileMount() async throws { + let id = "test-pod-single-file-mount" + + let bs = try await bootstrap(id) + + // Create a temp file with known content + let testContent = "Hello from pod single file mount!" + let hostFile = FileManager.default.uniqueTemporaryDirectory(create: true) + .appendingPathComponent("pod-config.txt") + try testContent.write(to: hostFile, atomically: true, encoding: .utf8) + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["cat", "/etc/myconfig.txt"] + // Mount a single file using virtiofs share + config.mounts.append(.share(source: hostFile.path, destination: "/etc/myconfig.txt")) + config.process.stdout = buffer + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output == testContent else { + throw IntegrationError.assert( + msg: "expected '\(testContent)', got '\(output)'") + } + } catch { + try? await pod.stop() + throw error + } + } + + func testPodContainerHostsConfig() async throws { + let id = "test-pod-container-hosts" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer + config.hosts = Hosts(entries: [ + Hosts.Entry.localHostIPV4(), + Hosts.Entry.localHostIPV6(), + Hosts.Entry(ipAddress: "10.0.0.50", hostnames: ["myservice.local", "myservice"]), + ]) + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "cat /etc/hosts failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output.contains("10.0.0.50") && output.contains("myservice.local") else { + throw IntegrationError.assert(msg: "expected /etc/hosts to contain custom entry, got: \(output)") + } + } + + func testPodMultipleContainersDifferentDNS() async throws { + let id = "test-pod-multi-dns" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer1 + config.dns = DNS(nameservers: ["1.1.1.1"]) + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer2 + config.dns = DNS(nameservers: ["8.8.8.8"]) + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 cat failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 cat failed with status \(status2)") + } + + guard let output1 = String(data: buffer1.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container1 stdout to UTF8") + } + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container2 stdout to UTF8") + } + + guard output1.contains("1.1.1.1") && !output1.contains("8.8.8.8") else { + throw IntegrationError.assert(msg: "container1 should have 1.1.1.1 DNS, got: \(output1)") + } + guard output2.contains("8.8.8.8") && !output2.contains("1.1.1.1") else { + throw IntegrationError.assert(msg: "container2 should have 8.8.8.8 DNS, got: \(output2)") + } + } + + func testPodMultipleContainersDifferentHosts() async throws { + let id = "test-pod-multi-hosts" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer1 + config.hosts = Hosts(entries: [ + Hosts.Entry.localHostIPV4(), + Hosts.Entry(ipAddress: "10.0.0.1", hostnames: ["service-a.local", "service-a"]), + ]) + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer2 + config.hosts = Hosts(entries: [ + Hosts.Entry.localHostIPV4(), + Hosts.Entry(ipAddress: "10.0.0.2", hostnames: ["service-b.local", "service-b"]), + ]) + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 cat failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 cat failed with status \(status2)") + } + + guard let output1 = String(data: buffer1.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container1 stdout to UTF8") + } + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container2 stdout to UTF8") + } + + guard output1.contains("10.0.0.1") && output1.contains("service-a.local") else { + throw IntegrationError.assert(msg: "container1 should have service-a entry, got: \(output1)") + } + guard !output1.contains("10.0.0.2") && !output1.contains("service-b") else { + throw IntegrationError.assert(msg: "container1 should NOT have service-b entry, got: \(output1)") + } + + guard output2.contains("10.0.0.2") && output2.contains("service-b.local") else { + throw IntegrationError.assert(msg: "container2 should have service-b entry, got: \(output2)") + } + guard !output2.contains("10.0.0.1") && !output2.contains("service-a") else { + throw IntegrationError.assert(msg: "container2 should NOT have service-a entry, got: \(output2)") + } + } + + func testPodLevelDNS() async throws { + let id = "test-pod-level-dns" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + // Set DNS at the pod level + config.dns = DNS(nameservers: ["9.9.9.9", "149.112.112.112"]) + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Neither container specifies DNS. We should inherit from pod + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer1 + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer2 + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 cat failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 cat failed with status \(status2)") + } + + guard let output1 = String(data: buffer1.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container1 stdout to UTF8") + } + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container2 stdout to UTF8") + } + + // Both containers should have the pod-level DNS + guard output1.contains("9.9.9.9") && output1.contains("149.112.112.112") else { + throw IntegrationError.assert(msg: "container1 should have pod-level DNS (9.9.9.9), got: \(output1)") + } + guard output2.contains("9.9.9.9") && output2.contains("149.112.112.112") else { + throw IntegrationError.assert(msg: "container2 should have pod-level DNS (9.9.9.9), got: \(output2)") + } + } + + func testPodLevelDNSWithContainerOverride() async throws { + let id = "test-pod-level-dns-override" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + // Set DNS at the pod level + config.dns = DNS(nameservers: ["9.9.9.9"]) + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Container1 does NOT specify DNS. It should inherit from pod + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer1 + } + + // Container2 specifies its own DNS. It should override pod-level + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["cat", "/etc/resolv.conf"] + config.process.stdout = buffer2 + config.dns = DNS(nameservers: ["8.8.8.8"]) + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 cat failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 cat failed with status \(status2)") + } + + guard let output1 = String(data: buffer1.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container1 stdout to UTF8") + } + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container2 stdout to UTF8") + } + + // Container1 should have pod-level DNS + guard output1.contains("9.9.9.9") && !output1.contains("8.8.8.8") else { + throw IntegrationError.assert(msg: "container1 should have pod-level DNS (9.9.9.9), got: \(output1)") + } + // Container2 should have its own DNS, not pod-level + guard output2.contains("8.8.8.8") && !output2.contains("9.9.9.9") else { + throw IntegrationError.assert(msg: "container2 should have container-level DNS (8.8.8.8), got: \(output2)") + } + } + + func testPodLevelHosts() async throws { + let id = "test-pod-level-hosts" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + // Set hosts at the pod level + config.hosts = Hosts(entries: [ + Hosts.Entry.localHostIPV4(), + Hosts.Entry(ipAddress: "10.0.0.100", hostnames: ["shared-service.local"]), + ]) + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Neither container specifies hosts. It should inherit from pod + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer1 + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer2 + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 cat failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 cat failed with status \(status2)") + } + + guard let output1 = String(data: buffer1.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container1 stdout to UTF8") + } + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container2 stdout to UTF8") + } + + // Both containers should have the pod-level hosts entry + guard output1.contains("10.0.0.100") && output1.contains("shared-service.local") else { + throw IntegrationError.assert(msg: "container1 should have pod-level hosts entry, got: \(output1)") + } + guard output2.contains("10.0.0.100") && output2.contains("shared-service.local") else { + throw IntegrationError.assert(msg: "container2 should have pod-level hosts entry, got: \(output2)") + } + } + + func testPodLevelHostsWithContainerOverride() async throws { + let id = "test-pod-level-hosts-override" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + // Set hosts at the pod level + config.hosts = Hosts(entries: [ + Hosts.Entry.localHostIPV4(), + Hosts.Entry(ipAddress: "10.0.0.100", hostnames: ["shared-service.local"]), + ]) + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Container1 does NOT specify hosts. It should inherit from pod + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer1 + } + + // Container2 specifies its own hosts. It should override pod-level + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["cat", "/etc/hosts"] + config.process.stdout = buffer2 + config.hosts = Hosts(entries: [ + Hosts.Entry.localHostIPV4(), + Hosts.Entry(ipAddress: "10.0.0.200", hostnames: ["container-specific.local"]), + ]) + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 cat failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 cat failed with status \(status2)") + } + + guard let output1 = String(data: buffer1.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container1 stdout to UTF8") + } + guard let output2 = String(data: buffer2.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert container2 stdout to UTF8") + } + + // Container1 should have pod-level hosts entry + guard output1.contains("10.0.0.100") && output1.contains("shared-service.local") else { + throw IntegrationError.assert(msg: "container1 should have pod-level hosts entry, got: \(output1)") + } + guard !output1.contains("10.0.0.200") && !output1.contains("container-specific.local") else { + throw IntegrationError.assert(msg: "container1 should NOT have container2's hosts entry, got: \(output1)") + } + + // Container2 should have its own hosts entry, not pod-level + guard output2.contains("10.0.0.200") && output2.contains("container-specific.local") else { + throw IntegrationError.assert(msg: "container2 should have container-level hosts entry, got: \(output2)") + } + guard !output2.contains("10.0.0.100") && !output2.contains("shared-service.local") else { + throw IntegrationError.assert(msg: "container2 should NOT have pod-level hosts entry, got: \(output2)") + } + } + + func testPodLevelHostname() async throws { + let id = "test-pod-level-hostname" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + // Set hostname at the pod level + config.hostname = "pod-host" + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Neither container specifies a hostname. Both should inherit from pod. + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/hostname"] + config.process.stdout = buffer1 + } + + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/hostname"] + config.process.stdout = buffer2 + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 hostname failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 hostname failed with status \(status2)") + } + + guard String(data: buffer1.data, encoding: .utf8) == "pod-host\n" else { + throw IntegrationError.assert(msg: "container1 should have pod-level hostname 'pod-host', got: '\(String(data: buffer1.data, encoding: .utf8) ?? "nil")'") + } + guard String(data: buffer2.data, encoding: .utf8) == "pod-host\n" else { + throw IntegrationError.assert(msg: "container2 should have pod-level hostname 'pod-host', got: '\(String(data: buffer2.data, encoding: .utf8) ?? "nil")'") + } + } + + func testPodLevelHostnameWithContainerOverride() async throws { + let id = "test-pod-level-hostname-override" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + // Set hostname at the pod level + config.hostname = "pod-host" + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Container1 does NOT specify a hostname. It should inherit from pod. + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/hostname"] + config.process.stdout = buffer1 + } + + // Container2 specifies its own hostname. It should override the pod-level value. + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/hostname"] + config.process.stdout = buffer2 + config.hostname = "container-host" + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 hostname failed with status \(status1)") + } + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 hostname failed with status \(status2)") + } + + // Container1 should have the pod-level hostname + guard String(data: buffer1.data, encoding: .utf8) == "pod-host\n" else { + throw IntegrationError.assert(msg: "container1 should have pod-level hostname 'pod-host', got: '\(String(data: buffer1.data, encoding: .utf8) ?? "nil")'") + } + // Container2 should have its own hostname, not the pod-level one + guard String(data: buffer2.data, encoding: .utf8) == "container-host\n" else { + throw IntegrationError.assert(msg: "container2 should have container-level hostname 'container-host', got: '\(String(data: buffer2.data, encoding: .utf8) ?? "nil")'") + } + } + + func testPodRLimitOpenFiles() async throws { + let id = "test-pod-rlimit-open-files" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["sh", "-c", "ulimit -n"] + config.process.rlimits = [ + LinuxRLimit(kind: .openFiles, hard: 2048, soft: 1024) + ] + config.process.stdout = buffer + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + // ulimit -n returns the soft limit + guard output == "1024" else { + throw IntegrationError.assert(msg: "expected soft limit '1024', got '\(output)'") + } + } + + func testPodRLimitExec() async throws { + let id = "test-pod-rlimit-exec" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["sleep", "100"] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + // Exec a process with rlimits set + let buffer = BufferWriter() + let exec = try await pod.execInContainer("container1", processID: "rlimit-exec") { config in + config.arguments = ["sh", "-c", "ulimit -n"] + config.rlimits = [ + LinuxRLimit(kind: .openFiles, hard: 512, soft: 256) + ] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "exec status \(status) != 0") + } + + guard let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) else { + throw IntegrationError.assert(msg: "failed to convert stdout to UTF8") + } + + guard output == "256" else { + throw IntegrationError.assert(msg: "expected soft limit '256', got '\(output)'") + } + + try await pod.killContainer("container1", signal: .kill) + try await pod.waitContainer("container1") + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodUseInitBasic() async throws { + let id = "test-pod-use-init-basic" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/echo", "hello from pod init"] + config.process.stdout = buffer + config.useInit = true + } + + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + guard String(data: buffer.data, encoding: .utf8) == "hello from pod init\n" else { + throw IntegrationError.assert( + msg: "expected 'hello from pod init', got '\(String(data: buffer.data, encoding: .utf8) ?? "nil")'") + } + } + + func testPodUseInitExitCodePropagation() async throws { + let id = "test-pod-use-init-exit-code" + + let bs = try await bootstrap(id) + + // Test exit code 0 + var pod = try LinuxPod("\(id)-success", vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "success")) { config in + config.process.arguments = ["/bin/true"] + config.useInit = true + } + + try await pod.create() + try await pod.startContainer("container1") + var status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "expected exit code 0, got \(status.exitCode)") + } + + // Test non-zero exit code + pod = try LinuxPod("\(id)-failure", vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "failure")) { config in + config.process.arguments = ["/bin/false"] + config.useInit = true + } + + try await pod.create() + try await pod.startContainer("container1") + status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 1 else { + throw IntegrationError.assert(msg: "expected exit code 1, got \(status.exitCode)") + } + + // Test custom exit code + pod = try LinuxPod("\(id)-custom", vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "custom")) { config in + config.process.arguments = ["sh", "-c", "exit 42"] + config.useInit = true + } + + try await pod.create() + try await pod.startContainer("container1") + status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 42 else { + throw IntegrationError.assert(msg: "expected exit code 42, got \(status.exitCode)") + } + } + + func testPodUseInitSignalForwarding() async throws { + let id = "test-pod-use-init-signal" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["sleep", "300"] + config.useInit = true + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + try await Task.sleep(for: .milliseconds(100)) + + // Send SIGTERM, should be forwarded to the child and cause exit + try await pod.killContainer("container1", signal: .term) + + let status = try await pod.waitContainer("container1", timeoutInSeconds: 5) + try await pod.stop() + + // SIGTERM should result in exit code 128 + 15 = 143 + guard status.exitCode == 143 else { + throw IntegrationError.assert(msg: "expected exit code 143 (SIGTERM), got \(status.exitCode)") + } + } catch { + try? await pod.stop() + throw error + } + } + + func testPodUseInitMultipleContainers() async throws { + let id = "test-pod-use-init-multiple" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer1 = BufferWriter() + let buffer2 = BufferWriter() + + // Container1 with useInit + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["/bin/echo", "container1 with init"] + config.process.stdout = buffer1 + config.useInit = true + } + + // Container2 without useInit + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.process.arguments = ["/bin/echo", "container2 without init"] + config.process.stdout = buffer2 + config.useInit = false + } + + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + + try await pod.stop() + + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 exit code \(status1.exitCode) != 0") + } + + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 exit code \(status2.exitCode) != 0") + } + + guard String(data: buffer1.data, encoding: .utf8) == "container1 with init\n" else { + throw IntegrationError.assert( + msg: "container1 output mismatch: '\(String(data: buffer1.data, encoding: .utf8) ?? "nil")'") + } + + guard String(data: buffer2.data, encoding: .utf8) == "container2 without init\n" else { + throw IntegrationError.assert( + msg: "container2 output mismatch: '\(String(data: buffer2.data, encoding: .utf8) ?? "nil")'") + } + } + + func testPodUseInitWithSharedPIDNamespace() async throws { + let id = "test-pod-use-init-shared-pid" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.shareProcessNamespace = true + } + + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.process.arguments = ["sleep", "300"] + config.useInit = true + } + + let psBuffer = BufferWriter() + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + // Check if we can see container1's sleep process through the shared PID namespace + config.process.arguments = ["sh", "-c", "ps aux | grep 'sleep 300' | grep -v grep"] + config.process.stdout = psBuffer + } + + try await pod.create() + try await pod.startContainer("container1") + try await Task.sleep(for: .milliseconds(100)) + + try await pod.startContainer("container2") + let status = try await pod.waitContainer("container2") + + try await pod.killContainer("container1", signal: .kill) + _ = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 should have found the sleep process (status: \(status))") + } + + let output = String(data: psBuffer.data, encoding: .utf8) ?? "" + guard output.contains("sleep 300") else { + throw IntegrationError.assert(msg: "ps output should contain 'sleep 300', got: '\(output)'") + } + } + + func testPodUnixSocketIntoGuestSymlink() async throws { + let id = "test-pod-unixsocket-into-guest-symlink" + + let bs = try await bootstrap(id) + + let hostSocketPath = try createPodHostUnixSocket() + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + // Use /var/run/test.sock. Alpine has /var/run -> /run symlink + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["sleep", "100"] + config.sockets = [ + UnixSocketConfiguration( + source: URL(filePath: hostSocketPath), + destination: URL(filePath: "/var/run/test.sock"), + direction: .into + ) + ] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + let buffer = BufferWriter() + let lsExec = try await pod.execInContainer("container1", processID: "ls-socket") { config in + config.arguments = ["ls", "-l", "/var/run/test.sock"] + config.stdout = buffer + } + + try await lsExec.start() + let status2 = try await lsExec.wait() + try await lsExec.delete() + + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "ls command failed with status \(status2)") + } + + guard let lsOutput = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert ls output to UTF8") + } + + guard lsOutput.hasPrefix("s") else { + throw IntegrationError.assert( + msg: "expected socket file (starting with 's'), got: \(lsOutput)") + } + + try await pod.killContainer("container1", signal: .kill) + _ = try await pod.waitContainer("container1") + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + private func createPodHostUnixSocket() throws -> String { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + let socketPath = dir.appendingPathComponent("test.sock").path + + let socket = try Socket(type: UnixType(path: socketPath)) + try socket.listen() + + return socketPath + } + + func testPodSysctl() async throws { + let id = "test-pod-sysctl" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.sysctl = [ + "net.core.somaxconn": "4096" + ] + config.process.arguments = ["cat", "/proc/sys/net/core/somaxconn"] + config.process.stdout = buffer + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "process status \(status) != 0") + } + + let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output == "4096" else { + throw IntegrationError.assert( + msg: "sysctl net.core.somaxconn should be '4096', got '\(output ?? "nil")'") + } + } catch { + try? await pod.stop() + throw error + } + } + + func testPodSysctlMultipleContainers() async throws { + let id = "test-pod-sysctl-multi" + + let bs = try await bootstrap(id) + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + // Containers in a pod share a network namespace, so use different + // sysctls per container to avoid clobbering. + let buffer1 = BufferWriter() + try await pod.addContainer("container1", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container1")) { config in + config.sysctl = [ + "net.core.somaxconn": "2048" + ] + config.process.arguments = ["cat", "/proc/sys/net/core/somaxconn"] + config.process.stdout = buffer1 + } + + let buffer2 = BufferWriter() + try await pod.addContainer("container2", rootfs: try cloneRootfs(bs.rootfs, testID: id, containerID: "container2")) { config in + config.sysctl = [ + "net.core.netdev_max_backlog": "5000" + ] + config.process.arguments = ["cat", "/proc/sys/net/core/netdev_max_backlog"] + config.process.stdout = buffer2 + } + + do { + try await pod.create() + + try await pod.startContainer("container1") + let status1 = try await pod.waitContainer("container1") + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "container1 status \(status1) != 0") + } + let output1 = String(data: buffer1.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output1 == "2048" else { + throw IntegrationError.assert( + msg: "container1 sysctl net.core.somaxconn should be '2048', got '\(output1 ?? "nil")'") + } + + try await pod.startContainer("container2") + let status2 = try await pod.waitContainer("container2") + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "container2 status \(status2) != 0") + } + let output2 = String(data: buffer2.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output2 == "5000" else { + throw IntegrationError.assert( + msg: "container2 sysctl net.core.netdev_max_backlog should be '5000', got '\(output2 ?? "nil")'") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodInvalidVolumeReference() async throws { + let id = "test-pod-invalid-volume-ref" + let bs = try await bootstrap(id) + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/true"] + config.mounts.append(.sharedMount(name: "nonexistent-volume", destination: "/data")) + } + + do { + try await pod.create() + try? await pod.stop() + throw IntegrationError.assert(msg: "expected create() to fail for invalid volume reference") + } catch let error as ContainerizationError { + guard error.code == .invalidArgument else { + throw IntegrationError.assert(msg: "expected invalidArgument error, got: \(error)") + } + } + } + + func testPodDuplicateVolumeName() async throws { + let id = "test-pod-duplicate-volume-name" + let bs = try await bootstrap(id) + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.volumes = [ + .init(name: "data", source: .nbd(url: URL(string: "nbd://localhost:10809")!), format: "ext4"), + .init(name: "data", source: .nbd(url: URL(string: "nbd://localhost:10809")!), format: "ext4"), + ] + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/true"] + } + + do { + try await pod.create() + try? await pod.stop() + throw IntegrationError.assert(msg: "expected create() to fail for duplicate volume name") + } catch let error as ContainerizationError { + guard error.code == .invalidArgument else { + throw IntegrationError.assert(msg: "expected invalidArgument error, got: \(error)") + } + } + } + + #if os(macOS) + @available(macOS 26.0, *) + func testPodIPv6AddressAdd() async throws { + let id = "test-pod-ipv6-address" + let bs = try await bootstrap(id) + + var network = try VmnetNetwork(prefixV6: try CIDRv6("fd00::/64")) + defer { + try? network.releaseInterface(id) + } + + guard let interface = try network.createInterface(id) else { + throw IntegrationError.assert(msg: "failed to create network interface") + } + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.interfaces = [interface] + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/sleep", "100"] + } + + try await pod.create() + try await pod.startContainer("container1") + + let buffer = BufferWriter() + let exec = try await pod.execInContainer("container1", processID: "check-v6") { config in + config.arguments = ["ip", "-6", "addr", "show", "eth0"] + config.stdout = buffer + } + + try await exec.start() + let status = try await exec.wait() + try await exec.delete() + + try await pod.killContainer("container1", signal: .kill) + try await pod.waitContainer("container1") + try await pod.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "ip -6 addr show failed with status \(status)") + } + + guard let output = String(data: buffer.data, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to convert output to UTF8") + } + + guard output.contains("fd00::2") else { + throw IntegrationError.assert( + msg: "expected fd00::2 on eth0 inside pod container, got: \(output)") + } + } + #endif + + func testPodFilesystemOperation() async throws { + let id = "test-pod-filesystem-operation" + + let bs = try await bootstrap(id) + + let diskImageURL = Self.testDir.appending(component: "\(id)-data.ext4") + try? FileManager.default.removeItem(at: diskImageURL) + let filesystem = try EXT4.Formatter(FilePath(diskImageURL.absolutePath()), minDiskSize: 64.mib()) + try filesystem.close() + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + } + + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/sleep", "1000"] + config.mounts.append( + Mount.block( + format: "ext4", + source: diskImageURL.absolutePath(), + destination: "/data" + )) + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + try await pod.filesystemOperation("container1", operation: .freeze, path: "/data") + + let writeExec = try await pod.execInContainer("container1", processID: "write-hello") { config in + config.arguments = ["/bin/sh", "-c", "echo hello > /data/hello.txt"] + } + try await writeExec.start() + let writeStatus = try await writeExec.wait() + try await writeExec.delete() + guard writeStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "write exec failed with status \(writeStatus)") + } + try await pod.filesystemOperation("container1", operation: .thaw, path: "/data") + try await pod.filesystemOperation("container1", operation: .trim, path: "/data") + + let readBuffer = BufferWriter() + let readExec = try await pod.execInContainer("container1", processID: "read-hello") { config in + config.arguments = ["/bin/cat", "/data/hello.txt"] + config.stdout = readBuffer + } + try await readExec.start() + let readStatus = try await readExec.wait() + try await readExec.delete() + guard readStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "read exec failed with status \(readStatus)") + } + + let readOutput = String(decoding: readBuffer.data, as: UTF8.self) + guard readOutput == "hello\n" else { + throw IntegrationError.assert( + msg: "expected 'hello\\n' in /data/hello.txt, got: '\(readOutput)'" + ) + } + + try await pod.killContainer("container1", signal: .kill) + _ = try await pod.waitContainer("container1") + try await pod.stop() + } catch { + try? await pod.filesystemOperation("container1", operation: .thaw, path: "/data") + try? await pod.stop() + throw error + } + } +} diff --git a/Sources/Integration/PodVolumeTests.swift b/Sources/Integration/PodVolumeTests.swift new file mode 100644 index 0000000..aa029ba --- /dev/null +++ b/Sources/Integration/PodVolumeTests.swift @@ -0,0 +1,857 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Containerization +import ContainerizationArchive +import ContainerizationEXT4 +import ContainerizationError +import ContainerizationOCI +import Foundation +import Logging +import SystemPackage + +#if os(macOS) +extension IntegrationSuite { + private func cloneRootfsForContainer(_ rootfs: Containerization.Mount, testID: String, containerID: String) throws -> Containerization.Mount { + let clonePath = Self.testDir.appending(component: "\(testID)-\(containerID).ext4").absolutePath() + try? FileManager.default.removeItem(atPath: clonePath) + return try rootfs.clone(to: clonePath) + } + + private func createEXT4DiskImage(testID: String, name: String, size: UInt64 = 64.mib()) throws -> URL { + let diskURL = Self.testDir.appending(component: "\(testID)-\(name).ext4") + try? FileManager.default.removeItem(at: diskURL) + let formatter = try EXT4.Formatter(FilePath(diskURL.absolutePath()), minDiskSize: size) + try formatter.close() + return diskURL + } + + /// Create an ext4 disk image with a file already written to it. + private func createEXT4DiskImageWithFile( + testID: String, name: String, filePath: String, content: String, size: UInt64 = 64.mib() + ) throws -> URL { + let diskURL = Self.testDir.appending(component: "\(testID)-\(name).ext4") + try? FileManager.default.removeItem(at: diskURL) + let formatter = try EXT4.Formatter(FilePath(diskURL.absolutePath()), minDiskSize: size) + let data = Data(content.utf8) + let stream = InputStream(data: data) + stream.open() + defer { stream.close() } + try formatter.create(path: FilePath(filePath), mode: 0o100644, buf: stream) + try formatter.close() + return diskURL + } + + private func createNBDServer(testID: String, name: String, size: UInt64 = 64.mib()) throws -> (NBDServer, URL) { + let diskURL = try createEXT4DiskImage(testID: testID, name: name, size: size) + let shortID = String(testID.hashValue, radix: 36, uppercase: false) + let socketPath = "/tmp/nbd-\(shortID)-\(name).sock" + let server = try NBDServer(filePath: diskURL.path, socketPath: socketPath) + return (server, diskURL) + } + + private func readFileFromDiskImage(_ diskURL: URL, path: String) throws -> String { + let reader = try EXT4.EXT4Reader(blockDevice: FilePath(diskURL.path)) + let bytes = try reader.readFile(at: FilePath(path)) + guard let content = String(bytes: bytes, encoding: .utf8) else { + throw IntegrationError.assert(msg: "failed to decode file content from disk image at \(path)") + } + return content.trimmingCharacters(in: .whitespacesAndNewlines) + } + + private func assertVirtioBlockMount(_ output: String, path: String) throws { + guard output.contains("/dev/vd") else { + throw IntegrationError.assert(msg: "expected virtio block device (/dev/vd*) for \(path), got: \(output)") + } + } + + func testContainerNBDMount() async throws { + let id = "test-container-nbd-mount" + let bs = try await bootstrap(id) + + let (server, diskURL) = try createNBDServer(testID: id, name: "vol") + defer { server.stop() } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.mounts.append( + Mount.block( + format: "ext4", + source: server.url, + destination: "/data" + )) + config.process.arguments = [ + "/bin/sh", "-c", + "echo hello > /data/test.txt && cat /data/test.txt && grep /data /proc/mounts", + ] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container exited with status \(status)") + } + + let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + let lines = output.components(separatedBy: "\n") + + guard lines.count >= 2 else { + throw IntegrationError.assert(msg: "expected at least 2 lines of output, got: \(output)") + } + + guard lines[0] == "hello" else { + throw IntegrationError.assert(msg: "expected 'hello', got '\(lines[0])'") + } + + try assertVirtioBlockMount(lines[1], path: "/data") + + // Verify the write landed on the NBD backing file. + let diskContent = try readFileFromDiskImage(diskURL, path: "/test.txt") + guard diskContent == "hello" else { + throw IntegrationError.assert(msg: "NBD backing file: expected 'hello', got '\(diskContent)'") + } + } + + func testContainerNBDReadOnly() async throws { + let id = "test-container-nbd-readonly" + let bs = try await bootstrap(id) + + let (server, _) = try createNBDServer(testID: id, name: "ro-vol") + defer { server.stop() } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + config.mounts.append( + Mount.block( + format: "ext4", + source: server.url, + destination: "/data", + options: ["ro"] + )) + // Verify virtio block mount, then attempt a write that should fail. + config.process.arguments = [ + "/bin/sh", "-c", + "grep /data /proc/mounts; echo test > /data/fail.txt 2>&1; echo exit=$?", + ] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + _ = try await container.wait() + try await container.stop() + + let output = String(data: buffer.data, encoding: .utf8) ?? "" + let lines = output.trimmingCharacters(in: .whitespacesAndNewlines).components(separatedBy: "\n") + + guard !lines.isEmpty else { + throw IntegrationError.assert(msg: "expected output, got nothing") + } + + // First line should show the virtio block device mount. + try assertVirtioBlockMount(lines[0], path: "/data") + + // Write should have failed on a read-only mount. + guard !output.contains("exit=0") else { + throw IntegrationError.assert(msg: "write succeeded on read-only NBD mount: \(output)") + } + } + + func testContainerNBDRawBlock() async throws { + let id = "test-container-nbd-raw-block" + let bs = try await bootstrap(id) + + // Create an unformatted disk image, no filesystem. + let diskURL = Self.testDir.appending(component: "\(id)-raw.img") + try? FileManager.default.removeItem(at: diskURL) + FileManager.default.createFile(atPath: diskURL.path, contents: nil) + let fh = try FileHandle(forWritingTo: diskURL) + try fh.truncate(atOffset: 64.mib()) + try fh.close() + + let shortID = String(id.hashValue, radix: 36, uppercase: false) + let socketPath = "/tmp/nbd-\(shortID)-raw.sock" + let server = try NBDServer(filePath: diskURL.path, socketPath: socketPath) + defer { server.stop() } + + let buffer = BufferWriter() + let container = try LinuxContainer(id, rootfs: bs.rootfs, vmm: bs.vmm) { config in + // Attach as raw block, bind mount the device into the container. + config.mounts.append( + Mount.block( + format: "none", + source: server.url, + destination: "/dev/my-disk", + options: ["bind"] + )) + // Verify it's a block device, write known data, read it back. + config.process.arguments = [ + "/bin/sh", "-c", + "test -b /dev/my-disk && printf 'raw-block-works' | dd of=/dev/my-disk bs=512 count=1 conv=sync 2>/dev/null && dd if=/dev/my-disk bs=1 count=15 2>/dev/null", + ] + config.process.stdout = buffer + config.bootLog = bs.bootLog + } + + try await container.create() + try await container.start() + + let status = try await container.wait() + try await container.stop() + + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container exited with status \(status)") + } + + let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + guard output == "raw-block-works" else { + throw IntegrationError.assert(msg: "expected 'raw-block-works', got '\(output)'") + } + } + + func testContainerNBDVolumeIdentity() async throws { + let id = "test-container-nbd-volume-identity" + let bs = try await bootstrap(id) + + let volumeCount = 5 + var servers: [NBDServer] = [] + + // Create 5 disk images, each pre-filled with unique content. + for i in 0.. /data/shared.txt && grep /data /proc/mounts", + ] + config.process.stdout = writerBuffer + config.mounts.append(.sharedMount(name: "shared-data", destination: "/data")) + } + + // Container 2: reads from the same shared volume at a different path and verifies mount type. + let readerBuffer = BufferWriter() + try await pod.addContainer("reader", rootfs: rootfs2) { config in + config.process.arguments = [ + "/bin/sh", "-c", + "sleep 2 && cat /shared/shared.txt && grep /shared /proc/mounts", + ] + config.process.stdout = readerBuffer + config.mounts.append(.sharedMount(name: "shared-data", destination: "/shared")) + } + + do { + try await pod.create() + try await pod.startContainer("writer") + try await pod.startContainer("reader") + + let writerStatus = try await pod.waitContainer("writer") + guard writerStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "writer exited with status \(writerStatus)") + } + + let readerStatus = try await pod.waitContainer("reader") + guard readerStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "reader exited with status \(readerStatus)") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + + // Verify writer output. + let writerOutput = String(data: writerBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + let writerLines = writerOutput.components(separatedBy: "\n") + guard !writerLines.isEmpty else { + throw IntegrationError.assert(msg: "writer produced no output") + } + try assertVirtioBlockMount(writerLines.last!, path: "/data") + + // Verify reader output. + let readerOutput = String(data: readerBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + let readerLines = readerOutput.components(separatedBy: "\n") + guard readerLines.count >= 2 else { + throw IntegrationError.assert(msg: "expected at least 2 lines from reader, got: \(readerOutput)") + } + guard readerLines[0] == "shared-content" else { + throw IntegrationError.assert(msg: "expected 'shared-content', got '\(readerLines[0])'") + } + try assertVirtioBlockMount(readerLines[1], path: "/shared") + + // Verify the write landed on the NBD backing file. + let diskContent = try readFileFromDiskImage(diskURL, path: "/shared.txt") + guard diskContent == "shared-content" else { + throw IntegrationError.assert(msg: "NBD backing file: expected 'shared-content', got '\(diskContent)'") + } + } + + func testPodMultipleNBDVolumes() async throws { + let id = "test-pod-multiple-nbd-volumes" + let bs = try await bootstrap(id) + + let (server1, diskURL1) = try createNBDServer(testID: id, name: "vol1") + defer { server1.stop() } + + let (server2, diskURL2) = try createNBDServer(testID: id, name: "vol2") + defer { server2.stop() } + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.volumes = [ + .init( + name: "volume-a", + source: .nbd(url: URL(string: server1.url)!), + format: "ext4" + ), + .init( + name: "volume-b", + source: .nbd(url: URL(string: server2.url)!), + format: "ext4" + ), + ] + } + + let buffer = BufferWriter() + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = [ + "/bin/sh", "-c", + """ + echo aaa > /mnt-a/a.txt && echo bbb > /mnt-b/b.txt \ + && cat /mnt-a/a.txt && cat /mnt-b/b.txt \ + && grep /mnt-a /proc/mounts && grep /mnt-b /proc/mounts + """, + ] + config.process.stdout = buffer + config.mounts.append(.sharedMount(name: "volume-a", destination: "/mnt-a")) + config.mounts.append(.sharedMount(name: "volume-b", destination: "/mnt-b")) + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container exited with status \(status)") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + + let output = String(data: buffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + let lines = output.components(separatedBy: "\n") + + guard lines.count >= 4 else { + throw IntegrationError.assert(msg: "expected at least 4 lines, got: \(output)") + } + + guard lines[0] == "aaa" && lines[1] == "bbb" else { + throw IntegrationError.assert(msg: "expected 'aaa\\nbbb', got '\(lines[0])\\n\(lines[1])'") + } + + try assertVirtioBlockMount(lines[2], path: "/mnt-a") + try assertVirtioBlockMount(lines[3], path: "/mnt-b") + + // Verify each write landed on the correct NBD backing file. + let diskContent1 = try readFileFromDiskImage(diskURL1, path: "/a.txt") + guard diskContent1 == "aaa" else { + throw IntegrationError.assert(msg: "NBD backing file vol1: expected 'aaa', got '\(diskContent1)'") + } + let diskContent2 = try readFileFromDiskImage(diskURL2, path: "/b.txt") + guard diskContent2 == "bbb" else { + throw IntegrationError.assert(msg: "NBD backing file vol2: expected 'bbb', got '\(diskContent2)'") + } + } + + func testPodUnreferencedVolume() async throws { + let id = "test-pod-unreferenced-volume" + let bs = try await bootstrap(id) + + let (server, _) = try createNBDServer(testID: id, name: "unused") + defer { server.stop() } + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.volumes = [ + .init( + name: "unused-vol", + source: .nbd(url: URL(string: server.url)!), + format: "ext4" + ) + ] + } + + // Container doesn't reference the volume at all. + try await pod.addContainer("container1", rootfs: bs.rootfs) { config in + config.process.arguments = ["/bin/true"] + } + + do { + try await pod.create() + try await pod.startContainer("container1") + + let status = try await pod.waitContainer("container1") + guard status.exitCode == 0 else { + throw IntegrationError.assert(msg: "container exited with status \(status)") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + } + + func testPodNBDVolumePersistence() async throws { + let id = "test-pod-nbd-volume-persistence" + let bs = try await bootstrap(id) + + let (server, _) = try createNBDServer(testID: id, name: "persistent") + defer { server.stop() } + + let rootfs1 = try cloneRootfsForContainer(bs.rootfs, testID: id, containerID: "writer") + let rootfs2 = try cloneRootfsForContainer(bs.rootfs, testID: id, containerID: "reader") + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.volumes = [ + .init( + name: "persistent-data", + source: .nbd(url: URL(string: server.url)!), + format: "ext4" + ) + ] + } + + // First container: write data to the volume. + try await pod.addContainer("writer", rootfs: rootfs1) { config in + config.process.arguments = ["/bin/sh", "-c", "echo persisted > /data/file.txt && sync"] + config.mounts.append(.sharedMount(name: "persistent-data", destination: "/data")) + } + + // Second container: will read the data after the first is stopped. + let readerBuffer = BufferWriter() + try await pod.addContainer("reader", rootfs: rootfs2) { config in + config.process.arguments = ["/bin/sh", "-c", "cat /data/file.txt"] + config.process.stdout = readerBuffer + config.mounts.append(.sharedMount(name: "persistent-data", destination: "/data")) + } + + do { + try await pod.create() + + // Start writer, wait for it to finish, then stop it. + try await pod.startContainer("writer") + let writerStatus = try await pod.waitContainer("writer") + guard writerStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "writer exited with status \(writerStatus)") + } + try await pod.stopContainer("writer") + + // Start reader after writer is stopped — data should persist on the volume. + try await pod.startContainer("reader") + let readerStatus = try await pod.waitContainer("reader") + guard readerStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "reader exited with status \(readerStatus)") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + + let output = String(data: readerBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output == "persisted" else { + throw IntegrationError.assert(msg: "expected 'persisted', got '\(output ?? "")'") + } + } + + func testPodNBDConcurrentWrites() async throws { + let id = "test-pod-nbd-concurrent-writes" + let bs = try await bootstrap(id) + + let (server, _) = try createNBDServer(testID: id, name: "shared") + defer { server.stop() } + + let rootfs1 = try cloneRootfsForContainer(bs.rootfs, testID: id, containerID: "c1") + let rootfs2 = try cloneRootfsForContainer(bs.rootfs, testID: id, containerID: "c2") + + let pod = try LinuxPod(id, vmm: bs.vmm) { config in + config.cpus = 4 + config.memoryInBytes = 1024.mib() + config.bootLog = bs.bootLog + config.volumes = [ + .init( + name: "shared-vol", + source: .nbd(url: URL(string: server.url)!), + format: "ext4" + ) + ] + } + + // Both containers write to different files on the same volume concurrently. + let buffer1 = BufferWriter() + try await pod.addContainer("c1", rootfs: rootfs1) { config in + config.process.arguments = [ + "/bin/sh", "-c", + "echo from-c1 > /vol/c1.txt && sync && cat /vol/c1.txt", + ] + config.process.stdout = buffer1 + config.mounts.append(.sharedMount(name: "shared-vol", destination: "/vol")) + } + + let buffer2 = BufferWriter() + try await pod.addContainer("c2", rootfs: rootfs2) { config in + config.process.arguments = [ + "/bin/sh", "-c", + "echo from-c2 > /vol/c2.txt && sync && cat /vol/c2.txt", + ] + config.process.stdout = buffer2 + config.mounts.append(.sharedMount(name: "shared-vol", destination: "/vol")) + } + + do { + try await pod.create() + try await pod.startContainer("c1") + try await pod.startContainer("c2") + + let status1 = try await pod.waitContainer("c1") + guard status1.exitCode == 0 else { + throw IntegrationError.assert(msg: "c1 exited with status \(status1)") + } + + let status2 = try await pod.waitContainer("c2") + guard status2.exitCode == 0 else { + throw IntegrationError.assert(msg: "c2 exited with status \(status2)") + } + + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + + let output1 = String(data: buffer1.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output1 == "from-c1" else { + throw IntegrationError.assert(msg: "c1: expected 'from-c1', got '\(output1 ?? "")'") + } + + let output2 = String(data: buffer2.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) + guard output2 == "from-c2" else { + throw IntegrationError.assert(msg: "c2: expected 'from-c2', got '\(output2 ?? "")'") + } + } + + func testPodNBDVolumeIdentity() async throws { + let id = "test-pod-nbd-volume-identity" + let bs = try await bootstrap(id) + + // Create 5 disk images, each pre-filled with unique content. + let volumeCount = 5 + var servers: [NBDServer] = [] + + for i in 0.. /data/shared.txt && grep /data /proc/mounts", + ] + config.process.stdout = writerBuffer + config.mounts.append(.sharedMount(name: "shared-data", destination: "/data")) + } + + // Container 2: reads what the writer produced and writes a second file, + // mounted at a different path to prove it's the same backing store. + let appenderBuffer = BufferWriter() + try await pod.addContainer("appender", rootfs: rootfs2) { config in + config.process.arguments = [ + "/bin/sh", "-c", + "cat /vol/shared.txt && echo more-content > /vol/second.txt", + ] + config.process.stdout = appenderBuffer + config.mounts.append(.sharedMount(name: "shared-data", destination: "/vol")) + } + + // Container 3: reads both files written by the previous containers. + let readerBuffer = BufferWriter() + try await pod.addContainer("reader", rootfs: rootfs3) { config in + config.process.arguments = [ + "/bin/sh", "-c", + "cat /shared/shared.txt && cat /shared/second.txt && grep /shared /proc/mounts", + ] + config.process.stdout = readerBuffer + config.mounts.append(.sharedMount(name: "shared-data", destination: "/shared")) + } + + do { + try await pod.create() + + // Run the containers sequentially so reads see prior writes. + try await pod.startContainer("writer") + let writerStatus = try await pod.waitContainer("writer") + guard writerStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "writer exited with status \(writerStatus)") + } + + try await pod.startContainer("appender") + let appenderStatus = try await pod.waitContainer("appender") + guard appenderStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "appender exited with status \(appenderStatus)") + } + + try await pod.startContainer("reader") + let readerStatus = try await pod.waitContainer("reader") + guard readerStatus.exitCode == 0 else { + throw IntegrationError.assert(msg: "reader exited with status \(readerStatus)") + } + try await pod.stop() + } catch { + try? await pod.stop() + throw error + } + + // Verify writer mounted a virtio block device at /data. + let writerOutput = String(data: writerBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + let writerLines = writerOutput.components(separatedBy: "\n") + guard !writerLines.isEmpty else { + throw IntegrationError.assert(msg: "writer produced no output") + } + try assertVirtioBlockMount(writerLines.last!, path: "/data") + + // Verify the appender read the writer's file. + let appenderOutput = String(data: appenderBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + guard appenderOutput == "shared-content" else { + throw IntegrationError.assert(msg: "appender: expected 'shared-content', got '\(appenderOutput)'") + } + + // Verify the reader saw both files and a virtio block mount. + let readerOutput = String(data: readerBuffer.data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" + let readerLines = readerOutput.components(separatedBy: "\n") + guard readerLines.count >= 3 else { + throw IntegrationError.assert(msg: "expected at least 3 lines from reader, got: \(readerOutput)") + } + guard readerLines[0] == "shared-content" else { + throw IntegrationError.assert(msg: "reader: expected 'shared-content', got '\(readerLines[0])'") + } + guard readerLines[1] == "more-content" else { + throw IntegrationError.assert(msg: "reader: expected 'more-content', got '\(readerLines[1])'") + } + try assertVirtioBlockMount(readerLines[2], path: "/shared") + + // Verify both writes landed on the host-side EXT4 disk image. + let firstContent = try readFileFromDiskImage(diskURL, path: "/shared.txt") + guard firstContent == "shared-content" else { + throw IntegrationError.assert(msg: "disk image /shared.txt: expected 'shared-content', got '\(firstContent)'") + } + let secondContent = try readFileFromDiskImage(diskURL, path: "/second.txt") + guard secondContent == "more-content" else { + throw IntegrationError.assert(msg: "disk image /second.txt: expected 'more-content', got '\(secondContent)'") + } + } +} +#endif diff --git a/Sources/Integration/Suite.swift b/Sources/Integration/Suite.swift new file mode 100644 index 0000000..440384e --- /dev/null +++ b/Sources/Integration/Suite.swift @@ -0,0 +1,686 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging +import NIOCore +import NIOPosix +import Synchronization + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +actor UnpackCoordinator { + private var inFlight: [String: Task] = [:] + + func unpack( + key: String, + operation: @escaping @Sendable () async throws -> Containerization.Mount + ) async throws -> Containerization.Mount { + if let existing = inFlight[key] { + return try await existing.value + } + + let task = Task { + try await operation() + } + inFlight[key] = task + + defer { + inFlight.removeValue(forKey: key) + } + + return try await task.value + } +} + +struct Test: Sendable { + var name: String + var work: @Sendable () async throws -> Void + + init(_ name: String, _ work: @escaping @Sendable () async throws -> Void) { + self.name = name + self.work = work + } +} + +final class JobQueue: Sendable where T: Sendable { + struct State: Sendable { + var next = 0 + var jobs: [T] + } + + private let lock: Mutex + init(_ jobs: [T]) { + self.lock = Mutex(State(jobs: jobs)) + } + + func pop() -> T? { + self.lock.withLock { state in + guard state.next < state.jobs.count else { + return nil + } + defer { + state.next += 1 + } + return state.jobs[state.next] + } + } +} + +let log = { + LoggingSystem.bootstrap(StreamLogHandler.standardError) + var log = Logger(label: "com.apple.containerization") + log.logLevel = .debug + return log +}() + +enum IntegrationError: Swift.Error { + case assert(msg: String) + case noOutput +} + +struct SkipTest: Swift.Error, CustomStringConvertible { + let reason: String + + var description: String { + reason + } +} + +@main +struct IntegrationSuite: AsyncParsableCommand { + static let appRoot: URL = { + FileManager.default.urls( + for: .applicationSupportDirectory, + in: .userDomainMask + ).first! + .appendingPathComponent("com.apple.containerization") + }() + + private static let _contentStore: ContentStore = { + try! LocalContentStore(path: appRoot.appending(path: "content")) + }() + + private static let _imageStore: ImageStore = { + try! ImageStore( + path: appRoot, + contentStore: contentStore + ) + }() + + static let _testDir: URL = { + FileManager.default.uniqueTemporaryDirectory(create: true) + }() + + static var testDir: URL { + _testDir + } + + static var imageStore: ImageStore { + _imageStore + } + + static var contentStore: ContentStore { + _contentStore + } + + static let initImage = "vminit:latest" + + private static let unpackCoordinator = UnpackCoordinator() + + @Option(name: .shortAndLong, help: "Path to a directory for boot logs") + var bootlogDir: String = "./bin/integration-bootlogs" + + @Option(name: .shortAndLong, help: "Path to a kernel binary") + var kernel: String = Self.defaultKernelPath + + #if arch(arm64) + private static let kernelCandidates = ["./bin/vmlinux-arm64"] + #elseif arch(x86_64) + private static let kernelCandidates = ["./bin/vmlinuz-x86_64", "./bin/vmlinux-x86_64"] + #else + private static let kernelCandidates = ["./bin/vmlinux"] + #endif + + private static let defaultKernelPath: String = { + let fm = FileManager.default + for candidate in kernelCandidates where fm.fileExists(atPath: candidate) { + return candidate + } + return kernelCandidates[0] + }() + + @Option(name: .shortAndLong, help: "Maximum number of concurrent tests") + var maxConcurrency: Int = 4 + + @Option(name: .shortAndLong, help: "Only run tests whose names contain this string") + var filter: String? + + #if os(Linux) + @Option(name: .long, help: "Path to cloud-hypervisor binary (Linux only). Defaults to PATH lookup.") + var chBinary: String? + + @Option(name: .long, help: "Path to virtiofsd binary (Linux only). Defaults to PATH lookup.") + var virtiofsdBinary: String? + #endif + + static func binPath(name: String) -> URL { + URL(fileURLWithPath: FileManager.default.currentDirectoryPath) + .appendingPathComponent("bin") + .appendingPathComponent(name) + } + + static let eventLoop = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount) + + func bootstrap(_ testID: String) async throws -> (rootfs: Containerization.Mount, vmm: VirtualMachineManager, image: Containerization.Image, bootLog: BootLog) { + let reference = "ghcr.io/linuxcontainers/alpine:3.20" + let store = Self.imageStore + + let initImage = try await store.getInitImage(reference: Self.initImage) + let initfs = try await { + let p = Self.binPath(name: "init.block") + do { + return try await initImage.initBlock(at: p, for: .linuxArm) + } catch let err as ContainerizationError { + guard err.code == .exists else { + throw err + } + return .block( + format: "ext4", + source: p.absolutePath(), + destination: "/", + options: ["ro"] + ) + } + }() + + let testKernel = Kernel(path: .init(filePath: kernel), platform: .linuxArm) + // Intentionally NOT adding `debug` or `earlycon=pl011,...` here. + // Both look free, but each costs real wall-clock per VM boot: + // * `debug` floods printk through hvc0 (which CH writes to the + // bootlog file). + // * `earlycon=pl011,...` routes every early-boot printk character + // through pl011 MMIO traps into CH's serial emulator. With CH's + // pl011 wired to a file (see CHVirtualMachineInstance.serialConfig) + // each character is a synchronous file write and ~50–80 ms of + // dmesg quantization showed up in measurements — adding ~1.5 s + // to every VM boot before bootconsole hands over to virtio_console. + // Re-add either as a one-shot when actively diagnosing kernel boot. + let image = try await Self.fetchImage(reference: reference, store: store) + let platform = Platform(arch: "arm64", os: "linux", variant: "v8") + + // Unpack to shared location with coordination to prevent concurrent unpacks + let fsPath = Self.testDir.appending(component: image.digest) + let fs = try await Self.unpackCoordinator.unpack(key: fsPath.absolutePath()) { + do { + let unpacker = EXT4Unpacker(blockSizeInBytes: 2.gib()) + return try await unpacker.unpack(image, for: platform, at: fsPath) + } catch let err as ContainerizationError { + if err.code == .exists { + return .block( + format: "ext4", + source: fsPath.absolutePath(), + destination: "/", + options: [] + ) + } + throw err + } + } + + // Reap any per-test artifacts left over from prior tests. With + // `--max-concurrency 1` (linux-integration default) this runs after + // the previous test has fully completed, so it's race-free; on + // macOS where tests can run in parallel we just keep all files — + // disk usage isn't a concern there. Each per-test bootstrap clones + // a ~2GB rootfs and a ~512MB initfs, so without reaping the dev + // container fills its CoW layer in ~10 tests. + if self.maxConcurrency == 1 { + let preserve = fsPath.absolutePath() + if let entries = try? FileManager.default.contentsOfDirectory( + at: Self.testDir, + includingPropertiesForKeys: nil + ) { + for url in entries where url.absolutePath() != preserve { + try? FileManager.default.removeItem(at: url) + } + } + } + + // Clone to test-specific path + let clPath = Self.testDir.appending(component: "\(testID).ext4").absolutePath() + try? FileManager.default.removeItem(atPath: clPath) + + let cl = try fs.clone(to: clPath) + + // Per-test clone of the init.block. The init.block is supposed to be + // mounted read-only (kernel cmdline + readonly=true on the virtio-blk + // device for both VZ and CH), but sharing the same backing file across + // concurrent CH VMs has surfaced "internalError: mount" cascades on + // Linux/CH after a single test failure — symptomatic of the file + // entering a bad state when one CH instance is killed mid-flight. + // Cloning per test isolates each VM from any cross-test fallout. + let initClonePath = Self.testDir.appending(component: "\(testID).init.block").absolutePath() + try? FileManager.default.removeItem(atPath: initClonePath) + let initfsPerTest = try initfs.clone(to: initClonePath) + + // Create bootLog directory and per-container bootLog path + let bootlogDirURL = URL(filePath: bootlogDir) + try? FileManager.default.createDirectory(at: bootlogDirURL, withIntermediateDirectories: true) + let bootlogURL = bootlogDirURL.appendingPathComponent("\(testID).log") + + let vmm: any VirtualMachineManager = try Self.makeVMM( + kernel: testKernel, + initialFilesystem: initfsPerTest, + chBinary: Self.chBinaryOverride(for: self), + virtiofsdBinary: Self.virtiofsdBinaryOverride(for: self) + ) + + return ( + cl, + vmm, + image, + BootLog.file(path: bootlogURL) + ) + } + + private static func chBinaryOverride(for suite: IntegrationSuite) -> String? { + #if os(Linux) + return suite.chBinary + #else + _ = suite + return nil + #endif + } + + private static func virtiofsdBinaryOverride(for suite: IntegrationSuite) -> String? { + #if os(Linux) + return suite.virtiofsdBinary + #else + _ = suite + return nil + #endif + } + + private static func makeVMM( + kernel: Kernel, + initialFilesystem: Containerization.Mount, + chBinary: String?, + virtiofsdBinary: String? + ) throws -> any VirtualMachineManager { + #if os(macOS) + _ = chBinary + _ = virtiofsdBinary + return VZVirtualMachineManager( + kernel: kernel, + initialFilesystem: initialFilesystem, + group: Self.eventLoop + ) + #elseif os(Linux) + return try CHVirtualMachineManager( + kernel: kernel, + initialFilesystem: initialFilesystem, + chBinary: chBinary.map { URL(fileURLWithPath: $0) }, + virtiofsdBinary: virtiofsdBinary.map { URL(fileURLWithPath: $0) }, + group: Self.eventLoop, + logger: log + ) + #endif + } + + static func fetchImage(reference: String, store: ImageStore) async throws -> Containerization.Image { + do { + return try await store.get(reference: reference) + } catch let error as ContainerizationError { + if error.code == .notFound { + return try await store.pull(reference: reference) + } + throw error + } + } + + static func adjustLimits() throws { + var limits = rlimit() + #if os(Linux) + let resource = __rlimit_resource_t(RLIMIT_NOFILE.rawValue) + #else + let resource = RLIMIT_NOFILE + #endif + + guard getrlimit(resource, &limits) == 0 else { + throw POSIXError(.init(rawValue: errno)!) + } + limits.rlim_cur = 65536 + limits.rlim_max = 65536 + + guard setrlimit(resource, &limits) == 0 else { + throw POSIXError(.init(rawValue: errno)!) + } + } + + #if os(macOS) + private func macOS26Tests() -> [Test] { + if #available(macOS 26.0, *) { + return [ + Test("container interface custom MTU", testInterfaceMTU), + Test("container networking disabled", testNetworkingDisabled), + Test("container networking enabled", testNetworkingEnabled), + Test("container networking enabled ipv6", testNetworkingEnabledIPv6), + Test("container IPv6 address", testIPv6AddressAdd), + Test("container IPv6 default route", testIPv6DefaultRoute), + Test("container IPv6 gateway outside subnet", testIPv6GatewayOutsideSubnet), + Test("container IPv6 only default route", testIPv6OnlyDefaultRoute), + Test("container IPv6 only gateway outside subnet", testIPv6OnlyGatewayOutsideSubnet), + Test("container IPv6 dual stack", testIPv6DualStack), + Test("pod IPv6 address", testPodIPv6AddressAdd), + ] + } + return [] + } + #endif + + // Why does this exist? + // + // We need the virtualization entitlement to execute these tests. + // There currently does not exist a straightforward way to do this + // in a pure swift package. + // + // In order to not have a dependency on xcode, we create an executable + // for our integration tests that can be signed then ran. + // + // We also can't import Testing as it expects to be run from a runner. + // Hopefully this improves over time. + func run() async throws { + try Self.adjustLimits() + let suiteStarted = Date().timeIntervalSinceReferenceDate + log.info("starting integration suite\n") + + let crossPlatformTests: [Test] = [ + // Process basics + Test("process true", testProcessTrue), + Test("process false", testProcessFalse), + Test("process echo hi", testProcessEchoHi), + Test("process no executable", testProcessNoExecutable), + Test("process user", testProcessUser), + Test("process stdin", testProcessStdin), + Test("process home envvar", testProcessHomeEnvvar), + Test("process custom home envvar", testProcessCustomHomeEnvvar), + Test("process tty ensure TERM", testProcessTtyEnvvar), + + // Hostname / hosts + Test("container hostname", testHostname), + Test("container hostname defaults to container id", testHostnameDefaultsToContainerID), + Test("container hosts", testHostsFile), + + // Statistics / cgroups / memory + Test("container statistics", testContainerStatistics), + Test("container cgroup limits", testCgroupLimits), + Test("container memory events OOM kill", testMemoryEventsOOMKill), + + // Console / boot / lifecycle + Test("container no serial console", testNoSerialConsole), + Test("container non-closure constructor", testNonClosureConstructor), + Test("container test large stdio ingest", testLargeStdioOutput), + Test("container bootlog using filehandle", testBootLogFileHandle), + Test("process delete idempotency", testProcessDeleteIdempotency), + Test("multiple execs without delete", testMultipleExecsWithoutDelete), + + // Capabilities + Test("container capabilities sys admin", testCapabilitiesSysAdmin), + Test("container capabilities net admin", testCapabilitiesNetAdmin), + Test("container capabilities OCI default", testCapabilitiesOCIDefault), + Test("container capabilities all capabilities", testCapabilitiesAllCapabilities), + Test("container capabilities file ownership", testCapabilitiesFileOwnership), + + // Masked / read-only paths + Test("container default masked and read-only paths", testDefaultMaskedAndReadonlyPaths), + + // Stat / Copy + Test("container stat", testStat), + Test("container copy in", testCopyIn), + Test("container copy in file to existing directory", testCopyInFileToExistingDirectory), + Test("container copy in file to missing directory fails", testCopyInFileToMissingDirectoryFails), + Test("container copy in directory over existing file fails", testCopyInDirectoryOverExistingFileFails), + Test("container copy out", testCopyOut), + Test("container copy large file", testCopyLargeFile), + Test("container copy in directory", testCopyInDirectory), + Test("container copy out directory", testCopyOutDirectory), + Test("container copy empty file", testCopyEmptyFile), + Test("container copy empty directory", testCopyEmptyDirectory), + Test("container copy binary file", testCopyBinaryFile), + Test("container copy multiple files", testCopyMultipleFiles), + Test("container copy directory round trip", testCopyDirectoryRoundTrip), + Test("container copy in create parents", testCopyInCreateParents), + Test("container copy file permissions", testCopyFilePermissions), + Test("container copy large directory", testCopyLargeDirectory), + + // Read-only / writable layers + Test("container read-only rootfs", testReadOnlyRootfs), + Test("container read-only rootfs hosts file", testReadOnlyRootfsHostsFileWritten), + Test("container read-only rootfs DNS", testReadOnlyRootfsDNSConfigured), + Test("container writable layer", testWritableLayer), + Test("container writable layer journal writeback", testWritableLayerJournalWriteback), + Test("container writable layer journal ordered", testWritableLayerJournalOrdered), + Test("container writable layer journal data", testWritableLayerJournalData), + Test("container writable layer preserves lower", testWritableLayerPreservesLowerLayer), + Test("container writable layer reads from lower", testWritableLayerReadsFromLower), + Test("container writable layer with ro lower", testWritableLayerWithReadOnlyLower), + Test("container writable layer size", testWritableLayerSize), + Test("container writable layer DNS and hosts", testWritableLayerWithDNSAndHosts), + + // Stdin / stdout / exec + Test("large stdin input", testLargeStdinInput), + Test("exec large stdin input", testExecLargeStdinInput), + Test("exec custom path resolution", testExecCustomPathResolution), + Test("stdin explicit close", testStdinExplicitClose), + Test("stdin binary data", testStdinBinaryData), + Test("stdin multiple chunks", testStdinMultipleChunks), + Test("stdin very large", testStdinVeryLarge), + + // RLimit + Test("container rlimit open files", testRLimitOpenFiles), + Test("container rlimit multiple", testRLimitMultiple), + Test("container rlimit exec", testRLimitExec), + + // useInit + Test("container useInit basic", testUseInitBasic), + Test("container useInit exit code propagation", testUseInitExitCodePropagation), + Test("container useInit signal forwarding", testUseInitSignalForwarding), + Test("container useInit zombie reaping", testUseInitZombieReaping), + Test("container useInit with terminal", testUseInitWithTerminal), + Test("container useInit with stdin", testUseInitWithStdin), + + // Sysctl / security / workingDir + Test("container sysctl", testSysctl), + Test("container sysctl multiple", testSysctlMultiple), + Test("container noNewPrivileges", testNoNewPrivileges), + Test("container noNewPrivileges disabled", testNoNewPrivilegesDisabled), + Test("container noNewPrivileges exec", testNoNewPrivilegesExec), + Test("container workingDir created", testWorkingDirCreated), + Test("container workingDir exec created", testWorkingDirExecCreated), + + // VM resource overhead + Test("container VM resource overhead", testVMResourceOverhead), + + // Pods + Test("pod single container", testPodSingleContainer), + Test("pod multiple containers", testPodMultipleContainers), + Test("pod container output", testPodContainerOutput), + Test("pod concurrent containers", testPodConcurrentContainers), + Test("pod exec in container", testPodExecInContainer), + Test("pod exec in container env", testPodExecInContainerEnv), + Test("pod container hostname", testPodContainerHostname), + Test("pod container hostname defaults to container id", testPodContainerHostnameDefaultsToContainerID), + Test("pod stop container idempotency", testPodStopContainerIdempotency), + Test("pod list containers", testPodListContainers), + Test("pod container statistics", testPodContainerStatistics), + Test("pod memory events OOM kill", testPodMemoryEventsOOMKill), + Test("pod container resource limits", testPodContainerResourceLimits), + Test("pod container filesystem isolation", testPodContainerFilesystemIsolation), + Test("pod container PID namespace isolation", testPodContainerPIDNamespaceIsolation), + Test("pod container independent resource limits", testPodContainerIndependentResourceLimits), + Test("pod shared PID namespace", testPodSharedPIDNamespace), + Test("pod read-only rootfs", testPodReadOnlyRootfs), + Test("pod read-only rootfs DNS", testPodReadOnlyRootfsDNSConfigured), + Test("pod container hosts config", testPodContainerHostsConfig), + Test("pod multiple containers different DNS", testPodMultipleContainersDifferentDNS), + Test("pod multiple containers different hosts", testPodMultipleContainersDifferentHosts), + Test("pod level DNS", testPodLevelDNS), + Test("pod level DNS with container override", testPodLevelDNSWithContainerOverride), + Test("pod level hosts", testPodLevelHosts), + Test("pod level hosts with container override", testPodLevelHostsWithContainerOverride), + Test("pod level hostname", testPodLevelHostname), + Test("pod level hostname with container override", testPodLevelHostnameWithContainerOverride), + Test("pod rlimit open files", testPodRLimitOpenFiles), + Test("pod rlimit exec", testPodRLimitExec), + Test("pod useInit basic", testPodUseInitBasic), + Test("pod useInit exit code propagation", testPodUseInitExitCodePropagation), + Test("pod useInit signal forwarding", testPodUseInitSignalForwarding), + Test("pod useInit multiple containers", testPodUseInitMultipleContainers), + Test("pod useInit with shared PID namespace", testPodUseInitWithSharedPIDNamespace), + Test("pod sysctl", testPodSysctl), + Test("pod sysctl multiple containers", testPodSysctlMultipleContainers), + Test("pod invalid volume reference", testPodInvalidVolumeReference), + Test("pod duplicate volume name", testPodDuplicateVolumeName), + + // Mounts / virtiofs shares (cross-platform: VZ on macOS, virtiofsd on Linux/CH). + Test("container mount", testMounts), + Test("container single file mount", testSingleFileMount), + Test("container single file mount read-only", testSingleFileMountReadOnly), + Test("container single file mount write-back", testSingleFileMountWriteBack), + Test("container single file mount symlink", testSingleFileMountSymlink), + Test("container duplicate virtiofs mount", testDuplicateVirtiofsMount), + Test("container duplicate virtiofs mount via symlink", testDuplicateVirtiofsMountViaSymlink), + Test("container mount sort by depth", testMountsSortedByDepth), + Test("pod single file mount", testPodSingleFileMount), + ] + + #if os(macOS) + let macOSOnlyTests: [Test] = + [ + // ContainerManager-based tests (ContainerManager is macOS-only) + Test("container stop idempotency", testContainerStopIdempotency), + Test("container manager", testContainerManagerCreate), + Test("container reuse", testContainerReuse), + Test("container /dev/console", testContainerDevConsole), + + // Nested virtualization (VZ-only feature) + Test("nested virt", testNestedVirtualizationEnabled), + + // Filesystem operations (TODO: promote to cross-platform once verified on CH) + Test("container frozen ext4 clone", testFrozenExt4Clone), + Test("container trim ext4 clone", testTrimExt4Clone), + + // Unix socket forwarding (dynamic vsock listen exceeds CH's prebound stdio pool) + Test("unix socket into guest", testUnixSocketIntoGuest), + Test("unix socket into guest long container id", testUnixSocketIntoGuestLongContainerID), + Test("unix socket into guest symlink", testUnixSocketIntoGuestSymlink), + Test("pod unix socket into guest symlink", testPodUnixSocketIntoGuestSymlink), + + // High-concurrency stdio (exceeds CH's prebound stdio pool size) + Test("multiple concurrent processes", testMultipleConcurrentProcesses), + Test("multiple concurrent processes with output stress", testMultipleConcurrentProcessesOutputStress), + + // NBD volumes (test infra is macOS-only) + Test("container NBD mount", testContainerNBDMount), + Test("container NBD read-only", testContainerNBDReadOnly), + Test("container NBD raw block", testContainerNBDRawBlock), + Test("container NBD volume identity", testContainerNBDVolumeIdentity), + Test("pod shared NBD volume", testPodSharedNBDVolume), + Test("pod multiple NBD volumes", testPodMultipleNBDVolumes), + Test("pod unreferenced NBD volume", testPodUnreferencedVolume), + Test("pod NBD volume persistence", testPodNBDVolumePersistence), + Test("pod NBD concurrent writes", testPodNBDConcurrentWrites), + Test("pod NBD volume identity", testPodNBDVolumeIdentity), + Test("pod filesystem operation", testPodFilesystemOperation), + Test("pod shared disk image volume", testPodSharedDiskImageVolume), + ] + macOS26Tests() + let tests: [Test] = crossPlatformTests + macOSOnlyTests + #else + let tests: [Test] = crossPlatformTests + #endif + + let filteredTests: [Test] + if let filter { + // Comma-separated; ANY pattern matching the test name keeps it. + // E.g. `--filter "container mount,pod single file"`. + let patterns = filter.split(separator: ",").map { String($0) } + filteredTests = tests.filter { test in + patterns.contains { test.name.contains($0) } + } + log.info("filter '\(filter)' matched \(filteredTests.count)/\(tests.count) tests") + } else { + filteredTests = tests + } + + let passed: Atomic = Atomic(0) + let skipped: Atomic = Atomic(0) + + await withTaskGroup(of: Void.self) { group in + let jobQueue = JobQueue(filteredTests) + for _ in 0.. 0 { + finishingText += " and \(skippedCount)/\(filteredTests.count) skipped" + } + finishingText += "!" + + log.info("\(finishingText)") + + try? FileManager.default.removeItem(at: Self.testDir) + if passedCount + skippedCount < filteredTests.count { + log.error("❌") + throw ExitCode(1) + } + } +} diff --git a/Sources/cctl/BridgeCommand.swift b/Sources/cctl/BridgeCommand.swift new file mode 100644 index 0000000..2714acc --- /dev/null +++ b/Sources/cctl/BridgeCommand.swift @@ -0,0 +1,95 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import ArgumentParser +import Containerization +import ContainerizationExtras +import Foundation + +extension Application { + struct Bridge: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "bridge", + abstract: "Manage the host bridge used by `cctl run` for container networking", + subcommands: [Create.self, Delete.self] + ) + + struct Create: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "create", + abstract: "Create (or reconfigure idempotently) the host bridge + NAT plumbing" + ) + + @Option(name: .long, help: "Bridge interface name") + var name: String = "cz0" + + @Option(name: .long, help: "IPv4 subnet in CIDR form") + var subnet: String = "192.168.64.0/24" + + @Option(name: .long, help: "Host-side IPv4 on the bridge (defaults to subnet.lower+1)") + var gateway: String? + + @Option(name: .long, help: "Egress interface for MASQUERADE (default: auto-detect from default route)") + var egress: String? + + @Option(name: .long, help: "Bridge MTU") + var mtu: UInt32 = 1500 + + @Flag( + name: .customLong("enable-nat"), + help: + "Program iptables MASQUERADE/FORWARD and enable net.ipv4.ip_forward so containers reach the outside network. Off by default — host firewall policy is left untouched." + ) + var enableNAT: Bool = false + + func run() async throws { + let cidr = try CIDRv4(subnet) + let gw = try gateway.map { try IPv4Address($0) } + let mgr = BridgeManager( + name: name, + subnet: cidr, + gateway: gw, + mtu: mtu, + egressInterface: egress, + enableNAT: enableNAT, + logger: log + ) + try mgr.create() + } + } + + struct Delete: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "delete", + abstract: "Remove the bridge and revert the host plumbing this tool added" + ) + + @Option(name: .long, help: "Bridge interface name") + var name: String = "cz0" + + @Option(name: .long, help: "IPv4 subnet in CIDR form") + var subnet: String = "192.168.64.0/24" + + func run() async throws { + let cidr = try CIDRv4(subnet) + let mgr = BridgeManager(name: name, subnet: cidr, logger: log) + try mgr.delete() + } + } + } +} +#endif diff --git a/Sources/cctl/ImageCommand.swift b/Sources/cctl/ImageCommand.swift new file mode 100644 index 0000000..6247067 --- /dev/null +++ b/Sources/cctl/ImageCommand.swift @@ -0,0 +1,302 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationArchive +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +extension Application { + struct Images: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "images", + abstract: "Manage images", + subcommands: [ + Get.self, + Delete.self, + Pull.self, + Tag.self, + Push.self, + Save.self, + Load.self, + ] + ) + + func run() async throws { + let store = Application.imageStore + let images = try await store.list() + + print("REFERENCE\tMEDIA TYPE\tDIGEST") + for image in images { + print("\(image.reference)\t\(image.mediaType)\t\(image.digest)") + } + } + + struct Delete: AsyncParsableCommand { + @Argument var reference: String + + func run() async throws { + let store = Application.imageStore + try await store.delete(reference: reference) + } + } + + struct Tag: AsyncParsableCommand { + @Argument var old: String + @Argument var new: String + + func run() async throws { + let store = Application.imageStore + _ = try await store.tag(existing: old, new: new) + } + } + + struct Get: AsyncParsableCommand { + @Argument var reference: String + + func run() async throws { + let store = Application.imageStore + let image = try await store.get(reference: reference) + + let index = try await image.index() + + let enc = JSONEncoder() + enc.outputFormatting = .prettyPrinted + let data = try enc.encode(ImageDisplay(reference: image.reference, index: index)) + print(String(data: data, encoding: .utf8)!) + } + } + + struct ImageDisplay: Codable { + let reference: String + let index: Index + } + + struct Pull: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "pull", + abstract: "Pull an image's contents into a content store" + ) + + @Argument var ref: String + + @Option(name: .customLong("platform"), help: "Platform string in the form 'os/arch/variant'. Example 'linux/arm64/v8', 'linux/amd64'") var platformString: String? + + @Option( + name: .customLong("unpack-path"), help: "Path to a new directory to unpack the image into", + transform: { str in + URL(fileURLWithPath: str, relativeTo: .currentDirectory()).absoluteURL.path(percentEncoded: false) + }) + var unpackPath: String? + + @Flag(help: "Pull anonymously via plain-text HTTP.") + var http: Bool = false + + func run() async throws { + let imageStore = Application.imageStore + let platform: Platform? = try { + if let platformString { + return try Platform(from: platformString) + } + return nil + }() + + let reference = try Reference.parse(ref) + reference.normalize() + let normalizedReference = reference.description + if normalizedReference != ref { + print("Reference resolved to \(reference.description)") + } + + var startTime = ContinuousClock.now + let image = try await Images.withAuthentication(ref: normalizedReference, insecure: http) { auth in + try await imageStore.pull(reference: normalizedReference, platform: platform, insecure: http, auth: auth) + } + + guard let image else { + print("image pull failed") + Application.exit(withError: POSIXError(.EACCES)) + } + + var duration = ContinuousClock.now - startTime + print("Image pull took: \(duration)\n") + + guard let unpackPath else { + return + } + guard !FileManager.default.fileExists(atPath: unpackPath) else { + throw ContainerizationError(.exists, message: "directory already exists at \(unpackPath)") + } + let unpackUrl = URL(filePath: unpackPath) + try FileManager.default.createDirectory(at: unpackUrl, withIntermediateDirectories: true) + + let unpacker = EXT4Unpacker.init(blockSizeInBytes: 2.gib()) + + startTime = ContinuousClock.now + if let platform { + let name = platform.description.replacingOccurrences(of: "/", with: "-") + let _ = try await unpacker.unpack(image, for: platform, at: unpackUrl.appending(component: name)) + } else { + for descriptor in try await image.index().manifests { + if let referenceType = descriptor.annotations?["vnd.docker.reference.type"], referenceType == "attestation-manifest" { + continue + } + guard let descPlatform = descriptor.platform else { + continue + } + let name = descPlatform.description.replacingOccurrences(of: "/", with: "-") + let _ = try await unpacker.unpack(image, for: descPlatform, at: unpackUrl.appending(component: name)) + print("created snapshot for platform \(descPlatform.description)") + } + } + duration = ContinuousClock.now - startTime + print("\nUnpacking took: \(duration)") + } + } + + struct Push: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "push", + abstract: "Push an image to a remote registry" + ) + + @Option(help: "Platform string in the form 'os/arch/variant'. Example 'linux/arm64/v8', 'linux/amd64'") var platformString: String? + + @Flag(help: "Push anonymously via plain-text HTTP.") + var http: Bool = false + + @Argument var ref: String + + func run() async throws { + let imageStore = Application.imageStore + let platform: Platform? = try { + if let platformString { + return try Platform(from: platformString) + } + return nil + }() + + let reference = try Reference.parse(ref) + reference.normalize() + let normalizedReference = reference.description + if normalizedReference != ref { + print("Reference resolved to \(reference.description)") + } + + try await Images.withAuthentication(ref: normalizedReference, insecure: http) { auth in + try await imageStore.push(reference: normalizedReference, platform: platform, insecure: http, auth: auth) + } + print("image pushed") + } + } + + struct Save: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "save", + abstract: "Save one or more images to a tar archive" + ) + + @Option(help: "Platform string in the form 'os/arch/variant'. Example 'linux/arm64/v8', 'linux/amd64'") var platform: String? + + @Option(name: .shortAndLong, help: "Path to tar archive") + var output: String + + @Argument var reference: [String] + + func run() async throws { + var p: Platform? = nil + if let platform { + p = try Platform(from: platform) + } + let store = Application.imageStore + let tempDir = FileManager.default.uniqueTemporaryDirectory() + defer { + try? FileManager.default.removeItem(at: tempDir) + } + try await store.save(references: reference, out: tempDir, platform: p) + let writer = try ArchiveWriter(format: .pax, filter: .none, file: URL(filePath: output)) + try writer.archiveDirectory(tempDir) + try writer.finishEncoding() + print("image exported") + } + } + + struct Load: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "load", + abstract: "Load one or more images from a tar archive" + ) + + @Option(name: .shortAndLong, help: "Path to tar archive") + var input: String + + func run() async throws { + let store = Application.imageStore + let tarFile = URL(fileURLWithPath: input) + let reader = try ArchiveReader(file: tarFile.absoluteURL) + let tempDir = FileManager.default.uniqueTemporaryDirectory() + defer { + try? FileManager.default.removeItem(at: tempDir) + } + let rejectedPaths = try reader.extractContents(to: tempDir) + let imported = try await store.load(from: tempDir) + for image in imported { + print("imported \(image.reference)") + } + for rejectedPath in rejectedPaths { + print("warning: skipped image archive member \(rejectedPath)") + } + } + } + + private static func withAuthentication( + ref: String, insecure: Bool, + _ body: @Sendable @escaping (_ auth: Authentication?) async throws -> T? + ) async throws -> T? { + let parsed = try Reference.parse(ref) + guard let host = parsed.resolvedDomain else { + throw ContainerizationError(.invalidArgument, message: "no host specified in image reference") + } + if insecure { + return try await body(nil) + } + if let auth = Self.authenticationFromEnv(host: host) { + return try await body(auth) + } + #if os(macOS) + let keychain = KeychainHelper(securityDomain: Application.keychainID) + let authentication = try? keychain.lookup(hostname: host) + return try await body(authentication) + #else + return try await body(nil) + #endif + } + + private static func authenticationFromEnv(host: String) -> Authentication? { + let env = ProcessInfo.processInfo.environment + guard env["REGISTRY_HOST"] == host else { + return nil + } + guard let user = env["REGISTRY_USERNAME"], let password = env["REGISTRY_TOKEN"] else { + return nil + } + return BasicAuthentication(username: user, password: password) + } + } +} diff --git a/Sources/cctl/KernelCommand.swift b/Sources/cctl/KernelCommand.swift new file mode 100644 index 0000000..bde0774 --- /dev/null +++ b/Sources/cctl/KernelCommand.swift @@ -0,0 +1,81 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import Foundation + +extension Application { + struct KernelCommand: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "kernel", + abstract: "Manage kernel images", + subcommands: [ + Create.self + ] + ) + + struct Create: AsyncParsableCommand { + @Option(name: .shortAndLong, help: "Name for the kernel image") + var name: String + + @Option(name: .long, help: "Labels to add to the built image of the form =, [=,...]") + var labels: [String] = [] + + @Argument var kernels: [String] + + func run() async throws { + let imageStore = Application.imageStore + let contentStore = Application.contentStore + let labels = Application.parseKeyValuePairs(from: labels) + let binaries = try parseBinaries() + _ = try await KernelImage.create( + reference: name, + binaries: binaries, + labels: labels, + imageStore: imageStore, + contentStore: contentStore + ) + } + + func parseBinaries() throws -> [Kernel] { + var binaries = [Kernel]() + for rawBinary in kernels { + let parts = rawBinary.split(separator: ":") + guard parts.count == 2 else { + throw "invalid binary format: \(rawBinary)" + } + let platform: SystemPlatform + switch parts[1] { + case "arm64": + platform = .linuxArm + case "amd64": + platform = .linuxAmd + default: + fatalError("unsupported platform \(parts[1])") + } + binaries.append( + .init( + path: URL(fileURLWithPath: String(parts[0])), + platform: platform + ) + ) + } + return binaries + } + } + } +} diff --git a/Sources/cctl/LoginCommand.swift b/Sources/cctl/LoginCommand.swift new file mode 100644 index 0000000..d48311e --- /dev/null +++ b/Sources/cctl/LoginCommand.swift @@ -0,0 +1,85 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import Foundation + +#if os(macOS) +extension Application { + struct Login: AsyncParsableCommand { + + static let configuration = CommandConfiguration( + commandName: "login", + abstract: "Login to a registry" + ) + + @OptionGroup() var application: Application + + @Option(name: .shortAndLong, help: "Username") + var username: String = "" + + @Flag(help: "Take the password from stdin") + var passwordStdin: Bool = false + + @Argument(help: "Registry server name") + var server: String + + func run() async throws { + var username = self.username + var password = "" + if passwordStdin { + if username == "" { + throw ContainerizationError(.invalidArgument, message: "must provide --username with --password-stdin") + } + guard let passwordData = try FileHandle.standardInput.readToEnd() else { + throw ContainerizationError(.invalidArgument, message: "failed to read password from stdin") + } + password = String(decoding: passwordData, as: UTF8.self).trimmingCharacters(in: .whitespacesAndNewlines) + } + let keychain = KeychainHelper(securityDomain: Application.keychainID) + if username == "" { + username = try keychain.userPrompt(hostname: server) + } + if password == "" { + password = try keychain.passwordPrompt() + print() + } + + let server = Reference.resolveDomain(domain: self.server) + let client = RegistryClient( + host: server, + scheme: "https", + authentication: BasicAuthentication(username: username, password: password), + retryOptions: .init( + maxRetries: 10, + retryInterval: 300_000_000, + shouldRetry: ({ response in + response.status.code >= 500 + }) + ), + tlsConfiguration: TLSUtils.makeEnvironmentAwareTLSConfiguration(), + ) + try await client.ping() + try keychain.save(hostname: server, username: username, password: password) + print("Login succeeded") + } + } +} +#endif diff --git a/Sources/cctl/RootfsCommand.swift b/Sources/cctl/RootfsCommand.swift new file mode 100644 index 0000000..cd5fd36 --- /dev/null +++ b/Sources/cctl/RootfsCommand.swift @@ -0,0 +1,180 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationArchive +import ContainerizationEXT4 +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS +import Foundation + +extension Application { + struct Rootfs: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "rootfs", + abstract: "Manage the root filesystem for a container", + subcommands: [ + Create.self + ] + ) + + struct Create: AsyncParsableCommand { + @Option(name: [.short, .customLong("add-file")], help: "Additional file to add (format src-path:dst-path)") + var addFiles: [String] = [] + + @Option(name: .customLong("ext4"), help: "The path to an ext4 image to create.") + var ext4File: String? + + @Option(name: .customLong("image"), help: "The name of the image to produce.") + var imageName: String? + + @Option(name: .customLong("label"), help: "Label to add to the image (format: key=value)") + var labels: [String] = [] + + @Option(name: .long, help: "Platform of the built binaries being packaged into the block") + var platformString: String = Platform.current.description + + @Option(name: .long, help: "Path to vmexec") + var vmexec: String + + @Option(name: .long, help: "Path to vminitd") + var vminitd: String + + @Option(name: .long, help: "Path to OCI runtime") + var ociRuntime: String? + + // The path where the intermediate tar archive is created. + @Argument var tarPath: String + + private static let directories = [ + "bin", + "sbin", + "dev", + "sys", + "proc/self", // hack for swift init's booting + "run", + "tmp", + "mnt", + "var", + ] + + func run() async throws { + let path = URL(filePath: self.tarPath) + try await writeArchive(path: path) + + if let image = self.imageName { + print("creating initfs image \(image)...") + try await outputImage( + path: path, + reference: image + ) + } + + if let ext4Path = self.ext4File { + print("creating initfs ext4 image at \(ext4Path)...") + try await outputExt4( + archive: path, + to: URL(filePath: ext4Path) + ) + } + } + + private func outputExt4(archive: URL, to path: URL) async throws { + let unpacker = EXT4Unpacker(blockSizeInBytes: 256.mib()) + try await unpacker.unpack(archive: archive, compression: .gzip, at: path) + } + + private func outputImage(path: URL, reference: String) async throws { + let p = try Platform(from: platformString) + let parsedLabels = Application.parseKeyValuePairs(from: labels) + _ = try await InitImage.create( + reference: reference, + rootfs: path, + platform: p, + labels: parsedLabels, + imageStore: Application.imageStore, + contentStore: Application.contentStore + ) + } + + private func writeArchive(path: URL) async throws { + let writer = try ArchiveWriter( + format: .pax, + filter: .gzip, + file: path, + ) + let ts = Date() + let entry = WriteEntry() + entry.permissions = 0o755 + entry.modificationDate = ts + entry.creationDate = ts + entry.group = 0 + entry.owner = 0 + entry.fileType = .directory + + // create the initial directory structure. + for dir in Self.directories { + entry.path = dir + try writer.writeEntry(entry: entry, data: nil) + } + + entry.fileType = .regular + entry.path = "sbin/vminitd" + + var src = URL(fileURLWithPath: vminitd) + var data = try Data(contentsOf: src) + entry.size = Int64(data.count) + try writer.writeEntry(entry: entry, data: data) + + src = URL(fileURLWithPath: vmexec) + data = try Data(contentsOf: src) + entry.path = "sbin/vmexec" + entry.size = Int64(data.count) + try writer.writeEntry(entry: entry, data: data) + + if let ociRuntimePath = self.ociRuntime { + src = URL(fileURLWithPath: ociRuntimePath) + let fileName = src.lastPathComponent + data = try Data(contentsOf: src) + entry.path = "sbin/\(fileName)" + entry.size = Int64(data.count) + try writer.writeEntry(entry: entry, data: data) + } + + for addFile in addFiles { + let paths = addFile.components(separatedBy: ":") + guard paths.count == 2 else { + throw ContainerizationError(.invalidArgument, message: "use src-path:dst-path for --add-file") + } + src = URL(fileURLWithPath: paths[0]) + data = try Data(contentsOf: src) + entry.path = paths[1] + entry.size = Int64(data.count) + try writer.writeEntry(entry: entry, data: data) + } + + entry.fileType = .symbolicLink + entry.path = "proc/self/exe" + entry.symlinkTarget = "sbin/vminitd" + entry.size = nil + try writer.writeEntry(entry: entry, data: nil) + try writer.finishEncoding() + } + } + } +} diff --git a/Sources/cctl/RunCommand.swift b/Sources/cctl/RunCommand.swift new file mode 100644 index 0000000..cc5a00a --- /dev/null +++ b/Sources/cctl/RunCommand.swift @@ -0,0 +1,533 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Foundation + +#if os(macOS) +extension Application { + struct Run: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "run", + abstract: "Run a container" + ) + + @Option(name: [.customLong("image"), .customShort("i")], help: "Image reference to base the container on") + var imageReference: String = "docker.io/library/alpine:3.16" + + @Option(name: .long, help: "id for the container") + var id: String = "cctl" + + @Option(name: [.customLong("cpus"), .customShort("c")], help: "Number of CPUs to allocate to the container") + var cpus: Int = 2 + + @Option(name: [.customLong("memory"), .customShort("m")], help: "Amount of memory in megabytes") + var memory: UInt64 = 1024 + + @Option(name: .customLong("fs-size"), help: "The size to create the block filesystem as") + var fsSizeInMB: UInt64 = 2048 + + @Flag(name: .customLong("rosetta"), help: "Enable rosetta x64 emulation") + var rosetta = false + + @Option(name: .customLong("mount"), help: "Directory to share into the container (Example: /foo:/bar)") + var mounts: [String] = [] + + @Option(name: .customLong("ns"), help: "Nameserver addresses") + var nameservers: [String] = [] + + @Option(name: .long, help: "Path to OCI runtime to use for spawning the container") + var ociRuntimePath: String? + + @Flag(name: .long, help: "Make rootfs readonly") + var readOnly: Bool = false + + @Flag(name: .long, help: "Run with an init process for signal forwarding and zombie reaping") + var `init`: Bool = false + + @Option( + name: [.customLong("kernel"), .customShort("k")], help: "Kernel binary path", completion: .file(), + transform: { str in + URL(fileURLWithPath: str, relativeTo: .currentDirectory()).absoluteURL.path(percentEncoded: false) + }) + public var kernel: String + + @Option(name: .long, help: "Current working directory") + var cwd: String = "/" + + @Argument(parsing: .captureForPassthrough) + var arguments: [String] = ["/bin/sh"] + + func run() async throws { + let kernel = Kernel( + path: URL(fileURLWithPath: kernel), + platform: .linuxArm + ) + + // Choose network implementation based on macOS version + let network: Network? + if #available(macOS 26, *) { + network = try VmnetNetwork() + } else { + network = nil + } + + var manager = try await ContainerManager( + kernel: kernel, + initfsReference: "vminit:latest", + network: network, + rosetta: rosetta + ) + let sigwinchStream = AsyncSignalHandler.create(notify: [SIGWINCH]) + + let current = try Terminal.current + try current.setraw() + defer { current.tryReset() } + + let container = try await manager.create( + id, + reference: imageReference, + rootfsSizeInBytes: fsSizeInMB.mib(), + readOnly: readOnly, + networking: true + ) { config in + config.cpus = cpus + config.memoryInBytes = memory.mib() + config.process.setTerminalIO(terminal: current) + config.process.arguments = arguments + config.process.workingDirectory = cwd + + for mount in self.mounts { + let paths = mount.split(separator: ":") + if paths.count != 2 { + throw ContainerizationError( + .invalidArgument, + message: "incorrect mount format detected: \(mount)" + ) + } + let host = String(paths[0]) + let guest = String(paths[1]) + let czMount = Containerization.Mount.share( + source: host, + destination: guest + ) + config.mounts.append(czMount) + } + + var hosts = Hosts.default + if !nameservers.isEmpty { + if #available(macOS 26, *) { + config.dns = DNS(nameservers: nameservers) + } else { + print("Warning: Networking not supported on macOS < 26, ignoring DNS configuration") + } + } + + // Add host entry for the container using just the IP (not CIDR) + if #available(macOS 26, *), !config.interfaces.isEmpty { + let interface = config.interfaces[0] + hosts.entries.append( + Hosts.Entry( + ipAddress: interface.ipv4Address.address.description, + hostnames: [id] + )) + } + + config.hosts = hosts + if let ociRuntimePath { + config.ociRuntimePath = ociRuntimePath + config.mounts = LinuxContainer.defaultOCIMounts() + } + + config.useInit = self.`init` + } + + defer { + try? manager.delete(id) + } + + try await container.create() + try await container.start() + + // Resize the containers pty to the current terminal window. + try? await container.resize(to: try current.size) + + try await withThrowingTaskGroup(of: Void.self) { group in + group.addTask { + for await _ in sigwinchStream.signals { + try await container.resize(to: try current.size) + } + } + + try await container.wait() + group.cancelAll() + + try await container.stop() + } + } + + private static let appRoot: URL = { + FileManager.default.urls( + for: .applicationSupportDirectory, + in: .userDomainMask + ).first! + .appendingPathComponent("com.apple.containerization") + }() + } +} +#endif + +#if os(Linux) +extension Application { + /// Linux-side `cctl run` — boots a container in a cloud-hypervisor VM. + /// + /// Mirrors the macOS `cctl run` UX: `-i / --image` pulls and unpacks the + /// container image into an ext4 rootfs automatically. The Linux-specific + /// surface is `--initfs` (the deployment ships an `initfs.ext4` containing + /// vminitd; macOS resolves the equivalent via the local image store, but + /// on Linux the boot artifact is a path on disk). + struct Run: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "run", + abstract: "Run a container via cloud-hypervisor" + ) + + @Option(name: [.customLong("image"), .customShort("i")], help: "Image reference to base the container on") + var imageReference: String = "docker.io/library/alpine:3.16" + + @Option(name: .long, help: "id for the container") + var id: String = "cctl" + + @Option(name: [.customLong("cpus"), .customShort("c")], help: "Number of CPUs to allocate") + var cpus: Int = 2 + + @Option(name: [.customLong("memory"), .customShort("m")], help: "Amount of memory in MiB") + var memory: UInt64 = 1024 + + @Option(name: .customLong("fs-size"), help: "The size to create the container rootfs ext4 as (MiB)") + var fsSizeInMB: UInt64 = 2048 + + @Option(name: .customLong("mount"), help: "Directory to share into the container (Example: /foo:/bar)") + var mounts: [String] = [] + + @Option(name: .long, help: "Path to OCI runtime to use for spawning the container") + var ociRuntimePath: String? + + @Flag(name: .long, help: "Make rootfs readonly") + var readOnly: Bool = false + + @Flag(name: .long, help: "Run with an init process for signal forwarding and zombie reaping") + var `init`: Bool = false + + @Option( + name: [.customLong("kernel"), .customShort("k")], + help: "Path to the Linux kernel image", + completion: .file() + ) + var kernel: String + + @Option( + name: .customLong("initfs"), + help: "Path to the ext4 initfs containing vminitd (boots the VM as PID 1)", + completion: .file() + ) + var initfs: String + + @Option( + name: .customLong("bridge"), + help: "Bridge interface name to attach the container TAP to" + ) + var bridge: String = "cz0" + + @Option( + name: .customLong("subnet"), + help: "IPv4 subnet for the container network (CIDR)" + ) + var subnet: String = "192.168.64.0/24" + + @Option( + name: .customLong("gateway"), + help: "Host-side IPv4 on the bridge (defaults to subnet.lower+1)" + ) + var bridgeGateway: String? + + @Option( + name: .customLong("egress"), + help: "Egress interface for outbound NAT (default: auto-detect from default route)" + ) + var egress: String? + + @Flag(name: .customLong("no-network"), help: "Skip all host network setup; container has no interface") + var noNetwork: Bool = false + + @Flag( + name: .customLong("enable-nat"), + help: + "Program iptables MASQUERADE/FORWARD and enable ip_forward so the container can reach external networks. Off by default — the bridge stays internal-only." + ) + var enableNAT: Bool = false + + @Option(name: .customLong("ns"), help: "Nameserver addresses (default: read host /etc/resolv.conf)") + var nameservers: [String] = [] + + @Option( + name: .customLong("ch-binary"), + help: "Path to cloud-hypervisor binary (defaults to PATH lookup)" + ) + var chBinary: String? + + @Option( + name: .customLong("virtiofsd-binary"), + help: "Path to virtiofsd binary (defaults to PATH lookup)" + ) + var virtiofsdBinary: String? + + @Option(name: .long, help: "Current working directory") + var cwd: String = "/" + + @Argument(parsing: .captureForPassthrough) + var arguments: [String] = ["/bin/sh"] + + func run() async throws { + #if arch(arm64) + let kernelPlatform = SystemPlatform.linuxArm + #elseif arch(x86_64) + let kernelPlatform = SystemPlatform.linuxAmd + #else + #error("unsupported host architecture for `cctl run` (expected arm64 or x86_64)") + #endif + let imagePlatform = Platform.current + + let kernelObj = Kernel( + path: URL(fileURLWithPath: kernel), + platform: kernelPlatform + ) + + // Wire up the host TTY when there is one. `Terminal.current` walks + // STDERR/STDOUT/STDIN looking for a tty fd and throws if none of + // them is one (e.g. all stdio piped). In that case fall through to + // the non-interactive path so `cctl run /bin/true` still works. + let hostTerminal = try? Terminal.current + if let hostTerminal { + try hostTerminal.setraw() + } + defer { hostTerminal?.tryReset() } + let sigwinchStream = AsyncSignalHandler.create(notify: [SIGWINCH]) + + // Pull the container image and unpack to a per-container ext4 (same + // shape as ContainerManager.unpack on macOS: reuse the existing + // rootfs.ext4 if it's already there, fresh-unpack otherwise). + let imageStore = Application.imageStore + let reference = try Reference.parse(imageReference) + reference.normalize() + let normalizedRef = reference.description + if normalizedRef != imageReference { + print("Reference resolved to \(normalizedRef)") + } + let image = try await imageStore.get(reference: normalizedRef, pull: true) + + let containersRoot = Application.appRoot + .appendingPathComponent("containers") + .appendingPathComponent(id) + try FileManager.default.createDirectory(at: containersRoot, withIntermediateDirectories: true) + let rootfsPath = containersRoot.appendingPathComponent("rootfs.ext4") + + var rootfsMount: Containerization.Mount + do { + let unpacker = EXT4Unpacker(blockSizeInBytes: fsSizeInMB.mib()) + rootfsMount = try await unpacker.unpack(image, for: imagePlatform, at: rootfsPath) + } catch let err as ContainerizationError where err.code == .exists { + rootfsMount = .block( + format: "ext4", + source: rootfsPath.absolutePath(), + destination: "/", + options: [] + ) + } + if readOnly { + rootfsMount.options.append("ro") + } + + let initfsMount = Mount.block( + format: "ext4", + source: initfs, + destination: "/", + options: ["ro"] + ) + + let manager = try CHVirtualMachineManager( + kernel: kernelObj, + initialFilesystem: initfsMount, + chBinary: chBinary.map { URL(fileURLWithPath: $0) }, + virtiofsdBinary: virtiofsdBinary.map { URL(fileURLWithPath: $0) }, + logger: log + ) + + // Seed process config from the image (entrypoint, env, cwd, user), + // then layer user-provided overrides on top — same precedence as + // ContainerManager + macOS Run. + let imageConfig = try await image.config(for: imagePlatform).config + var processConfig = LinuxProcessConfiguration() + if let imageConfig { + processConfig = .init(from: imageConfig) + } + processConfig.arguments = arguments + processConfig.workingDirectory = cwd + if let hostTerminal { + processConfig.setTerminalIO(terminal: hostTerminal) + } + + var interfaces: [any Interface] = [] + var dnsConfig: DNS? = nil + var hostsConfig: Hosts? = nil + + if !noNetwork { + let subnetCIDR = try CIDRv4(subnet) + let gw = try bridgeGateway.map { try IPv4Address($0) } + + let mgr = BridgeManager( + name: bridge, + subnet: subnetCIDR, + gateway: gw, + mtu: 1500, + egressInterface: egress, + enableNAT: enableNAT, + logger: log + ) + try mgr.create() + + var network = try LinuxBridgedNetwork( + subnet: subnetCIDR, + gateway: gw, + bridge: bridge, + mtu: 1500 + ) + if let iface = try network.createInterface(id) { + interfaces.append(iface) + + var h = Hosts.default + h.entries.append( + .init( + ipAddress: iface.ipv4Address.address.description, + hostnames: [id] + )) + hostsConfig = h + + let resolved = + nameservers.isEmpty + ? Self.readHostNameservers() + : nameservers + dnsConfig = DNS(nameservers: resolved) + } + } + + let cpusCount = cpus + let memoryBytes = memory.mib() + let networkInterfaces = interfaces + let useInit = self.`init` + let extraMounts = self.mounts + let runtimePath = self.ociRuntimePath + let dns = dnsConfig + let hosts = hostsConfig + + let container = try LinuxContainer( + id, + rootfs: rootfsMount, + vmm: manager, + logger: log + ) { config in + config.process = processConfig + config.cpus = cpusCount + config.memoryInBytes = memoryBytes + config.interfaces = networkInterfaces + config.useInit = useInit + if let dns { config.dns = dns } + if let hosts { config.hosts = hosts } + + for mount in extraMounts { + let paths = mount.split(separator: ":") + if paths.count != 2 { + throw ContainerizationError( + .invalidArgument, + message: "incorrect mount format detected: \(mount)" + ) + } + config.mounts.append( + Mount.share(source: String(paths[0]), destination: String(paths[1])) + ) + } + + if let runtimePath { + config.ociRuntimePath = runtimePath + config.mounts = LinuxContainer.defaultOCIMounts() + } + } + + try await container.create() + try await container.start() + + // Sync the guest pty winsize to the host on start, and on every + // SIGWINCH while running. Only meaningful when we have a tty. + if let hostTerminal { + try? await container.resize(to: try hostTerminal.size) + } + + let exit = try await withThrowingTaskGroup( + of: Void.self, + returning: ExitStatus.self + ) { group in + if let hostTerminal { + group.addTask { + for await _ in sigwinchStream.signals { + try await container.resize(to: try hostTerminal.size) + } + } + } + let result = try await container.wait() + group.cancelAll() + try await container.stop() + return result + } + + if exit.exitCode != 0 { + throw ExitCode(exit.exitCode) + } + } + + /// Read `nameserver` lines from `/etc/resolv.conf`. Returns + /// `["1.1.1.1"]` if the file is missing or has no entries. + private static func readHostNameservers() -> [String] { + guard let text = try? String(contentsOfFile: "/etc/resolv.conf", encoding: .utf8) else { + return ["1.1.1.1"] + } + let servers = + text + .split(separator: "\n") + .compactMap { line -> String? in + let parts = line.split(separator: " ", maxSplits: 1, omittingEmptySubsequences: true) + guard parts.count == 2, parts[0] == "nameserver" else { return nil } + return String(parts[1]).trimmingCharacters(in: .whitespaces) + } + return servers.isEmpty ? ["1.1.1.1"] : servers + } + } +} +#endif diff --git a/Sources/cctl/cctl+Utils.swift b/Sources/cctl/cctl+Utils.swift new file mode 100644 index 0000000..4c5673d --- /dev/null +++ b/Sources/cctl/cctl+Utils.swift @@ -0,0 +1,53 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Containerization +import ContainerizationError +import ContainerizationOCI +import Foundation + +extension Application { + static func fetchImage(reference: String, store: ImageStore) async throws -> Containerization.Image { + do { + return try await store.get(reference: reference) + } catch let error as ContainerizationError { + if error.code == .notFound { + return try await store.pull(reference: reference) + } + throw error + } + } + + static func parseKeyValuePairs(from items: [String]) -> [String: String] { + var parsedLabels: [String: String] = [:] + for item in items { + let parts = item.split(separator: "=", maxSplits: 1) + guard parts.count == 2 else { + continue + } + let key = String(parts[0]) + let val = String(parts[1]) + parsedLabels[key] = val + } + return parsedLabels + } +} + +extension ContainerizationOCI.Platform { + static var arm64: ContainerizationOCI.Platform { + .init(arch: "arm64", os: "linux", variant: "v8") + } +} diff --git a/Sources/cctl/cctl.swift b/Sources/cctl/cctl.swift new file mode 100644 index 0000000..e2c5413 --- /dev/null +++ b/Sources/cctl/cctl.swift @@ -0,0 +1,88 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationOCI +import Foundation +import Logging + +let log = { + LoggingSystem.bootstrap(StreamLogHandler.standardError) + var log = Logger(label: "com.apple.containerization") + log.logLevel = .debug + return log +}() + +@main +struct Application: AsyncParsableCommand { + static let keychainID = "com.apple.containerization" + static let appRoot: URL = { + FileManager.default.urls( + for: .applicationSupportDirectory, + in: .userDomainMask + ).first! + .appendingPathComponent("com.apple.containerization") + }() + + private static let _contentStore: ContentStore = { + try! LocalContentStore(path: appRoot.appendingPathComponent("content")) + }() + + private static let _imageStore: ImageStore = { + try! ImageStore( + path: appRoot, + contentStore: contentStore + ) + }() + + static var imageStore: ImageStore { + _imageStore + } + + static var contentStore: ContentStore { + _contentStore + } + + static let configuration = CommandConfiguration( + commandName: "cctl", + abstract: "Utility CLI for Containerization", + version: "2.0.0", + subcommands: { + var commands: [any ParsableCommand.Type] = [ + Rootfs.self, + Images.self, + Run.self, + ] + #if os(macOS) + commands.append(Login.self) + #elseif os(Linux) + commands.append(Bridge.self) + #endif + return commands + }() + ) +} + +extension String { + var absoluteURL: URL { + URL(fileURLWithPath: self).absoluteURL + } +} + +extension String: Swift.Error { + +} diff --git a/Tests/CloudHypervisorTests/ClientTests.swift b/Tests/CloudHypervisorTests/ClientTests.swift new file mode 100644 index 0000000..a5678dc --- /dev/null +++ b/Tests/CloudHypervisorTests/ClientTests.swift @@ -0,0 +1,506 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import NIOPosix +import Testing + +@testable import CloudHypervisor + +@Suite("CloudHypervisor.Client") +struct ClientTests { + private static let group = MultiThreadedEventLoopGroup.singleton + + // MARK: - Init + + @Test("Client init succeeds with file:// URL") + func initSucceeds() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let socketURL = URL(filePath: server.socketPath) + let _ = try CloudHypervisor.Client( + socketPath: socketURL, + eventLoopGroup: Self.group + ) + } + + // MARK: - Invalid socket path + + @Test("Client init throws .invalidSocketPath for non-file URL") + func initThrowsForNonFileURL() throws { + let url = try #require(URL(string: "https://example.com")) + #expect(throws: CloudHypervisor.Error.self) { + try CloudHypervisor.Client(socketPath: url, eventLoopGroup: Self.group) + } + } + + // MARK: - Non-2xx response + + @Test("Non-2xx response throws .http with correct status") + func non2xxThrowsHTTPError() async throws { + let body = Data("not found".utf8) + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.notFound, body: body) + } + defer { Task { try? await server.shutdown() } } + + let socketURL = URL(filePath: server.socketPath) + let client = try CloudHypervisor.Client(socketPath: socketURL, eventLoopGroup: Self.group) + + struct Dummy: Decodable, Sendable {} + + do { + let _: Dummy = try await client.get("/api/v1/missing") + Issue.record("Expected .http error but call succeeded") + } catch let err as CloudHypervisor.Error { + guard case .http(let status, let respBody) = err else { + Issue.record("Expected .http, got \(err)") + return + } + #expect(status == .notFound) + #expect(respBody == body) + } catch { + Issue.record("Expected CloudHypervisor.Error but got \(error)") + } + } + + // MARK: - vmmPing + + @Test("vmmPing sends GET /api/v1/vmm.ping and decodes VmmPingResponse") + func vmmPing() async throws { + let expected = CloudHypervisor.VmmPingResponse(version: "v40.0", pid: 12345) + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(expected)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmmPing() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .GET) + #expect(recorded[0].uri == "/api/v1/vmm.ping") + #expect(recorded[0].body.isEmpty) + #expect(result.version == "v40.0") + #expect(result.pid == 12345) + } + + // MARK: - vmmShutdown + + @Test("vmmShutdown sends PUT /api/v1/vmm.shutdown and returns without throwing") + func vmmShutdown() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmmShutdown() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vmm.shutdown") + } + + // MARK: - vmmInfo + + @Test("vmmInfo sends GET /api/v1/vmm.info and decodes VmmInfo") + func vmmInfo() async throws { + let expected = CloudHypervisor.VmmInfo(version: "v40.0", pid: 99) + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(expected)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmmInfo() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .GET) + #expect(recorded[0].uri == "/api/v1/vmm.info") + #expect(result.version == "v40.0") + } + + // MARK: - vmCreate + + @Test("vmCreate sends PUT /api/v1/vm.create with encoded body") + func vmCreate() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let config = CloudHypervisor.VmConfig( + cpus: .init(bootVcpus: 2, maxVcpus: 4), + memory: .init(size: 512 * 1024 * 1024), + payload: .init(kernel: "/boot/vmlinux"), + console: .init(mode: .Null), + serial: .init(mode: .Tty) + ) + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmCreate(config) + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.create") + + let decoded = try JSONDecoder().decode(CloudHypervisor.VmConfig.self, from: recorded[0].body) + #expect(decoded == config) + } + + // MARK: - vmBoot + + @Test("vmBoot sends PUT /api/v1/vm.boot with no body") + func vmBoot() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmBoot() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.boot") + #expect(recorded[0].body.isEmpty) + } + + // Regression: cloud-hypervisor's HTTP parser rejects body-less PUTs + // unless they carry an explicit `Content-Length: 0`. With the + // AsyncHTTPClient transport, that wire shape is produced by + // assigning `request.body = .bytes(ByteBuffer())` so AHC's + // RequestValidation re-derives framing as `known(0)` per RFC 7230 + // §3.3.2. This test asserts the on-the-wire result rather than how + // it's produced, so any future transport change that drops the + // empty-body framing surfaces here. + @Test("Body-less PUT sends Content-Length: 0 with empty body") + func bodylessPUTSendsContentLengthZero() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client( + socketPath: URL(filePath: server.socketPath), + eventLoopGroup: Self.group + ) + try await client.vmBoot() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + let req = try #require(recorded.first) + #expect(req.method == .PUT) + #expect(req.uri == "/api/v1/vm.boot") + #expect(req.body.isEmpty) + #expect(req.headers["Content-Length"].first == "0") + } + + // MARK: - vmShutdown + + @Test("vmShutdown sends PUT /api/v1/vm.shutdown with no body") + func vmShutdown() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmShutdown() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.shutdown") + #expect(recorded[0].body.isEmpty) + } + + // MARK: - vmInfo + + @Test("vmInfo sends GET /api/v1/vm.info and decodes VmInfo") + func vmInfo() async throws { + let expectedConfig = CloudHypervisor.VmConfig( + cpus: .init(bootVcpus: 1, maxVcpus: 1), + memory: .init(size: 256 * 1024 * 1024), + payload: .init(kernel: "/boot/vmlinux"), + console: .init(mode: .Null), + serial: .init(mode: .Null) + ) + let expected = CloudHypervisor.VmInfo(config: expectedConfig, state: .Running) + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(expected)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmInfo() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .GET) + #expect(recorded[0].uri == "/api/v1/vm.info") + #expect(recorded[0].body.isEmpty) + #expect(result == expected) + } + + // MARK: - vmPause + + @Test("vmPause sends PUT /api/v1/vm.pause with no body") + func vmPause() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmPause() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.pause") + #expect(recorded[0].body.isEmpty) + } + + // MARK: - vmResume + + @Test("vmResume sends PUT /api/v1/vm.resume with no body") + func vmResume() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmResume() + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.resume") + #expect(recorded[0].body.isEmpty) + } + + // MARK: - vmAddDisk + + @Test("vmAddDisk sends PUT /api/v1/vm.add-disk and returns PciDeviceInfo") + func vmAddDisk() async throws { + let pciInfo = CloudHypervisor.PciDeviceInfo(id: "_disk0", bdf: "0000:00:01.0") + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(pciInfo)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let config = CloudHypervisor.DiskConfig(path: "/tmp/disk.img", readonly: true, id: "_disk0") + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmAddDisk(config) + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.add-disk") + + let decoded = try JSONDecoder().decode(CloudHypervisor.DiskConfig.self, from: recorded[0].body) + #expect(decoded == config) + #expect(result == pciInfo) + } + + // MARK: - vmAddFs + + @Test("vmAddFs sends PUT /api/v1/vm.add-fs and returns PciDeviceInfo") + func vmAddFs() async throws { + let pciInfo = CloudHypervisor.PciDeviceInfo(id: "_disk0", bdf: "0000:00:01.0") + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(pciInfo)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let config = CloudHypervisor.FsConfig(tag: "myfs", socket: "/tmp/virtiofsd.sock", id: "_fs0") + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmAddFs(config) + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.add-fs") + + let decoded = try JSONDecoder().decode(CloudHypervisor.FsConfig.self, from: recorded[0].body) + #expect(decoded == config) + #expect(result == pciInfo) + } + + // MARK: - vmAddNet + + @Test("vmAddNet sends PUT /api/v1/vm.add-net and returns PciDeviceInfo") + func vmAddNet() async throws { + let pciInfo = CloudHypervisor.PciDeviceInfo(id: "_disk0", bdf: "0000:00:01.0") + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(pciInfo)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let config = CloudHypervisor.NetConfig(tap: "tap0", mac: "AA:BB:CC:DD:EE:FF", id: "_net0") + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmAddNet(config) + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.add-net") + + let decoded = try JSONDecoder().decode(CloudHypervisor.NetConfig.self, from: recorded[0].body) + #expect(decoded == config) + #expect(result == pciInfo) + } + + // MARK: - vmAddVsock + + @Test("vmAddVsock sends PUT /api/v1/vm.add-vsock and returns PciDeviceInfo") + func vmAddVsock() async throws { + let pciInfo = CloudHypervisor.PciDeviceInfo(id: "_disk0", bdf: "0000:00:01.0") + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + (try? StubResponse.json(pciInfo)) ?? StubResponse.ok() + } + defer { Task { try? await server.shutdown() } } + + let config = CloudHypervisor.VsockConfig(cid: 3, socket: "/tmp/vsock.sock", id: "_vsock0") + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + let result = try await client.vmAddVsock(config) + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.add-vsock") + + let decoded = try JSONDecoder().decode(CloudHypervisor.VsockConfig.self, from: recorded[0].body) + #expect(decoded == config) + #expect(result == pciInfo) + } + + // MARK: - vmRemoveDevice + + @Test("vmRemoveDevice sends PUT /api/v1/vm.remove-device with id body") + func vmRemoveDevice() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let client = try CloudHypervisor.Client(socketPath: URL(filePath: server.socketPath), eventLoopGroup: Self.group) + try await client.vmRemoveDevice(id: "_disk0") + + let recorded = server.recordedRequests() + #expect(recorded.count == 1) + #expect(recorded[0].method == .PUT) + #expect(recorded[0].uri == "/api/v1/vm.remove-device") + + struct RemoveRequest: Decodable { let id: String } + let decoded = try JSONDecoder().decode(RemoveRequest.self, from: recorded[0].body) + #expect(decoded.id == "_disk0") + } + + // MARK: - Malformed JSON + + @Test("Malformed JSON on 200 response throws .decoding") + func malformedJSONThrowsDecoding() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.ok(Data("not json".utf8)) + } + defer { Task { try? await server.shutdown() } } + + let socketURL = URL(filePath: server.socketPath) + let client = try CloudHypervisor.Client(socketPath: socketURL, eventLoopGroup: Self.group) + + struct Dummy: Decodable, Sendable {} + + do { + let _: Dummy = try await client.get("/api/v1/vmm.info") + Issue.record("Expected .decoding error but call succeeded") + } catch let err as CloudHypervisor.Error { + guard case .decoding = err else { + Issue.record("Expected .decoding, got \(err)") + return + } + // Expected path — decoding error correctly surfaced. + } catch { + Issue.record("Expected CloudHypervisor.Error but got \(error)") + } + } + + // MARK: - Shutdown ordering + + /// Regression: with a caller-supplied group, `Client.shutdown()` must + /// drain the underlying HTTPClient before the caller tears the group + /// down. Without this, AsyncHTTPClient's deferred connection-cleanup + /// runs on the (now-dead) event loops and SwiftNIO prints + /// "Cannot schedule tasks on an EventLoop that has already shut down". + /// The singleton group used by the rest of this suite can't surface + /// the bug because it never shuts down, so we spin up a dedicated + /// group for the client here. The server stays on the singleton so + /// only the client-side AHC channels are at risk when we shut the + /// owned group down — otherwise the server's own pipeline cleanup + /// would race the same group teardown and confound the test. + @Test("Client.shutdown drains HTTPClient before a caller-owned group is torn down") + func shutdownDrainsHTTPClientBeforeGroup() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + let clientGroup = MultiThreadedEventLoopGroup(numberOfThreads: 2) + let client = try CloudHypervisor.Client( + socketPath: URL(filePath: server.socketPath), + eventLoopGroup: clientGroup + ) + // Round-trip a real request so AHC actually opens a connection + // and parks its post-response cleanup on `clientGroup`. + try await client.vmmShutdown() + + try await client.shutdown() + // Idempotent — a second call must not throw. + try await client.shutdown() + + // The owned group should now be safe to tear down without NIO + // warnings. + try await clientGroup.shutdownGracefully() + } + + @Test("Client.shutdown also tears down the group when the client owns it") + func shutdownOwnsGroup() async throws { + let server = try await StubHTTPServer(eventLoopGroup: Self.group) { _ in + StubResponse.status(.noContent) + } + defer { Task { try? await server.shutdown() } } + + // No eventLoopGroup → client owns its own. + let client = try CloudHypervisor.Client( + socketPath: URL(filePath: server.socketPath) + ) + try await client.vmmShutdown() + try await client.shutdown() + // Idempotent. + try await client.shutdown() + } +} diff --git a/Tests/CloudHypervisorTests/ErrorsTests.swift b/Tests/CloudHypervisorTests/ErrorsTests.swift new file mode 100644 index 0000000..4674222 --- /dev/null +++ b/Tests/CloudHypervisorTests/ErrorsTests.swift @@ -0,0 +1,35 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import NIOHTTP1 +import Testing + +@testable import CloudHypervisor + +@Suite("CloudHypervisor.Error") +struct ErrorsTests { + @Test("http case carries status and body") + func httpCase() { + let err = CloudHypervisor.Error.http(status: .badRequest, body: Data("nope".utf8)) + guard case .http(let status, let body) = err else { + Issue.record("expected .http") + return + } + #expect(status == .badRequest) + #expect(String(data: body, encoding: .utf8) == "nope") + } +} diff --git a/Tests/CloudHypervisorTests/StubHTTPServer.swift b/Tests/CloudHypervisorTests/StubHTTPServer.swift new file mode 100644 index 0000000..9ea545a --- /dev/null +++ b/Tests/CloudHypervisorTests/StubHTTPServer.swift @@ -0,0 +1,203 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import NIOConcurrencyHelpers +import NIOCore +import NIOHTTP1 +import NIOPosix + +// MARK: - StubRequest / StubResponse + +/// An inbound HTTP request captured by the stub server. +struct StubRequest: Sendable { + let method: HTTPMethod + let uri: String + let body: Data + let headers: HTTPHeaders +} + +/// A canned HTTP response produced by the stub server. +struct StubResponse: Sendable { + let status: HTTPResponseStatus + let body: Data + let headers: HTTPHeaders + + static func ok(_ body: Data = .init()) -> StubResponse { + StubResponse(status: .ok, body: body, headers: [:]) + } + + static func json(_ value: T) throws -> StubResponse { + let data = try JSONEncoder().encode(value) + var headers = HTTPHeaders() + headers.add(name: "Content-Type", value: "application/json") + return StubResponse(status: .ok, body: data, headers: headers) + } + + static func status(_ status: HTTPResponseStatus, body: Data = .init()) -> StubResponse { + StubResponse(status: status, body: body, headers: [:]) + } +} + +// MARK: - StubHTTPServer + +/// An in-process HTTP/1.1 server bound to a Unix Domain Socket, used in tests. +/// +/// Example: +/// ```swift +/// let server = try await StubHTTPServer(eventLoopGroup: group) { req in +/// return StubResponse.ok(Data("{}".utf8)) +/// } +/// defer { Task { try? await server.shutdown() } } +/// ``` +final class StubHTTPServer: Sendable { + /// The path to the Unix Domain Socket this server is bound to. + let socketPath: String + + private let channel: Channel + /// Recorded requests, protected by a lock so the test thread can read safely. + private let requests: NIOLockedValueBox<[StubRequest]> + + init( + eventLoopGroup: any EventLoopGroup, + handler: @escaping @Sendable (StubRequest) -> StubResponse + ) async throws { + let sockPath = FileManager.default.temporaryDirectory + .appendingPathComponent("ch-stub-\(UUID().uuidString).sock") + .path + + let requestsBox = NIOLockedValueBox<[StubRequest]>([]) + + let bootstrap = ServerBootstrap(group: eventLoopGroup) + .serverChannelOption(.backlog, value: 256) + .serverChannelOption(.socketOption(.so_reuseaddr), value: 1) + .childChannelInitializer { channel in + channel.eventLoop.makeCompletedFuture { + try channel.pipeline.syncOperations.configureHTTPServerPipeline( + withPipeliningAssistance: false + ) + try channel.pipeline.syncOperations.addHandler( + StubRequestHandler(userHandler: handler, requests: requestsBox) + ) + } + } + + let boundChannel = + try await bootstrap + .bind(unixDomainSocketPath: sockPath, cleanupExistingSocketFile: true) + .get() + + self.socketPath = sockPath + self.channel = boundChannel + self.requests = requestsBox + } + + /// Stop accepting connections and close the listening socket. + func shutdown() async throws { + try await channel.close().get() + try? FileManager.default.removeItem(atPath: socketPath) + } + + /// Returns all requests recorded so far. + func recordedRequests() -> [StubRequest] { + requests.withLockedValue { $0 } + } +} + +// MARK: - StubRequestHandler + +/// Handles a single inbound HTTP/1.1 request, invokes the user handler, and +/// writes the stub response. +/// +/// All ChannelHandler callbacks run on the channel's event loop, so the mutable +/// inbound-state fields need no external synchronisation. The shared `requests` +/// box is still locked because the test thread reads it from outside the loop. +private final class StubRequestHandler: ChannelInboundHandler, @unchecked Sendable { + typealias InboundIn = HTTPServerRequestPart + typealias OutboundOut = HTTPServerResponsePart + + private let userHandler: @Sendable (StubRequest) -> StubResponse + private let requests: NIOLockedValueBox<[StubRequest]> + + // Mutable inbound state — only touched on the event loop. + private var pendingMethod: HTTPMethod? + private var pendingURI: String? + private var pendingHeaders: HTTPHeaders = [:] + private var pendingBody: [UInt8] = [] + + init( + userHandler: @escaping @Sendable (StubRequest) -> StubResponse, + requests: NIOLockedValueBox<[StubRequest]> + ) { + self.userHandler = userHandler + self.requests = requests + } + + func channelRead(context: ChannelHandlerContext, data: NIOAny) { + switch unwrapInboundIn(data) { + case .head(let head): + pendingMethod = head.method + pendingURI = head.uri + pendingHeaders = head.headers + pendingBody = [] + case .body(var buf): + if let bytes = buf.readBytes(length: buf.readableBytes) { + pendingBody.append(contentsOf: bytes) + } + case .end: + guard let method = pendingMethod, let uri = pendingURI else { + context.close(promise: nil) + return + } + let request = StubRequest( + method: method, + uri: uri, + body: Data(pendingBody), + headers: pendingHeaders + ) + requests.withLockedValue { $0.append(request) } + let stubResp = userHandler(request) + writeResponse(context: context, response: stubResp) + } + } + + private func writeResponse(context: ChannelHandlerContext, response: StubResponse) { + var respHeaders = response.headers + respHeaders.replaceOrAdd(name: "Content-Length", value: "\(response.body.count)") + respHeaders.replaceOrAdd(name: "Connection", value: "close") + + let head = HTTPResponseHead(version: .http1_1, status: response.status, headers: respHeaders) + context.write(wrapOutboundOut(.head(head)), promise: nil) + + if !response.body.isEmpty { + var buf = context.channel.allocator.buffer(capacity: response.body.count) + buf.writeBytes(response.body) + context.write(wrapOutboundOut(.body(.byteBuffer(buf))), promise: nil) + } + + // Use NIOLoopBound to safely capture `context` in a @Sendable closure. + // The bound asserts event-loop access; the close runs on the same loop + // as the flush completion, which is correct. + let boundContext = NIOLoopBound(context, eventLoop: context.eventLoop) + context.writeAndFlush(wrapOutboundOut(.end(nil))).whenComplete { _ in + boundContext.value.close(promise: nil) + } + } + + func errorCaught(context: ChannelHandlerContext, error: any Error) { + context.close(promise: nil) + } +} diff --git a/Tests/CloudHypervisorTests/TypesTests.swift b/Tests/CloudHypervisorTests/TypesTests.swift new file mode 100644 index 0000000..8826643 --- /dev/null +++ b/Tests/CloudHypervisorTests/TypesTests.swift @@ -0,0 +1,328 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import CloudHypervisor + +@Suite("CloudHypervisor types") +struct TypesTests { + @Test("VmConfig round-trips through JSON") + func vmConfigRoundTrip() throws { + let cfg = CloudHypervisor.VmConfig( + cpus: CloudHypervisor.CpusConfig(bootVcpus: 2, maxVcpus: 2), + memory: CloudHypervisor.MemoryConfig(size: UInt64(1) << 30), + payload: CloudHypervisor.PayloadConfig( + kernel: "/path/to/vmlinux", + cmdline: "init=/sbin/vminitd ro" + ), + disks: nil, + net: nil, + fs: nil, + vsock: nil, + console: CloudHypervisor.ConsoleConfig(mode: .Null), + serial: CloudHypervisor.ConsoleConfig(mode: .Null) + ) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let data = try encoder.encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.VmConfig.self, from: data) + #expect(decoded == cfg) + + // Verify snake_case keys are emitted. + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"boot_vcpus\"")) + #expect(jsonString.contains("\"max_vcpus\"")) + } + + @Test("CpusConfig round-trips through JSON") + func cpusConfigRoundTrip() throws { + let cfg = CloudHypervisor.CpusConfig(bootVcpus: 4, maxVcpus: 8) + let data = try JSONEncoder().encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.CpusConfig.self, from: data) + #expect(decoded == cfg) + } + + @Test("MemoryConfig round-trips through JSON") + func memoryConfigRoundTrip() throws { + let cfg = CloudHypervisor.MemoryConfig(size: UInt64(2) << 30, hotplugSize: UInt64(1) << 30, mergeable: true) + let data = try JSONEncoder().encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.MemoryConfig.self, from: data) + #expect(decoded == cfg) + } + + @Test("MemoryConfig omits nil optional fields from JSON") + func memoryConfigNilOmission() throws { + let cfg = CloudHypervisor.MemoryConfig(size: UInt64(1) << 30) + let data = try JSONEncoder().encode(cfg) + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(!jsonString.contains("\"hotplug_size\"")) + #expect(!jsonString.contains("\"mergeable\"")) + } + + @Test("PayloadConfig round-trips through JSON") + func payloadConfigRoundTrip() throws { + let cfg = CloudHypervisor.PayloadConfig( + kernel: "/boot/vmlinux", + initramfs: "/boot/initrd", + cmdline: "console=ttyS0" + ) + let data = try JSONEncoder().encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.PayloadConfig.self, from: data) + #expect(decoded == cfg) + } + + @Test("ConsoleConfig round-trips through JSON with capitalized mode strings") + func consoleConfigRoundTrip() throws { + for mode in [ + CloudHypervisor.ConsoleConfig.Mode.Off, + .Pty, + .Tty, + .File, + .Socket, + .Null, + ] { + let cfg = CloudHypervisor.ConsoleConfig(mode: mode) + let data = try JSONEncoder().encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.ConsoleConfig.self, from: data) + #expect(decoded == cfg) + // CH uses capitalized strings: "Off", "Pty", etc. + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"" + mode.rawValue + "\"")) + } + } + + @Test("DiskConfig round-trips through JSON") + func diskConfigRoundTrip() throws { + let cfg = CloudHypervisor.DiskConfig( + path: "/var/lib/disk.raw", + readonly: true, + direct: false, + iommu: nil, + id: "disk0", + pciSegment: 0 + ) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let data = try encoder.encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.DiskConfig.self, from: data) + #expect(decoded == cfg) + + // Verify snake_case key for pci_segment. + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"pci_segment\"")) + } + + @Test("DiskConfig omits nil optional fields from JSON") + func diskConfigNilOmission() throws { + let cfg = CloudHypervisor.DiskConfig(path: "/var/lib/disk.raw") + let data = try JSONEncoder().encode(cfg) + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(!jsonString.contains("\"readonly\"")) + #expect(!jsonString.contains("\"direct\"")) + #expect(!jsonString.contains("\"iommu\"")) + #expect(!jsonString.contains("\"id\"")) + #expect(!jsonString.contains("\"pci_segment\"")) + } + + @Test("NetConfig round-trips through JSON") + func netConfigRoundTrip() throws { + let cfg = CloudHypervisor.NetConfig( + tap: "tap0", + ip: "192.168.0.1", + mask: "255.255.255.0", + mac: "AA:BB:CC:DD:EE:FF", + mtu: 1500, + numQueues: 2, + queueSize: 256, + id: "net0" + ) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let data = try encoder.encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.NetConfig.self, from: data) + #expect(decoded == cfg) + + // Verify snake_case keys. + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"num_queues\"")) + #expect(jsonString.contains("\"queue_size\"")) + } + + @Test("FsConfig round-trips through JSON") + func fsConfigRoundTrip() throws { + let cfg = CloudHypervisor.FsConfig( + tag: "virtiofs0", + socket: "/run/virtiofs.sock", + numQueues: 1, + queueSize: 1024, + id: "fs0", + pciSegment: nil + ) + let data = try JSONEncoder().encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.FsConfig.self, from: data) + #expect(decoded == cfg) + } + + @Test("VsockConfig round-trips through JSON") + func vsockConfigRoundTrip() throws { + let cfg = CloudHypervisor.VsockConfig( + cid: 3, + socket: "/run/vsock.sock", + iommu: false, + id: "vsock0" + ) + let data = try JSONEncoder().encode(cfg) + let decoded = try JSONDecoder().decode(CloudHypervisor.VsockConfig.self, from: data) + #expect(decoded == cfg) + } + + @Test("PciDeviceInfo round-trips through JSON") + func pciDeviceInfoRoundTrip() throws { + let info = CloudHypervisor.PciDeviceInfo(id: "disk0", bdf: "0000:00:03.0") + let data = try JSONEncoder().encode(info) + let decoded = try JSONDecoder().decode(CloudHypervisor.PciDeviceInfo.self, from: data) + #expect(decoded == info) + } + + // MARK: - VmInfo / VmState + + @Test("VmState round-trips through JSON with CH literal strings") + func vmStateRoundTrip() throws { + for state in [ + CloudHypervisor.VmState.Created, + .Running, + .Shutdown, + .Paused, + .BreakPoint, + ] { + let data = try JSONEncoder().encode(state) + let decoded = try JSONDecoder().decode(CloudHypervisor.VmState.self, from: data) + #expect(decoded == state) + // CH uses the capitalized raw string literals exactly. + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"" + state.rawValue + "\"")) + } + } + + @Test("VmInfo round-trips through JSON") + func vmInfoRoundTrip() throws { + let cfg = CloudHypervisor.VmConfig( + cpus: CloudHypervisor.CpusConfig(bootVcpus: 2, maxVcpus: 2), + memory: CloudHypervisor.MemoryConfig(size: UInt64(1) << 30), + payload: CloudHypervisor.PayloadConfig(kernel: "/boot/vmlinux"), + console: CloudHypervisor.ConsoleConfig(mode: .Null), + serial: CloudHypervisor.ConsoleConfig(mode: .Null) + ) + let info = CloudHypervisor.VmInfo( + config: cfg, + state: .Running, + memoryActualSize: 1_073_741_824 + ) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let data = try encoder.encode(info) + let decoded = try JSONDecoder().decode(CloudHypervisor.VmInfo.self, from: data) + #expect(decoded == info) + + // Verify snake_case key is emitted. + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"memory_actual_size\"")) + } + + @Test("VmInfo omits nil optional fields from JSON") + func vmInfoNilOmission() throws { + let cfg = CloudHypervisor.VmConfig( + cpus: CloudHypervisor.CpusConfig(bootVcpus: 1, maxVcpus: 1), + memory: CloudHypervisor.MemoryConfig(size: UInt64(512) << 20), + payload: CloudHypervisor.PayloadConfig(kernel: "/boot/vmlinux"), + console: CloudHypervisor.ConsoleConfig(mode: .Off), + serial: CloudHypervisor.ConsoleConfig(mode: .Off) + ) + let info = CloudHypervisor.VmInfo(config: cfg, state: .Created) + let data = try JSONEncoder().encode(info) + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(!jsonString.contains("\"memory_actual_size\"")) + } + + // MARK: - VmmPingResponse + + @Test("VmmPingResponse round-trips through JSON") + func vmmPingResponseRoundTrip() throws { + let ping = CloudHypervisor.VmmPingResponse( + version: "v40.0", + pid: 12345, + features: ["acpi", "kvm"], + buildVersion: "abc123" + ) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let data = try encoder.encode(ping) + let decoded = try JSONDecoder().decode(CloudHypervisor.VmmPingResponse.self, from: data) + #expect(decoded == ping) + + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"build_version\"")) + } + + @Test("VmmPingResponse omits nil optional fields from JSON") + func vmmPingResponseNilOmission() throws { + let ping = CloudHypervisor.VmmPingResponse(version: "v40.0") + let data = try JSONEncoder().encode(ping) + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(!jsonString.contains("\"pid\"")) + #expect(!jsonString.contains("\"features\"")) + #expect(!jsonString.contains("\"build_version\"")) + } + + // MARK: - VmmInfo + + @Test("VmmInfo round-trips through JSON") + func vmmInfoRoundTrip() throws { + let cfg = CloudHypervisor.VmConfig( + cpus: CloudHypervisor.CpusConfig(bootVcpus: 2, maxVcpus: 2), + memory: CloudHypervisor.MemoryConfig(size: UInt64(1) << 30), + payload: CloudHypervisor.PayloadConfig(kernel: "/boot/vmlinux"), + console: CloudHypervisor.ConsoleConfig(mode: .Null), + serial: CloudHypervisor.ConsoleConfig(mode: .Null) + ) + let vmmInfo = CloudHypervisor.VmmInfo( + version: "v40.0", + pid: 99, + buildVersion: "deadbeef", + config: cfg + ) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let data = try encoder.encode(vmmInfo) + let decoded = try JSONDecoder().decode(CloudHypervisor.VmmInfo.self, from: data) + #expect(decoded == vmmInfo) + + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(jsonString.contains("\"build_version\"")) + } + + @Test("VmmInfo omits nil optional fields from JSON") + func vmmInfoNilOmission() throws { + let vmmInfo = CloudHypervisor.VmmInfo(version: "v40.0") + let data = try JSONEncoder().encode(vmmInfo) + let jsonString = try #require(String(data: data, encoding: .utf8)) + #expect(!jsonString.contains("\"pid\"")) + #expect(!jsonString.contains("\"build_version\"")) + #expect(!jsonString.contains("\"config\"")) + } +} diff --git a/Tests/ContainerizationArchiveTests/ArchiveReaderTests.swift b/Tests/ContainerizationArchiveTests/ArchiveReaderTests.swift new file mode 100644 index 0000000..c7c0e56 --- /dev/null +++ b/Tests/ContainerizationArchiveTests/ArchiveReaderTests.swift @@ -0,0 +1,714 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationArchive + +struct ArchiveReaderTests { + // MARK: - Helper Methods + + func createTestArchive(name: String, entries: [(path: String, type: EntryType, target: String?)]) throws -> URL { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveReaderTests")! + let archiveURL = testDirectory.appendingPathComponent("\(name).tar") + + let archiver = try ArchiveWriter(format: .paxRestricted, filter: .none, file: archiveURL) + + for entry in entries { + let writeEntry = WriteEntry() + writeEntry.path = entry.path + writeEntry.permissions = 0o644 + writeEntry.owner = 1000 + writeEntry.group = 1000 + + switch entry.type { + case .regular(let content): + writeEntry.fileType = .regular + let data = content.data(using: .utf8)! + writeEntry.size = numericCast(data.count) + try archiver.writeEntry(entry: writeEntry, data: data) + case .directory: + writeEntry.fileType = .directory + writeEntry.permissions = 0o755 + writeEntry.size = 0 + try archiver.writeEntry(entry: writeEntry, data: nil) + case .symlink: + guard let target = entry.target else { + throw ArchiveError.failedToExtractArchive("symlink requires target") + } + writeEntry.fileType = .symbolicLink + writeEntry.symlinkTarget = target + writeEntry.size = 0 + try archiver.writeEntry(entry: writeEntry, data: nil) + } + } + + try archiver.finishEncoding() + return archiveURL + } + + func createExtractionDirectory(name: String) throws -> URL { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveReaderTests.\(name)")! + return testDirectory.appendingPathComponent("extract") + } + + enum EntryType { + case regular(String) // Content + case directory + case symlink + } + + // MARK: - Benign Archive Tests + + @Test func extractBenignArchive() throws { + let archiveURL = try createTestArchive( + name: "benign", + entries: [ + ("dir/", .directory, nil), + ("dir/file.txt", .regular("test content"), nil), + ("dir/subdir/", .directory, nil), + ("dir/subdir/file2.txt", .regular("more content"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "benign") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "Benign archive should not reject any entries") + + // Verify files were extracted + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("dir/file.txt").path)) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("dir/subdir/file2.txt").path)) + + // Verify content + let content1 = try String(contentsOf: extractDir.appendingPathComponent("dir/file.txt"), encoding: .utf8) + #expect(content1 == "test content") + + let content2 = try String(contentsOf: extractDir.appendingPathComponent("dir/subdir/file2.txt"), encoding: .utf8) + #expect(content2 == "more content") + } + + @Test func extractRootLevelFile() throws { + let archiveURL = try createTestArchive( + name: "root-level", + entries: [ + ("file.txt", .regular("root file"), nil) + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "root-level") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("file.txt").path)) + + let content = try String(contentsOf: extractDir.appendingPathComponent("file.txt"), encoding: .utf8) + #expect(content == "root file") + } + + // MARK: - Absolute Path Tests + + @Test func convertAbsolutePathToRelative() throws { + let filename1: String = "/tmp/\(UUID())" + let filename2: String = "//tmp//\(UUID())" + let archiveURL = try createTestArchive( + name: "benign-absolute", + entries: [ + ("/tmp/\(filename1)", .regular("hello"), nil), + ("//tmp//\(filename2)", .regular("world"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "benign-absolute") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Absolute paths should be rejected + #expect( + rejectedPaths.isEmpty, + "Expected absolute paths allowed, but got rejected paths \(rejectedPaths)") + + // Verify nothing was extracted to /tmp or /etc + #expect(!FileManager.default.fileExists(atPath: filename1)) + #expect(!FileManager.default.fileExists(atPath: filename2)) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("tmp/\(filename1)").path)) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("tmp/\(filename2)").path)) + } + + // MARK: - Path Traversal Attack Tests + + @Test func rejectPathTraversal() throws { + let archiveURL = try createTestArchive( + name: "evil-traversal", + entries: [ + ("../etc/pwned", .regular("evil"), nil), + ("foo/../../etc/pwned", .regular("evil"), nil), + ("dir/../../../etc/pwned", .regular("evil"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "evil-traversal") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Path traversal entries should be rejected + #expect( + Set(rejectedPaths) == Set(["../etc/pwned", "foo/../../etc/pwned", "dir/../../../etc/pwned"]), + "Expected path traversal entries to be rejected, got \(rejectedPaths)") + + // Verify nothing escaped + let parentDir = extractDir.deletingLastPathComponent() + #expect(!FileManager.default.fileExists(atPath: parentDir.appendingPathComponent("etc/pwned").path)) + } + + @Test func rejectPathTraversalWithValidEntries() throws { + let archiveURL = try createTestArchive( + name: "mixed-traversal", + entries: [ + ("safe.txt", .regular("safe content"), nil), + ("dir/", .directory, nil), + ("dir/file.txt", .regular("also safe"), nil), + ("../etc/pwned", .regular("evil"), nil), + ("more/safe.txt", .regular("still safe"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "mixed-traversal") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Only the path traversal entry should be rejected + #expect( + rejectedPaths == ["../etc/pwned"], + "Expected only path traversal entry to be rejected, got \(rejectedPaths)") + + // Valid entries should have been extracted + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("safe.txt").path)) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("dir/file.txt").path)) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("more/safe.txt").path)) + + // Verify nothing escaped + let parentDir = extractDir.deletingLastPathComponent() + #expect(!FileManager.default.fileExists(atPath: parentDir.appendingPathComponent("etc/pwned").path)) + } + + @Test func rejectDotDotInMiddle() throws { + let archiveURL = try createTestArchive( + name: "evil-dotdot-middle", + entries: [ + ("safe/../pwned.txt", .regular("evil"), nil) + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "evil-dotdot-middle") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths == ["safe/../pwned.txt"]) + #expect(!FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("pwned.txt").path)) + } + + // MARK: - Symlink Attack Tests + + @Test func allowValidSymlink() throws { + let archiveURL = try createTestArchive( + name: "safe-symlink", + entries: [ + ("dir/", .directory, nil), + ("dir/target.txt", .regular("target content"), nil), + ("dir/link", .symlink, "target.txt"), + ("link2", .symlink, "dir/target.txt"), + ("dir/passwd", .symlink, "/etc/passwd"), + ("dir2/passwd", .symlink, "../../../../etc/passwd"), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "safe-symlink") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "Valid symlinks should be allowed") + + // Verify symlinks were created + let linkPath = extractDir.appendingPathComponent("dir/link").path + #expect(FileManager.default.fileExists(atPath: linkPath)) + + let link2Path = extractDir.appendingPathComponent("link2").path + #expect(FileManager.default.fileExists(atPath: link2Path)) + + // Verify symlinks point to correct targets + let linkTarget = try FileManager.default.destinationOfSymbolicLink(atPath: linkPath) + #expect(linkTarget == "target.txt") + + let link2Target = try FileManager.default.destinationOfSymbolicLink(atPath: link2Path) + #expect(link2Target == "dir/target.txt") + } + + @Test func allowSymlinkWithDotDot() throws { + let archiveURL = try createTestArchive( + name: "safe-symlink-dotdot", + entries: [ + ("dir/", .directory, nil), + ("dir/subdir/", .directory, nil), + ("target.txt", .regular("target"), nil), + ("dir/subdir/link", .symlink, "../../target.txt"), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "safe-symlink-dotdot") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "Symlink with .. that stays in root should be allowed") + + let linkPath = extractDir.appendingPathComponent("dir/subdir/link").path + #expect(FileManager.default.fileExists(atPath: linkPath)) + + let linkTarget = try FileManager.default.destinationOfSymbolicLink(atPath: linkPath) + #expect(linkTarget == "../../target.txt") + } + + // MARK: - Deep Nesting Tests + + @Test func extractDeepNesting() throws { + var entries: [(String, EntryType, String?)] = [] + + // Create 50 levels deep + var path = "" + for i in 0..<50 { + if i > 0 { path += "/" } + path += "level\(i)" + entries.append((path + "/", .directory, nil)) + } + entries.append((path + "/deep.txt", .regular("deep file"), nil)) + + let archiveURL = try createTestArchive(name: "deep-nesting", entries: entries) + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "deep-nesting") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty) + + // Verify deep file exists + let deepFilePath = extractDir.appendingPathComponent(path + "/deep.txt").path + #expect(FileManager.default.fileExists(atPath: deepFilePath)) + + let content = try String(contentsOfFile: deepFilePath, encoding: .utf8) + #expect(content == "deep file") + } + + // MARK: - Normalization Tests + + @Test func handleDotSlashPrefix() throws { + let archiveURL = try createTestArchive( + name: "dot-slash", + entries: [ + ("./safe.txt", .regular("content"), nil), + ("./dir/", .directory, nil), + ("./dir/file.txt", .regular("more content"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "dot-slash") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "./ prefix should be normalized and allowed") + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("safe.txt").path)) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("dir/file.txt").path)) + } + + @Test func handleDoubleSlashes() throws { + let archiveURL = try createTestArchive( + name: "double-slash", + entries: [ + ("dir//subdir/", .directory, nil), + ("dir//subdir//file.txt", .regular("content"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "double-slash") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "Double slashes should be normalized") + + // Verify file exists at normalized path + let normalizedPath = "dir/subdir/file.txt" + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent(normalizedPath).path)) + } + + // MARK: - File Permissions Tests + + @Test func preserveFilePermissions() throws { + let archiveURL = try createTestArchive( + name: "permissions", + entries: [ + ("executable.sh", .regular("#!/bin/bash\necho test"), nil) + ]) + + // Manually set executable permissions + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + for (entry, _) in reader { + if entry.path == "executable.sh" { + entry.permissions = 0o755 + } + } + + // Re-create archive with proper permissions + let testDirectory = createTemporaryDirectory(baseName: "ArchiveReaderTests")! + let archiveURL2 = testDirectory.appendingPathComponent("permissions2.tar") + let archiver = try ArchiveWriter(format: .paxRestricted, filter: .none, file: archiveURL2) + + let writeEntry = WriteEntry() + writeEntry.path = "executable.sh" + writeEntry.fileType = .regular + writeEntry.permissions = 0o755 + let data = "#!/bin/bash\necho test".data(using: .utf8)! + writeEntry.size = numericCast(data.count) + try archiver.writeEntry(entry: writeEntry, data: data) + try archiver.finishEncoding() + + defer { try? FileManager.default.removeItem(at: testDirectory) } + + let extractDir = try createExtractionDirectory(name: "permissions") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader2 = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL2) + let rejectedPaths = try reader2.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty) + + // Verify permissions were preserved + let filePath = extractDir.appendingPathComponent("executable.sh").path + let attrs = try FileManager.default.attributesOfItem(atPath: filePath) + let perms = (attrs[.posixPermissions] as? NSNumber)?.uint16Value ?? 0 + let permMask: UInt16 = 0o777 + #expect((perms & permMask) == 0o755, "Permissions should be preserved") + } + + // MARK: - Duplicate Entry Tests + + @Test func duplicateRegularFiles() throws { + let archiveURL = try createTestArchive( + name: "duplicate-regular", + entries: [ + ("file.txt", .regular("first content"), nil), + ("file.txt", .regular("second content"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "duplicate-regular") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Last entry wins - second file should replace first + #expect(rejectedPaths.isEmpty, "Duplicate files follow last-entry-wins") + + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("file.txt").path)) + let content = try String(contentsOf: extractDir.appendingPathComponent("file.txt"), encoding: .utf8) + #expect(content == "second content", "Last entry should win") + } + + @Test func duplicateDirectories() throws { + let archiveURL = try createTestArchive( + name: "duplicate-dirs", + entries: [ + ("dir/", .directory, nil), + ("dir/", .directory, nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "duplicate-dirs") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Both directories should be accepted (merged) + #expect(rejectedPaths.isEmpty, "Duplicate directories should be merged") + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("dir").path)) + } + + @Test func regularFileToDirectory() throws { + let archiveURL = try createTestArchive( + name: "file-to-dir", + entries: [ + ("path", .regular("content"), nil), + ("path/", .directory, nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "file-to-dir") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Directory should replace the file + #expect(rejectedPaths.isEmpty, "Directory should replace regular file") + + let attrs = try FileManager.default.attributesOfItem(atPath: extractDir.appendingPathComponent("path").path) + let fileType = attrs[.type] as? FileAttributeType + #expect(fileType == .typeDirectory, "Path should be a directory") + } + + @Test func directoryToRegularFile() throws { + let archiveURL = try createTestArchive( + name: "dir-to-file", + entries: [ + ("path/", .directory, nil), + ("path", .regular("content"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "dir-to-file") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Last entry wins - file should replace directory + #expect(rejectedPaths.isEmpty, "Regular file should replace directory") + + // Should now be a regular file + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("path").path)) + let content = try String(contentsOf: extractDir.appendingPathComponent("path"), encoding: .utf8) + #expect(content == "content", "Should have file content") + } + + @Test func regularFileToSymlink() throws { + let archiveURL = try createTestArchive( + name: "file-to-symlink", + entries: [ + ("target.txt", .regular("target"), nil), + ("path", .regular("content"), nil), + ("path", .symlink, "target.txt"), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "file-to-symlink") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Last entry wins - symlink should replace file + #expect(rejectedPaths.isEmpty, "Symlink should replace regular file") + + // Should now be a symlink + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("path").path)) + let linkTarget = try FileManager.default.destinationOfSymbolicLink(atPath: extractDir.appendingPathComponent("path").path) + #expect(linkTarget == "target.txt") + } + + @Test func symlinkToRegularFile() throws { + let archiveURL = try createTestArchive( + name: "symlink-to-file", + entries: [ + ("target.txt", .regular("target"), nil), + ("path", .symlink, "target.txt"), + ("path", .regular("new content"), nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "symlink-to-file") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Last entry wins - file should replace symlink + #expect(rejectedPaths.isEmpty, "Regular file should replace symlink") + + // Should now be a regular file + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("path").path)) + let content = try String(contentsOf: extractDir.appendingPathComponent("path"), encoding: .utf8) + #expect(content == "new content") + } + + @Test func symlinkToDirectory() throws { + let archiveURL = try createTestArchive( + name: "symlink-to-dir", + entries: [ + ("target/", .directory, nil), + ("path", .symlink, "target"), + ("path/", .directory, nil), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "symlink-to-dir") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Directory should replace symlink + #expect(rejectedPaths.isEmpty, "Directory should replace symlink") + + // Path should now be a directory + let attrs = try FileManager.default.attributesOfItem(atPath: extractDir.appendingPathComponent("path").path) + let fileType = attrs[.type] as? FileAttributeType + #expect(fileType == .typeDirectory, "Path should be a directory") + } + + @Test func duplicateSymlinks() throws { + let archiveURL = try createTestArchive( + name: "duplicate-symlinks", + entries: [ + ("target1.txt", .regular("target1"), nil), + ("target2.txt", .regular("target2"), nil), + ("link", .symlink, "target1.txt"), + ("link", .symlink, "target2.txt"), + ]) + + defer { try? FileManager.default.removeItem(at: archiveURL.deletingLastPathComponent()) } + + let extractDir = try createExtractionDirectory(name: "duplicate-symlinks") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + // Last entry wins - second symlink should replace first + #expect(rejectedPaths.isEmpty, "Second symlink should replace first") + + let linkTarget = try FileManager.default.destinationOfSymbolicLink(atPath: extractDir.appendingPathComponent("link").path) + #expect(linkTarget == "target2.txt", "Last symlink should win") + } + + // MARK: - Empty Archive Tests + + @Test func rejectEmptyArchive() throws { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveReaderTests")! + let archiveURL = testDirectory.appendingPathComponent("empty.tar") + + let archiver = try ArchiveWriter(format: .paxRestricted, filter: .none, file: archiveURL) + try archiver.finishEncoding() + + defer { try? FileManager.default.removeItem(at: testDirectory) } + + let extractDir = try createExtractionDirectory(name: "empty") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + let reader = try ArchiveReader(format: .paxRestricted, filter: .none, file: archiveURL) + + #expect(throws: ArchiveError.self) { + _ = try reader.extractContents(to: extractDir) + } + } + + // MARK: - Zstd Compression Tests + + @Test func readZstdCompressedArchive() throws { + guard let resourceURL = Bundle.module.url(forResource: "test", withExtension: "tar.zst") else { + Issue.record("Test resource test.tar.zst not found") + return + } + + let extractDir = try createExtractionDirectory(name: "zstd-test") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + // Test with explicit filter + let reader = try ArchiveReader(format: .paxRestricted, filter: .zstd, file: resourceURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "No paths should be rejected") + + // Check extracted files + let testFile = extractDir.appendingPathComponent("test.txt") + let file2 = extractDir.appendingPathComponent("file2.txt") + + #expect(FileManager.default.fileExists(atPath: testFile.path), "test.txt should exist") + #expect(FileManager.default.fileExists(atPath: file2.path), "file2.txt should exist") + + let testContent = try String(contentsOf: testFile, encoding: .utf8) + #expect(testContent == "Hello from zstd compressed archive", "Content should match") + + let file2Content = try String(contentsOf: file2, encoding: .utf8) + #expect(file2Content == "Another file", "Content should match") + } + + @Test func readZstdCompressedArchiveAutoDetect() throws { + guard let resourceURL = Bundle.module.url(forResource: "test", withExtension: "tar.zst") else { + Issue.record("Test resource test.tar.zst not found") + return + } + + let extractDir = try createExtractionDirectory(name: "zstd-auto-test") + defer { try? FileManager.default.removeItem(at: extractDir.deletingLastPathComponent()) } + + // Test with auto-detect + let reader = try ArchiveReader(file: resourceURL) + let rejectedPaths = try reader.extractContents(to: extractDir) + + #expect(rejectedPaths.isEmpty, "No paths should be rejected") + + // Check extracted files + let testFile = extractDir.appendingPathComponent("test.txt") + #expect(FileManager.default.fileExists(atPath: testFile.path), "test.txt should exist") + + let testContent = try String(contentsOf: testFile, encoding: .utf8) + #expect(testContent == "Hello from zstd compressed archive", "Content should match") + } +} diff --git a/Tests/ContainerizationArchiveTests/ArchiveTests.swift b/Tests/ContainerizationArchiveTests/ArchiveTests.swift new file mode 100644 index 0000000..079261b --- /dev/null +++ b/Tests/ContainerizationArchiveTests/ArchiveTests.swift @@ -0,0 +1,837 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationArchive + +struct ArchiveTests { + func helperEntry(path: String, data: Data) -> WriteEntry { + let entry = WriteEntry() + entry.permissions = 0o644 + entry.fileType = .regular + entry.path = path + entry.size = numericCast(data.count) + entry.owner = 1 + entry.group = 2 + entry.xattrs = ["user.data": Data([1, 2, 3])] + return entry + } + + @Test func createTemporaryDirectorySuccess() throws { + // Test that createTemporaryDirectory creates a directory with randomized suffix + let baseName = "ArchiveTests.testTempDir" + guard let tempDir = createTemporaryDirectory(baseName: baseName) else { + Issue.record("createTemporaryDirectory returned nil") + return + } + + defer { + let fileManager = FileManager.default + try? fileManager.removeItem(at: tempDir) + } + + // Verify the directory exists + var isDirectory: ObjCBool = false + let fileManager = FileManager.default + let exists = fileManager.fileExists(atPath: tempDir.path, isDirectory: &isDirectory) + #expect(exists) + #expect(isDirectory.boolValue) + + // Verify the directory name starts with the base name + let lastComponent = tempDir.lastPathComponent + #expect(lastComponent.starts(with: baseName)) + + // Verify that mkdtemp replaced the X's with random characters + // (should be 6 random alphanumeric characters after the base name and dot) + let suffix = String(lastComponent.dropFirst(baseName.count + 1)) // +1 for the dot + #expect(suffix.count == 6, "Expected 6 character suffix, got \(suffix.count)") + #expect(suffix != "XXXXXX", "mkdtemp did not replace X's with random characters") + + // Verify we can write to the directory + let testFile = tempDir.appendingPathComponent("test.txt") + try "test content".write(toFile: testFile.path, atomically: true, encoding: .utf8) + #expect(fileManager.fileExists(atPath: testFile.path)) + } + + @Test func tarUTF8() throws { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveTests.testTarUTF8")! + let archiveURL = testDirectory.appendingPathComponent("test.tgz") + + defer { + let fileManager = FileManager.default + try? fileManager.removeItem(at: testDirectory) + } + + // this test would failed with ArchiveWriterConfiguration.locale was not set to "en_US.UTF-8" + let archiver = try ArchiveWriter(format: .paxRestricted, filter: .gzip, file: archiveURL) + + let data = "blablabla".data(using: .utf8)! + + let normalPathEntry = helperEntry(path: "r", data: data) + #expect(throws: Never.self) { + try archiver.writeEntry(entry: normalPathEntry, data: data) + } + + let weirdPathEntry = helperEntry(path: "ʀ", data: data) + #expect(throws: Never.self) { + try archiver.writeEntry(entry: weirdPathEntry, data: data) + } + } + + @Test func tarGzipWithOpenfile() throws { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveTests.testTarGzipWithOpenfile")! + let archiveURL = testDirectory.appendingPathComponent("test.tgz") + + defer { + let fileManager = FileManager.default + try? fileManager.removeItem(at: testDirectory) + } + + let configuration = ArchiveWriterConfiguration( + format: .paxRestricted, + filter: .gzip + ) + let archiver = try ArchiveWriter(configuration: configuration) + try archiver.open(file: archiveURL) + + let data = "foo".data(using: .utf8)! + + let normalPathEntry = helperEntry(path: "bar", data: data) + #expect(throws: Never.self) { + try archiver.writeEntry(entry: normalPathEntry, data: data) + } + + try archiver.finishEncoding() + } + + @Test func writingZip() throws { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveTests.testWritingZip")! + let archiveURL = testDirectory.appendingPathComponent("test.zip") + + defer { + let fileManager = FileManager.default + try? fileManager.removeItem(at: testDirectory) + } + + // When + let archiver = try ArchiveWriter(format: .zip, filter: .none, file: archiveURL) + + var data = "foo".data(using: .utf8)! + var entry = helperEntry(path: "foo.txt", data: data) + try archiver.writeEntry(entry: entry, data: data) + + data = "bar".data(using: .utf8)! + entry = helperEntry(path: "bar.txt", data: data) + try archiver.writeEntry(entry: entry, data: data) + + data = Data() + entry = helperEntry(path: "empty", data: data) + try archiver.writeEntry(entry: entry, data: data) + + try archiver.finishEncoding() + + // Then + let unarchiver = try ArchiveReader(format: .zip, filter: .none, file: archiveURL) + for (index, (entry, data)) in unarchiver.enumerated() { + #expect(entry.owner == 1) + #expect(entry.group == 2) + switch index { + case 0: + #expect(entry.path == "foo.txt") + #expect(String(data: data, encoding: .utf8) == "foo") + case 1: + #expect(entry.path == "bar.txt") + #expect(String(data: data, encoding: .utf8) == "bar") + case 2: + #expect(entry.path == "empty") + #expect(data.isEmpty) + default: + Issue.record() + } + } + } + + @Test func unarchiving_0bytesEntry() throws { + let data = Data(base64Encoded: surveyBundleBase64Encoded)! + let unarchiver = try ArchiveReader(name: "survey.zip", bundle: data) + for (index, (entry, data)) in unarchiver.enumerated() { + switch index { + case 0: + #expect(entry.path == "healthinvolvement.js") + #expect(!data.isEmpty) + case 1: + #expect(entry.path == "__MACOSX/") + #expect(data.isEmpty) + case 2: + #expect(entry.path == "__MACOSX/._healthinvolvement.js") + #expect(!data.isEmpty) + default: + Issue.record() + } + } + } + + @Test func writingReadingTar() throws { + let testDirectory = createTemporaryDirectory(baseName: "ArchiveTests.testWritingReadingTar")! + let archiveURL = testDirectory.appendingPathComponent("test.tar.gz") + defer { + let fileManager = FileManager.default + try? fileManager.removeItem(at: testDirectory) + } + + let archiver = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + let data = "foo".data(using: .utf8)! + let entry = helperEntry(path: "foo.txt", data: data) + try archiver.writeEntry(entry: entry, data: data) + try archiver.finishEncoding() + + let unarchiver = try ArchiveReader(format: .pax, filter: .gzip, file: archiveURL) + for (entry, _) in unarchiver { + let attrs = entry.xattrs + guard let val = attrs["user.data"] else { + Issue.record("missing extended attribute [user.data] in file") + return + } + #expect([UInt8](val) == [1, 2, 3]) + } + } + + // MARK: - archiveDirectory round-trip tests + + @Test func archiveDirectoryBasic() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirBasic")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "hello".write(to: sourceDir.appendingPathComponent("file1.txt"), atomically: true, encoding: .utf8) + + let subDir = sourceDir.appendingPathComponent("subdir") + try FileManager.default.createDirectory(at: subDir, withIntermediateDirectories: true) + try "world".write(to: subDir.appendingPathComponent("file2.txt"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("file1.txt"), encoding: .utf8) == "hello") + #expect(try String(contentsOf: extractDir.appendingPathComponent("subdir/file2.txt"), encoding: .utf8) == "world") + } + + @Test func archiveDirectoryEmpty() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirEmpty")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("empty") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + // Empty directory archive should succeed with the leading "./" entry. + let rejected = try reader.extractContents(to: extractDir) + #expect(rejected.isEmpty) + #expect(FileManager.default.fileExists(atPath: extractDir.path)) + } + + @Test func archiveDirectoryNestedEmpty() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirNestedEmpty")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try FileManager.default.createDirectory( + at: sourceDir.appendingPathComponent("a/b/c"), withIntermediateDirectories: true) + try FileManager.default.createDirectory( + at: sourceDir.appendingPathComponent("empty"), withIntermediateDirectories: true) + try "data".write(to: sourceDir.appendingPathComponent("a/file.txt"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("a/file.txt"), encoding: .utf8) == "data") + + var isDir: ObjCBool = false + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("a/b/c").path, isDirectory: &isDir)) + #expect(isDir.boolValue) + #expect(FileManager.default.fileExists(atPath: extractDir.appendingPathComponent("empty").path, isDirectory: &isDir)) + #expect(isDir.boolValue) + } + + @Test func archiveDirectoryDeepNesting() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirDeep")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + var deepPath = sourceDir + for i in 0..<20 { + deepPath = deepPath.appendingPathComponent("level\(i)") + } + try FileManager.default.createDirectory(at: deepPath, withIntermediateDirectories: true) + try "deep content".write(to: deepPath.appendingPathComponent("deep.txt"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + + var expectedPath = extractDir + for i in 0..<20 { + expectedPath = expectedPath.appendingPathComponent("level\(i)") + } + #expect(try String(contentsOf: expectedPath.appendingPathComponent("deep.txt"), encoding: .utf8) == "deep content") + } + + @Test func archiveDirectorySymlinkInside() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirSymlinkInside")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "target content".write(to: sourceDir.appendingPathComponent("target.txt"), atomically: true, encoding: .utf8) + try FileManager.default.createSymbolicLink( + atPath: sourceDir.appendingPathComponent("link.txt").path, + withDestinationPath: "target.txt" + ) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("target.txt"), encoding: .utf8) == "target content") + + let linkDest = try FileManager.default.destinationOfSymbolicLink(atPath: extractDir.appendingPathComponent("link.txt").path) + #expect(linkDest == "target.txt") + } + + @Test func archiveDirectorySymlinkOutsideExcluded() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirSymlinkOutside")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "inside".write(to: sourceDir.appendingPathComponent("file.txt"), atomically: true, encoding: .utf8) + + // Create a file outside the source directory + try "outside".write(to: testDir.appendingPathComponent("outside.txt"), atomically: true, encoding: .utf8) + + // Symlink pointing outside the source directory + try FileManager.default.createSymbolicLink( + atPath: sourceDir.appendingPathComponent("escape.txt").path, + withDestinationPath: "../outside.txt" + ) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + // Verify the archive doesn't contain the escaping symlink + let reader = try ArchiveReader(file: archiveURL) + var paths: [String] = [] + for (entry, _) in reader { + if let path = entry.path { + paths.append(path) + } + } + #expect(!paths.contains("escape.txt"), "Symlink pointing outside should be excluded from archive") + #expect(paths.contains("file.txt"), "Regular file should be included") + } + + @Test func archiveDirectorySpecialCharacters() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirSpecialChars")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "spaces".write(to: sourceDir.appendingPathComponent("file with spaces.txt"), atomically: true, encoding: .utf8) + try "unicode".write(to: sourceDir.appendingPathComponent("日本語.txt"), atomically: true, encoding: .utf8) + try "dashes".write(to: sourceDir.appendingPathComponent("file-name_v2.0.txt"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("file with spaces.txt"), encoding: .utf8) == "spaces") + #expect(try String(contentsOf: extractDir.appendingPathComponent("日本語.txt"), encoding: .utf8) == "unicode") + #expect(try String(contentsOf: extractDir.appendingPathComponent("file-name_v2.0.txt"), encoding: .utf8) == "dashes") + } + + @Test func archiveDirectoryDotfiles() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirDotfiles")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "hidden".write(to: sourceDir.appendingPathComponent(".hidden"), atomically: true, encoding: .utf8) + try "gitignore".write(to: sourceDir.appendingPathComponent(".gitignore"), atomically: true, encoding: .utf8) + try "visible".write(to: sourceDir.appendingPathComponent("visible.txt"), atomically: true, encoding: .utf8) + + let hiddenDir = sourceDir.appendingPathComponent(".config") + try FileManager.default.createDirectory(at: hiddenDir, withIntermediateDirectories: true) + try "config".write(to: hiddenDir.appendingPathComponent("settings.json"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent(".hidden"), encoding: .utf8) == "hidden") + #expect(try String(contentsOf: extractDir.appendingPathComponent(".gitignore"), encoding: .utf8) == "gitignore") + #expect(try String(contentsOf: extractDir.appendingPathComponent("visible.txt"), encoding: .utf8) == "visible") + #expect(try String(contentsOf: extractDir.appendingPathComponent(".config/settings.json"), encoding: .utf8) == "config") + } + + @Test func archiveDirectoryPreservesPermissions() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirPerms")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + + let execFile = sourceDir.appendingPathComponent("script.sh") + try "#!/bin/sh\necho hi".write(to: execFile, atomically: true, encoding: .utf8) + try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: execFile.path) + + let readOnly = sourceDir.appendingPathComponent("readonly.txt") + try "secret".write(to: readOnly, atomically: true, encoding: .utf8) + try FileManager.default.setAttributes([.posixPermissions: 0o444], ofItemAtPath: readOnly.path) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + + let execAttrs = try FileManager.default.attributesOfItem(atPath: extractDir.appendingPathComponent("script.sh").path) + let execPerms = (execAttrs[.posixPermissions] as? NSNumber)?.uint16Value ?? 0 + #expect((execPerms & 0o777) == 0o755, "Executable permissions should be preserved") + + let roAttrs = try FileManager.default.attributesOfItem(atPath: extractDir.appendingPathComponent("readonly.txt").path) + let roPerms = (roAttrs[.posixPermissions] as? NSNumber)?.uint16Value ?? 0 + #expect((roPerms & 0o777) == 0o444, "Read-only permissions should be preserved") + } + + @Test func archiveDirectoryLargeFile() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirLargeFile")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + + // 2MB file with repeating pattern + let pattern = Data("ContainerizationArchiveTestPattern\n".utf8) + var largeData = Data(capacity: 2 * 1024 * 1024) + while largeData.count < 2 * 1024 * 1024 { + largeData.append(pattern) + } + largeData = largeData.prefix(2 * 1024 * 1024) + try largeData.write(to: sourceDir.appendingPathComponent("large.bin")) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + + let extracted = try Data(contentsOf: extractDir.appendingPathComponent("large.bin")) + #expect(extracted == largeData, "Large file content should match after round-trip") + } + + @Test func archiveDirectoryManyFiles() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirManyFiles")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + + // Create 100 files + for i in 0..<100 { + try "content \(i)".write( + to: sourceDir.appendingPathComponent("file_\(String(format: "%03d", i)).txt"), + atomically: true, encoding: .utf8) + } + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + + for i in 0..<100 { + let content = try String( + contentsOf: extractDir.appendingPathComponent("file_\(String(format: "%03d", i)).txt"), + encoding: .utf8) + #expect(content == "content \(i)") + } + } + + @Test func archiveDirectorySingleFile() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirSingle")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "only file".write(to: sourceDir.appendingPathComponent("only.txt"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("only.txt"), encoding: .utf8) == "only file") + } + + // MARK: - archive tests + + @Test func archiveURLsBasic() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsBasic")! + defer { try? FileManager.default.removeItem(at: testDir) } + + try "alpha content".write(to: testDir.appendingPathComponent("alpha.txt"), atomically: true, encoding: .utf8) + try "beta content".write(to: testDir.appendingPathComponent("beta.txt"), atomically: true, encoding: .utf8) + + let files: [FilePath] = [ + FilePath(testDir.appendingPathComponent("alpha.txt").path), + FilePath(testDir.appendingPathComponent("beta.txt").path), + ] + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive(files, base: FilePath(testDir.path)) + try writer.finishEncoding() + + var entries: [String: String] = [:] + let reader = try ArchiveReader(file: archiveURL) + for (entry, data) in reader { + if let path = entry.path, let content = String(data: data, encoding: .utf8) { + entries[path] = content + } + } + #expect(entries["alpha.txt"] == "alpha content") + #expect(entries["beta.txt"] == "beta content") + } + + @Test func archiveURLsEmpty() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsEmpty")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + #expect(throws: Never.self) { + try writer.archive([], base: FilePath(testDir.path)) + } + try writer.finishEncoding() + + var count = 0 + let reader = try ArchiveReader(file: archiveURL) + for _ in reader { count += 1 } + #expect(count == 0) + } + + @Test func archiveURLsSingle() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsSingle")! + defer { try? FileManager.default.removeItem(at: testDir) } + + try "only content".write(to: testDir.appendingPathComponent("only.txt"), atomically: true, encoding: .utf8) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive([FilePath(testDir.appendingPathComponent("only.txt").path)], base: FilePath(testDir.path)) + try writer.finishEncoding() + + var entries: [String: String] = [:] + let reader = try ArchiveReader(file: archiveURL) + for (entry, data) in reader { + if let path = entry.path, let content = String(data: data, encoding: .utf8) { + entries[path] = content + } + } + #expect(entries.count == 1) + #expect(entries["only.txt"] == "only content") + } + + @Test func archiveURLsPreservesPermissions() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsPerms")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let execFile = testDir.appendingPathComponent("script.sh") + try "#!/bin/sh\necho hi".write(to: execFile, atomically: true, encoding: .utf8) + try FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: execFile.path) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive([FilePath(execFile.path)], base: FilePath(testDir.path)) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + let attrs = try FileManager.default.attributesOfItem(atPath: extractDir.appendingPathComponent("script.sh").path) + let perms = (attrs[.posixPermissions] as? NSNumber)?.uint16Value ?? 0 + #expect((perms & 0o777) == 0o755) + } + + @Test func archiveURLsNestedDirectories() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsNested")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir.appendingPathComponent("a"), withIntermediateDirectories: true) + try FileManager.default.createDirectory(at: sourceDir.appendingPathComponent("b/c"), withIntermediateDirectories: true) + try "top content".write(to: sourceDir.appendingPathComponent("top.txt"), atomically: true, encoding: .utf8) + try "a content".write(to: sourceDir.appendingPathComponent("a/deep.txt"), atomically: true, encoding: .utf8) + try "nested content".write(to: sourceDir.appendingPathComponent("b/c/nested.txt"), atomically: true, encoding: .utf8) + + let files: [FilePath] = [ + FilePath(sourceDir.appendingPathComponent("top.txt").path), + FilePath(sourceDir.appendingPathComponent("a/deep.txt").path), + FilePath(sourceDir.appendingPathComponent("b/c/nested.txt").path), + ] + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive(files, base: FilePath(sourceDir.path)) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("top.txt"), encoding: .utf8) == "top content") + #expect(try String(contentsOf: extractDir.appendingPathComponent("a/deep.txt"), encoding: .utf8) == "a content") + #expect(try String(contentsOf: extractDir.appendingPathComponent("b/c/nested.txt"), encoding: .utf8) == "nested content") + } + + @Test func archiveURLsWithDirectoryURL() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsWithDir")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + try "top content".write(to: sourceDir.appendingPathComponent("top.txt"), atomically: true, encoding: .utf8) + + let subDir = sourceDir.appendingPathComponent("subdir") + try FileManager.default.createDirectory(at: subDir.appendingPathComponent("nested"), withIntermediateDirectories: true) + try "sub content".write(to: subDir.appendingPathComponent("sub.txt"), atomically: true, encoding: .utf8) + try "deep content".write(to: subDir.appendingPathComponent("nested/deep.txt"), atomically: true, encoding: .utf8) + + let urls: [FilePath] = [ + FilePath(sourceDir.appendingPathComponent("top.txt").path), + FilePath(subDir.path), + ] + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive(urls, base: FilePath(sourceDir.path)) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect(try String(contentsOf: extractDir.appendingPathComponent("top.txt"), encoding: .utf8) == "top content") + #expect(try String(contentsOf: extractDir.appendingPathComponent("subdir/sub.txt"), encoding: .utf8) == "sub content") + #expect(try String(contentsOf: extractDir.appendingPathComponent("subdir/nested/deep.txt"), encoding: .utf8) == "deep content") + } + + @Test func archiveURLsDirectoryPreservesPermissions() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsDirPerms")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + let readonlyDir = sourceDir.appendingPathComponent("readonly") + try FileManager.default.createDirectory(at: readonlyDir, withIntermediateDirectories: true) + try "content".write(to: readonlyDir.appendingPathComponent("file.txt"), atomically: true, encoding: .utf8) + try FileManager.default.setAttributes([.posixPermissions: 0o777], ofItemAtPath: readonlyDir.path) + defer { + try? FileManager.default.setAttributes([.posixPermissions: 0o755], ofItemAtPath: readonlyDir.path) + } + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive([FilePath(readonlyDir.path)], base: FilePath(sourceDir.path)) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + #expect( + try String(contentsOf: extractDir.appendingPathComponent("readonly/file.txt"), encoding: .utf8) + == "content") + let attrs = try FileManager.default.attributesOfItem(atPath: extractDir.appendingPathComponent("readonly").path) + let perms = (attrs[.posixPermissions] as? NSNumber)?.uint16Value ?? 0 + #expect((perms & 0o777) == 0o777, "Read-only directory permissions should be preserved") + } + + @Test func archiveURLsSymlinks() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveURLsSymlinks")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + try FileManager.default.createDirectory(at: sourceDir, withIntermediateDirectories: true) + + let fileURL = sourceDir.appendingPathComponent("file.txt") + try "symlink content".write(to: fileURL, atomically: true, encoding: .utf8) + + try FileManager.default.createSymbolicLink( + atPath: sourceDir.appendingPathComponent("absolute").path, + withDestinationPath: fileURL.path + ) + try FileManager.default.createSymbolicLink( + atPath: sourceDir.appendingPathComponent("relative").path, + withDestinationPath: "file.txt" + ) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archive([FilePath(sourceDir.path)], base: FilePath(testDir.path)) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + + let extractedSource = extractDir.appendingPathComponent("source") + #expect( + try String(contentsOf: extractedSource.appendingPathComponent("file.txt"), encoding: .utf8) + == "symlink content") + + let relTarget = try FileManager.default.destinationOfSymbolicLink( + atPath: extractedSource.appendingPathComponent("relative").path) + #expect(relTarget == "file.txt") + #expect( + try String(contentsOf: extractedSource.appendingPathComponent("relative"), encoding: .utf8) + == "symlink content") + + let absTarget = try FileManager.default.destinationOfSymbolicLink( + atPath: extractedSource.appendingPathComponent("absolute").path) + + print("absTarget: \(absTarget), fileURL: \(fileURL.path)") + #expect(absTarget == fileURL.path) + } + + @Test func archiveDirectorySymlinkRelativeSubdir() throws { + let testDir = createTemporaryDirectory(baseName: "ArchiveTests.archiveDirSymlinkRelSubdir")! + defer { try? FileManager.default.removeItem(at: testDir) } + + let sourceDir = testDir.appendingPathComponent("source") + let subA = sourceDir.appendingPathComponent("a") + let subB = sourceDir.appendingPathComponent("b") + try FileManager.default.createDirectory(at: subA, withIntermediateDirectories: true) + try FileManager.default.createDirectory(at: subB, withIntermediateDirectories: true) + try "in a".write(to: subA.appendingPathComponent("file.txt"), atomically: true, encoding: .utf8) + + // Symlink from b/link.txt -> ../a/file.txt (relative, stays inside) + try FileManager.default.createSymbolicLink( + atPath: subB.appendingPathComponent("link.txt").path, + withDestinationPath: "../a/file.txt" + ) + + let archiveURL = testDir.appendingPathComponent("test.tar.gz") + let writer = try ArchiveWriter(format: .pax, filter: .gzip, file: archiveURL) + try writer.archiveDirectory(sourceDir) + try writer.finishEncoding() + + let extractDir = testDir.appendingPathComponent("extract") + let reader = try ArchiveReader(file: archiveURL) + let rejected = try reader.extractContents(to: extractDir) + + #expect(rejected.isEmpty) + + let linkDest = try FileManager.default.destinationOfSymbolicLink( + atPath: extractDir.appendingPathComponent("b/link.txt").path) + #expect(linkDest == "../a/file.txt") + + // Verify the symlink resolves correctly + let content = try String(contentsOf: extractDir.appendingPathComponent("b/link.txt"), encoding: .utf8) + #expect(content == "in a") + } +} + +private let surveyBundleBase64Encoded = """ + UEsDBBQACAAIAA17o04AAAAAAAAAAAAAAAAUABAAaGVhbHRoaW52b2x2ZW1lbnQuanNVWAwAQ8XMXJm/zFz1ARQAnVVRa9swEH73rzjylMLwmu3NJexhDLqxroPAYIxRFPsca5UlT5LteSH/fSdZdu02LqMiEEl3uvv06e5zwzRwyS1n4q4qmEHYwjECGn6VwKrSXGluu9Urv50rXSbBxWBquZImgR9+/Wgcz226IVTKBP+L2We2R0E5rlULrapFBp2qYY/GQoYm1XyPbsdBbJRosERpaQ7cmBoNaBTMYgZW9V4FMmGLdwBfBbqrpIVS9KckxgH9mXGPHSGYJFh2ZdK0qJPli9mucpTtuDwIfF8onuJytNTbl8ibj+NTzr4oC4x+QgzsZDHcdIGElGmESquGZ6gh45qeykDpyAgeI3s9mcQQNEzUhP8STougn4W0UyW2BbMTQB8h9e9KD5kpogVKRcDowUom2QGhHABP8m9emv8b6m6W29KacrVK3wMzwMAiK6HldPvyPFPPI3vzUmQf/lhNxSXm8FQrH9JQdWVA6JgEljUUwKJrNnIwKPIJiLf/BeLnksvyYW5uK9fPjBDnTBg853h6vNknOkWnKMpr6QUB0EGlC6yxoYa6CA3TkNYMGuMNsV9dRd7Kc1gH63brGtKL0upi0m0aba3lXK9C9mhiP47alVHrrxaw3Wk0FYkXmvU4G5KFQOP+LADVyoEsZn65cOR2/4s6LSZRCfb4IXgsUB7ooV/DxgV0dPymznNBJaMOHaWXKlFannOnNatUlTFLWxRCUtJ4diLuS+epeFluhSPgxtWya7vvTh+vvXdw6QXWP7hTYG/q4BP5SexgV+sGB81vUJvebRNfDt+BQEcyEtrvh5XSyRmme5eBwGScOTqi2c2uon9QSwcIxOijbWkCAACaBgAAUEsDBAoAAAAAAFV+o04AAAAAAAAAAAAAAAAJABAAX19NQUNPU1gvVVgMAMHFzFzBxcxc9QEUAFBLAwQUAAgACAANe6NOAAAAAAAAAAAAAAAAHwAQAF9fTUFDT1NYLy5faGVhbHRoaW52b2x2ZW1lbnQuanNVWAwAQ8XMXJm/zFz1ARQAjY/NSsNAEMcnRfHjVBA9eLGiHjy0m5qkDa2XtGlrwVKxAUUUWZMpiW4+mmzrxZtP4pOINw8efQXx6BMIbmigUBAd2P/MDr8/MwOLG0uQA+hRu9AfFM4LWaQ9WBHvAED6Eln8c9vwrzAs63RapQ5pVxTfc8hC1s8DbNqhX6JRxLDEaMLHCToO5bhzMpiikipEA9ifcT5yKhhau+uZXY6+Gd4HLKQOOqZwph5PyAPA3u+eMxdjbMehn6T8h5BDgPUZPxrTmAbcCxDen98u002cz9dymm8i5iVclp8kxXghV7j1eLO8mi0rZQfm5g5em5mu8z2X8yipERJhFGFsu5RnU8V8MvQYJqRMNLVK/LDV71iMWW583OyY5Agp4243mIRsgj4GvHSb/Dn7YkRkWVfqmk1RV3RaH9Ahjb16y6hUKxVNK8rtcqOo6kIastooNlXT1IyWoTYVA34AUEsHCAK+cV1ZAQAAIQIAAFBLAQIVAxQACAAIAA17o07E6KNtaQIAAJoGAAAUAAwAAAAAAAAAAECkgQAAAABoZWFsdGhpbnZvbHZlbWVudC5qc1VYCABDxcxcmb/MXFBLAQIVAwoAAAAAAFV+o04AAAAAAAAAAAAAAAAJAAwAAAAAAAAAAED9QbsCAABfX01BQ09TWC9VWAgAwcXMXMHFzFxQSwECFQMUAAgACAANe6NOAr5xXVkBAAAhAgAAHwAMAAAAAAAAAABApIHyAgAAX19NQUNPU1gvLl9oZWFsdGhpbnZvbHZlbWVudC5qc1VYCABDxcxcmb/MXFBLBQYAAAAAAwADAOoAAACoBAAAAAA= + """ diff --git a/Tests/ContainerizationArchiveTests/Resources/test.tar.zst b/Tests/ContainerizationArchiveTests/Resources/test.tar.zst new file mode 100644 index 0000000..da79af3 Binary files /dev/null and b/Tests/ContainerizationArchiveTests/Resources/test.tar.zst differ diff --git a/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/48a06049d3738991b011ca8b12473d712b7c40666a1462118dae3c403676afc2 b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/48a06049d3738991b011ca8b12473d712b7c40666a1462118dae3c403676afc2 new file mode 100644 index 0000000..82f5a65 --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/48a06049d3738991b011ca8b12473d712b7c40666a1462118dae3c403676afc2 @@ -0,0 +1,21 @@ +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "config": { + "mediaType": "application/vnd.oci.image.config.v1+json", + "digest": "sha256:8e2eb240a6cd7be1a0d308125afe0060b020e89275ced2e729eda7d4eeff62a2", + "size": 824 + }, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c6b39de5b33961661dc939b997cc1d30cda01e38005a6c6625fd9c7e748bab44", + "size": 3333361 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "size": 32 + } + ] +} \ No newline at end of file diff --git a/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 new file mode 100644 index 0000000..8de8682 Binary files /dev/null and b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 differ diff --git a/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/8e2eb240a6cd7be1a0d308125afe0060b020e89275ced2e729eda7d4eeff62a2 b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/8e2eb240a6cd7be1a0d308125afe0060b020e89275ced2e729eda7d4eeff62a2 new file mode 100644 index 0000000..bb7c410 --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/8e2eb240a6cd7be1a0d308125afe0060b020e89275ced2e729eda7d4eeff62a2 @@ -0,0 +1 @@ +{"architecture":"arm64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"],"OnBuild":null},"created":"2024-03-16T00:09:03.929767682Z","history":[{"created":"2024-01-26T23:44:55.650290626Z","created_by":"/bin/sh -c #(nop) ADD file:6dc287a22d6cc7723b0576dd3a9a644468d133c54d42c8a8eda403e3117648f7 in / "},{"created":"2024-01-26T23:44:55.750082605Z","created_by":"/bin/sh -c #(nop) CMD [\"/bin/sh\"]","empty_layer":true},{"created":"2024-03-16T00:09:03.929767682Z","created_by":"RUN /bin/sh -c echo \"test\" # buildkit","comment":"buildkit.dockerfile.v0"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:7c504f21be85c8ade51b7ade32a39a4269bcbcf0e593352923f1b8ea6278e5ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"]},"variant":"v8"} \ No newline at end of file diff --git a/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/ad59e9f71edceca7b1ac7c642410858489b743c97233b0a26a5e2098b1443762 b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/ad59e9f71edceca7b1ac7c642410858489b743c97233b0a26a5e2098b1443762 new file mode 100644 index 0000000..32111e3 --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/ad59e9f71edceca7b1ac7c642410858489b743c97233b0a26a5e2098b1443762 @@ -0,0 +1 @@ +{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:48a06049d3738991b011ca8b12473d712b7c40666a1462118dae3c403676afc2","size":667,"annotations":{"com.apple.container.sign.v1.certificate/ptr":"mac-Q5W6919KP6:41FB3AB2-E9B9-45CE-8252-8C17C8038670:wlan0","com.apple.container.sign.v1.signature":"MEUCIEX3psgFczBpby6sMdzBk5FF5ID5UbqM4nOpqfiVbkseAiEAlDLBr9ajHiswl8/rOyVmYdN98lakuK+dKyABEBXRXeQ="},"platform":{"architecture":"arm64","os":"linux"}}],"annotations":{"com.apple.container.info.v1.dockerfile-sha256sum":"d95983c2a8acbd4cf861c7d3b9117d3e722aebc3768ca682ddf2a427e2fd6583","com.apple.container.sign.v1.certificate/mac-Q5W6919KP6:41FB3AB2-E9B9-45CE-8252-8C17C8038670:wlan0":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURjekNDQXhpZ0F3SUJBZ0lJRW9tR0duRkFGTnd3Q2dZSUtvWkl6ajBFQXdJd2FqRWtNQ0lHQTFVRUF3d2INClFYQndiR1VnUTI5eWNHOXlZWFJsSUZCTFNVNUpWQ0JEUVNBeU1TQXdIZ1lEVlFRTERCZERaWEowYVdacFkyRjANCmFXOXVJRUYxZEdodmNtbDBlVEVUTUJFR0ExVUVDZ3dLUVhCd2JHVWdTVzVqTGpFTE1Ba0dBMVVFQmhNQ1ZWTXcNCkhoY05Nakl4TWpJd01Ua3hOREl3V2hjTk1qVXdNVEU0TVRreE5ERTVXakNCcGpFYU1CZ0dDZ21TSm9tVDhpeGsNCkFRRU1DakkzTURFd09UVTRPVFV4UWpCQUJnTlZCQU1NT1cxaFl5MVJOVmMyT1RFNVMxQTJPalF4UmtJelFVSXkNCkxVVTVRamt0TkRWRFJTMDRNalV5TFRoRE1UZERPREF6T0RZM01EcDNiR0Z1TURFVk1CTUdBMVVFQ3d3TVFYQncNCmJHVkRiMjV1WldOME1STXdFUVlEVlFRS0RBcEJjSEJzWlNCSmJtTXVNUmd3RmdZS0NaSW1pWlB5TEdRQkdSWUkNClNVUk5VeTFUVTA4d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTcW5tSjZ3cFluWWlKRkdRaDENCjlOcGkyVnp3M1I3UFlMOXY3MnNiUDZsNy83VUt3YXV4aVk1ZkdEL29yTnhwbWNScFdPRk5mNW1JUWpFcHByMDMNCkpYUXpvNElCYVRDQ0FXVXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEx3K0x0QUcxai8rV1QNCkpsLzJJVDVVMEJ6WEZUQkVCZ2dyQmdFRkJRY0JBUVE0TURZd05BWUlLd1lCQlFVSE1BR0dLR2gwZEhBNkx5OXYNClkzTndMbUZ3Y0d4bExtTnZiUzl2WTNOd01ETXRjR3RwYm1sMFkyRXlNREV3VGdZRFZSMFJCRWN3UmFCREJnWXINCkJnRUZBZ0tnT1RBM29CZ2JGa0ZRVUV4RlEwOU9Ua1ZEVkM1QlVGQk1SUzVEVDAyaEd6QVpvQU1DQVFDaEVqQVENCkd3NXphV1JvWVhKMGFHRmZiV0Z1YVRBb0JnTlZIU1VFSVRBZkJnZ3JCZ0VGQlFjREFnWUtLd1lCQkFHQ054UUMNCkFnWUhLd1lCQlFJREJEQXpCZ05WSFI4RUxEQXFNQ2lnSnFBa2hpSm9kSFJ3T2k4dlkzSnNMbUZ3Y0d4bExtTnYNCmJTOXdhMmx1YVhSallUSXVZM0pzTUIwR0ExVWREZ1FXQkJTRlIxOExjWkgxY1laNHlEajVyWXkwMmZNeTREQU8NCkJnTlZIUThCQWY4RUJBTUNCNEF3RUFZSktvWklodmRqWkFZcEJBTU1BVEl3Q2dZSUtvWkl6ajBFQXdJRFNRQXcNClJnSWhBSk9YTnBEWE43QjhHZFZIVE1WdmEzSForeXlCTDlMcm1hZTJkeFpUUUVoekFpRUF4b25CRjhnMTNQeXYNCkhCRFVSY0p0ZURUYVdQdnJyUW9HUi9KZXQzb3B5R1U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"}} \ No newline at end of file diff --git a/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/c6b39de5b33961661dc939b997cc1d30cda01e38005a6c6625fd9c7e748bab44 b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/c6b39de5b33961661dc939b997cc1d30cda01e38005a6c6625fd9c7e748bab44 new file mode 100644 index 0000000..72831f7 Binary files /dev/null and b/Tests/ContainerizationEXT4Tests/Resources/content/blobs/sha256/c6b39de5b33961661dc939b997cc1d30cda01e38005a6c6625fd9c7e748bab44 differ diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4ExtendedAttributes.swift b/Tests/ContainerizationEXT4Tests/TestEXT4ExtendedAttributes.swift new file mode 100644 index 0000000..d62c5eb --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4ExtendedAttributes.swift @@ -0,0 +1,114 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint:disable force_try + +import Foundation +import Testing + +@testable import ContainerizationEXT4 + +struct TestEXT4ExtendedAttribute { + @Test func compressName() { + struct TestCase { + let input: String + let expectedId: UInt8 + let expectedStr: String + init(_ input: String, _ expectedId: UInt8, _ expectedStr: String) { + self.input = input + self.expectedId = expectedId + self.expectedStr = expectedStr + } + } + let tests: [TestCase] = [ + .init("my.test.xattr", 0, "my.test.xattr"), + .init("user.fubar", 1, "fubar"), + .init("system.posix_acl_access.denied_su", 2, ".denied_su"), + .init("system.posix_acl_default_failed", 3, "_failed"), + .init("trusted.user", 4, "user"), + .init("trusted_user", 0, "trusted_user"), + .init("security.auth", 6, "auth"), + .init("system.admin", 7, "admin"), + .init("system.richacl.denied", 8, ".denied"), + ] + for test in tests { + let ret = EXT4.ExtendedAttribute.compressName(test.input) + #expect(ret.0 == test.expectedId) + #expect(ret.1 == test.expectedStr) + } + } + + @Test func lastXattrNotDroppedAtBufferBoundary() throws { + let buffer: [UInt8] = [ + 0, // nameLength + 8, // nameIndex + 0, 0, // valueOffset + 0, 0, 0, 0, // valueInum + 0, 0, 0, 0, // valueSize + 0, 0, 0, 0, // hash + ] + let attrs = try EXT4.FileXattrsState.read(buffer: buffer, start: 0, offset: 0) + try #require(attrs.count == 1) + #expect(attrs[0].fullName == "system.richacl") + } + + @Test func xattrOutOfBoundsValueDoesNotCrash() throws { + let buffer: [UInt8] = [ + 1, // nameLength + 1, // nameIndex + 17, 0, // valueOffset + 0, 0, 0, 0, // valueInum + 4, 0, 0, 0, // valueSize + 0, 0, 0, 0, // hash + UInt8(ascii: "a"), 0, 0, 0, // name + ] + let attrs = try EXT4.FileXattrsState.read(buffer: buffer, start: 0, offset: 0) + #expect(attrs.isEmpty) + } + + @Test func encodeDecodeAttributes() { + let xattrs: [String: Data] = [ + "foo.bar": Data([1, 2, 3]), + "bar": Data([0, 0, 0]), + "system.richacl.bar": Data([99, 1, 9, 1]), + "foobar.user": Data([71, 2, 45]), + "test.xattr.cap": Data([1, 32, 3]), + "testing123": Data([12, 24, 45]), + "sys.admin": Data([16, 23, 13]), + "test.123": Data([15, 26, 54]), + "extendedattribute.test": Data([15, 26, 54, 1, 2, 4, 6, 7, 7]), + ] + let blockSize = 4096 + var state = EXT4.FileXattrsState( + inode: 1, inodeXattrCapacity: EXT4.InodeExtraSize, blockCapacity: UInt32(blockSize)) + for (s, d) in xattrs { + let attribute = EXT4.ExtendedAttribute(name: s, value: [UInt8](d)) + try! state.add(attribute) + } + var inlineAttrBuffer: [UInt8] = .init(repeating: 0, count: Int(EXT4.InodeExtraSize)) + var blockAttrBuffer: [UInt8] = .init(repeating: 0, count: blockSize) + try! state.writeInlineAttributes(buffer: &inlineAttrBuffer) + try! state.writeBlockAttributes(buffer: &blockAttrBuffer) + let gotInlineXattrs = try! EXT4.EXT4Reader.readInlineExtendedAttributes(from: inlineAttrBuffer) + let gotBlockXattrs = try! EXT4.EXT4Reader.readBlockExtendedAttributes(from: blockAttrBuffer) + + var gotXattrs: [String: Data] = [:] + for attr in gotBlockXattrs + gotInlineXattrs { + gotXattrs[attr.fullName] = Data(attr.value) + } + #expect(gotXattrs == xattrs) + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4Format+Create.swift b/Tests/ContainerizationEXT4Tests/TestEXT4Format+Create.swift new file mode 100644 index 0000000..ef81b63 --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4Format+Create.swift @@ -0,0 +1,80 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationEXT4 + +struct Ext4FormatCreateTests { + @Test func fileReplace() throws { + let fsPath = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: fsPath.url) } + + let formatter = try EXT4.Formatter(fsPath, minDiskSize: 32.kib()) + defer { try? formatter.close() } + try formatter.create(path: FilePath("/file"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) // create a regular file + #expect(throws: Never.self) { + try formatter.create(path: FilePath("/file"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) + } // overwrite it with a regular file + #expect(throws: Error.self) { try formatter.create(path: FilePath("/file"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) } // overwrite it with a directory + } + + @Test func dirReplace() throws { + let fsPath = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: fsPath.url) } + + let formatter = try EXT4.Formatter(fsPath, minDiskSize: 32.kib()) + defer { try? formatter.close() } + try formatter.create(path: FilePath("/dir"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) // create a directory + #expect(throws: Never.self) { + try formatter.create(path: FilePath("/dir"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) + } // overwrite it with a directory + #expect(throws: Error.self) { try formatter.create(path: FilePath("/dir"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755)) } // overwrite it with a file + } + + @Test func fileParentFails() throws { + let fsPath = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: fsPath.url) } + + let formatter = try EXT4.Formatter(fsPath, minDiskSize: 32.kib()) + defer { try? formatter.close() } + try formatter.create(path: FilePath("/file"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) // create a regular file + #expect(throws: Error.self) { try formatter.create(path: FilePath("/file/dir"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) } // create a subdir in a file? + } + + @Test func createParentAutomatically() throws { + let fsPath = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: fsPath.url) } + + let formatter = try EXT4.Formatter(fsPath, minDiskSize: 32.kib()) + defer { try? formatter.close() } + #expect(throws: Never.self) { + try formatter.create(path: FilePath("/parent/file"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) + } // should create /parent automatically + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4Format+Link.swift b/Tests/ContainerizationEXT4Tests/TestEXT4Format+Link.swift new file mode 100644 index 0000000..37c6b3a --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4Format+Link.swift @@ -0,0 +1,79 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationEXT4 + +struct Ext4FormatLinkTests { + @Test func hardlinkLinksCount() throws { + func makeFile(unlink: Bool) throws -> FilePath { + let path = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false)) + let fmt = try EXT4.Formatter(path, minDiskSize: 32.kib()) + try fmt.create(path: "/original", mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) + try fmt.link(link: "/hardlink", target: "/original") + if unlink { + try fmt.unlink(path: "/hardlink") + } + try fmt.close() + return path + } + + let afterLink = try makeFile(unlink: false) + #expect(try EXT4.EXT4Reader(blockDevice: afterLink).stat("/original").inode.linksCount == 2) + + let afterUnlink = try makeFile(unlink: true) + #expect(try EXT4.EXT4Reader(blockDevice: afterUnlink).stat("/original").inode.linksCount == 1) + } + + @Test func hardlinkCreatesMissingParents() throws { + let path = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: path.url) } + let fmt = try EXT4.Formatter(path, minDiskSize: 32.kib()) + try fmt.create(path: "/original", mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) + // Parent dirs /a and /a/b do not exist yet; link must create them implicitly. + try fmt.link(link: "/a/b/hardlink", target: "/original") + try fmt.close() + + let reader = try EXT4.EXT4Reader(blockDevice: path) + #expect(try reader.stat("/a").inode.mode.isDir()) + #expect(try reader.stat("/a/b").inode.mode.isDir()) + let target = try reader.stat("/original") + #expect(try reader.stat("/a/b/hardlink").inodeNumber == target.inodeNumber) + #expect(target.inode.linksCount == 2) + } + + @Test func unlinkFirstInodeFreesInode() throws { + let emptyPath = FilePath(FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: emptyPath.url) } + try EXT4.Formatter(emptyPath, minDiskSize: 32.kib()).close() + + let path = FilePath(FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString, isDirectory: false)) + defer { try? FileManager.default.removeItem(at: path.url) } + let fmt = try EXT4.Formatter(path, minDiskSize: 32.kib()) + try fmt.create(path: FilePath("/file"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755), buf: nil) + try fmt.unlink(path: FilePath("/file")) + try fmt.close() + + #expect(try EXT4.EXT4Reader(blockDevice: path).superBlock.freeInodesCount == EXT4.EXT4Reader(blockDevice: emptyPath).superBlock.freeInodesCount) + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4Format+Unlink.swift b/Tests/ContainerizationEXT4Tests/TestEXT4Format+Unlink.swift new file mode 100644 index 0000000..8c220a6 --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4Format+Unlink.swift @@ -0,0 +1,232 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationArchive +import ContainerizationEXT4 +import Foundation +import SystemPackage +import Testing + +struct EXT4WhiteoutTests { + + private func makeTempFileURL(prefix: String) throws -> URL { + let base = FileManager.default.temporaryDirectory + let url = base.appendingPathComponent("\(prefix)-\(UUID().uuidString)") + return url + } + + private func writeLayerWithOpaqueWhiteout(to url: URL) throws { + let writer = try ArchiveWriter( + format: .pax, + filter: .gzip, + file: url + ) + + let ts = Date() + + let entry = WriteEntry() + entry.modificationDate = ts + entry.creationDate = ts + entry.owner = 0 + entry.group = 0 + + entry.fileType = .directory + entry.permissions = 0o755 + + entry.path = "usr" + try writer.writeEntry(entry: entry, data: nil) + + entry.path = "usr/local" + try writer.writeEntry(entry: entry, data: nil) + + entry.path = "usr/local/bin" + try writer.writeEntry(entry: entry, data: nil) + + entry.fileType = .regular + entry.permissions = 0o644 + + let fooData = Data("hello\n".utf8) + entry.path = "usr/local/bin/foo" + entry.size = Int64(fooData.count) + try writer.writeEntry(entry: entry, data: fooData) + + entry.fileType = .regular + entry.permissions = 0o000 + entry.size = 0 + entry.path = "usr//.wh..wh..opq" + try writer.writeEntry(entry: entry, data: nil) + + try writer.finishEncoding() + } + + private func withFormatter( + prefix: String = "ext4-whiteout", + blockSize: UInt32 = 4096, + minDiskSize: UInt64 = 16.mib(), + _ body: (EXT4.Formatter, FilePath) async throws -> T + ) async throws -> T { + let imageURL = try makeTempFileURL(prefix: prefix) + let imagePath = FilePath(imageURL.path) + + defer { + try? FileManager.default.removeItem(at: imageURL) + } + + let formatter = try EXT4.Formatter( + imagePath, + blockSize: blockSize, + minDiskSize: minDiskSize + ) + + let result = try await body(formatter, imagePath) + return result + } + + @Test + func unpack_with_opaque_whiteout_path_does_not_stack_overflow_and_cleans_directory() async throws { + let layerURL = try makeTempFileURL(prefix: "ext4-wh-layer") + defer { + try? FileManager.default.removeItem(at: layerURL) + } + + try writeLayerWithOpaqueWhiteout(to: layerURL) + + try await withFormatter { formatter, imagePath in + try await formatter.unpack( + source: FilePath(layerURL.path).url, + format: .pax, + compression: .gzip, + progress: nil + ) + + try formatter.close() + + let reader = try EXT4.EXT4Reader(blockDevice: FilePath(imagePath.description)) + + #expect(reader.exists(FilePath("/usr/local/bin")) == false) + + #expect(reader.exists(FilePath("/usr/local/bin/foo")) == false) + } + } + + @Test + func directoryWhiteout_from_wh_opq_path_with_repeated_slashes_terminates() async throws { + try await withFormatter { formatter, _ in + try formatter.create( + path: FilePath("/usr"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + try formatter.create( + path: FilePath("/usr/local"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + try formatter.create( + path: FilePath("/usr/local/bin"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + try formatter.create( + path: FilePath("/usr/local/bin/foo"), + mode: EXT4.Inode.Mode(.S_IFREG, 0o644) + ) + try formatter.create( + path: FilePath("/usr/local/bin/bar"), + mode: EXT4.Inode.Mode(.S_IFREG, 0o644) + ) + + let whiteoutEntry = FilePath("//usr//.wh..wh..opq") + let directoryToWhiteout = whiteoutEntry.dir + let normalized = directoryToWhiteout.lexicallyNormalized() + #expect(normalized == FilePath("/usr")) + try formatter.unlink(path: directoryToWhiteout, directoryWhiteout: true) + } + } + + /// Test the exact recursion attack sequence: + /// create /_d + /// create symlink / -> /_ + /// create /_ + /// create symlink / -> /_ + /// + /// This creates a recursive symlink structure that can cause infinite recursion + /// during directory traversal operations. + @Test + func recursion_attack_sequence_does_not_cause_infinite_recursion() async throws { + await #expect(throws: EXT4.Formatter.Error.unsupportedFiletype) { + try await withFormatter { formatter, _ in + // Step 1: create /_d + try formatter.create( + path: FilePath("/_d"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + + // Step 2: create symlink / -> /_ + try formatter.create( + path: FilePath("/"), + link: FilePath("/_"), + mode: EXT4.Inode.Mode(.S_IFLNK, 0o777) + ) + + try formatter.create( + path: FilePath("/_"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + + try formatter.create( + path: FilePath("/"), + link: FilePath("/_"), + mode: EXT4.Inode.Mode(.S_IFLNK, 0o777) + ) + } + } + } + + @Test + func file_whiteouts_and_directory_whiteouts_interact_correctly() async throws { + try await withFormatter { formatter, imagePath in + // Lower‑layer content + try formatter.create( + path: FilePath("/opt"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + try formatter.create( + path: FilePath("/opt/app"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + try formatter.create( + path: FilePath("/opt/app/cache"), + mode: EXT4.Inode.Mode(.S_IFDIR, 0o755) + ) + try formatter.create( + path: FilePath("/opt/app/cache/file"), + mode: EXT4.Inode.Mode(.S_IFREG, 0o644) + ) + try formatter.unlink(path: FilePath("/opt/app/cache/file")) + try formatter.unlink( + path: FilePath("/opt/app/cache"), + directoryWhiteout: true + ) + try formatter.close() + + let reader = try EXT4.EXT4Reader(blockDevice: FilePath(imagePath.description)) + #expect(reader.exists(FilePath("/opt"))) + #expect(reader.exists(FilePath("/opt/app"))) + #expect(reader.exists(FilePath("/opt/app/cache"))) + #expect(reader.exists(FilePath("/opt/app/cache/file")) == false) + } + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4Format.swift b/Tests/ContainerizationEXT4Tests/TestEXT4Format.swift new file mode 100644 index 0000000..f0505ce --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4Format.swift @@ -0,0 +1,262 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint: disable force_try shorthand_operator static_over_final_class + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationEXT4 + +struct Ext4FormatTests: ~Copyable { + let fsPath = FilePath( + FileManager.default.uniqueTemporaryDirectory() + .appendingPathComponent("ext4.img.delme.format", isDirectory: false)) + + // This test creates a file named "ext4.img.delme" + // Since there are no tools yet in osx/swift to test the created filesystem, + // the tests below perform the same checks as the following manual commands + // + // From project root + // $> backpack run -it -v SwiftExt4/Tests/SwiftExt4Tests/:/test -w test ubuntu:latest + // $> ls -lrth ext4.img.delme # should be only 44K + // $> e2fsck ext4.img.delme # should return 0 + // $> dumpe2fs ext4.img.delme # should print info and return 0 + // $> debugfs ext4.img.delme # should open the fs + // debugfs 1.46.5 (30-Dec-2021) + // debugfs: ls + // 2 (12) . 2 (12) .. 15 (12) x 11 (20) lost+found 12 (12) ase + // 16 (12) y 0 (4016) + // + // # check directory + // + // debugfs: stat /test + // Inode: 12 Type: directory Mode: 01274 Flags: 0xc0000 + // Generation: 0 Version: 0x00000000:00000000 + // User: 0 Group: 0 Size: 4096 + // File ACL: 0 + // Links: 3 Blockcount: 1 + // Fragment: Address: 0 Number: 0 Size: 0 + // ctime: 0x6614b59f:8cdf6a34 -- Tue Apr 9 03:27:27 2024 + // atime: 0x6614b59f:8cdf6a34 -- Tue Apr 9 03:27:27 2024 + // mtime: 0x6614b59f:8cdf6a34 -- Tue Apr 9 03:27:27 2024 + // crtime: 0x6614b59f:8cdf6a34 -- Tue Apr 9 03:27:27 2024 + // Size of extra inode fields: 24 + // EXTENTS: + // (0):5 + // + // # check regular file + // + // debugfs: stat /test/foo/bar/x + // Inode: 15 Type: regular Mode: 01363 Flags: 0xc0000 + // Generation: 0 Version: 0x00000000:00000000 + // User: 0 Group: 0 Size: 4 + // File ACL: 0 + // Links: 2 Blockcount: 1 + // Fragment: Address: 0 Number: 0 Size: 0 + // ctime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // atime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // mtime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // crtime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // Size of extra inode fields: 24 + // EXTENTS: + // (0):2 + // + // # check symlink + // + // debugfs: stat /y + // Inode: 16 Type: symlink Mode: 01675 Flags: 0x0 + // Generation: 0 Version: 0x00000000:00000000 + // User: 0 Group: 0 Size: 19 + // File ACL: 0 + // Links: 1 Blockcount: 0 + // Fragment: Address: 0 Number: 0 Size: 0 + // ctime: 0x6614b59f:8cf052fc -- Tue Apr 9 03:27:27 2024 + // atime: 0x6614b59f:8cf052fc -- Tue Apr 9 03:27:27 2024 + // mtime: 0x6614b59f:8cf052fc -- Tue Apr 9 03:27:27 2024 + // crtime: 0x6614b59f:8cf052fc -- Tue Apr 9 03:27:27 2024 + // Size of extra inode fields: 24 + // Fast link dest: "test/foo" + // + // # check hard link + // + // debugfs: stat x + // Inode: 15 Type: regular Mode: 01363 Flags: 0xc0000 + // Generation: 0 Version: 0x00000000:00000000 + // User: 0 Group: 0 Size: 4 + // File ACL: 0 + // Links: 2 Blockcount: 1 + // Fragment: Address: 0 Number: 0 Size: 0 + // ctime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // atime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // mtime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // crtime: 0x6614b59f:8ce91ef8 -- Tue Apr 9 03:27:27 2024 + // Size of extra inode fields: 24 + // EXTENTS: + // (0):2 + // + // Mount and check + // + // $> mkdir -p mntpnt + // $> mount -t ext4 ext4.img.delme mntpnt + // $> # explore file tree + init() throws { + let formatter = try EXT4.Formatter(fsPath, minDiskSize: 32.kib()) + try formatter.create(path: FilePath("/test"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) + try formatter.create(path: FilePath("/test/foo"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) + try formatter.create(path: FilePath("/test/foo/bar"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o700)) + let inputStream = InputStream(data: "test".data(using: .utf8)!) + inputStream.open() + try formatter.create( + path: FilePath("/test/foo/bar/x"), mode: EXT4.Inode.Mode(.S_IFREG, 0o755), + buf: inputStream) // create a regular file + inputStream.close() + try formatter.link(link: FilePath("/x"), target: FilePath("/test/foo/bar/x")) + try formatter.create( + path: FilePath("/y"), link: FilePath("test/foo"), mode: EXT4.Inode.Mode(.S_IFLNK, 0o700)) // create a symlink + + try formatter.close() + } + + deinit { + try? FileManager.default.removeItem(at: fsPath.url) + } + + /// This test checks that the size of the FS at fsPath is the minimum possible + /// for its data + metadata. It should be 44 kib or 11 blocks, expanded to accommodate + /// data requiring > 32KiB of space + @Test func fileSize() throws { + let f = try FileHandle(forReadingFrom: fsPath.url) + let size = try f.seekToEnd() + #expect(size == 128.mib()) + } + + /// This test checks that the superblock was created correctly + @Test func superblock() throws { + let f = try EXT4.EXT4Reader(blockDevice: fsPath) + #expect(f.superBlock.blocksCountLow == 32768) + #expect(f.superBlock.freeBlocksCountLow == 32246) // total - 512 inode blocks + } + + /// This test checks that the group descriptor has been set correctly + @Test func groupDescriptors() throws { + let f = try EXT4.EXT4Reader(blockDevice: fsPath) + let gd = try f.getGroupDescriptor(0) + #expect(gd.blockBitmapLow == 551) // move over by 512 blocks (for inodes) + #expect(gd.inodeBitmapLow == 552) // move over by 512 blocks (for inodes) + #expect(gd.inodeTableLow == 39) + #expect(gd.freeBlocksCountLow == 32246) // 512 block used by larger inode table per block group + #expect(gd.freeInodesCountLow == 8176) // 512 times the inodes + #expect(gd.usedDirsCountLow == 5) + } + + /// This test checks that the block bitmap has been set correctly + @Test func blockBitmap() throws { + let ext4 = try EXT4.EXT4Reader(blockDevice: fsPath) + let gd = try ext4.getGroupDescriptor(1) + let blockBitmapOffset = gd.blockBitmapLow + let f = try #require(FileHandle(forReadingFrom: fsPath)) + try f.seek(toOffset: ext4.blockSize * blockBitmapOffset) + let bitmapSize = ext4.superBlock.blocksPerGroup / 8 + #expect(bitmapSize == 4096) + let _ = try f.read( + upToCount: Int(ext4.superBlock.blocksCountLow - ext4.superBlock.freeBlocksCountLow - 1) / 8 + 1) + } + + /// This test checks that the inode bitmap has been set correctly + @Test func inodeBitmap() throws { + let ext4 = try EXT4.EXT4Reader(blockDevice: fsPath) + let gd = try ext4.getGroupDescriptor(1) + let inodeBitmapOffset = gd.inodeBitmapLow + let f = try #require(FileHandle(forReadingFrom: fsPath)) + try f.seek(toOffset: ext4.blockSize * inodeBitmapOffset) + let bitmapSize = ext4.superBlock.inodesPerGroup / 8 + #expect(bitmapSize == 1024) + } + + /// This test checks that the inode table has been set correctly + @Test func inodeTable() throws { + let ext4 = try EXT4.EXT4Reader(blockDevice: fsPath) + let gd = try ext4.getGroupDescriptor(0) + let inodeTableOffset = gd.inodeTableLow + let f = try #require(FileHandle(forReadingFrom: fsPath)) + try f.seek(toOffset: ext4.blockSize * inodeTableOffset) + let inodeTableSize = ext4.superBlock.inodesPerGroup * UInt32(ext4.superBlock.inodeSize) + #expect(inodeTableSize == 2_097_152) + let inodeTableData = try #require(try f.read(upToCount: Int(inodeTableSize))) + let inodeAt: (Int) -> EXT4.Inode = { inodeNum in + var inodeBytes: [UInt8] = .init(repeating: 0, count: Int(ext4.superBlock.inodeSize)) + let inodeStart = Int(ext4.superBlock.inodeSize) * (inodeNum - 1) + var j: Int = 0 + for i in inodeStart.. minDiskSize` +/// (the journal grows the image rather than carving into the usable capacity) +/// - **Feature flag**: `featureCompat` has `hasJournal` set +/// - **Journal inode**: `journalInum == EXT4.JournalInode` (inode 8) +/// - **Mount options**: `defaultMountOpts` matches the requested mode +@Suite(.serialized) +struct JournalFormatTests { + let minDiskSize: UInt64 = 128.mib() + + // MARK: - Per-mode tests + + @Test func writeback() throws { + let path = tmpPath("ext4-journal-writeback") + defer { cleanup(path) } + let formatter = try EXT4.Formatter(path, minDiskSize: minDiskSize, journal: .init(defaultMode: .writeback)) + try writeHello(formatter, content: "writeback") + try formatter.close() + // Writeback mode: only journal metadata is committed to disk before the data. + // defaultMountOpts encodes this as 0x0060 (data=writeback | barrier). + try verifyStructure(at: path, expectedMountOpts: EXT4.DefaultMountOpts.journalWriteback) + } + + @Test func ordered() throws { + let path = tmpPath("ext4-journal-ordered") + defer { cleanup(path) } + let formatter = try EXT4.Formatter(path, minDiskSize: minDiskSize, journal: .init(defaultMode: .ordered)) + try writeHello(formatter, content: "ordered") + try formatter.close() + // Ordered mode (the Linux default): data blocks are written before the journal commit. + // defaultMountOpts encodes this as 0x0040 (data=ordered | barrier). + try verifyStructure(at: path, expectedMountOpts: EXT4.DefaultMountOpts.journalOrdered) + } + + @Test func journalData() throws { + let path = tmpPath("ext4-journal-data") + defer { cleanup(path) } + let formatter = try EXT4.Formatter(path, minDiskSize: minDiskSize, journal: .init(defaultMode: .journal)) + try writeHello(formatter, content: "journal") + try formatter.close() + // Data journaling mode: data and metadata are both journaled. + // defaultMountOpts encodes this as 0x0020 (data=journal | barrier). + try verifyStructure(at: path, expectedMountOpts: EXT4.DefaultMountOpts.journalData) + } + + // MARK: - Shared structural helper + + private func verifyStructure(at path: FilePath, expectedMountOpts: UInt32) throws { + let fileSize = try fileByteCount(at: path) + let reader = try EXT4.EXT4Reader(blockDevice: path) + let sb = reader.superBlock + + let blocksCount = UInt64(sb.blocksCountLow) | (UInt64(sb.blocksCountHigh) << 32) + let blockSize = UInt64(sb.blockSize) + + // The Linux kernel rejects mounts where the superblock's block count implies + // a larger device than the actual file backing the filesystem. + #expect(fileSize == blocksCount * blockSize, "geometry mismatch: fileSize=\(fileSize), blocksCount=\(blocksCount), blockSize=\(blockSize)") + + // The journal is additive overhead; the image must be larger than minDiskSize. + #expect(fileSize > minDiskSize, "journal did not grow the image: fileSize=\(fileSize), minDiskSize=\(minDiskSize)") + + // The COMPAT_HAS_JOURNAL flag must be set for the kernel to look for inode 8. + #expect(sb.featureCompat & EXT4.CompatFeature.hasJournal.rawValue != 0, "COMPAT_HAS_JOURNAL not set in featureCompat (0x\(String(sb.featureCompat, radix: 16)))") + + // The journal inode number recorded in the superblock must point at inode 8. + #expect(sb.journalInum == EXT4.JournalInode, "journalInum=\(sb.journalInum), expected \(EXT4.JournalInode)") + + // The default mount options must reflect the requested journaling mode. + #expect(sb.defaultMountOpts == expectedMountOpts, "defaultMountOpts=0x\(String(sb.defaultMountOpts, radix: 16)), expected 0x\(String(expectedMountOpts, radix: 16))") + } + + // MARK: - Filesystem population helpers + + private func writeHello(_ formatter: EXT4.Formatter, content: String) throws { + try formatter.create(path: FilePath("/data"), mode: EXT4.Inode.Mode(.S_IFDIR, 0o755)) + let stream = InputStream(data: Data(content.utf8)) + stream.open() + defer { stream.close() } + try formatter.create( + path: FilePath("/data/hello.txt"), + mode: EXT4.Inode.Mode(.S_IFREG, 0o644), + buf: stream) + } + + // MARK: - File helpers + + private func tmpPath(_ name: String) -> FilePath { + FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent("\(name)-\(UUID().uuidString).img", isDirectory: false) + .path + ) + } + + private func cleanup(_ path: FilePath) { + try? FileManager.default.removeItem(atPath: path.string) + } + + private func fileByteCount(at path: FilePath) throws -> UInt64 { + let attrs = try FileManager.default.attributesOfItem(atPath: path.string) + guard let size = attrs[.size] as? UInt64 else { + throw CocoaError(.fileReadUnknown) + } + return size + } +} + +/// Tests that the UInt32 block-count overflow guards fire at the right points. +struct JournalOverflowTests { + // (UInt32.max + 1) blocks at the minimum block size triggers the guard in init() + // before any file is created, so no cleanup is needed. + @Test func initRejectsBlockCountOverflowingUInt32() { + let path = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false).path) + #expect(throws: EXT4.Formatter.Error.self) { + try EXT4.Formatter(path, blockSize: 1024, minDiskSize: (UInt64(UInt32.max) + 1) * 1024) + } + } + + // minDiskSize is exactly at the UInt32 block count limit; adding any journal pushes + // newSize / blockSize above UInt32.max. The guard in close() fires before the bitmap + // loop, so this test completes quickly despite the large sparse file. + @Test func closeRejectsJournalExpansionOverflowingUInt32() throws { + let path = FilePath( + FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString, isDirectory: false).path) + defer { try? FileManager.default.removeItem(atPath: path.string) } + let formatter = try EXT4.Formatter( + path, blockSize: 1024, minDiskSize: UInt64(UInt32.max) * 1024, + journal: .init(defaultMode: .writeback)) + #expect(throws: EXT4.Formatter.Error.self) { + try formatter.close() + } + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4Reader+IO.swift b/Tests/ContainerizationEXT4Tests/TestEXT4Reader+IO.swift new file mode 100644 index 0000000..40d241d --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4Reader+IO.swift @@ -0,0 +1,652 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationEXT4 + +@Suite +struct EXT4PathIOTests { + + // MARK: - Helpers + + private func makeTempImageURL(name: String = UUID().uuidString) -> URL { + FileManager.default.temporaryDirectory.appendingPathComponent("ext4-\(name).img") + } + + /// Build a fresh ext4 image, populate content, close, and return its URL. + /// Usage: + /// let url = try buildFS { fmt in + /// try createFile(fmt, "/etc/hostname", "myhost\n") + /// try createSymlink(fmt, "/bin/sh", "/usr/bin/busybox") // fast link + /// } + private func buildFS( + minDiskSize: UInt64 = 4 * 1024 * 1024, // 4 MiB is enough for these tests + populate: (EXT4.Formatter) throws -> Void + ) throws -> URL { + let url = makeTempImageURL() + let path = FilePath(url.path) + + // 1) Format image + let formatter = try EXT4.Formatter(path, minDiskSize: minDiskSize) + + // 2) Populate contents + try populate(formatter) + + // 3) Finalize filesystem + try formatter.close() + return url + } + + /// Convenience to create a directory (recursively). + private func createDir(_ fmt: EXT4.Formatter, _ path: String, mode: UInt16 = EXT4.Inode.Mode(.S_IFDIR, 0o755)) throws { + try fmt.create(path: FilePath(path), mode: mode) + } + + /// Convenience to create a regular file with UTF-8 content. + private func createFile(_ fmt: EXT4.Formatter, _ path: String, _ contents: String, mode: UInt16 = EXT4.Inode.Mode(.S_IFREG, 0o644)) throws { + let data = Data(contents.utf8) + let stream = InputStream(data: data) + stream.open() + defer { stream.close() } + try fmt.create(path: FilePath(path), mode: mode, buf: stream) + } + + /// Convenience to create a (fast or long) symlink. Pass absolute target. + private func createSymlink(_ fmt: EXT4.Formatter, _ linkPath: String, _ target: String, mode: UInt16 = EXT4.Inode.Mode(.S_IFLNK, 0o777)) throws { + try fmt.create(path: FilePath(linkPath), link: FilePath(target), mode: mode) + } + + /// Open reader for a given image URL. + private func openReader(_ url: URL) throws -> EXT4.EXT4Reader { + try EXT4.EXT4Reader(blockDevice: FilePath(url.path)) + } + + // MARK: - Tests + + @Test + func existsAndStatRootAndLostFound() throws { + let url = try buildFS { _ in /* nothing extra */ } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + #expect(r.exists(FilePath("/"))) + let (inoNum, ino) = try r.stat(FilePath("/")) + #expect(inoNum == 2) + #expect(ino.mode.isDir()) + + // lost+found is created by the formatter + let names = try r.listDirectory(FilePath("/")) + #expect(names.contains("lost+found")) + } + + @Test + func createAndReadRegularFilesWithOffsetsAndEOF() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/etc") + try self.createFile(fmt, "/etc/hostname", "myhost\n") + try self.createDir(fmt, "/usr/bin") + try self.createFile(fmt, "/usr/bin/hello", "Hello EXT4!\n") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // exists/stat + #expect(r.exists(FilePath("/etc/hostname"))) + let (_, ino) = try r.stat(FilePath("/usr/bin/hello")) + #expect(ino.mode.isReg()) + + // listDirectory excludes "." and ".." and is sorted + let usrChildren = try r.listDirectory(FilePath("/usr")) + #expect(usrChildren == ["bin"]) + + // full read to EOF + let hello = try r.readFile(at: FilePath("/usr/bin/hello")) + #expect(String(decoding: hello, as: UTF8.self) == "Hello EXT4!\n") + + // offset + count semantics + let data = try r.readFile(at: FilePath("/usr/bin/hello"), offset: 6, count: 5) + #expect(String(decoding: data, as: UTF8.self) == "EXT4!") + + // offset == size => empty; offset > size => empty + let hostname = try r.readFile(at: FilePath("/etc/hostname")) + let size = hostname.count + #expect(try r.readFile(at: FilePath("/etc/hostname"), offset: UInt64(size)).count == 0) + #expect(try r.readFile(at: FilePath("/etc/hostname"), offset: UInt64(size + 100)).count == 0) + } + + @Test + func readFileIntoBufferMatchesData() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/etc") + try self.createFile(fmt, "/etc/hostname", "myhost\n") + } + defer { try? FileManager.default.removeItem(at: url) } + + let reader = try openReader(url) + let path = FilePath("/etc/hostname") + + let data = try reader.readFile(at: path, offset: 0, count: 4096) + var buffer = [UInt8](repeating: 0, count: data.count) + + let wrote = try buffer.withUnsafeMutableBytes { ptr in + try reader.readFile(at: path, into: ptr, offset: 0) + } + + #expect(wrote == data.count) + if wrote < buffer.count { + buffer.removeSubrange(wrote.. /usr/bin/busybox + let url = try buildFS { fmt in + try self.createDir(fmt, "/usr/bin") + try self.createFile(fmt, "/usr/bin/busybox", "BB\n") + try self.createDir(fmt, "/bin") + try self.createSymlink(fmt, "/bin/sh", "/usr/bin/busybox") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Reading through the link should hit the target bytes. + let sh = try r.readFile(at: FilePath("/bin/sh")) + #expect(String(decoding: sh, as: UTF8.self) == "BB\n") + + // stat(followSymlinks: false) should show symlink inode + let (_, lnkIno) = try r.stat(FilePath("/bin/sh"), followSymlinks: false) + #expect(lnkIno.mode.isLink()) + + // stat(default) follows + let (_, tgtIno) = try r.stat(FilePath("/bin/sh")) + #expect(tgtIno.mode.isReg()) + } + + @Test + func longSymlinkResolutionAndRead() throws { + // Long symlink: target > 60 bytes triggers extent-backed storage (Formatter behavior). + // Build a very long absolute path to exceed 60 chars. + let deepDir = "/a/very/long/path/that/exceeds/sixty/bytes/for/symlink/target" + #expect(deepDir.utf8.count > 60) + + let url = try buildFS { fmt in + // Create deep directory structure and file + try self.createDir(fmt, deepDir) + try self.createFile(fmt, "\(deepDir)/payload.txt", "LONGLINK\n") + // Link at a short path -> long absolute target + try self.createSymlink(fmt, "/ll", "\(deepDir)/payload.txt") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + let bytes = try r.readFile(at: FilePath("/ll")) + #expect(String(decoding: bytes, as: UTF8.self) == "LONGLINK\n") + } + + @Test + func symlinkLoopDetection() throws { + let url = try buildFS { fmt in + // /a -> /b and /b -> /a + try self.createSymlink(fmt, "/a", "/b") + try self.createSymlink(fmt, "/b", "/a") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + do { + _ = try r.stat(FilePath("/a")) + Issue.record("Expected symlinkLoop error") + } catch let error as EXT4.PathIOError { + guard case .symlinkLoop = error else { + Issue.record("Expected symlinkLoop, got \(error)") + return + } + } catch { + Issue.record("Expected EXT4.PathIOError, got \(error)") + } + } + + @Test + func complexSymlinkLoopDetection() throws { + let url = try buildFS { fmt in + // Create a longer chain that eventually loops: /a -> /b -> /c -> /d -> /b + try self.createSymlink(fmt, "/a", "/b") + try self.createSymlink(fmt, "/b", "/c") + try self.createSymlink(fmt, "/c", "/d") + try self.createSymlink(fmt, "/d", "/b") // Loop back to /b + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + do { + _ = try r.stat(FilePath("/a")) + Issue.record("Expected symlinkLoop error") + } catch let error as EXT4.PathIOError { + guard case .symlinkLoop = error else { + Issue.record("Expected symlinkLoop for complex loop, got \(error)") + return + } + } catch { + Issue.record("Expected EXT4.PathIOError, got \(error)") + } + } + + @Test + func selfReferencingSymlink() throws { + let url = try buildFS { fmt in + // Self-referencing symlink: /self -> /self + try self.createSymlink(fmt, "/self", "/self") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + do { + _ = try r.stat(FilePath("/self")) + Issue.record("Expected symlinkLoop error") + } catch let error as EXT4.PathIOError { + guard case .symlinkLoop = error else { + Issue.record("Expected symlinkLoop for self-reference, got \(error)") + return + } + } catch { + Issue.record("Expected EXT4.PathIOError, got \(error)") + } + } + + @Test + func longSymlinkChainWithoutLoop() throws { + let url = try buildFS { fmt in + // Create a long chain without loops (should succeed) + try self.createDir(fmt, "/target") + try self.createFile(fmt, "/target/file.txt", "SUCCESS\n") + + // Create chain: /link1 -> /link2 -> /link3 -> /link4 -> /target/file.txt + try self.createSymlink(fmt, "/link4", "/target/file.txt") + try self.createSymlink(fmt, "/link3", "/link4") + try self.createSymlink(fmt, "/link2", "/link3") + try self.createSymlink(fmt, "/link1", "/link2") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + // Should successfully resolve without hitting loop detection + let data = try r.readFile(at: FilePath("/link1")) + #expect(String(decoding: data, as: UTF8.self) == "SUCCESS\n") + } + + @Test + func symlinkLoopThroughDirectory() throws { + let url = try buildFS { fmt in + // Create directory structure with symlink loop through paths + try self.createDir(fmt, "/dir1") + try self.createDir(fmt, "/dir2") + try self.createSymlink(fmt, "/dir1/link", "/dir2/link") + try self.createSymlink(fmt, "/dir2/link", "/dir1/link") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + do { + _ = try r.stat(FilePath("/dir1/link")) + Issue.record("Expected symlinkLoop error") + } catch let error as EXT4.PathIOError { + guard case .symlinkLoop = error else { + Issue.record("Expected symlinkLoop for directory loop, got \(error)") + return + } + } catch { + Issue.record("Expected EXT4.PathIOError, got \(error)") + } + } + + @Test + func pathWalkWithDotAndDotDot() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/a/b") + try self.createFile(fmt, "/a/b/c.txt", "OK\n") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // /a/./b/../b/c.txt should resolve to /a/b/c.txt + let p = FilePath("/a/./b/../b/c.txt") + let data = try r.readFile(at: p) + #expect(String(decoding: data, as: UTF8.self) == "OK\n") + } + + @Test + func parentDirectoryTraversal() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/a/b/c/d") + try self.createFile(fmt, "/a/file1.txt", "A\n") + try self.createFile(fmt, "/a/b/file2.txt", "B\n") + try self.createFile(fmt, "/a/b/c/file3.txt", "C\n") + try self.createFile(fmt, "/a/b/c/d/file4.txt", "D\n") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Test multiple levels of parent traversal + // /a/b/c/d/../../../../a/file1.txt should resolve to /a/file1.txt + let p1 = FilePath("/a/b/c/d/../../../../a/file1.txt") + let data1 = try r.readFile(at: p1) + #expect(String(decoding: data1, as: UTF8.self) == "A\n") + + // /a/b/c/../file2.txt should resolve to /a/b/file2.txt + let p2 = FilePath("/a/b/c/../file2.txt") + let data2 = try r.readFile(at: p2) + #expect(String(decoding: data2, as: UTF8.self) == "B\n") + + // /a/b/c/d/../file3.txt should resolve to /a/b/c/file3.txt + let p3 = FilePath("/a/b/c/d/../file3.txt") + let data3 = try r.readFile(at: p3) + #expect(String(decoding: data3, as: UTF8.self) == "C\n") + } + + @Test + func parentDirectoryAtRoot() throws { + let url = try buildFS { fmt in + try self.createFile(fmt, "/root.txt", "ROOT\n") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Test that ".." at root stays at root + // /../root.txt should resolve to /root.txt + let p1 = FilePath("/../root.txt") + let data1 = try r.readFile(at: p1) + #expect(String(decoding: data1, as: UTF8.self) == "ROOT\n") + + // /../../root.txt should also resolve to /root.txt + let p2 = FilePath("/../../root.txt") + let data2 = try r.readFile(at: p2) + #expect(String(decoding: data2, as: UTF8.self) == "ROOT\n") + } + + @Test + func complexParentWithSymlinks() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/real/path") + try self.createFile(fmt, "/real/path/target.txt", "TARGET\n") + try self.createFile(fmt, "/real/other.txt", "OTHER\n") + try self.createDir(fmt, "/links") + // Create symlink: /links/link -> /real/path + try self.createSymlink(fmt, "/links/link", "/real/path") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Test parent directory traversal through symlinks + // When we follow /links/link (which points to /real/path), we're now at /real/path + // Then ".." takes us to /real, and "other.txt" gives us /real/other.txt + let p = FilePath("/links/link/../other.txt") + let data = try r.readFile(at: p) + #expect(String(decoding: data, as: UTF8.self) == "OTHER\n") + + // Also test direct access through the symlink + let p2 = FilePath("/links/link/target.txt") + let data2 = try r.readFile(at: p2) + #expect(String(decoding: data2, as: UTF8.self) == "TARGET\n") + } + + @Test + func relativeSymlinkWithParentTraversal() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/a/b") + try self.createFile(fmt, "/a/target.txt", "REL_TARGET\n") + // Create relative symlink: /a/b/link -> ../target.txt + try self.createSymlink(fmt, "/a/b/link", "../target.txt") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // The relative symlink should properly resolve through parent + let data = try r.readFile(at: FilePath("/a/b/link")) + #expect(String(decoding: data, as: UTF8.self) == "REL_TARGET\n") + } + + @Test + func readOnSymlinkWithFollowFalseThrows() throws { + let url = try buildFS { fmt in + try self.createFile(fmt, "/tgt", "X\n") + try self.createSymlink(fmt, "/lnk", "/tgt") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + do { + _ = try r.readFile(at: FilePath("/lnk"), followSymlinks: false) + Issue.record("Expected notAFile error") + } catch let error as EXT4.PathIOError { + guard case .notAFile = error else { + Issue.record("Expected notAFile for symlink read without following, got \(error)") + return + } + } catch { + Issue.record("Expected EXT4.PathIOError, got \(error)") + } + } + + @Test + func nonExistentPathExistsAndReadErrors() throws { + let url = try buildFS { _ in } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + #expect(!r.exists(FilePath("/nope"))) + do { + _ = try r.stat(FilePath("/nope")) + Issue.record("Expected notFound error") + } catch let error as EXT4.PathIOError { + guard case .notFound = error else { + Issue.record("Expected notFound, got \(error)") + return + } + } catch { + Issue.record("Expected EXT4.PathIOError, got \(error)") + } + #expect(throws: (any Error).self) { + try r.readFile(at: FilePath("/nope")) + } + } + + @Test + func sameAbsoluteSymlinkFollowedTwice() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/target") + try self.createFile(fmt, "/target/file.txt", "OK") + try self.createSymlink(fmt, "/symlink", "/target") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + let data = try r.readFile(at: FilePath("/symlink/../symlink/file.txt")) + #expect(String(decoding: data, as: UTF8.self) == "OK") + } + + @Test + func sameRelativeSymlinkFollowedTwice() throws { + let url = try buildFS { fmt in + try self.createDir(fmt, "/target") + try self.createFile(fmt, "/target/file.txt", "OK") + try self.createSymlink(fmt, "/symlink", "../target") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + let data = try r.readFile(at: FilePath("/symlink/../symlink/file.txt")) + #expect(String(decoding: data, as: UTF8.self) == "OK") + } + + @Test + func boundsCheckingForInvalidExtents() throws { + // This test verifies that the reader properly validates extent addresses + // Note: We can't easily create an image with invalid extents using the Formatter, + // so this test documents the expected behavior rather than testing it directly. + // The bounds checking is tested implicitly by all other tests that read files. + + let url = try buildFS { fmt in + try self.createFile(fmt, "/test.txt", "Valid file\n") + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Reading a valid file should work without bounds errors + let data = try r.readFile(at: FilePath("/test.txt")) + #expect(String(decoding: data, as: UTF8.self) == "Valid file\n") + + // The bounds checking happens internally when reading extents + // If an extent pointed outside device bounds, it would throw an error + } + + @Test + func partialReadRecovery() throws { + // Test that partial reads return successfully read data + // even if later parts fail + + let url = try buildFS(minDiskSize: 8 * 1024 * 1024) { fmt in + // Create a moderately sized file + let content = String(repeating: "A", count: 100_000) + try self.createFile(fmt, "/partial.txt", content) + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Read the full file to ensure it works + let fullData = try r.readFile(at: FilePath("/partial.txt")) + #expect(fullData.count == 100_000) + + // Read with offset and count + let partialData = try r.readFile(at: FilePath("/partial.txt"), offset: 1000, count: 5000) + #expect(partialData.count == 5000) + + // Verify content is correct + let expectedContent = String(repeating: "A", count: 5000) + #expect(String(decoding: partialData, as: UTF8.self) == expectedContent) + } + + @Test + func largeFileReadAcrossBlocks() throws { + // Keep this modest to avoid slow CI while still crossing multiple blocks. + let bigSize = 2 * 1024 * 1024 + 123 // ~2 MiB + tail + let url = try buildFS(minDiskSize: 16 * 1024 * 1024) { fmt in + try self.createDir(fmt, "/big") + // Generate deterministic content without holding huge Data in memory at once + // by assembling in chunks. + let chunk = Data("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\n".utf8) + var buf = Data(capacity: bigSize) + while buf.count + chunk.count <= bigSize { + buf.append(chunk) + } + if buf.count < bigSize { + buf.append(contentsOf: [UInt8](repeating: 0x5A, count: bigSize - buf.count)) // 'Z' + } + let stream = InputStream(data: buf) + stream.open() + defer { stream.close() } + try fmt.create(path: FilePath("/big/file.bin"), mode: EXT4.Inode.Mode(.S_IFREG, 0o644), buf: stream) + } + defer { try? FileManager.default.removeItem(at: url) } + + let r = try openReader(url) + + // Sample reads near the end and across likely block boundaries. + let tail = try r.readFile(at: FilePath("/big/file.bin"), offset: UInt64(bigSize - 64), count: 64) + #expect(tail.count == 64) + + let middle = try r.readFile(at: FilePath("/big/file.bin"), offset: 64, count: 128) + #expect(middle.count == 128) + + // Read to EOF without count + let all = try r.readFile(at: FilePath("/big/file.bin")) + #expect(all.count == bigSize) + } + + @Test + func fileTreeNodePathWithAbsoluteRoot() { + let tree = EXT4.FileTree(EXT4.RootInode, "/") + + let dirPtr = EXT4.Ptr(EXT4.FileTree.FileTreeNode(inode: 3, name: "dir", parent: tree.root)) + tree.root.pointee.children.append(dirPtr) + + let filePtr = EXT4.Ptr(EXT4.FileTree.FileTreeNode(inode: 4, name: "file", parent: dirPtr)) + dirPtr.pointee.children.append(filePtr) + + #expect(dirPtr.pointee.path == FilePath("/dir")) + #expect(filePtr.pointee.path == FilePath("/dir/file")) + } + + @Test + func fileTreeNodePathWithRelativeRoot() { + let tree = EXT4.FileTree(EXT4.RootInode, ".") + + let dirPtr = EXT4.Ptr(EXT4.FileTree.FileTreeNode(inode: 3, name: "dir", parent: tree.root)) + tree.root.pointee.children.append(dirPtr) + + let filePtr = EXT4.Ptr(EXT4.FileTree.FileTreeNode(inode: 4, name: "file", parent: dirPtr)) + dirPtr.pointee.children.append(filePtr) + + #expect(dirPtr.pointee.path == FilePath("dir")) + #expect(filePtr.pointee.path == FilePath("dir/file")) + } + + @Test + func fileTreeNodePathWithNamedRoot() { + let tree = EXT4.FileTree(EXT4.RootInode, "dir") + + let filePtr = EXT4.Ptr(EXT4.FileTree.FileTreeNode(inode: 3, name: "file", parent: tree.root)) + tree.root.pointee.children.append(filePtr) + + #expect(filePtr.pointee.path == FilePath("dir/file")) + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestEXT4Unpacker.swift b/Tests/ContainerizationEXT4Tests/TestEXT4Unpacker.swift new file mode 100644 index 0000000..1c22f54 --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestEXT4Unpacker.swift @@ -0,0 +1,105 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationEXT4 + +struct Ext4UnpackerTests { + // alpine image + let indexSHA: String = "ad59e9f71edceca7b1ac7c642410858489b743c97233b0a26a5e2098b1443762" + let fsPath = FilePath( + FileManager.default.uniqueTemporaryDirectory() + .appendingPathComponent("ext4.unpacked.oci.img.delme", isDirectory: false)) + + final class MockEXT4Unpacker { + static func Unpack(index: String, fsPath: FilePath) async throws { + let fs = try EXT4.Formatter(fsPath) + let bundle = Bundle.module + guard let indexPath = bundle.url(forResource: index, withExtension: nil) else { + throw NSError(domain: "indexPath not found", code: 1) + } + let indexData = try Data(contentsOf: indexPath) + guard let indexDict = try JSONSerialization.jsonObject(with: indexData, options: []) as? [String: Any] + else { + throw NSError(domain: "indexDict could not be loaded as json", code: 1) + } + guard let manifests = indexDict["manifests"] as? [[String: Any]] else { + throw NSError(domain: "manifests field in index not found", code: 1) + } + guard let digest = manifests[0]["digest"] as? String else { + throw NSError(domain: "digest field not found in index", code: 1) + } + guard + let manifestPath = bundle.url( + forResource: String(digest.dropFirst("sha256:".count)), withExtension: nil) + else { + throw NSError(domain: "manifestPath not found", code: 1) + } + let manifestData = try Data(contentsOf: manifestPath) + guard let manifestDict = try JSONSerialization.jsonObject(with: manifestData, options: []) as? [String: Any] + else { + throw NSError(domain: "manifestDict could not be loaded as json", code: 1) + } + guard let layers = manifestDict["layers"] as? [[String: Any]] else { + throw NSError(domain: "layers field in manifests not found", code: 1) + } + for layer in layers { + guard let layerDigestWithSHA = layer["digest"] as? String else { + throw NSError(domain: "digest field not found in layer", code: 1) + } + let layerDigest = String(layerDigestWithSHA.dropFirst("sha256:".count)) + guard let layerPath = bundle.url(forResource: layerDigest, withExtension: nil) else { + throw NSError(domain: "layer \(layerDigest) not found", code: 1) + } + try await fs.unpack(source: layerPath) + } + try fs.close() + } + } + + @Test func eXT4Unpacker() async throws { + try await MockEXT4Unpacker.Unpack(index: self.indexSHA, fsPath: self.fsPath) + let ext4 = try EXT4.EXT4Reader(blockDevice: self.fsPath) + let children = try ext4.children(of: EXT4.RootInode) + #expect( + Set(children.map { $0.0 }) + == Set([ + ".", + "..", + "media", + "var", + "opt", + "lost+found", + "tmp", + "mnt", + "sys", + "usr", + "srv", + "root", + "etc", + "dev", + "proc", + "run", + "home", + "bin", + "lib", + "sbin", + ])) + } +} diff --git a/Tests/ContainerizationEXT4Tests/TestFormatterUnpack.swift b/Tests/ContainerizationEXT4Tests/TestFormatterUnpack.swift new file mode 100644 index 0000000..3b8590f --- /dev/null +++ b/Tests/ContainerizationEXT4Tests/TestFormatterUnpack.swift @@ -0,0 +1,514 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint:disable force_try static_over_final_class + +#if os(macOS) +import ContainerizationArchive +import ContainerizationExtras +import Foundation +import Testing +import SystemPackage + +@testable import ContainerizationEXT4 + +struct Tar2EXT4Test: ~Copyable { + let fsPath = FilePath( + FileManager.default.uniqueTemporaryDirectory() + .appendingPathComponent("ext4.tar.img.delme", isDirectory: false)) + + let xattrs: [String: Data] = [ + "foo.bar": Data([1, 2, 3]), + "bar": Data([0, 0, 0]), + "system.richacl.bar": Data([99, 1, 9, 1]), + "foobar.user": Data([71, 2, 45]), + "test.xattr.cap": Data([1, 32, 3]), + "testing123": Data([12, 24, 45]), + "sys.admin": Data([16, 23, 13]), + "test.123": Data([15, 26, 54]), + "extendedattribute.test": Data([15, 26, 54, 1, 2, 4, 6, 7, 7]), + ] + + let layerDir: URL + let layer1Path: URL + let layer2Path: URL + + init() throws { + // Compute paths before any throwing code to satisfy ~Copyable initialization rules. + let layerDir = FileManager.default.uniqueTemporaryDirectory() + let layer1Path = layerDir.appendingPathComponent("layer1.tar.gz", isDirectory: false) + let layer2Path = layerDir.appendingPathComponent("layer2.tar.gz", isDirectory: false) + self.layerDir = layerDir + self.layer1Path = layer1Path + self.layer2Path = layer2Path + + // create layer1 + let layer1Archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try layer1Archiver.open(file: layer1Path) + // create 2 directories and fill them with files + try layer1Archiver.writeEntry(entry: WriteEntry.dir(path: "/dir1", permissions: 0o755), data: nil) + try layer1Archiver.writeEntry(entry: WriteEntry.file(path: "/dir1/file1", permissions: 0o644), data: nil) + try layer1Archiver.writeEntry(entry: WriteEntry.dir(path: "/dir2", permissions: 0o755), data: nil) + try layer1Archiver.writeEntry(entry: WriteEntry.file(path: "/dir2/file1", permissions: 0o644), data: nil) + try layer1Archiver.finishEncoding() + + // create layer2 + let layer2Archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try layer2Archiver.open(file: layer2Path) + // create 3 directories and fill them with files and whiteouts + try layer2Archiver.writeEntry(entry: WriteEntry.dir(path: "/dir1", permissions: 0o755), data: nil) + try layer2Archiver.writeEntry( + entry: WriteEntry.file(path: "/dir1/.wh.file1", permissions: 0o644), data: nil) + try layer2Archiver.writeEntry(entry: WriteEntry.dir(path: "/dir2", permissions: 0o755), data: nil) + try layer2Archiver.writeEntry( + entry: WriteEntry.file(path: "/dir2/.wh..wh..opq", permissions: 0o644), data: nil) + try layer2Archiver.writeEntry(entry: WriteEntry.dir(path: "/dir3", permissions: 0o755), data: nil) + try layer2Archiver.writeEntry( + entry: WriteEntry.file(path: "/dir3/file1", permissions: 0o644, xattrs: xattrs), data: nil) + try layer2Archiver.writeEntry(entry: WriteEntry.dir(path: "/dir4", permissions: 0o755), data: nil) + try layer2Archiver.writeEntry( + entry: WriteEntry.file(path: "/dir4/special_ĩ", permissions: 0o644), data: nil) + try layer2Archiver.writeEntry( + entry: WriteEntry.link(path: "/dir4/specialcharacters", permissions: 0o644, target: "special_ĩ"), + data: nil) + + // a new layer overwriting over an existing layer + try layer2Archiver.writeEntry(entry: WriteEntry.file(path: "/dir2/file1", permissions: 0o644), data: nil) + try layer2Archiver.finishEncoding() + } + + private func unpackLayers() async throws { + let formatter = try EXT4.Formatter(fsPath) + try await formatter.unpack(source: layer1Path) + try await formatter.unpack(source: layer2Path) + try formatter.close() + } + + deinit { + try? FileManager.default.removeItem(at: fsPath.url) + try? FileManager.default.removeItem(at: layerDir) + } + + @Test func testUnpackBasic() async throws { + try await unpackLayers() + let ext4 = try EXT4.EXT4Reader(blockDevice: fsPath) + // just a directory + let dir1Inode = try ext4.getInode(number: 12) + #expect(dir1Inode.mode.isDir()) + // white out file /dir1/file1 + let dir1File1Inode = try ext4.getInode(number: 13) + #expect(dir1File1Inode.dtime != 0) + #expect(dir1File1Inode.linksCount == 0) // deleted + // white out dir /dir2 + let dir2Inode = try ext4.getInode(number: 14) + #expect(dir2Inode.dtime == 0) + #expect(dir2Inode.linksCount == 2) // children deleted + // new dir /dir3 + let dir3Inode = try ext4.getInode(number: 16) + #expect(dir3Inode.mode.isDir()) + #expect(dir3Inode.linksCount == 2) + // new file /dir3/file1 + let dir3File1Inode = try ext4.getInode(number: 17) + #expect(dir3File1Inode.mode.isReg()) + #expect(dir3File1Inode.linksCount == 1) + #expect(try ext4.getXattrsForInode(inode: dir3File1Inode) == xattrs) + // overwritten dir /dir2 + let dir2OverwriteInode = try ext4.getInode(number: 18) + #expect(dir2OverwriteInode.mode.isDir()) + #expect(dir2OverwriteInode.linksCount == 2) + // /dir4/special_ĩ + let dir2File1OverwriteInode = try ext4.getInode(number: 19) + #expect(dir2File1OverwriteInode.mode.isReg()) + #expect(dir2File1OverwriteInode.linksCount == 1) + + let specialFileInode = try ext4.getInode(number: 20) + let bytes = Data(Mirror(reflecting: specialFileInode.block).children.compactMap { $0.value as? UInt8 }) + let targetString = try #require(String(data: bytes, encoding: .utf8), "Could not parse special file path") + let specialFileTarget = FilePath(targetString) + #expect(specialFileTarget.description.hasPrefix("special_ĩ")) + } +} + +/// Collects progress events in a thread-safe manner. +private actor ProgressCollector { + var events: [ProgressEvent] = [] + + func append(_ newEvents: [ProgressEvent]) { + events.append(contentsOf: newEvents) + } + + func allEvents() -> [ProgressEvent] { + events + } +} + +struct UnpackProgressTest { + @Test func progressReportsAccurateSizes() async throws { + // Create an archive with files of known sizes + let tempDir = FileManager.default.uniqueTemporaryDirectory() + let archivePath = tempDir.appendingPathComponent("test.tar.gz", isDirectory: false) + let fsPath = FilePath(tempDir.appendingPathComponent("test.ext4.img", isDirectory: false)) + + defer { + try? FileManager.default.removeItem(at: tempDir) + } + + // Create test data with specific sizes + let file1Data = Data(repeating: 0xAA, count: 1024) // 1 KiB + let file2Data = Data(repeating: 0xBB, count: 4096) // 4 KiB + let file3Data = Data(repeating: 0xCC, count: 512) // 512 bytes + let expectedTotalSize: Int64 = 1024 + 4096 + 512 // 5632 bytes + + // Build the archive + let archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try archiver.open(file: archivePath) + + try archiver.writeEntry(entry: WriteEntry.dir(path: "/data", permissions: 0o755), data: nil) + try archiver.writeEntry( + entry: WriteEntry.file(path: "/data/file1.bin", permissions: 0o644, size: Int64(file1Data.count)), + data: file1Data) + try archiver.writeEntry( + entry: WriteEntry.file(path: "/data/file2.bin", permissions: 0o644, size: Int64(file2Data.count)), + data: file2Data) + try archiver.writeEntry( + entry: WriteEntry.file(path: "/data/file3.bin", permissions: 0o644, size: Int64(file3Data.count)), + data: file3Data) + // Include an empty file to verify it doesn't break size calculations + try archiver.writeEntry( + entry: WriteEntry.file(path: "/data/empty.bin", permissions: 0o644, size: 0), + data: Data()) + try archiver.finishEncoding() + + // Set up progress collection + let collector = ProgressCollector() + let shouldPrintProgress = ProcessInfo.processInfo.environment["PRINT_UNPACK_PROGRESS"] == "1" + let progressHandler: ProgressHandler = { events in + if shouldPrintProgress { + for event in events { + print("unpack-progress \(event.event): \(event.value)") + } + } + await collector.append(events) + } + + // Unpack with progress tracking + let formatter = try EXT4.Formatter(fsPath) + try await formatter.unpack(source: archivePath, progress: progressHandler) + try formatter.close() + + // Analyze collected events + let allEvents = await collector.allEvents() + + var reportedTotalSize: Int64 = 0 + var reportedTotalItems: Int = 0 + var cumulativeSize: Int64 = 0 + var itemCount: Int = 0 + + for event in allEvents { + switch event { + case .addTotalSize(let value): + reportedTotalSize += value + case .addTotalItems(let value): + reportedTotalItems += value + case .addSize(let value): + cumulativeSize += value + case .addItems(let value): + itemCount += value + } + } + + // Verify the progress contract + let expectedTotalItems: Int = 5 // 1 dir + 4 files + #expect( + reportedTotalSize == expectedTotalSize, + "Total size should be \(expectedTotalSize) bytes, got \(reportedTotalSize)") + #expect( + reportedTotalItems == expectedTotalItems, + "Total items should be \(expectedTotalItems), got \(reportedTotalItems)") + #expect( + cumulativeSize == expectedTotalSize, + "Cumulative size should equal total size (\(expectedTotalSize)), got \(cumulativeSize)") + #expect( + itemCount == expectedTotalItems, + "Should have processed \(expectedTotalItems) entries (1 dir + 4 files), got \(itemCount)") + + // Verify incremental progress: we should get separate add-size events for each file + let addSizeEvents = allEvents.compactMap { event -> Int64? in + guard case .addSize(let value) = event else { return nil } + return value + } + #expect( + addSizeEvents.count == 4, + "Should have 4 add-size events (one per file, including empty), got \(addSizeEvents.count)") + + // Verify individual file sizes were reported correctly + let reportedSizes = addSizeEvents.sorted() + #expect( + reportedSizes == [0, 512, 1024, 4096], + "Individual file sizes should be [0, 512, 1024, 4096], got \(reportedSizes)") + + // Verify event-by-event behavior expected by clients: + // total remains stable and written bytes are monotonic as progress updates arrive. + var runningTotal: Int64? + var runningWritten: Int64 = 0 + var previousSnapshot: (written: Int64, total: Int64?)? + var progressSnapshotCount = 0 + + for event in allEvents { + switch event { + case .addTotalSize(let value): + runningTotal = (runningTotal ?? 0) + value + case .addSize(let value): + runningWritten += value + let currentSnapshot = (written: runningWritten, total: runningTotal) + if let previousSnapshot { + #expect( + currentSnapshot.written >= previousSnapshot.written, + "Written bytes should be monotonic: \(currentSnapshot.written) < \(previousSnapshot.written)") + #expect( + currentSnapshot.total == previousSnapshot.total, + "Total bytes should remain stable across progress updates") + } + previousSnapshot = currentSnapshot + progressSnapshotCount += 1 + default: + break + } + } + + #expect( + progressSnapshotCount == addSizeEvents.count, + "Should produce one monotonic snapshot per add-size update") + + // Verify totals come before incremental events (first pass before second pass) + let totalSizeIndex = try #require( + allEvents.firstIndex(where: { + guard case .addTotalSize = $0 else { return false } + return true + }), + "add-total-size event should be present") + let firstAddSizeIndex = try #require( + allEvents.firstIndex(where: { + guard case .addSize = $0 else { return false } + return true + }), + "add-size event should be present") + #expect( + totalSizeIndex < firstAddSizeIndex, + "add-total-size should be reported before add-size events") + + let totalItemsIndex = try #require( + allEvents.firstIndex(where: { + guard case .addTotalItems = $0 else { return false } + return true + }), + "add-total-items event should be present") + let firstAddItemsIndex = try #require( + allEvents.firstIndex(where: { + guard case .addItems = $0 else { return false } + return true + }), + "add-items event should be present") + #expect( + totalItemsIndex < firstAddItemsIndex, + "add-total-items should be reported before add-items events") + } + + @Test func progressHandlerIsOptional() async throws { + // Verify that unpacking works without a progress handler (existing behavior) + let tempDir = FileManager.default.uniqueTemporaryDirectory() + let archivePath = tempDir.appendingPathComponent("test.tar.gz", isDirectory: false) + let fsPath = FilePath(tempDir.appendingPathComponent("test.ext4.img", isDirectory: false)) + + defer { + try? FileManager.default.removeItem(at: tempDir) + } + + let archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try archiver.open(file: archivePath) + try archiver.writeEntry(entry: WriteEntry.dir(path: "/test", permissions: 0o755), data: nil) + let data = Data(repeating: 0x42, count: 100) + try archiver.writeEntry( + entry: WriteEntry.file(path: "/test/file.bin", permissions: 0o644, size: Int64(data.count)), + data: data) + try archiver.finishEncoding() + + // Unpack without progress handler - should not throw + let formatter = try EXT4.Formatter(fsPath) + try await formatter.unpack(source: archivePath) + try formatter.close() + + // Verify the file was unpacked correctly + let reader = try EXT4.EXT4Reader(blockDevice: fsPath) + let children = try reader.children(of: EXT4.RootInode) + let childNames = Set(children.map { $0.0 }) + #expect(childNames.contains("test"), "Directory 'test' should exist in unpacked filesystem") + } + + @Test func unpackCreatesImplicitParentsForHardlink() async throws { + // A hardlink whose parent dir has no explicit archive entry must unpack: the + // missing parents are created implicitly instead of failing with "... not found". + // This is the exact repro shape (e.g. Bazel rules_img runfiles trees). + let tempDir = FileManager.default.uniqueTemporaryDirectory() + let archivePath = tempDir.appendingPathComponent("hardlink.tar.gz", isDirectory: false) + let fsPath = FilePath(tempDir.appendingPathComponent("hardlink.ext4.img", isDirectory: false)) + defer { try? FileManager.default.removeItem(at: tempDir) } + + let archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try archiver.open(file: archivePath) + // The hardlink target. /bin itself has no explicit dir entry either. + let payload = Data("hello".utf8) + try archiver.writeEntry( + entry: WriteEntry.file(path: "/bin/app", permissions: 0o755, size: Int64(payload.count)), + data: payload) + // The parent dir /bin/app.runfiles/_main/app_ has no explicit archive entry. + try archiver.writeEntry( + entry: WriteEntry.hardlink(path: "/bin/app.runfiles/_main/app_/app", target: "/bin/app"), + data: nil) + try archiver.finishEncoding() + + let formatter = try EXT4.Formatter(fsPath) + try await formatter.unpack(source: archivePath) // must not throw notFound + try formatter.close() + + let reader = try EXT4.EXT4Reader(blockDevice: fsPath) + // Implicitly-created parent directories exist and are directories. + #expect(try reader.stat("/bin/app.runfiles").inode.mode.isDir()) + #expect(try reader.stat("/bin/app.runfiles/_main").inode.mode.isDir()) + #expect(try reader.stat("/bin/app.runfiles/_main/app_").inode.mode.isDir()) + // Hardlink resolves to the target inode and bumps the link count to 2. + let target = try reader.stat("/bin/app") + let hardlink = try reader.stat("/bin/app.runfiles/_main/app_/app") + #expect(hardlink.inodeNumber == target.inodeNumber) + #expect(target.inode.linksCount == 2) + } + + @Test func unpackCreatesImplicitParentsForSymlink() async throws { + // A symlink whose parent dir has no explicit archive entry must unpack. + let tempDir = FileManager.default.uniqueTemporaryDirectory() + let archivePath = tempDir.appendingPathComponent("symlink.tar.gz", isDirectory: false) + let fsPath = FilePath(tempDir.appendingPathComponent("symlink.ext4.img", isDirectory: false)) + defer { try? FileManager.default.removeItem(at: tempDir) } + + let archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try archiver.open(file: archivePath) + // The parent dir /etc/links has no explicit archive entry. + try archiver.writeEntry( + entry: WriteEntry.link(path: "/etc/links/cur", permissions: 0o777, target: "/bin/app"), + data: nil) + try archiver.finishEncoding() + + let formatter = try EXT4.Formatter(fsPath) + try await formatter.unpack(source: archivePath) // must not throw notFound + try formatter.close() + + let reader = try EXT4.EXT4Reader(blockDevice: fsPath) + #expect(try reader.stat("/etc/links").inode.mode.isDir()) + #expect(try reader.stat("/etc/links/cur", followSymlinks: false).inode.mode.isLink()) + } + + @Test func unpackCreatesImplicitParentsForRegularFile() async throws { + // A regular file whose parent dir has no explicit archive entry must unpack. + let tempDir = FileManager.default.uniqueTemporaryDirectory() + let archivePath = tempDir.appendingPathComponent("file.tar.gz", isDirectory: false) + let fsPath = FilePath(tempDir.appendingPathComponent("file.ext4.img", isDirectory: false)) + defer { try? FileManager.default.removeItem(at: tempDir) } + + let archiver = try ArchiveWriter( + configuration: ArchiveWriterConfiguration(format: .paxRestricted, filter: .gzip)) + try archiver.open(file: archivePath) + // The parent dir /var/lib/data has no explicit archive entry. + let payload = Data("world".utf8) + try archiver.writeEntry( + entry: WriteEntry.file(path: "/var/lib/data/file.txt", permissions: 0o644, size: Int64(payload.count)), + data: payload) + try archiver.finishEncoding() + + let formatter = try EXT4.Formatter(fsPath) + try await formatter.unpack(source: archivePath) // must not throw notFound + try formatter.close() + + let reader = try EXT4.EXT4Reader(blockDevice: fsPath) + #expect(try reader.stat("/var/lib/data").inode.mode.isDir()) + #expect(try reader.stat("/var/lib/data/file.txt").inode.mode.isReg()) + #expect(try reader.readFile(at: "/var/lib/data/file.txt") == payload) + } +} + +extension ContainerizationArchive.WriteEntry { + static func dir(path: String, permissions: UInt16) -> WriteEntry { + let entry = WriteEntry() + entry.path = path + entry.fileType = .directory + entry.permissions = permissions + return entry + } + + static func file(path: String, permissions: UInt16, size: Int64? = nil, xattrs: [String: Data]? = nil) -> WriteEntry { + let entry = WriteEntry() + entry.path = path + entry.fileType = .regular + entry.permissions = permissions + entry.size = size + if let xattrs { + entry.xattrs = xattrs + } + return entry + } + + static func link(path: String, permissions: UInt16, target: String) -> WriteEntry { + let entry = WriteEntry() + entry.path = path + entry.fileType = .symbolicLink + entry.symlinkTarget = target + return entry + } + + static func hardlink(path: String, target: String) -> WriteEntry { + let entry = WriteEntry() + entry.path = path + entry.fileType = .regular + entry.hardlink = target + return entry + } +} + +extension EXT4.EXT4Reader { + fileprivate func getXattrsForInode(inode: EXT4.Inode) throws -> [String: Data] { + var attributes: [EXT4.ExtendedAttribute] = [] + let buffer: [UInt8] = EXT4.tupleToArray(inode.inlineXattrs) + try attributes.append(contentsOf: Self.readInlineExtendedAttributes(from: buffer)) + let block = inode.xattrBlockLow + try self.seek(block: block) + let buf = try self.handle.read(upToCount: Int(self.blockSize))! + try attributes.append(contentsOf: Self.readBlockExtendedAttributes(from: [UInt8](buf))) + var xattrs: [String: Data] = [:] + for attribute in attributes { + guard attribute.fullName != "system.data" else { + continue + } + xattrs[attribute.fullName] = Data(attribute.value) + } + return xattrs + } +} +#endif diff --git a/Tests/ContainerizationExtrasTests/AsyncLockTests.swift b/Tests/ContainerizationExtrasTests/AsyncLockTests.swift new file mode 100644 index 0000000..1db0fc3 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/AsyncLockTests.swift @@ -0,0 +1,112 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +private final class Unprotected: @unchecked Sendable { + var value: Int + init(_ value: Int) { self.value = value } +} + +final class AsyncLockTests { + @Test + func testBasicModification() async throws { + let lock = AsyncLock() + let counter = Unprotected(0) + + let result = await lock.withLock { _ in + counter.value += 1 + return counter.value + } + + #expect(result == 1) + } + + @Test + func testSequentialReturnValues() async throws { + let lock = AsyncLock() + + let first = await lock.withLock { _ in 1 } + let second = await lock.withLock { _ in first + 1 } + let third = await lock.withLock { _ in second + 1 } + + #expect(third == 3) + } + + @Test + func testMultipleModifications() async throws { + let lock = AsyncLock() + let counter = Unprotected(0) + + await lock.withLock { _ in + counter.value += 5 + } + + let result = await lock.withLock { value in + counter.value += 10 + return counter.value + } + + #expect(result == 15) + } + + @Test + func testMutualExclusion() async throws { + let lock = AsyncLock() + let counter = Unprotected(0) + let iterations = 100 + + await withTaskGroup(of: Void.self) { group in + for _ in 0.. /26 + let lower1 = try IPAddress("192.168.1.64") + let upper1 = try IPAddress("192.168.1.127") + let cidr1 = try CIDR(lower: lower1, upper: upper1) + #expect(cidr1.prefix.length == 26) + #expect(cidr1.contains(lower1)) + #expect(cidr1.contains(upper1)) + } + + @Test func testRangeConstructorValidatesIPv6Containment() throws { + // Test IPv6 range containment validation + let lower = try IPAddress("2001:db8::1000") + let upper = try IPAddress("2001:db8::1fff") + let cidr = try CIDR(lower: lower, upper: upper) + #expect(cidr.contains(lower)) + #expect(cidr.contains(upper)) + } + + // MARK: - Version-Specific Range Constructors + + @Test func testV4RangeConstructor() throws { + let lower = try IPAddress("192.168.1.0") + let upper = try IPAddress("192.168.1.255") + let cidr = try CIDR(lower: lower, upper: upper) + #expect(cidr.prefix.length == 24) + #expect(cidr.address.description == "192.168.1.0") + } + + @Test func testV4RangeSingleAddress() throws { + let addr = try IPAddress("192.168.1.100") + let cidr = try CIDR(lower: addr, upper: addr) + #expect(cidr.prefix.length == 32) + #expect(cidr.address.description == "192.168.1.100") + } + + @Test func testV6RangeConstructor() throws { + let lower = try IPAddress("2001:db8::") + let upper = try IPAddress("2001:db8::ffff:ffff:ffff:ffff") + let cidr = try CIDR(lower: lower, upper: upper) + #expect(cidr.prefix.length == 64) + #expect(cidr.address.description == "2001:db8::") + } + + @Test func testV6RangeSingleAddress() throws { + let addr = try IPAddress("2001:db8::1") + let cidr = try CIDR(lower: addr, upper: addr) + #expect(cidr.prefix.length == 128) + #expect(cidr.address.description == "2001:db8::1") + } + + @Test func testV4RangeRejectsInvalidOrder() throws { + let lower = try IPAddress("192.168.1.255") + let upper = try IPAddress("192.168.1.0") + #expect(throws: CIDR.Error.self) { + _ = try CIDR(lower: lower, upper: upper) + } + } + + @Test func testV6RangeRejectsInvalidOrder() throws { + let lower = try IPAddress("2001:db8::ffff") + let upper = try IPAddress("2001:db8::1") + #expect(throws: CIDR.Error.self) { + _ = try CIDR(lower: lower, upper: upper) + } + } + + @Test func testV6RangeRejectsDifferentZones() throws { + let lower = try IPAddress("fe80::1%eth0") + let upper = try IPAddress("fe80::2%eth1") + #expect(throws: CIDR.Error.self) { + _ = try CIDR(lower: lower, upper: upper) + } + } + + // MARK: - Description Tests + + @Test func testDescriptionFormat() throws { + let cidr = try CIDR("10.0.0.0/8") + #expect(cidr.description == "10.0.0.0/8") + } + + @Test func testPreservesAddress() throws { + let cidr = try CIDR("192.168.1.100/24") + #expect(cidr.description == "192.168.1.100/24") + } + + @Test( + "CIDRv4 Codable encodes to string representation", + arguments: [ + "192.168.1.0/24", + "10.0.0.0/8", + "172.16.0.0/12", + ] + ) + func testCIDRv4CodableEncode(cidr: String) throws { + let original = try CIDRv4(cidr) + let encoded = try JSONEncoder().encode(original) + let jsonString = String(data: encoded, encoding: .utf8)! + #expect(jsonString.contains(original.address.description)) + #expect(jsonString.contains("\(original.prefix.length)")) + } + + @Test( + "CIDRv4 Codable decodes from string representation", + arguments: [ + "192.168.1.0/24", + "10.0.0.0/8", + "172.16.0.0/12", + ] + ) + func testCIDRv4CodableDecode(cidr: String) throws { + let json = Data("\"\(cidr)\"".utf8) + let decoded = try JSONDecoder().decode(CIDRv4.self, from: json) + let expected = try CIDRv4(cidr) + #expect(decoded == expected) + } + + @Test( + "CIDRv6 Codable encodes to string representation", + arguments: [ + ("2001:db8::/32", "2001:db8::", 32), + ("fe80::/10", "fe80::", 10), + ("::1/128", "::1", 128), + ] + ) + func testCIDRv6CodableEncode(cidr: String, expectedAddr: String, expectedPrefix: UInt8) throws { + let original = try CIDRv6(cidr) + let encoded = try JSONEncoder().encode(original) + let jsonString = String(data: encoded, encoding: .utf8)! + #expect(jsonString.contains(expectedAddr)) + #expect(jsonString.contains("\(expectedPrefix)")) + } + + @Test( + "CIDRv6 Codable decodes from string representation", + arguments: [ + "2001:db8::/32", + "fe80::/10", + "::1/128", + ] + ) + func testCIDRv6CodableDecode(cidr: String) throws { + let json = Data("\"\(cidr)\"".utf8) + let decoded = try JSONDecoder().decode(CIDRv6.self, from: json) + let expected = try CIDRv6(cidr) + #expect(decoded == expected) + } +} diff --git a/Tests/ContainerizationExtrasTests/TestIPAddress.swift b/Tests/ContainerizationExtrasTests/TestIPAddress.swift new file mode 100644 index 0000000..8bf93a1 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestIPAddress.swift @@ -0,0 +1,237 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +@Suite("Unified IPAddress Tests") +struct IPAddressTests { + + @Test( + "Parse IPv4 addresses", + arguments: [ + "192.168.1.1", + "127.0.0.1", + "0.0.0.0", + "255.255.255.255", + ] + ) + func testParseIPv4(input: String) throws { + let ip = try IPAddress(input) + #expect(ip.isV4, "Should be IPv4: \(input)") + #expect(!ip.isV6, "Should not be IPv6: \(input)") + #expect(ip.ipv4 != nil, "Should have IPv4 value: \(input)") + #expect(ip.ipv6 == nil, "Should not have IPv6 value: \(input)") + } + + @Test( + "Parse IPv6 addresses", + arguments: [ + "2001:db8::1", + "::1", + "::", + "fe80::1", + "2001:db8:0:0:0:0:0:1", + ] + ) + func testParseIPv6(input: String) throws { + let ip = try IPAddress(input) + #expect(ip.isV6, "Should be IPv6: \(input)") + #expect(!ip.isV4, "Should not be IPv4: \(input)") + #expect(ip.ipv6 != nil, "Should have IPv6 value: \(input)") + #expect(ip.ipv4 == nil, "Should not have IPv4 value: \(input)") + } + + @Test( + "Loopback detection", + arguments: [ + // Loopback addresses + ("127.0.0.1", true, "IPv4 loopback"), + ("127.0.0.255", true, "IPv4 loopback variant"), + ("127.255.255.255", true, "Any 127.x.x.x"), + ("::1", true, "IPv6 loopback"), + // Non-loopback addresses + ("192.168.1.1", false, "Private IPv4"), + ("2001:db8::1", false, "IPv6 documentation"), + ("0.0.0.0", false, "IPv4 unspecified"), + ("::", false, "IPv6 unspecified"), + ] + ) + func testLoopback(input: String, expected: Bool, description: String) throws { + let ip = try IPAddress(input) + #expect(ip.isLoopback == expected, "\(description): \(input) should\(expected ? "" : " not") be loopback") + } + + @Test( + "Multicast detection", + arguments: [ + // Multicast addresses + ("224.0.0.1", true, "IPv4 multicast start"), + ("239.255.255.255", true, "IPv4 multicast end (224.0.0.0/4)"), + ("ff02::1", true, "IPv6 link-local multicast"), + ("ff00::1", true, "IPv6 multicast"), + // Non-multicast addresses + ("192.168.1.1", false, "Private IPv4"), + ("2001:db8::1", false, "IPv6 documentation"), + ("223.255.255.255", false, "Just before multicast range"), + ] + ) + func testMulticast(input: String, expected: Bool, description: String) throws { + let ip = try IPAddress(input) + #expect(ip.isMulticast == expected, "\(description): \(input) should\(expected ? "" : " not") be multicast") + } + + @Test( + "Unspecified detection", + arguments: [ + // Unspecified addresses + ("0.0.0.0", true, "IPv4 unspecified"), + ("::", true, "IPv6 unspecified"), + // Specified addresses + ("0.0.0.1", false, "Not unspecified IPv4"), + ("192.168.1.1", false, "Private IPv4"), + ("::1", false, "IPv6 loopback"), + ("2001:db8::1", false, "IPv6 documentation"), + ] + ) + func testUnspecified(input: String, expected: Bool, description: String) throws { + let ip = try IPAddress(input) + #expect(ip.isUnspecified == expected, "\(description): \(input) should\(expected ? "" : " not") be unspecified") + } + + @Test("Comparable - IPv4 ordering") + func testIPv4Ordering() throws { + let ip1 = try IPv4Address("192.168.1.1") + let ip2 = try IPv4Address("192.168.1.2") + let ip3 = try IPv4Address("192.168.2.1") + + #expect(ip1 < ip2) + #expect(ip2 < ip3) + #expect(ip1 < ip3) + #expect(!(ip2 < ip1)) + } + + @Test("Comparable - IPv6 ordering") + func testIPv6Ordering() throws { + let ip1 = try IPv6Address("2001:db8::1") + let ip2 = try IPv6Address("2001:db8::2") + let ip3 = try IPv6Address("2001:db9::1") + + #expect(ip1 < ip2) + #expect(ip2 < ip3) + #expect(ip1 < ip3) + #expect(!(ip2 < ip1)) + } + + @Test( + "Equality", + arguments: [ + ("192.168.1.1", "192.168.1.1", true, "Same IPv4"), + ("192.168.1.1", "192.168.1.2", false, "Different IPv4"), + ("2001:db8::1", "2001:0db8:0000:0000:0000:0000:0000:0001", true, "Same IPv6, different format"), + ("2001:db8::1", "2001:db8::2", false, "Different IPv6"), + ] + ) + func testEquality(addr1: String, addr2: String, shouldBeEqual: Bool, description: String) throws { + let ip1 = try IPAddress(addr1) + let ip2 = try IPAddress(addr2) + + if shouldBeEqual { + #expect(ip1 == ip2, "\(description): \(addr1) should equal \(addr2)") + } else { + #expect(ip1 != ip2, "\(description): \(addr1) should not equal \(addr2)") + } + } + + @Test("Hashable") + func testHashable() throws { + var dict: [IPAddress: String] = [:] + + let ip1 = try IPAddress("192.168.1.1") + let ip2 = try IPAddress("2001:db8::1") + + dict[ip1] = "IPv4" + dict[ip2] = "IPv6" + + #expect(dict[ip1] == "IPv4") + #expect(dict[ip2] == "IPv6") + #expect(dict.count == 2) + } + + @Test( + "Codable encodes to string representation", + arguments: [ + "127.0.0.1", + "192.168.1.1", + "0.0.0.0", + "255.255.255.255", + ] + ) + func testCodableEncodeIPv4(address: String) throws { + let original = try IPAddress(address) + let encoded = try JSONEncoder().encode(original) + #expect(String(data: encoded, encoding: .utf8) == "\"\(address)\"") + } + + @Test( + "Codable decodes from string representation", + arguments: [ + "127.0.0.1", + "192.168.1.1", + "0.0.0.0", + "255.255.255.255", + ] + ) + func testCodableDecodeIPv4(address: String) throws { + let json = Data("\"\(address)\"".utf8) + let decoded = try JSONDecoder().decode(IPAddress.self, from: json) + let expected = try IPAddress(address) + #expect(decoded == expected) + } + + @Test( + "Codable encodes to string representation", + arguments: [ + ("::1", "::1"), + ("2001:db8::1", "2001:db8::1"), + ("::", "::"), + ("fe80::1", "fe80::1"), + ] + ) + func testCodableEncodeIPv6(input: String, expected: String) throws { + let original = try IPAddress(input) + let encoded = try JSONEncoder().encode(original) + #expect(String(data: encoded, encoding: .utf8) == "\"\(expected)\"") + } + + @Test( + "Codable decodes from string representation", + arguments: [ + "::1", + "2001:db8::1", + "::", + "fe80::1", + ] + ) + func testCodableDecodeIPv6(address: String) throws { + let json = Data("\"\(address)\"".utf8) + let decoded = try JSONDecoder().decode(IPAddress.self, from: json) + let expected = try IPAddress(address) + #expect(decoded == expected) + } +} diff --git a/Tests/ContainerizationExtrasTests/TestIPv4Address.swift b/Tests/ContainerizationExtrasTests/TestIPv4Address.swift new file mode 100644 index 0000000..416f263 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestIPv4Address.swift @@ -0,0 +1,494 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +@Suite("IPv4Address Tests") +struct IPv4AddressTests { + + // MARK: - Initializer Tests + + @Suite("Initializers") + struct InitializerTests { + + @Test( + "UInt32 initializer", + arguments: [ + (0x7F00_0001, "127.0.0.1"), // localhost + (0x0000_0000, "0.0.0.0"), // zero address + (0xFFFF_FFFF, "255.255.255.255"), // max address + (0xC0A8_0101, "192.168.1.1"), // private network + (0x0808_0808, "8.8.8.8"), // Google DNS + ] + ) + func testUInt32Initializer(inputValue: UInt32, description: String) { + let address = IPv4Address(inputValue) + #expect(address.value == inputValue) + } + + @Test( + "String initializer - valid addresses", + arguments: [ + ("127.0.0.1", 0x7F00_0001), // localhost + ("0.0.0.0", 0x0000_0000), // zero address + ("255.255.255.255", 0xFFFF_FFFF), // broadcast + ("10.0.0.1", 0x0A00_0001), // private network 10.x + ("192.168.1.1", 0xC0A8_0101), // private network 192.168.x + ("172.16.0.1", 0xAC10_0001), // private network 172.16.x + ("1.2.3.4", 0x0102_0304), // single digits + ("192.168.100.254", 0xC0A8_64FE), // mixed digits + ] + ) + func testStringInitializerValid(addressString: String, expectedValue: UInt32) throws { + let address = try IPv4Address(addressString) + #expect(address.value == expectedValue) + } + + @Test( + "String initializer - invalid addresses", + arguments: [ + "", // empty string + "1.2.3", // too short + "1.2.3.4.5", // too many octets + "192.168.1.256", // octet out of range + "192.168.001.1", // leading zeros + "01.2.3.4", // leading zero first octet + " 192.168.1.1", // leading whitespace + "192.168.1.1 ", // trailing whitespace + "192. 168.1.1", // internal whitespace + "192.168.1.a", // invalid character + "192.168.1.-1", // negative number + "192..1.1", // missing octet + ".168.1.1", // missing first octet + "192.168.1.", // missing last octet + "192.168.1.1.extra", // too long + ] + ) + func testStringInitializerInvalid(invalidAddress: String) { + #expect(throws: AddressError.self) { + try IPv4Address(invalidAddress) + } + } + + @Test( + "byte array initializer - valid addresses", + arguments: [ + ([UInt8(127), 0, 0, 1], UInt32(0x7F00_0001)), // localhost + ([UInt8(0), 0, 0, 0], UInt32(0x0000_0000)), // zero address + ([UInt8(255), 255, 255, 255], UInt32(0xFFFF_FFFF)), // broadcast + ([UInt8(192), 168, 1, 1], UInt32(0xC0A8_0101)), // private network + ([UInt8(0x12), 0x34, 0x56, 0x78], UInt32(0x1234_5678)), // byte order test + ] + ) + func testByteArrayInitializerValid(bytes: [UInt8], expectedValue: UInt32) throws { + let address = try IPv4Address(bytes) + #expect(address.value == expectedValue) + // The byte array initializer must round-trip with the bytes property. + #expect(address.bytes == bytes) + } + + @Test( + "byte array initializer - invalid lengths", + arguments: [ + [], // empty + [UInt8(1)], // too short + [UInt8(1), 2, 3], // too short + [UInt8(1), 2, 3, 4, 5], // too long + ] + ) + func testByteArrayInitializerInvalid(bytes: [UInt8]) { + #expect(throws: AddressError.self) { + try IPv4Address(bytes) + } + } + } + + // MARK: - Property Tests + + @Suite("Properties") + struct PropertyTests { + + @Test( + "bytes property", + arguments: [ + (UInt32(0x7F00_0001), [UInt8(127), UInt8(0), UInt8(0), UInt8(1)]), // localhost + (UInt32(0x0000_0000), [UInt8(0), UInt8(0), UInt8(0), UInt8(0)]), // zero + (UInt32(0xFFFF_FFFF), [UInt8(255), UInt8(255), UInt8(255), UInt8(255)]), // broadcast + (UInt32(0xC0A8_0101), [UInt8(192), UInt8(168), UInt8(1), UInt8(1)]), // private network + (UInt32(0x1234_5678), [UInt8(0x12), UInt8(0x34), UInt8(0x56), UInt8(0x78)]), // byte order test + ] + ) + func testBytesProperty(inputValue: UInt32, expectedBytes: [UInt8]) { + let address = IPv4Address(inputValue) + #expect(address.bytes == expectedBytes) + } + + @Test( + "description property", + arguments: [ + (0x7F00_0001, "127.0.0.1"), // localhost + (0x0000_0000, "0.0.0.0"), // zero + (0xFFFF_FFFF, "255.255.255.255"), // broadcast + (0xC0A8_0101, "192.168.1.1"), // private network + (0x0102_0304, "1.2.3.4"), // single digits + ] + ) + func testDescriptionProperty(inputValue: UInt32, expectedDescription: String) { + let address = IPv4Address(inputValue) + #expect(address.description == expectedDescription) + } + + @Test( + "round-trip string conversion", + arguments: [ + "0.0.0.0", + "127.0.0.1", + "192.168.1.1", + "10.0.0.1", + "172.16.0.1", + "255.255.255.255", + "1.2.3.4", + "8.8.8.8", + "1.1.1.1", + ] + ) + func testRoundTripStringConversion(addressString: String) throws { + let address = try IPv4Address(addressString) + #expect(address.description == addressString) + } + } + + // MARK: - Protocol Conformance Tests + + @Suite("Protocol Conformances") + struct ProtocolConformanceTests { + + @Test("Equatable conformance") + func testEquatableConformance() { + let addr1 = IPv4Address(0x7F00_0001) + let addr2 = IPv4Address(0x7F00_0001) + let addr3 = IPv4Address(0xC0A8_0101) + + #expect(addr1 == addr2) + #expect(addr1 != addr3) + #expect(addr2 != addr3) + } + + @Test("Hashable conformance") + func testHashableConformance() { + let addr1 = IPv4Address(0x7F00_0001) + let addr2 = IPv4Address(0x7F00_0001) + let addr3 = IPv4Address(0xC0A8_0101) + + // Equal objects should have equal hash values + #expect(addr1.hashValue == addr2.hashValue) + + // Different objects should ideally have different hash values + // (though this is not guaranteed, it's very likely for these values) + #expect(addr1.hashValue != addr3.hashValue) + + // Test that addresses can be used in Sets and Dictionaries + let addressSet: Set = [addr1, addr2, addr3] + #expect(addressSet.count == 2) // addr1 and addr2 are equal + + let addressDict = [addr1: "localhost", addr3: "private"] + #expect(addressDict[addr2] == "localhost") // addr2 equals addr1 + } + + @Test("CustomStringConvertible conformance") + func testCustomStringConvertibleConformance() { + let address = IPv4Address(0x7F00_0001) + let stringRepresentation = String(describing: address) + #expect(stringRepresentation == "127.0.0.1") + } + + @Test("Sendable conformance") + func testSendableConformance() { + // This test verifies that IPv4Address can be safely passed across concurrency boundaries + let address = IPv4Address(0x7F00_0001) + + Task { + let taskAddress = address + #expect(taskAddress.value == 0x7F00_0001) + } + } + + @Test( + "Codable encodes to string representation", + arguments: [ + "127.0.0.1", + "192.168.1.1", + "0.0.0.0", + "255.255.255.255", + ] + ) + func testCodableEncode(address: String) throws { + let original = try IPv4Address(address) + let encoded = try JSONEncoder().encode(original) + #expect(String(data: encoded, encoding: .utf8) == "\"\(address)\"") + } + + @Test( + "Codable decodes from string representation", + arguments: [ + "127.0.0.1", + "192.168.1.1", + "0.0.0.0", + "255.255.255.255", + ] + ) + func testCodableDecode(address: String) throws { + let json = Data("\"\(address)\"".utf8) + let decoded = try JSONDecoder().decode(IPv4Address.self, from: json) + let expected = try IPv4Address(address) + #expect(decoded == expected) + } + } + + // MARK: - Edge Cases and Error Conditions + + @Suite("Edge Cases") + struct EdgeCaseTests { + + @Test( + "boundary values", + arguments: [ + ("0.0.0.0", 0x0000_0000), // minimum + ("255.255.255.255", 0xFFFF_FFFF), // maximum + ("255.0.0.0", 0xFF00_0000), // max first octet + ("0.255.0.0", 0x00FF_0000), // max second octet + ("0.0.255.0", 0x0000_FF00), // max third octet + ("0.0.0.255", 0x0000_00FF), // max fourth octet + ] + ) + func testBoundaryValues(addressString: String, expectedValue: UInt32) throws { + let address = try IPv4Address(addressString) + #expect(address.value == expectedValue) + } + + @Test( + "special addresses", + arguments: [ + "127.0.0.1", // loopback + "255.255.255.255", // broadcast + "0.0.0.0", // network address + "8.8.8.8", // Google DNS + "1.1.1.1", // Cloudflare DNS + ] + ) + func testSpecialAddresses(addressString: String) throws { + let address = try IPv4Address(addressString) + #expect(address.description == addressString) + } + + @Test( + "leading zero validation - invalid", + arguments: [ + "01.0.0.0", + "0.01.0.0", + "0.0.01.0", + "0.0.0.01", + "192.168.001.1", + "010.0.0.1", + "00.0.0.1", + ] + ) + func testLeadingZeroValidationInvalid(invalidAddress: String) { + #expect(throws: AddressError.self) { + try IPv4Address(invalidAddress) + } + } + + @Test("leading zero validation - valid single zeros") + func testLeadingZeroValidationValid() { + // Single "0" should be valid + #expect(throws: Never.self) { + try IPv4Address("0.0.0.0") + } + } + + @Test( + "string length validation - too short", + arguments: [ + "", "1", "1.2", "1.2.3", "1.2.3.", + ] + ) + func testStringLengthValidationTooShort(shortString: String) { + #expect(throws: AddressError.self) { + try IPv4Address(shortString) + } + } + + @Test( + "string length validation - too long", + arguments: [ + "255.255.255.255.1", + "1234.168.1.1", + "192.1234.1.1", + "192.168.1234.1", + "192.168.1.1234", + ] + ) + func testStringLengthValidationTooLong(longString: String) { + #expect(throws: AddressError.self) { + try IPv4Address(longString) + } + } + } + + // MARK: - Performance Tests + + @Suite("Performance") + struct PerformanceTests { + + @Test("parsing performance") + func testParsingPerformance() throws { + let testAddresses = [ + "192.168.1.1", + "10.0.0.1", + "172.16.0.1", + "127.0.0.1", + "8.8.8.8", + "1.1.1.1", + "255.255.255.255", + "0.0.0.0", + ] + + // Warm up + for _ in 0..<100 { + for address in testAddresses { + _ = try IPv4Address(address) + } + } + + // Measure performance + let iterations = 10000 + let startTime = Date() + + for _ in 0.. String + let addressFromUInt32 = IPv4Address(expectedValue) + #expect(addressFromUInt32.description == expectedString) + + // Test String -> UInt32 + let addressFromString = try IPv4Address(expectedString) + #expect(addressFromString.value == expectedValue) + + // Test equality + #expect(addressFromUInt32 == addressFromString) + } + + @Test( + "error message consistency", + arguments: [ + "", + "256.1.1.1", + "1.2.3", + "1.2.3.4.5", + "192.168.001.1", + " 192.168.1.1", + "192.168.1.1 ", + "192.168.1.a", + ] + ) + func testErrorMessageConsistency(invalidInput: String) { + do { + _ = try IPv4Address(invalidInput) + #expect(Bool(false), "Should have thrown for input: \(invalidInput)") + } catch let error as AddressError { + #expect(error == AddressError.unableToParse) + } catch { + #expect(Bool(false), "Should have thrown AddressError, got: \(error)") + } + } + } +} diff --git a/Tests/ContainerizationExtrasTests/TestIPv6Address+Parse.swift b/Tests/ContainerizationExtrasTests/TestIPv6Address+Parse.swift new file mode 100644 index 0000000..3eabb46 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestIPv6Address+Parse.swift @@ -0,0 +1,734 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +@Suite("IPv6Address Parsing Tests") +struct IPv6AddressParseTests { + + // MARK: - Valid Hexadecimal Group Tests + + @Test( + "Parsing valid hexadecimal groups", + arguments: [ + ("0", 0x0), + ("1", 0x1), + ("F", 0xF), + ("FF", 0xFF), + ("FFF", 0xFFF), + ("FFFF", 0xFFFF), + ("1234", 0x1234), + ("abcd", 0xABCD), + ("ABCD", 0xABCD), + ("0000", 0x0000), + ] + ) + func testParseValidHexadecimalGroups(input: String, expectedValue: UInt16) throws { + let utf8 = input.utf8 + let (parsedValue, nextIndex) = try IPv6Address.parseHexadecimal( + from: utf8, + startingAt: utf8.startIndex + ) + + #expect( + parsedValue == expectedValue, + "For input '\(input)': expected \(expectedValue) but got \(parsedValue)" + ) + #expect(nextIndex == input.endIndex, "Parser should consume entire input") + } + + @Test( + "Parsing hexadecimal groups with trailing characters", + arguments: [ + ("FF:1234", 0xFF, ":1234"), + ("1234G", 0x1234, "G"), + ("AB::CD", 0xAB, "::CD"), + ("0Z", 0x0, "Z"), + ] + ) + func testParseHexadecimalGroupWithTrailingCharacters( + input: String, + expectedValue: UInt16, + expectedRemainder: String + ) throws { + let utf8 = input.utf8 + let (parsedValue, nextIndex) = try IPv6Address.parseHexadecimal( + from: utf8, + startingAt: utf8.startIndex + ) + + let remainder = String(input[String.Index(nextIndex, within: input)!...]) + + #expect( + parsedValue == expectedValue, + "For input '\(input)': expected \(expectedValue) but got \(parsedValue)" + ) + #expect( + remainder == expectedRemainder, + "For input '\(input)': expected remainder '\(expectedRemainder)' but got '\(remainder)'" + ) + } + + // MARK: - Error Handling Tests + + @Test( + "Parsing invalid hexadecimal groups should throw", + arguments: [ + "", // Empty string - no hex digits found + "G", // Invalid hex character - no hex digits found + "GGGG", // All invalid hex characters - no hex digits found + ] + ) + func testParseInvalidHexadecimalGroup(invalidInput: String) { + #expect(throws: AddressError.self) { + let utf8 = invalidInput.utf8 + _ = try IPv6Address.parseHexadecimal( + from: utf8, + startingAt: utf8.startIndex + ) + } + } + + @Test( + "Parsing hexadecimal groups with overflow behavior", + arguments: [ + ("12345", 0x1234, "5"), // 5 digits -> takes first 4 + ("10000", 0x1000, "0"), // 5 digits -> takes first 4 + ("FFFFF", 0xFFFF, "F"), // 5 digits -> takes first 4 + ("123456789", 0x1234, "56789"), // Many digits -> takes first 4 + ] + ) + func testParseHexadecimalGroupOverflow( + input: String, + expectedValue: UInt16, + expectedRemainder: String + ) throws { + let utf8 = input.utf8 + let (parsedValue, nextIndex) = try IPv6Address.parseHexadecimal( + from: utf8, + startingAt: utf8.startIndex + ) + + let remainder = String(input[String.Index(nextIndex, within: input)!...]) + + #expect( + parsedValue == expectedValue, + "For input '\(input)': expected \(expectedValue) but got \(parsedValue)" + ) + #expect( + remainder == expectedRemainder, + "For input '\(input)': expected remainder '\(expectedRemainder)' but got '\(remainder)'" + ) + } + + @Test("Parsing from middle of string") + func testParseHexadecimalGroupFromMiddle() throws { + let input = "prefix1234suffix" + let utf8 = input.utf8 + let startIndex = utf8.index(utf8.startIndex, offsetBy: 6) // Start at "1234" + + let (parsedValue, nextIndex) = try IPv6Address.parseHexadecimal( + from: utf8, + startingAt: startIndex + ) + + #expect(parsedValue == 0x1234) + + let remainder = String(input[String.Index(nextIndex, within: input)!...]) + #expect(remainder == "suffix") + } + + // MARK: - Performance Tests + + @Test("Performance with maximum length hex groups") + func testParsePerformance() throws { + let testInput = "FFFF" + + // Measure performance of parsing operation + let startTime = Date().timeIntervalSinceReferenceDate + let count = 10000 + for _ in 0.. CD3"), + ("2001:0DB8::", "2001:DB8::", "Can drop leading zeros 0DB8 -> DB8"), + ("0001:0002:0003::", "1:2:3::", "Can drop leading zeros in multiple groups"), + ] + ) + func testRFC4291Section23LeadingZeroRules(form1: String, form2: String, description: String) throws { + let bytes1 = try IPv6Address.parse(form1).bytes + let bytes2 = try IPv6Address.parse(form2).bytes + #expect(bytes1 == bytes2, "\(description)") + } + + @Test( + "RFC 4291 Section 2.3 - cannot drop trailing zeros", + arguments: [ + ("2001:DB8:0:CD30::", "2001:DB8:0:CD3::", "Cannot drop trailing zeros in CD30 -> CD3"), + ("2001:DB80::", "2001:DB8::", "Cannot drop trailing zero DB80 -> DB8"), + ("ABCD:EF00::", "ABCD:EF::", "Cannot drop trailing zeros EF00 -> EF"), + ] + ) + func testRFC4291Section23CannotDropTrailingZeros(full: String, truncated: String, description: String) throws { + let fullBytes = try IPv6Address.parse(full).bytes + let truncatedBytes = try IPv6Address.parse(truncated).bytes + #expect(fullBytes != truncatedBytes, "\(description)") + } + + @Test("RFC 4291 Section 2.3 - Node address and subnet prefix combination") + func testRFC4291Section23NodeAddressSubnetCombination() throws { + // RFC example: node address 2001:0DB8:0:CD30:123:4567:89AB:CDEF + // and its subnet number 2001:0DB8:0:CD30::/60 + // can be abbreviated as 2001:0DB8:0:CD30:123:4567:89AB:CDEF/60 + + let nodeAddress = "2001:0DB8:0:CD30:123:4567:89AB:CDEF" + let subnetPrefix = "2001:0DB8:0:CD30::" + + // Both should parse successfully + #expect(throws: Never.self, "Node address should parse successfully") { + _ = try IPv6Address.parse(nodeAddress) + } + + #expect(throws: Never.self, "Subnet prefix should parse successfully") { + _ = try IPv6Address.parse(subnetPrefix) + } + + // Verify that the subnet prefix is indeed a prefix of the node address + let nodeBytes = try IPv6Address.parse(nodeAddress).bytes + let subnetBytes = try IPv6Address.parse(subnetPrefix).bytes + + // Validate that node address has the subnet as a prefix (60-bit prefix = 7.5 bytes) + let prefixLength = 60 + let hasValidPrefix = nodeBytes.hasPrefix(subnetBytes, upToBits: prefixLength) + + #expect( + hasValidPrefix, + "Node address should have subnet as a \(prefixLength)-bit prefix" + ) + } + + // MARK: - RFC 4291 Section 2.2 Comprehensive Text Representation Tests + + @Test( + "RFC 4291 Section 2.2 - Preferred form with all groups", + arguments: [ + "2001:0db8:0000:0042:0000:8a2e:0370:7334", + "ABCD:EF01:2345:6789:ABCD:EF01:2345:6789", + "0000:0000:0000:0000:0000:0000:0000:0000", + "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF", + ] + ) + func testRFC4291Section22PreferredForm(testCase: String) throws { + #expect(throws: Never.self, "Should parse preferred form: \(testCase)") { + _ = try IPv6Address.parse(testCase) + } + } + + @Test( + "RFC 4291 Section 2.2 - Leading zero omission in all positions", + arguments: [ + ("2001:0db8:0000:0042:0000:8a2e:0370:7334", "2001:db8:0:42:0:8a2e:370:7334"), + ("0001:0002:0003:0004:0005:0006:0007:0008", "1:2:3:4:5:6:7:8"), + ("0000:0001:0002:0003:0004:0005:0006:0007", "0:1:2:3:4:5:6:7"), + ("1000:0100:0010:0001:1000:0100:0010:0001", "1000:100:10:1:1000:100:10:1"), + ] + ) + func testRFC4291Section22LeadingZeroOmission(full: String, compressed: String) throws { + let fullBytes = try IPv6Address.parse(full).bytes + let compressedBytes = try IPv6Address.parse(compressed).bytes + #expect(fullBytes == compressedBytes, "'\(full)' should equal '\(compressed)'") + } + + @Test( + "RFC 4291 Section 2.2 - Zero compression at beginning", + arguments: [ + ("::", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), + ("::1", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]), + ("::8a2e:370:7334", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34]), + ] + ) + func testRFC4291Section22ZeroCompressionAtBeginning(compressed: String, expected: [UInt8]) throws { + let parsed = try IPv6Address.parse(compressed) + #expect(parsed.bytes == expected, "'\(compressed)' should parse correctly") + } + + @Test( + "RFC 4291 Section 2.2 - Zero compression in middle", + arguments: [ + ("2001:db8::8a2e:370:7334", "2001:db8:0:0:0:8a2e:370:7334"), + ("2001:db8::1", "2001:db8:0:0:0:0:0:1"), + ("fe80::1", "fe80:0:0:0:0:0:0:1"), + ("2001:0db8:0:0::1", "2001:db8:0:0:0:0:0:1"), + ] + ) + func testRFC4291Section22ZeroCompressionInMiddle(compressed: String, full: String) throws { + let compressedBytes = try IPv6Address.parse(compressed).bytes + let fullBytes = try IPv6Address.parse(full).bytes + #expect(compressedBytes == fullBytes, "'\(compressed)' should equal '\(full)'") + } + + @Test( + "RFC 4291 Section 2.2 - Zero compression at end", + arguments: [ + ("2001:db8::", "2001:db8:0:0:0:0:0:0"), + ("2001:db8:0:0:1::", "2001:db8:0:0:1:0:0:0"), + ("fe80::", "fe80:0:0:0:0:0:0:0"), + ("1::", "1:0:0:0:0:0:0:0"), + ] + ) + func testRFC4291Section22ZeroCompressionAtEnd(compressed: String, full: String) throws { + let compressedBytes = try IPv6Address.parse(compressed).bytes + let fullBytes = try IPv6Address.parse(full).bytes + #expect(compressedBytes == fullBytes, "'\(compressed)' should equal '\(full)'") + } + + @Test( + "RFC 4291 Section 2.2 - Multiple :: should fail", + arguments: [ + "2001::db8::1", + "::1::2", + "fe80::1::2::3", + "::1::", + ] + ) + func testRFC4291Section22MultipleDoubleColonsShouldFail(invalid: String) { + #expect(throws: AddressError.self, "Multiple '::' should fail: \(invalid)") { + _ = try IPv6Address.parse(invalid) + } + } + + @Test( + "RFC 4291 Section 2.2 - Case insensitivity", + arguments: [ + ("2001:db8::1", "2001:DB8::1", "2001:Db8::1"), + ("dead:beef::cafe", "DEAD:BEEF::CAFE", "DeAd:BeEf::CaFe"), + ("fe80::1", "FE80::1", "Fe80::1"), + ("abcd:ef01:2345:6789::1", "ABCD:EF01:2345:6789::1", "AbCd:Ef01:2345:6789::1"), + ] + ) + func testRFC4291Section22CaseInsensitivity(lower: String, upper: String, mixed: String) throws { + let lowerBytes = try IPv6Address.parse(lower).bytes + let upperBytes = try IPv6Address.parse(upper).bytes + let mixedBytes = try IPv6Address.parse(mixed).bytes + + #expect(lowerBytes == upperBytes, "Case should not matter: '\(lower)' vs '\(upper)'") + #expect(lowerBytes == mixedBytes, "Case should not matter: '\(lower)' vs '\(mixed)'") + } + + @Test("RFC 4291 Section 2.2 - Special addresses") + func testRFC4291Section22SpecialAddresses() throws { + // Unspecified address + let unspecified = try IPv6Address.parse("::") + #expect(unspecified.bytes.allSatisfy { $0 == 0 }, ":: should be all zeros") + + // Loopback address + let loopback = try IPv6Address.parse("::1") + let expectedLoopback: [UInt8] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1] + #expect(loopback.bytes == expectedLoopback, "::1 should be loopback address") + + // IPv4-compatible (deprecated but valid syntax) + let ipv4Compat = try IPv6Address.parse("::c000:0201") + let expectedCompat: [UInt8] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xc0, 0x00, 0x02, 0x01] + #expect(ipv4Compat.bytes == expectedCompat, "::c000:0201 should parse correctly") + } + + @Test( + "RFC 4291 Section 2.2 - Invalid formats should fail", + arguments: [ + "2001:db8", // Too few groups without :: + "2001:db8:1:2:3:4:5:6:7", // Too many groups + "2001:db8:1:2:3:4:5:6:7:8:9", // Too many groups + "2001:db8:::1", // Triple colon + "2001:db8::1::2", // Multiple :: + "gggg::1", // Invalid hex character + "2001:db8:xyz::1", // Invalid hex character + "::ffff:", // Trailing colon + ":2001:db8::1", // Leading single colon + "2001:db8::1:", // Trailing single colon + ] + ) + func testRFC4291Section22InvalidFormatsShouldFail(invalid: String) { + #expect(throws: AddressError.self, "Invalid format should fail: \(invalid)") { + _ = try IPv6Address.parse(invalid) + } + } + + @Test("RFC 4291 Section 2.2 - Maximum values") + func testRFC4291Section22MaximumValues() throws { + // All FFs - maximum value + let maxAddress = try IPv6Address.parse("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") + #expect(maxAddress.bytes.allSatisfy { $0 == 0xFF }, "All groups should be 0xFFFF") + + // Mix of max and min values + let mixedMax = try IPv6Address.parse("ffff:0:ffff:0:ffff:0:ffff:0") + let expectedMixed: [UInt8] = [0xff, 0xff, 0, 0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0, 0] + #expect(mixedMax.bytes == expectedMixed, "Should alternate between max and zero") + } + + @Test( + "RFC 4291 Section 2.2 - Single zero groups", + arguments: [ + ("2001:db8:0:1:2:3:4:5", "2001:db8:0:1:2:3:4:5"), // Single 0, no compression needed + ("2001:db8:0:0:1:2:3:4", "2001:db8::1:2:3:4"), // Two zeros can be compressed + ("0:0:0:0:0:0:0:1", "::1"), // All zeros except last + ] + ) + func testRFC4291Section22SingleZeroGroups(withZero: String, withCompression: String) throws { + let zeroBytes = try IPv6Address.parse(withZero).bytes + let compressedBytes = try IPv6Address.parse(withCompression).bytes + #expect(zeroBytes == compressedBytes, "'\(withZero)' should equal '\(withCompression)'") + } + + @Test("RFC 4291 Section 2.2 - Boundary conditions") + func testRFC4291Section22BoundaryConditions() throws { + // Single non-zero value in each position + for position in 0..<8 { + var groups = [String](repeating: "0", count: 8) + groups[position] = "1" + let address = groups.joined(separator: ":") + + #expect(throws: Never.self, "Single non-zero at position \(position) should parse") { + _ = try IPv6Address.parse(address) + } + } + + // Verify the bytes are correct + let firstPosition = try IPv6Address.parse("1:0:0:0:0:0:0:0") + #expect(firstPosition.bytes[0] == 0 && firstPosition.bytes[1] == 1, "First group should be 0x0001") + + let lastPosition = try IPv6Address.parse("0:0:0:0:0:0:0:1") + #expect(lastPosition.bytes[14] == 0 && lastPosition.bytes[15] == 1, "Last group should be 0x0001") + } + + @Test( + "RFC 4291 Section 2.2 - Hex digit limits", + arguments: [ + ("1:2:3:4:5:6:7:8", "1-digit groups"), + ("12:34:56:78:9a:bc:de:f0", "2-digit groups"), + ("123:456:789:abc:def:123:456:789", "3-digit groups"), + ("1234:5678:9abc:def0:1234:5678:9abc:def0", "4-digit groups"), + ("1:12:123:1234:1:12:123:1234", "Mixed digit counts"), + ] + ) + func testRFC4291Section22HexDigitLimits(address: String, description: String) throws { + #expect(throws: Never.self, "Should parse \(description): \(address)") { + _ = try IPv6Address.parse(address) + } + } + + @Test("RFC 4291 Section 2.2 - Equivalence of different representations") + func testRFC4291Section22EquivalenceOfRepresentations() throws { + let equivalentGroups: [[String]] = [ + // Same address, different representations + [ + "2001:0db8:0000:0000:0000:0000:0000:0001", + "2001:db8:0:0:0:0:0:1", + "2001:db8::1", + "2001:0DB8::1", + "2001:0DB8:0000:0000:0000:0000:0000:0001", + ], + [ + "fe80:0000:0000:0000:0000:0000:0000:0001", + "fe80::1", + "FE80::1", + "fe80:0:0:0:0:0:0:1", + ], + [ + "0000:0000:0000:0000:0000:0000:0000:0000", + "::", + "0:0:0:0:0:0:0:0", + ], + ] + + for group in equivalentGroups { + let bytesArray = try group.map { try IPv6Address.parse($0).bytes } + let firstBytes = bytesArray[0] + + for (index, bytes) in bytesArray.enumerated() { + #expect(bytes == firstBytes, "All forms should be equivalent: \(group[index])") + } + } + } + + @Test( + "RFC 4291 Section 2.2 - Zero compression selection (longest run)", + arguments: [ + ("2001:db8:0:0:1:0:0:1", "Two runs of 2 zeros each"), + ("2001:0:0:0:db8:0:0:1", "Run of 3 and run of 2"), + ("2001:db8:0:0:0:0:1:1", "Run of 4 zeros in middle"), + ] + ) + func testRFC4291Section22ZeroCompressionLongestRun(address: String, description: String) throws { + #expect(throws: Never.self, "Should parse \(description): \(address)") { + _ = try IPv6Address.parse(address) + } + } + + @Test( + "RFC 4291 Section 2.2 - Edge case with :: at different positions", + arguments: [ + ("::1", "0:0:0:0:0:0:0:1"), + ("1::", "1:0:0:0:0:0:0:0"), + ("1::1", "1:0:0:0:0:0:0:1"), + ("1:2::1", "1:2:0:0:0:0:0:1"), + ("1::2:3", "1:0:0:0:0:0:2:3"), + ("1:2:3::4:5:6", "1:2:3:0:0:4:5:6"), + ] + ) + func testRFC4291Section22DoubleColonAtDifferentPositions(compressed: String, expanded: String) throws { + let compressedBytes = try IPv6Address.parse(compressed).bytes + let expandedBytes = try IPv6Address.parse(expanded).bytes + #expect(compressedBytes == expandedBytes, "'\(compressed)' should equal '\(expanded)'") + } + + // MARK: - RFC 4291 Section 2.2 IPv4 Mixed Notation Tests + + @Test( + "RFC 4291 Section 2.2 - IPv4 mixed notation basic formats", + arguments: [ + // RFC 4291 examples + ("0:0:0:0:0:0:13.1.68.3", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 1, 68, 3]), + ("::13.1.68.3", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 1, 68, 3]), + + // IPv4-mapped IPv6 address (::ffff:x.x.x.x) + ("::ffff:129.144.52.38", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 129, 144, 52, 38]), + ("0:0:0:0:0:ffff:129.144.52.38", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 129, 144, 52, 38]), + + // IPv4-compatible IPv6 address (deprecated but valid syntax) + ("::192.168.1.1", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1]), + ("::0.0.0.1", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]), + + // Various valid positions + ("2001:db8::192.0.2.1", [0x20, 0x01, 0x0d, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 192, 0, 2, 1]), + ("fe80::192.168.1.1", [0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1]), + ] + ) + func testRFC4291Section22IPv4MixedNotation(address: String, expected: [UInt8]) throws { + let parsed = try IPv6Address.parse(address) + #expect(parsed.bytes == expected, "IPv4 mixed notation '\(address)' should parse correctly") + } + + @Test( + "RFC 4291 Section 2.2 - IPv4 mixed notation with full IPv6 prefix", + arguments: [ + ("0:0:0:0:0:0:192.168.1.1", [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1]), + ("2001:db8:0:0:0:0:192.0.2.1", [0x20, 0x01, 0x0d, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 192, 0, 2, 1]), + ("64:ff9b::192.0.2.33", [0, 0x64, 0xff, 0x9b, 0, 0, 0, 0, 0, 0, 0, 0, 192, 0, 2, 33]), + ] + ) + func testRFC4291Section22IPv4MixedNotationFullPrefix(address: String, expected: [UInt8]) throws { + let parsed = try IPv6Address.parse(address) + #expect(parsed.bytes == expected, "Full prefix with IPv4 '\(address)' should parse correctly") + } + + @Test("RFC 4291 Section 2.2 - IPv4 mixed notation edge cases") + func testRFC4291Section22IPv4MixedNotationEdgeCases() throws { + // Maximum values + let maxIPv4 = try IPv6Address.parse("::255.255.255.255") + let expectedMax: [UInt8] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255] + #expect(maxIPv4.bytes == expectedMax, "Maximum IPv4 values should work") + + // Minimum values + let minIPv4 = try IPv6Address.parse("::0.0.0.0") + let expectedMin: [UInt8] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] + #expect(minIPv4.bytes == expectedMin, "Minimum IPv4 values should work") + + // With non-zero prefix + let withPrefix = try IPv6Address.parse("2001:db8:85a3::8a2e:255.255.255.255") + let expectedPrefix: [UInt8] = [0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0, 0, 0, 0, 0x8a, 0x2e, 255, 255, 255, 255] + #expect(withPrefix.bytes == expectedPrefix, "IPv4 with hex prefix should work") + } + + @Test( + "RFC 4291 Section 2.2 - IPv4 mixed notation invalid formats", + arguments: [ + "::192.168.1", // Incomplete IPv4 + "::192.168.1.1.1", // Too many IPv4 octets + "::256.1.1.1", // IPv4 octet out of range + "::192.168.001.1", // Leading zeros in IPv4 + "::192.168.-1.1", // Negative in IPv4 + "::192.168.1.a", // Non-numeric in IPv4 + "2001:db8:1:2:3:4:5:192.168.1.1", // Too many hex groups before IPv4 + "::192.168.1.1:1234", // Extra hex after IPv4 + ] + ) + func testRFC4291Section22IPv4MixedNotationInvalid(invalid: String) { + #expect(throws: AddressError.self, "Invalid IPv4 mixed notation should fail: \(invalid)") { + _ = try IPv6Address.parse(invalid) + } + } + + @Test("RFC 4291 Section 2.2 - IPv4 mixed notation equivalence") + func testRFC4291Section22IPv4MixedNotationEquivalence() throws { + // These should all represent the same address + let equivalentForms = [ + "0:0:0:0:0:0:192.0.2.1", + "::192.0.2.1", + "::c000:201", // Same as 192.0.2.1 in hex + ] + + let bytesArray = try equivalentForms.map { try IPv6Address.parse($0).bytes } + let firstBytes = bytesArray[0] + + for (index, bytes) in bytesArray.enumerated() { + #expect(bytes == firstBytes, "All forms should be equivalent: \(equivalentForms[index])") + } + } + + @Test( + "RFC 4291 Section 2.2 - IPv4-mapped IPv6 addresses", + arguments: [ + ("127.0.0.1", "::ffff:127.0.0.1"), + ("192.168.1.1", "::ffff:192.168.1.1"), + ("8.8.8.8", "::ffff:8.8.8.8"), + ("0.0.0.0", "::ffff:0.0.0.0"), + ("255.255.255.255", "::ffff:255.255.255.255"), + ] + ) + func testRFC4291Section22IPv4MappedAddresses(ipv4: String, ipv6: String) throws { + let parsed = try IPv6Address.parse(ipv6) + + // First 10 bytes should be 0 + #expect(parsed.bytes[0..<10].allSatisfy { $0 == 0 }, "First 10 bytes should be zero") + + // Next 2 bytes should be 0xff + #expect(parsed.bytes[10] == 0xff && parsed.bytes[11] == 0xff, "Bytes 10-11 should be 0xffff") + + // Last 4 bytes should match IPv4 address + let ipv4Parsed = try IPv4Address.parse(ipv4) + let ipv4Bytes = [ + UInt8((ipv4Parsed >> 24) & 0xFF), + UInt8((ipv4Parsed >> 16) & 0xFF), + UInt8((ipv4Parsed >> 8) & 0xFF), + UInt8(ipv4Parsed & 0xFF), + ] + #expect(Array(parsed.bytes[12..<16]) == ipv4Bytes, "Last 4 bytes should match IPv4") + } + + @Test( + "RFC 4291 Section 2.2 - IPv4 mixed notation with zone identifier", + arguments: [ + "::ffff:192.168.1.1%eth0", + "fe80::192.168.1.1%lo0", + ] + ) + func testRFC4291Section22IPv4MixedNotationWithZone(testCase: String) throws { + #expect(throws: Never.self, "IPv4 mixed notation with zone should parse: \(testCase)") { + let parsed = try IPv6Address.parse(testCase) + #expect(parsed.zone != nil, "Zone should be preserved") + } + } +} + +// MARK: - Array Extension for Prefix Validation + +extension Array where Element == UInt8 { + /// Checks if this byte array has another array as a prefix up to the specified number of bits + /// - Parameters: + /// - prefix: The potential prefix array + /// - bits: Number of bits to compare (0-128 for IPv6) + /// - Returns: true if the prefix matches for the specified number of bits + func hasPrefix(_ prefix: [UInt8], upToBits bits: Int) -> Bool { + guard self.count >= 16 && prefix.count >= 16 else { return false } + guard bits >= 0 && bits <= 128 else { return false } + + let fullBytes = bits / 8 + let remainingBits = bits % 8 + + // Compare full bytes + for i in 0.. 0 && fullBytes < 16 { + let shiftAmount = 8 - remainingBits + let mask: UInt8 = shiftAmount >= 8 ? 0 : (0xFF << shiftAmount) + return (self[fullBytes] & mask) == (prefix[fullBytes] & mask) + } + + return true + } +} diff --git a/Tests/ContainerizationExtrasTests/TestIPv6Address.swift b/Tests/ContainerizationExtrasTests/TestIPv6Address.swift new file mode 100644 index 0000000..3535812 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestIPv6Address.swift @@ -0,0 +1,274 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +@Suite("IPv6 Address Tests") +struct IPv6AddressTests { + + // MARK: - String Representation Tests (RFC 5952) + + @Test( + "IPv6 address string representation - RFC 5952", + arguments: [ + // Zero compression algorithm tests + ("0:0:0:0:0:0:0:0", "::", "all zeros - unspecified address"), + ("0:0:0:0:0:0:0:1", "::1", "leading zeros - loopback"), + ("2001:0db8:0:0:0:0:0:0", "2001:db8::", "trailing zeros"), + ("2001:0:0:0:0:0:0db8:1", "2001::db8:1", "middle zeros - longest run"), + ("2001:0:0:0:0:0db8:0:1", "2001::db8:0:1", "multiple runs - prefer longest"), + ("2001:0:0db8:0:1:0:0:2", "2001:0:db8:0:1::2", "tie-breaking - first occurrence wins"), + ("2001:0:0db8:1:2:3:4:5", "2001:0:db8:1:2:3:4:5", "single zero - no compression (min 2 required)"), + ("2001:0db8:0:0:1:2:3:4", "2001:db8::1:2:3:4", "exactly 2 zeros - minimum for compression"), + ("0:0:0:0:1234:0:0:0", "::1234:0:0:0", "tie-breaking - first run wins (4 vs 3 zeros)"), + + // RFC 5952 formatting rules + ( + "ABCD:EF01:2345:6789:9ABC:DEF0:1122:3344", "abcd:ef01:2345:6789:9abc:def0:1122:3344", + "lowercase hex (Section 4.3)" + ), + ("0001:0002:0003:0004:0005:0006:0007:0008", "1:2:3:4:5:6:7:8", "no leading zeros (Section 4.1)"), + + // Edge cases + ("2001:a:a:a:0:0db8:0:1", "2001:a:a:a:0:db8:0:1", "only single zeros scattered - no compression"), + ] + ) + func testIPv6StringRepresentation(input: String, expected: String, description: String) throws { + let addr = try IPv6Address.parse(input) + #expect( + addr.description == expected, + "Expected '\(expected)' but got '\(addr.description)' for input: '\(input)' (\(description))" + ) + } + + // MARK: - isUnspecified Tests + + @Test( + "isUnspecified - RFC 4291 Section 2.5.2", + arguments: [ + ("::", true, "unspecified address (short form)"), + ("0:0:0:0:0:0:0:0", true, "unspecified address (full form)"), + (IPv6Address.unspecified.description, true, "unspecified"), + ("::1", false, "loopback"), + ("0:0:0:0:0:0:0:1", false, "loopback (full form)"), + ("fe80::1", false, "link-local"), + ("2001:db8::1", false, "global unicast"), + ] + ) + func testIsUnspecified(address: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(address) + #expect( + addr.isUnspecified == expected, + "Address \(address) (\(description)) should\(expected ? "" : " not") be unspecified" + ) + } + + // MARK: - isLoopback Tests + + @Test( + "isLoopback - RFC 4291 Section 2.5.3", + arguments: [ + ("::1", true, "loopback (short form)"), + ("0:0:0:0:0:0:0:1", true, "loopback (full form)"), + (IPv6Address.loopback.description, true, "loopback var"), + ("::", false, "unspecified"), + ("::2", false, "not loopback"), + ("0:0:0:0:0:0:0:2", false, "not loopback (full form)"), + ("fe80::1", false, "link-local"), + ("2001:db8::1", false, "global unicast"), + ] + ) + func testIsLoopback(addressString: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(addressString) + #expect( + addr.isLoopback == expected, + "Address \(addressString) (\(description)) should\(expected ? "" : " not") be loopback" + ) + } + + // MARK: - isMulticast Tests + + @Test( + "isMulticast - RFC 4291 Section 2.7", + arguments: [ + // Positive cases - all multicast addresses start with ff + ("ff00::1", true, "Reserved multicast"), + ("ff01::1", true, "Interface-local multicast"), + ("ff02::1", true, "Link-local multicast (all nodes)"), + ("ff02::2", true, "Link-local multicast (all routers)"), + ("ff05::1", true, "Site-local multicast"), + ("ff0e::1", true, "Global multicast"), + ("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true, "Max multicast"), + // Negative cases + ("::", false, "unspecified"), + ("::1", false, "loopback"), + ("fe80::1", false, "link-local unicast"), + ("2001:db8::1", false, "global unicast"), + ("fd00::1", false, "unique local"), + ] + ) + func testIsMulticast(addressString: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(addressString) + #expect( + addr.isMulticast == expected, + "Address \(addressString) (\(description)) should\(expected ? "" : " not") be multicast" + ) + } + + // MARK: - isLinkLocal Tests + + @Test( + "isLinkLocal - RFC 4291 Section 2.5.6", + arguments: [ + // Positive cases - fe80::/10 + ("fe80::1", true, "basic link-local"), + ("fe80::dead:beef", true, "link-local with hex"), + ("fe80:0:0:0:0:0:0:1", true, "link-local (full form)"), + ("fe80::1234:5678:90ab:cdef", true, "link-local with interface ID"), + ("febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true, "Last address in fe80::/10"), + // Negative cases + ("::", false, "unspecified"), + ("::1", false, "loopback"), + ("fec0::1", false, "site-local (deprecated)"), + ("ff02::1", false, "multicast"), + ("2001:db8::1", false, "global unicast"), + ("fd00::1", false, "unique local"), + ] + ) + func testIsLinkLocal(addressString: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(addressString) + #expect( + addr.isLinkLocal == expected, + "Address \(addressString) (\(description)) should\(expected ? "" : " not") be link-local" + ) + } + + // MARK: - isUniqueLocal Tests + + @Test( + "isUniqueLocal - RFC 4193", + arguments: [ + // Positive cases - fc00::/7 (fc00::/8 and fd00::/8) + ("fc00::1", true, "fc00 unique local"), + ("fc00:dead:beef::1", true, "fc00 with hex"), + ("fd00::1", true, "fd00 unique local"), + ("fd12:3456:789a::1", true, "fd00 with prefix"), + ("fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true, "max unique local"), + // Negative cases + ("::", false, "unspecified"), + ("::1", false, "loopback"), + ("fe80::1", false, "link-local"), + ("ff02::1", false, "multicast"), + ("2001:db8::1", false, "global unicast"), + ] + ) + func testIsUniqueLocal(addressString: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(addressString) + #expect( + addr.isUniqueLocal == expected, + "Address \(addressString) (\(description)) should\(expected ? "" : " not") be unique local" + ) + } + + // MARK: - isGlobalUnicast Tests + + @Test( + "isGlobalUnicast - RFC 4291 Section 2.5.4", + arguments: [ + // Positive cases - routable on the global internet + ("2001:db8::1", true, "Documentation (but still global unicast format)"), + ("2001:4860:4860::8888", true, "Google DNS"), + ("2606:4700:4700::1111", true, "Cloudflare DNS"), + ("2001:500::1", true, "Root DNS server"), + ("2a00:1450:4001::1", true, "Google"), + // Negative cases - special addresses + ("::", false, "unspecified"), + ("::1", false, "loopback"), + ("fe80::1", false, "link-local"), + ("ff02::1", false, "multicast"), + ("fc00::1", false, "unique local"), + ("fd00::1", false, "unique local"), + ] + ) + func testIsGlobalUnicast(addressString: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(addressString) + #expect( + addr.isGlobalUnicast == expected, + "Address \(addressString) (\(description)) should\(expected ? "" : " not") be global unicast" + ) + } + + // MARK: - isDocumentation Tests + + @Test( + "isDocumentation - RFC 3849", + arguments: [ + // Positive cases - 2001:db8::/32 + ("2001:db8::1", true, "basic documentation address"), + ("2001:db8::", true, "documentation prefix"), + ("2001:db8:0:0:0:0:0:1", true, "documentation (full form)"), + ("2001:db8:1234:5678:90ab:cdef:1234:5678", true, "documentation with all fields"), + ("2001:db8:ffff:ffff:ffff:ffff:ffff:ffff", true, "max documentation address"), + // Negative cases + ("2001:db7::1", false, "Just before documentation range"), + ("2001:db9::1", false, "Just after documentation range"), + ("2001:4860:4860::8888", false, "Google DNS"), + ("::", false, "unspecified"), + ("::1", false, "loopback"), + ] + ) + func testIsDocumentation(addressString: String, expected: Bool, description: String) throws { + let addr = try IPv6Address.parse(addressString) + #expect( + addr.isDocumentation == expected, + "Address \(addressString) (\(description)) should\(expected ? "" : " not") be documentation" + ) + } + + @Test( + "Codable encodes to string representation", + arguments: [ + ("::1", "::1"), + ("2001:db8::1", "2001:db8::1"), + ("::", "::"), + ("fe80::1", "fe80::1"), + ] + ) + func testCodableEncode(input: String, expected: String) throws { + let original = try IPv6Address(input) + let encoded = try JSONEncoder().encode(original) + #expect(String(data: encoded, encoding: .utf8) == "\"\(expected)\"") + } + + @Test( + "Codable decodes from string representation", + arguments: [ + "::1", + "2001:db8::1", + "::", + "fe80::1", + ] + ) + func testCodableDecode(address: String) throws { + let json = Data("\"\(address)\"".utf8) + let decoded = try JSONDecoder().decode(IPv6Address.self, from: json) + let expected = try IPv6Address(address) + #expect(decoded == expected) + } +} diff --git a/Tests/ContainerizationExtrasTests/TestIPv6IPv4Parsing.swift b/Tests/ContainerizationExtrasTests/TestIPv6IPv4Parsing.swift new file mode 100644 index 0000000..15031a2 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestIPv6IPv4Parsing.swift @@ -0,0 +1,131 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +@Suite("IPv6 Mixed IPv4 Notation Tests") +struct IPv6IPv4ParsingTests { + + @Test( + "Extract IPv4 suffix from various IPv6 formats", + arguments: [ + ("::192.168.1.1", "::", [UInt8(192), UInt8(168), UInt8(1), UInt8(1)]), + ("::ffff:192.0.2.1", "::ffff", [UInt8(192), UInt8(0), UInt8(2), UInt8(1)]), + ("fe80::192.168.1.1", "fe80::", [UInt8(192), UInt8(168), UInt8(1), UInt8(1)]), + ("2001:db8::192.0.2.1", "2001:db8::", [UInt8(192), UInt8(0), UInt8(2), UInt8(1)]), + ("0:0:0:0:0:0:192.168.1.1", "0:0:0:0:0:0", [UInt8(192), UInt8(168), UInt8(1), UInt8(1)]), + ] + ) + func testIPv4SuffixExtraction(input: String, expectedIPv6: String, expectedIPv4: [UInt8]) throws { + let result = try #require(try IPv6Address.extractIPv4Suffix(from: input)) + #expect(result.0 == expectedIPv6) + #expect(result.1 == expectedIPv4) + } + + @Test( + "No IPv4 suffix for pure IPv6 addresses", + arguments: [ + "2001:db8::1", + "fe80::1", + "::", + "::1", + ] + ) + func testPureIPv6ReturnsNil(address: String) throws { + #expect(try IPv6Address.extractIPv4Suffix(from: address) == nil) + } + + @Test( + "Invalid IPv4 suffix throws error", + arguments: [ + "::256.1.1.1", + "::192.168.1", + "::192.168.001.1", + ] + ) + func testInvalidIPv4Throws(invalid: String) { + #expect(throws: AddressError.self) { + _ = try IPv6Address.extractIPv4Suffix(from: invalid) + } + } + + @Test( + "IPv4 bytes always at positions 12-15", + arguments: [ + "::192.168.1.1", + "::ffff:127.0.0.1", + "fe80::10.0.0.1", + ] + ) + func testIPv4BytePlacement(address: String) throws { + let parsed = try IPv6Address.parse(address) + let ipv4String = String(address.split(separator: ":").last!) + let ipv4 = try IPv4Address.parse(ipv4String) + + #expect(parsed.bytes[12] == UInt8((ipv4 >> 24) & 0xFF)) + #expect(parsed.bytes[13] == UInt8((ipv4 >> 16) & 0xFF)) + #expect(parsed.bytes[14] == UInt8((ipv4 >> 8) & 0xFF)) + #expect(parsed.bytes[15] == UInt8(ipv4 & 0xFF)) + } + + @Test( + "Unspecified address with IPv4 suffix", + arguments: [ + ("::192.168.1.1", [UInt8(192), UInt8(168), UInt8(1), UInt8(1)]), + ("::0.0.0.1", [UInt8(0), UInt8(0), UInt8(0), UInt8(1)]), + ("::255.255.255.255", [UInt8(255), UInt8(255), UInt8(255), UInt8(255)]), + ] + ) + func testUnspecifiedWithIPv4(address: String, ipv4: [UInt8]) throws { + let parsed = try IPv6Address.parse(address) + #expect(parsed.bytes[0..<12].allSatisfy { $0 == 0 }) + #expect(Array(parsed.bytes[12..<16]) == ipv4) + } + + @Test("IPv4 with zone identifier") + func testIPv4WithZone() throws { + let parsed = try IPv6Address.parse("::192.168.1.1%lo0") + + #expect(parsed.zone == "lo0") + #expect(Array(parsed.bytes[12..<16]) == [192, 168, 1, 1]) + } + + @Test( + "IPv4-mapped addresses (::ffff:x.x.x.x)", + arguments: [ + "::ffff:127.0.0.1", + "::ffff:192.168.1.1", + ] + ) + func testIPv4MappedAddresses(address: String) throws { + let parsed = try IPv6Address.parse(address) + + #expect(parsed.bytes[0..<10].allSatisfy { $0 == 0 }) + #expect(parsed.bytes[10] == 0xff && parsed.bytes[11] == 0xff) + } + + @Test("Complex ellipsis with IPv4") + func testComplexEllipsisWithIPv4() throws { + let address = "2001:db8:85a3::8a2e:192.168.1.1" + let parsed = try IPv6Address.parse(address) + + #expect(parsed.bytes[10] == 0x8a && parsed.bytes[11] == 0x2e) + #expect(Array(parsed.bytes[12..<16]) == [192, 168, 1, 1]) + } +} diff --git a/Tests/ContainerizationExtrasTests/TestMACAddress.swift b/Tests/ContainerizationExtrasTests/TestMACAddress.swift new file mode 100644 index 0000000..e8e99d7 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestMACAddress.swift @@ -0,0 +1,405 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +@Suite("MACAddress Tests") +struct MACAddressTests { + + // MARK: - Initializer Tests + + @Suite("Initializers") + struct InitializerTests { + + @Test( + "UInt64 initializer - valid addresses", + arguments: [ + //(0x0123_4567_89ab, "01:23:45:67:89:ab"), // a valid address + //(0x0000_0000_0000, "00:00:00:00:00:00"), // zero address + //(0xFFFF_FFFF_FFFF, "ff:ff:ff:ff:ff:ff"), // max address + (0xffff_0123_4567_89ab, "01:23:45:67:89:ab") // drops the most significant 16 bits + ] + ) + func testUInt64InitializerValid(inputValue: UInt64, description: String) { + let address = MACAddress(inputValue) + #expect(address.value == inputValue & 0x0000_ffff_ffff_ffff) + } + + @Test( + "String initializer - valid addresses", + arguments: [ + ("01:23:45:67:89:ab", 0x0123_4567_89ab), // colon separators + ("01-23-45-67-89-ab", 0x0123_4567_89ab), // dash separators + ("ab:cd:ef:AB:CD:EF", 0xabcd_efab_cdef), // mixed case + ("00:00:00:00:00:00", 0x0000_0000_0000), // zero address + ("ff:ff:ff:ff:ff:ff", 0xffff_ffff_ffff), // max address + ] + ) + func testStringInitializerValid(addressString: String, expectedValue: UInt64) throws { + let address = try MACAddress(addressString) + #expect(address.value == expectedValue) + } + + @Test( + "String initializer - invalid addresses", + arguments: [ + "", // empty string + "01:23:45:67:89", // too few octets + "01:23:45:67:89:ab:cd", // too many octets + "01:23:45:67:89:", // empty octet + ":23:45:67:89:ab", // empty octet + "01::45:67:89:ab", // empty octet + "01:23:45:67:89:a", // short octet + "1:23:45:67:89:ab", // short octet + "01:2:45:67:89:ab", // short octet + "01:23:45:67:89:abc", // long octet + "012:23:45:67:89:ab", // long octet + "01:234:45:67:89:ab", // long octet + "01:23:45:67:89:@G", // invalid content 0x40, 0x47 + "`g:23:45:67:89:ab", // invalid content 0x60, 0x67 + "01:hi:45:67:89:ab", // invalid content + " 01:23:45:67:89:ab", // leading whitespace + "01:23:45:67:89:ab ", // trailing whitespace + "01: 23:45:67:89:ab", // internal whitespace + ] + ) + func testStringInitializerInvalid(invalidAddress: String) { + #expect(throws: AddressError.self) { + try MACAddress(invalidAddress) + } + } + } + + // MARK: - Property Tests + + @Suite("Properties") + struct PropertyTests { + + @Test( + "bytes property", + arguments: [ + ( + UInt64(0x0123_4567_89ab), + [UInt8(0x01), UInt8(0x23), UInt8(0x45), UInt8(0x67), UInt8(0x89), UInt8(0xab)] + ), + ( + UInt64(0x0000_0000_0000), + [UInt8(0x00), UInt8(0x00), UInt8(0x00), UInt8(0x00), UInt8(0x00), UInt8(0x00)] + ), + ( + UInt64(0xffff_ffff_ffff), + [UInt8(0xff), UInt8(0xff), UInt8(0xff), UInt8(0xff), UInt8(0xff), UInt8(0xff)] + ), + ( + UInt64(0xffff_0123_4567_89ab), + [UInt8(0x01), UInt8(0x23), UInt8(0x45), UInt8(0x67), UInt8(0x89), UInt8(0xab)] + ), + ] + ) + func testBytesProperty(inputValue: UInt64, expectedBytes: [UInt8]) { + let address = MACAddress(inputValue) + #expect(address.bytes == expectedBytes) + } + + @Test( + "description property", + arguments: [ + (0x0123_4567_89ab, "01:23:45:67:89:ab"), + (0x0000_0000_0000, "00:00:00:00:00:00"), + (0xffff_ffff_ffff, "ff:ff:ff:ff:ff:ff"), + (0xffff_0123_4567_89ab, "01:23:45:67:89:ab"), + ] + ) + func testDescriptionProperty(inputValue: UInt64, expectedDescription: String) { + let address = MACAddress(inputValue) + #expect(address.description == expectedDescription) + } + + @Test( + "isLocallyAdministered property", + arguments: [ + (0x0000_1234_5678, false), + (0x0200_1234_5678, true), + ] + ) + func testIsLocallyAdministeredProperty(inputValue: UInt64, expectedValue: Bool) { + let address = MACAddress(inputValue) + #expect(address.isLocallyAdministered == expectedValue) + } + + @Test( + "isMulticast property", + arguments: [ + (0x0000_1234_5678, false), + (0x0100_1234_5678, true), + ] + ) + func testIsMulticastProperty(inputValue: UInt64, expectedValue: Bool) { + let address = MACAddress(inputValue) + #expect(address.isMulticast == expectedValue) + } + + @Test( + "round-trip string conversion", + arguments: [ + "01:23:45:67:89:ab", + "00:00:00:00:00:00", + "ff:ff:ff:ff:ff:ff", + "01-23-45-67-89-AB", + ] + ) + func testRoundTripStringConversion(addressString: String) throws { + let address = try MACAddress(addressString) + #expect(address.description == addressString.lowercased().replacingOccurrences(of: "-", with: ":")) + } + } + + // MARK: - Link Local Address Tests + + @Suite("Link Local Addresses") + struct LinkLocalAddressTests { + + @Test( + "Link local address", + arguments: [ + (0x39a7_9407_cbd0, 0xfd97_7b15_d62e_75ac_3ba7_94ff_fe07_cbd0), + (0x5e3b_68d7_e510, 0xfd97_7b15_d62e_75ac_5c3b_68ff_fed7_e510), + ] + ) + func testLinkLocalAddress(mac: UInt64, ipv6: UInt128) throws { + let mac = MACAddress(mac) + let ipv6Prefix = IPv6Address(ipv6 & 0xffff_ffff_ffff_ffff_0000_0000_0000_0000) + let ipv6Address = try mac.ipv6Address(network: ipv6Prefix) + #expect(ipv6Address == IPv6Address(ipv6)) + } + } + + // MARK: - Protocol Conformance Tests + + @Suite("Protocol Conformances") + struct ProtocolConformanceTests { + + @Test("Equatable conformance") + func testEquatableConformance() { + let addr1 = MACAddress(0x0123_4567_89ab) + let addr2 = MACAddress(0x0123_4567_89ab) + let addr3 = MACAddress(0x0123_4567_89ac) + + #expect(addr1 == addr2) + #expect(addr1 != addr3) + #expect(addr2 != addr3) + } + + @Test("Hashable conformance") + func testHashableConformance() { + let addr1 = MACAddress(0x0123_4567_89ab) + let addr2 = MACAddress(0x0123_4567_89ab) + let addr3 = MACAddress(0x0123_4567_89ac) + + // Equal objects should have equal hash values + #expect(addr1.hashValue == addr2.hashValue) + + // Different objects should ideally have different hash values + // (though this is not guaranteed, it's very likely for these values) + #expect(addr1.hashValue != addr3.hashValue) + + // Test that addresses can be used in Sets and Dictionaries + let addressSet: Set = [addr1, addr2, addr3] + #expect(addressSet.count == 2) // addr1 and addr2 are equal + + let addressDict = [addr1: "localhost", addr3: "private"] + #expect(addressDict[addr2] == "localhost") // addr2 equals addr1 + } + + @Test("CustomStringConvertible conformance") + func testCustomStringConvertibleConformance() { + let address = MACAddress(0x0123_4567_89ab) + let stringRepresentation = String(describing: address) + #expect(stringRepresentation == "01:23:45:67:89:ab") + } + + @Test("Sendable conformance") + func testSendableConformance() { + // This test verifies that MACAddress can be safely passed across concurrency boundaries + let address = MACAddress(0x0123_4567_89ab) + + Task { + let taskAddress = address + #expect(taskAddress.value == 0x0123_4567_89ab) + } + } + } + + // MARK: - Performance Tests + + @Suite("Performance") + struct PerformanceTests { + + @Test("parsing performance") + func testParsingPerformance() throws { + let testAddresses = [ + "01:23:45:67:89:ab", + "01-23-45-67-89-ab", + "01-23-45-67-89-a", + "01-23-45-67-89-abc", + ] + + // Warm up + for _ in 0..<100 { + for address in testAddresses { + _ = try? MACAddress(address) + } + } + + // Measure performance + let iterations = 10000 + let startTime = Date() + + for _ in 0.. String + let addressFromUInt32 = MACAddress(expectedValue) + #expect(addressFromUInt32.description == expectedString) + + // Test String -> UInt32 + let addressFromString = try MACAddress(expectedString) + #expect(addressFromString.value == expectedValue) + + // Test equality + #expect(addressFromUInt32 == addressFromString) + } + + @Test( + "error message consistency", + arguments: [ + "", + "hi:00:00:00:00:00", + "01:23:45:67:89", + "01:23:45:67:89:ab:cd", + "001:23:45:67:89:ab:cd", + " 01:23:45:67:89:ab:cd", + "01:23:45:67:89:ab:cd ", + ] + ) + func testErrorMessageConsistency(invalidInput: String) { + do { + _ = try MACAddress(invalidInput) + #expect(Bool(false), "Should have thrown for input: \(invalidInput)") + } catch let error as AddressError { + #expect(error == AddressError.unableToParse) + } catch { + #expect(Bool(false), "Should have thrown AddressError, got: \(error)") + } + } + + @Test( + "Codable encodes to string representation", + arguments: [ + "01:23:45:67:89:ab", + "00:00:00:00:00:00", + "ff:ff:ff:ff:ff:ff", + ] + ) + func testCodableEncode(address: String) throws { + let original = try MACAddress(address) + let encoded = try JSONEncoder().encode(original) + #expect(String(data: encoded, encoding: .utf8) == "\"\(address)\"") + } + + @Test( + "Codable decodes from string representation", + arguments: [ + "01:23:45:67:89:ab", + "00:00:00:00:00:00", + "ff:ff:ff:ff:ff:ff", + ] + ) + func testCodableDecode(address: String) throws { + let json = Data("\"\(address)\"".utf8) + let decoded = try JSONDecoder().decode(MACAddress.self, from: json) + let expected = try MACAddress(address) + #expect(decoded == expected) + } + } +} diff --git a/Tests/ContainerizationExtrasTests/TestNetworkAddress+Allocator.swift b/Tests/ContainerizationExtrasTests/TestNetworkAddress+Allocator.swift new file mode 100644 index 0000000..193ca10 --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestNetworkAddress+Allocator.swift @@ -0,0 +1,248 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationExtras +import Testing + +@testable import ContainerizationExtras + +final class TestAddressAllocators { + @Test + func testIPv4AddressAllocatorZeroSize() throws { + _ = try IPv4Address.allocator(lower: 0xffff_ffff, size: 1) + do { + _ = try IPv4Address.allocator(lower: 0xffff_ffff, size: 0) + #expect(Bool(false), "Expected AllocatorError.rangeExceeded to be thrown") + } catch { + #expect(error as? AllocatorError == .rangeExceeded, "Unexpected error thrown: \(error)") + } + } + + @Test + func testIPv4AddressAllocatorOverflow() throws { + _ = try IPv4Address.allocator(lower: 0xffff_ff00, size: 256) + do { + _ = try IPv4Address.allocator(lower: 0xffff_ff00, size: 257) + #expect(Bool(false), "Expected AllocatorError.rangeExceeded to be thrown") + } catch { + #expect(error as? AllocatorError == .rangeExceeded, "Unexpected error thrown: \(error)") + } + } + + @Test + func testUInt16AllocatorOverflow() throws { + _ = try UInt16.allocator(lower: 0xfff0, size: 16) + do { + _ = try UInt16.allocator(lower: 0xfff0, size: 17) + #expect(Bool(false), "Expected AllocatorError.rangeExceeded to be thrown") + } catch { + #expect(error as? AllocatorError == .rangeExceeded, "Unexpected error thrown: \(error)") + } + } + + @Test + func testUInt32AllocatorOverflow() throws { + _ = try UInt32.allocator(lower: 0xffff_fff0, size: 16) + do { + _ = try UInt32.allocator(lower: 0xffff_fff0, size: 17) + #expect(Bool(false), "Expected AllocatorError.rangeExceeded to be thrown") + } catch { + #expect(error as? AllocatorError == .rangeExceeded, "Unexpected error thrown: \(error)") + } + } + + @Test + func testFreeUnallocated() throws { + let allocator = try IPv4Address.allocator( + lower: 0xc0a8_4000, size: 256) + do { + _ = try allocator.release(IPv4Address("192.168.64.2")) + #expect(Bool(false), "Expected AllocatorError.notAllocated to be thrown") + } catch { + #expect(error as? AllocatorError == .notAllocated("192.168.64.2"), "Unexpected error thrown: \(error)") + } + } + + @Test + func testChoose() throws { + let allocator = try IPv4Address.allocator( + lower: 0xc0a8_4000, size: 2) + try allocator.reserve(IPv4Address("192.168.64.1")) + do { + _ = try allocator.reserve(IPv4Address("192.168.64.1")) + #expect(Bool(false), "Expected AllocatorError.alreadyAllocated to be thrown") + } catch { + #expect(error as? AllocatorError == .alreadyAllocated("192.168.64.1"), "Unexpected error thrown: \(error)") + } + } + + @Test + func testipv4AddressAllocator() throws { + var allocations = Set() + let lower = try IPv4Address("192.168.64.1").value & Prefix(length: 24)!.prefixMask32 + let allocator = try IPv4Address.allocator( + lower: lower, size: 3) + allocations.insert(try allocator.allocate().value) + allocations.insert(try allocator.allocate().value) + allocations.insert(try allocator.allocate().value) + do { + _ = try allocator.allocate() + #expect(Bool(false), "Expected AllocatorError.allocatorFull to be thrown") + } catch { + #expect(error as? AllocatorError == .allocatorFull, "Unexpected error thrown: \(error)") + } + + let address = try IPv4Address("192.168.64.2") + try allocator.release(address) + + let value = try allocator.allocate() + #expect(value == address) + } + + @Test + func testHighestIPv4AddressAllocator() throws { + var allocations = Set() + let lower = try IPv4Address("255.255.255.255").value & Prefix(length: 32)!.prefixMask32 + let allocator = try IPv4Address.allocator( + lower: lower, size: 1) + allocations.insert(try allocator.allocate().value) + do { + _ = try allocator.allocate() + #expect(Bool(false), "Expected AllocatorError.allocatorFull to be thrown") + } catch { + #expect(error as? AllocatorError == .allocatorFull, "Unexpected error thrown: \(error)") + } + + let address = try IPv4Address("255.255.255.255") + try allocator.release(address) + let value = try allocator.allocate() + #expect(value == address) + } + + @Test + func testLargestIPv4AddressAllocator() throws { + // NOTE: This allocator should consume about 16MB + _ = try IPv4Address.allocator(lower: 0, size: 1 << 32) + } + + @Test + func testUInt16PortAllocator() throws { + var allocations = Set() + let lower = UInt16(1024) + let allocator = try UInt16.allocator(lower: lower, size: 3) + allocations.insert(try allocator.allocate()) + allocations.insert(try allocator.allocate()) + allocations.insert(try allocator.allocate()) + do { + _ = try allocator.allocate() + #expect(Bool(false), "Expected AllocatorError.allocatorFull to be thrown") + } catch { + #expect(error as? AllocatorError == .allocatorFull, "Unexpected error thrown: \(error)") + } + + let address = UInt16(1025) + try allocator.release(address) + let value = try allocator.allocate() + #expect(value == address) + } + + @Test + func testUInt32PortAllocator() throws { + var allocations = Set() + let lower = UInt32(5000) + let allocator = try UInt32.allocator(lower: lower, size: 3) + allocations.insert(try allocator.allocate()) + allocations.insert(try allocator.allocate()) + allocations.insert(try allocator.allocate()) + do { + _ = try allocator.allocate() + #expect(Bool(false), "Expected AllocatorError.allocatorFull to be thrown") + } catch { + #expect(error as? AllocatorError == .allocatorFull, "Unexpected error thrown: \(error)") + } + + let address = UInt32(5001) + try allocator.release(address) + let value = try allocator.allocate() + #expect(value == address) + } + + @Test + func testRotatingUInt32PortAllocator() throws { + var allocations = Set() + let lower = UInt32(5000) + let allocator = try UInt32.rotatingAllocator(lower: lower, size: 3) + allocations.insert(try allocator.allocate()) + allocations.insert(try allocator.allocate()) + allocations.insert(try allocator.allocate()) + do { + _ = try allocator.allocate() + #expect(Bool(false), "Expected AllocatorError.allocatorFull to be thrown") + } catch { + #expect(error as? AllocatorError == .allocatorFull, "Unexpected error thrown: \(error)") + } + + let address = UInt32(5001) + try allocator.release(address) + let value = try allocator.allocate() + #expect(value == address) + } + + @Test + func testRotatingFIFOUInt32PortAllocator() throws { + let lower = UInt32(5000) + let allocator = try UInt32.rotatingAllocator(lower: lower, size: 3) + let first = try allocator.allocate() + #expect(first == 5000) + let second = try allocator.allocate() + #expect(second == 5001) + + try allocator.release(first) + let third = try allocator.allocate() + // even after a release, it should continue to allocate in the range + // before reusing a previous allocation on the stack. + #expect(third == 5002) + + // now the next allocation should be our first port + let reused = try allocator.allocate() + #expect(reused == first) + + try allocator.release(third) + let thirdReused = try allocator.allocate() + #expect(thirdReused == third) + } + + @Test + func testRotatingReservedUInt32PortAllocator() throws { + let lower = UInt32(5000) + let allocator = try UInt32.rotatingAllocator(lower: lower, size: 3) + + try allocator.reserve(5001) + let first = try allocator.allocate() + #expect(first == 5000) + // this should skip the reserved 5001 + let second = try allocator.allocate() + #expect(second == 5002) + + // no release our reserved + try allocator.release(5001) + + let third = try allocator.allocate() + #expect(third == 5001) + } +} diff --git a/Tests/ContainerizationExtrasTests/TestPrefix.swift b/Tests/ContainerizationExtrasTests/TestPrefix.swift new file mode 100644 index 0000000..9b74aca --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestPrefix.swift @@ -0,0 +1,155 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Testing + +@testable import ContainerizationExtras + +struct TestPrefix { + + // MARK: - IPv4 Mask Tests + + struct IPv4Mask { + let length: UInt8 + let expectedPrefix: UInt32 + let expectedSuffix: UInt32 + } + + @Test(arguments: [ + IPv4Mask( + length: 0, + expectedPrefix: 0x0000_0000, + expectedSuffix: 0xFFFF_FFFF + ), + IPv4Mask( + length: 8, + expectedPrefix: 0xFF00_0000, + expectedSuffix: 0x00FF_FFFF + ), + IPv4Mask( + length: 16, + expectedPrefix: 0xFFFF_0000, + expectedSuffix: 0x0000_FFFF + ), + IPv4Mask( + length: 24, + expectedPrefix: 0xFFFF_FF00, + expectedSuffix: 0x0000_00FF + ), + IPv4Mask( + length: 32, + expectedPrefix: 0xFFFF_FFFF, + expectedSuffix: 0x0000_0000 + ), + ]) + func testIPv4Masks(testCase: IPv4Mask) { + let prefix = Prefix(length: testCase.length)! + #expect(prefix.prefixMask32 == testCase.expectedPrefix) + #expect(prefix.suffixMask32 == testCase.expectedSuffix) + } + + @Test func testMasksAreInverses32() { + for length in 0...32 { + let prefix = Prefix(length: UInt8(length))! + #expect(~prefix.prefixMask32 == prefix.suffixMask32) + } + } + + // MARK: - IPv6 Mask Tests + + struct IPv6Mask { + let length: UInt8 + let expectedPrefix: UInt128 + let expectedSuffix: UInt128 + } + + @Test func testIPv6Masks() { + let cases = [ + IPv6Mask( + length: 0, + expectedPrefix: UInt128(0), + expectedSuffix: UInt128.max + ), + IPv6Mask( + length: 64, + expectedPrefix: 0xFFFF_FFFF_FFFF_FFFF_0000_0000_0000_0000, + expectedSuffix: 0x0000_0000_0000_0000_FFFF_FFFF_FFFF_FFFF + ), + IPv6Mask( + length: 128, + expectedPrefix: UInt128.max, + expectedSuffix: UInt128(0) + ), + ] + for testCase in cases { + let prefix = Prefix(length: testCase.length)! + #expect(prefix.prefixMask128 == testCase.expectedPrefix) + #expect(prefix.suffixMask128 == testCase.expectedSuffix) + } + } + + @Test func testMasksAreInverses128() { + for length in stride(from: 0, through: 128, by: 8) { + let prefix = Prefix(length: UInt8(length))! + #expect(~prefix.prefixMask128 == prefix.suffixMask128) + } + } + + // MARK: - Description Tests + + @Test func testDescription() { + #expect(Prefix(length: 24)!.description == "24") + #expect(Prefix(length: 0)!.description == "0") + #expect(Prefix(length: 128)!.description == "128") + } + + // MARK: - Validation Tests + + @Test func testValidationRejectsInvalidLengths() { + // Valid ranges + #expect(Prefix(length: 0) != nil) + #expect(Prefix(length: 32) != nil) + #expect(Prefix(length: 128) != nil) + + // Invalid ranges + #expect(Prefix(length: 129) == nil) + #expect(Prefix(length: 200) == nil) + #expect(Prefix(length: 255) == nil) + } + + @Test func testIPv4SpecificValidation() { + // Valid IPv4 prefixes + #expect(Prefix.ipv4(0) != nil) + #expect(Prefix.ipv4(16) != nil) + #expect(Prefix.ipv4(32) != nil) + + // Invalid IPv4 prefixes + #expect(Prefix.ipv4(33) == nil) + #expect(Prefix.ipv4(64) == nil) + #expect(Prefix.ipv4(128) == nil) + } + + @Test func testIPv6SpecificValidation() { + // Valid IPv6 prefixes + #expect(Prefix.ipv6(0) != nil) + #expect(Prefix.ipv6(64) != nil) + #expect(Prefix.ipv6(128) != nil) + + // Invalid IPv6 prefixes + #expect(Prefix.ipv6(129) == nil) + #expect(Prefix.ipv6(255) == nil) + } +} diff --git a/Tests/ContainerizationExtrasTests/TestTimeout.swift b/Tests/ContainerizationExtrasTests/TestTimeout.swift new file mode 100644 index 0000000..99ef24e --- /dev/null +++ b/Tests/ContainerizationExtrasTests/TestTimeout.swift @@ -0,0 +1,57 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationExtras + +final class TestTimeoutType { + @Test + func testNoCancellation() async throws { + await #expect(throws: Never.self) { + try await Timeout.run( + for: .seconds(5), + operation: { + return + }) + } + } + + @Test + func testCancellationError() async throws { + await #expect(throws: CancellationError.self) { + try await Timeout.run( + for: .milliseconds(50), + operation: { + try await Task.sleep(for: .seconds(2)) + }) + } + } + + @Test + func testClosureError() async throws { + // Check that we get the closures error if we don't timeout, but + // the closure does throw before. + await #expect(throws: POSIXError.self) { + try await Timeout.run( + for: .seconds(10), + operation: { + throw POSIXError(.E2BIG) + }) + } + } +} diff --git a/Tests/ContainerizationExtrasTests/UInt8+DataBindingTest.swift b/Tests/ContainerizationExtrasTests/UInt8+DataBindingTest.swift new file mode 100644 index 0000000..fabc7bf --- /dev/null +++ b/Tests/ContainerizationExtrasTests/UInt8+DataBindingTest.swift @@ -0,0 +1,456 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Testing + +@testable import ContainerizationExtras + +struct BufferTest { + // MARK: - hexEncodedString Tests + + @Test func testArrayHexEncodedStringEmpty() { + let buffer: [UInt8] = [] + #expect(buffer.hexEncodedString() == "") + } + + @Test func testArrayHexEncodedStringSingleByte() { + let buffer: [UInt8] = [0xFF] + #expect(buffer.hexEncodedString() == "ff") + } + + @Test func testArrayHexEncodedStringMultipleBytes() { + let buffer: [UInt8] = [0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF] + #expect(buffer.hexEncodedString() == "0123456789abcdef") + } + + @Test func testArrayHexEncodedStringZeroes() { + let buffer: [UInt8] = [0x00, 0x00, 0x00] + #expect(buffer.hexEncodedString() == "000000") + } + + @Test func testArraySliceHexEncodedStringEmpty() { + let buffer: [UInt8] = [0x01, 0x02, 0x03] + let slice = buffer[0..<0] + #expect(slice.hexEncodedString() == "") + } + + @Test func testArraySliceHexEncodedStringSingleByte() { + let buffer: [UInt8] = [0x01, 0x02, 0x03] + let slice = buffer[1..<2] + #expect(slice.hexEncodedString() == "02") + } + + @Test func testArraySliceHexEncodedStringMultipleBytes() { + let buffer: [UInt8] = [0x00, 0xAA, 0xBB, 0xCC, 0x00] + let slice = buffer[1..<4] + #expect(slice.hexEncodedString() == "aabbcc") + } + + // MARK: - bind Tests + + @Test func testBufferBind() throws { + let expectedValue: UInt64 = 0x0102_0304_0506_0708 + let expectedBuffer: [UInt8] = [ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, + ] + var buffer = [UInt8](repeating: 0, count: 3 * MemoryLayout.size) + guard let ptr = buffer.bind(as: UInt64.self, offset: 2 * MemoryLayout.size) else { + #expect(Bool(false), "could not bind value to buffer") + return + } + + ptr.pointee = expectedValue + #expect(buffer == expectedBuffer) + } + + @Test func testBufferBindZeroOffset() { + let expectedValue: UInt32 = 0x1234_5678 + var buffer = [UInt8](repeating: 0, count: 8) + guard let ptr = buffer.bind(as: UInt32.self, offset: 0) else { + #expect(Bool(false), "could not bind value to buffer at offset 0") + return + } + + ptr.pointee = expectedValue + #expect(buffer[0] == 0x78) + #expect(buffer[1] == 0x56) + #expect(buffer[2] == 0x34) + #expect(buffer[3] == 0x12) + } + + @Test func testBufferBindRangeError() throws { + var buffer = [UInt8](repeating: 0, count: 3 * MemoryLayout.size) + #expect(buffer.bind(as: UInt64.self, offset: 2 * MemoryLayout.size + 1) == nil) + } + + @Test func testBufferBindRangeErrorExactBoundary() { + var buffer = [UInt8](repeating: 0, count: 8) + // Trying to bind UInt64 at offset 1 requires 9 bytes total + #expect(buffer.bind(as: UInt64.self, offset: 1) == nil) + } + + @Test func testBufferBindWithCustomSize() { + var buffer = [UInt8](repeating: 0, count: 16) + // Request a size larger than the type + guard let ptr = buffer.bind(as: UInt32.self, offset: 4, size: 8) else { + #expect(Bool(false), "could not bind with custom size") + return + } + + ptr.pointee = 0xAABB_CCDD + #expect(buffer[4] == 0xDD) + #expect(buffer[5] == 0xCC) + #expect(buffer[6] == 0xBB) + #expect(buffer[7] == 0xAA) + } + + @Test func testBufferBindWithCustomSizeRangeError() { + var buffer = [UInt8](repeating: 0, count: 10) + // Request size 8 at offset 4 would require 12 bytes total + #expect(buffer.bind(as: UInt32.self, offset: 4, size: 8) == nil) + } + + // MARK: - copyIn Tests + + @Test func testCopyInUInt8() { + var buffer = [UInt8](repeating: 0, count: 4) + let value: UInt8 = 0x42 + + guard let offset = buffer.copyIn(as: UInt8.self, value: value, offset: 2) else { + #expect(Bool(false), "could not copy UInt8 to buffer") + return + } + + #expect(offset == 3) + #expect(buffer[2] == 0x42) + } + + @Test func testCopyInUInt16() { + var buffer = [UInt8](repeating: 0, count: 8) + let value: UInt16 = 0x1234 + + guard let offset = buffer.copyIn(as: UInt16.self, value: value, offset: 3) else { + #expect(Bool(false), "could not copy UInt16 to buffer") + return + } + + #expect(offset == 5) + #expect(buffer[3] == 0x34) + #expect(buffer[4] == 0x12) + } + + @Test func testCopyInUInt32() { + var buffer = [UInt8](repeating: 0, count: 8) + let value: UInt32 = 0x1234_5678 + + guard let offset = buffer.copyIn(as: UInt32.self, value: value, offset: 0) else { + #expect(Bool(false), "could not copy UInt32 to buffer") + return + } + + #expect(offset == 4) + #expect(buffer[0] == 0x78) + #expect(buffer[1] == 0x56) + #expect(buffer[2] == 0x34) + #expect(buffer[3] == 0x12) + } + + @Test func testCopyInUInt64() { + var buffer = [UInt8](repeating: 0, count: 16) + let value: UInt64 = 0x0102_0304_0506_0708 + + guard let offset = buffer.copyIn(as: UInt64.self, value: value, offset: 4) else { + #expect(Bool(false), "could not copy UInt64 to buffer") + return + } + + #expect(offset == 12) + #expect(buffer[4] == 0x08) + #expect(buffer[5] == 0x07) + #expect(buffer[6] == 0x06) + #expect(buffer[7] == 0x05) + #expect(buffer[8] == 0x04) + #expect(buffer[9] == 0x03) + #expect(buffer[10] == 0x02) + #expect(buffer[11] == 0x01) + } + + @Test func testCopyInRangeError() { + var buffer = [UInt8](repeating: 0, count: 8) + let value: UInt64 = 0x1234_5678_90AB_CDEF + + // Offset 4 + size 8 = 12, but buffer only has 8 bytes + #expect(buffer.copyIn(as: UInt64.self, value: value, offset: 4) == nil) + } + + @Test func testCopyInExactBoundary() { + var buffer = [UInt8](repeating: 0, count: 8) + let value: UInt64 = 0xFEDC_BA98_7654_3210 + + guard let offset = buffer.copyIn(as: UInt64.self, value: value, offset: 0) else { + #expect(Bool(false), "could not copy UInt64 at exact boundary") + return + } + + #expect(offset == 8) + } + + @Test func testCopyInWithCustomSize() { + var buffer = [UInt8](repeating: 0, count: 16) + let value: UInt32 = 0xAABB_CCDD + + // Copy with custom size of 8 (larger than UInt32's 4 bytes) + guard let offset = buffer.copyIn(as: UInt32.self, value: value, offset: 2, size: 8) else { + #expect(Bool(false), "could not copy with custom size") + return + } + + #expect(offset == 6) // offset + MemoryLayout.size + #expect(buffer[2] == 0xDD) + #expect(buffer[3] == 0xCC) + #expect(buffer[4] == 0xBB) + #expect(buffer[5] == 0xAA) + } + + @Test func testCopyInWithCustomSizeRangeError() { + var buffer = [UInt8](repeating: 0, count: 8) + let value: UInt32 = 0x1234_5678 + + // Request size 8 at offset 2 would require 10 bytes total + #expect(buffer.copyIn(as: UInt32.self, value: value, offset: 2, size: 8) == nil) + } + + // MARK: - copyOut Tests + + @Test func testCopyOutUInt8() { + let buffer: [UInt8] = [0x00, 0x11, 0x22, 0x33] + + guard let (offset, value) = buffer.copyOut(as: UInt8.self, offset: 2) else { + #expect(Bool(false), "could not copy out UInt8") + return + } + + #expect(offset == 3) + #expect(value == 0x22) + } + + @Test func testCopyOutUInt16() { + let buffer: [UInt8] = [0x00, 0x11, 0x22, 0x33, 0x44, 0x55] + + guard let (offset, value) = buffer.copyOut(as: UInt16.self, offset: 2) else { + #expect(Bool(false), "could not copy out UInt16") + return + } + + #expect(offset == 4) + #expect(value == 0x3322) + } + + @Test func testCopyOutUInt32() { + let buffer: [UInt8] = [0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0] + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: 0) else { + #expect(Bool(false), "could not copy out UInt32") + return + } + + #expect(offset == 4) + #expect(value == 0x7856_3412) + } + + @Test func testCopyOutUInt64() { + let buffer: [UInt8] = [ + 0x00, 0x00, 0x00, 0x00, + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, + 0xFF, 0xFF, + ] + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: 4) else { + #expect(Bool(false), "could not copy out UInt64") + return + } + + #expect(offset == 12) + #expect(value == 0x8877_6655_4433_2211) + } + + @Test func testCopyOutRangeError() { + let buffer: [UInt8] = [0x00, 0x11, 0x22, 0x33] + + // Trying to read UInt64 from offset 0 with only 4 bytes + #expect(buffer.copyOut(as: UInt64.self, offset: 0) == nil) + } + + @Test func testCopyOutExactBoundary() { + let buffer: [UInt8] = [0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08] + + guard let (offset, value) = buffer.copyOut(as: UInt64.self, offset: 0) else { + #expect(Bool(false), "could not copy out at exact boundary") + return + } + + #expect(offset == 8) + #expect(value == 0x0807_0605_0403_0201) + } + + @Test func testCopyOutWithCustomSize() { + let buffer: [UInt8] = [0x00, 0x00, 0x11, 0x22, 0x33, 0x44, 0xFF, 0xFF, 0xFF, 0xFF] + + guard let (offset, value) = buffer.copyOut(as: UInt32.self, offset: 2, size: 8) else { + #expect(Bool(false), "could not copy out with custom size") + return + } + + #expect(offset == 6) // offset + MemoryLayout.size + #expect(value == 0x4433_2211) + } + + @Test func testCopyOutWithCustomSizeRangeError() { + let buffer: [UInt8] = [0x00, 0x11, 0x22, 0x33, 0x44, 0x55] + + // Request size 8 at offset 2 would require 10 bytes total, but buffer only has 6 + #expect(buffer.copyOut(as: UInt32.self, offset: 2, size: 8) == nil) + } + + // MARK: - copyIn(buffer:) and copyOut(buffer:) Tests + + @Test func testBufferCopy() throws { + let inputBuffer: [UInt8] = [0x01, 0x02, 0x03] + var buffer = [UInt8](repeating: 0, count: 9) + + guard let offset = buffer.copyIn(buffer: inputBuffer, offset: 4) else { + #expect(Bool(false), "could not copy to buffer") + return + } + #expect(offset == 7) + + guard let offset = buffer.copyIn(buffer: inputBuffer, offset: 6) else { + #expect(Bool(false), "could not copy to buffer") + return + } + #expect(offset == 9) + + let expectedBuffer: [UInt8] = [ + 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x01, 0x02, 0x03, + ] + #expect(expectedBuffer == buffer) + + var outputBuffer = [UInt8](repeating: 0, count: 3) + guard let offset = buffer.copyOut(buffer: &outputBuffer, offset: 6) else { + #expect(Bool(false), "could not copy to buffer") + return + } + #expect(offset == 9) + + let expectedOutputBuffer: [UInt8] = [ + 0x01, 0x02, 0x03, + ] + #expect(expectedOutputBuffer == outputBuffer) + } + + @Test func testBufferCopyZeroOffset() { + let inputBuffer: [UInt8] = [0xAA, 0xBB, 0xCC] + var buffer = [UInt8](repeating: 0, count: 5) + + guard let offset = buffer.copyIn(buffer: inputBuffer, offset: 0) else { + #expect(Bool(false), "could not copy to buffer at offset 0") + return + } + + #expect(offset == 3) + #expect(buffer[0] == 0xAA) + #expect(buffer[1] == 0xBB) + #expect(buffer[2] == 0xCC) + } + + @Test func testBufferCopyEmptyBuffer() { + let inputBuffer: [UInt8] = [] + var buffer = [UInt8](repeating: 0, count: 5) + + guard let offset = buffer.copyIn(buffer: inputBuffer, offset: 2) else { + #expect(Bool(false), "could not copy empty buffer") + return + } + + #expect(offset == 2) + } + + @Test func testBufferCopyExactFit() { + let inputBuffer: [UInt8] = [0x01, 0x02, 0x03] + var buffer = [UInt8](repeating: 0, count: 6) + + guard let offset = buffer.copyIn(buffer: inputBuffer, offset: 3) else { + #expect(Bool(false), "could not copy to exact fit") + return + } + + #expect(offset == 6) + } + + @Test func testBufferCopyRangeError() throws { + let inputBuffer: [UInt8] = [0x01, 0x02, 0x03] + var buffer = [UInt8](repeating: 0, count: 9) + + #expect(buffer.copyIn(buffer: inputBuffer, offset: 7) == nil) + + var outputBuffer = [UInt8](repeating: 0, count: 3) + #expect(buffer.copyOut(buffer: &outputBuffer, offset: 7) == nil) + } + + @Test func testBufferCopyOutZeroOffset() { + let buffer: [UInt8] = [0x11, 0x22, 0x33, 0x44, 0x55] + var outputBuffer = [UInt8](repeating: 0, count: 3) + + guard let offset = buffer.copyOut(buffer: &outputBuffer, offset: 0) else { + #expect(Bool(false), "could not copy out at offset 0") + return + } + + #expect(offset == 3) + #expect(outputBuffer[0] == 0x11) + #expect(outputBuffer[1] == 0x22) + #expect(outputBuffer[2] == 0x33) + } + + @Test func testBufferCopyOutEmptyBuffer() { + let buffer: [UInt8] = [0x11, 0x22, 0x33] + var outputBuffer: [UInt8] = [] + + guard let offset = buffer.copyOut(buffer: &outputBuffer, offset: 1) else { + #expect(Bool(false), "could not copy out to empty buffer") + return + } + + #expect(offset == 1) + } + + @Test func testBufferCopyOutExactFit() { + let buffer: [UInt8] = [0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF] + var outputBuffer = [UInt8](repeating: 0, count: 3) + + guard let offset = buffer.copyOut(buffer: &outputBuffer, offset: 3) else { + #expect(Bool(false), "could not copy out exact fit") + return + } + + #expect(offset == 6) + #expect(outputBuffer[0] == 0xDD) + #expect(outputBuffer[1] == 0xEE) + #expect(outputBuffer[2] == 0xFF) + } +} diff --git a/Tests/ContainerizationNetlinkTests/MockNetlinkSocket.swift b/Tests/ContainerizationNetlinkTests/MockNetlinkSocket.swift new file mode 100644 index 0000000..eb0d3ca --- /dev/null +++ b/Tests/ContainerizationNetlinkTests/MockNetlinkSocket.swift @@ -0,0 +1,57 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +@testable import ContainerizationNetlink + +class MockNetlinkSocket: NetlinkSocket { + static let ENOMEM: Int32 = 12 + static let EOVERFLOW: Int32 = 75 + + var pid: UInt32 = 0 + + var requests: [[UInt8]] = [] + var responses: [[UInt8]] = [] + + var responseIndex = 0 + + public init() throws {} + + public func send(buf: UnsafeRawPointer!, len: Int, flags: Int32) throws -> Int { + let ptr = buf.bindMemory(to: UInt8.self, capacity: len) + requests.append(Array(UnsafeBufferPointer(start: ptr, count: len))) + return len + } + + public func recv(buf: UnsafeMutableRawPointer!, len: Int, flags: Int32) throws -> Int { + guard responseIndex < responses.count else { + throw NetlinkSocketError.recvFailure(rc: Self.ENOMEM) + } + + let response = responses[responseIndex] + guard len >= response.count else { + throw NetlinkSocketError.recvFailure(rc: 75) + } + + response.withUnsafeBytes { bytes in + buf.copyMemory(from: bytes.baseAddress!, byteCount: response.count) + } + + responseIndex += 1 + return response.count + } +} diff --git a/Tests/ContainerizationNetlinkTests/NetlinkSessionTest.swift b/Tests/ContainerizationNetlinkTests/NetlinkSessionTest.swift new file mode 100644 index 0000000..6c31a0c --- /dev/null +++ b/Tests/ContainerizationNetlinkTests/NetlinkSessionTest.swift @@ -0,0 +1,665 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import ContainerizationOS +import Testing + +@testable import ContainerizationNetlink + +struct NetlinkSessionTest { + @Test func testNetworkLinkDown() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name, truncated response with no attributes (not needed at present). + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME (“eth0”) + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no RT attrs + ) + ) + + // Link‑down request – 32‑byte payload, no attributes. + let expectedDownRequest = + "2000000010000500000000000cc00cc0" // Netlink header (16 B) + + "110000000200000000000000ffffffff" // struct ifinfomsg (16 B) – no RT attrs + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000200000001000050000000000" // nlmsg_err payload (16 B) + + "0c000000" // first 4 B of echoed header + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.linkSet(interface: "eth0", up: false) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedDownRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkLinkUp() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0x0cc0_0cc0 + + // Lookup interface by name, truncated response with no attributes (not needed at present). + let expectedLookupRequest = + "340000001200010000000000c00cc00c" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME (“eth0”) + mockSocket.responses.append( + [UInt8]( + hex: + "200000001000000000000000c00cc00c" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Network up for interface. + let expectedUpRequest = + "280000001000050000000000c00cc00c" // Netlink header (16 B) + + "110000000200000001000000ffffffff" // struct ifinfomsg (16 B) + + "0800040000050000" // RT attr: IFLA_MTU = 1280 (8 B) + mockSocket.responses.append( + [UInt8]( + hex: + "240000000200000100000000c00cc00c" // Netlink header (16 B) + + "00000000200000001000050000000000" // nlmsg_err payload (16 B) + + "11000000" // 1st 4 B of echoed offending header + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.linkSet(interface: "eth0", up: true, mtu: 1280) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedUpRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkLinkUpLoopback() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup loopback interface + let expectedLookupRequest = + "3000000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d0009000000080003006c6f0000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME (“lo”) + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100010000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Link up request for loopback, 32‑byte payload and no attributes + let expectedUpRequest = + "2000000010000500000000000cc00cc0" // Netlink header (16 B) + + "110000000100000001000000ffffffff" // struct ifinfomsg (16 B) – no RT attrs + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000200000001000050000000000" // nlmsg_err payload (16 B) + + "0c000000" // first 4 B of echoed offending header + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.linkSet(interface: "lo", up: true) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedUpRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkLinkGetEth0() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0x1234_5678 + + // Lookup interface by name, truncated response with three attributes. + let expectedLookupRequest = + "34000000120001000000000078563412" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME (“eth0”) + mockSocket.responses.append( + [UInt8]( + hex: + "48000000100000000000000078563412" // Netlink header (16 B) + + "00000100020000004300010000000000" // struct ifinfomsg (16 B) + + "090003006574683000000000" // IFLA_IFNAME (“eth0”) attr (12 B) + + "08000d00e8030000" // IFLA_MTU = 1000 attr (8 B) + + "0500100006000000" // attr type 0x0010 (8 B) + + "0a000100825524c244030000" // IFLA_ADDRESS = 82:55:24:c2:44:03 (12 B) + ) + ) + + let session = NetlinkSession(socket: mockSocket) + let links = try session.linkGet(interface: "eth0") + + #expect(mockSocket.requests.count == 1) + #expect(mockSocket.responseIndex == 1) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + try #require(links.count == 1) + + #expect(links[0].interfaceIndex == 2) + #expect(links[0].interfaceFlags == 0x0001_0043) + #expect(links[0].interfaceType == 1) + #expect(links[0].isEthernet) + #expect(!links[0].isLoopback) + #expect(links[0].address == [0x82, 0x55, 0x24, 0xc2, 0x44, 0x03]) + try #require(links[0].attrDatas.count == 4) + #expect(links[0].attrDatas[0].attribute.type == 0x0003) + #expect(links[0].attrDatas[0].attribute.len == 0x0009) + #expect(links[0].attrDatas[0].data == [0x65, 0x74, 0x68, 0x30, 0x00]) + #expect(links[0].attrDatas[1].attribute.type == 0x000d) + #expect(links[0].attrDatas[1].attribute.len == 0x0008) + #expect(links[0].attrDatas[1].data == [0xe8, 0x03, 0x00, 0x00]) + #expect(links[0].attrDatas[2].attribute.type == 0x0010) + #expect(links[0].attrDatas[2].attribute.len == 0x0005) + #expect(links[0].attrDatas[2].data == [0x06]) + } + + @Test func testNetworkLinkGet() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0x8765_4321 + + // Lookup all interfaces, responses with only the interface name attribute. + let expectedLookupRequest = + "28000000120001030000000021436587" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d0009000000" // RT attr: IFLA_EXT_MASK (8 B) + mockSocket.responses.append( + [UInt8]( + hex: + "28000000100002000000000021436587" // Netlink header (16 B) + + "00000403010000004900010000000000" // struct ifinfomsg (16 B) + + "070003006c6f0000" // IFLA_IFNAME “lo” (8 B, padded) + ) + ) + mockSocket.responses.append( + [UInt8]( + hex: + "2c000000100002000000000021436587" // Netlink header (16 B) + + "00000003040000008000000000000000" // struct ifinfomsg (16 B) + + "0a00030074756e6c30000000" // IFLA_IFNAME “tunl0” attr (12 B, padded) + ) + ) + mockSocket.responses.append( + [UInt8]( + hex: + "14000000030002000000000021436587" // Netlink header (16 B) – NLMSG_DONE + + "00000000" // 4-byte payload + ) + ) + + let session = NetlinkSession(socket: mockSocket) + let links = try session.linkGet() + + #expect(mockSocket.requests.count == 1) + #expect(mockSocket.responseIndex == 3) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + try #require(links.count == 2) + + #expect(links[0].interfaceIndex == 1) + try #require(links[0].attrDatas.count == 1) + #expect(links[0].attrDatas[0].attribute.type == 0x0003) + #expect(links[0].attrDatas[0].attribute.len == 0x0007) + #expect(links[0].attrDatas[0].data == [0x6c, 0x6f, 0x00]) + + #expect(links[1].interfaceIndex == 4) + try #require(links[1].attrDatas.count == 1) + #expect(links[1].attrDatas[0].attribute.type == 0x0003) + #expect(links[1].attrDatas[0].attribute.len == 0x000a) + #expect(links[1].attrDatas[0].data == [0x74, 0x75, 0x6e, 0x6c, 0x30, 0x00]) + } + + @Test func testNetworkAddressAdd() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name, truncated response with no attributes (not needed at present). + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME (“eth0”) + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Network down for interface. + let expectedAddRequest = + "2800000014000506000000000cc00cc0" // Netlink header (16 B) + + "0218000002000000" // ifaddrmsg (8 B): AF_INET, /24, ifindex 2 + + "08000200c0a840fa" // RT attr: IFA_LOCAL 192.168.64.250 + + "08000100c0a840fa" // RT attr: IFA_ADDRESS 192.168.64.250 + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000280000001400050600000000" // nlmsg_err payload (16 B) + + "1f000000" // first 4 B of echoed offending header + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.addressAdd(interface: "eth0", ipv4Address: try CIDRv4("192.168.64.250/24")) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkAddressAddIPv6() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name, truncated response with no attributes (not needed at present). + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME ("eth0") + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Add IPv6 address to interface. + let expectedAddRequest = + "2c00000014000506000000000cc00cc0" // Netlink header (16 B): len=44 + + "0a40820002000000" // ifaddrmsg (8 B): AF_INET6, /64, flags=PERMANENT|NODAD, ifindex 2 + + "14000100fd000000000000000000000000000001" // RT attr: IFA_ADDRESS fd00::1 + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "0000000040000000140005060000000000000000" // nlmsg_err payload (20 B) + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.addressAdd(interface: "eth0", ipv6Address: try CIDRv6("fd00::1/64")) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkRouteAddIpLink() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name, truncated response with no attributes (not needed at present). + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME ("eth0") + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Add link route. + let expectedAddRequest = + "3400000018000506000000000cc00cc0" // Netlink header (16 B) + + "02180000fe02fd0100000000" // struct rtmsg (12 B): AF_INET, dst/24, + // table=RT_TABLE_MAIN (0xfe), proto=RTPROT_KERNEL (0x02), + // scope=RT_SCOPE_LINK (0xfd), type=RTN_UNICAST (0x01) + + "08000100c0a84000" // RTA_DST 192.168.64.0 + + "08000700c0a84003" // RTA_PREFSRC 192.168.64.3 + + "0800040002000000" // RTA_OIF ifindex 2 (eth0) + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000280000001400050600000000" // nlmsg_err payload (16 B) + + "1f000000" // first 4 B of echoed offending header + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.routeAdd( + interface: "eth0", + dstIpv4Addr: try CIDRv4("192.168.64.0/24"), + srcIpv4Addr: try IPv4Address("192.168.64.3") + ) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkRouteAddIpLinkWithoutSrc() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name, truncated response with no attributes (not needed at present). + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME ("eth0") + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Add link route without RTA_PREFSRC. + let expectedAddRequest = + "2c00000018000506000000000cc00cc0" // Netlink header (16 B) + + "02180000fe02fd0100000000" // struct rtmsg (12 B): AF_INET, dst/24, + // table=RT_TABLE_MAIN (0xfe), proto=RTPROT_KERNEL (0x02), + // scope=RT_SCOPE_LINK (0xfd), type=RTN_UNICAST (0x01) + + "08000100c0a84000" // RTA_DST 192.168.64.0 + + "0800040002000000" // RTA_OIF ifindex 2 (eth0) + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000280000001400050600000000" // nlmsg_err payload (16 B) + + "1f000000" // first 4 B of echoed offending header + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.routeAdd( + interface: "eth0", + dstIpv4Addr: try CIDRv4("192.168.64.0/24"), + srcIpv4Addr: nil + ) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkRouteAddIpv6Link() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name. + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME ("eth0") + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Add IPv6 link route with source. + let expectedAddRequest = + "4c00000018000506000000000cc00cc0" // Netlink header (16 B): len=76 + + "0a400000fe04fd0100000000" // struct rtmsg (12 B): AF_INET6, dst/64, + // table=MAIN(0xfe), proto=STATIC(0x04), scope=LINK(0xfd), type=UNICAST(0x01) + + "14000100fd000000000000000000000000000000" // RTA_DST fd00:: + + "14000700fd000000000000000000000000000001" // RTA_PREFSRC fd00::1 + + "0800040002000000" // RTA_OIF ifindex 2 (eth0) + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000280000001400050600000000" // nlmsg_err payload (16 B) + + "1f000000" + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.routeAdd( + interface: "eth0", + dstIpv6Addr: try CIDRv6("fd00::/64"), + srcIpv6Addr: try IPv6Address("fd00::1") + ) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkRouteAddIpv6LinkWithoutSrc() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name. + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME ("eth0") + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Add IPv6 link route without source. + let expectedAddRequest = + "3800000018000506000000000cc00cc0" // Netlink header (16 B): len=56 + + "0a400000fe04fd0100000000" // struct rtmsg (12 B): AF_INET6, dst/64 + + "14000100fd000000000000000000000000000000" // RTA_DST fd00:: + + "0800040002000000" // RTA_OIF ifindex 2 (eth0) + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000280000001400050600000000" // nlmsg_err payload (16 B) + + "1f000000" + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.routeAdd( + interface: "eth0", + dstIpv6Addr: try CIDRv6("fd00::/64"), + srcIpv6Addr: nil + ) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkRouteAddDefaultIpv6() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0xc00c_c00c + + // Lookup interface by name. + let expectedLookupRequest = + "3400000012000100000000000cc00cc0" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d00090000000c0003006574683000000000" // RT attrs: IFLA_EXT_MASK + IFLA_IFNAME ("eth0") + mockSocket.responses.append( + [UInt8]( + hex: + "2000000010000000000000000cc00cc0" // Netlink header (16 B) + + "00000100020000004310010000000000" // struct ifinfomsg (16 B) – no attributes + ) + ) + + // Add default IPv6 route via gateway. + let expectedAddRequest = + "3800000018000506000000000cc00cc0" // Netlink header (16 B): len=56 + + "0a000000fe03000100000000" // struct rtmsg (12 B): AF_INET6, dst/0, + // table=MAIN(0xfe), proto=BOOT(0x03), scope=UNIVERSE(0x00), type=UNICAST(0x01) + + "14000500fd000000000000000000000000000001" // RTA_GATEWAY fd00::1 + + "0800040002000000" // RTA_OIF ifindex 2 (eth0) + mockSocket.responses.append( + [UInt8]( + hex: + "2400000002000001000000000cc00cc0" // Netlink header (16 B) + + "00000000280000001400050600000000" // nlmsg_err payload (16 B) + + "1f000000" + ) + ) + + let session = NetlinkSession(socket: mockSocket) + try session.routeAddDefault( + interface: "eth0", + ipv6Gateway: try IPv6Address("fd00::1") + ) + + #expect(mockSocket.requests.count == 2) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + mockSocket.requests[1][8..<12] = [0, 0, 0, 0] + #expect(expectedAddRequest == mockSocket.requests[1].hexEncodedString()) + } + + @Test func testNetworkLinkGetMultipleMessagesInSingleBuffer() throws { + let mockSocket = try MockNetlinkSocket() + mockSocket.pid = 0x8765_4321 + + // Lookup all interfaces, with multiple messages packed into a single buffer. + // This tests the fix for parsing multiple netlink messages that arrive in one recv() call. + let expectedLookupRequest = + "28000000120001030000000021436587" // Netlink header (16 B) + + "110000000000000001000000ffffffff" // struct ifinfomsg (16 B) + + "08001d0009000000" // RT attr: IFLA_EXT_MASK (8 B) + + // Pack three messages into a single response buffer: + // + // Message 1: loopback interface with one attribute + let msg1 = + "28000000100002000000000021436587" // Netlink header (16 B), len=40 + + "00000403010000004900010000000000" // struct ifinfomsg (16 B) + + "070003006c6f0000" // IFLA_IFNAME "lo" (8 B, padded) + + // Message 2: tunl0 interface with one attribute + let msg2 = + "2c000000100002000000000021436587" // Netlink header (16 B), len=44 + + "00000003040000008000000000000000" // struct ifinfomsg (16 B) + + "0a00030074756e6c30000000" // IFLA_IFNAME "tunl0" attr (12 B, padded) + + // Message 3: eth0 interface with two attributes + let msg3 = + "34000000100002000000000021436587" // Netlink header (16 B), len=52 + + "00000100020000004300010000000000" // struct ifinfomsg (16 B) + + "090003006574683000000000" // IFLA_IFNAME "eth0" attr (12 B) + + "08000d00e8030000" // IFLA_MTU = 1000 attr (8 B) + + // Combine all three messages into a single buffer + mockSocket.responses.append([UInt8](hex: msg1 + msg2 + msg3)) + + // Final NLMSG_DONE message in separate buffer + mockSocket.responses.append( + [UInt8]( + hex: + "14000000030002000000000021436587" // Netlink header (16 B) – NLMSG_DONE + + "00000000" // 4-byte payload + ) + ) + + let session = NetlinkSession(socket: mockSocket) + let links = try session.linkGet() + + #expect(mockSocket.requests.count == 1) + #expect(mockSocket.responseIndex == 2) + mockSocket.requests[0][8..<12] = [0, 0, 0, 0] + #expect(expectedLookupRequest == mockSocket.requests[0].hexEncodedString()) + + // Verify we got all three interfaces + try #require(links.count == 3) + + // Verify loopback interface + #expect(links[0].interfaceIndex == 1) + try #require(links[0].attrDatas.count == 1) + #expect(links[0].attrDatas[0].attribute.type == 0x0003) + #expect(links[0].attrDatas[0].attribute.len == 0x0007) + #expect(links[0].attrDatas[0].data == [0x6c, 0x6f, 0x00]) + + // Verify tunl0 interface + #expect(links[1].interfaceIndex == 4) + try #require(links[1].attrDatas.count == 1) + #expect(links[1].attrDatas[0].attribute.type == 0x0003) + #expect(links[1].attrDatas[0].attribute.len == 0x000a) + #expect(links[1].attrDatas[0].data == [0x74, 0x75, 0x6e, 0x6c, 0x30, 0x00]) + + // Verify eth0 interface + #expect(links[2].interfaceIndex == 2) + try #require(links[2].attrDatas.count == 2) + #expect(links[2].attrDatas[0].attribute.type == 0x0003) + #expect(links[2].attrDatas[0].attribute.len == 0x0009) + #expect(links[2].attrDatas[0].data == [0x65, 0x74, 0x68, 0x30, 0x00]) + #expect(links[2].attrDatas[1].attribute.type == 0x000d) + #expect(links[2].attrDatas[1].attribute.len == 0x0008) + #expect(links[2].attrDatas[1].data == [0xe8, 0x03, 0x00, 0x00]) + } +} + +extension Array where Element == UInt8 { + /// Initializes `[UInt8]` from an even-length hex string + init(hex: String) { + self = stride(from: 0, to: hex.count, by: 2).compactMap { + UInt8( + hex[hex.index(hex.startIndex, offsetBy: $0)...] + .prefix(2), radix: 16) + } + } +} diff --git a/Tests/ContainerizationNetlinkTests/TypesTest.swift b/Tests/ContainerizationNetlinkTests/TypesTest.swift new file mode 100644 index 0000000..1ca9ef9 --- /dev/null +++ b/Tests/ContainerizationNetlinkTests/TypesTest.swift @@ -0,0 +1,221 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import Testing + +@testable import ContainerizationNetlink + +struct TypesTest { + @Test func testNetlinkMessageHeader() throws { + let expectedValue = NetlinkMessageHeader( + len: 0x1234_5678, type: 0x9abc, flags: 0xdef0, seq: 0x1122_3344, pid: 0x5566_7788) + let expectedBuffer: [UInt8] = [ + 0x78, 0x56, 0x34, 0x12, + 0xbc, 0x9a, 0xf0, 0xde, + 0x44, 0x33, 0x22, 0x11, + 0x88, 0x77, 0x66, 0x55, + ] + var buffer = [UInt8](repeating: 0, count: NetlinkMessageHeader.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(NetlinkMessageHeader.size == offset) + #expect(expectedBuffer == buffer) + guard let (offset, value) = buffer.copyOut(as: NetlinkMessageHeader.self) else { + #expect(Bool(false), "could not bind value to buffer") + return + + } + + #expect(offset == NetlinkMessageHeader.size) + #expect(expectedValue == value) + } + + @Test func testInterfaceInfo() throws { + let expectedValue = InterfaceInfo( + family: UInt8(AddressFamily.AF_NETLINK), type: 0x1234, index: 0x1234_5678, flags: 0x9abc_def0, + change: 0x0fed_cba9 + ) + let expectedBuffer: [UInt8] = [ + 0x10, 0x00, 0x34, 0x12, + 0x78, 0x56, 0x34, 0x12, + 0xf0, 0xde, 0xbc, 0x9a, + 0xa9, 0xcb, 0xed, 0x0f, + ] + var buffer = [UInt8](repeating: 0, count: InterfaceInfo.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(InterfaceInfo.size == offset) + #expect(expectedBuffer == buffer) + guard let (offset, value) = buffer.copyOut(as: InterfaceInfo.self) else { + #expect(Bool(false), "could not bind value to buffer") + return + + } + + #expect(offset == InterfaceInfo.size) + #expect(expectedValue == value) + } + + @Test func testAddressInfo() throws { + let expectedValue = AddressInfo( + family: UInt8(AddressFamily.AF_INET), prefixLength: 24, flags: 0x5a, scope: 0xa5, index: 0xdead_beef) + let expectedBuffer: [UInt8] = [ + 0x02, 0x18, 0x5a, 0xa5, + 0xef, 0xbe, 0xad, 0xde, + ] + var buffer = [UInt8](repeating: 0, count: AddressInfo.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(AddressInfo.size == offset) + #expect(expectedBuffer == buffer) + guard let (offset, value) = buffer.copyOut(as: AddressInfo.self) else { + #expect(Bool(false), "could not bind value to buffer") + return + + } + + #expect(offset == AddressInfo.size) + #expect(expectedValue == value) + } + + @Test func testRTAttribute() throws { + let expectedValue = RTAttribute(len: 0x1234, type: 0x5678) + let expectedBuffer: [UInt8] = [ + 0x34, 0x12, 0x78, 0x56, + ] + var buffer = [UInt8](repeating: 0, count: RTAttribute.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(RTAttribute.size == offset) + #expect(expectedBuffer == buffer) + guard let (offset, value) = buffer.copyOut(as: RTAttribute.self) else { + #expect(Bool(false), "could not bind value to buffer") + return + + } + + #expect(offset == RTAttribute.size) + #expect(expectedValue == value) + } + + @Test func testSockaddrNetlink() throws { + let expectedValue = SockaddrNetlink(family: 16, pid: 0x1234_5678, groups: 0x9abc_def0) + let expectedBuffer: [UInt8] = [ + 0x10, 0x00, 0x00, 0x00, + 0x78, 0x56, 0x34, 0x12, + 0xf0, 0xde, 0xbc, 0x9a, + ] + var buffer = [UInt8](repeating: 0, count: SockaddrNetlink.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(SockaddrNetlink.size == offset) + #expect(expectedBuffer == buffer) + + var unmarshaledValue = SockaddrNetlink() + let bindOffset = try unmarshaledValue.bindBuffer(&buffer, offset: 0) + #expect(bindOffset == SockaddrNetlink.size) + #expect(expectedValue == unmarshaledValue) + } + + @Test func testRouteInfo() throws { + let expectedValue = RouteInfo( + family: UInt8(AddressFamily.AF_INET), + dstLen: 24, + srcLen: 0, + tos: 0, + table: RouteTable.MAIN, + proto: RouteProtocol.KERNEL, + scope: RouteScope.LINK, + type: RouteType.UNICAST, + flags: 0xdead_beef + ) + let expectedBuffer: [UInt8] = [ + 0x02, 0x18, 0x00, 0x00, + 0xfe, 0x02, 0xfd, 0x01, + 0xef, 0xbe, 0xad, 0xde, + ] + var buffer = [UInt8](repeating: 0, count: RouteInfo.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(RouteInfo.size == offset) + #expect(expectedBuffer == buffer) + + var unmarshaledValue = RouteInfo( + dstLen: 0, srcLen: 0, tos: 0, table: 0, proto: 0, scope: 0, type: 0, flags: 0) + let bindOffset = try unmarshaledValue.bindBuffer(&buffer, offset: 0) + #expect(bindOffset == RouteInfo.size) + #expect(expectedValue == unmarshaledValue) + } + + @Test func testLinkStatistics64() throws { + var expectedValue = LinkStatistics64() + expectedValue.rxPackets = 0x0102_0304_0506_0708 + expectedValue.txPackets = 0x090a_0b0c_0d0e_0f10 + expectedValue.rxBytes = 0x1112_1314_1516_1718 + expectedValue.txBytes = 0x191a_1b1c_1d1e_1f20 + expectedValue.rxErrors = 0x2122_2324_2526_2728 + expectedValue.txErrors = 0x292a_2b2c_2d2e_2f30 + expectedValue.rxDropped = 0x3132_3334_3536_3738 + expectedValue.txDropped = 0x393a_3b3c_3d3e_3f40 + expectedValue.multicast = 0x4142_4344_4546_4748 + expectedValue.collisions = 0x494a_4b4c_4d4e_4f50 + expectedValue.rxLengthErrors = 0x5152_5354_5556_5758 + expectedValue.rxOverErrors = 0x595a_5b5c_5d5e_5f60 + expectedValue.rxCrcErrors = 0x6162_6364_6566_6768 + expectedValue.rxFrameErrors = 0x696a_6b6c_6d6e_6f70 + expectedValue.rxFifoErrors = 0x7172_7374_7576_7778 + expectedValue.rxMissedErrors = 0x797a_7b7c_7d7e_7f80 + expectedValue.txAbortedErrors = 0x8182_8384_8586_8788 + expectedValue.txCarrierErrors = 0x898a_8b8c_8d8e_8f90 + expectedValue.txFifoErrors = 0x9192_9394_9596_9798 + expectedValue.txHeartbeatErrors = 0x999a_9b9c_9d9e_9fa0 + expectedValue.txWindowErrors = 0xa1a2_a3a4_a5a6_a7a8 + expectedValue.rxCompressed = 0xa9aa_abac_adae_afb0 + expectedValue.txCompressed = 0xb1b2_b3b4_b5b6_b7b8 + + let expectedBuffer: [UInt8] = [ + 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, + 0x10, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, + 0x18, 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, + 0x20, 0x1f, 0x1e, 0x1d, 0x1c, 0x1b, 0x1a, 0x19, + 0x28, 0x27, 0x26, 0x25, 0x24, 0x23, 0x22, 0x21, + 0x30, 0x2f, 0x2e, 0x2d, 0x2c, 0x2b, 0x2a, 0x29, + 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, + 0x40, 0x3f, 0x3e, 0x3d, 0x3c, 0x3b, 0x3a, 0x39, + 0x48, 0x47, 0x46, 0x45, 0x44, 0x43, 0x42, 0x41, + 0x50, 0x4f, 0x4e, 0x4d, 0x4c, 0x4b, 0x4a, 0x49, + 0x58, 0x57, 0x56, 0x55, 0x54, 0x53, 0x52, 0x51, + 0x60, 0x5f, 0x5e, 0x5d, 0x5c, 0x5b, 0x5a, 0x59, + 0x68, 0x67, 0x66, 0x65, 0x64, 0x63, 0x62, 0x61, + 0x70, 0x6f, 0x6e, 0x6d, 0x6c, 0x6b, 0x6a, 0x69, + 0x78, 0x77, 0x76, 0x75, 0x74, 0x73, 0x72, 0x71, + 0x80, 0x7f, 0x7e, 0x7d, 0x7c, 0x7b, 0x7a, 0x79, + 0x88, 0x87, 0x86, 0x85, 0x84, 0x83, 0x82, 0x81, + 0x90, 0x8f, 0x8e, 0x8d, 0x8c, 0x8b, 0x8a, 0x89, + 0x98, 0x97, 0x96, 0x95, 0x94, 0x93, 0x92, 0x91, + 0xa0, 0x9f, 0x9e, 0x9d, 0x9c, 0x9b, 0x9a, 0x99, + 0xa8, 0xa7, 0xa6, 0xa5, 0xa4, 0xa3, 0xa2, 0xa1, + 0xb0, 0xaf, 0xae, 0xad, 0xac, 0xab, 0xaa, 0xa9, + 0xb8, 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, + ] + + var buffer = [UInt8](repeating: 0, count: LinkStatistics64.size) + let offset = try expectedValue.appendBuffer(&buffer, offset: 0) + #expect(LinkStatistics64.size == offset) + #expect(expectedBuffer == buffer) + + var unmarshaledValue = LinkStatistics64() + let bindOffset = try unmarshaledValue.bindBuffer(&buffer, offset: 0) + #expect(bindOffset == LinkStatistics64.size) + #expect(expectedValue == unmarshaledValue) + } +} diff --git a/Tests/ContainerizationOCITests/AuthChallengeTests.swift b/Tests/ContainerizationOCITests/AuthChallengeTests.swift new file mode 100644 index 0000000..f862101 --- /dev/null +++ b/Tests/ContainerizationOCITests/AuthChallengeTests.swift @@ -0,0 +1,58 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationOCI + +struct AuthChallengeTests { + internal struct TestCase: Sendable { + let input: String + let expected: AuthenticateChallenge + } + + private static let testCases: [TestCase] = [ + .init( + input: """ + Bearer realm="https://domain.io/token",service="domain.io",scope="repository:user/image:pull" + """, + expected: .init(type: "Bearer", realm: "https://domain.io/token", service: "domain.io", scope: "repository:user/image:pull", error: nil)), + .init( + input: """ + Bearer realm="https://foo-bar-registry.com/auth",service="Awesome Registry" + """, + expected: .init(type: "Bearer", realm: "https://foo-bar-registry.com/auth", service: "Awesome Registry", scope: nil, error: nil)), + .init( + input: """ + Bearer realm="users.example.com", scope="create delete" + """, + expected: .init(type: "Bearer", realm: "users.example.com", service: nil, scope: "create delete", error: nil)), + .init( + input: """ + Bearer realm="https://auth.server.io/token",service="registry.server.io" + """, + expected: .init(type: "Bearer", realm: "https://auth.server.io/token", service: "registry.server.io", scope: nil, error: nil)), + + ] + + @Test(arguments: testCases) + func parseAuthHeader(testCase: TestCase) throws { + let challenges = RegistryClient.parseWWWAuthenticateHeaders(headers: [testCase.input]) + #expect(challenges.count == 1) + #expect(challenges[0] == testCase.expected) + } +} diff --git a/Tests/ContainerizationOCITests/ContentWriterTests.swift b/Tests/ContainerizationOCITests/ContentWriterTests.swift new file mode 100644 index 0000000..a13e28a --- /dev/null +++ b/Tests/ContainerizationOCITests/ContentWriterTests.swift @@ -0,0 +1,119 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationError +import Crypto +import Foundation +import Testing + +@testable import ContainerizationOCI + +@Suite("ContentWriter Tests") +struct ContentWriterTests { + private func withTempDirectory(_ body: (URL) throws -> Void) throws { + let dir = FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString) + try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true) + defer { try? FileManager.default.removeItem(at: dir) } + try body(dir) + } + + private func makeTempFile(in dir: URL, data: Data) throws -> URL { + let url = dir.appendingPathComponent(UUID().uuidString) + try data.write(to: url) + return url + } + + @Test func testWriteReturnsCorrectSizeAndDigest() throws { + try withTempDirectory { dir in + let writer = try ContentWriter(for: dir) + let data = Data("test content".utf8) + let (size, digest) = try writer.write(data) + let expected = SHA256.hash(data: data) + let destination = dir.appendingPathComponent(digest.encoded) + #expect(size == Int64(data.count)) + #expect(digest == expected) + #expect(FileManager.default.fileExists(atPath: destination.path)) + } + } + + @Test func testWriteDuplicateData() throws { + try withTempDirectory { dir in + let writer = try ContentWriter(for: dir) + let data = Data("duplicate".utf8) + #expect(throws: Never.self) { + try writer.write(data) + try writer.write(data) + } + } + } + + @Test func testCreateFromFileSmallFile() throws { + try withTempDirectory { base in + try withTempDirectory { src in + let data = Data("small file contents".utf8) + let sourceURL = try makeTempFile(in: src, data: data) + let writer = try ContentWriter(for: base) + let (size, digest) = try writer.create(from: sourceURL) + let destination = base.appendingPathComponent(digest.encoded) + let written = try Data(contentsOf: destination) + #expect(size == Int64(data.count)) + #expect(digest == SHA256.hash(data: data)) + #expect(FileManager.default.fileExists(atPath: destination.path)) + #expect(written == data) + } + } + } + + @Test func testCreateFromFileLargeFileDuplicates() throws { + try withTempDirectory { base in + try withTempDirectory { src in + let count = 3 * 1024 * 1024 + 100 + var bytes = [UInt8](repeating: 0, count: count) + arc4random_buf(&bytes, count) + let data = Data(bytes) + let sourceURL = try makeTempFile(in: src, data: data) + let writer = try ContentWriter(for: base) + let (size, digest) = try writer.create(from: sourceURL) + let destination = base.appendingPathComponent(digest.encoded) + #expect(size == Int64(data.count)) + #expect(digest == SHA256.hash(data: data)) + #expect(throws: Never.self) { + try writer.create(from: sourceURL) + } + #expect(FileManager.default.fileExists(atPath: destination.path)) + } + } + } + + private struct SamplePayload: Codable, Equatable { + let name: String + let value: Int + } + + @Test func testCreateFromEncodableReturnsCorrectDigest() throws { + try withTempDirectory { base in + let writer = try ContentWriter(for: base) + let payload = SamplePayload(name: "digest-check", value: 99) + let (size, digest) = try writer.create(from: payload) + let encoder = JSONEncoder() + encoder.outputFormatting = [.sortedKeys] + let expected = try encoder.encode(payload) + #expect(size == Int64(expected.count)) + #expect(digest == SHA256.hash(data: expected)) + } + } +} diff --git a/Tests/ContainerizationOCITests/LocalContentStoreTests.swift b/Tests/ContainerizationOCITests/LocalContentStoreTests.swift new file mode 100644 index 0000000..11f57de --- /dev/null +++ b/Tests/ContainerizationOCITests/LocalContentStoreTests.swift @@ -0,0 +1,66 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationOCI + +@Suite +struct LocalContentStoreTests { + private static let digestA = String(repeating: "a", count: 64) + private static let digestB = String(repeating: "b", count: 64) + + @Test func totalAllocatedSizeReportsZeroForEmptyStore() async throws { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + defer { try? FileManager.default.removeItem(at: dir) } + + let store = try LocalContentStore(path: dir) + let size = try await store.totalAllocatedSize() + #expect(size == 0) + } + + @Test func totalAllocatedSizeReflectsCommittedBlobs() async throws { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + defer { try? FileManager.default.removeItem(at: dir) } + + let store = try LocalContentStore(path: dir) + let payload = Data(repeating: 0xAB, count: 64 * 1024) + + try await store.ingest { tempDir in + try payload.write(to: tempDir.appendingPathComponent(Self.digestA)) + } + + let size = try await store.totalAllocatedSize() + #expect(size >= UInt64(payload.count)) + } + + @Test func totalAllocatedSizeIncludesInFlightIngest() async throws { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + defer { try? FileManager.default.removeItem(at: dir) } + + let store = try LocalContentStore(path: dir) + let payload = Data(repeating: 0xCD, count: 32 * 1024) + + let session = try await store.newIngestSession() + try payload.write(to: session.ingestDir.appendingPathComponent(Self.digestB)) + + let size = try await store.totalAllocatedSize() + #expect(size >= UInt64(payload.count)) + + try await store.cancelIngestSession(session.id) + } +} diff --git a/Tests/ContainerizationOCITests/OCIImageTests.swift b/Tests/ContainerizationOCITests/OCIImageTests.swift new file mode 100644 index 0000000..e8d7fb6 --- /dev/null +++ b/Tests/ContainerizationOCITests/OCIImageTests.swift @@ -0,0 +1,164 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import Foundation +import Testing + +@testable import ContainerizationOCI + +struct OCITests { + @Test func config() { + let config = ContainerizationOCI.ImageConfig() + let rootfs = ContainerizationOCI.Rootfs(type: "foo", diffIDs: ["diff1", "diff2"]) + let history = ContainerizationOCI.History() + + let image = ContainerizationOCI.Image(architecture: "arm64", os: "linux", config: config, rootfs: rootfs, history: [history]) + #expect(image.rootfs.type == "foo") + } + + @Test func descriptor() { + let platform = ContainerizationOCI.Platform(arch: "arm64", os: "linux") + let descriptor = ContainerizationOCI.Descriptor(mediaType: MediaTypes.descriptor, digest: "123", size: 0, platform: platform) + + #expect(descriptor.platform?.architecture == "arm64") + #expect(descriptor.platform?.os == "linux") + #expect(descriptor.artifactType == nil) + } + + @Test func descriptorWithArtifactType() throws { + let testArtifactType = "application/vnd.example.test.v1+json" + let descriptor = ContainerizationOCI.Descriptor( + mediaType: MediaTypes.imageManifest, + digest: "sha256:abc123", + size: 1234, + artifactType: testArtifactType + ) + #expect(descriptor.artifactType == testArtifactType) + + let data = try JSONEncoder().encode(descriptor) + let decoded = try JSONDecoder().decode(ContainerizationOCI.Descriptor.self, from: data) + #expect(decoded.artifactType == testArtifactType) + } + + @Test func descriptorWithoutArtifactTypeDecodesAsNil() throws { + let json = """ + {"mediaType":"application/vnd.oci.descriptor.v1+json","digest":"sha256:abc","size":0} + """ + let decoded = try JSONDecoder().decode(ContainerizationOCI.Descriptor.self, from: json.data(using: .utf8)!) + #expect(decoded.artifactType == nil) + } + + @Test func index() { + var descriptors: [ContainerizationOCI.Descriptor] = [] + for i in 0..<5 { + let descriptor = ContainerizationOCI.Descriptor(mediaType: MediaTypes.descriptor, digest: "\(i)", size: Int64(i)) + descriptors.append(descriptor) + } + + let index = ContainerizationOCI.Index(schemaVersion: 1, manifests: descriptors) + #expect(index.manifests.count == 5) + #expect(index.subject == nil) + #expect(index.artifactType == nil) + } + + @Test func indexWithSubjectAndArtifactType() throws { + let testArtifactType = "application/vnd.example.test.v1+json" + let subject = ContainerizationOCI.Descriptor(mediaType: MediaTypes.imageManifest, digest: "sha256:subject", size: 512) + let index = ContainerizationOCI.Index( + schemaVersion: 2, + manifests: [], + subject: subject, + artifactType: testArtifactType + ) + #expect(index.subject?.digest == "sha256:subject") + #expect(index.artifactType == testArtifactType) + + let data = try JSONEncoder().encode(index) + let decoded = try JSONDecoder().decode(ContainerizationOCI.Index.self, from: data) + #expect(decoded.subject?.digest == "sha256:subject") + #expect(decoded.artifactType == testArtifactType) + } + + @Test func indexDecodesWithoutNewFields() throws { + let json = """ + {"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.descriptor.v1+json","digest":"sha256:abc","size":10}]} + """ + let decoded = try JSONDecoder().decode(ContainerizationOCI.Index.self, from: json.data(using: .utf8)!) + #expect(decoded.schemaVersion == 2) + #expect(decoded.manifests.count == 1) + #expect(decoded.subject == nil) + #expect(decoded.artifactType == nil) + } + + @Test func manifests() { + var descriptors: [ContainerizationOCI.Descriptor] = [] + for i in 0..<5 { + let descriptor = ContainerizationOCI.Descriptor(mediaType: MediaTypes.descriptor, digest: "\(i)", size: Int64(i)) + descriptors.append(descriptor) + } + + let config = ContainerizationOCI.Descriptor(mediaType: MediaTypes.descriptor, digest: "123", size: 0) + + let manifest = ContainerizationOCI.Manifest(schemaVersion: 1, config: config, layers: descriptors) + #expect(manifest.config.digest == "123") + #expect(manifest.layers.count == 5) + #expect(manifest.subject == nil) + #expect(manifest.artifactType == nil) + } + + @Test func manifestWithSubjectAndArtifactType() throws { + let testArtifactType = "application/vnd.example.test.v1+json" + let config = ContainerizationOCI.Descriptor(mediaType: MediaTypes.emptyJSON, digest: "sha256:empty", size: 2) + let subject = ContainerizationOCI.Descriptor(mediaType: MediaTypes.imageManifest, digest: "sha256:target", size: 1234) + let layer = ContainerizationOCI.Descriptor( + mediaType: testArtifactType, + digest: "sha256:meta", + size: 89, + annotations: ["org.opencontainers.image.title": "metadata.json"] + ) + + let manifest = ContainerizationOCI.Manifest( + config: config, + layers: [layer], + subject: subject, + artifactType: testArtifactType + ) + #expect(manifest.subject?.digest == "sha256:target") + #expect(manifest.artifactType == testArtifactType) + #expect(manifest.layers[0].annotations?["org.opencontainers.image.title"] == "metadata.json") + + let data = try JSONEncoder().encode(manifest) + let decoded = try JSONDecoder().decode(ContainerizationOCI.Manifest.self, from: data) + #expect(decoded.subject?.digest == "sha256:target") + #expect(decoded.artifactType == testArtifactType) + } + + @Test func manifestDecodesWithoutNewFields() throws { + let json = """ + { + "schemaVersion": 2, + "config": {"mediaType":"application/vnd.oci.empty.v1+json","digest":"sha256:abc","size":2}, + "layers": [] + } + """ + let decoded = try JSONDecoder().decode(ContainerizationOCI.Manifest.self, from: json.data(using: .utf8)!) + #expect(decoded.schemaVersion == 2) + #expect(decoded.subject == nil) + #expect(decoded.artifactType == nil) + } +} diff --git a/Tests/ContainerizationOCITests/OCIPlatformTests.swift b/Tests/ContainerizationOCITests/OCIPlatformTests.swift new file mode 100644 index 0000000..7ffebed --- /dev/null +++ b/Tests/ContainerizationOCITests/OCIPlatformTests.swift @@ -0,0 +1,84 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import Testing + +@testable import ContainerizationOCI + +struct OCIPlatformTests { + @Test func identicalPlatforms() { + let amd64lhs = Platform(arch: "amd64", os: "linux") + let amd64rhs = Platform(arch: "amd64", os: "linux") + #expect(amd64lhs == amd64rhs, "amd64 platforms should be equal") + + let arm64lhs = Platform(arch: "arm64", os: "linux") + let arm64rhs = Platform(arch: "arm64", os: "linux") + #expect(arm64lhs == arm64rhs, "arm64 platforms should be equal") + } + + @Test func differentOS() { + let lhs = Platform(arch: "arm64", os: "linux") + let rhs = Platform(arch: "arm64", os: "darwin") + #expect(lhs != rhs, "Different OS should not be equal") + } + + @Test func differentArch() { + let lhs = Platform(arch: "amd64", os: "linux") + let rhs = Platform(arch: "arm64", os: "linux") + #expect(lhs != rhs, "Different arch should not be equal") + } + + @Test func arm64_sameVariant() { + let lhs = Platform(arch: "arm64", os: "linux", variant: "v8") + let rhs = Platform(arch: "arm64", os: "linux", variant: "v8") + #expect(lhs == rhs, "Both OS arm64, same arch, same variant => equal") + } + + @Test func arm64_nilAndV8() { + let lhs = Platform(arch: "arm64", os: "linux", variant: nil) + let rhs = Platform(arch: "arm64", os: "linux", variant: "v8") + #expect(lhs == rhs, "One variant nil and other v8 => equal under special arm64 rule") + } + + @Test func arm64_nilAndV7() { + let lhs = Platform(arch: "arm64", os: "linux", variant: nil) + let rhs = Platform(arch: "arm64", os: "linux", variant: "v7") + #expect(lhs != rhs, "nil vs v7 is not covered by the special rule => not equal") + } + + @Test func arm64_bothNil() { + let lhs = Platform(arch: "arm64", os: "linux", variant: nil) + let rhs = Platform(arch: "arm64", os: "linux", variant: nil) + #expect(lhs == rhs, "Both nil variants => variantEqual is true => overall equal") + } + + @Test func arm64_nilAndV8_sameHashValue() { + let withoutVariant = Platform(arch: "arm64", os: "linux", variant: nil) + let withV8 = Platform(arch: "arm64", os: "linux", variant: "v8") + // Equal platforms must produce the same hash — violating this breaks Set/Dictionary lookups + #expect(withoutVariant.hashValue == withV8.hashValue, "arm64 nil variant and v8 must hash identically") + } + + @Test func arm64_nilAndV8_setLookup() { + let withoutVariant = Platform(arch: "arm64", os: "linux", variant: nil) + let withV8 = Platform(arch: "arm64", os: "linux", variant: "v8") + var set = Set() + set.insert(withoutVariant) + #expect(set.contains(withV8), "arm64/v8 must be found in a Set that contains arm64 with nil variant") + } +} diff --git a/Tests/ContainerizationOCITests/OCISpecTests.swift b/Tests/ContainerizationOCITests/OCISpecTests.swift new file mode 100644 index 0000000..f4539d4 --- /dev/null +++ b/Tests/ContainerizationOCITests/OCISpecTests.swift @@ -0,0 +1,168 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationOCI + +struct OCISpecTests { + @Test func minimalSpecDecode() throws { + let version = "1.2.3" + let minSpec = + """ + { + "ociVersion": "\(version)" + } + """ + + guard let data = minSpec.data(using: .utf8) else { + Issue.record("test spec is not valid: \(minSpec)") + return + } + + let decodedSpec = try JSONDecoder().decode(ContainerizationOCI.Spec.self, from: data) + #expect(decodedSpec.version == version) + #expect(decodedSpec.hooks == nil) + #expect(decodedSpec.process == nil) + #expect(decodedSpec.hostname == "") + #expect(decodedSpec.domainname == "") + #expect(decodedSpec.mounts.isEmpty) + #expect(decodedSpec.annotations == nil) + #expect(decodedSpec.root == nil) + #expect(decodedSpec.linux == nil) + } + + @Test func minimalProcessSpecDecode() throws { + let cwd = "/test" + let minProcessSpec = + """ + { + "cwd": "\(cwd)", + "user": { + "uid": 10, + "gid": 11 + } + } + """ + + guard let data = minProcessSpec.data(using: .utf8) else { + Issue.record("test process spec is not valid: \(minProcessSpec)") + return + } + + let decodedSpec = try JSONDecoder().decode(ContainerizationOCI.Process.self, from: data) + #expect(decodedSpec.cwd == cwd) + #expect(decodedSpec.env.isEmpty) + #expect(decodedSpec.consoleSize == nil) + #expect(decodedSpec.selinuxLabel == "") + #expect(decodedSpec.noNewPrivileges == false) + #expect(decodedSpec.commandLine == "") + #expect(decodedSpec.oomScoreAdj == nil) + #expect(decodedSpec.capabilities == nil) + #expect(decodedSpec.apparmorProfile == "") + #expect(decodedSpec.user.uid == 10) + #expect(decodedSpec.user.gid == 11) + #expect(decodedSpec.rlimits.isEmpty) + #expect(decodedSpec.terminal == false) + } + + @Test func minimalUserSpecDecode() throws { + let minUserSpec = + """ + { + "uid": 10, + "gid": 11 + } + """ + + guard let data = minUserSpec.data(using: .utf8) else { + Issue.record("test user spec is not valid: \(minUserSpec)") + return + } + + let decodedSpec = try JSONDecoder().decode(ContainerizationOCI.User.self, from: data) + #expect(decodedSpec.uid == 10) + #expect(decodedSpec.gid == 11) + #expect(decodedSpec.umask == nil) + #expect(decodedSpec.additionalGids.isEmpty) + #expect(decodedSpec.username == "") + } + + @Test func minimalRootSpecDecode() throws { + let path = "/testpath" + let minRootSpec = + """ + { + "path": "\(path)" + } + """ + + guard let data = minRootSpec.data(using: .utf8) else { + Issue.record("test root spec is not valid: \(minRootSpec)") + return + } + + let decodedSpec = try JSONDecoder().decode(ContainerizationOCI.Root.self, from: data) + #expect(decodedSpec.path == path) + #expect(decodedSpec.readonly == false) + } + + @Test func minimalMountSpecDecode() throws { + let destination = "/testdest" + let minMountSpec = + """ + { + "destination": "\(destination)" + } + """ + + guard let data = minMountSpec.data(using: .utf8) else { + Issue.record("test mount spec is not valid: \(minMountSpec)") + return + } + + let decodedSpec = try JSONDecoder().decode(ContainerizationOCI.Mount.self, from: data) + #expect(decodedSpec.type == "") + #expect(decodedSpec.source == "") + #expect(decodedSpec.destination == destination) + #expect(decodedSpec.options.isEmpty) + #expect(decodedSpec.uidMappings == nil) + #expect(decodedSpec.gidMappings == nil) + } + + @Test func minimalCapabilitiesDecode() throws { + let minCapabilitiesSpec = + """ + { + "ociVersion": "1.1.0", + "capabilities": { + "permitted": [ + "CAP_SYS_ADMIN" + ] + }, + "linux": {} + } + """ + + guard let data = minCapabilitiesSpec.data(using: .utf8) else { + Issue.record("test capabilities spec is not valid: \(minCapabilitiesSpec)") + return + } + + let _ = try JSONDecoder().decode(ContainerizationOCI.Spec.self, from: data) + } +} diff --git a/Tests/ContainerizationOCITests/ReferenceTests.swift b/Tests/ContainerizationOCITests/ReferenceTests.swift new file mode 100644 index 0000000..6a744bb --- /dev/null +++ b/Tests/ContainerizationOCITests/ReferenceTests.swift @@ -0,0 +1,118 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// swiftlint:disable force_cast large_tuple + +import ContainerizationError +import Foundation +import Testing + +@testable import ContainerizationOCI + +@Suite("Reference Parse Tests") +struct ReferenceParseTests { + internal struct ReferenceParseTestCase: Sendable { + let input: String + let domain: String? + let path: String + let tag: String? + let digest: String? + init(input: String, domain: String? = nil, path: String, tag: String? = nil, digest: String? = nil) { + self.input = input + self.domain = domain + self.path = path + self.tag = tag + self.digest = digest + } + } + + @Test(arguments: [ + ReferenceParseTestCase(input: "tensorflow/tensorflow", path: "tensorflow/tensorflow"), + ReferenceParseTestCase(input: "debian", path: "debian"), + ReferenceParseTestCase(input: "repo_with_underscore", path: "repo_with_underscore"), + ReferenceParseTestCase(input: "swift5.10:alpine", path: "swift5.10", tag: "alpine"), + ReferenceParseTestCase(input: "registry.com.with.port:5000/no_tag", domain: "registry.com.with.port:5000", path: "no_tag"), + ReferenceParseTestCase(input: "registry.com.with.port:5000/name/foo/bar:tag23", domain: "registry.com.with.port:5000", path: "name/foo/bar", tag: "tag23"), + ReferenceParseTestCase(input: "some-repo-with-dashes/name", path: "some-repo-with-dashes/name"), + ReferenceParseTestCase(input: "domain.with-dashes/cool-image:foo", domain: "domain.with-dashes", path: "cool-image", tag: "foo"), + ReferenceParseTestCase(input: "localhost:8080/123:latest", domain: "localhost:8080", path: "123", tag: "latest"), + ReferenceParseTestCase( + input: "localhost/123@sha256:\(String(repeating: "a", count: 64))", domain: "localhost", path: "123", digest: "sha256:\(String(repeating: "a", count: 64))"), + ReferenceParseTestCase( + input: "registry.com.with.port:1254/foo/bar/baz@sha256:\(String(repeating: "abcd", count: 16))", domain: "registry.com.with.port:1254", path: "foo/bar/baz", + digest: "sha256:\(String(repeating: "abcd", count: 16))"), + ReferenceParseTestCase(input: "192.168.1.1:5544/local/swift:6.0", domain: "192.168.1.1:5544", path: "local/swift", tag: "6.0"), + ReferenceParseTestCase(input: "[abc12::4]:5683/swift", domain: "[abc12::4]:5683", path: "swift"), + // Verify names longer than 127 characters are accepted (OCI spec allows up to 255). + ReferenceParseTestCase( + input: "reg.io/\(String(repeating: "a", count: 121))", + domain: "reg.io", + path: String(repeating: "a", count: 121)), + // Verify a name of exactly 255 characters (the OCI spec maximum) is accepted. + ReferenceParseTestCase( + input: "registry.example.com/\(String(repeating: "a", count: 234))", + domain: "registry.example.com", + path: String(repeating: "a", count: 234)), + ]) + func validReferenceParse(testCase: ReferenceParseTestCase) async throws { + #expect(throws: Never.self) { + let parsed = try Reference.parse(testCase.input) + #expect(parsed.path == testCase.path) + #expect(parsed.domain == testCase.domain) + #expect(parsed.digest == testCase.digest) + #expect(parsed.tag == testCase.tag) + } + } + + @Test(arguments: [ + "localhost:8080", + "localhost/123@sha256:\(String(repeating: "a", count: 200))", + "https://github.com/apple/containerization", + "", + "-testString", + "-testString/image", + "-testString.com/image/release", + "foo///bar", + "mostly.valid/image/but/Caps", + "[abc12::4]", + "[abc12::4]:abc12::4", + "[2001:db8:3:4::192.0.2.33]:5000/debian", + "1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a", + // A name of 256 characters exceeds the OCI spec limit of 255 and must be rejected. + "registry.example.com/\(String(repeating: "a", count: 235))", + ]) + func invalidReferenceParse(input: String) async throws { + #expect(throws: ContainerizationError.self) { + try Reference.parse(input) + } + } + + @Test(arguments: [ + ReferenceParseTestCase(input: "only_name", path: "only_name", tag: "latest"), + ReferenceParseTestCase(input: "docker.io/alpine", domain: "docker.io", path: "library/alpine", tag: "latest"), + ReferenceParseTestCase(input: "ghcr.io/myrepo/alpine", domain: "ghcr.io", path: "myrepo/alpine", tag: "latest"), + ReferenceParseTestCase(input: "name@sha256:" + String(repeating: "1", count: 64), path: "name", digest: "sha256:" + String(repeating: "1", count: 64)), + ReferenceParseTestCase(input: "registry-1.docker.io/testrepo/myname:v2", domain: "registry-1.docker.io", path: "testrepo/myname", tag: "v2"), + ]) + func testNormalize(testCase: ReferenceParseTestCase) throws { + let parsed = try Reference.parse(testCase.input) + parsed.normalize() + #expect(parsed.path == testCase.path) + #expect(parsed.domain == testCase.domain) + #expect(parsed.digest == testCase.digest) + #expect(parsed.tag == testCase.tag) + } +} diff --git a/Tests/ContainerizationOCITests/RegistryClientTests.swift b/Tests/ContainerizationOCITests/RegistryClientTests.swift new file mode 100644 index 0000000..f25fcb1 --- /dev/null +++ b/Tests/ContainerizationOCITests/RegistryClientTests.swift @@ -0,0 +1,366 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationError +import ContainerizationIO +import Crypto +import Foundation +import NIO +import Synchronization +import Testing + +@testable import ContainerizationOCI + +struct OCIClientTests: ~Copyable { + private var contentPath: URL + private let fileManager = FileManager.default + private var encoder = JSONEncoder() + + init() async throws { + let testDir = fileManager.uniqueTemporaryDirectory() + let contentPath = testDir.appendingPathComponent("content") + try fileManager.createDirectory(at: contentPath, withIntermediateDirectories: true) + self.contentPath = contentPath + + encoder.outputFormatting = .prettyPrinted + } + + deinit { + try? fileManager.removeItem(at: contentPath) + } + + private static var arch: String? { + var uts = utsname() + let result = uname(&uts) + guard result == EXIT_SUCCESS else { + return nil + } + + let machine = Data(bytes: &uts.machine, count: 256) + guard let arch = String(bytes: machine, encoding: .utf8) else { + return nil + } + + switch arch.lowercased().trimmingCharacters(in: .controlCharacters) { + case "arm64": + return "arm64" + default: + return "amd64" + } + } + + @Test(.enabled(if: hasRegistryCredentials)) + func fetchToken() async throws { + let client = RegistryClient(host: "ghcr.io", authentication: Self.authentication) + let request = TokenRequest(realm: "https://ghcr.io/token", service: "ghcr.io", clientId: "tests", scope: nil) + let response = try await client.fetchToken(request: request) + #expect(response.getToken() != nil) + } + + @Test(arguments: [ + "registry-1.docker.io", + "public.ecr.aws", + "registry.k8s.io", + "mcr.microsoft.com", + ]) + func ping(host: String) async throws { + let client = RegistryClient(host: host) + try await client.ping() + } + + @Test func pingWithInvalidCredentials() async throws { + let authentication = BasicAuthentication(username: "foo", password: "bar") + let client = RegistryClient(host: "ghcr.io", authentication: authentication) + let error = await #expect(throws: RegistryClient.Error.self) { try await client.ping() } + guard case .invalidStatus(_, let status, let reason) = error else { + throw error! + } + #expect(status == .unauthorized) + #expect(reason == "access denied or wrong credentials") + } + + @Test(.enabled(if: hasRegistryCredentials)) + func pingWithCredentials() async throws { + let client = RegistryClient(host: "ghcr.io", authentication: Self.authentication) + try await client.ping() + } + + @Test func resolve() async throws { + let client = RegistryClient(host: "ghcr.io") + let descriptor = try await client.resolve(name: "apple/containerization/dockermanifestimage", tag: "0.0.2") + #expect(descriptor.mediaType == MediaTypes.dockerManifest) + #expect(descriptor.size != 0) + #expect(!descriptor.digest.isEmpty) + } + + @Test func resolveSha() async throws { + let client = RegistryClient(host: "ghcr.io") + let descriptor = try await client.resolve( + name: "apple/containerization/dockermanifestimage", tag: "sha256:c8d344d228b7d9a702a95227438ec0d71f953a9a483e28ffabc5704f70d2b61e") + let namedDescriptor = try await client.resolve(name: "apple/containerization/dockermanifestimage", tag: "0.0.2") + #expect(descriptor == namedDescriptor) + #expect(descriptor.mediaType == MediaTypes.dockerManifest) + #expect(descriptor.size != 0) + #expect(!descriptor.digest.isEmpty) + } + + @Test func fetchManifest() async throws { + let client = RegistryClient(host: "ghcr.io") + let descriptor = try await client.resolve(name: "apple/containerization/dockermanifestimage", tag: "0.0.2") + let manifest: Manifest = try await client.fetch(name: "apple/containerization/dockermanifestimage", descriptor: descriptor) + #expect(manifest.schemaVersion == 2) + #expect(manifest.layers.count == 1) + } + + @Test func fetchManifestAsData() async throws { + let client = RegistryClient(host: "ghcr.io") + let descriptor = try await client.resolve(name: "apple/containerization/dockermanifestimage", tag: "0.0.2") + let manifestData = try await client.fetchData(name: "apple/containerization/dockermanifestimage", descriptor: descriptor) + let checksum = SHA256.hash(data: manifestData) + #expect(descriptor.digest == checksum.digest) + } + + @Test func fetchConfig() async throws { + let client = RegistryClient(host: "ghcr.io") + let descriptor = try await client.resolve(name: "apple/containerization/dockermanifestimage", tag: "0.0.2") + let manifest: Manifest = try await client.fetch(name: "apple/containerization/dockermanifestimage", descriptor: descriptor) + let image: Image = try await client.fetch(name: "apple/containerization/dockermanifestimage", descriptor: manifest.config) + // This is an empty image -- check that the image label is present in the image config + #expect(image.config?.labels?["org.opencontainers.image.source"] == "https://github.com/apple/containerization") + #expect(image.rootfs.diffIDs.count == 1) + } + + @Test func fetchBlob() async throws { + let client = RegistryClient(host: "ghcr.io") + let descriptor = try await client.resolve(name: "apple/containerization/dockermanifestimage", tag: "0.0.2") + let manifest: Manifest = try await client.fetch(name: "apple/containerization/dockermanifestimage", descriptor: descriptor) + var called = false + var done = false + try await client.fetchBlob(name: "apple/containerization/dockermanifestimage", descriptor: manifest.layers.first!) { (expected, body) in + called = true + #expect(expected != 0) + var received = 0 + for try await buffer in body { + received += buffer.readableBytes + if received == expected { + done = true + } + } + } + #expect(called) + #expect(done) + } + + @Test(.disabled("External users cannot push images, disable while we find a better solution")) + func pushIndex() async throws { + let client = RegistryClient(host: "ghcr.io", authentication: Self.authentication) + let indexDescriptor = try await client.resolve(name: "apple/containerization/emptyimage", tag: "0.0.1") + let index: Index = try await client.fetch(name: "apple/containerization/emptyimage", descriptor: indexDescriptor) + + let platform = Platform(arch: "amd64", os: "linux") + + var manifestDescriptor: Descriptor? + for m in index.manifests where m.platform == platform { + manifestDescriptor = m + break + } + + #expect(manifestDescriptor != nil) + + let manifest: Manifest = try await client.fetch(name: "apple/containerization/emptyimage", descriptor: manifestDescriptor!) + let imgConfig: Image = try await client.fetch(name: "apple/containerization/emptyimage", descriptor: manifest.config) + + let layer = try #require(manifest.layers.first) + let blobPath = contentPath.appendingPathComponent(layer.digest) + let outputStream = OutputStream(toFileAtPath: blobPath.path, append: false) + #expect(outputStream != nil) + + try await outputStream!.withThrowingOpeningStream { + try await client.fetchBlob(name: "apple/containerization/emptyimage", descriptor: layer) { (expected, body) in + var received: Int64 = 0 + for try await buffer in body { + received += Int64(buffer.readableBytes) + + buffer.withUnsafeReadableBytes { pointer in + let unsafeBufferPointer = pointer.bindMemory(to: UInt8.self) + if let addr = unsafeBufferPointer.baseAddress { + _ = outputStream!.write(addr, maxLength: buffer.readableBytes) + } + } + } + + #expect(received == expected) + } + } + + let name = "apple/test-images/image-push" + let ref = "latest" + + // Push the layer first. + do { + let content = try LocalContent(path: blobPath) + let generator = { + let stream = try ReadStream(url: content.path) + try stream.reset() + return stream.stream + } + try await client.push(name: name, ref: ref, descriptor: layer, streamGenerator: generator, progress: nil) + } catch let err as ContainerizationError { + guard err.code == .exists else { + throw err + } + } + + // Push the image configuration. + var imgConfigDesc: Descriptor? + do { + imgConfigDesc = try await self.pushDescriptor( + client: client, + name: name, + ref: ref, + content: imgConfig, + baseDescriptor: manifest.config + ) + } catch let err as ContainerizationError { + guard err.code != .exists else { + return + } + throw err + } + + // Push the image manifest. + let newManifest = Manifest( + schemaVersion: manifest.schemaVersion, + mediaType: manifest.mediaType!, + config: imgConfigDesc!, + layers: manifest.layers, + annotations: manifest.annotations + ) + let manifestDesc = try await self.pushDescriptor( + client: client, + name: name, + ref: ref, + content: newManifest, + baseDescriptor: manifestDescriptor! + ) + + // Push the index. + let newIndex = Index( + schemaVersion: index.schemaVersion, + mediaType: index.mediaType, + manifests: [manifestDesc], + annotations: index.annotations + ) + try await self.pushDescriptor( + client: client, + name: name, + ref: ref, + content: newIndex, + baseDescriptor: indexDescriptor + ) + } + + @Test func resolveWithRetry() async throws { + let counter = Mutex(0) + let client = RegistryClient( + host: "ghcr.io", + retryOptions: RetryOptions( + maxRetries: 3, + retryInterval: 500_000_000, + shouldRetry: ({ response in + if response.status == .notFound { + counter.withLock { $0 += 1 } + return true + } + return false + }) + ) + ) + do { + _ = try await client.resolve(name: "containerization/not-exists", tag: "foo") + } catch { + #expect(counter.withLock { $0 } <= 3) + } + } + + // MARK: private functions + + static var hasRegistryCredentials: Bool { + authentication != nil + } + + static var authentication: Authentication? { + let env = ProcessInfo.processInfo.environment + guard let password = env["REGISTRY_TOKEN"], + let username = env["REGISTRY_USERNAME"] + else { + return nil + } + return BasicAuthentication(username: username, password: password) + } + + @discardableResult + private func pushDescriptor( + client: RegistryClient, + name: String, + ref: String, + content: T, + baseDescriptor: Descriptor + ) async throws -> Descriptor { + let encoded = try self.encoder.encode(content) + let digest = SHA256.hash(data: encoded) + let descriptor = Descriptor( + mediaType: baseDescriptor.mediaType, + digest: digest.digest, + size: Int64(encoded.count), + urls: baseDescriptor.urls, + annotations: baseDescriptor.annotations, + platform: baseDescriptor.platform + ) + let generator = { + let stream = ReadStream(data: encoded) + try stream.reset() + return stream.stream + } + + try await client.push( + name: name, + ref: ref, + descriptor: descriptor, + streamGenerator: generator, + progress: nil + ) + return descriptor + } +} + +extension OutputStream { + fileprivate func withThrowingOpeningStream(_ closure: () async throws -> Void) async throws { + self.open() + defer { self.close() } + + try await closure() + } +} + +extension SHA256.Digest { + fileprivate var digest: String { + let parts = self.description.split(separator: ": ") + return "sha256:\(parts[1])" + } +} diff --git a/Tests/ContainerizationOSTests/BidirectionalRelayTests.swift b/Tests/ContainerizationOSTests/BidirectionalRelayTests.swift new file mode 100644 index 0000000..5189402 --- /dev/null +++ b/Tests/ContainerizationOSTests/BidirectionalRelayTests.swift @@ -0,0 +1,345 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import ContainerizationOS + +#if canImport(Darwin) +import Darwin +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Musl) +import Musl +#endif + +@Suite("BidirectionalRelay tests") +final class BidirectionalRelayTests { + + /// Creates a Unix domain socket pair and returns (fd0, fd1). + private func makeSocketPair() throws -> (Int32, Int32) { + var fds: [Int32] = [0, 0] + #if os(macOS) + let result = socketpair(AF_UNIX, SOCK_STREAM, 0, &fds) + #else + let result = socketpair(AF_UNIX, Int32(SOCK_STREAM.rawValue), 0, &fds) + #endif + try #require(result == 0, "socketpair should succeed, errno: \(errno)") + return (fds[0], fds[1]) + } + + /// Writes all bytes to a file descriptor, retrying on partial writes. + private func writeAll(fd: Int32, data: [UInt8]) throws { + var offset = 0 + while offset < data.count { + let n = data.withUnsafeBufferPointer { buf in + write(fd, buf.baseAddress!.advanced(by: offset), data.count - offset) + } + try #require(n > 0, "write failed, errno: \(errno)") + offset += n + } + } + + /// Reads exactly `count` bytes from a file descriptor with a timeout. + /// Returns the data read, or nil if the timeout expires. + private func readWithTimeout(fd: Int32, count: Int, timeoutSeconds: Double) -> [UInt8]? { + // Set fd to non-blocking for poll-based reading. + let flags = fcntl(fd, F_GETFL) + _ = fcntl(fd, F_SETFL, flags | O_NONBLOCK) + defer { _ = fcntl(fd, F_SETFL, flags) } + + var result = [UInt8](repeating: 0, count: count) + var totalRead = 0 + let deadline = Date().addingTimeInterval(timeoutSeconds) + + while totalRead < count && Date() < deadline { + let n = result.withUnsafeMutableBufferPointer { buf in + read(fd, buf.baseAddress!.advanced(by: totalRead), count - totalRead) + } + if n > 0 { + totalRead += n + } else if n == -1 && (errno == EAGAIN || errno == EWOULDBLOCK) { + // Not ready yet, brief sleep before retry. + usleep(1000) // 1ms + } else { + break + } + } + return totalRead == count ? result : nil + } + + /// Sets a small send buffer on a socket to make it fill quickly. + private func setSendBufferSize(fd: Int32, size: Int32) { + var bufSize = size + setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &bufSize, socklen_t(MemoryLayout.size)) + } + + // MARK: - Test 1: Basic relay + + @Test + func testBasicRelay() throws { + // Create two socketpairs: + // pair1: (a0) --- relay ---> (b0) + // pair2: (a1) <-- relay --- (b1) + // The relay connects a1 <-> b0. + // Write to a0, read from b1 (data flows: a0 → a1 → relay → b0 → b1). + let (a0, a1) = try makeSocketPair() + let (b0, b1) = try makeSocketPair() + defer { + close(a0) + close(b1) + } + + let relay = BidirectionalRelay(fd1: a1, fd2: b0) + try relay.start() + + let testData: [UInt8] = Array("Hello, BidirectionalRelay!".utf8) + try writeAll(fd: a0, data: testData) + + let received = readWithTimeout(fd: b1, count: testData.count, timeoutSeconds: 2.0) + #expect(received == testData, "Data should pass through the relay") + + // Test the reverse direction: write to b1, read from a0. + let reverseData: [UInt8] = Array("Reverse direction".utf8) + try writeAll(fd: b1, data: reverseData) + + let reverseReceived = readWithTimeout(fd: a0, count: reverseData.count, timeoutSeconds: 2.0) + #expect(reverseReceived == reverseData, "Data should flow in reverse through the relay") + + relay.stop() + } + + // MARK: - Test 2: Cross-connection head-of-line blocking + + @Test + func testNoCrossConnectionBlocking() throws { + // Two relays sharing a single serial queue (simulating the old architecture). + // One relay's destination is saturated (not drained). + // The other relay should still work — proving per-connection isolation. + let sharedQueue = DispatchQueue(label: "test.shared-queue") + + // Relay 1: a0 → a1 --relay1--> b0 → b1 (b1 won't be read, causing backpressure) + let (a0, a1) = try makeSocketPair() + let (b0, b1) = try makeSocketPair() + + // Relay 2: c0 → c1 --relay2--> d0 → d1 (d1 will be read normally) + let (c0, c1) = try makeSocketPair() + let (d0, d1) = try makeSocketPair() + + defer { + close(a0) + close(b1) + close(c0) + close(d1) + } + + // Shrink send buffers to make them fill quickly. + setSendBufferSize(fd: b0, size: 4096) + + let relay1 = BidirectionalRelay(fd1: a1, fd2: b0, queue: sharedQueue) + let relay2 = BidirectionalRelay(fd1: c1, fd2: d0, queue: sharedQueue) + + try relay1.start() + try relay2.start() + + // Saturate relay1: write data into a0 but never read from b1. + // This fills b0's send buffer, triggering backpressure on relay1. + let largeData = [UInt8](repeating: 0x41, count: 65536) + // Use non-blocking write to a0 so we don't block this test thread. + let a0flags = fcntl(a0, F_GETFL) + _ = fcntl(a0, F_SETFL, a0flags | O_NONBLOCK) + _ = largeData.withUnsafeBufferPointer { buf in + write(a0, buf.baseAddress!, buf.count) + } + _ = fcntl(a0, F_SETFL, a0flags) // restore + + // Give relay1 time to process and get blocked. + usleep(100_000) // 100ms + + // Now test relay2: it should still work despite relay1 being backpressured. + let testData: [UInt8] = Array("relay2 works!".utf8) + try writeAll(fd: c0, data: testData) + + let received = readWithTimeout(fd: d1, count: testData.count, timeoutSeconds: 2.0) + #expect(received != nil, "Relay2 should not be blocked by Relay1's backpressure") + if let received { + #expect(received == testData, "Relay2 data should be correct") + } + + relay1.stop() + relay2.stop() + } + + // MARK: - Test 3: Backpressure recovery + + @Test + func testBackpressureRecovery() throws { + let (a0, a1) = try makeSocketPair() + let (b0, b1) = try makeSocketPair() + defer { + close(a0) + close(b1) + } + + // Shrink b0's send buffer so backpressure kicks in quickly. + setSendBufferSize(fd: b0, size: 4096) + + let relay = BidirectionalRelay(fd1: a1, fd2: b0) + try relay.start() + + // Write enough data to trigger backpressure (more than the send buffer). + let totalBytes = 32768 + let sendData = [UInt8]((0.. 0 { + offset += n + } else if n == -1 && (errno == EAGAIN || errno == EWOULDBLOCK) { + usleep(1000) + } else { + break + } + } + } + writeThread.start() + + // Read from b1 (drain) — this should relieve backpressure. + var received = [UInt8]() + let readBuf = UnsafeMutableBufferPointer.allocate(capacity: 4096) + defer { readBuf.deallocate() } + + let deadline = Date().addingTimeInterval(5.0) + let b1flags = fcntl(b1, F_GETFL) + _ = fcntl(b1, F_SETFL, b1flags | O_NONBLOCK) + + while received.count < totalBytes && Date() < deadline { + let n = read(b1, readBuf.baseAddress!, readBuf.count) + if n > 0 { + received.append(contentsOf: UnsafeBufferPointer(start: readBuf.baseAddress!, count: n)) + } else if n == -1 && (errno == EAGAIN || errno == EWOULDBLOCK) { + usleep(1000) + } else { + break + } + } + + #expect(received.count == totalBytes, "All bytes should be received after backpressure recovery (got \(received.count)/\(totalBytes))") + #expect(received == sendData, "Received data should match sent data") + + relay.stop() + } + + // MARK: - Test 4: EOF handling + + @Test + func testEOFHandling() async throws { + let (a0, a1) = try makeSocketPair() + let (b0, b1) = try makeSocketPair() + + let relay = BidirectionalRelay(fd1: a1, fd2: b0) + try relay.start() + + // Write some data, then close one end. + let testData: [UInt8] = Array("goodbye".utf8) + try writeAll(fd: a0, data: testData) + close(a0) + + // Read the data from the other end. + let received = readWithTimeout(fd: b1, count: testData.count, timeoutSeconds: 2.0) + #expect(received == testData, "Data should arrive before EOF") + + // Close b1 as well so both directions see EOF. + // (a0 closed → a1 reads EOF → source1 done; + // b1 closed → b0 reads EOF → source2 done → relay complete) + close(b1) + + // The relay should detect EOF on both directions and complete. + let completed = await withTaskGroup(of: Bool.self) { group in + group.addTask { + await relay.waitForCompletion() + return true + } + group.addTask { + try? await Task.sleep(nanoseconds: 3_000_000_000) // 3 seconds + return false + } + let result = await group.next()! + group.cancelAll() + return result + } + + #expect(completed, "Relay should complete after both sides reach EOF") + } + + // MARK: - Test 5: Stop while under backpressure + + @Test + func testStopWhileBackpressured() async throws { + // Verify that stop() works correctly when a read source is suspended + // due to backpressure. Previously, cancelling a suspended dispatch source + // would never deliver the cancel handler, leaking file descriptors. + let (a0, a1) = try makeSocketPair() + let (b0, b1) = try makeSocketPair() + + // Shrink b0's send buffer so backpressure kicks in quickly. + setSendBufferSize(fd: b0, size: 4096) + + let relay = BidirectionalRelay(fd1: a1, fd2: b0) + try relay.start() + + // Write enough to trigger backpressure but don't read from b1. + let largeData = [UInt8](repeating: 0x42, count: 65536) + let a0flags = fcntl(a0, F_GETFL) + _ = fcntl(a0, F_SETFL, a0flags | O_NONBLOCK) + _ = largeData.withUnsafeBufferPointer { buf in + write(a0, buf.baseAddress!, buf.count) + } + + // Give relay time to enter backpressure state (readSource suspended). + usleep(100_000) // 100ms + + // Stop the relay while it's backpressured. This should not hang or leak. + relay.stop() + + // Close the external ends — the relay's fds should already be closed by stop(). + close(a0) + close(b1) + + // The relay should complete (cancel handlers should have fired). + let completed = await withTaskGroup(of: Bool.self) { group in + group.addTask { + await relay.waitForCompletion() + return true + } + group.addTask { + try? await Task.sleep(nanoseconds: 3_000_000_000) // 3 seconds + return false + } + let result = await group.next()! + group.cancelAll() + return result + } + + #expect(completed, "Relay should complete after stop() even when backpressured") + } +} diff --git a/Tests/ContainerizationOSTests/EpollTests.swift b/Tests/ContainerizationOSTests/EpollTests.swift new file mode 100644 index 0000000..636d739 --- /dev/null +++ b/Tests/ContainerizationOSTests/EpollTests.swift @@ -0,0 +1,300 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Foundation +import Testing + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +@testable import ContainerizationOS + +@Suite("Epoll tests") +final class EpollTests { + + @Suite("Mask option set") + struct MaskTests { + @Test + func inputAndOutputAreDistinct() { + let input = Epoll.Mask.input + let output = Epoll.Mask.output + #expect(input != output) + #expect(input.isDisjoint(with: output)) + } + + @Test + func readyToReadMatchesInput() { + let mask = Epoll.Mask.input + #expect(mask.readyToRead) + #expect(!mask.readyToWrite) + } + + @Test + func readyToWriteMatchesOutput() { + let mask = Epoll.Mask.output + #expect(mask.readyToWrite) + #expect(!mask.readyToRead) + } + + @Test + func combinedMask() { + let mask: Epoll.Mask = [.input, .output] + #expect(mask.readyToRead) + #expect(mask.readyToWrite) + } + + @Test + func emptyMaskHasNoFlags() { + let mask = Epoll.Mask(rawValue: 0) + #expect(!mask.readyToRead) + #expect(!mask.readyToWrite) + #expect(!mask.isHangup) + #expect(!mask.isRemoteHangup) + } + } + + private static func makePipe() throws -> (Int32, Int32) { + var fds: [Int32] = [0, 0] + guard pipe(&fds) == 0 else { + throw POSIXError.fromErrno() + } + return (fds[0], fds[1]) + } + + @Test + func addAndDeletePipeFD() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + try epoll.delete(readFD) + } + + @Test + func addInvalidFDThrows() throws { + let epoll = try Epoll() + #expect(throws: POSIXError.self) { + try epoll.add(-1, mask: .input) + } + } + + @Test + func deletingAlreadyClosedFDThrows() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + try epoll.add(readFD, mask: .input) + close(readFD) + close(writeFD) + #expect(throws: POSIXError.self) { + try epoll.delete(readFD) + } + } + + @Test + func doubleDeleteThrows() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + try epoll.delete(readFD) + #expect(throws: POSIXError.self) { + try epoll.delete(readFD) + } + } + + @Test + func waitTimesOutWithNoEvents() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + // Timeout of 0 means return immediately. + let events = epoll.wait(timeout: 0) + try #require(events != nil, "wait should not return nil without shutdown") + #expect(events!.isEmpty, "No data written, so no events expected") + } + + @Test + func waitReturnsReadableEvent() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + + // Write some data to make the read end readable. + var byte: UInt8 = 42 + let n = write(writeFD, &byte, 1) + try #require(n == 1, "write to pipe should succeed") + + let events = epoll.wait(maxEvents: 4, timeout: 1000) + try #require(events != nil, "wait should not return nil without shutdown") + try #require(!events!.isEmpty, "Should have at least one event") + + let event = events!.first { $0.fd == readFD } + try #require(event != nil, "Should have an event for the read fd") + #expect(event!.mask.readyToRead) + } + + @Test + func waitReportsMultipleFDs() throws { + let epoll = try Epoll() + + let (readFD1, writeFD1) = try Self.makePipe() + defer { + close(readFD1) + close(writeFD1) + } + let (readFD2, writeFD2) = try Self.makePipe() + defer { + close(readFD2) + close(writeFD2) + } + + try epoll.add(readFD1, mask: .input) + try epoll.add(readFD2, mask: .input) + + // Write to both pipes. + var byte: UInt8 = 1 + _ = write(writeFD1, &byte, 1) + _ = write(writeFD2, &byte, 1) + + let events = epoll.wait(maxEvents: 4, timeout: 1000) + try #require(events != nil) + #expect(events!.count == 2, "Should report events for both fds") + + let fds = Set(events!.map { $0.fd }) + #expect(fds.contains(readFD1)) + #expect(fds.contains(readFD2)) + } + + @Test + func shutdownCausesWaitToReturnNil() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + + epoll.shutdown() + + let events = epoll.wait(timeout: 0) + #expect(events == nil, "wait should return nil after shutdown") + } + + @Test + func closingWriteEndSignalsHangup() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { close(readFD) } + + try epoll.add(readFD, mask: .input) + + // Close the write end to trigger a hangup on the read end. + close(writeFD) + + let events = epoll.wait(maxEvents: 4, timeout: 1000) + try #require(events != nil) + try #require(!events!.isEmpty, "Should have a hangup event") + + let event = events!.first { $0.fd == readFD } + try #require(event != nil) + #expect(event!.mask.isHangup) + } + + @Test + func deletedFDIsNotReported() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + try epoll.delete(readFD) + + // Write data, should not produce events since we deleted the fd. + var byte: UInt8 = 1 + _ = write(writeFD, &byte, 1) + + let events = epoll.wait(maxEvents: 4, timeout: 100) + try #require(events != nil) + #expect(events!.isEmpty, "Deleted fd should produce no events") + } + + @Test + func edgeTriggeredRequiresDrainBeforeRenotify() throws { + let epoll = try Epoll() + let (readFD, writeFD) = try Self.makePipe() + defer { + close(readFD) + close(writeFD) + } + + try epoll.add(readFD, mask: .input) + + // Write data to make it readable. + var byte: UInt8 = 99 + _ = write(writeFD, &byte, 1) + + // First wait should return the event. + let events1 = epoll.wait(maxEvents: 4, timeout: 1000) + try #require(events1 != nil) + try #require(!events1!.isEmpty) + + // Without reading the data, a second immediate wait should NOT + // re-trigger because of edge triggered semantics. + let events2 = epoll.wait(maxEvents: 4, timeout: 0) + try #require(events2 != nil) + #expect(events2!.isEmpty, "Edge triggered should not re-fire without new activity") + + // Drain the pipe. + var buf = [UInt8](repeating: 0, count: 16) + _ = read(readFD, &buf, buf.count) + + // Write new data. This is a new edge, so it should trigger again. + _ = write(writeFD, &byte, 1) + let events3 = epoll.wait(maxEvents: 4, timeout: 1000) + try #require(events3 != nil) + #expect(!events3!.isEmpty, "New write after drain should trigger event") + } +} + +#endif // os(Linux) diff --git a/Tests/ContainerizationOSTests/FileDescriptorOpsTests.swift b/Tests/ContainerizationOSTests/FileDescriptorOpsTests.swift new file mode 100644 index 0000000..6ac4741 --- /dev/null +++ b/Tests/ContainerizationOSTests/FileDescriptorOpsTests.swift @@ -0,0 +1,898 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationOS + +#if canImport(Darwin) +import Darwin +let os_close = Darwin.close +#elseif canImport(Musl) +import Musl +let os_close = Musl.close +#elseif canImport(Glibc) +import Glibc +let os_close = Glibc.close +#endif + +struct FileDescriptorPathSecureTests { + @Test( + "Test creation of stub file under directory successfully created by secure mkdir", + arguments: [ + // Case 1: Single component, no intermediates needed, default permissions + ([Entry](), FilePath("foo"), nil as FilePermissions?, false), + + // Case 2: Single component with explicit permissions + ([Entry](), FilePath("foo"), FilePermissions(rawValue: 0o755), false), + + // Case 3: Two components, parent exists, no intermediates + ([Entry.directory(path: "foo")], FilePath("foo/bar"), nil as FilePermissions?, false), + + // Case 4: Two components, parent missing, makeIntermediates true + ([Entry](), FilePath("foo/bar"), nil as FilePermissions?, true), + + // Case 5: Three components, makeIntermediates true, custom permissions + ([Entry](), FilePath("foo/bar/baz"), FilePermissions(rawValue: 0o700), true), + + // Case 6: Replace existing file with directory (single component) + ([Entry.regular(path: "foo")], FilePath("foo"), nil as FilePermissions?, false), + + // Case 7: Replace existing file with directory path (makeIntermediates true) + ([Entry.regular(path: "foo")], FilePath("foo/bar"), nil as FilePermissions?, true), + + // Case 8: Replace existing directory with new directory (should be idempotent) + ([Entry.directory(path: "foo")], FilePath("foo"), nil as FilePermissions?, false), + + // Case 9: Replace nested directory structure + ( + [ + Entry.directory(path: "foo/bar"), + Entry.regular(path: "foo/bar/file.txt"), + ], FilePath("foo/bar"), nil as FilePermissions?, false + ), + + // Case 10: Replace symlink with directory + ([Entry.symlink(target: "target", source: "foo")], FilePath("foo"), nil as FilePermissions?, false), + + // Case 11: Multi-level with some intermediates existing + ([Entry.directory(path: "foo")], FilePath("foo/bar/baz"), nil as FilePermissions?, true), + + // Case 12: Deep nesting with makeIntermediates + ([Entry](), FilePath("a/b/c/d/e"), nil as FilePermissions?, true), + ] + ) + func testMkdirSecureValid(entries: [Entry], relativePath: FilePath, permissions: FilePermissions?, makeIntermediates: Bool) async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + try createEntries(rootPath: rootPath, entries: entries, permissions: permissions) + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + let stubFileName = "stub.txt" + let stubContent = Data("stub file content".utf8) + + try FileDescriptorOps.mkdir(rootFd, relativePath, permissions: permissions, makeIntermediates: makeIntermediates) { dirFd in + // Create a stub file in the directory using openat + let fd = openat( + dirFd.rawValue, + stubFileName, + O_WRONLY | O_CREAT | O_TRUNC, + 0o644 + ) + guard fd >= 0 else { + throw Errno(rawValue: errno) + } + defer { close(fd) } + + try stubContent.withUnsafeBytes { buffer in + guard let baseAddress = buffer.baseAddress else { return } + let written = write(fd, baseAddress, buffer.count) + guard written == buffer.count else { + throw Errno(rawValue: errno) + } + } + } + + // Check stub file existence at expected location + let expectedStubPath = rootPath.appending(relativePath.string).appending(stubFileName) + #expect(FileManager.default.fileExists(atPath: expectedStubPath.string)) + + // Verify stub file content + let readContent = try Data(contentsOf: URL(fileURLWithPath: expectedStubPath.string)) + #expect(readContent == stubContent) + + // Check directory permissions if specified + if let permissions = permissions { + // Check each component of the path + let components = relativePath.components + var currentPath = "" + for (index, component) in components.enumerated() { + if index > 0 { + currentPath += "/" + } + currentPath += component.string + + let dirPath = rootPath.appending(currentPath) + let attrs = try FileManager.default.attributesOfItem(atPath: dirPath.string) + let posixPerms = attrs[.posixPermissions] as? NSNumber + // Mask to permission bits only (not file type bits) + let permMask: CModeT = 0o777 + let actualPerms = CModeT(posixPerms?.uint16Value ?? 0) & permMask + let expectedPerms = permissions.rawValue & permMask + #expect( + actualPerms == expectedPerms, + "Directory '\(currentPath)' has permissions 0o\(String(actualPerms, radix: 8)) but expected 0o\(String(expectedPerms, radix: 8))") + } + } + } + + @Test( + "Test mkdir error cases", + arguments: [ + // Case 1: Path starting with ".." should be rejected + (FilePath("../escape"), false, FileDescriptorOps.Error.invalidRelativePath), + + // Case 2: Path with ".." in middle that would escape + (FilePath("foo/../../escape"), false, FileDescriptorOps.Error.invalidRelativePath), + + // Case 3: Missing intermediate without makeIntermediates should fail + (FilePath("missing/intermediate/path"), false, FileDescriptorOps.Error.invalidPathComponent), + + // Case 4: Multiple .. that escape + (FilePath("a/b/../../../escape"), false, FileDescriptorOps.Error.invalidRelativePath), + ] + ) + func testMkdirSecureInvalid(relativePath: FilePath, makeIntermediates: Bool, expectedError: FileDescriptorOps.Error) async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Attempt the operation and expect it to throw + #expect { + try FileDescriptorOps.mkdir(rootFd, relativePath, makeIntermediates: makeIntermediates) { _ in } + } throws: { error in + guard let securePathError = error as? FileDescriptorOps.Error else { + return false + } + // Compare error cases + switch (securePathError, expectedError) { + case (.invalidRelativePath, .invalidRelativePath), + (.invalidPathComponent, .invalidPathComponent), + (.cannotFollowSymlink, .cannotFollowSymlink): + return true + case (.systemError(let op1, let err1), .systemError(let op2, let err2)): + return op1 == op2 && err1 == err2 + default: + return false + } + } + } + + @Test( + "Test paths with .. that normalize to valid paths", + arguments: [ + // Paths with .. that should normalize and succeed + ("./safe", "safe"), // Leading ./ normalizes to safe + ("./a/./b", "a/b"), // Multiple ./ normalize away + ] + ) + func testPathsWithDotNormalization(path: String, expectedNormalized: String) async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + let stubFileName = "stub.txt" + let stubContent = Data("stub file content".utf8) + + try FileDescriptorOps.mkdir(rootFd, FilePath(path), makeIntermediates: true) { dirFd in + // Create a stub file to verify we're in the right place + let fd = openat( + dirFd.rawValue, + stubFileName, + O_WRONLY | O_CREAT | O_TRUNC, + 0o644 + ) + guard fd >= 0 else { + throw Errno(rawValue: errno) + } + defer { close(fd) } + + try stubContent.withUnsafeBytes { buffer in + guard let baseAddress = buffer.baseAddress else { return } + let written = write(fd, baseAddress, buffer.count) + guard written == buffer.count else { + throw Errno(rawValue: errno) + } + } + } + + // Verify stub file exists at the normalized location + let expectedPath = + expectedNormalized.isEmpty + ? rootPath.appending(stubFileName) + : rootPath.appending(expectedNormalized).appending(stubFileName) + #expect( + FileManager.default.fileExists(atPath: expectedPath.string), + "Expected file at normalized path: \(expectedPath.string)") + } + + @Test( + "Test paths with .. that normalize to valid paths", + arguments: [ + // Paths with .. that should fail + ("safe/.."), // Normalizes to empty (current dir) + ("a/../b"), // Normalizes to b + ("a/b/../c"), // Normalizes to a/c + ] + ) + func testPathsWithDotDotNormalization(path: String) async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + #expect(throws: FileDescriptorOps.Error.invalidRelativePath.self) { + try FileDescriptorOps.mkdir(rootFd, FilePath(path), makeIntermediates: true) + } + } + + @Test( + "Test paths with empty components (double slashes)", + arguments: [ + "a//b", // Double slash in middle + "a///b", // Triple slash + "a//b//c", // Multiple double slashes + ] + ) + func testPathsWithEmptyComponents(path: String) async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + let stubFileName = "stub.txt" + let stubContent = Data("stub file content".utf8) + + // Should normalize and succeed (// becomes /) + try FileDescriptorOps.mkdir(rootFd, FilePath(path), makeIntermediates: true) { dirFd in + let fd = openat( + dirFd.rawValue, + stubFileName, + O_WRONLY | O_CREAT | O_TRUNC, + 0o644 + ) + guard fd >= 0 else { + throw Errno(rawValue: errno) + } + defer { close(fd) } + + try stubContent.withUnsafeBytes { buffer in + guard let baseAddress = buffer.baseAddress else { return } + let written = write(fd, baseAddress, buffer.count) + guard written == buffer.count else { + throw Errno(rawValue: errno) + } + } + } + + // Verify the file exists somewhere under root (normalization should handle it) + // The exact location depends on how FilePath normalizes empty components + let normalizedPath = FilePath(path).lexicallyNormalized() + let expectedPath = rootPath.appending(normalizedPath.string).appending(stubFileName) + #expect( + FileManager.default.fileExists(atPath: expectedPath.string), + "Expected file at normalized path: \(expectedPath.string)") + } + + @Test("Test very deep nesting") + func testDeepNesting() async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Create a 100-level deep path + var deepPath = "" + for i in 0..<100 { + if i > 0 { deepPath += "/" } + deepPath += "level\(i)" + } + + let stubFileName = "deep.txt" + let stubContent = Data("deep file".utf8) + + try FileDescriptorOps.mkdir(rootFd, FilePath(deepPath), makeIntermediates: true) { dirFd in + let fd = openat( + dirFd.rawValue, + stubFileName, + O_WRONLY | O_CREAT | O_TRUNC, + 0o644 + ) + guard fd >= 0 else { + throw Errno(rawValue: errno) + } + defer { close(fd) } + + try stubContent.withUnsafeBytes { buffer in + guard let baseAddress = buffer.baseAddress else { return } + let written = write(fd, baseAddress, buffer.count) + guard written == buffer.count else { + throw Errno(rawValue: errno) + } + } + } + + // Verify the deep file exists + let expectedPath = rootPath.appending(deepPath).appending(stubFileName) + #expect(FileManager.default.fileExists(atPath: expectedPath.string)) + } + + @Test("Test path with null byte") + func testNullByteInPath() async throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Path with null byte - FilePath may handle this differently + // This tests that we don't crash or have unexpected behavior + let pathWithNull = "file\u{0000}.txt" + + // Try to create it - behavior depends on FilePath's null byte handling + // We mainly want to ensure it doesn't bypass security checks + do { + try FileDescriptorOps.mkdir(rootFd, FilePath(pathWithNull), makeIntermediates: true) { _ in } + + // If it succeeds, verify it stayed within root + let entries = try FileManager.default.contentsOfDirectory(atPath: rootPath.string) + for entry in entries { + let fullPath = rootPath.appending(entry) + let canonicalRoot = try FileDescriptorOps.getCanonicalPath(rootFd) + let canonicalEntry = try FileDescriptor.open(fullPath, .readOnly) + let canonicalEntryPath = try FileDescriptorOps.getCanonicalPath(canonicalEntry) + try? canonicalEntry.close() + + // Verify entry is under root + #expect( + canonicalEntryPath.string.hasPrefix(canonicalRoot.string + "/") || canonicalEntryPath.string == canonicalRoot.string, + "Entry escaped root: \(canonicalEntryPath.string)") + } + } catch { + // If it fails, that's also acceptable - just don't crash + } + } + + @Test("Remove a regular file") + func testRemoveRegularFile() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Create a regular file + let filePath = tempPath.appending("testfile.txt") + _ = FileManager.default.createFile(atPath: filePath.string, contents: Data("test".utf8)) + + // Verify file exists + #expect(FileManager.default.fileExists(atPath: filePath.string)) + + // Remove it + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("testfile.txt")) + + // Verify file is gone + #expect(!FileManager.default.fileExists(atPath: filePath.string)) + } + + @Test("Remove an empty directory") + func testRemoveEmptyDirectory() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Create an empty directory + let dirPath = tempPath.appending("emptydir") + try FileManager.default.createDirectory(atPath: dirPath.string, withIntermediateDirectories: false) + + // Verify directory exists + var isDir: ObjCBool = false + #expect(FileManager.default.fileExists(atPath: dirPath.string, isDirectory: &isDir)) + #expect(isDir.boolValue) + + // Remove it + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("emptydir")) + + // Verify directory is gone + #expect(!FileManager.default.fileExists(atPath: dirPath.string)) + } + + @Test("Remove a directory with nested files and subdirectories") + func testRemoveNestedDirectory() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Create nested structure: + // nested/ + // file1.txt + // subdir/ + // file2.txt + // deepdir/ + // file3.txt + let nestedPath = tempPath.appending("nested") + let subdirPath = nestedPath.appending("subdir") + let deepdirPath = subdirPath.appending("deepdir") + + try FileManager.default.createDirectory(atPath: deepdirPath.string, withIntermediateDirectories: true) + _ = FileManager.default.createFile(atPath: nestedPath.appending("file1.txt").string, contents: Data("1".utf8)) + _ = FileManager.default.createFile(atPath: subdirPath.appending("file2.txt").string, contents: Data("2".utf8)) + _ = FileManager.default.createFile(atPath: deepdirPath.appending("file3.txt").string, contents: Data("3".utf8)) + + // Verify structure exists + #expect(FileManager.default.fileExists(atPath: nestedPath.string)) + #expect(FileManager.default.fileExists(atPath: subdirPath.string)) + #expect(FileManager.default.fileExists(atPath: deepdirPath.string)) + + // Remove entire tree + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("nested")) + + // Verify everything is gone + #expect(!FileManager.default.fileExists(atPath: nestedPath.string)) + } + + @Test("Remove non-existent file returns without error") + func testRemoveNonExistent() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Remove non-existent file should not throw + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("nonexistent.txt")) + } + + @Test("Remove symlink without following it") + func testRemoveSymlink() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Create target file and symlink + let targetPath = tempPath.appending("target.txt") + let linkPath = tempPath.appending("link") + _ = FileManager.default.createFile(atPath: targetPath.string, contents: Data("target".utf8)) + try FileManager.default.createSymbolicLink(atPath: linkPath.string, withDestinationPath: "target.txt") + + // Verify both exist + #expect(FileManager.default.fileExists(atPath: targetPath.string)) + #expect(FileManager.default.fileExists(atPath: linkPath.string)) + + // Remove symlink + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("link")) + + // Verify symlink is gone but target remains + #expect(!FileManager.default.fileExists(atPath: linkPath.string)) + #expect(FileManager.default.fileExists(atPath: targetPath.string)) + } + + @Test("Remove directory with mixed content (files, dirs, symlinks)") + func testRemoveMixedDirectory() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Create mixed structure: + // mixed/ + // file.txt + // subdir/ + // link -> file.txt + let mixedPath = tempPath.appending("mixed") + let subdirPath = mixedPath.appending("subdir") + + try FileManager.default.createDirectory(atPath: subdirPath.string, withIntermediateDirectories: true) + _ = FileManager.default.createFile(atPath: mixedPath.appending("file.txt").string, contents: Data("test".utf8)) + try FileManager.default.createSymbolicLink( + atPath: mixedPath.appending("link").string, + withDestinationPath: "file.txt" + ) + + // Verify structure exists + #expect(FileManager.default.fileExists(atPath: mixedPath.string)) + + // Remove entire tree + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("mixed")) + + // Verify everything is gone + #expect(!FileManager.default.fileExists(atPath: mixedPath.string)) + } + + @Test("Guards against removing '.' component") + func testGuardDotComponent() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Should return without error and without removing anything + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component(".")) + + // Verify directory still exists + #expect(FileManager.default.fileExists(atPath: tempPath.string)) + } + + @Test("Guards against removing '..' component") + func testGuardDotDotComponent() throws { + let tempPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: tempPath.string) } + + let rootFd = try FileDescriptor.open(tempPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + // Should return without error and without removing anything + try FileDescriptorOps.unlinkRecursive(rootFd, filename: FilePath.Component("..")) + + // Verify directory still exists + #expect(FileManager.default.fileExists(atPath: tempPath.string)) + } + + @Test("Test mkdir with empty path calls completion with parent") + func testMkdirEmptyPath() throws { + let rootPath = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: rootPath.string) } + + let rootFd = try FileDescriptor.open(rootPath, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + let stubFileName = "root-level-file.txt" + let stubContent = Data("root level content".utf8) + var completionCalled = false + + // Call mkdir with empty path + try FileDescriptorOps.mkdir(rootFd, FilePath(""), makeIntermediates: false) { dirFd in + completionCalled = true + + // Verify dirFd is the same as rootFd + #expect(dirFd.rawValue == rootFd.rawValue, "Completion should receive the parent directory FD") + + // Create a file in the directory to verify we got the right FD + let fd = openat( + dirFd.rawValue, + stubFileName, + O_WRONLY | O_CREAT | O_TRUNC, + 0o644 + ) + guard fd >= 0 else { + throw Errno(rawValue: errno) + } + defer { close(fd) } + + try stubContent.withUnsafeBytes { buffer in + guard let baseAddress = buffer.baseAddress else { return } + let written = write(fd, baseAddress, buffer.count) + guard written == buffer.count else { + throw Errno(rawValue: errno) + } + } + } + + // Verify completion was called + #expect(completionCalled, "Completion handler should be called for empty path") + + // Verify file was created at root level + let expectedPath = rootPath.appending(stubFileName) + #expect(FileManager.default.fileExists(atPath: expectedPath.string)) + + // Verify content + let readContent = try Data(contentsOf: URL(fileURLWithPath: expectedPath.string)) + #expect(readContent == stubContent) + } + + private func createTempDirectory() throws -> FilePath { + let tempURL = FileManager.default.temporaryDirectory + .appendingPathComponent(UUID().uuidString) + try FileManager.default.createDirectory(at: tempURL, withIntermediateDirectories: true) + return FilePath(tempURL.path) + + } + + private func createEntries(rootPath: FilePath, entries: [Entry], permissions: FilePermissions? = nil) throws { + for entry in entries { + switch entry { + case .regular(let path): + let fullPath = rootPath.appending(path) + // Create parent directories if needed + let parentPath = FilePath(fullPath.string).removingLastComponent() + if !FileManager.default.fileExists(atPath: parentPath.string) { + try FileManager.default.createDirectory( + atPath: parentPath.string, + withIntermediateDirectories: true, + attributes: permissions.map { [.posixPermissions: $0.rawValue] } + ) + } + _ = FileManager.default.createFile( + atPath: fullPath.string, + contents: Data("test".utf8) + ) + case .directory(let path): + let fullPath = rootPath.appending(path) + try FileManager.default.createDirectory( + atPath: fullPath.string, + withIntermediateDirectories: true, + attributes: permissions.map { [.posixPermissions: $0.rawValue] } + ) + case .symlink(let target, let source): + let sourcePath = rootPath.appending(source) + // Create parent directories for source if needed + let parentPath = FilePath(sourcePath.string).removingLastComponent() + if !FileManager.default.fileExists(atPath: parentPath.string) { + try FileManager.default.createDirectory( + atPath: parentPath.string, + withIntermediateDirectories: true, + attributes: permissions.map { [.posixPermissions: $0.rawValue] } + ) + } + try FileManager.default.createSymbolicLink( + atPath: sourcePath.string, + withDestinationPath: target + ) + } + } + } +} + +enum Entry { + case regular(path: String) + case directory(path: String) + case symlink(target: String, source: String) +} + +// MARK: - enumerate tests + +extension FileDescriptorPathSecureTests { + + // Collect all entries reported by enumerate, keyed by path string. + private func collect(root: FilePath) throws -> [String: FileDescriptorOps.EntryType] { + let rootFd = try FileDescriptor.open(root, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + var found: [String: FileDescriptorOps.EntryType] = [:] + try FileDescriptorOps.enumerate(rootFd) { path, type, _ in + found[path.string] = type + } + return found + } + + @Test func testEnumerateSecureEmptyDirectory() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + + let found = try collect(root: root) + #expect(found.isEmpty) + } + + @Test func testEnumerateSecureFlatRegularFiles() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + try createEntries( + rootPath: root, + entries: [ + .regular(path: "a.txt"), + .regular(path: "b.txt"), + .regular(path: "c.txt"), + ]) + + let found = try collect(root: root) + #expect(found.count == 3) + #expect(found["a.txt"] == .regular) + #expect(found["b.txt"] == .regular) + #expect(found["c.txt"] == .regular) + } + + @Test func testEnumerateSecureRecursesIntoRealDirectories() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + try createEntries( + rootPath: root, + entries: [ + .directory(path: "subdir"), + .regular(path: "subdir/file.txt"), + ]) + + let found = try collect(root: root) + #expect(found.count == 2) + #expect(found["subdir"] == .directory) + #expect(found["subdir/file.txt"] == .regular) + } + + @Test func testEnumerateSecureReportsFileSymlink() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + try createEntries( + rootPath: root, + entries: [ + .regular(path: "target.txt"), + .symlink(target: "target.txt", source: "link.txt"), + ]) + + let found = try collect(root: root) + #expect(found["link.txt"] == .symlink) + #expect(found["target.txt"] == .regular) + } + + @Test func testEnumerateSecureDoesNotFollowDirectorySymlink() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + + // Create a real directory with content alongside a symlink to it. + try createEntries( + rootPath: root, + entries: [ + .directory(path: "real"), + .regular(path: "real/inside.txt"), + .symlink(target: "real", source: "link"), + ]) + + let found = try collect(root: root) + // "link" is reported as a symlink, not followed — "link/inside.txt" absent. + #expect(found["link"] == .symlink) + #expect(found["link/inside.txt"] == nil) + // The real directory and its content are still traversed normally. + #expect(found["real"] == .directory) + #expect(found["real/inside.txt"] == .regular) + } + + @Test func testEnumerateSecureDoesNotFollowAbsoluteDirectorySymlinkOutside() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + + // Create a directory entirely outside the root. + let outside = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: outside.string) } + #expect(FileManager.default.createFile(atPath: outside.appending("secret.txt").string, contents: Data("secret".utf8))) + + // Symlink inside root → absolute path outside root. + try createEntries( + rootPath: root, + entries: [ + .symlink(target: outside.string, source: "escape") + ]) + + let found = try collect(root: root) + // The symlink itself is reported… + #expect(found["escape"] == .symlink) + // …but nothing inside the outside directory is reachable. + #expect(found["escape/secret.txt"] == nil) + #expect(found.count == 1) + } + + @Test func testEnumerateSecureDoesNotFollowRelativeDirectorySymlinkOutside() throws { + // Layout: base/root/ and base/outside/, symlink root/escape → ../outside + let base = FileManager.default.temporaryDirectory.appendingPathComponent(UUID().uuidString).path + let rootStr = (base as NSString).appendingPathComponent("root") + let outsideStr = (base as NSString).appendingPathComponent("outside") + try FileManager.default.createDirectory(atPath: rootStr, withIntermediateDirectories: true) + try FileManager.default.createDirectory(atPath: outsideStr, withIntermediateDirectories: true) + defer { try? FileManager.default.removeItem(atPath: base) } + + #expect(FileManager.default.createFile(atPath: (outsideStr as NSString).appendingPathComponent("secret.txt"), contents: Data("secret".utf8))) + try FileManager.default.createSymbolicLink( + atPath: (rootStr as NSString).appendingPathComponent("escape"), + withDestinationPath: "../outside" + ) + + let rootFd = try FileDescriptor.open(FilePath(rootStr), .readOnly, options: [.directory]) + defer { try? rootFd.close() } + var found: [String: FileDescriptorOps.EntryType] = [:] + try FileDescriptorOps.enumerate(rootFd) { path, type, _ in found[path.string] = type } + + #expect(found["escape"] == .symlink) + #expect(found["escape/secret.txt"] == nil) + #expect(found.count == 1) + } + + @Test func testEnumerateSecureMixedContent() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + try createEntries( + rootPath: root, + entries: [ + .regular(path: "readme.txt"), + .directory(path: "src"), + .regular(path: "src/main.swift"), + .directory(path: "src/util"), + .regular(path: "src/util/helper.swift"), + .symlink(target: "readme.txt", source: "link.txt"), + .symlink(target: "src", source: "src-link"), + ]) + + let found = try collect(root: root) + #expect(found["readme.txt"] == .regular) + #expect(found["src"] == .directory) + #expect(found["src/main.swift"] == .regular) + #expect(found["src/util"] == .directory) + #expect(found["src/util/helper.swift"] == .regular) + #expect(found["link.txt"] == .symlink) + // Directory symlink: reported but not followed. + #expect(found["src-link"] == .symlink) + #expect(found["src-link/main.swift"] == nil) + #expect(found.count == 7) + } + + @Test func testEnumerateSecurePreOrderDirectoryBeforeContents() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + try createEntries( + rootPath: root, + entries: [ + .directory(path: "dir"), + .regular(path: "dir/child.txt"), + ]) + + let rootFd = try FileDescriptor.open(root, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + var order: [String] = [] + try FileDescriptorOps.enumerate(rootFd) { path, _, _ in order.append(path.string) } + + let dirIdx = try #require(order.firstIndex(of: "dir")) + let childIdx = try #require(order.firstIndex(of: "dir/child.txt")) + #expect(dirIdx < childIdx, "directory must be reported before its contents") + } + + @Test func testEnumerateSecureParentFdCanOpenEntryWithoutFollowingSymlinks() throws { + let root = try createTempDirectory() + defer { try? FileManager.default.removeItem(atPath: root.string) } + let content = Data("hello".utf8) + try createEntries(rootPath: root, entries: [.regular(path: "file.txt")]) + #expect(FileManager.default.createFile(atPath: root.appending("file.txt").string, contents: content)) + + let rootFd = try FileDescriptor.open(root, .readOnly, options: [.directory]) + defer { try? rootFd.close() } + + var readContent: Data? + try FileDescriptorOps.enumerate(rootFd) { path, type, parentFd in + guard type == .regular, let name = path.lastComponent?.string else { return } + // Open through the fd chain — no absolute path involved. + let fd = openat(parentFd.rawValue, name, O_RDONLY | O_NOFOLLOW) + guard fd >= 0 else { return } + defer { _ = os_close(fd) } + var buf = [UInt8](repeating: 0, count: 256) + let n = read(fd, &buf, buf.count) + if n > 0 { readContent = Data(buf.prefix(n)) } + } + + #expect(readContent == content) + } +} diff --git a/Tests/ContainerizationOSTests/FilePathOpsTests.swift b/Tests/ContainerizationOSTests/FilePathOpsTests.swift new file mode 100644 index 0000000..f5d5c05 --- /dev/null +++ b/Tests/ContainerizationOSTests/FilePathOpsTests.swift @@ -0,0 +1,43 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import SystemPackage +import Testing + +@testable import ContainerizationOS + +struct FilePathOpsTests { + @Test("absolutePath returns absolute inputs unchanged") + func absolutePathPreservesAbsolutePath() { + let absolute = FilePath("/tmp/containerization/file.tar") + let resolved = FilePathOps.absolutePath(absolute) + + #expect(resolved == absolute) + } + + @Test("absolutePath resolves relative paths against cwd and normalizes lexically") + func absolutePathResolvesRelativePath() { + let relative = FilePath("./images/../image.tar") + let expected = FilePath(FileManager.default.currentDirectoryPath) + .appending(relative.components) + .lexicallyNormalized() + let resolved = FilePathOps.absolutePath(relative) + + #expect(resolved == expected) + #expect(resolved.isAbsolute) + } +} diff --git a/Tests/ContainerizationOSTests/KeychainQueryTests.swift b/Tests/ContainerizationOSTests/KeychainQueryTests.swift new file mode 100644 index 0000000..301cc4f --- /dev/null +++ b/Tests/ContainerizationOSTests/KeychainQueryTests.swift @@ -0,0 +1,83 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) + +import Foundation +import Testing + +@testable import ContainerizationOS + +struct KeychainQueryTests { + let securityDomain = "com.example.container-testing-keychain" + let hostname = "testing-keychain.example.com" + let username = "containerization-test" + + let kq = KeychainQuery() + + @Test(.enabled(if: !isCI)) + func keychainQuery() throws { + defer { try? kq.delete(securityDomain: securityDomain, hostname: hostname) } + + do { + try kq.save(securityDomain: securityDomain, hostname: hostname, username: username, password: "foobar") + #expect(try kq.exists(securityDomain: securityDomain, hostname: hostname)) + + let fetched = try kq.get(securityDomain: securityDomain, hostname: hostname) + let result = try #require(fetched) + #expect(result.username == username) + #expect(result.password == "foobar") + } catch KeychainQuery.Error.unhandledError(status: -25308) { + // ignore errSecInteractionNotAllowed + } + } + + @Test(.enabled(if: !isCI)) + func list() throws { + let hostname1 = "testing-1-keychain.example.com" + let hostname2 = "testing-2-keychain.example.com" + + defer { + try? kq.delete(securityDomain: securityDomain, hostname: hostname1) + try? kq.delete(securityDomain: securityDomain, hostname: hostname2) + } + + do { + try kq.save(securityDomain: securityDomain, hostname: hostname1, username: username, password: "foobar") + try kq.save(securityDomain: securityDomain, hostname: hostname2, username: username, password: "foobar") + + let entries = try kq.list(securityDomain: securityDomain) + + // Verify that both hostnames exist + let hostnames = entries.map { $0.hostname } + #expect(hostnames.contains(hostname1)) + #expect(hostnames.contains(hostname2)) + + // Verify that the accounts exist + for entry in entries { + #expect(entry.username == username) + } + } catch KeychainQuery.Error.unhandledError(status: -25308) { + // ignore errSecInteractionNotAllowed + } + } + + private static var isCI: Bool { + ProcessInfo.processInfo.environment["CI"] != nil + } +} + +#endif diff --git a/Tests/ContainerizationOSTests/SocketTests.swift b/Tests/ContainerizationOSTests/SocketTests.swift new file mode 100644 index 0000000..e941cd4 --- /dev/null +++ b/Tests/ContainerizationOSTests/SocketTests.swift @@ -0,0 +1,126 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CShim +import Foundation +import Testing + +@testable import ContainerizationOS + +#if canImport(Darwin) +import Darwin +#elseif canImport(Glibc) +import Glibc +#elseif canImport(Musl) +import Musl +#endif + +@Suite("Socket SCM_RIGHTS tests") +final class SocketTests { + + /// Helper function to send a file descriptor via SCM_RIGHTS + private func sendFileDescriptor(socket: Socket, fd: Int32) throws { + var msg = msghdr() + var iov = iovec() + var buf: UInt8 = 0 + + iov.iov_base = withUnsafeMutablePointer(to: &buf) { UnsafeMutableRawPointer($0) } + iov.iov_len = 1 + + msg.msg_iov = withUnsafeMutablePointer(to: &iov) { $0 } + msg.msg_iovlen = 1 + + // Control message buffer for file descriptor + var cmsgBuf = [UInt8](repeating: 0, count: Int(CZ_CMSG_SPACE(Int(MemoryLayout.size)))) + + msg.msg_control = withUnsafeMutablePointer(to: &cmsgBuf[0]) { UnsafeMutableRawPointer($0) } + msg.msg_controllen = .init(cmsgBuf.count) + + // Set up control message + let cmsgPtr = withUnsafeMutablePointer(to: &msg) { CZ_CMSG_FIRSTHDR($0) } + guard let cmsg = cmsgPtr else { + throw SocketError.invalidFileDescriptor + } + + cmsg.pointee.cmsg_level = SOL_SOCKET + cmsg.pointee.cmsg_type = .init(SCM_RIGHTS) + cmsg.pointee.cmsg_len = .init(CZ_CMSG_LEN(Int(MemoryLayout.size))) + + guard let dataPtr = CZ_CMSG_DATA(cmsg) else { + throw SocketError.invalidFileDescriptor + } + + dataPtr.assumingMemoryBound(to: Int32.self).pointee = fd + + let sendResult = withUnsafeMutablePointer(to: &msg) { msgPtr in + sendmsg(socket.fileDescriptor, msgPtr, 0) + } + + guard sendResult >= 0 else { + throw SocketError.withErrno("sendmsg failed", errno: errno) + } + } + + @Test + func testSCMRightsFileDescriptorPassing() throws { + // Create a socketpair for testing + var fds: [Int32] = [0, 0] + #if os(macOS) + let result = socketpair(AF_UNIX, SOCK_STREAM, 0, &fds) + #else + let result = socketpair(AF_UNIX, Int32(SOCK_STREAM.rawValue), 0, &fds) + #endif + try #require(result == 0, "socketpair should succeed") + + defer { + close(fds[0]) + close(fds[1]) + } + + // Use a dummy UnixType since we won't be using it for bind/connect/listen + let socketType = try UnixType(path: "/tmp/dummy") + let sendSocket = Socket(fd: fds[0], type: socketType, closeOnDeinit: false, connected: true) + let recvSocket = Socket(fd: fds[1], type: socketType, closeOnDeinit: false, connected: true) + + // Create a temporary file to send its descriptor + let fileManager = FileManager.default + let tempDir = fileManager.uniqueTemporaryDirectory() + defer { try? fileManager.removeItem(at: tempDir) } + + let testFilePath = tempDir.appending(path: "test.txt") + let testContent = "Hello, SCM_RIGHTS!" + try testContent.write(to: testFilePath, atomically: true, encoding: .utf8) + + let testFileHandle = try FileHandle(forReadingFrom: testFilePath) + defer { try? testFileHandle.close() } + + let originalFD = testFileHandle.fileDescriptor + + try sendFileDescriptor(socket: sendSocket, fd: originalFD) + let receivedFd = try recvSocket.receiveFileDescriptor() + let receivedFileHandle = FileHandle(fileDescriptor: receivedFd) + defer { try? receivedFileHandle.close() } + + try #require(receivedFileHandle.fileDescriptor != originalFD, "Received FD should be different") + try #require(receivedFileHandle.fileDescriptor >= 0, "Received FD should be valid") + + let data = try receivedFileHandle.readToEnd() + try #require(data != nil, "Should be able to read from received FD") + + let receivedContent = String(data: data!, encoding: .utf8) + #expect(receivedContent == testContent, "Content should match original file") + } +} diff --git a/Tests/ContainerizationOSTests/UserTests.swift b/Tests/ContainerizationOSTests/UserTests.swift new file mode 100644 index 0000000..cea3e83 --- /dev/null +++ b/Tests/ContainerizationOSTests/UserTests.swift @@ -0,0 +1,153 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import Foundation +import Testing + +@testable import ContainerizationOS + +@Suite("User/Group parse tests") +final class UsersTests { + struct TestCase: Sendable { + let userString: String + let expect: User.ExecUser + let shouldThrow: Bool + + init(_ userString: String, _ expect: User.ExecUser, _ shouldThrow: Bool) { + self.userString = userString + self.expect = expect + self.shouldThrow = shouldThrow + } + } + + static func createFile(path: URL, content: Data) throws { + let parent = path.deletingLastPathComponent() + let fileManager = FileManager.default + try fileManager.createDirectory(at: parent, withIntermediateDirectories: true) + try content.write(to: path) + } + + @Test + func testExecUserOnlyPasswd() throws { + let passwordContent = """ + root:x:0:0:root:/root:/bin/bash + daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:x:2:2:bin:/bin:/usr/sbin/nologin + sys:x:3:3:sys:/dev:/usr/sbin/nologin + nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin + platform:x:1000:1000:Platform:/home/platform:/bin/sh + """ + + let fileManager = FileManager.default + let tempDir = fileManager.uniqueTemporaryDirectory() + defer { try? fileManager.removeItem(at: tempDir) } + let passwdPath = tempDir.appending(path: "etc/passwd") + try Self.createFile(path: passwdPath, content: passwordContent.data(using: .ascii)!) + + let testCases: [TestCase] = [ + .init("root", .init(uid: 0, gid: 0, sgids: [], home: "/root", shell: "/bin/bash"), false), + .init("0:0", .init(uid: 0, gid: 0, sgids: [], home: "/root", shell: "/bin/bash"), false), + .init("platform", .init(uid: 1000, gid: 1000, sgids: [], home: "/home/platform", shell: "/bin/sh"), false), + .init("65534", .init(uid: 65534, gid: 65534, sgids: [], home: "/nonexistent", shell: "/usr/sbin/nologin"), false), + .init("should_fail", .init(uid: 456, gid: 123, sgids: [], home: "/undefined", shell: ""), true), + .init(":nouser", .init(uid: 456, gid: 123, sgids: [], home: "/undefined", shell: ""), true), + ] + + let groupPath = tempDir.appending(path: "etc/group") + for testCase in testCases { + if testCase.shouldThrow { + #expect(throws: User.Error.self) { + try User.getExecUser(userString: testCase.userString, passwdPath: passwdPath, groupPath: groupPath) + } + continue + } + let user = try User.getExecUser(userString: testCase.userString, passwdPath: passwdPath, groupPath: groupPath) + #expect(testCase.expect.uid == user.uid) + #expect(testCase.expect.gid == user.gid) + #expect(testCase.expect.home == user.home) + #expect(testCase.expect.sgids == user.sgids) + #expect(testCase.expect.shell == user.shell) + } + } + + @Test + func testExecUserNoPasswdFile() throws { + #expect(throws: User.Error.self) { + try User.getExecUser( + userString: "root:root", + passwdPath: URL(filePath: "/foobar-passwd"), + groupPath: URL(filePath: "/foobar-group") + ) + } + } + + @Test + func testExecUserPasswdGroup() throws { + let passwordContent = """ + root:x:0:0:root:/root:/bin/bash + daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:x:2:2:bin:/bin:/usr/sbin/nologin + sys:x:3:3:sys:/dev:/usr/sbin/nologin + backup:x:34:34:backup:/var/backups:/usr/sbin/nologin + nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin + platform:x:1000:1000:platform:/home/platform:/bin/bash + """ + + let groupContent = """ + root:x:0: + daemon:x:1: + bin:x:2: + adm:x:4:platform + tape:x:26: + sudo:x:27:platform + audio:x:29:platform + video:x:44:platform + nogroup:x:65534: + platform:x:1000: + """ + + let fileManager = FileManager.default + let tempDir = fileManager.uniqueTemporaryDirectory() + defer { try? fileManager.removeItem(at: tempDir) } + let passwdPath = tempDir.appending(path: "etc/passwd") + let groupPath = tempDir.appending(path: "etc/group") + try Self.createFile(path: passwdPath, content: passwordContent.data(using: .ascii)!) + try Self.createFile(path: groupPath, content: groupContent.data(using: .ascii)!) + + let testCases: [TestCase] = [ + .init("root:bin", .init(uid: 0, gid: 2, sgids: [2], home: "/root", shell: "/bin/bash"), false), + .init("daemon:platform", .init(uid: 1, gid: 1000, sgids: [1000], home: "/usr/sbin", shell: "/usr/sbin/nologin"), false), + .init("platform", .init(uid: 1000, gid: 1000, sgids: [4, 27, 29, 44], home: "/home/platform", shell: "/bin/bash"), false), + .init("nobody", .init(uid: 65534, gid: 65534, sgids: [], home: "/nonexistent", shell: "/usr/sbin/nologin"), false), + .init("2:1000", .init(uid: 2, gid: 1000, sgids: [1000], home: "/bin", shell: "/usr/sbin/nologin"), false), + ] + + for testCase in testCases { + if testCase.shouldThrow { + #expect(throws: User.Error.self) { + try User.getExecUser(userString: testCase.userString, passwdPath: passwdPath, groupPath: groupPath) + } + } + let user = try User.getExecUser(userString: testCase.userString, passwdPath: passwdPath, groupPath: groupPath) + #expect(testCase.expect.uid == user.uid) + #expect(testCase.expect.gid == user.gid) + #expect(testCase.expect.home == user.home) + #expect(Set(testCase.expect.sgids) == Set(user.sgids)) + #expect(testCase.expect.shell == user.shell) + } + } +} diff --git a/Tests/ContainerizationTests/AllocatorTests.swift b/Tests/ContainerizationTests/AllocatorTests.swift new file mode 100644 index 0000000..8bb80d2 --- /dev/null +++ b/Tests/ContainerizationTests/AllocatorTests.swift @@ -0,0 +1,170 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) + +import ContainerizationError +import ContainerizationExtras +import Testing + +@testable import Containerization + +struct AllocatorTests { + + @Test func allocateDualStackReturnsDistinctPairs() throws { + guard #available(macOS 26, *) else { return } + var alloc = try VmnetNetwork.Allocator( + cidrV4: try CIDRv4("192.168.64.0/24"), + cidrV6: try CIDRv6("fd00::/64")) + + let (a4, a6) = try alloc.allocate("a") + let (b4, b6) = try alloc.allocate("b") + + #expect(a4 != b4) + #expect(a6 != nil && b6 != nil) + #expect(a6 != b6) + + // The v4 allocator starts at lower + 2 (skipping network base + gateway), + // so the first two allocations are .2 and .3. + #expect(a4 == (try CIDRv4("192.168.64.2/24"))) + #expect(b4 == (try CIDRv4("192.168.64.3/24"))) + } + + @Test func allocateWithNoV6PrefixReturnsNilV6() throws { + guard #available(macOS 26, *) else { return } + var alloc = try VmnetNetwork.Allocator( + cidrV4: try CIDRv4("192.168.64.0/24"), + cidrV6: nil) + + let (_, a6) = try alloc.allocate("a") + #expect(a6 == nil) + } + + @Test func duplicateIdThrows() throws { + guard #available(macOS 26, *) else { return } + var alloc = try VmnetNetwork.Allocator( + cidrV4: try CIDRv4("192.168.64.0/24"), + cidrV6: try CIDRv6("fd00::/64")) + _ = try alloc.allocate("a") + #expect(throws: ContainerizationError.self) { + _ = try alloc.allocate("a") + } + } + + @Test func releaseAllowsIdReuse() throws { + guard #available(macOS 26, *) else { return } + var alloc = try VmnetNetwork.Allocator( + cidrV4: try CIDRv4("192.168.64.0/24"), + cidrV6: try CIDRv6("fd00::/64")) + + _ = try alloc.allocate("a") + // Re-allocating 'a' would throw .exists if release didn't clear it. + try alloc.release("a") + _ = try alloc.allocate("a") + } + + @Test func releaseUnknownIdIsNoOp() throws { + guard #available(macOS 26, *) else { return } + var alloc = try VmnetNetwork.Allocator( + cidrV4: try CIDRv4("192.168.64.0/24"), + cidrV6: try CIDRv6("fd00::/64")) + try alloc.release("never-allocated") + } + + @Test func v6HostPortionUsesOrdinalIndex() throws { + guard #available(macOS 26, *) else { + return + } + var alloc = try VmnetNetwork.Allocator( + cidrV4: try CIDRv4("192.168.64.0/24"), + cidrV6: try CIDRv6("fd00::/64")) + + let (_, a6) = try alloc.allocate("a") + let (_, b6) = try alloc.allocate("b") + + let aHost = a6!.address.value & a6!.prefix.suffixMask128 + let bHost = b6!.address.value & b6!.prefix.suffixMask128 + #expect(aHost == 2) + #expect(bHost == 3) + } + + @Test func cidrV6Gateway() throws { + // The network gateway is the lowest address + 1. + #expect((try CIDRv6("fd00::/64")).gateway == (try IPv6Address("fd00::1"))) + #expect((try CIDRv6("fd00:abcd:1234::/48")).gateway == (try IPv6Address("fd00:abcd:1234::1"))) + } + + @available(macOS 26, *) + private actor SerialAllocator { + private var inner: VmnetNetwork.Allocator + init(cidrV4: CIDRv4, cidrV6: CIDRv6?) throws { + self.inner = try VmnetNetwork.Allocator(cidrV4: cidrV4, cidrV6: cidrV6) + } + func allocate(_ id: String) throws -> (CIDRv4, CIDRv6?) { + try inner.allocate(id) + } + func release(_ id: String) throws { + try inner.release(id) + } + } + + @Test func returnsUniqueAddressesUnderConcurrentLoad() async throws { + guard #available(macOS 26, *) else { return } + // /16 host space is much larger than `count`, so we won't hit the + // pool ceiling — we're testing for collisions/state corruption. + let alloc = try SerialAllocator( + cidrV4: try CIDRv4("10.0.0.0/16"), + cidrV6: try CIDRv6("fd00::/64")) + + let count = 1000 + let pairs = try await withThrowingTaskGroup(of: (CIDRv4, CIDRv6?).self) { group in + for i in 0.. Interface? { + NilGatewayInterface() + } + + mutating func releaseInterface(_ id: String) throws {} +} + +@Suite +struct ContainerManagerTests { + @Test func testCreateThrowsWhenGatewayMissing() async throws { + let fm = FileManager.default + let root = fm.uniqueTemporaryDirectory(create: true) + defer { try? fm.removeItem(at: root) } + + let kernelPath = root.appendingPathComponent("vmlinux") + fm.createFile(atPath: kernelPath.path, contents: Data(), attributes: nil) + let initfsPath = root.appendingPathComponent("initfs.ext4") + fm.createFile(atPath: initfsPath.path, contents: Data(), attributes: nil) + + let kernel = Kernel(path: kernelPath, platform: .linuxArm) + let initfs = Mount.block(format: "ext4", source: initfsPath.path, destination: "/") + + var manager = try ContainerManager( + kernel: kernel, + initfs: initfs, + root: root, + network: NilGatewayNetwork() + ) + + let tempDir = fm.uniqueTemporaryDirectory() + defer { try? fm.removeItem(at: tempDir) } + + let tarPath = Foundation.Bundle.module.url(forResource: "scratch", withExtension: "tar")! + let reader = try ArchiveReader(format: .pax, filter: .none, file: tarPath) + let rejectedPaths = try reader.extractContents(to: tempDir) + #expect(rejectedPaths.isEmpty) + + let images = try await manager.imageStore.load(from: tempDir) + let image = images.first! + + let rootfsPath = root.appendingPathComponent("rootfs.ext4") + fm.createFile(atPath: rootfsPath.path, contents: Data(), attributes: nil) + let rootfs = Mount.block(format: "ext4", source: rootfsPath.path, destination: "/") + + do { + _ = try await manager.create("test-nil-gateway", image: image, rootfs: rootfs) { _ in } + #expect(Bool(false), "expected invalidState error for missing ipv4 gateway") + } catch let error as ContainerizationError { + #expect(error.code == .invalidState) + #expect(error.message.contains("missing ipv4 gateway")) + } catch { + #expect(Bool(false), "unexpected error: \(error)") + } + } + + @Test func testNetworkingFalseSkipsInterfaceCreation() async throws { + let fm = FileManager.default + let root = fm.uniqueTemporaryDirectory(create: true) + defer { try? fm.removeItem(at: root) } + + let kernelPath = root.appendingPathComponent("vmlinux") + fm.createFile(atPath: kernelPath.path, contents: Data(), attributes: nil) + let initfsPath = root.appendingPathComponent("initfs.ext4") + fm.createFile(atPath: initfsPath.path, contents: Data(), attributes: nil) + + let kernel = Kernel(path: kernelPath, platform: .linuxArm) + let initfs = Mount.block(format: "ext4", source: initfsPath.path, destination: "/") + + // Use NilGatewayNetwork — with networking: true this would throw invalidState, + // but with networking: false the network's createInterface() is never called. + var manager = try ContainerManager( + kernel: kernel, + initfs: initfs, + root: root, + network: NilGatewayNetwork() + ) + + let tempDir = fm.uniqueTemporaryDirectory() + defer { try? fm.removeItem(at: tempDir) } + + let tarPath = Foundation.Bundle.module.url(forResource: "scratch", withExtension: "tar")! + let reader = try ArchiveReader(format: .pax, filter: .none, file: tarPath) + let rejectedPaths = try reader.extractContents(to: tempDir) + #expect(rejectedPaths.isEmpty) + + let images = try await manager.imageStore.load(from: tempDir) + let image = images.first! + + let rootfsPath = root.appendingPathComponent("rootfs.ext4") + fm.createFile(atPath: rootfsPath.path, contents: Data(), attributes: nil) + let rootfs = Mount.block(format: "ext4", source: rootfsPath.path, destination: "/") + + // With networking: false, NilGatewayNetwork.createInterface() is never called, + // so we should not get the "missing ipv4 gateway" error. + // The container creation will fail for other reasons (dummy VMM), but the + // configuration closure should see empty interfaces. + var closureWasCalled = false + do { + _ = try await manager.create( + "test-no-networking", + image: image, + rootfs: rootfs, + networking: false + ) { config in + closureWasCalled = true + #expect(config.interfaces.isEmpty) + #expect(config.dns == nil) + } + } catch { + // Container creation may fail due to dummy kernel/VMM — that's expected. + // The key assertion is in the configuration closure above. + let description = String(describing: error) + #expect(!description.contains("missing ipv4 gateway")) + } + #expect(closureWasCalled, "configuration closure must be invoked to validate interfaces") + } +} + +#endif diff --git a/Tests/ContainerizationTests/DNSTests.swift b/Tests/ContainerizationTests/DNSTests.swift new file mode 100644 index 0000000..fe866b9 --- /dev/null +++ b/Tests/ContainerizationTests/DNSTests.swift @@ -0,0 +1,84 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import Containerization + +struct DNSTests { + + @Test func dnsResolvConfWithAllFields() { + let dns = DNS( + nameservers: ["8.8.8.8", "1.1.1.1"], + domain: "example.com", + searchDomains: ["internal.com", "test.com"], + options: ["ndots:2", "timeout:1"] + ) + + let expected = "nameserver 8.8.8.8\nnameserver 1.1.1.1\ndomain example.com\nsearch internal.com test.com\noptions ndots:2 timeout:1\n" + #expect(dns.resolvConf == expected) + } + + @Test func dnsResolvConfWithEmptyFields() { + let dns = DNS( + nameservers: [], + domain: nil, + searchDomains: [], + options: [] + ) + + // Should return empty string when all fields are empty + #expect(dns.resolvConf == "") + } + + @Test func dnsResolvConfWithOnlyNameservers() { + let dns = DNS(nameservers: ["8.8.8.8"]) + + let expected = "nameserver 8.8.8.8\n" + #expect(dns.resolvConf == expected) + } + + @Test func dnsValidateAcceptsValidIPv4Nameservers() throws { + let dns = DNS(nameservers: ["8.8.8.8", "1.1.1.1"]) + #expect(throws: Never.self) { try dns.validate() } + } + + @Test func dnsValidateAcceptsValidIPv6Nameservers() throws { + let dns = DNS(nameservers: ["2001:4860:4860::8888", "::1"]) + #expect(throws: Never.self) { try dns.validate() } + } + + @Test func dnsValidateAcceptsMixedIPv4AndIPv6Nameservers() throws { + let dns = DNS(nameservers: ["8.8.8.8", "2001:4860:4860::8844"]) + #expect(throws: Never.self) { try dns.validate() } + } + + @Test func dnsValidateAcceptsEmptyNameservers() throws { + let dns = DNS(nameservers: []) + #expect(throws: Never.self) { try dns.validate() } + } + + @Test func dnsValidateRejectsHostname() { + let dns = DNS(nameservers: ["dns.example.com"]) + #expect(throws: (any Error).self) { try dns.validate() } + } + + @Test func dnsValidateRejectsInvalidAddress() { + let dns = DNS(nameservers: ["not-an-ip"]) + #expect(throws: (any Error).self) { try dns.validate() } + } +} diff --git a/Tests/ContainerizationTests/HashTests.swift b/Tests/ContainerizationTests/HashTests.swift new file mode 100644 index 0000000..e0d33ef --- /dev/null +++ b/Tests/ContainerizationTests/HashTests.swift @@ -0,0 +1,38 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import Containerization + +struct HashTests { + + @Test func hashMountSourceWithValidString() throws { + let result = try hashFilePath(path: "/valid/path") + + // Should produce a non-empty hash + #expect(!result.isEmpty) + + // Same input should produce same hash (deterministic) + let result2 = try hashFilePath(path: "/valid/path") + #expect(result == result2) + + // Different inputs should produce different hashes + let result3 = try hashFilePath(path: "/different/path") + #expect(result != result3) + } +} diff --git a/Tests/ContainerizationTests/HostDefaultRouteTests.swift b/Tests/ContainerizationTests/HostDefaultRouteTests.swift new file mode 100644 index 0000000..d21bb62 --- /dev/null +++ b/Tests/ContainerizationTests/HostDefaultRouteTests.swift @@ -0,0 +1,66 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Testing + +@testable import Containerization + +@Suite("Host default route parsing") +struct HostDefaultRouteTests { + // Header + one default-route row (Destination=00000000, Flags=0003 has RTF_GATEWAY=0x2). + static let singleDefault = """ + Iface\tDestination\tGateway\tFlags\tRefCnt\tUse\tMetric\tMask\tMTU\tWindow\tIRTT + eth0\t00000000\t0102A8C0\t0003\t0\t0\t0\t00000000\t0\t0\t0 + eth0\t0002A8C0\t00000000\t0001\t0\t0\t0\tFFFFFF00\t0\t0\t0 + """ + + static let noDefault = """ + Iface\tDestination\tGateway\tFlags\tRefCnt\tUse\tMetric\tMask\tMTU\tWindow\tIRTT + eth0\t0002A8C0\t00000000\t0001\t0\t0\t0\tFFFFFF00\t0\t0\t0 + """ + + static let multiDefault = """ + Iface\tDestination\tGateway\tFlags\tRefCnt\tUse\tMetric\tMask\tMTU\tWindow\tIRTT + wlan0\t00000000\t0102A8C0\t0003\t0\t0\t600\t00000000\t0\t0\t0 + eth0\t00000000\t0102A8C0\t0003\t0\t0\t100\t00000000\t0\t0\t0 + """ + + @Test("returns iface for a single default route") + func singleDefaultRoute() { + #expect(HostDefaultRoute.parseEgress(procNetRoute: Self.singleDefault) == "eth0") + } + + @Test("returns nil when no default route") + func noDefaultRoute() { + #expect(HostDefaultRoute.parseEgress(procNetRoute: Self.noDefault) == nil) + } + + @Test("returns lowest-metric default when multiple") + func multipleDefaultRoutes() { + // eth0 has metric 100; wlan0 has metric 600. + #expect(HostDefaultRoute.parseEgress(procNetRoute: Self.multiDefault) == "eth0") + } + + @Test("ignores rows missing RTF_GATEWAY flag") + func noGatewayFlag() { + // Same as singleDefault but flags=0001 (no RTF_GATEWAY=0x2). + let input = """ + Iface\tDestination\tGateway\tFlags\tRefCnt\tUse\tMetric\tMask\tMTU\tWindow\tIRTT + eth0\t00000000\t0102A8C0\t0001\t0\t0\t0\t00000000\t0\t0\t0 + """ + #expect(HostDefaultRoute.parseEgress(procNetRoute: input) == nil) + } +} diff --git a/Tests/ContainerizationTests/HostsTests.swift b/Tests/ContainerizationTests/HostsTests.swift new file mode 100644 index 0000000..8304968 --- /dev/null +++ b/Tests/ContainerizationTests/HostsTests.swift @@ -0,0 +1,68 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation +import Testing + +@testable import Containerization + +struct HostsTests { + + @Test func hostsEntryRenderedWithAllFields() { + let entry = Hosts.Entry( + ipAddress: "192.168.1.100", + hostnames: ["myserver", "server.local"], + comment: "My local server" + ) + + let expected = "192.168.1.100 myserver server.local # My local server " + #expect(entry.rendered == expected) + } + + @Test func hostsEntryRenderedWithoutComment() { + let entry = Hosts.Entry( + ipAddress: "10.0.0.1", + hostnames: ["gateway"] + ) + + let expected = "10.0.0.1 gateway" + #expect(entry.rendered == expected) + } + + @Test func hostsEntryRenderedWithEmptyHostnames() { + let entry = Hosts.Entry( + ipAddress: "172.16.0.1", + hostnames: [], + comment: "Empty hostnames" + ) + + let expected = "172.16.0.1 # Empty hostnames " + #expect(entry.rendered == expected) + } + + @Test func hostsFileWithCommentAndEntries() { + let hosts = Hosts( + entries: [ + Hosts.Entry(ipAddress: "127.0.0.1", hostnames: ["localhost"]), + Hosts.Entry(ipAddress: "192.168.1.10", hostnames: ["server"], comment: "Main server"), + ], + comment: "Generated hosts file" + ) + + let expected = "# Generated hosts file\n127.0.0.1 localhost\n192.168.1.10 server # Main server \n" + #expect(hosts.hostsFile == expected) + } +} diff --git a/Tests/ContainerizationTests/ImageTests.swift b/Tests/ContainerizationTests/ImageTests.swift new file mode 100644 index 0000000..ad09f56 --- /dev/null +++ b/Tests/ContainerizationTests/ImageTests.swift @@ -0,0 +1,37 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOCI +import Foundation +import Testing + +@testable import Containerization + +struct ImageTests { + + @Test func imageDescriptionComputedProperties() { + let descriptor = Descriptor( + mediaType: "application/vnd.oci.image.manifest.v1+json", + digest: "sha256:abc123def456", + size: 1024 + ) + let description = Image.Description(reference: "myapp:latest", descriptor: descriptor) + + #expect(description.digest == "sha256:abc123def456") + #expect(description.mediaType == "application/vnd.oci.image.manifest.v1+json") + #expect(description.reference == "myapp:latest") + } +} diff --git a/Tests/ContainerizationTests/ImageTests/ContainsAuth.swift b/Tests/ContainerizationTests/ImageTests/ContainsAuth.swift new file mode 100644 index 0000000..897af36 --- /dev/null +++ b/Tests/ContainerizationTests/ImageTests/ContainsAuth.swift @@ -0,0 +1,38 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOCI +import Foundation + +internal protocol ContainsAuth { + +} + +extension ContainsAuth { + static var hasRegistryCredentials: Bool { + authentication != nil + } + + static var authentication: Authentication? { + let env = ProcessInfo.processInfo.environment + guard let password = env["REGISTRY_TOKEN"], + let username = env["REGISTRY_USERNAME"] + else { + return nil + } + return BasicAuthentication(username: username, password: password) + } +} diff --git a/Tests/ContainerizationTests/ImageTests/ExportOperationTests.swift b/Tests/ContainerizationTests/ImageTests/ExportOperationTests.swift new file mode 100644 index 0000000..9120e57 --- /dev/null +++ b/Tests/ContainerizationTests/ImageTests/ExportOperationTests.swift @@ -0,0 +1,120 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import ContainerizationOCI +import Crypto +import Foundation +import NIO +import Testing + +@testable import Containerization + +@Suite +final class ExportOperationTests { + @Test(arguments: [MediaTypes.dockerManifestList, MediaTypes.index]) + func testIndexPushMediaTypeMatchesBody(_ sourceMediaType: String) async throws { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + defer { try? FileManager.default.removeItem(at: dir) } + + let cs = try LocalContentStore(path: dir) + + // Opaque child mediaType so ExportOperation's recursion stops here + // and we don't have to seed config/layer blobs. + let opaqueType = "application/vnd.test.opaque.v1+json" + let childData = Data("child-amd64".utf8) + let childDigest = SHA256.hash(data: childData).digestString + let childDesc = Descriptor( + mediaType: opaqueType, + digest: childDigest, + size: Int64(childData.count), + platform: Platform(arch: "amd64", os: "linux")) + + let index = Index(mediaType: sourceMediaType, manifests: [childDesc]) + let indexData = try JSONEncoder().encode(index) + let indexDigest = SHA256.hash(data: indexData).digestString + + try await cs.ingest { ingestDir in + for (digest, data) in [(childDigest, childData), (indexDigest, indexData)] { + let path = ingestDir.appendingPathComponent(digest.trimmingDigestPrefix) + try data.write(to: path) + } + } + + let indexDesc = Descriptor( + mediaType: sourceMediaType, + digest: indexDigest, + size: Int64(indexData.count)) + + let capture = CapturingContentClient() + let op = ImageStore.ExportOperation( + name: "test/repo", tag: "v1", contentStore: cs, client: capture) + let pushed = try await op.export(index: indexDesc, platforms: { _ in true }) + + #expect(pushed.mediaType == sourceMediaType) + + let indexPush = try #require( + capture.pushes.first(where: { $0.descriptor.digest == pushed.digest })) + #expect(indexPush.descriptor.mediaType == sourceMediaType) + let pushedIndex = try JSONDecoder().decode(Index.self, from: indexPush.body) + #expect(pushedIndex.mediaType == sourceMediaType) + } +} + +private final class CapturingContentClient: ContentClient, @unchecked Sendable { + struct Push: Sendable { + let descriptor: Descriptor + let body: Data + } + + private let lock = NSLock() + private var _pushes: [Push] = [] + + var pushes: [Push] { + lock.withLock { _pushes } + } + + private struct NotImplemented: Error {} + + func fetch(name: String, descriptor: Descriptor) async throws -> T { + throw NotImplemented() + } + + func fetchBlob(name: String, descriptor: Descriptor, into file: URL, progress: ProgressHandler?) async throws -> (Int64, SHA256Digest) { + throw NotImplemented() + } + + func fetchData(name: String, descriptor: Descriptor) async throws -> Data { + throw NotImplemented() + } + + func push( + name: String, + ref: String, + descriptor: Descriptor, + streamGenerator: () throws -> T, + progress: ProgressHandler? + ) async throws where T.Element == ByteBuffer { + let stream = try streamGenerator() + var data = Data() + for try await buf in stream { + data.append(contentsOf: buf.readableBytesView) + } + lock.withLock { + _pushes.append(Push(descriptor: descriptor, body: data)) + } + } +} diff --git a/Tests/ContainerizationTests/ImageTests/HeaderScanTimingTests.swift b/Tests/ContainerizationTests/ImageTests/HeaderScanTimingTests.swift new file mode 100644 index 0000000..1fa9d75 --- /dev/null +++ b/Tests/ContainerizationTests/ImageTests/HeaderScanTimingTests.swift @@ -0,0 +1,176 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(macOS) +import ContainerizationArchive +import ContainerizationEXT4 +import ContainerizationExtras +import ContainerizationOCI +import Foundation +import SystemPackage +import Testing + +@testable import Containerization + +/// Measures header scan overhead vs. full unpack time using real container images +/// pulled from a registry. +/// +/// Run with: +/// ENABLE_TIMING_TESTS=1 swift test --filter ImageHeaderScanTimingTest +@Suite +struct ImageHeaderScanTimingTest { + private static let isEnabled = ProcessInfo.processInfo.environment["ENABLE_TIMING_TESTS"] != nil + + let store: ImageStore + let dir: URL + let contentStore: ContentStore + + init() throws { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + let cs = try LocalContentStore(path: dir) + let store = try ImageStore(path: dir, contentStore: cs) + self.dir = dir + self.store = store + self.contentStore = cs + } + + @Test(.enabled(if: ImageHeaderScanTimingTest.isEnabled)) + func measureAlpineAndUbuntu() async throws { + defer { try? FileManager.default.removeItem(at: dir) } + + let images: [(reference: String, label: String)] = [ + ("ghcr.io/linuxcontainers/alpine:3.20", "Alpine 3.20"), + ("docker.io/library/ubuntu:24.04", "Ubuntu 24.04"), + ] + + for image in images { + print("\n==============================") + print("Image: \(image.label)") + print("==============================") + + let img = try await store.pull(reference: image.reference, platform: .current) + let manifest = try await img.manifest(for: .current) + + for (i, layer) in manifest.layers.enumerated() { + let content = try await img.getContent(digest: layer.digest) + let compression = compressionFilter(for: layer.mediaType) + let compressedSize = try FileManager.default.attributesOfItem(atPath: content.path.path)[.size] as? Int64 ?? 0 + let label = "\(image.label) layer \(i + 1)/\(manifest.layers.count) (\(layer.mediaType), \(formatBytes(compressedSize)) compressed)" + try await measureOverhead(url: content.path, compression: compression, label: label) + } + } + } + + // MARK: - Helpers + + private func compressionFilter(for mediaType: String) -> ContainerizationArchive.Filter { + switch mediaType { + case MediaTypes.imageLayerZstd, MediaTypes.dockerImageLayerZstd: + return .zstd + case MediaTypes.imageLayer, MediaTypes.dockerImageLayer: + return .none + default: + return .gzip + } + } + + private func measureOverhead(url: URL, compression: ContainerizationArchive.Filter, label: String) async throws { + let clock = ContinuousClock() + + print("\n--- \(label) ---\n") + + // For zstd, pre-decompress once (matching the production code path in EXT4Unpacker). + let scanFile: URL + let scanFilter: ContainerizationArchive.Filter + var decompressedFile: URL? + if compression == .zstd { + var decompressed: URL = url + let decompressDuration = try clock.measure { + decompressed = try ArchiveReader.decompressZstd(url) + } + scanFile = decompressed + scanFilter = .none + decompressedFile = decompressed + print(" Zstd decompress: \(decompressDuration)") + } else { + scanFile = url + scanFilter = compression + } + defer { + if let decompressedFile { + ArchiveReader.cleanUpDecompressedZstd(decompressedFile) + } + } + + // 1. Header scan only + var scannedTotals: (size: Int64, items: Int) = (0, 0) + let scanDuration = try clock.measure { + scannedTotals = try EXT4.Formatter.scanArchiveHeaders( + format: .paxRestricted, filter: scanFilter, file: scanFile) + } + print(" Scanned total size: \(formatBytes(scannedTotals.size)) (\(scannedTotals.items) items)") + print(" Header scan: \(scanDuration)") + + // 2. Full unpack without progress + let tempDir1 = FileManager.default.uniqueTemporaryDirectory() + let fsPath1 = FilePath(tempDir1.appendingPathComponent("no-progress.ext4.img", isDirectory: false)) + defer { try? FileManager.default.removeItem(at: tempDir1) } + + let unpackOnlyDuration = try await clock.measure { + let formatter = try EXT4.Formatter(fsPath1) + try await formatter.unpack(source: url, compression: compression) + try formatter.close() + } + print(" Unpack (no progress): \(unpackOnlyDuration)") + + // 3. Full unpack with progress (includes header scan pass) + let tempDir2 = FileManager.default.uniqueTemporaryDirectory() + let fsPath2 = FilePath(tempDir2.appendingPathComponent("with-progress.ext4.img", isDirectory: false)) + defer { try? FileManager.default.removeItem(at: tempDir2) } + + let noopProgress: ProgressHandler = { _ in } + let withProgressDuration = try await clock.measure { + let formatter = try EXT4.Formatter(fsPath2) + try await formatter.unpack(source: url, compression: compression, progress: noopProgress) + try formatter.close() + } + print(" Unpack (w/ progress): \(withProgressDuration)") + + // Summary + let scanMs = toMs(scanDuration) + let unpackMs = toMs(unpackOnlyDuration) + let withProgressMs = toMs(withProgressDuration) + let overheadMs = withProgressMs - unpackMs + let overheadPct = unpackMs > 0 ? (overheadMs / unpackMs) * 100 : 0 + + print("\n Summary:") + print(" Header scan alone: \(String(format: "%.1f", scanMs)) ms") + print(" Unpack only: \(String(format: "%.1f", unpackMs)) ms") + print(" Unpack + progress: \(String(format: "%.1f", withProgressMs)) ms") + print(" Overhead: \(String(format: "%.1f", overheadMs)) ms (\(String(format: "%.1f", overheadPct))%)") + } + + private func toMs(_ d: Duration) -> Double { + let c = d.components + return Double(c.seconds) * 1000.0 + Double(c.attoseconds) / 1e15 + } + + private func formatBytes(_ bytes: Int64) -> String { + let mb = Double(bytes) / 1_048_576.0 + return "\(String(format: "%.1f", mb)) MB" + } +} +#endif diff --git a/Tests/ContainerizationTests/ImageTests/ImageStoreImagePullTests.swift b/Tests/ContainerizationTests/ImageTests/ImageStoreImagePullTests.swift new file mode 100644 index 0000000..4a21d75 --- /dev/null +++ b/Tests/ContainerizationTests/ImageTests/ImageStoreImagePullTests.swift @@ -0,0 +1,175 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationOCI +import Crypto +import Foundation +import NIO +import Testing + +@testable import Containerization + +@Suite +final class ImageStoreImagePullTests { + let store: ImageStore + let dir: URL + let contentStore: ContentStore + + public init() { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + let cs = try! LocalContentStore(path: dir) + let store = try! ImageStore(path: dir, contentStore: cs) + self.dir = dir + self.store = store + self.contentStore = cs + } + + deinit { + try! FileManager.default.removeItem(at: self.dir) + } + + @Test func testPullImageWithoutIndex() async throws { + let img = try await self.store.pull(reference: "ghcr.io/apple/containerization/dockermanifestimage:0.0.2") + + let rootDescriptor = img.descriptor + let index: ContainerizationOCI.Index = try await contentStore.get(digest: rootDescriptor.digest)! + + #expect(index.manifests.count == 1) + let desc = index.manifests.first! + #expect(desc.platform!.architecture == "amd64") + + await #expect(throws: Never.self) { + let manifest: ContainerizationOCI.Manifest = try await self.contentStore.get(digest: desc.digest)! + let _: ContainerizationOCI.Image = try await self.contentStore.get(digest: manifest.config.digest)! + for layer in manifest.layers { + _ = try await self.contentStore.get(digest: layer.digest)! + } + } + } + + @Test( + arguments: [ + (Platform(arch: "arm64", os: "linux", variant: "v8"), imagePullArm64Layers), + (Platform(arch: "amd64", os: "linux"), imagePullAmd64Layers), + (nil, imagePullTestAllLayers), + ]) + func testPullSinglePlatform(platform: Platform?, expectLayers: [String]) async throws { + let img = try await self.store.pull( + reference: "ghcr.io/linuxcontainers/alpine:3.20@sha256:0a6a86d44d7f93c4f2b8dea7f0eee64e72cb98635398779f3610949632508d57", platform: platform) + let rootDescriptor = img.descriptor + let index: ContainerizationOCI.Index = try await contentStore.get(digest: rootDescriptor.digest)! + var foundMatch = false + for desc in index.manifests { + if let platform { + if desc.platform != platform { + continue + } + } + foundMatch = true + await #expect(throws: Never.self) { + let manifest: ContainerizationOCI.Manifest = try await self.contentStore.get(digest: desc.digest)! + let _: ContainerizationOCI.Image = try await self.contentStore.get(digest: manifest.config.digest)! + for layer in manifest.layers { + _ = try await self.contentStore.get(digest: layer.digest)! + } + } + } + #expect(foundMatch) + let contentPath = dir.appendingPathComponent("blobs/sha256") + let filesOnDisk = try FileManager.default.contentsOfDirectory(at: contentPath, includingPropertiesForKeys: nil).map { + $0.lastPathComponent + }.sorted() + #expect(filesOnDisk == expectLayers) + } + + @Test func testPullWithSha() async throws { + let sha = "sha256:0a6a86d44d7f93c4f2b8dea7f0eee64e72cb98635398779f3610949632508d57" + let r = "ghcr.io/linuxcontainers/alpine:3.20@\(sha)" + let img = try await self.store.pull(reference: r, platform: .current) + #expect(img.descriptor.digest == sha) + } +} + +let imagePullTestAllLayers = [ + "013c522f9494ecda30dc8fbee7805b59c773573fd080c74e6835def22547bd07", + "037316e2a3a13e6d7e15057d3ede6ad063f15c92216778576ee88a74e6f7c6fc", + "0566dbe8e93e20dbfebc6b023399a6eb337719faf1d11dab57f975286c198a00", + "0928a8adc0d420ddda0d25c76e95282534a5b69b13ffcbb6ddbc41c50fc77550", + "0a6a86d44d7f93c4f2b8dea7f0eee64e72cb98635398779f3610949632508d57", + "0a9a5dfd008f05ebc27e4790db0709a29e527690c21bcbcd01481eaeb6bb49dc", + "0c11ea92e0d923e7812d258defbe6788642547fa347969a3dbd7bb7cbc0a9666", + "156724324a3250a38177b0328390d7efb4ba85d7e095ad7af9ca19a3cd46f855", + "1c2a87b1633d21ffcd8192bc84f9bed0c479bbcfbcd8b76b9ca1b8bf8bc61516", + "2803bd9fd5a5e53bc39c576b3e7eaf4839ec77dcc1274c6ad9f7d534ccc566c7", + "2d2e65d21b1f1a7cf14b99e54809bb4eee749fa9145d1e263279e18e246e5e1b", + "34bac5d0022b2997fdfd5c678521d6afe58a4ea6c65d5d31e3ece0be141158ea", + "3e6ec69548a14d7bf37b242f02f26dd41c69e9c510225078ca1f241ef249b3df", + "423949aec9a2fe60140a59926634f90979ac19878957becf9902dcc547592a44", + "4817c12fc96d333e818e9f56f22a7c8683bd3ca8b0c04ce45e188dc6aaf8e5c3", + "4e32c214e82a5d6ccb62b58fb42405fc961c69da5fe02c670f1e4c62c8eb6fbb", + "4ea6a163031004a9a61288b7a5ffbf73d84115d398abe5180caeb15442d1a5fe", + "4f0bb7ea5efffa5762fc231a403f232ca3ea43ef6db18d4bf52aeca8c15d7dec", + "55a8c211d2e969b7b7e9e4825853cf24a75cbbcaf7728db15840c1514838a23d", + "5c979effb79226e255a01eaeb2a525bd12019c02eba2b76f6e0726dd2701508e", + "63e2abc26a64dea41796995524777edc558e143bea4929f06954c52706363f33", + "6d8b5334139bdee0462dd4d6cc85fdec98ad4d97155075973432ec4ff67906c9", + "6f3c7dfa949497fb255d0a28c244e7add0d52ae6318b45947a8a2940d846b2e2", + "718fbe9a22ec3da853bdbd5d8112f2dc8ba41f30d46899b3792242f16a0f8b41", + "744d40c360fd0988b20b15ab845d3db943817b027f38ea6850361bab4ac916be", + "76a0ff976fd7cf0f21858535989ef59ac2ee64a3f1bf1b68d98d15138cd46afa", + "772078ddbdee5be52d429e08f953aaad6715a90d7e4d6496eb1cd4004efa8a95", + "7c6bf3be7c8016421fb3033e19b6a313f264093e1ac9e77c9f931ade0d61b3f7", + "7f608f0a59b5b3717cdd3cc61ef59c329d3c2c16c5fc6963b3b13360d43841c0", + "81fc5885a3ad37110bf576934de28326e1194bd943e020bc3924502335fdf181", + "84df3263e35ed35440625ae0ebb5b1c3d00f57ffcec61188015d5217988a8b35", + "85b46e4c8e4841ce7964ce897a07a4d9df7d589322593fb600dd428e47d635ae", + "872bd582507dfe35ccd496fcd128f61963620053a722b517353f3d9df46412e9", + "8a9fb51ac81600da44afb1c4a5df4745d23eca0cc5d924f989c074f3da7a9440", + "90bb43c8fe064682d965fe27b1ca0cf2b42cf0273914cc20a4e636e174ccdaf5", + "9368b67dac9dc00ca8dbbd25b6f148fd6229b01dac5ff3d89281bd296cf196c6", + "94e9d8af22013aabf0edcaf42950c88b0a1350c3a9ce076d61b98a535a673dd9", + "9cbaf16e9229ef1466c71cf97a75ddd7d2041522012dd1bcace0d56a9ad77688", + "9cfe406db828239417e29e2c00bdf196c32b39ffcead4c2e28cdf60ff8a8dd58", + "adc8e49a814d3e4f73ccdd1d26d4cbd3f1a338b4e136a55c092bdcca57863225", + "b1ca1bb0a5f203b48e1ca60861ae852f49b910ce8488c19c392a3bc7ee31b072", + "b3d7db73e90671cb6b7925cc878d43a2781451bed256cf0626110f5386cdd4dc", + "bfc9829f240e42bab6b756c64179b8e73317baf0e9a8940ea1571cb2f29efcc3", + "c70d93f05189a8a6a10ba5657b8e89e849f2c7491d76587178f75d9fca228bf1", + "c9813c0f5a2f289ea6175876fd973d6d8adcd495da4a23e9273600c8f0a761c5", + "c9aedc9d4e47fa9429e5c329420d8a93e16c433e361d0f9281565ed4da3c057e", + "d27e7628ef6e28a3e91cdc1ef1f998a703d356067ecedddfe9e9281e36d8c9f9", + "ef99f4640fe11015a03439935b827bff242d0db64db27db005a31ab4497db4a2", + "f2c7f3c3fecbf01204eccd798e2f77b0003a8567927a5d6242fd3ed81727fee9", + "f882dda529d0cd4b586a10a7f60048c7f8faaff26d6672008d0478b8b004bc63", +] + +let imagePullArm64Layers = [ + "0a6a86d44d7f93c4f2b8dea7f0eee64e72cb98635398779f3610949632508d57", + "3e6ec69548a14d7bf37b242f02f26dd41c69e9c510225078ca1f241ef249b3df", + "423949aec9a2fe60140a59926634f90979ac19878957becf9902dcc547592a44", + "76a0ff976fd7cf0f21858535989ef59ac2ee64a3f1bf1b68d98d15138cd46afa", + "94e9d8af22013aabf0edcaf42950c88b0a1350c3a9ce076d61b98a535a673dd9", +] + +let imagePullAmd64Layers = [ + "0a6a86d44d7f93c4f2b8dea7f0eee64e72cb98635398779f3610949632508d57", + "0a9a5dfd008f05ebc27e4790db0709a29e527690c21bcbcd01481eaeb6bb49dc", + "156724324a3250a38177b0328390d7efb4ba85d7e095ad7af9ca19a3cd46f855", + "1c2a87b1633d21ffcd8192bc84f9bed0c479bbcfbcd8b76b9ca1b8bf8bc61516", + "4ea6a163031004a9a61288b7a5ffbf73d84115d398abe5180caeb15442d1a5fe", +] diff --git a/Tests/ContainerizationTests/ImageTests/ImageStoreTests.swift b/Tests/ContainerizationTests/ImageTests/ImageStoreTests.swift new file mode 100644 index 0000000..37eda3e --- /dev/null +++ b/Tests/ContainerizationTests/ImageTests/ImageStoreTests.swift @@ -0,0 +1,130 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import ContainerizationArchive +import ContainerizationExtras +import ContainerizationOCI +import Foundation +import Testing + +@testable import Containerization + +@Suite +public class ImageStoreTests: ContainsAuth { + let store: ImageStore + let dir: URL + + public init() { + let dir = FileManager.default.uniqueTemporaryDirectory(create: true) + let cs = try! LocalContentStore(path: dir) + let store = try! ImageStore(path: dir, contentStore: cs) + self.dir = dir + self.store = store + } + + deinit { + try! FileManager.default.removeItem(at: self.dir) + } + + @Test func testImageStoreOperation() async throws { + let fileManager = FileManager.default + let tempDir = fileManager.uniqueTemporaryDirectory() + defer { + try? fileManager.removeItem(at: tempDir) + } + + let tarPath = Foundation.Bundle.module.url(forResource: "scratch", withExtension: "tar")! + let reader = try ArchiveReader(format: .pax, filter: .none, file: tarPath) + let rejectedPaths = try reader.extractContents(to: tempDir) + #expect(rejectedPaths.count == 0, "unexpected rejected paths [\(rejectedPaths)]") + + let _ = try await self.store.load(from: tempDir) + let loaded = try await self.store.load(from: tempDir) + let expectedLoadedImage = "registry.local/integration-tests/scratch:latest" + #expect(loaded.first!.reference == "registry.local/integration-tests/scratch:latest") + + guard let authentication = Self.authentication else { + return + } + let imageReference = "ghcr.io/apple/containerization/dockermanifestimage:0.0.2" + let busyboxImage = try await self.store.pull(reference: imageReference, auth: authentication) + + let got = try await self.store.get(reference: imageReference) + #expect(got.descriptor == busyboxImage.descriptor) + + let newTag = "registry.local/integration-tests/dockermanifestimage:latest" + let _ = try await self.store.tag(existing: imageReference, new: newTag) + + let tempFile = self.dir.appending(path: "export.tar") + try await self.store.save(references: [imageReference, expectedLoadedImage], out: tempFile) + } + + @Test(.disabled("External users cannot push images, disable while we find a better solution")) + func testImageStorePush() async throws { + guard let authentication = Self.authentication else { + return + } + let imageReference = "ghcr.io/apple/containerization/dockermanifestimage:0.0.2" + + let remoteImageName = "ghcr.io/apple/test-images/image-push" + let epoch = Int(Date().timeIntervalSince1970.description) + let tag = epoch != nil ? String(epoch!) : "latest" + let upstreamTag = "\(remoteImageName):\(tag)" + let _ = try await self.store.tag(existing: imageReference, new: upstreamTag) + try await self.store.push(reference: upstreamTag, auth: authentication) + } + + @Test(.disabled("External users cannot push images, disable while we find a better solution")) + func testImageStorePushMultipleReferences() async throws { + guard let authentication = Self.authentication else { + return + } + let imageReference = "ghcr.io/apple/containerization/dockermanifestimage:0.0.2" + + let remoteImageName = "ghcr.io/apple/test-images/image-push" + let epoch = Int(Date().timeIntervalSince1970) + let tags = ["\(remoteImageName):\(epoch)-a", "\(remoteImageName):\(epoch)-b", "\(remoteImageName):\(epoch)-c"] + for tag in tags { + let _ = try await self.store.tag(existing: imageReference, new: tag) + } + try await self.store.push(references: tags, auth: authentication, maxConcurrentUploads: 2) + } + + @Test func testLoadImageWithoutAnnotations() async throws { + let fileManager = FileManager.default + let tempDir = fileManager.uniqueTemporaryDirectory() + defer { + try? fileManager.removeItem(at: tempDir) + } + + let tarPath = Foundation.Bundle.module.url(forResource: "scratch_no_annotations", withExtension: "tar")! + let reader = try ArchiveReader(format: .pax, filter: .none, file: tarPath) + let rejectedPaths = try reader.extractContents(to: tempDir) + #expect(rejectedPaths.count == 0, "unexpected rejected paths [\(rejectedPaths)]") + + let loaded = try await self.store.load(from: tempDir) + + #expect(loaded.count == 1) + + let reference = loaded.first!.reference + #expect(reference.hasPrefix("untagged@sha256:")) + + let retrieved = try await self.store.get(reference: reference) + #expect(retrieved.reference == reference) + } +} diff --git a/Tests/ContainerizationTests/ImageTests/Resources/scratch.tar b/Tests/ContainerizationTests/ImageTests/Resources/scratch.tar new file mode 100644 index 0000000..077d14a Binary files /dev/null and b/Tests/ContainerizationTests/ImageTests/Resources/scratch.tar differ diff --git a/Tests/ContainerizationTests/ImageTests/Resources/scratch_no_annotations.tar b/Tests/ContainerizationTests/ImageTests/Resources/scratch_no_annotations.tar new file mode 100644 index 0000000..37135a1 Binary files /dev/null and b/Tests/ContainerizationTests/ImageTests/Resources/scratch_no_annotations.tar differ diff --git a/Tests/ContainerizationTests/InterfaceTests.swift b/Tests/ContainerizationTests/InterfaceTests.swift new file mode 100644 index 0000000..c00ecca --- /dev/null +++ b/Tests/ContainerizationTests/InterfaceTests.swift @@ -0,0 +1,59 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationExtras +import Testing + +@testable import Containerization + +struct InterfaceTests { + + /// A minimal `Interface` conformer that only sets the IPv4 surface, relying on the + /// protocol's default extensions to fill in `ipv6Address`, `ipv6Gateway`, and `mtu`. + private struct V4OnlyInterface: Interface { + let ipv4Address: CIDRv4 + let ipv4Gateway: IPv4Address? + let macAddress: MACAddress? + } + + @Test func interfaceProtocolV6Defaults() throws { + let i = V4OnlyInterface( + ipv4Address: try CIDRv4("10.0.0.2/24"), + ipv4Gateway: try IPv4Address("10.0.0.1"), + macAddress: nil) + #expect(i.ipv6Address == nil) + #expect(i.ipv6Gateway == nil) + #expect(i.mtu == 1500) + } + + @Test func natInterfaceRoundTripsV6Fields() throws { + let nat = NATInterface( + ipv4Address: try CIDRv4("10.0.0.2/24"), + ipv4Gateway: try IPv4Address("10.0.0.1"), + ipv6Address: try CIDRv6("fd00::2/64"), + ipv6Gateway: try IPv6Address("fd00::1")) + #expect(nat.ipv6Address == (try CIDRv6("fd00::2/64"))) + #expect(nat.ipv6Gateway == (try IPv6Address("fd00::1"))) + } + + @Test func natInterfaceV6FieldsDefaultToNil() throws { + let nat = NATInterface( + ipv4Address: try CIDRv4("10.0.0.2/24"), + ipv4Gateway: try IPv4Address("10.0.0.1")) + #expect(nat.ipv6Address == nil) + #expect(nat.ipv6Gateway == nil) + } +} diff --git a/Tests/ContainerizationTests/KernelTests.swift b/Tests/ContainerizationTests/KernelTests.swift new file mode 100644 index 0000000..dcc087a --- /dev/null +++ b/Tests/ContainerizationTests/KernelTests.swift @@ -0,0 +1,93 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// + +import Foundation +import Logging +import Testing + +@testable import Containerization + +final class KernelTests { + @Test func kernelArgs() { + let commandLine = Kernel.CommandLine(debug: false, panic: 0) + let kernel = Kernel(path: .init(fileURLWithPath: ""), platform: .linuxArm, commandline: commandLine) + + let expected = "console=hvc0 tsc=reliable panic=0" + let cmdline = kernel.commandLine.kernelArgs.joined(separator: " ") + #expect(cmdline == expected) + } + + @Test func kernelDebugArgs() { + let cmdLine = Kernel.CommandLine(debug: true, panic: 0) + let kernel = Kernel(path: .init(fileURLWithPath: ""), platform: .linuxArm, commandline: cmdLine) + + let expected = "console=hvc0 tsc=reliable debug panic=0" + let cmdline = kernel.commandLine.kernelArgs.joined(separator: " ") + #expect(cmdline == expected) + } + + @Test func kernelCommandLineInitWithDebugTrue() { + let commandLine = Kernel.CommandLine(debug: true, panic: 5, initArgs: ["--verbose"]) + + #expect(commandLine.kernelArgs == ["console=hvc0", "tsc=reliable", "debug", "panic=5"]) + #expect(commandLine.initArgs == ["--verbose"]) + } + + @Test func kernelCommandLineMutatingMethods() { + var commandLine = Kernel.CommandLine(kernelArgs: ["console=hvc0"], initArgs: []) + + commandLine.addDebug() + commandLine.addPanic(level: 10) + + #expect(commandLine.kernelArgs == ["console=hvc0", "debug", "panic=10"]) + } + + @Test func setAgentLogLevelAppendsFlagAndValue() { + var commandLine = Kernel.CommandLine(initArgs: []) + commandLine.setAgentLogLevel(level: .debug) + #expect(commandLine.initArgs == ["--log-level", "debug"]) + } + + @Test(arguments: [ + (Logger.Level.trace, "trace"), + (.debug, "debug"), + (.info, "info"), + (.notice, "notice"), + (.warning, "warning"), + (.error, "error"), + (.critical, "critical"), + ]) + func setAgentLogLevelForEachLevel(level: Logger.Level, expected: String) { + var commandLine = Kernel.CommandLine(initArgs: []) + commandLine.setAgentLogLevel(level: level) + #expect(commandLine.initArgs == ["--log-level", expected]) + } + + @Test func setAgentLogLevelPreservesExistingInitArgs() { + var commandLine = Kernel.CommandLine(initArgs: ["--verbose"]) + commandLine.setAgentLogLevel(level: .info) + #expect(commandLine.initArgs == ["--verbose", "--log-level", "info"]) + } + + @Test func setAgentLogLevelDoesNotAffectKernelArgs() { + var commandLine = Kernel.CommandLine(debug: true, panic: 0, initArgs: []) + let kernelArgsBefore = commandLine.kernelArgs + commandLine.setAgentLogLevel(level: .warning) + #expect(commandLine.kernelArgs == kernelArgsBefore) + } +} diff --git a/Tests/ContainerizationTests/LinuxContainerTests.swift b/Tests/ContainerizationTests/LinuxContainerTests.swift new file mode 100644 index 0000000..713e398 --- /dev/null +++ b/Tests/ContainerizationTests/LinuxContainerTests.swift @@ -0,0 +1,122 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Testing + +@testable import Containerization + +struct LinuxContainerTests { + + @Test func processInitFromImageConfigWithAllFields() { + let imageConfig = ImageConfig( + user: "appuser", + env: ["NODE_ENV=production", "PORT=3000"], + entrypoint: ["/usr/bin/node"], + cmd: ["app.js", "--verbose"], + workingDir: "/app" + ) + + let process = LinuxProcessConfiguration(from: imageConfig) + + #expect(process.workingDirectory == "/app") + #expect(process.environmentVariables == ["NODE_ENV=production", "PORT=3000"]) + #expect(process.arguments == ["/usr/bin/node", "app.js", "--verbose"]) + #expect(process.user.username == "appuser") + } + + @Test func processInitFromImageConfigWithNilValues() { + let imageConfig = ImageConfig( + user: nil, + env: nil, + entrypoint: nil, + cmd: nil, + workingDir: nil + ) + + let process = LinuxProcessConfiguration(from: imageConfig) + + #expect(process.workingDirectory == "/") + #expect(process.environmentVariables == []) + #expect(process.arguments == []) + #expect(process.user.username == "") // Default User() has empty string username + } + + @Test func processInitFromImageConfigEntrypointAndCmdConcatenation() { + let imageConfig = ImageConfig( + entrypoint: ["/bin/sh", "-c"], + cmd: ["echo 'hello'", "&&", "sleep 10"] + ) + + let process = LinuxProcessConfiguration(from: imageConfig) + + #expect(process.arguments == ["/bin/sh", "-c", "echo 'hello'", "&&", "sleep 10"]) + } + + @Test func defaultCapabilitiesAreRestrictedOCISet() { + // Regression guard against shipping `.allCapabilities` as the default. + // A default container must not receive CAP_SYS_ADMIN, which would let it + // write /proc/sys/kernel/core_pattern and escape to guest-root. Cover both + // construction paths: the no-argument init (property default) and the full + // memberwise init (parameter default). + let viaProperty = LinuxProcessConfiguration() + let viaInit = LinuxProcessConfiguration(arguments: ["/bin/sh"]) + + for caps in [viaProperty.capabilities, viaInit.capabilities] { + for set in [caps.bounding, caps.effective, caps.permitted, caps.inheritable, caps.ambient] { + #expect(!set.contains(.sysAdmin), "default capabilities must not include CAP_SYS_ADMIN") + } + } + + // The default must be exactly the documented OCI baseline. + let expected = LinuxCapabilities.defaultOCICapabilities + #expect(viaProperty.capabilities.bounding == expected.bounding) + #expect(viaProperty.capabilities.effective == expected.effective) + #expect(viaProperty.capabilities.permitted == expected.permitted) + #expect(viaProperty.capabilities.inheritable == expected.inheritable) + #expect(viaProperty.capabilities.ambient == expected.ambient) + #expect(viaInit.capabilities.bounding == expected.bounding) + } + + @Test func defaultMaskedAndReadonlyPathsAreOCISet() { + // Regression guard: masked/readonly paths must default to the OCI + // standard set now that capabilities default to the restricted baseline. + // Without CAP_SYS_ADMIN a workload can't unmount these, so the defaults + // are meaningful defense-in-depth — shipping empty defaults would leave + // /proc/kcore and friends exposed. Cover both construction paths and + // both configuration types. + let expectedMasked = LinuxContainer.defaultMaskedPaths() + let expectedReadonly = LinuxContainer.defaultReadonlyPaths() + + // Sensitive kernel paths must actually be in the defaults. + #expect(expectedMasked.contains("/proc/kcore")) + #expect(expectedMasked.contains("/sys/firmware")) + #expect(expectedReadonly.contains("/proc/sys")) + + let containerViaProperty = LinuxContainer.Configuration() + let containerViaInit = LinuxContainer.Configuration(process: LinuxProcessConfiguration(arguments: ["/bin/sh"])) + let pod = LinuxPod.ContainerConfiguration() + + for config in [containerViaProperty, containerViaInit] { + #expect(config.maskedPaths == expectedMasked) + #expect(config.readonlyPaths == expectedReadonly) + } + #expect(pod.maskedPaths == expectedMasked) + #expect(pod.readonlyPaths == expectedReadonly) + } +} diff --git a/Tests/ContainerizationTests/MountCHTests.swift b/Tests/ContainerizationTests/MountCHTests.swift new file mode 100644 index 0000000..4b809ea --- /dev/null +++ b/Tests/ContainerizationTests/MountCHTests.swift @@ -0,0 +1,72 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import CloudHypervisor +import Testing + +@testable import Containerization + +@Suite("Mount+CH") +struct MountCHTests { + @Test("block mount without options produces DiskConfig with readonly=false") + func blockNoOptions() { + let mount = Mount.block(format: "ext4", source: "/foo.img", destination: "/data") + let cfg = mount.chDiskConfig(id: "blk-0") + #expect(cfg?.path == "/foo.img") + #expect(cfg?.readonly == false) + #expect(cfg?.id == "blk-0") + #expect(cfg?.direct == nil) + #expect(cfg?.iommu == nil) + #expect(cfg?.pciSegment == nil) + } + + @Test("block mount with 'ro' option produces DiskConfig with readonly=true") + func blockReadOnly() { + let mount = Mount.block(format: "ext4", source: "/foo.img", destination: "/data", options: ["ro"]) + let cfg = mount.chDiskConfig(id: "blk-1") + #expect(cfg?.readonly == true) + } + + @Test("non-block mount returns nil from chDiskConfig") + func chDiskConfigNilForNonBlock() { + let share = Mount.share(source: "/host", destination: "/guest") + #expect(share.chDiskConfig(id: "x") == nil) + + let any = Mount.any(type: "tmpfs", source: "tmpfs", destination: "/tmp") + #expect(any.chDiskConfig(id: "x") == nil) + } + + @Test("share mount produces FsConfig with tag and socket") + func shareMount() { + let mount = Mount.share(source: "/host/dir", destination: "/guest/dir") + let cfg = mount.chFsConfig(tag: "share0", socketPath: "/tmp/vfs.sock", id: "fs-0") + #expect(cfg?.tag == "share0") + #expect(cfg?.socket == "/tmp/vfs.sock") + #expect(cfg?.id == "fs-0") + #expect(cfg?.numQueues == nil) + #expect(cfg?.queueSize == nil) + #expect(cfg?.pciSegment == nil) + } + + @Test("non-share mount returns nil from chFsConfig") + func chFsConfigNilForNonShare() { + let block = Mount.block(format: "ext4", source: "/foo.img", destination: "/data") + #expect(block.chFsConfig(tag: "t", socketPath: "/s", id: "x") == nil) + + let any = Mount.any(type: "tmpfs", source: "tmpfs", destination: "/tmp") + #expect(any.chFsConfig(tag: "t", socketPath: "/s", id: "x") == nil) + } +} diff --git a/Tests/ContainerizationTests/MountTests.swift b/Tests/ContainerizationTests/MountTests.swift new file mode 100644 index 0000000..231dcc6 --- /dev/null +++ b/Tests/ContainerizationTests/MountTests.swift @@ -0,0 +1,357 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOCI +import Foundation +import Testing + +@testable import Containerization + +struct MountTests { + + @Test func mountShareCreatesVirtiofsMount() { + let mount = Mount.share( + source: "/host/shared", + destination: "/guest/shared", + options: ["rw", "noatime"], + runtimeOptions: ["tag=shared"] + ) + + #expect(mount.type == "virtiofs") + #expect(mount.source == "/host/shared") + #expect(mount.destination == "/guest/shared") + #expect(mount.options == ["rw", "noatime"]) + + if case .virtiofs(let opts) = mount.runtimeOptions { + #expect(opts == ["tag=shared"]) + } else { + #expect(Bool(false), "Expected virtiofs runtime options") + } + } + + @Test func sortMountsByDestinationDepthPreventsParentShadowing() { + let mounts: [ContainerizationOCI.Mount] = [ + .init(destination: "/tmp/foo/bar"), + .init(destination: "/tmp"), + .init(destination: "/var/log/app"), + .init(destination: "/var"), + ] + + let sorted = sortMountsByDestinationDepth(mounts) + + #expect( + sorted.map(\.destination) == [ + "/tmp", + "/var", + "/tmp/foo/bar", + "/var/log/app", + ]) + } + + @Test func sortMountsByDestinationDepthPreservesOrderForEqualDepth() { + let mounts: [ContainerizationOCI.Mount] = [ + .init(destination: "/b"), + .init(destination: "/a"), + .init(destination: "/c"), + ] + + let sorted = sortMountsByDestinationDepth(mounts) + + // All same depth, order should be preserved (stable sort). + #expect(sorted.map(\.destination) == ["/b", "/a", "/c"]) + } + + @Test func sortMountsByDestinationDepthHandlesTrailingAndDoubleSlashes() { + let mounts: [ContainerizationOCI.Mount] = [ + .init(destination: "/a//b/c"), + .init(destination: "/a/"), + ] + + let sorted = cleanAndSortMounts(mounts) + + // Paths are cleaned: "/a/" -> "/a", "/a//b/c" -> "/a/b/c" + #expect(sorted.map(\.destination) == ["/a", "/a/b/c"]) + } + + @Test func sortMountsByDestinationDepthCleansDotAndDotDot() { + let mounts: [ContainerizationOCI.Mount] = [ + .init(destination: "/tmp/../foo"), + .init(destination: "/tmp/./bar/baz"), + .init(destination: "/"), + ] + + let sorted = cleanAndSortMounts(mounts) + + // "/tmp/../foo" -> "/foo", "/tmp/./bar/baz" -> "/tmp/bar/baz" + #expect(sorted.map(\.destination) == ["/", "/foo", "/tmp/bar/baz"]) + } +} + +@Suite("AttachedFilesystem runtimeOptions dispatch") +struct AttachedFilesystemTests { + + @Test func virtioblkMountAllocatesBlockDevice() throws { + let mount = Mount.block( + format: "ext4", + source: "/path/to/disk.img", + destination: "/data" + ) + let allocator = Character.blockDeviceTagAllocator() + let attached = try AttachedFilesystem(mount: mount, allocator: allocator) + + #expect(attached.source == "/dev/vda") + #expect(attached.type == "ext4") + #expect(attached.destination == "/data") + } + + @Test func nbdMountAllocatesBlockDevice() throws { + let mount = Mount.block( + format: "ext4", + source: "nbd://localhost:10809", + destination: "/data" + ) + let allocator = Character.blockDeviceTagAllocator() + let attached = try AttachedFilesystem(mount: mount, allocator: allocator) + + #expect(attached.source == "/dev/vda") + #expect(attached.type == "ext4") + #expect(attached.destination == "/data") + } + + @Test func nbdMountWithNonExt4FormatAllocatesBlockDevice() throws { + let mount = Mount.block( + format: "xfs", + source: "nbd://localhost:10809", + destination: "/data" + ) + let allocator = Character.blockDeviceTagAllocator() + let attached = try AttachedFilesystem(mount: mount, allocator: allocator) + + #expect(attached.source == "/dev/vda") + #expect(attached.type == "xfs") + } + + @Test func multipleBlockDevicesAllocateSequentially() throws { + let allocator = Character.blockDeviceTagAllocator() + + let m1 = Mount.block(format: "ext4", source: "/disk1.img", destination: "/a") + let m2 = Mount.block(format: "ext4", source: "nbd://host:10809", destination: "/b") + let m3 = Mount.block(format: "ext4", source: "/disk2.img", destination: "/c") + + let a1 = try AttachedFilesystem(mount: m1, allocator: allocator) + let a2 = try AttachedFilesystem(mount: m2, allocator: allocator) + let a3 = try AttachedFilesystem(mount: m3, allocator: allocator) + + #expect(a1.source == "/dev/vda") + #expect(a2.source == "/dev/vdb") + #expect(a3.source == "/dev/vdc") + } + + @Test func anyMountUsesSourceDirectly() throws { + let mount = Mount.any( + type: "tmpfs", + source: "tmpfs", + destination: "/tmp" + ) + let allocator = Character.blockDeviceTagAllocator() + let attached = try AttachedFilesystem(mount: mount, allocator: allocator) + + #expect(attached.source == "tmpfs") + } +} + +@Suite("PodVolume and shared mount types") +struct PodVolumeTests { + + @Test func podVolumeNBDSourceCreation() { + let volume = LinuxPod.PodVolume( + name: "shared-data", + source: .nbd(url: URL(string: "nbd://localhost:10809")!), + format: "ext4" + ) + + #expect(volume.name == "shared-data") + #expect(volume.format == "ext4") + if case .nbd(let url, let timeout, let readOnly) = volume.source { + #expect(url.absoluteString == "nbd://localhost:10809") + #expect(timeout == nil) + #expect(readOnly == false) + } else { + Issue.record("Expected .nbd source") + } + } + + @Test func podVolumeNBDSourceWithOptions() { + let volume = LinuxPod.PodVolume( + name: "data", + source: .nbd(url: URL(string: "nbd://host:10809")!, timeout: 30, readOnly: true), + format: "xfs" + ) + + if case .nbd(_, let timeout, let readOnly) = volume.source { + #expect(timeout == 30) + #expect(readOnly == true) + } else { + Issue.record("Expected .nbd source") + } + } + + @Test func podVolumeToMountConvertsCorrectly() { + let volume = LinuxPod.PodVolume( + name: "my-vol", + source: .nbd(url: URL(string: "nbd://host:10809/export")!), + format: "ext4" + ) + + let mount = volume.toMount() + + #expect(mount.source == "nbd://host:10809/export") + #expect(mount.destination == "/run/volumes/my-vol") + #expect(mount.type == "ext4") + #expect(mount.isBlock) + } + + @Test func podVolumeToMountWithReadOnlySetsOptions() { + let volume = LinuxPod.PodVolume( + name: "ro-vol", + source: .nbd(url: URL(string: "nbd://host:10809")!, readOnly: true), + format: "ext4" + ) + + let mount = volume.toMount() + + #expect(mount.options.contains("ro")) + #expect(mount.isBlock) + } + + @Test func podVolumeToMountWithTimeoutSetsRuntimeOption() { + let volume = LinuxPod.PodVolume( + name: "data", + source: .nbd(url: URL(string: "nbd://host:10809")!, timeout: 60), + format: "ext4" + ) + + let mount = volume.toMount() + + if case .virtioblk(let opts) = mount.runtimeOptions { + #expect(opts.contains("vzTimeout=60.0")) + } else { + Issue.record("Expected virtioblk runtime options") + } + } + + @Test func podVolumeToMountUsesMountType() { + let volume = LinuxPod.PodVolume( + name: "data", + source: .nbd(url: URL(string: "nbd://host:10809")!), + format: "xfs" + ) + + let mount = volume.toMount() + + #expect(mount.type == "xfs") + } + + @Test func podVolumeDiskImageSourceCreation() { + let volume = LinuxPod.PodVolume( + name: "disk-data", + source: .diskImage(path: URL(fileURLWithPath: "/tmp/disk.ext4")), + format: "ext4" + ) + + #expect(volume.name == "disk-data") + #expect(volume.format == "ext4") + if case .diskImage(let path, let readOnly) = volume.source { + #expect(path.path == "/tmp/disk.ext4") + #expect(readOnly == false) + } else { + Issue.record("Expected .diskImage source") + } + } + + @Test func podVolumeDiskImageToMountConvertsCorrectly() { + let volume = LinuxPod.PodVolume( + name: "my-disk", + source: .diskImage(path: URL(fileURLWithPath: "/tmp/my-disk.ext4")), + format: "ext4" + ) + + let mount = volume.toMount() + + // The mount source must be the raw filesystem path, not a file:// URL. + #expect(mount.source == "/tmp/my-disk.ext4") + #expect(mount.destination == "/run/volumes/my-disk") + #expect(mount.type == "ext4") + #expect(mount.isBlock) + } + + @Test func podVolumeDiskImageReadOnlySetsOptions() { + let volume = LinuxPod.PodVolume( + name: "ro-disk", + source: .diskImage(path: URL(fileURLWithPath: "/tmp/ro-disk.ext4"), readOnly: true), + format: "ext4" + ) + + let mount = volume.toMount() + + #expect(mount.options.contains("ro")) + #expect(mount.isBlock) + } + + @Test func sharedMountCreation() { + let mount = Mount.sharedMount( + name: "shared-data", + destination: "/data", + options: ["ro"] + ) + + #expect(mount.source == "shared-data") + #expect(mount.destination == "/data") + #expect(mount.options == ["ro"]) + #expect(mount.type == "none") + if case .shared = mount.runtimeOptions { + // correct + } else { + Issue.record("Expected .shared runtime options") + } + } + + @Test func sharedMountDefaultOptions() { + let mount = Mount.sharedMount(name: "data", destination: "/mnt") + + #expect(mount.options.isEmpty) + } + + @Test func sharedMountIsNotBlock() { + let mount = Mount.sharedMount(name: "data", destination: "/mnt") + + #expect(!mount.isBlock) + } + + @Test func sharedMountDoesNotAllocateBlockDevice() throws { + let allocator = Character.blockDeviceTagAllocator() + + // Shared mount should not consume a device letter. + let shared = Mount.sharedMount(name: "vol", destination: "/data") + let attached = try AttachedFilesystem(mount: shared, allocator: allocator) + #expect(attached.source == "vol") + + // Next block device should still get vda. + let block = Mount.block(format: "ext4", source: "/disk.img", destination: "/mnt") + let blockAttached = try AttachedFilesystem(mount: block, allocator: allocator) + #expect(blockAttached.source == "/dev/vda") + } +} diff --git a/Tests/ContainerizationTests/TAPNameDerivationTests.swift b/Tests/ContainerizationTests/TAPNameDerivationTests.swift new file mode 100644 index 0000000..7f52500 --- /dev/null +++ b/Tests/ContainerizationTests/TAPNameDerivationTests.swift @@ -0,0 +1,59 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) +import Testing + +@testable import Containerization + +@Suite("TAP name derivation") +struct TAPNameDerivationTests { + @Test("name is deterministic for a given id") + func deterministic() { + let a = LinuxBridgedNetwork.derivedTAPName(forID: "container-abc") + let b = LinuxBridgedNetwork.derivedTAPName(forID: "container-abc") + #expect(a == b) + } + + @Test("different ids produce different names") + func differentIds() { + let a = LinuxBridgedNetwork.derivedTAPName(forID: "alpha") + let b = LinuxBridgedNetwork.derivedTAPName(forID: "beta") + #expect(a != b) + } + + @Test("name fits within IFNAMSIZ - 1 (15 chars)") + func ifnamsizFit() { + for id in ["a", "short", "a-much-longer-container-id-that-exceeds-typical-bounds"] { + let n = LinuxBridgedNetwork.derivedTAPName(forID: id) + #expect(n.count <= 15, "name '\(n)' exceeds IFNAMSIZ-1") + } + } + + @Test("name uses czt- prefix") + func prefix() { + let n = LinuxBridgedNetwork.derivedTAPName(forID: "anything") + #expect(n.hasPrefix("czt-")) + } + + @Test("hex suffix is 10 chars") + func suffixLength() { + let n = LinuxBridgedNetwork.derivedTAPName(forID: "anything") + // "czt-" is 4 chars; total 14. + #expect(n.count == 14) + } +} +#endif diff --git a/Tests/TestImages/dockermanifestimage/Dockerfile b/Tests/TestImages/dockermanifestimage/Dockerfile new file mode 100644 index 0000000..115aa66 --- /dev/null +++ b/Tests/TestImages/dockermanifestimage/Dockerfile @@ -0,0 +1,5 @@ +# This image is built as a single platform image with media type application/vnd.docker.distribution.manifest.v2+json +FROM scratch +LABEL org.opencontainers.image.source=https://github.com/apple/containerization +# empty add so that the build doesn't error due to no build directives +ADD . . diff --git a/Tests/TestImages/emptyimage/Dockerfile b/Tests/TestImages/emptyimage/Dockerfile new file mode 100644 index 0000000..d1a94c5 --- /dev/null +++ b/Tests/TestImages/emptyimage/Dockerfile @@ -0,0 +1,4 @@ +FROM scratch +LABEL org.opencontainers.image.source=https://github.com/apple/containerization +ADD . . + diff --git a/assets/Containerization-Logo.png b/assets/Containerization-Logo.png new file mode 100644 index 0000000..ff5ff26 Binary files /dev/null and b/assets/Containerization-Logo.png differ diff --git a/docs/single-file-mounts.md b/docs/single-file-mounts.md new file mode 100644 index 0000000..9f963d9 --- /dev/null +++ b/docs/single-file-mounts.md @@ -0,0 +1,55 @@ +# Single File Mounts + +In Containerization, what is analogous to bind mounts goes over virtiofs. virtiofs can only +share directories, not individual files. To support mounting a single file from the host into +a container, Containerization shares the file's parent directory via virtiofs and then bind +mounts the specific file to its final destination inside the container. + +## How it works + +1. **Detection**: During mount preparation, each virtiofs mount source is stat'd. If it's a + regular file (not a directory), it enters the single-file mount path. Symlinks are + resolved to the real file first. + +2. **Parent directory share**: The file's parent directory is shared via virtiofs into the + guest VM. If multiple single-file mounts reference files in the same parent directory, + only one virtiofs share is created. + +3. **Guest holding mount**: After the VM starts, the parent directory share is mounted to a + holding location in the guest. + +4. **Bind mount**: When the container starts, a bind mount is created from + the holding location to the requested destination path inside the container. + +### Example + +Mounting `/Users/dev/config/app.toml` to `/etc/app.toml` in the container: + +``` +Host: /Users/dev/config/ (shared via virtiofs) +Guest VM: /temporary/holding/spot/ (virtiofs mount of parent dir) +Container: /etc/app.toml (bind mount of /temporary/holding/spot/app.toml) +``` + +## Trade-offs + +Sharing the parent directory means that sibling files in that directory are visible to the +guest VM at the holding mount point under `/run`. The bind mount into the container only +exposes the specific file requested, but the full parent directory contents are accessible +from inside the VM itself. This is a deliberate trade-off for reliability. Prior attempts +at supporting single file mounts using temporary directories with hardlinks were fragile +across filesystem boundaries and with certain host filesystem configurations. + +## Alternatives to single file mounts + +If exposing the parent directory to the guest VM is not acceptable for your use case, you +can avoid single-file mounts entirely: + +- **Mount the whole directory**: Instead of mounting a single file, mount the directory that + contains it. This is functionally equivalent (the directory is shared either way) but makes + the behavior explicit and gives the container access to the full directory at the + destination path. + +- **Stage files into a dedicated directory**: Copy the files you need into a dedicated + directory on the host and mount that directory instead. This gives you full control + over what is visible to the guest. diff --git a/docs/x86_64-build.md b/docs/x86_64-build.md new file mode 100644 index 0000000..5d4e2c4 --- /dev/null +++ b/docs/x86_64-build.md @@ -0,0 +1,228 @@ +# x86_64 Deployment Build + +`make dist-x86_64` produces a self-contained x86_64 Linux deployment tarball +at `bin/containerization-x86_64-.tar.gz`. The build runs entirely inside +the aarch64 Linux dev container — there is no host tooling requirement beyond +`make`, `container`, and the prerequisites the dev image installs. + +The tarball ships everything needed to run a Containerization VM on an x86_64 +Linux host: the `cctl` host binary, the `cloud-hypervisor` VMM, the +`virtiofsd` filesystem daemon, an x86_64 Linux kernel, and an `initfs.ext4` +guest rootfs containing `vminitd` + `vmexec`. + +`cctl`, `cloud-hypervisor`, and `vminitd`/`vmexec` are statically linked +against musl, so they run on any x86_64 Linux. **`virtiofsd` is dynamically +linked against glibc 2.35+**; the deployment host must provide glibc +≥ 2.35 (Ubuntu 22.04 / Debian 12 / RHEL 9 era) plus `libseccomp.so.2` and +`libcap-ng.so.0`. Both are present by default on essentially every server +distro shipped in the last few years. + +## Prerequisites + +Before the first `make dist-x86_64`: + +1. **Source checkouts under `.local/`** — pinned by you, not fetched by the + build. There is no fetch target; clone the revision you want shipped: + + ```sh + git clone -b v52.0 https://github.com/cloud-hypervisor/cloud-hypervisor \ + .local/cloud-hypervisor + git clone https://gitlab.com/virtio-fs/virtiofsd .local/virtiofsd + ``` + +2. **An x86_64 kernel** at `kernel/vmlinuz-x86_64` (preferred) or + `kernel/vmlinux-x86_64`. Build via `make -C kernel TARGET_ARCH=x86_64`. + The build fails hard if neither exists — a tarball without a kernel is + not usable. + +3. **The Linux dev image.** `dist-x86_64` depends on the `linux-image` + make target, so the `container build` cache handles this automatically; + the first run takes a few minutes, subsequent runs are seconds. + +The dev image (`images/linux-dev/Dockerfile`) bundles Swiftly, the Static +Linux SDK, the Rust toolchain (with `cargo-zigbuild`), a prebuilt +`/opt/cross-x86_64-musl/` prefix containing zlib, xz, bzip2, libarchive, +libcap-ng, and libseccomp built static-musl for x86_64, and a sibling +`/opt/cross-x86_64-gnu/` prefix containing libcap-ng and libseccomp built +as glibc-dynamic shared libraries for virtiofsd's link step. +`scripts/build-musl-x86_64-deps.sh` and `scripts/build-glibc-x86_64-deps.sh` +produce these prefixes at image build time. + +## Running the build + +```sh +make dist-x86_64 +``` + +Drives `scripts/build-dist-x86_64.sh` inside the dev container via the +`linux_run` macro. The container bind-mounts the repo at `/workspace`, so +all build outputs land back on the host under `bin/dist-x86_64/`. + +## Pipeline + +The script runs five build stages plus a packaging stage. Each build stage +is gated by a freshness check (see [Rebuild gating](#rebuild-gating)) so +unchanged components are skipped on subsequent runs. + +1. **`cctl` cross-compile to x86_64-linux-musl.** + `swift build --swift-sdk x86_64-swift-linux-musl --product cctl`. Always + runs — this is the artifact under iteration, and Swift's incremental + build is a near-no-op when nothing changed. + +2. **`vminitd` + `vmexec` cross-compile to x86_64-linux-musl.** + `make -C vminitd LIBC=musl MUSL_ARCH=x86_64`. The guest agent and + process launcher; both run inside the VM as PID 1's children. + +3. **`cloud-hypervisor` cross-compile to x86_64-unknown-linux-musl.** + `cargo zigbuild --target x86_64-unknown-linux-musl --bin cloud-hypervisor` + from `.local/cloud-hypervisor`. + +4. **`virtiofsd` cross-compile to x86_64-unknown-linux-gnu.2.35.** + `cargo zigbuild --target x86_64-unknown-linux-gnu.2.35` from + `.local/virtiofsd`, with `scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch` + applied first. The patch is idempotent — applied if missing, skipped if + already present, fails hard if it can't be applied cleanly. Unlike the + other three host binaries, virtiofsd is **glibc-dynamic**: it expects + the deployment host to provide glibc ≥ 2.35, `libseccomp.so.2`, and + `libcap-ng.so.0`. Link-time `.so` files come from + `/opt/cross-x86_64-gnu/`. + +5. **`initfs.ext4` packaging.** + A native aarch64 `cctl` is built (Swift release) and used as the packer: + `cctl rootfs create --vminitd … --vmexec …` writes a ready-to-mount + ext4 image with the x86_64 guest binaries inside. The native build + only runs when this stage runs. + +6. **Stage and tar.** Always runs. Lays out the staging tree at + `bin/dist-x86_64//`: + + ``` + / + ├── bin/ + │ ├── cctl + │ ├── cloud-hypervisor + │ └── virtiofsd + ├── kernel/ + │ └── vmlinuz-x86_64 # or vmlinux-x86_64, whichever was found + └── initfs.ext4 + ``` + + Then `tar -czf bin/.tar.gz`. + +## Rebuild gating + +By default, every stage skips when its output is up-to-date. Each freshness +check has a corresponding `REBUILD_*=1` environment variable that forces +the stage to rerun. + +| Stage | Skip condition | Force rebuild | +| --- | --- | --- | +| `cctl` x86 cross | (never skipped — always runs) | n/a | +| `vminitd` + `vmexec` | both binaries exist under `bin/dist-x86_64/` AND nothing under `vminitd/Sources/`, `vminitd/Package.swift`, or `Sources/Containerization/SandboxContext/` is newer than them | `REBUILD_VMINITD=1` | +| `cloud-hypervisor` | `bin/dist-x86_64/cloud-hypervisor` exists | `REBUILD_CH=1` | +| `virtiofsd` | `bin/dist-x86_64/virtiofsd` exists | `REBUILD_VIRTIOFSD=1` | +| `initfs.ext4` | exists AND is newer than both staged `vminitd` and `vmexec` (also implicitly skipped when `vminitd` was skipped) | `REBUILD_INITFS=1` | +| native aarch64 `cctl` | only built when `initfs.ext4` is being rebuilt | `REBUILD_INITFS=1` | +| stage tree + tar | (always runs) | n/a | + +The freshness checks intentionally use binary presence and source mtimes +rather than content hashing — fast to evaluate, easy to bypass with `touch` +or `rm`. There is no global "rebuild everything" switch by design; force +the specific component you want, or `rm -rf bin/dist-x86_64/` for a full +clean rebuild. + +`cloud-hypervisor` and `virtiofsd` only check binary presence (not source +mtime against `.local/`). The pinned-source convention assumes you opt +into rebuilds explicitly — the `REBUILD_CH=1` / `REBUILD_VIRTIOFSD=1` +escape hatches exist for exactly that case. Walking the full Rust source +tree on every run was the alternative; not worth the cost. + +### Common rebuild scenarios + +- **Iterating on host-side `cctl` or `Containerization` Swift code:** just + `make dist-x86_64`. Only the x86 cctl rebuild runs (and tar). +- **Touched `vminitd` source or the proto:** `REBUILD_VMINITD=1` is + picked up automatically by mtime; `make dist-x86_64`. `vminitd` and + `initfs.ext4` rebuild. +- **Pulled new `.local/cloud-hypervisor`:** `REBUILD_CH=1 make dist-x86_64`. +- **Pulled new `.local/virtiofsd`:** `REBUILD_VIRTIOFSD=1 make dist-x86_64`. +- **Suspect a stale artifact:** `rm -rf bin/dist-x86_64 && make dist-x86_64` + for a full clean rebuild. + +## Cross-compilation toolchain + +Two cross toolchains live side-by-side in the dev image. `cctl`, +`vminitd`/`vmexec`, and `cloud-hypervisor` target `x86_64-linux-musl` and +ship statically linked so the artifacts are host-libc independent. +`virtiofsd` targets `x86_64-linux-gnu.2.35` and ships dynamically linked; +the deployment host provides glibc, libseccomp, and libcap-ng. + +- **Swift** uses Apple's Static Linux SDK (`x86_64-swift-linux-musl`), + installed by `make cross-prep` at dev-image build time. The same SDK + is used for both `cctl` and `vminitd` cross-builds. +- **Rust C cross-compiler is Zig.** For musl stages, `zig cc -target + x86_64-linux-musl` is wrapped as `x86_64-linux-musl-{gcc,g++,ar,ranlib,strip}`. + For virtiofsd, parallel `x86_64-linux-gnu-*` wrappers dispatch to + `zig cc -target x86_64-linux-gnu.2.35`, plus an `x86_64-linux-gnu-ld` + wrapper backed by LLVM's `ld.lld` (apt-installed). The `ld` wrapper + is needed because libtool's shared-library detection probes the + linker with `-m elf_x86_64`; the host's aarch64 `/usr/bin/ld` + rejects that and would silently disable `.so` emission. The gnu + `gcc`/`g++` wrappers intercept `-print-prog-name=ld` so libtool + discovers the cross-ld wrapper instead of the host linker. The + pinned `.2.35` glibc baseline determines the minimum host glibc; + bumping it requires editing the wrapper scripts under + `images/linux-dev/wrappers/`. Zig was chosen over musl.cc / gcc + cross prebuilts because aarch64-hosted versions of those aren't + published. +- **Rust linker** is **not** set explicitly. `cargo-zigbuild` installs + its own linker wrapper that strips Rust's self-contained musl crt + files (which would otherwise collide with Zig's musl crt). Setting + `CARGO_TARGET_*_LINKER` ourselves overrides that and produces + duplicate-symbol link errors. +- **`pkg-config`** points at `/opt/cross-x86_64-musl/lib/pkgconfig` for + the musl stages; the virtiofsd block overrides it in a subshell to + point at `/opt/cross-x86_64-gnu/lib/pkgconfig` so `libseccomp-sys` + and `libcap-ng`'s `capng-sys` resolve against the glibc-dynamic + `.so` files, not the static-musl `.a` archives. The musl prefix uses + GNU ld linker scripts at `lib{seccomp,cap-ng}.so` to redirect + dynamic-link requests into the static archives; the gnu prefix ships + real shared libraries. + +The cross C dep prefixes are built by `scripts/build-musl-x86_64-deps.sh` +and `scripts/build-glibc-x86_64-deps.sh` during `make linux-image`. +Modifying either script invalidates that layer of the dev image and +triggers a rebuild on the next `make dist-x86_64`. + +## Troubleshooting + +- **`ERROR: missing .local/cloud-hypervisor source checkout`** — see + Prerequisites. There is no fetch target; clone the revision you want + pinned. +- **`ERROR: no x86_64 kernel found`** — run + `make -C kernel TARGET_ARCH=x86_64`. The build refuses to ship a + tarball without a kernel. +- **`ERROR: virtiofsd cap-drop patch does not apply cleanly`** — the + patch only applies to known-good upstream revisions of virtiofsd. If + you bumped `.local/virtiofsd` past that, refresh + `scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch` + against the new revision. +- **Stale binary on the deployment host** — confirm the tarball SHA in + `bin/containerization-x86_64-.tar.gz` matches `git rev-parse + --short HEAD`. The script tags the tarball with `HEAD` at build time; + uncommitted changes ship under the same SHA as their parent commit. +- **Linker errors mentioning duplicate `crt*.o` symbols** — something is + setting `CARGO_TARGET_*_LINKER`. Unset it and let `cargo-zigbuild` + manage the linker. +- **`virtiofsd: error while loading shared libraries: libseccomp.so.2`** + (or `libcap-ng.so.0`) on the deployment host — install the system + packages (`apt install libseccomp2 libcap-ng0` on Debian/Ubuntu, + `dnf install libseccomp libcap-ng` on Fedora/RHEL). `virtiofsd` is + glibc-dynamic by design; the libs are not bundled in the tarball. +- **`virtiofsd: /lib/x86_64-linux-gnu/libc.so.6: version 'GLIBC_2.35' + not found`** — the deployment host's glibc is older than the build's + baseline. Either upgrade the host or rebuild with a lower baseline + by editing the `-target x86_64-linux-gnu.` arg in + `images/linux-dev/wrappers/x86_64-linux-gnu-{gcc,g++}` and the + `cargo zigbuild --target x86_64-unknown-linux-gnu.` line in + `scripts/build-dist-x86_64.sh`. diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..bc18a2a --- /dev/null +++ b/examples/README.md @@ -0,0 +1,14 @@ +# Examples + +This directory contains example projects demonstrating how to use Containerization. + +## Available Examples + +### [ctr-example](ctr-example/) + +A basic example of launching a Linux container using Containerization. This example demonstrates: +- Fetching and configuring a Linux kernel +- Creating and starting containers +- Basic container management operations + +See the [ctr-example README](ctr-example/README.md) for detailed build and run instructions. diff --git a/examples/ctr-example/Makefile b/examples/ctr-example/Makefile new file mode 100644 index 0000000..06bda05 --- /dev/null +++ b/examples/ctr-example/Makefile @@ -0,0 +1,47 @@ +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ctr-example Makefile + +SWIFT = /usr/bin/swift + +UNAME_M := $(shell uname -m) +KERNEL_ARCH := $(if $(filter $(UNAME_M),aarch64 arm64),arm64,$(UNAME_M)) + +.PHONY: all build clean run + +all: run + +build: + $(SWIFT) build --configuration release + codesign --force --sign - --entitlements ctr-example.entitlements ./.build/release/ctr-example + cp ./.build/release/ctr-example ./ctr-example + +clean: + $(SWIFT) package clean + rm -f ./ctr-example + +run: build + ./ctr-example + +# Development targets +debug: + $(SWIFT) build + codesign --force --sign - --entitlements ctr-example.entitlements ./.build/debug/ctr-example + +fmt: + $(SWIFT) format --in-place --recursive Sources/ +fetch-default-kernel: + $(MAKE) -C ../.. fetch-default-kernel + cp -L ../../.local/vmlinux-$(KERNEL_ARCH) ./vmlinux-$(KERNEL_ARCH) diff --git a/examples/ctr-example/Package.resolved b/examples/ctr-example/Package.resolved new file mode 100644 index 0000000..848cc07 --- /dev/null +++ b/examples/ctr-example/Package.resolved @@ -0,0 +1,267 @@ +{ + "originHash" : "f9b523ded39c0fa3565fd16d3b4097384449d541048751be7efee4a43af79fd4", + "pins" : [ + { + "identity" : "async-http-client", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/async-http-client.git", + "state" : { + "revision" : "7744c2a035c68ec14726c709f031835e3e30bde1", + "version" : "1.34.0" + } + }, + { + "identity" : "containerization", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/containerization.git", + "state" : { + "revision" : "9275f365dd555c8f072e7d250d809f5eb7bdd746", + "version" : "0.33.4" + } + }, + { + "identity" : "grpc-swift-2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-2.git", + "state" : { + "revision" : "21fe69ab7ce0e87ac089534733c52f037e74a3eb", + "version" : "2.4.1" + } + }, + { + "identity" : "grpc-swift-nio-transport", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-nio-transport.git", + "state" : { + "revision" : "e7d463749f9037b047dcd6da4e633718ddc432b8", + "version" : "2.8.0" + } + }, + { + "identity" : "grpc-swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-protobuf.git", + "state" : { + "revision" : "b05885fa9bdd88f1eab2e7162f1ee81340b0da33", + "version" : "2.4.0" + } + }, + { + "identity" : "swift-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-algorithms.git", + "state" : { + "revision" : "87e50f483c54e6efd60e885f7f5aa946cee68023", + "version" : "1.2.1" + } + }, + { + "identity" : "swift-argument-parser", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-argument-parser.git", + "state" : { + "revision" : "6a52f3251125d74daf04fcbd5e6f08a75d074382", + "version" : "1.8.2" + } + }, + { + "identity" : "swift-asn1", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-asn1.git", + "state" : { + "revision" : "a9a5efd40eaf558a2bcd48d64b1d1646be686008", + "version" : "1.7.1" + } + }, + { + "identity" : "swift-async-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-async-algorithms.git", + "state" : { + "revision" : "d0b4a06d0f173a2f3be27d3ea21b3c3aa18db440", + "version" : "1.1.4" + } + }, + { + "identity" : "swift-atomics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-atomics.git", + "state" : { + "revision" : "b601256eab081c0f92f059e12818ac1d4f178ff7", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-certificates", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-certificates.git", + "state" : { + "revision" : "bde8ca32a096825dfce37467137c903418c1893d", + "version" : "1.19.1" + } + }, + { + "identity" : "swift-collections", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-collections.git", + "state" : { + "revision" : "a0cb0954ecb21e4e31b0070e6ed5674e8556685a", + "version" : "1.6.0" + } + }, + { + "identity" : "swift-configuration", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-configuration.git", + "state" : { + "revision" : "be76c4ad929eb6c4bcaf3351799f2adf9e6848a9", + "version" : "1.2.0" + } + }, + { + "identity" : "swift-crypto", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-crypto.git", + "state" : { + "revision" : "95ba0316a9b733e92bb6b071255ff46263bbe7dc", + "version" : "3.15.1" + } + }, + { + "identity" : "swift-distributed-tracing", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-distributed-tracing.git", + "state" : { + "revision" : "dc4030184203ffafbb2ec614352487235d747fe0", + "version" : "1.4.1" + } + }, + { + "identity" : "swift-http-structured-headers", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-structured-headers.git", + "state" : { + "revision" : "933538faa42c432d385f02e07df0ace7c5ecfc47", + "version" : "1.7.0" + } + }, + { + "identity" : "swift-http-types", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-types.git", + "state" : { + "revision" : "db774a277f60063a32d854f2980299caf06da041", + "version" : "1.6.0" + } + }, + { + "identity" : "swift-log", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-log.git", + "state" : { + "revision" : "92448c359f00ebe36ae97d3bd9086f13c7692b5a", + "version" : "1.13.2" + } + }, + { + "identity" : "swift-nio", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio.git", + "state" : { + "revision" : "77b84ac2cd2ac9e4ac67d19f045fd5b434f56967", + "version" : "2.101.0" + } + }, + { + "identity" : "swift-nio-extras", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-extras.git", + "state" : { + "revision" : "d2eeec0339074034f11a040a74aa2a341a2c4506", + "version" : "1.34.1" + } + }, + { + "identity" : "swift-nio-http2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-http2.git", + "state" : { + "revision" : "61d1b44f6e4e118792be1cff88ee2bc0267c6f9a", + "version" : "1.44.0" + } + }, + { + "identity" : "swift-nio-ssl", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-ssl.git", + "state" : { + "revision" : "407d82d5b6cc00e1c3fb83a81b1539b70c788c5e", + "version" : "2.37.1" + } + }, + { + "identity" : "swift-nio-transport-services", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-transport-services.git", + "state" : { + "revision" : "67787bb645a5e67d2edcdfbe48a216cc549222d5", + "version" : "1.28.0" + } + }, + { + "identity" : "swift-numerics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-numerics.git", + "state" : { + "revision" : "0c0290ff6b24942dadb83a929ffaaa1481df04a2", + "version" : "1.1.1" + } + }, + { + "identity" : "swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-protobuf.git", + "state" : { + "revision" : "f6506eaa86ed2e01cb0ae14a75035b7fdbf0918f", + "version" : "1.38.0" + } + }, + { + "identity" : "swift-service-context", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-service-context.git", + "state" : { + "revision" : "d0997351b0c7779017f88e7a93bc30a1878d7f29", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-service-lifecycle", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/swift-service-lifecycle.git", + "state" : { + "revision" : "9829955b385e5bb88128b73f1b8389e9b9c3191a", + "version" : "2.11.0" + } + }, + { + "identity" : "swift-system", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-system.git", + "state" : { + "revision" : "7502b711c92a17741fa625d722b0ccbd595d8ed1", + "version" : "1.7.2" + } + }, + { + "identity" : "zstd", + "kind" : "remoteSourceControl", + "location" : "https://github.com/facebook/zstd.git", + "state" : { + "revision" : "f8745da6ff1ad1e7bab384bd1f9d742439278e99", + "version" : "1.5.7" + } + } + ], + "version" : 3 +} diff --git a/examples/ctr-example/Package.swift b/examples/ctr-example/Package.swift new file mode 100644 index 0000000..15b649c --- /dev/null +++ b/examples/ctr-example/Package.swift @@ -0,0 +1,45 @@ +// swift-tools-version: 6.2 +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import PackageDescription + +let scVersion = "0.33.4" + +let package = Package( + name: "ctr-example", + platforms: [ + .macOS("26.0") + ], + products: [ + .executable( + name: "ctr-example", + targets: ["ctr-example"] + ) + ], + dependencies: [ + .package(url: "https://github.com/apple/containerization.git", exact: Version(stringLiteral: scVersion)) + ], + targets: [ + .executableTarget( + name: "ctr-example", + dependencies: [ + .product(name: "Containerization", package: "containerization"), + .product(name: "ContainerizationOS", package: "containerization"), + ] + ) + ] +) diff --git a/examples/ctr-example/README.md b/examples/ctr-example/README.md new file mode 100644 index 0000000..1563eb0 --- /dev/null +++ b/examples/ctr-example/README.md @@ -0,0 +1,48 @@ +# Container Example + +Very basic example of launching a Linux container using Containerization. + +## Build and Run + +### 1. Fetch Kernel + +In your terminal, change directories to examples/ctr-example and run: + +**Option A: Using Makefile (recommended)** +```bash +make fetch-default-kernel +``` + +**Option B: Copy from installed container tool** +```bash +cp "$(ls -t ~/Library/Application\ Support/com.apple.container/kernels/vmlinux-* | head -1)" ./vmlinux +``` + +You should now see the `vmlinux` image in examples/ctr-example + +### 2. Build/Run ctr-example + +From examples/ctr-example run: +```bash +make all +``` + +> [!WARNING] +> If you get the following error, try building from the default macOS terminal: +> `error: compiled module was created by a newer version of the compiler` + +After the build completes, the example will run. In your terminal you should see something like: + +``` +Starting container example... +Fetching container initial filesystem... +Creating container from docker.io/library/alpine:3.16... +Starting container... +/ # +``` + +> [!WARNING] +> If you get the following error, try moving the `ctr-example` binary to `/var/tmp` and run it from there. +> `Swift/ErrorType.swift:254: Fatal error: Error raised at top level: unsupported: "failed to create vmnet network with status vmnet_return_t(rawValue: 1001)"` + +**Congratulations, you've started the example container!** diff --git a/examples/ctr-example/Sources/ctr-example/main.swift b/examples/ctr-example/Sources/ctr-example/main.swift new file mode 100644 index 0000000..101b40c --- /dev/null +++ b/examples/ctr-example/Sources/ctr-example/main.swift @@ -0,0 +1,84 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Containerization +import ContainerizationOS +import Foundation + +@main +struct CtrExample { + static func main() async throws { + print("Starting container example...") + + // Set up terminal in raw mode (like cctl) + let current = try Terminal.current + try current.setraw() + defer { current.tryReset() } + + let initfsReference = "ghcr.io/apple/containerization/vminit:0.26.5" + #if arch(arm64) + let kernelCandidates = ["./vmlinux-arm64"] + #elseif arch(x86_64) + let kernelCandidates = ["./vmlinuz-x86_64", "./vmlinux-x86_64"] + #else + let kernelCandidates = ["./vmlinux"] + #endif + let kernelPath = kernelCandidates.first(where: { FileManager.default.fileExists(atPath: $0) }) ?? kernelCandidates[0] + print("Fetching base container filesystem...") + // Create container manager with file-based initfs + var manager = try await ContainerManager( + kernel: Kernel(path: URL(fileURLWithPath: kernelPath), platform: .linuxArm), + initfsReference: initfsReference, + network: try VmnetNetwork() + ) + + let containerId = "ctr-example" + let imageReference = "docker.io/library/alpine:3.16" + + print("Creating container from \(imageReference)...") + + // Create container with simple configuration + let container = try await manager.create( + containerId, + reference: imageReference, + rootfsSizeInBytes: 1.gib() + ) { @Sendable config in + config.cpus = 2 + config.memoryInBytes = 512.mib() + config.process.setTerminalIO(terminal: current) + config.process.arguments = ["/bin/sh"] + config.process.workingDirectory = "/" + } + + // Clean up on exit + defer { + try? manager.delete(containerId) + } + + print("Starting container...") + try await container.create() + try await container.start() + + // Resize terminal to match current window + try? await container.resize(to: try current.size) + + // Wait for container to finish + let exitCode = try await container.wait() + + print("Container exited with code \(exitCode)") + try await container.stop() + } +} diff --git a/examples/ctr-example/ctr-example.entitlements b/examples/ctr-example/ctr-example.entitlements new file mode 100644 index 0000000..f7f5d7c --- /dev/null +++ b/examples/ctr-example/ctr-example.entitlements @@ -0,0 +1,8 @@ + + + + + com.apple.security.virtualization + + + \ No newline at end of file diff --git a/examples/ctr-example/lab.md b/examples/ctr-example/lab.md new file mode 100644 index 0000000..d51630c --- /dev/null +++ b/examples/ctr-example/lab.md @@ -0,0 +1,58 @@ +# + +## Install and test the container tool: + +See https://github.com/apple/container/releases + +Once installed, start the service and follow prompts. + +```bash +container system start +``` + +This'll install your kernel. + +After this start your first container. On first launch, this'll install another artifact for our guest init process: + +```bash +container run alpine uname +``` + +Container starts after this will be fast! + +## Get the Containerization sources: + +```bash +$ git clone https://github.com/apple/containerization.git +``` + +> [!IMPORTANT] +> There is a bug in the `vmnet` framework on macOS 26 that causes network creation to fail if the creating applications are located under your `Documents` or `Desktop` directories. To workaround this, clone the project elsewhere, such as `~/projects/containerization`, until this issue is resolved. + +## Take a look at ctr-example + +Read through the sources: + +- ContainerManager: +- manager.create() +- container.create(), start(), wait(), stop() + +## Fetch the kernel + +Run + +```bash +cp "$(ls -t ~/Library/Application\ Support/com.apple.container/kernels/vmlinux-* | head -1)" ./vmlinux +``` + +## Build and run the example + +```bash +$ cd examples/ctr-example +$ make +``` + +## Modify the project + +- Change the command run by the container +- Change the image diff --git a/examples/sandboxy/Makefile b/examples/sandboxy/Makefile new file mode 100644 index 0000000..2be0b9c --- /dev/null +++ b/examples/sandboxy/Makefile @@ -0,0 +1,38 @@ +# Copyright © 2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +BUILD_CONFIGURATION ?= debug +SWIFT = /usr/bin/swift +SWIFT_STRIP := $(if $(filter release,$(BUILD_CONFIGURATION)),-Xlinker -s) +BUILD_BIN_DIR = $(shell $(SWIFT) build -c $(BUILD_CONFIGURATION) --show-bin-path) + +.PHONY: all build clean run fmt + +all: build + +build: + $(SWIFT) build -c $(BUILD_CONFIGURATION) $(SWIFT_STRIP) + @mkdir -p bin + @install "$(BUILD_BIN_DIR)/sandboxy" ./bin/ + codesign --force --sign - --entitlements sandboxy.entitlements ./bin/sandboxy + +clean: + $(SWIFT) package clean + rm -rf bin + +run: build + ./bin/sandboxy + +fmt: + $(SWIFT) format --in-place --recursive Sources/ diff --git a/examples/sandboxy/Package.resolved b/examples/sandboxy/Package.resolved new file mode 100644 index 0000000..dad2139 --- /dev/null +++ b/examples/sandboxy/Package.resolved @@ -0,0 +1,249 @@ +{ + "originHash" : "7b278fed488f6dec94de45fcf45179f7556a1b32ebb5b19499b932a307ddcad0", + "pins" : [ + { + "identity" : "async-http-client", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/async-http-client.git", + "state" : { + "revision" : "2fc4652fb4689eb24af10e55cabaa61d8ba774fd", + "version" : "1.32.0" + } + }, + { + "identity" : "containerization", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/containerization.git", + "state" : { + "revision" : "72432f148c9cb35d6a7e7c0ad61d6f9d226cbef7", + "version" : "0.30.0" + } + }, + { + "identity" : "grpc-swift", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift.git", + "state" : { + "revision" : "ac715c584bb1e2e5cdfb7684ccb46fab8dafc641", + "version" : "1.27.4" + } + }, + { + "identity" : "swift-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-algorithms.git", + "state" : { + "revision" : "87e50f483c54e6efd60e885f7f5aa946cee68023", + "version" : "1.2.1" + } + }, + { + "identity" : "swift-argument-parser", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-argument-parser.git", + "state" : { + "revision" : "c5d11a805e765f52ba34ec7284bd4fcd6ba68615", + "version" : "1.7.0" + } + }, + { + "identity" : "swift-asn1", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-asn1.git", + "state" : { + "revision" : "810496cf121e525d660cd0ea89a758740476b85f", + "version" : "1.5.1" + } + }, + { + "identity" : "swift-async-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-async-algorithms.git", + "state" : { + "revision" : "9d349bcc328ac3c31ce40e746b5882742a0d1272", + "version" : "1.1.3" + } + }, + { + "identity" : "swift-atomics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-atomics.git", + "state" : { + "revision" : "b601256eab081c0f92f059e12818ac1d4f178ff7", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-certificates", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-certificates.git", + "state" : { + "revision" : "24ccdeeeed4dfaae7955fcac9dbf5489ed4f1a25", + "version" : "1.18.0" + } + }, + { + "identity" : "swift-collections", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-collections.git", + "state" : { + "revision" : "8d9834a6189db730f6264db7556a7ffb751e99ee", + "version" : "1.4.0" + } + }, + { + "identity" : "swift-configuration", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-configuration.git", + "state" : { + "revision" : "be76c4ad929eb6c4bcaf3351799f2adf9e6848a9", + "version" : "1.2.0" + } + }, + { + "identity" : "swift-crypto", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-crypto.git", + "state" : { + "revision" : "95ba0316a9b733e92bb6b071255ff46263bbe7dc", + "version" : "3.15.1" + } + }, + { + "identity" : "swift-distributed-tracing", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-distributed-tracing.git", + "state" : { + "revision" : "e109d8b5308d0e05201d9a1dd1c475446a946a11", + "version" : "1.4.0" + } + }, + { + "identity" : "swift-http-structured-headers", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-structured-headers.git", + "state" : { + "revision" : "76d7627bd88b47bf5a0f8497dd244885960dde0b", + "version" : "1.6.0" + } + }, + { + "identity" : "swift-http-types", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-types.git", + "state" : { + "revision" : "45eb0224913ea070ec4fba17291b9e7ecf4749ca", + "version" : "1.5.1" + } + }, + { + "identity" : "swift-log", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-log.git", + "state" : { + "revision" : "bbd81b6725ae874c69e9b8c8804d462356b55523", + "version" : "1.10.1" + } + }, + { + "identity" : "swift-nio", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio.git", + "state" : { + "revision" : "e932d3c4d8f77433c8f7093b5ebcbf91463948a0", + "version" : "2.95.0" + } + }, + { + "identity" : "swift-nio-extras", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-extras.git", + "state" : { + "revision" : "3df009d563dc9f21a5c85b33d8c2e34d2e4f8c3b", + "version" : "1.32.1" + } + }, + { + "identity" : "swift-nio-http2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-http2.git", + "state" : { + "revision" : "b6571f3db40799df5a7fc0e92c399aa71c883edd", + "version" : "1.40.0" + } + }, + { + "identity" : "swift-nio-ssl", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-ssl.git", + "state" : { + "revision" : "173cc69a058623525a58ae6710e2f5727c663793", + "version" : "2.36.0" + } + }, + { + "identity" : "swift-nio-transport-services", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-transport-services.git", + "state" : { + "revision" : "60c3e187154421171721c1a38e800b390680fb5d", + "version" : "1.26.0" + } + }, + { + "identity" : "swift-numerics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-numerics.git", + "state" : { + "revision" : "0c0290ff6b24942dadb83a929ffaaa1481df04a2", + "version" : "1.1.1" + } + }, + { + "identity" : "swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-protobuf.git", + "state" : { + "revision" : "a008af1a102ff3dd6cc3764bb69bf63226d0f5f6", + "version" : "1.36.1" + } + }, + { + "identity" : "swift-service-context", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-service-context.git", + "state" : { + "revision" : "d0997351b0c7779017f88e7a93bc30a1878d7f29", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-service-lifecycle", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/swift-service-lifecycle.git", + "state" : { + "revision" : "89888196dd79c61c50bca9a103d8114f32e1e598", + "version" : "2.10.1" + } + }, + { + "identity" : "swift-system", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-system.git", + "state" : { + "revision" : "7c6ad0fc39d0763e0b699210e4124afd5041c5df", + "version" : "1.6.4" + } + }, + { + "identity" : "zstd", + "kind" : "remoteSourceControl", + "location" : "https://github.com/facebook/zstd.git", + "state" : { + "revision" : "f8745da6ff1ad1e7bab384bd1f9d742439278e99", + "version" : "1.5.7" + } + } + ], + "version" : 3 +} diff --git a/examples/sandboxy/Package.swift b/examples/sandboxy/Package.swift new file mode 100644 index 0000000..15b0c52 --- /dev/null +++ b/examples/sandboxy/Package.swift @@ -0,0 +1,57 @@ +// swift-tools-version: 6.2 +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import PackageDescription + +let containerizationVersion = "0.26.5" + +let package = Package( + name: "sandboxy", + platforms: [ + .macOS("26.0") + ], + products: [ + .executable( + name: "sandboxy", + targets: ["sandboxy"] + ) + ], + dependencies: [ + .package(url: "https://github.com/apple/containerization.git", from: "0.30.0"), + .package(url: "https://github.com/apple/swift-argument-parser.git", from: "1.3.0"), + .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"), + .package(url: "https://github.com/apple/swift-nio.git", from: "2.65.0"), + .package(url: "https://github.com/swift-server/async-http-client.git", from: "1.20.1"), + ], + targets: [ + .executableTarget( + name: "sandboxy", + dependencies: [ + .product(name: "Containerization", package: "containerization"), + .product(name: "ContainerizationExtras", package: "containerization"), + .product(name: "ContainerizationOS", package: "containerization"), + .product(name: "ContainerizationArchive", package: "containerization"), + .product(name: "AsyncHTTPClient", package: "async-http-client"), + .product(name: "NIOCore", package: "swift-nio"), + .product(name: "NIOPosix", package: "swift-nio"), + .product(name: "NIOHTTP1", package: "swift-nio"), + .product(name: "ArgumentParser", package: "swift-argument-parser"), + .product(name: "Logging", package: "swift-log"), + ], + ) + ] +) diff --git a/examples/sandboxy/README.md b/examples/sandboxy/README.md new file mode 100644 index 0000000..3246c2e --- /dev/null +++ b/examples/sandboxy/README.md @@ -0,0 +1,374 @@ +# sandboxy + +``` +$ sandboxy run claude + ┌──────────────┐ + │ ░░░░░░░░░░░░ │ Sandboxy + │ ░░░░░░░░░░░░ │ Agent: Claude Code + │ ░░░░░░░░░░░░ │ Instance: claude-20260328-150531 + │ ░░░░░░░░░░░░ │ Environment: 15 hours ago + │ ░░░░░░░░░░░░ │ Workspace: /Volumes/code/vessel/containerization + │ ░░░░░░░░░░░░ │ CPUs: 4 Memory: 4 GB + └──────────────┘ + Command: claude --dangerously-skip-permissions + Allowed hosts: *.anthropic.com, npm.org, *.npmjs.org, *.github.com, *.githubusercontent.com, *.pypi.org + Mounts: + /your/code -> /your/code + /Users/you/.claude -> /root/.claude + +Welcome to Claude Code v2.1.76 +………………………………………………………………………………………………………………………………………………………… + + * █████▓▓░ + * ███▓░ ░░ + ░░░░░░ ███▓░ + ░░░ ░░░░░░░░░░ ███▓░ + ░░░░░░░░░░░░░░░░░░░ * ██▓░░ ▓ + ░▓▓███▓▓░ + * ░░░░ + ░░░░░░░░ + ░░░░░░░░░░░░░░░░ + █████████ * + ██▄█████▄██ * + █████████ * +…………………█ █ █ █……………………………………………………………………………………………………………… + + Let's get started. +``` + +`sandboxy` runs AI coding agents in sandboxed Linux environments on macOS with Apple silicon. + +One command to get an isolated agent session. Your current working directory is mounted in, your config carries over, and the environment is cached for fast subsequent runs. + +> **Note:** This is an experimental tool. Behavior/flags/commands may change across releases. Its main goal was to be a good showcase of using the `Containerization` libraries API surface to build novel tools. + +> **Note:** The tool does HTTPS/HTTP filtering today for network traffic originating from the container, but can currently reach services listening on `0.0.0.0` on the host. This should be tightened up in a future release whenever `Containerization` gains nftables support. + +## Why? + +AI coding agents work best when they can install packages, run builds, and execute code freely, but giving them unrestricted access to your host machine is risky. `sandboxy` aims to alleviate some worry by running agents inside lightweight Linux VMs on macOS. Your project directory is mounted in so the agent can read and write files, but everything else like network access, host filesystem view, and installed packages is isolated. No daemon, just a single command that gets out of your way. + +## How? + +`sandboxy` boots a Micro VM for every agent session using the [`Containerization`](https://github.com/apple/containerization) Swift package. Each agent session runs in its own VM. + +### Caching + +The first time you run an agent, `sandboxy` does a fair amount of setup: downloading a Linux kernel (unless you provide one), pulling the base OCI image, unpacking it into a root filesystem, and running the agent's install commands. All of this is cached so that subsequent runs skip straight to booting the VM. In practice, a warm start takes under a second. + +The cache has a few layers: + +- **Kernel** -- downloaded once and reused across all agents. +- **Init image** -- the minimal init process (`vminit`) that bootstraps the VM, pulled from an OCI registry and cached locally. +- **Agent rootfs** -- the fully-installed root filesystem for a given agent (e.g., `claude`). This is an ext4 disk image that includes the base image layers plus everything the agent's install commands produce. +- **Instance rootfs** -- every session saves its rootfs so it can be resumed later with `--name`. See [Instance Persistence](#instance-persistence). + +On each run, the cached rootfs is cloned (via copy-on-write when the filesystem supports it) so the original cache stays clean. You can blow away any layer independently: `sandboxy cache rm ` to rebuild a single agent, or `sandboxy cache clean --all` to start completely from scratch. + +### Agent definitions + +An agent is just a JSON file that describes how to set up and launch a particular tool. The built-in Claude Code definition specifies a base container image, a list of shell commands to install the toolchain, a launch command, and the environment variables needed at runtime. You can list available agents with `sandboxy config list --agents` and view any agent's definition with `sandboxy config list --agent `. + +You can override any built-in agent or define entirely new agents by dropping a JSON file in `~/.config/sandboxy/agents/`. Use `sandboxy config create --agent ` to scaffold a definition file (pre-filled with built-in defaults for known agents). Use `sandboxy config list --paths` to see all configuration file paths. + +If the built-in install steps don't cover what you need, `sandboxy edit ` drops you into an interactive shell inside the cached rootfs. Install extra packages, configure MCP servers, add language runtimes etc. Whatever you do is saved back to the cache and included in every future run. + +### Workspace and mounts + +Your host workspace directory is shared into the VM using virtio-fs, so reads and writes are reflected immediately on both sides. Additional host directories can be mounted with `--mount`, including read-only mounts for things like config or reference data that the agent shouldn't modify. + +Agent definitions can include default mounts (e.g., `~/.claude` for Claude Code). To skip these on a specific run, pass `--no-agent-mounts`. CLI `--mount` flags are always applied regardless. + +### Network isolation + +By default, `sandboxy` enforces network isolation by placing the workload container on a host-only network with no internet route. A HTTP CONNECT proxy runs on the host and listens on the host-only network's gateway address. The workload's `HTTP_PROXY`/`HTTPS_PROXY` environment variables point at this proxy, which checks each request's target hostname against an allowlist and either tunnels it to the internet or returns a 403. + +Additional hosts can be added at runtime with `--allow-hosts`. To disable filtering entirely, pass `--no-network-filter`. + +## Quick Start + +```bash +# Build +BUILD_CONFIGURATION=release make build + +# Run Claude Code on the current directory +.build/release/sandboxy run claude +``` + +On first run, `sandboxy` downloads a kernel, pulls a base image, and installs the agent toolchain. This is cached automatically so subsequent runs generally start in less than a second. + +## Supported Agents + +- **Claude Code** - built-in + +Additional agents can be added via JSON config files. See [Adding a New Agent](#adding-a-new-agent). + +## Commands + +### `sandboxy run ` + +Run an agent in a sandboxed container. + +```bash +# Run on the current directory +sandboxy run claude + +# Specify a workspace +sandboxy run --workspace ~/projects/myapp claude + +# Allocate more resources +sandboxy run --cpus 8 --memory 8g claude + +# Restrict network to specific hosts (in addition to agent defaults) +sandboxy run --allow-hosts api.example.com --allow-hosts internal.corp.com claude + +# Disable network filtering entirely +sandboxy run --no-network-filter claude + +# Mount additional directories (read-only or read-write) +sandboxy run --mount /tmp:/tmp:ro --mount ~/data:/data claude + +# Skip mounts defined in the agent configuration +sandboxy run --no-agent-mounts claude + +# Forward environment variables into the container +sandboxy run -e MY_TOKEN -e DEBUG=1 claude + +# Forward the host SSH agent for git-over-SSH +sandboxy run --ssh-agent claude + +# Give the instance a friendly name +sandboxy run --name my-feature claude + +# Resume a named session +sandboxy run --name my-feature claude + +# Ephemeral run (remove instance after session ends) +sandboxy run --rm claude + +# Pass flags through to the agent +sandboxy run claude -- --model foobar +``` + +**Options:** + +| Flag | Description | Default | +|------|-------------|---------| +| `-w`, `--workspace` | Host directory to mount | Current directory | +| `-m`, `--mount` | Additional mount (hostpath:containerpath[:ro\|rw], repeatable) | None | +| `-e`, `--env` | Set environment variable (KEY=VALUE or KEY to forward from host, repeatable) | None | +| `-k`, `--kernel` | Path to a Linux kernel | Auto-download | +| `--cpus` | Number of CPUs | 4 | +| `--memory` | Memory to allocate (e.g. `4g`, `512m`, `4096` for MB) | `4g` | +| `--allow-hosts` | Additional hostnames to allow (merged with agent defaults) | Agent defaults | +| `--no-network-filter` | Disable network filtering (allow unrestricted access) | Off | +| `--no-agent-mounts` | Skip mounts defined in the agent configuration | Off | +| `--name` | Persistent session name | Auto-generated | +| `--rm` | Remove instance after session ends | Off | +| `--reinstall` | Rebuild the cached environment from scratch | Off | +| `--ssh-agent` | Forward the host SSH agent socket into the container | Off | + +### `sandboxy edit ` + +Open an interactive shell in the agent's cached environment. Install packages, configure MCP tools, add language runtimes etc. +Changes are saved back to the cache when you exit. + +If no cache exists yet, the agent's install commands are run first. If any install step fails, you're dropped into the shell anyway so you can diagnose or finish the setup manually. + +```bash +sandboxy edit claude + +# Inside the container: +apt-get install -y python3-pip +pip3 install some-mcp-tool +exit # changes are saved +``` + +Every future `sandboxy run claude` will include your changes. + +### `sandboxy list` (alias: `ls`) + +Show sandbox instances and their status. + +```bash +sandboxy ls +``` + +### `sandboxy rm [...]` + +Remove one or more instances and their preserved state. + +```bash +# Remove a single instance +sandboxy rm my-feature + +# Remove multiple instances +sandboxy rm instance-1 instance-2 + +# Remove all instances +sandboxy rm --all +sandboxy rm -a +``` + +### `sandboxy cache list` + +Show cached environments and their disk usage. + +### `sandboxy cache rm ` + +Remove a specific agent's cached environment. The next run will rebuild it. + +### `sandboxy cache clean [--all] [--yes]` + +Remove all cached environments and named instance state. If named instances exist, you'll be prompted for confirmation. With `--yes`, skip the prompt. With `--all`, also removes the kernel, init image, and content store, forcing a full re-download on the next run. + +### `sandboxy config list` + +Print current configuration or agent definitions. + +```bash +# Print global defaults +sandboxy config list + +# Print a specific agent's definition +sandboxy config list --agent claude + +# List all available agents (built-in and custom) +sandboxy config list --agents + +# Print configuration file paths +sandboxy config list --paths +``` + +### `sandboxy config create` + +Create a default configuration or agent definition file. If the file already exists, you'll be prompted to confirm overwriting (use `--force` to skip). + +For built-in agents (e.g. `claude`), the file is pre-filled with the built-in definition so you have a working starting point to customize. + +```bash +# Create a global config.json with defaults +sandboxy config create + +# Create an override for the built-in claude agent +sandboxy config create --agent claude + +# Scaffold a new agent definition +sandboxy config create --agent myagent + +# Overwrite an existing definition without prompting +sandboxy config create --agent claude --force +``` + +## Instance Persistence + +Every session automatically saves its rootfs when it exits. The instance appears in `sandboxy ls` and can be resumed by passing its name to `--name`: + +```bash +# First run -- auto-named instance +sandboxy run claude +# => Instance claude-20260328-091522 saved. Resume with: sandboxy run claude --name claude-20260328-091522 + +# Resume it +sandboxy run --name claude-20260328-091522 claude + +# Or give it a memorable name upfront +sandboxy run --name my-feature claude + +# List all instances +sandboxy ls + +# Clean up +sandboxy rm my-feature + +# Ephemeral run (nothing saved) +sandboxy run --rm claude +``` + +Use `--rm` for throwaway sessions that shouldn't persist. + +## API Keys + +Agent definitions can include environment variable names without values (e.g. `"ANTHROPIC_API_KEY"`), which are automatically forwarded from the host if set. The built-in Claude Code agent forwards `ANTHROPIC_API_KEY` this way. For custom agents, add the relevant key name to the `environmentVariables` array, or pass it at runtime with `-e`. + +## Network Filtering + +Network filtering is enabled by default. Each agent definition includes an `allowedHosts` list. Additional hosts can be added at runtime with `--allow-hosts`. An empty `allowedHosts` list means all traffic is denied. To disable filtering entirely, pass `--no-network-filter`. + +The workload container runs on a **host-only network** with no internet route. A lightweight HTTP CONNECT proxy runs on the macOS host, bound to the host-only network's gateway address. The workload's proxy environment variables point at this address, so tools that respect `HTTP_PROXY`/`HTTPS_PROXY` route their traffic through the proxy automatically. + +Note that the proxy relies on applications honoring `HTTP_PROXY`/`HTTPS_PROXY` environment variables. Tools that ignore these variables won't be able to reach the internet since the container has no direct internet route. + +Agent toolchain installation (apt-get, npm install, etc.) runs with full network access on a shared network before the proxy is set up, so package repos don't need to be allowlisted. + +## Adding a New Agent + +Create a JSON file in the `agents/` directory, or use `sandboxy config create --agent ` to scaffold one: + +`~/.config/sandboxy/agents/.json` + +Example (`foo.json`): + +```json +{ + "displayName": "Foo", + "baseImage": "docker.io/library/python:3.12-slim", + "installCommands": [ + "pip install foo" + ], + "launchCommand": ["foo"], + "environmentVariables": [], + "mounts": [], + "allowedHosts": ["api.example.com", "*.cdn.example.com"] +} +``` + +Then run it with `sandboxy run foo`. + +To override a built-in agent, create a file with the same name (e.g., `claude.json`). Only the fields you include are overridden. Omitted fields keep their defaults. Use `sandboxy config list --agent claude` to see the full default definition. + +## Configuration + +Global defaults can be overridden with a config file: + +`~/.config/sandboxy/config.json` + +```json +{ + "dataDir": "/Volumes/fast/sandboxy", + "kernel": "/path/to/vmlinux", + "initfsReference": "ghcr.io/apple/containerization/vminit:0.26.5", + "defaultCPUs": 8, + "defaultMemory": "8g" +} +``` + +All fields are optional. Use `sandboxy config list` to see the defaults. + +## Kernel + +By default, `sandboxy` downloads a Linux kernel from the [Kata Containers](https://github.com/kata-containers/kata-containers) project (arm64 static release). The kernel is cached at `~/Library/Application Support/com.apple.containerization.sandboxy/kernel/vmlinux` and reused across all agent sessions. + +To use your own kernel, pass it directly: + +```bash +sandboxy run -k /path/to/vmlinux claude +``` + +Or set it permanently in `config.json`: + +```json +{ + "kernel": "/path/to/vmlinux" +} +``` + +The kernel must be an uncompressed Linux kernel binary (`vmlinux`, not `bzImage` or `zImage`) built for arm64 with virtio drivers enabled (virtio-net, virtio-blk, virtio-fs, virtio-console at minimum). + +## Building + +```bash +make build +``` + +The built binary is at `.build/release/sandboxy`. It requires macOS 26 on Apple silicon. diff --git a/examples/sandboxy/Sources/sandboxy/AgentDefinition.swift b/examples/sandboxy/Sources/sandboxy/AgentDefinition.swift new file mode 100644 index 0000000..38b8f4c --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/AgentDefinition.swift @@ -0,0 +1,243 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// Defines an AI coding agent that can be run inside a sandbox container. +/// +/// Agent definitions can be built-in or loaded from JSON files in the +/// `agents/` subdirectory of the sandboxy config directory. +/// +/// Location: `~/.config/sandboxy/agents/.json` +/// +/// Example (`foo.json`): +/// ```json +/// { +/// "displayName": "Foo", +/// "baseImage": "docker.io/library/python:3.12-slim", +/// "installCommands": [ +/// "pip install foo" +/// ], +/// "launchCommand": ["foo"], +/// "environmentVariables": [], +/// "mounts": [ +/// {"hostPath": "~/.foo", "containerPath": "/root/.foo", "readOnly": true} +/// ], +/// "allowedHosts": ["api.example.com", "*.cdn.example.com"] +/// } +/// ``` +struct AgentDefinition: Codable, Sendable { + /// Human-readable name used in output messages. + let displayName: String + + /// The base container image reference (e.g., "docker.io/library/node:22"). + let baseImage: String + + /// Shell commands run sequentially inside the container to install the agent + /// and its dependencies. Each string is passed as an argument to `sh -c`. + let installCommands: [String] + + /// The command and arguments to launch the agent interactively. + let launchCommand: [String] + + /// Environment variables required by the agent (key=value format). + let environmentVariables: [String] + + /// Host paths to mount into the container. Each entry specifies a host path + /// and a container path. Paths starting with `~` are expanded to the user's + /// home directory. Only mounted if the host path exists. + let mounts: [AgentMount] + + /// Default hostnames to allow through the network filtering proxy. + /// Supports exact matches and `*.suffix` wildcard patterns. + /// Merged with CLI `--allow-hosts` values. + /// An empty list means all traffic is denied. Use `--no-network-filter` to disable filtering. + let allowedHosts: [String] +} + +/// A host-to-container mount for an agent definition. +struct AgentMount: Codable, Sendable { + /// Path on the host. Supports `~` for the user's home directory. + let hostPath: String + + /// Path inside the container where the host path is mounted. + let containerPath: String + + /// Whether the mount is read-only. Defaults to `false`. + let readOnly: Bool + + init(hostPath: String, containerPath: String, readOnly: Bool = false) { + self.hostPath = hostPath + self.containerPath = containerPath + self.readOnly = readOnly + } + + init(from decoder: Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + hostPath = try container.decode(String.self, forKey: .hostPath) + containerPath = try container.decode(String.self, forKey: .containerPath) + readOnly = try container.decodeIfPresent(Bool.self, forKey: .readOnly) ?? false + } + + /// Returns the resolved absolute host path, expanding `~`. + var resolvedHostPath: String { + if hostPath.hasPrefix("~/") { + let home = FileManager.default.homeDirectoryForCurrentUser.path(percentEncoded: false) + return home + String(hostPath.dropFirst(1)) + } + if hostPath == "~" { + return FileManager.default.homeDirectoryForCurrentUser.path(percentEncoded: false) + } + return hostPath + } +} + +extension AgentDefinition { + /// Built-in agent definitions, keyed by their CLI name. + static let builtIn: [String: AgentDefinition] = [ + "claude": .claude + ] + + /// Returns all available agents: built-in definitions merged with any + /// user-defined agents from `/agents/`. If a user file matches + /// a built-in agent name, non-nil fields from the user file override the + /// built-in values, allowing partial overrides. + static func allAgents(configRoot: URL) -> [String: AgentDefinition] { + var agents = builtIn + + let agentsDir = configRoot.appendingPathComponent("agents") + let agentsDirPath = agentsDir.path(percentEncoded: false) + guard FileManager.default.fileExists(atPath: agentsDirPath) else { + return agents + } + + do { + let files = try FileManager.default.contentsOfDirectory( + at: agentsDir, + includingPropertiesForKeys: nil + ).filter { $0.pathExtension == "json" } + + let decoder = JSONDecoder() + for file in files { + let name = file.deletingPathExtension().lastPathComponent + do { + let data = try Data(contentsOf: file) + let override = try decoder.decode(AgentOverride.self, from: data) + if let base = agents[name] { + agents[name] = override.merged(onto: base) + } else { + agents[name] = try override.asFullDefinition() + } + } catch { + ProgressUI.printWarning( + "Failed to load agent definition from \(file.lastPathComponent): \(error)") + } + } + } catch { + ProgressUI.printWarning("Failed to read agents directory: \(error)") + } + + return agents + } + + /// Returns the sorted list of available agent names for display in help text. + static func knownAgentNames(configRoot: URL) -> [String] { + allAgents(configRoot: configRoot).keys.sorted() + } + + static let claude = AgentDefinition( + displayName: "Claude Code", + baseImage: "docker.io/library/node:22", + installCommands: [ + "apt-get update && apt-get install -y --no-install-recommends less git procps sudo fzf zsh man-db unzip gnupg2 gh ipset iproute2 dnsutils aggregate jq nano vim ripgrep ca-certificates && apt-get clean && rm -rf /var/lib/apt/lists/*", + "npm install -g @anthropic-ai/claude-code", + "npm install -g global-agent", + ], + launchCommand: ["claude", "--dangerously-skip-permissions"], + environmentVariables: [ + "ANTHROPIC_API_KEY", + "NODE_OPTIONS=--max-old-space-size=4096", + "IS_SANDBOX=1", + ], + mounts: [ + AgentMount(hostPath: "~/.claude", containerPath: "/root/.claude") + ], + allowedHosts: [ + "*.anthropic.com", + "*.claude.com", + "npm.org", + "*.npmjs.org", + "*.github.com", + "*.githubusercontent.com", + "*.pypi.org", + "*.pythonhosted.org", + ] + ) +} + +/// All-optional mirror of `AgentDefinition` used when loading user override files. +/// For agents that match a built-in name, only the non-nil fields override the defaults. +/// For entirely new agents, all required fields must be provided. +struct AgentOverride: Codable, Sendable { + var displayName: String? + var baseImage: String? + var installCommands: [String]? + var launchCommand: [String]? + var environmentVariables: [String]? + var mounts: [AgentMount]? + var allowedHosts: [String]? + + /// Merges this override onto a base definition, replacing only the fields + /// that are non-nil in the override. + func merged(onto base: AgentDefinition) -> AgentDefinition { + AgentDefinition( + displayName: displayName ?? base.displayName, + baseImage: baseImage ?? base.baseImage, + installCommands: installCommands ?? base.installCommands, + launchCommand: launchCommand ?? base.launchCommand, + environmentVariables: environmentVariables ?? base.environmentVariables, + mounts: mounts ?? base.mounts, + allowedHosts: allowedHosts ?? base.allowedHosts + ) + } + + /// Converts this override into a full definition, throwing if any required + /// fields are missing. Used for entirely new (non-built-in) agents. + func asFullDefinition() throws -> AgentDefinition { + guard let displayName, let baseImage, let installCommands, + let launchCommand + else { + throw SandboxyError.incompleteAgentDefinition( + missing: [ + displayName == nil ? "displayName" : nil, + baseImage == nil ? "baseImage" : nil, + installCommands == nil ? "installCommands" : nil, + launchCommand == nil ? "launchCommand" : nil, + ].compactMap { $0 } + ) + } + + return AgentDefinition( + displayName: displayName, + baseImage: baseImage, + installCommands: installCommands, + launchCommand: launchCommand, + environmentVariables: environmentVariables ?? [], + mounts: mounts ?? [], + allowedHosts: allowedHosts ?? [] + ) + } +} diff --git a/examples/sandboxy/Sources/sandboxy/CacheCommand.swift b/examples/sandboxy/Sources/sandboxy/CacheCommand.swift new file mode 100644 index 0000000..a9b94b2 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/CacheCommand.swift @@ -0,0 +1,263 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Foundation + +extension Sandboxy { + struct Cache: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "cache", + abstract: "Manage cached rootfs images", + subcommands: [ + CacheList.self, + CacheRemove.self, + CacheClean.self, + ] + ) + } + + struct CacheList: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "list", + abstract: "List cached rootfs images and named instance state" + ) + + func run() async throws { + _ = try Sandboxy.loadConfig() + + let cacheDir = Sandboxy.appRoot.appendingPathComponent("cache") + let namedDir = InstanceState.namedRootfsDir(appRoot: Sandboxy.appRoot) + + let agentCaches = listRootfsFiles(in: cacheDir, suffix: "-rootfs.ext4") + let namedCaches = listRootfsFiles(in: namedDir, suffix: "-rootfs.ext4") + + if agentCaches.isEmpty && namedCaches.isEmpty { + print("No cached images found.") + return + } + + if !agentCaches.isEmpty { + print("Agent caches:") + print(pad(" NAME", to: 20) + pad("SIZE", to: 12) + "MODIFIED") + for entry in agentCaches { + print( + pad(" \(entry.name)", to: 20) + + pad(formatBytes(entry.diskSize), to: 12) + + entry.modified + ) + } + } + + if !namedCaches.isEmpty { + if !agentCaches.isEmpty { print() } + print("Named instances:") + print(pad(" NAME", to: 20) + pad("SIZE", to: 12) + "MODIFIED") + for entry in namedCaches { + print( + pad(" \(entry.name)", to: 20) + + pad(formatBytes(entry.diskSize), to: 12) + + entry.modified + ) + } + } + } + + private struct CacheEntry { + let name: String + let diskSize: UInt64 + let modified: String + } + + private func listRootfsFiles(in dir: URL, suffix: String) -> [CacheEntry] { + let dirPath = dir.path(percentEncoded: false) + guard FileManager.default.fileExists(atPath: dirPath) else { + return [] + } + + do { + let files = try FileManager.default.contentsOfDirectory( + at: dir, + includingPropertiesForKeys: [ + .totalFileAllocatedSizeKey, + .contentModificationDateKey, + ] + ).filter { $0.lastPathComponent.hasSuffix(suffix) } + + return files.compactMap { file -> CacheEntry? in + let cleanName = file.lastPathComponent + .replacingOccurrences(of: suffix, with: "") + + do { + let values = try file.resourceValues(forKeys: [ + .totalFileAllocatedSizeKey, + .contentModificationDateKey, + ]) + let diskSize = UInt64(values.totalFileAllocatedSize ?? 0) + let date = values.contentModificationDate ?? Date() + let formatter = DateFormatter() + formatter.dateStyle = .short + formatter.timeStyle = .short + return CacheEntry( + name: cleanName, + diskSize: diskSize, + modified: formatter.string(from: date) + ) + } catch { + return nil + } + }.sorted { $0.name < $1.name } + } catch { + return [] + } + } + + private func pad(_ s: String, to width: Int) -> String { + if s.count >= width { return s } + return s + String(repeating: " ", count: width - s.count) + } + + private func formatBytes(_ bytes: UInt64) -> String { + if bytes < 1024 { return "\(bytes) B" } + let kb = Double(bytes) / 1024 + if kb < 1024 { return String(format: "%.1f KB", kb) } + let mb = kb / 1024 + if mb < 1024 { return String(format: "%.1f MB", mb) } + let gb = mb / 1024 + return String(format: "%.1f GB", gb) + } + } + + struct CacheRemove: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "rm", + abstract: "Remove a specific agent cache" + ) + + @Argument(help: "Name of the agent cache to remove") + var name: String + + func run() async throws { + _ = try Sandboxy.loadConfig() + + let cacheDir = Sandboxy.appRoot.appendingPathComponent("cache") + let cachePath = cacheDir.appendingPathComponent("\(name)-rootfs.ext4") + + guard FileManager.default.fileExists(atPath: cachePath.path(percentEncoded: false)) else { + print("No cache found for agent '\(name)'.") + throw ExitCode.failure + } + + try FileManager.default.removeItem(at: cachePath) + print("Removed cache for '\(name)'.") + } + } + + struct CacheClean: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "clean", + abstract: "Remove all cached rootfs images (use --all to also remove kernel, init image, and content store)" + ) + + @Flag(name: .long, help: "Also remove kernel, init image, and content store, forcing a full re-download on next run") + var all = false + + @Flag(name: .long, help: "Skip confirmation prompts") + var yes = false + + func run() async throws { + _ = try Sandboxy.loadConfig() + + let fm = FileManager.default + + // Check for named instances and warn the user before deleting them. + let namedDir = InstanceState.namedRootfsDir(appRoot: Sandboxy.appRoot) + let namedInstances = listNamedInstances(in: namedDir) + if !namedInstances.isEmpty && !yes { + print("This will also delete the following named instances:") + for name in namedInstances { + print(" - \(name)") + } + print() + print("Are you sure? [y/N] ", terminator: "") + guard let response = readLine()?.lowercased(), response == "y" || response == "yes" else { + print("Aborted.") + return + } + } + + let cacheDir = Sandboxy.appRoot.appendingPathComponent("cache") + if fm.fileExists(atPath: cacheDir.path(percentEncoded: false)) { + try fm.removeItem(at: cacheDir) + try fm.createDirectory(at: cacheDir, withIntermediateDirectories: true) + } + + if fm.fileExists(atPath: namedDir.path(percentEncoded: false)) { + try fm.removeItem(at: namedDir) + try fm.createDirectory(at: namedDir, withIntermediateDirectories: true) + } + + if all { + let kernelDir = Sandboxy.appRoot.appendingPathComponent("kernel") + if fm.fileExists(atPath: kernelDir.path(percentEncoded: false)) { + try fm.removeItem(at: kernelDir) + print("Removed kernel.") + } + + let initfs = Sandboxy.appRoot.appendingPathComponent("initfs.ext4") + if fm.fileExists(atPath: initfs.path(percentEncoded: false)) { + try fm.removeItem(at: initfs) + print("Removed init image.") + } + + let contentDir = Sandboxy.appRoot.appendingPathComponent("content") + if fm.fileExists(atPath: contentDir.path(percentEncoded: false)) { + try fm.removeItem(at: contentDir) + print("Removed content store.") + } + + // Remove the image store reference database so stale references + // don't point to missing content. + let stateFile = Sandboxy.appRoot.appendingPathComponent("state.json") + if fm.fileExists(atPath: stateFile.path(percentEncoded: false)) { + try fm.removeItem(at: stateFile) + } + + print("All caches and downloaded artifacts removed.") + } else { + print("All caches removed. Use --all to also remove kernel, init image, and content store.") + } + } + + private func listNamedInstances(in dir: URL) -> [String] { + let path = dir.path(percentEncoded: false) + guard FileManager.default.fileExists(atPath: path) else { + return [] + } + do { + return try FileManager.default.contentsOfDirectory( + at: dir, + includingPropertiesForKeys: nil + ) + .filter { $0.lastPathComponent.hasSuffix("-rootfs.ext4") } + .map { $0.lastPathComponent.replacingOccurrences(of: "-rootfs.ext4", with: "") } + .sorted() + } catch { + return [] + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/ConfigCommand.swift b/examples/sandboxy/Sources/sandboxy/ConfigCommand.swift new file mode 100644 index 0000000..68e81c5 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/ConfigCommand.swift @@ -0,0 +1,170 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Foundation + +extension Sandboxy { + struct Config: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "config", + abstract: "View and create configuration files", + subcommands: [ + ConfigList.self, + ConfigCreate.self, + ] + ) + } + + struct ConfigList: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "list", + abstract: "Print current configuration and agent definitions" + ) + + @Option(name: .long, help: "Print the definition for a specific agent") + var agent: String? + + @Flag(name: .long, help: "Print built-in defaults instead of the resolved configuration") + var defaults = false + + @Flag(name: .long, help: "Print configuration file paths") + var paths = false + + @Flag(name: .long, help: "List available agents") + var agents = false + + func run() async throws { + if paths { + let configPath = Sandboxy.configRoot.appendingPathComponent("config.json") + let agentsDir = Sandboxy.configRoot.appendingPathComponent("agents") + print("Config: \(configPath.path(percentEncoded: false))") + print("Agents: \(agentsDir.path(percentEncoded: false))") + print("Data: \(Sandboxy.appRoot.path(percentEncoded: false))") + return + } + + if agents { + let allAgents = AgentDefinition.allAgents(configRoot: Sandboxy.configRoot) + let builtInNames = Set(AgentDefinition.builtIn.keys) + for name in allAgents.keys.sorted() { + let definition = allAgents[name]! + let source = builtInNames.contains(name) ? "built-in" : "custom" + print(" \(name) - \(definition.displayName) (\(source))") + } + return + } + + let encoder = JSONEncoder() + encoder.outputFormatting = [.prettyPrinted, .sortedKeys] + + if let agentName = agent { + let allAgents = AgentDefinition.allAgents(configRoot: Sandboxy.configRoot) + guard let definition = allAgents[agentName] else { + let available = allAgents.keys.sorted().joined(separator: ", ") + throw ValidationError( + "Unknown agent '\(agentName)'. Available agents: \(available)" + ) + } + let data = try encoder.encode(definition) + print(String(data: data, encoding: .utf8)!) + } else { + let config = defaults ? SandboxyConfig.defaults : try Sandboxy.loadConfig() + let data = try encoder.encode(config) + print(String(data: data, encoding: .utf8)!) + } + } + } + + struct ConfigCreate: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "create", + abstract: "Create a default configuration or agent definition file" + ) + + @Option(name: .long, help: "Create a definition file for a new agent with this name") + var agent: String? + + @Flag(name: .long, help: "Overwrite existing files without prompting") + var force = false + + func run() async throws { + let fm = FileManager.default + let encoder = JSONEncoder() + encoder.outputFormatting = [.prettyPrinted, .sortedKeys] + + if let agentName = agent { + let agentsDir = Sandboxy.configRoot.appendingPathComponent("agents") + try fm.createDirectory(at: agentsDir, withIntermediateDirectories: true) + + let filePath = agentsDir.appendingPathComponent("\(agentName).json") + if fm.fileExists(atPath: filePath.path(percentEncoded: false)) && !force { + guard isatty(STDIN_FILENO) != 0 else { + print("Agent definition already exists at \(filePath.path(percentEncoded: false)). Use --force to overwrite.") + throw ExitCode.failure + } + print("Agent definition already exists at \(filePath.path(percentEncoded: false))") + print("Overwrite? [y/N] ", terminator: "") + guard let response = readLine()?.lowercased(), response == "y" || response == "yes" else { + print("Aborted.") + return + } + } + + let definition: AgentDefinition + if let builtIn = AgentDefinition.builtIn[agentName] { + definition = builtIn + } else { + definition = AgentDefinition( + displayName: agentName.capitalized, + baseImage: "docker.io/library/node:22", + installCommands: [], + launchCommand: [agentName], + environmentVariables: [], + mounts: [], + allowedHosts: [] + ) + } + + let data = try encoder.encode(definition) + try data.write(to: filePath, options: .atomic) + print("Created agent definition at \(filePath.path(percentEncoded: false))") + print() + print(String(data: data, encoding: .utf8)!) + } else { + let configPath = Sandboxy.configRoot.appendingPathComponent("config.json") + if fm.fileExists(atPath: configPath.path(percentEncoded: false)) && !force { + guard isatty(STDIN_FILENO) != 0 else { + print("Configuration file already exists at \(configPath.path(percentEncoded: false)). Use --force to overwrite.") + throw ExitCode.failure + } + print("Configuration file already exists at \(configPath.path(percentEncoded: false))") + print("Overwrite? [y/N] ", terminator: "") + guard let response = readLine()?.lowercased(), response == "y" || response == "yes" else { + print("Aborted.") + return + } + } + + try fm.createDirectory(at: Sandboxy.configRoot, withIntermediateDirectories: true) + + let data = try encoder.encode(SandboxyConfig.defaults) + try data.write(to: configPath, options: .atomic) + print("Created configuration file at \(configPath.path(percentEncoded: false))") + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/EditCommand.swift b/examples/sandboxy/Sources/sandboxy/EditCommand.swift new file mode 100644 index 0000000..d55a81d --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/EditCommand.swift @@ -0,0 +1,245 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationExtras +import ContainerizationOS +import Foundation + +extension Sandboxy { + struct Edit: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "edit", + abstract: "Open an interactive shell in an agent's cached environment", + discussion: """ + Boots the cached rootfs for the given agent and drops you into a shell. + Any changes you make (installing packages, editing configs, etc.) are + saved back to the cache when you exit. If no cache exists, the agent + is installed from scratch first. + """ + ) + + @Argument(help: "Agent whose environment to edit (e.g. claude)") + var agent: String + + @Option( + name: [.customLong("kernel"), .customShort("k")], + help: "Path to Linux kernel binary (auto-downloads if omitted)", + completion: .file(), + transform: { str in + URL(fileURLWithPath: str, relativeTo: .currentDirectory()) + .absoluteURL.path(percentEncoded: false) + }) + var kernel: String? + + func run() async throws { + let config = try Sandboxy.loadConfig() + + let agents = AgentDefinition.allAgents(configRoot: Sandboxy.configRoot) + guard let definition = agents[agent] else { + let available = agents.keys.sorted().joined(separator: ", ") + throw ValidationError( + "Unknown agent '\(agent)'. Available agents: \(available)" + ) + } + + ProgressUI.printStatus("Opening \(definition.displayName) environment for editing...") + + let kernelPath = try await KernelManager.ensureKernel( + explicitPath: kernel, + appRoot: Sandboxy.appRoot, + config: config + ) + let vmKernel = Kernel(path: kernelPath, platform: .linuxArm) + + let enableNetworking: Bool + var sharedNetwork: VmnetNetwork? + if #available(macOS 26, *) { + sharedNetwork = try VmnetNetwork() + enableNetworking = true + } else { + sharedNetwork = nil + enableNetworking = false + } + + let vmnetMTU: UInt32 = 1400 + + let initfsReference = config.initfsReference ?? SandboxyConfig.defaults.initfsReference! + var manager = try await ContainerManager( + kernel: vmKernel, + initfsReference: initfsReference, + root: Sandboxy.appRoot + ) + + let containerId = "\(agent)-edit-\(ProcessInfo.processInfo.processIdentifier)" + + let cacheDir = Sandboxy.appRoot.appendingPathComponent("cache") + try FileManager.default.createDirectory(at: cacheDir, withIntermediateDirectories: true) + let agentCachePath = cacheDir.appendingPathComponent("\(agent)-rootfs.ext4") + let containerRootfsPath = Sandboxy.appRoot + .appendingPathComponent("containers") + .appendingPathComponent(containerId) + .appendingPathComponent("rootfs.ext4") + + let hasCachedRootfs = FileManager.default.fileExists( + atPath: agentCachePath.path(percentEncoded: false)) + + let container: LinuxContainer + + if hasCachedRootfs { + ProgressUI.printDetail("Using cached environment...") + let containerDir = Sandboxy.appRoot + .appendingPathComponent("containers") + .appendingPathComponent(containerId) + try FileManager.default.createDirectory( + at: containerDir, withIntermediateDirectories: true) + + let result = Darwin.clonefile( + agentCachePath.path(percentEncoded: false), + containerRootfsPath.path(percentEncoded: false), + 0 + ) + if result != 0 { + try FileManager.default.copyItem(at: agentCachePath, to: containerRootfsPath) + } + + let rootfsMount = Mount.block( + format: "ext4", + source: containerRootfsPath.path(percentEncoded: false), + destination: "/" + ) + + let image = try await Sandboxy.imageStore.get( + reference: definition.baseImage, pull: true) + + container = try await manager.create( + containerId, + image: image, + rootfs: rootfsMount, + networking: false + ) { config in + if enableNetworking, let iface = try sharedNetwork?.createInterface(containerId, mtu: vmnetMTU) { + config.interfaces = [iface] + config.dns = .init(nameservers: [sharedNetwork!.ipv4Gateway.description]) + } + config.cpus = 4 + config.memoryInBytes = 4096 * 1024 * 1024 + config.process.arguments = ["/bin/sleep", "infinity"] + config.process.workingDirectory = "/" + config.process.capabilities = .allCapabilities + config.useInit = true + } + } else { + ProgressUI.printDetail("No cached environment, setting up from scratch...") + container = try await manager.create( + containerId, + reference: definition.baseImage, + rootfsSizeInBytes: 512.gib(), + networking: false + ) { config in + if enableNetworking, let iface = try sharedNetwork?.createInterface(containerId, mtu: vmnetMTU) { + config.interfaces = [iface] + config.dns = .init(nameservers: [sharedNetwork!.ipv4Gateway.description]) + } + config.cpus = 4 + config.memoryInBytes = 4096 * 1024 * 1024 + config.process.arguments = ["/bin/sleep", "infinity"] + config.process.workingDirectory = "/" + config.process.capabilities = .allCapabilities + config.useInit = true + } + } + + do { + try await container.create() + try await container.start() + + // If no cache existed, run the agent's install commands first. + if !hasCachedRootfs { + ProgressUI.printStatus("Installing \(definition.displayName) toolchain...") + do { + try await installAgent(in: container, definition: definition) + ProgressUI.printStatus("Installation complete.") + } catch { + ProgressUI.printError("Installation failed: \(error)") + ProgressUI.printStatus("Dropping into shell...") + } + } + + // Drop into an interactive shell. + ProgressUI.printStatus("Launching shell (exit to save changes)...\n") + + let sigwinchStream = AsyncSignalHandler.create(notify: [SIGWINCH]) + let current = try Terminal.current + try current.setraw() + defer { current.tryReset() } + + let shellProcess = try await container.exec("edit-shell") { config in + config.arguments = ["/bin/bash"] + config.environmentVariables = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "HOME=/root", + ] + config.workingDirectory = "/root" + config.setTerminalIO(terminal: current) + config.capabilities = .allCapabilities + } + + try await shellProcess.start() + try? await shellProcess.resize(to: try current.size) + + try await withThrowingTaskGroup(of: Void.self) { group in + group.addTask { + for await _ in sigwinchStream.signals { + try await shellProcess.resize(to: try current.size) + } + } + + _ = try await shellProcess.wait() + group.cancelAll() + try await shellProcess.delete() + } + + // Stop container so rootfs is cleanly unmounted before caching. + try await container.stop() + + // Save the modified rootfs back to the cache. + ProgressUI.printStatus("Saving changes to cache...") + removeIfExists(at: agentCachePath) + try FileManager.default.copyItem(at: containerRootfsPath, to: agentCachePath) + ProgressUI.printStatus("Done.") + + try manager.delete(containerId) + try? sharedNetwork?.releaseInterface(containerId) + } catch { + do { + try await container.stop() + } catch { + log.warning("Failed to stop container \(containerId): \(error)") + } + do { + try manager.delete(containerId) + } catch { + log.warning("Failed to delete container \(containerId): \(error)") + } + try? sharedNetwork?.releaseInterface(containerId) + throw error + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/HostProxy.swift b/examples/sandboxy/Sources/sandboxy/HostProxy.swift new file mode 100644 index 0000000..af08eda --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/HostProxy.swift @@ -0,0 +1,460 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// Adapted from https://github.com/apple/swift-nio-examples/tree/main/connect-proxy + +import Foundation +import NIOCore +import NIOHTTP1 +import NIOPosix + +/// A lightweight HTTP proxy that runs on the host and filters by hostname. +/// +/// Binds to the host's gateway IP on a vmnet host-only network. Workload containers +/// that have no direct internet route use this proxy (via HTTP_PROXY/HTTPS_PROXY env vars) +/// to reach the outside world. Only hostnames matching the allowlist are permitted. +/// +/// Handles both HTTPS (via CONNECT tunneling) and plain HTTP (via request forwarding). +/// For HTTPS, the client sends a CONNECT request with the target hostname in plaintext +/// before TLS begins, so we can filter without any certificate interception. +final class HostProxy: @unchecked Sendable { + private let group: MultiThreadedEventLoopGroup + private let channel: any Channel + + /// The port the proxy is listening on. + let port: Int + + /// The host address the proxy is bound to. + let host: String + + /// Start a proxy bound to the given address. + /// - Parameters: + /// - host: IP address to bind to (e.g. the vmnet gateway IP). + /// - port: Port to bind to. Use 0 for an OS-assigned port. + /// - allowedHosts: Hostname patterns to allow. Supports `*.example.com` wildcards. + init(host: String, port: Int = 0, allowedHosts: [String]) async throws { + self.host = host + let group = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount) + self.group = group + + let bootstrap = ServerBootstrap(group: group) + .serverChannelOption(ChannelOptions.socket(.init(SOL_SOCKET), .init(SO_REUSEADDR)), value: 1) + .childChannelOption(ChannelOptions.socket(.init(SOL_SOCKET), .init(SO_REUSEADDR)), value: 1) + .childChannelInitializer { channel in + channel.eventLoop.makeCompletedFuture { + try channel.pipeline.syncOperations.addHandler( + ByteToMessageHandler(HTTPRequestDecoder(leftOverBytesStrategy: .forwardBytes)) + ) + try channel.pipeline.syncOperations.addHandler(HTTPResponseEncoder()) + try channel.pipeline.syncOperations.addHandler( + ConnectHandler(allowedHosts: allowedHosts) + ) + } + } + + let channel = try await bootstrap.bind( + to: SocketAddress(ipAddress: host, port: port) + ).get() + + guard let localAddress = channel.localAddress, let assignedPort = localAddress.port else { + throw SandboxyError.proxyFailed(reason: "could not determine proxy listen port") + } + + self.port = assignedPort + self.channel = channel + } + + /// Stop the proxy and release resources. + func stop() async throws { + try await channel.close() + try await group.shutdownGracefully() + } + + /// Check if a hostname matches any pattern in the allowlist. + static func isAllowed(host: String, allowedHosts: [String]) -> Bool { + let host = host.lowercased() + for pattern in allowedHosts { + let pattern = pattern.lowercased() + if pattern.hasPrefix("*.") { + let suffix = String(pattern.dropFirst(1)) // e.g. ".example.com" + if host == String(pattern.dropFirst(2)) || host.hasSuffix(suffix) { + return true + } + } else if host == pattern { + return true + } + } + return false + } +} + +/// Channel handler that processes HTTP CONNECT and plain HTTP proxy requests. +/// Checks the target hostname against an allowlist before connecting. +private final class ConnectHandler { + private var upgradeState: State + private let allowedHosts: [String] + + /// Buffered request for plain HTTP forwarding (nil for CONNECT). + private var pendingHTTPHead: HTTPRequestHead? + private var pendingHTTPBody: [ByteBuffer] = [] + + init(allowedHosts: [String]) { + self.upgradeState = .idle + self.allowedHosts = allowedHosts + } +} + +extension ConnectHandler { + fileprivate enum State { + case idle + case beganConnecting + case awaitingEnd(connectResult: Channel) + case awaitingConnection(pendingBytes: [NIOAny]) + case upgradeComplete(pendingBytes: [NIOAny]) + case upgradeFailed + } +} + +extension ConnectHandler: ChannelInboundHandler { + typealias InboundIn = HTTPServerRequestPart + typealias OutboundOut = HTTPServerResponsePart + + func channelRead(context: ChannelHandlerContext, data: NIOAny) { + switch self.upgradeState { + case .idle: + self.handleInitialMessage(context: context, data: self.unwrapInboundIn(data)) + + case .beganConnecting: + switch self.unwrapInboundIn(data) { + case .body(let body): + self.pendingHTTPBody.append(body) + case .end: + self.upgradeState = .awaitingConnection(pendingBytes: []) + self.removeDecoder(context: context) + default: + break + } + + case .awaitingEnd(let peerChannel): + switch self.unwrapInboundIn(data) { + case .body(let body): + self.pendingHTTPBody.append(body) + case .end: + self.upgradeState = .upgradeComplete(pendingBytes: []) + self.removeDecoder(context: context) + self.glue(peerChannel, context: context) + default: + break + } + + case .awaitingConnection(var pendingBytes): + self.upgradeState = .awaitingConnection(pendingBytes: []) + pendingBytes.append(data) + self.upgradeState = .awaitingConnection(pendingBytes: pendingBytes) + + case .upgradeComplete(var pendingBytes): + self.upgradeState = .upgradeComplete(pendingBytes: []) + pendingBytes.append(data) + self.upgradeState = .upgradeComplete(pendingBytes: pendingBytes) + + case .upgradeFailed: + break + } + } +} + +extension ConnectHandler: RemovableChannelHandler { + func removeHandler(context: ChannelHandlerContext, removalToken: ChannelHandlerContext.RemovalToken) { + var didRead = false + + while case .upgradeComplete(var pendingBytes) = self.upgradeState, pendingBytes.count > 0 { + self.upgradeState = .upgradeComplete(pendingBytes: []) + let nextRead = pendingBytes.removeFirst() + self.upgradeState = .upgradeComplete(pendingBytes: pendingBytes) + + context.fireChannelRead(nextRead) + didRead = true + } + + if didRead { + context.fireChannelReadComplete() + } + + context.leavePipeline(removalToken: removalToken) + } +} + +extension ConnectHandler { + private func handleInitialMessage(context: ChannelHandlerContext, data: InboundIn) { + guard case .head(let head) = data else { + self.httpErrorAndClose(context: context, status: .badRequest) + return + } + + if head.method == .CONNECT { + // HTTPS: CONNECT host:port + let components = head.uri.split(separator: ":", maxSplits: 1, omittingEmptySubsequences: false) + let host = String(components.first!) + let port = components.last.flatMap { Int($0, radix: 10) } ?? 443 + + guard HostProxy.isAllowed(host: host, allowedHosts: self.allowedHosts) else { + self.httpErrorAndClose(context: context, status: .forbidden) + return + } + + self.upgradeState = .beganConnecting + self.connectTo(host: host, port: port, context: context) + } else { + // Plain HTTP: GET http://host/path, POST http://host/path, etc. + guard let url = URLComponents(string: head.uri), + let hostname = url.host, !hostname.isEmpty + else { + self.httpErrorAndClose(context: context, status: .badRequest) + return + } + + guard HostProxy.isAllowed(host: hostname, allowedHosts: self.allowedHosts) else { + self.httpErrorAndClose(context: context, status: .forbidden) + return + } + + let port = url.port ?? 80 + + // Rewrite URI from absolute (http://host/path) to relative (/path). + var relativePath = url.path + if relativePath.isEmpty { relativePath = "/" } + if let query = url.query { + relativePath += "?\(query)" + } + + var rewritten = head + rewritten.uri = relativePath + self.pendingHTTPHead = rewritten + + self.upgradeState = .beganConnecting + self.connectTo(host: hostname, port: port, context: context) + } + } + + private func connectTo(host: String, port: Int, context: ChannelHandlerContext) { + ClientBootstrap(group: context.eventLoop) + .connect(host: host, port: port).assumeIsolatedUnsafeUnchecked().whenComplete { result in + switch result { + case .success(let channel): + self.connectSucceeded(channel: channel, context: context) + case .failure(let error): + self.connectFailed(error: error, context: context) + } + } + } + + private func connectSucceeded(channel: Channel, context: ChannelHandlerContext) { + switch self.upgradeState { + case .beganConnecting: + self.upgradeState = .awaitingEnd(connectResult: channel) + + case .awaitingConnection(let pendingBytes): + self.upgradeState = .upgradeComplete(pendingBytes: pendingBytes) + self.glue(channel, context: context) + + case .awaitingEnd(let peerChannel): + peerChannel.close(mode: .all, promise: nil) + context.close(promise: nil) + + case .idle, .upgradeFailed, .upgradeComplete: + context.close(promise: nil) + } + } + + private func connectFailed(error: Error, context: ChannelHandlerContext) { + switch self.upgradeState { + case .beganConnecting, .awaitingConnection: + self.httpErrorAndClose(context: context, status: .badGateway) + + case .awaitingEnd(let peerChannel): + peerChannel.close(mode: .all, promise: nil) + context.close(promise: nil) + + case .idle, .upgradeFailed, .upgradeComplete: + context.close(promise: nil) + } + + context.fireErrorCaught(error) + } + + private func glue(_ peerChannel: Channel, context: ChannelHandlerContext) { + if let httpHead = self.pendingHTTPHead { + // Plain HTTP: forward the buffered request to the peer, then glue. + var buffer = context.channel.allocator.buffer(capacity: 256) + buffer.writeString("\(httpHead.method) \(httpHead.uri) HTTP/\(httpHead.version.major).\(httpHead.version.minor)\r\n") + for (name, value) in httpHead.headers { + buffer.writeString("\(name): \(value)\r\n") + } + buffer.writeString("\r\n") + for var body in self.pendingHTTPBody { + buffer.writeBuffer(&body) + } + peerChannel.writeAndFlush(buffer, promise: nil) + self.pendingHTTPHead = nil + self.pendingHTTPBody = [] + } else { + // CONNECT: send 200 OK to the client. + // Content-Length: 0 prevents the encoder from adding chunked transfer encoding, + // which would inject a chunked terminator into the raw tunnel and break TLS. + let headers = HTTPHeaders([("Content-Length", "0")]) + let head = HTTPResponseHead(version: .init(major: 1, minor: 1), status: .ok, headers: headers) + context.write(self.wrapOutboundOut(.head(head)), promise: nil) + context.writeAndFlush(self.wrapOutboundOut(.end(nil)), promise: nil) + } + + self.removeEncoder(context: context) + + let (localGlue, peerGlue) = GlueHandler.matchedPair() + do { + try context.channel.pipeline.syncOperations.addHandler(localGlue) + try peerChannel.pipeline.syncOperations.addHandler(peerGlue) + context.pipeline.syncOperations.removeHandler(self, promise: nil) + } catch { + peerChannel.close(mode: .all, promise: nil) + context.close(promise: nil) + } + } + + private func httpErrorAndClose(context: ChannelHandlerContext, status: HTTPResponseStatus) { + self.upgradeState = .upgradeFailed + + let headers = HTTPHeaders([("Content-Length", "0"), ("Connection", "close")]) + let head = HTTPResponseHead(version: .init(major: 1, minor: 1), status: status, headers: headers) + context.write(self.wrapOutboundOut(.head(head)), promise: nil) + context.writeAndFlush(self.wrapOutboundOut(.end(nil))).assumeIsolatedUnsafeUnchecked().whenComplete { + (_: Result) in + context.close(mode: .output, promise: nil) + } + } + + private func removeDecoder(context: ChannelHandlerContext) { + if let ctx = try? context.pipeline.syncOperations.context( + handlerType: ByteToMessageHandler.self + ) { + context.pipeline.syncOperations.removeHandler(context: ctx, promise: nil) + } + } + + private func removeEncoder(context: ChannelHandlerContext) { + if let ctx = try? context.pipeline.syncOperations.context( + handlerType: HTTPResponseEncoder.self + ) { + context.pipeline.syncOperations.removeHandler(context: ctx, promise: nil) + } + } +} + +/// Bidirectional relay handler that glues two channels together. +private final class GlueHandler { + private var partner: GlueHandler? + private var context: ChannelHandlerContext? + private var pendingRead: Bool = false + + private init() {} + + static func matchedPair() -> (GlueHandler, GlueHandler) { + let first = GlueHandler() + let second = GlueHandler() + first.partner = second + second.partner = first + return (first, second) + } +} + +extension GlueHandler { + fileprivate func partnerWrite(_ data: NIOAny) { + self.context?.write(data, promise: nil) + } + + fileprivate func partnerFlush() { + self.context?.flush() + } + + fileprivate func partnerWriteEOF() { + self.context?.close(mode: .output, promise: nil) + } + + fileprivate func partnerCloseFull() { + self.context?.close(promise: nil) + } + + fileprivate func partnerBecameWritable() { + if self.pendingRead { + self.pendingRead = false + self.context?.read() + } + } + + fileprivate var partnerWritable: Bool { + self.context?.channel.isWritable ?? false + } +} + +extension GlueHandler: ChannelDuplexHandler { + typealias InboundIn = NIOAny + typealias OutboundIn = NIOAny + typealias OutboundOut = NIOAny + + func handlerAdded(context: ChannelHandlerContext) { + self.context = context + } + + func handlerRemoved(context: ChannelHandlerContext) { + self.context = nil + self.partner = nil + } + + func channelRead(context: ChannelHandlerContext, data: NIOAny) { + self.partner?.partnerWrite(data) + } + + func channelReadComplete(context: ChannelHandlerContext) { + self.partner?.partnerFlush() + } + + func channelInactive(context: ChannelHandlerContext) { + self.partner?.partnerCloseFull() + } + + func userInboundEventTriggered(context: ChannelHandlerContext, event: Any) { + if let event = event as? ChannelEvent, case .inputClosed = event { + self.partner?.partnerWriteEOF() + } + } + + func errorCaught(context: ChannelHandlerContext, error: Error) { + self.partner?.partnerCloseFull() + } + + func channelWritabilityChanged(context: ChannelHandlerContext) { + if context.channel.isWritable { + self.partner?.partnerBecameWritable() + } + } + + func read(context: ChannelHandlerContext) { + if let partner = self.partner, partner.partnerWritable { + context.read() + } else { + self.pendingRead = true + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/InstanceState.swift b/examples/sandboxy/Sources/sandboxy/InstanceState.swift new file mode 100644 index 0000000..333be1e --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/InstanceState.swift @@ -0,0 +1,120 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// Persistent metadata about a sandbox instance. +struct InstanceState: Codable, Sendable { + let id: String + /// User-provided name for persistent instances. Nil for ephemeral runs. + let name: String? + let agent: String + let workspace: String + let status: Status + let createdAt: Date + var stoppedAt: Date? + let cpus: Int + let memoryMB: UInt64 + + enum Status: String, Codable, Sendable { + case running + case stopped + } + + /// Whether this is a named (persistent) instance. + var isNamed: Bool { name != nil } + + /// Directory where instance state files are stored. + static func instancesDir(appRoot: URL) -> URL { + appRoot.appendingPathComponent("instances") + } + + /// Directory where named instance rootfs files are preserved. + static func namedRootfsDir(appRoot: URL) -> URL { + appRoot.appendingPathComponent("named") + } + + /// Path to the preserved rootfs for a named instance. + static func namedRootfsPath(appRoot: URL, name: String) -> URL { + namedRootfsDir(appRoot: appRoot).appendingPathComponent("\(name)-rootfs.ext4") + } + + /// Path to this instance's state file. + func statePath(appRoot: URL) -> URL { + Self.instancesDir(appRoot: appRoot).appendingPathComponent("\(id).json") + } + + /// Saves this instance state to disk. + func save(appRoot: URL) throws { + let dir = Self.instancesDir(appRoot: appRoot) + try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true) + + let encoder = JSONEncoder() + encoder.dateEncodingStrategy = .iso8601 + encoder.outputFormatting = .prettyPrinted + let data = try encoder.encode(self) + try data.write(to: statePath(appRoot: appRoot)) + } + + /// Loads all instance states from disk. + static func loadAll(appRoot: URL) throws -> [InstanceState] { + let dir = instancesDir(appRoot: appRoot) + let path = dir.path(percentEncoded: false) + guard FileManager.default.fileExists(atPath: path) else { + return [] + } + + let decoder = JSONDecoder() + decoder.dateDecodingStrategy = .iso8601 + + let files = try FileManager.default.contentsOfDirectory( + at: dir, + includingPropertiesForKeys: nil + ).filter { $0.pathExtension == "json" } + + return files.compactMap { file -> InstanceState? in + do { + let data = try Data(contentsOf: file) + return try decoder.decode(InstanceState.self, from: data) + } catch { + log.warning("Failed to load instance state from \(file.lastPathComponent): \(error)") + return nil + } + } + } + + /// Finds a named instance by name. + static func find(name: String, appRoot: URL) throws -> InstanceState? { + try loadAll(appRoot: appRoot).first { $0.name == name } + } + + /// Removes this instance's state file from disk. + func remove(appRoot: URL) throws { + try FileManager.default.removeItem(at: statePath(appRoot: appRoot)) + } + + /// Removes this instance's state file and preserved rootfs (for named instances). + func removeAll(appRoot: URL) throws { + try remove(appRoot: appRoot) + if let name { + let rootfs = Self.namedRootfsPath(appRoot: appRoot, name: name) + let path = rootfs.path(percentEncoded: false) + if FileManager.default.fileExists(atPath: path) { + try FileManager.default.removeItem(at: rootfs) + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/KernelManager.swift b/examples/sandboxy/Sources/sandboxy/KernelManager.swift new file mode 100644 index 0000000..fd4bcaf --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/KernelManager.swift @@ -0,0 +1,153 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import AsyncHTTPClient +import ContainerizationArchive +import ContainerizationExtras +import Foundation + +enum KernelManager { + // Hardcoded default kernel source (Kata Containers arm64 static release). + private static let defaultKernelURL = + "https://github.com/kata-containers/kata-containers/releases/download/3.26.0/kata-static-3.26.0-arm64.tar.zst" + private static let defaultKernelPathInTarball = "opt/kata/share/kata-containers/vmlinux.container" + + /// Ensures a kernel binary is available, returning its path. + /// + /// Resolution order: + /// 1. CLI flag (`-k` / `--kernel`) + /// 2. Config file (`"kernel"` field) + /// 3. Cached kernel at `appRoot/kernel/vmlinux` + /// 4. Auto-download from Kata Containers + static func ensureKernel(explicitPath: String?, appRoot: URL, config: SandboxyConfig) async throws -> URL { + // 1. CLI flag takes priority. + if let explicitPath { + let url = URL(fileURLWithPath: explicitPath) + guard FileManager.default.fileExists(atPath: url.path(percentEncoded: false)) else { + throw SandboxyError.kernelNotFound(path: explicitPath) + } + return url + } + + // 2. Config file path. + if let configKernel = config.kernel { + let url = URL(fileURLWithPath: configKernel) + guard FileManager.default.fileExists(atPath: url.path(percentEncoded: false)) else { + throw SandboxyError.kernelNotFound(path: configKernel) + } + return url + } + + // 3. Cached kernel. + let kernelDir = appRoot.appendingPathComponent("kernel") + let kernelPath = kernelDir.appendingPathComponent("vmlinux") + + if FileManager.default.fileExists(atPath: kernelPath.path(percentEncoded: false)) { + return kernelPath + } + + // 4. Auto-download. + try FileManager.default.createDirectory(at: kernelDir, withIntermediateDirectories: true) + + let progressConfig = try ProgressConfig( + description: "Downloading kernel", + showTasks: true, + totalTasks: 2 + ) + let progress = ProgressBar(config: progressConfig) + defer { progress.finish() } + progress.start() + + let tarballPath = kernelDir.appendingPathComponent("kata.tar.zst") + try await downloadFile(from: defaultKernelURL, to: tarballPath, progress: progress) + + progress.set(description: "Extracting kernel") + try extractKernel(from: tarballPath, kernelPathInTarball: defaultKernelPathInTarball, to: kernelPath) + + try FileManager.default.removeItem(at: tarballPath) + + return kernelPath + } + + private static func downloadFile(from urlString: String, to destination: URL, progress: ProgressBar) async throws { + guard let url = URL(string: urlString) else { + throw SandboxyError.kernelDownloadFailed(reason: "invalid URL: \(urlString)") + } + + let delegate = try FileDownloadDelegate( + path: destination.path(percentEncoded: false), + reportHead: { head in + if let contentLength = head.headers["Content-Length"].first, let totalBytes = Int64(contentLength) { + progress.add(totalSize: totalBytes) + } + }, + reportProgress: { progressUpdate in + progress.set(size: Int64(progressUpdate.receivedBytes)) + } + ) + + let request = try HTTPClient.Request(url: url) + let client = createClient(url: url) + do { + _ = try await client.execute(request: request, delegate: delegate).get() + } catch { + try? await client.shutdown() + throw error + } + try await client.shutdown() + } + + private static func createClient(url: URL) -> HTTPClient { + var httpConfiguration = HTTPClient.Configuration() + httpConfiguration.timeout = HTTPClient.Configuration.Timeout( + connect: .seconds(30), + read: .none + ) + if let host = url.host { + let proxyURL = ProxyUtils.proxyFromEnvironment(scheme: url.scheme, host: host) + if let proxyURL, let proxyHost = proxyURL.host { + httpConfiguration.proxy = HTTPClient.Configuration.Proxy.server(host: proxyHost, port: proxyURL.port ?? 8080) + } + } + + return HTTPClient(eventLoopGroupProvider: .singleton, configuration: httpConfiguration) + } + + private static func extractKernel(from tarball: URL, kernelPathInTarball: String, to destination: URL) throws { + var target = kernelPathInTarball + var reader = try ArchiveReader(file: tarball) + var (entry, data) = try reader.extractFile(path: target) + + // If the target file is a symlink, get the data for the actual file. + if entry.fileType == .symbolicLink, let symlinkRelative = entry.symlinkTarget { + reader = try ArchiveReader(file: tarball) + let symlinkTarget = URL(filePath: target).deletingLastPathComponent().appending(path: symlinkRelative) + + // Standardize so that we remove any and all ../ and ./ in the path since symlink targets + // are relative paths to the target file from the symlink's parent dir itself. + target = symlinkTarget.standardized.relativePath + let (_, targetData) = try reader.extractFile(path: target) + data = targetData + } + + try data.write(to: destination, options: .atomic) + + try FileManager.default.setAttributes( + [.posixPermissions: 0o755], + ofItemAtPath: destination.path(percentEncoded: false) + ) + } +} diff --git a/examples/sandboxy/Sources/sandboxy/ListCommand.swift b/examples/sandboxy/Sources/sandboxy/ListCommand.swift new file mode 100644 index 0000000..1a15ff4 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/ListCommand.swift @@ -0,0 +1,94 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Foundation + +extension Sandboxy { + struct List: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "list", + abstract: "List sandbox instances", + aliases: ["ls"] + ) + + func run() async throws { + _ = try Sandboxy.loadConfig() + + let instances = try InstanceState.loadAll(appRoot: Sandboxy.appRoot) + + if instances.isEmpty { + print("No sandbox instances found.") + return + } + + // Deduplicate named instances, keeping only the most recent entry per name. + var seen = Set() + var deduplicated: [InstanceState] = [] + let sorted = instances.sorted { $0.createdAt > $1.createdAt } + for instance in sorted { + if let name = instance.name { + if seen.contains(name) { continue } + seen.insert(name) + } + deduplicated.append(instance) + } + + print( + pad("NAME", to: 30) + + pad("AGENT", to: 12) + + pad("STATUS", to: 12) + + pad("CREATED", to: 12) + + "WORKSPACE" + ) + + for instance in deduplicated { + let age = relativeTime(from: instance.createdAt) + let displayName = instance.name ?? "-" + print( + pad(truncate(displayName, to: 28), to: 30) + + pad(instance.agent, to: 12) + + pad(instance.status.rawValue, to: 12) + + pad(age, to: 12) + + instance.workspace + ) + } + } + + private func pad(_ s: String, to width: Int) -> String { + if s.count >= width { + return s + } + return s + String(repeating: " ", count: width - s.count) + } + + private func truncate(_ s: String, to maxLen: Int) -> String { + if s.count <= maxLen { return s } + return "..." + String(s.suffix(maxLen - 3)) + } + + private func relativeTime(from date: Date) -> String { + let seconds = Int(Date().timeIntervalSince(date)) + if seconds < 60 { return "\(seconds)s ago" } + let minutes = seconds / 60 + if minutes < 60 { return "\(minutes)m ago" } + let hours = minutes / 60 + if hours < 24 { return "\(hours)h ago" } + let days = hours / 24 + return "\(days)d ago" + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/OutputCapture.swift b/examples/sandboxy/Sources/sandboxy/OutputCapture.swift new file mode 100644 index 0000000..4f99917 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/OutputCapture.swift @@ -0,0 +1,47 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Containerization +import Foundation +import Synchronization + +/// A Writer that captures output into a Data buffer and optionally streams it. +final class OutputCapture: Writer, Sendable { + private let storage = Mutex(Data()) + private let streamTo: FileHandle? + + var data: Data { + storage.withLock { $0 } + } + + init(streamToStdout: Bool = false, streamToStderr: Bool = false) { + if streamToStdout { + self.streamTo = .standardOutput + } else if streamToStderr { + self.streamTo = .standardError + } else { + self.streamTo = nil + } + } + + func write(_ data: Data) throws { + guard data.count > 0 else { return } + storage.withLock { $0.append(data) } + streamTo?.write(data) + } + + func close() throws {} +} diff --git a/examples/sandboxy/Sources/sandboxy/ProgressUI.swift b/examples/sandboxy/Sources/sandboxy/ProgressUI.swift new file mode 100644 index 0000000..10d5f40 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/ProgressUI.swift @@ -0,0 +1,70 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// Status output helpers that write to stderr to keep stdout clean for the agent's terminal IO. +enum ProgressUI { + private static let boxLines = [ + "┌──────────────┐", + "│ ░░░░░░░░░░░░ │", + "│ ░░░░░░░░░░░░ │", + "│ ░░░░░░░░░░░░ │", + "│ ░░░░░░░░░░░░ │", + "│ ░░░░░░░░░░░░ │", + "│ ░░░░░░░░░░░░ │", + "└──────────────┘", + ] + + /// Prints the logo with info lines displayed to the right of the box. + static func printLogo(info: [String] = []) { + let yellow = "\u{1b}[33m" + let reset = "\u{1b}[0m" + let gap = " " + + for (i, boxLine) in boxLines.enumerated() { + let coloredBox = "\(yellow)\(boxLine)\(reset)" + if i < info.count { + FileHandle.standardError.write(Data(" \(coloredBox)\(gap)\(info[i])\n".utf8)) + } else { + FileHandle.standardError.write(Data(" \(coloredBox)\n".utf8)) + } + } + // Print any remaining info lines that don't fit beside the box. + if info.count > boxLines.count { + for j in boxLines.count.. \(message)\u{1b}[0m\n".utf8)) + } + + static func printDetail(_ message: String) { + FileHandle.standardError.write(Data("\u{1b}[32m \(message)\u{1b}[0m\n".utf8)) + } + + static func printWarning(_ message: String) { + FileHandle.standardError.write(Data("warning: \(message)\n".utf8)) + } + + static func printError(_ message: String) { + FileHandle.standardError.write(Data("\u{1b}[31merror: \(message)\u{1b}[0m\n".utf8)) + } +} diff --git a/examples/sandboxy/Sources/sandboxy/RemoveCommand.swift b/examples/sandboxy/Sources/sandboxy/RemoveCommand.swift new file mode 100644 index 0000000..3768f99 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/RemoveCommand.swift @@ -0,0 +1,69 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Foundation + +extension Sandboxy { + struct Remove: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "rm", + abstract: "Remove sandbox instances and their preserved state" + ) + + @Argument(help: "Name of the instance to remove") + var names: [String] = [] + + @Flag(name: [.customShort("a"), .long], help: "Remove all instances") + var all: Bool = false + + func run() async throws { + _ = try Sandboxy.loadConfig() + + if all { + let instances = try InstanceState.loadAll(appRoot: Sandboxy.appRoot) + if instances.isEmpty { + print("No instances to remove.") + return + } + for instance in instances { + let displayName = instance.name ?? instance.id + do { + try instance.removeAll(appRoot: Sandboxy.appRoot) + print("Removed instance '\(displayName)'.") + } catch { + print("Failed to remove instance '\(displayName)': \(error)") + } + } + return + } + + guard !names.isEmpty else { + print("Specify instance name(s) to remove, or use --all (-a).") + throw ExitCode.failure + } + + for name in names { + guard let instance = try InstanceState.find(name: name, appRoot: Sandboxy.appRoot) else { + print("No instance named '\(name)' found.") + continue + } + try instance.removeAll(appRoot: Sandboxy.appRoot) + print("Removed instance '\(name)'.") + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/RunAgentCommand.swift b/examples/sandboxy/Sources/sandboxy/RunAgentCommand.swift new file mode 100644 index 0000000..cdad0d3 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/RunAgentCommand.swift @@ -0,0 +1,1000 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Containerization +import ContainerizationError +import ContainerizationExtras +import ContainerizationOCI +import ContainerizationOS +import Foundation +import vmnet + +extension Sandboxy { + struct Run: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "run", + abstract: "Run an AI coding agent in a sandboxed Linux container", + discussion: """ + Available agents are determined by built-in definitions and any custom + agent JSON files in the agents/ subdirectory of the sandboxy application + support directory. + """ + ) + + @OptionGroup var options: AgentOptions + + @Argument(help: "Agent to run (e.g. claude)") + var agent: String + + @Argument(parsing: .captureForPassthrough) + var passthroughArgs: [String] = [] + + func run() async throws { + let config = try Sandboxy.loadConfig() + + let agents = AgentDefinition.allAgents(configRoot: Sandboxy.configRoot) + guard let definition = agents[agent] else { + let available = agents.keys.sorted().joined(separator: ", ") + throw ValidationError( + "Unknown agent '\(agent)'. Available agents: \(available)" + ) + } + + try await runAgent( + config: config, + agentName: agent, + definition: definition, + options: options, + passthroughArgs: passthroughArgs + ) + } + } +} + +struct AgentOptions: ParsableArguments { + @Option( + name: [.customLong("workspace"), .customShort("w")], + help: "Workspace directory on the host (defaults to current directory)", + completion: .directory, + transform: { str in + URL(fileURLWithPath: str, relativeTo: .currentDirectory()) + .absoluteURL.path(percentEncoded: false) + }) + var workspace: String? + + @Option(name: .long, help: "Number of CPUs to allocate") + var cpus: Int = 4 + + @Option(name: .long, help: "Memory to allocate (e.g. 4g, 512m, 4096 for MB)") + var memory: String = "4g" + + /// Parses the memory string into bytes. Supports suffixes: b, k/kb, m/mb, g/gb, t/tb. + /// A bare number is treated as megabytes for backward compatibility. + var memoryBytes: UInt64 { + get throws { + let str = memory.lowercased().trimmingCharacters(in: .whitespaces) + guard !str.isEmpty else { + throw ValidationError("Memory value cannot be empty") + } + + let suffixes: [(String, UInt64)] = [ + ("tb", 1024 * 1024 * 1024 * 1024), + ("gb", 1024 * 1024 * 1024), + ("mb", 1024 * 1024), + ("kb", 1024), + ("t", 1024 * 1024 * 1024 * 1024), + ("g", 1024 * 1024 * 1024), + ("m", 1024 * 1024), + ("k", 1024), + ("b", 1), + ] + + for (suffix, multiplier) in suffixes { + if str.hasSuffix(suffix) { + let numStr = String(str.dropLast(suffix.count)) + guard let value = Double(numStr), value > 0 else { + throw ValidationError("Invalid memory value: \(memory)") + } + return UInt64(value * Double(multiplier)) + } + } + + // Bare number: treat as megabytes. + guard let value = Double(str), value > 0 else { + throw ValidationError("Invalid memory value: \(memory)") + } + return UInt64(value * 1024 * 1024) + } + } + + /// Returns a human-readable memory string (e.g. "4 GB", "512 MB"). + var memoryDisplay: String { + get throws { + let bytes = try memoryBytes + if bytes >= 1024 * 1024 * 1024 && bytes % (1024 * 1024 * 1024) == 0 { + return "\(bytes / (1024 * 1024 * 1024)) GB" + } else if bytes >= 1024 * 1024 { + return "\(bytes / (1024 * 1024)) MB" + } else if bytes >= 1024 { + return "\(bytes / 1024) KB" + } + return "\(bytes) B" + } + } + + @Option( + name: .long, parsing: .upToNextOption, + help: "Hostnames to allow through the HTTP proxy") + var allowHosts: [String] = [] + + @Flag(name: .long, help: "Disable network filtering (allow unrestricted network access)") + var noNetworkFilter: Bool = false + + @Flag(name: .long, help: "Force reinstall of agent (ignore cached rootfs)") + var reinstall: Bool = false + + @Flag(name: .long, help: "Forward the host SSH agent socket into the container") + var sshAgent: Bool = false + + @Flag(name: .long, help: "Skip mounts defined in the agent configuration") + var noAgentMounts: Bool = false + + @Flag(name: .customLong("rm"), help: "Automatically remove the instance after the session ends") + var removeAfterRun: Bool = false + + @Option( + name: [.customLong("mount"), .customShort("m")], + parsing: .singleValue, + help: "Additional mount in hostpath:containerpath[:ro|rw] format (repeatable)") + var mount: [String] = [] + + @Option( + name: [.customLong("env"), .customShort("e")], + parsing: .singleValue, + help: "Set environment variable (KEY=VALUE or KEY to forward from host, repeatable)") + var env: [String] = [] + + @Option( + name: .long, + help: "Name for a persistent instance (preserves rootfs and resumes conversation)") + var name: String? + + @Option( + name: [.customLong("kernel"), .customShort("k")], + help: "Path to Linux kernel binary (auto-downloads if omitted)", + completion: .file(), + transform: { str in + URL(fileURLWithPath: str, relativeTo: .currentDirectory()) + .absoluteURL.path(percentEncoded: false) + }) + var kernel: String? +} + +func runAgent( + config: SandboxyConfig, + agentName: String, + definition: AgentDefinition, + options: AgentOptions, + passthroughArgs: [String] +) async throws { + signal(SIGINT) { _ in + var termios = termios() + tcgetattr(STDIN_FILENO, &termios) + termios.c_lflag |= UInt(ECHO | ICANON) + tcsetattr(STDIN_FILENO, TCSANOW, &termios) + write(STDERR_FILENO, "\u{001B}[?25h", 6) + _exit(130) + } + + let hostWorkspacePath = options.workspace ?? FileManager.default.currentDirectoryPath + let guestWorkspacePath = hostWorkspacePath + let extraMounts = try options.mount.map { try MountSpec.parse($0) } + let extraEnvVars = try options.env.map { try EnvSpec.resolve($0) } + + // Determine instance name: use --name if provided, otherwise auto-generate. + let instanceName: String + if let name = options.name { + instanceName = name + } else { + let formatter = DateFormatter() + formatter.dateFormat = "yyyyMMdd-HHmmss" + instanceName = "\(agentName)-\(formatter.string(from: Date()))" + } + + if let old = try InstanceState.find(name: instanceName, appRoot: Sandboxy.appRoot) { + try? old.remove(appRoot: Sandboxy.appRoot) + } + + // Check cache age for display. + let cacheDir = Sandboxy.appRoot.appendingPathComponent("cache") + let agentCachePath = cacheDir.appendingPathComponent("\(agentName)-rootfs.ext4") + let cacheAgeLine: String + if let attrs = try? FileManager.default.attributesOfItem(atPath: agentCachePath.path(percentEncoded: false)), + let created = attrs[.creationDate] as? Date + { + let formatter = RelativeDateTimeFormatter() + formatter.unitsStyle = .full + let age = formatter.localizedString(for: created, relativeTo: Date()) + let capitalizedAge = age.prefix(1).uppercased() + age.dropFirst() + cacheAgeLine = "\u{1b}[1mEnvironment:\u{1b}[0m \(capitalizedAge)" + } else { + cacheAgeLine = "\u{1b}[1mEnvironment:\u{1b}[0m Not yet installed" + } + + ProgressUI.printLogo(info: [ + "", + "\u{1b}[1mSandboxy\u{1b}[0m", + "\u{1b}[1mAgent:\u{1b}[0m \(definition.displayName)", + "\u{1b}[1mInstance:\u{1b}[0m \(instanceName)", + cacheAgeLine, + "\u{1b}[1mWorkspace:\u{1b}[0m \(hostWorkspacePath)", + "\u{1b}[1mCPUs:\u{1b}[0m \(options.cpus) \u{1b}[1mMemory:\u{1b}[0m \(try options.memoryDisplay)", + ]) + + let kernelPath = try await KernelManager.ensureKernel( + explicitPath: options.kernel, + appRoot: Sandboxy.appRoot, + config: config + ) + guard FileManager.default.fileExists(atPath: kernelPath.path(percentEncoded: false)) else { + throw SandboxyError.kernelNotFound(path: kernelPath.path(percentEncoded: false)) + } + let kernel = Kernel(path: kernelPath, platform: .linuxArm) + + // Merge allowed hosts from agent definition and CLI flags. + var allowedHosts = definition.allowedHosts + allowedHosts.append(contentsOf: options.allowHosts) + let filteringEnabled = !options.noNetworkFilter + + let filteredPassthroughArgs = passthroughArgs.filter { $0 != "--" } + + var fullCommand = definition.launchCommand + fullCommand.append(contentsOf: filteredPassthroughArgs) + ProgressUI.printDetail("\u{1b}[1mCommand:\u{1b}[0m \(fullCommand.joined(separator: " "))") + + if filteringEnabled { + if allowedHosts.isEmpty { + ProgressUI.printDetail("\u{1b}[1mAllowed hosts:\u{1b}[0m\u{1b}[33m none (all traffic denied)") + } else { + let hostList = allowedHosts.joined(separator: ", ") + ProgressUI.printDetail("\u{1b}[1mAllowed hosts:\u{1b}[0m\u{1b}[32m \(hostList)") + } + } else { + ProgressUI.printDetail("\u{1b}[1mAllowed hosts:\u{1b}[0m\u{1b}[32m unrestricted") + } + + // Log mounts. + ProgressUI.printDetail("\u{1b}[1mMounts:\u{1b}[0m") + ProgressUI.printDetail(" \(hostWorkspacePath) -> \(guestWorkspacePath)") + if options.noAgentMounts { + for agentMount in definition.mounts { + let ro = agentMount.readOnly ? " (ro)" : "" + ProgressUI.printDetail(" \(agentMount.resolvedHostPath) -> \(agentMount.containerPath)\(ro) \u{1b}[33m(skipped, --no-agent-mounts)\u{1b}[0m") + } + } else { + for agentMount in definition.mounts { + let hostPath = agentMount.resolvedHostPath + let ro = agentMount.readOnly ? " (ro)" : "" + if FileManager.default.fileExists(atPath: hostPath) { + ProgressUI.printDetail(" \(hostPath) -> \(agentMount.containerPath)\(ro)") + } else { + ProgressUI.printDetail(" \(hostPath) -> \(agentMount.containerPath)\(ro) \u{1b}[33m(skipped, host path not found)\u{1b}[0m") + } + } + } + for mountSpec in extraMounts { + let ro = mountSpec.readOnly ? " (ro)" : "" + ProgressUI.printDetail(" \(mountSpec.hostPath) -> \(mountSpec.containerPath)\(ro)") + } + + // Setup networking. + let enableNetworking: Bool + var sharedNetwork: VmnetNetwork? + if #available(macOS 26, *) { + sharedNetwork = try VmnetNetwork() + enableNetworking = true + } else { + sharedNetwork = nil + enableNetworking = false + } + + // Pull the init image with progress if it hasn't been cached yet. + let initfsReference = config.initfsReference ?? SandboxyConfig.defaults.initfsReference! + _ = try await pullImageWithProgress(reference: initfsReference) + + var manager = try await ContainerManager( + kernel: kernel, + initfsReference: initfsReference, + root: Sandboxy.appRoot + ) + + /// MTU for vmnet interfaces. Lowered from the default 1500 to avoid + /// PMTU black-hole issues on networks that block ICMP fragmentation-needed. + let vmnetMTU: UInt32 = 1400 + + let containerId = "\(agentName)-\(ProcessInfo.processInfo.processIdentifier)" + + // + // Workload container setup + // + + // Determine rootfs source: named instance > agent cache > fresh install. + try FileManager.default.createDirectory(at: cacheDir, withIntermediateDirectories: true) + let containerRootfsPath = Sandboxy.appRoot + .appendingPathComponent("containers") + .appendingPathComponent(containerId) + .appendingPathComponent("rootfs.ext4") + + let sourceRootfs: URL? + var needsInstall = false + + if options.reinstall { + removeIfExists(at: agentCachePath) + removeIfExists( + at: InstanceState.namedRootfsPath(appRoot: Sandboxy.appRoot, name: instanceName)) + sourceRootfs = nil + needsInstall = true + } else { + let namedPath = InstanceState.namedRootfsPath(appRoot: Sandboxy.appRoot, name: instanceName) + if FileManager.default.fileExists(atPath: namedPath.path(percentEncoded: false)) { + sourceRootfs = namedPath + } else if FileManager.default.fileExists(atPath: agentCachePath.path(percentEncoded: false)) { + sourceRootfs = agentCachePath + } else { + sourceRootfs = nil + needsInstall = true + } + } + + // Create workload container with full network for installation. + // After install, we recreate with the filtered network if needed. + var container: LinuxContainer + + if let sourceRootfs { + let containerDir = Sandboxy.appRoot + .appendingPathComponent("containers") + .appendingPathComponent(containerId) + try FileManager.default.createDirectory(at: containerDir, withIntermediateDirectories: true) + + let result = Darwin.clonefile( + sourceRootfs.path(percentEncoded: false), + containerRootfsPath.path(percentEncoded: false), + 0 + ) + if result != 0 { + try FileManager.default.copyItem(at: sourceRootfs, to: containerRootfsPath) + } + + let rootfsMount = Mount.block( + format: "ext4", + source: containerRootfsPath.path(percentEncoded: false), + destination: "/", + runtimeOptions: ["vzDiskImageSynchronizationMode=fsync"] + ) + + let image = try await pullImageWithProgress(reference: definition.baseImage) + + container = try await manager.create( + containerId, + image: image, + rootfs: rootfsMount, + networking: false + ) { config in + if enableNetworking, let iface = try sharedNetwork?.createInterface(containerId, mtu: vmnetMTU) { + config.interfaces = [iface] + config.dns = .init(nameservers: [sharedNetwork!.ipv4Gateway.description]) + } + try configureContainer( + config: &config, + definition: definition, + options: options, + containerId: containerId, + hostWorkspacePath: hostWorkspacePath, + guestWorkspacePath: guestWorkspacePath, + extraMounts: extraMounts + ) + } + } else { + let progressConfig = try ProgressConfig( + showTasks: true, + showItems: true, + ignoreSmallSize: true, + totalTasks: 2 + ) + let progress = ProgressBar(config: progressConfig) + defer { progress.finish() } + progress.start() + + progress.set(description: "Pulling image (\(definition.baseImage))") + progress.set(itemsName: "blobs") + let image = try await Sandboxy.imageStore.pull( + reference: definition.baseImage, + progress: progressEventAdapter(for: progress) + ) + + progress.set(description: "Unpacking image") + container = try await manager.create( + containerId, + image: image, + rootfsSizeInBytes: 512.gib(), + networking: false + ) { config in + if enableNetworking, let iface = try sharedNetwork?.createInterface(containerId, mtu: vmnetMTU) { + config.interfaces = [iface] + config.dns = .init(nameservers: [sharedNetwork!.ipv4Gateway.description]) + } + try configureContainer( + config: &config, + definition: definition, + options: options, + containerId: containerId, + hostWorkspacePath: hostWorkspacePath, + guestWorkspacePath: guestWorkspacePath, + extraMounts: extraMounts + ) + } + } + + // Boot and install toolchain if needed (with full network). + if needsInstall { + try await container.create() + try await container.start() + + ProgressUI.printStatus("Installing \(definition.displayName) toolchain...") + try await installAgent(in: container, definition: definition) + ProgressUI.printStatus("Installation complete.") + + try await container.stop() + ProgressUI.printDetail("Caching environment for future runs...") + try FileManager.default.copyItem(at: containerRootfsPath, to: agentCachePath) + + // Delete so we can recreate (possibly on a different network). + try manager.delete(containerId) + try? sharedNetwork?.releaseInterface(containerId) + + // Recreate from the freshly-cached rootfs (unless filtering will recreate again). + if !filteringEnabled { + let cachedRootfsMount = Mount.block( + format: "ext4", + source: containerRootfsPath.path(percentEncoded: false), + destination: "/", + runtimeOptions: ["vzDiskImageSynchronizationMode=fsync"] + ) + let cachedImage = try await pullImageWithProgress(reference: definition.baseImage) + container = try await manager.create( + containerId, + image: cachedImage, + rootfs: cachedRootfsMount, + networking: false + ) { config in + if enableNetworking, let iface = try sharedNetwork?.createInterface(containerId, mtu: vmnetMTU) { + config.interfaces = [iface] + config.dns = .init(nameservers: [sharedNetwork!.ipv4Gateway.description]) + } + try configureContainer( + config: &config, + definition: definition, + options: options, + containerId: containerId, + hostWorkspacePath: hostWorkspacePath, + guestWorkspacePath: guestWorkspacePath, + extraMounts: extraMounts + ) + } + } + } + + // Host-only network setup (only when filtering is active) + var proxyIP: String? + var hostOnlyNetwork: VmnetNetwork? + + if filteringEnabled, enableNetworking, #available(macOS 26, *) { + hostOnlyNetwork = try VmnetNetwork(mode: .VMNET_HOST_MODE) + + let gatewayIP = hostOnlyNetwork!.ipv4Gateway.description + let workloadHostOnlyInterface = try hostOnlyNetwork!.createInterface(containerId, mtu: vmnetMTU) + proxyIP = gatewayIP + + // Recreate the workload container on the host-only network. + if !needsInstall { + try manager.delete(containerId) + try? sharedNetwork?.releaseInterface(containerId) + } + + let filteredContainerDir = Sandboxy.appRoot + .appendingPathComponent("containers") + .appendingPathComponent(containerId) + try FileManager.default.createDirectory(at: filteredContainerDir, withIntermediateDirectories: true) + + let filteredRootfsSource = needsInstall ? agentCachePath : (sourceRootfs ?? agentCachePath) + let cloneResult2 = Darwin.clonefile( + filteredRootfsSource.path(percentEncoded: false), + containerRootfsPath.path(percentEncoded: false), + 0 + ) + if cloneResult2 != 0 { + try FileManager.default.copyItem(at: filteredRootfsSource, to: containerRootfsPath) + } + + let filteredRootfsMount = Mount.block( + format: "ext4", + source: containerRootfsPath.path(percentEncoded: false), + destination: "/", + runtimeOptions: ["vzDiskImageSynchronizationMode=fsync"] + ) + + let image = try await pullImageWithProgress(reference: definition.baseImage) + + container = try await manager.create( + containerId, + image: image, + rootfs: filteredRootfsMount, + networking: false + ) { config in + if let iface = workloadHostOnlyInterface { + config.interfaces = [iface] + config.dns = .init(nameservers: [gatewayIP]) + } + try configureContainer( + config: &config, + definition: definition, + options: options, + containerId: containerId, + hostWorkspacePath: hostWorkspacePath, + guestWorkspacePath: guestWorkspacePath, + extraMounts: extraMounts + ) + } + } + + // Run the container session, cleaning up on both success and failure. + do { + try await runContainerSession( + container: container, + containerId: containerId, + instanceName: instanceName, + agentName: agentName, + definition: definition, + options: options, + containerRootfsPath: containerRootfsPath, + agentCachePath: agentCachePath, + hostWorkspacePath: hostWorkspacePath, + guestWorkspacePath: guestWorkspacePath, + extraEnvVars: extraEnvVars, + proxyIP: proxyIP, + allowedHosts: allowedHosts, + passthroughArgs: filteredPassthroughArgs + ) + + // Cleanup + try manager.delete(containerId) + try? sharedNetwork?.releaseInterface(containerId) + if hostOnlyNetwork != nil { + try? hostOnlyNetwork?.releaseInterface(containerId) + } + } catch { + do { + try await container.stop() + } catch { + log.warning("Failed to stop container \(containerId): \(error)") + } + do { + try manager.delete(containerId) + } catch { + log.warning("Failed to delete container \(containerId): \(error)") + } + try? sharedNetwork?.releaseInterface(containerId) + if hostOnlyNetwork != nil { + try? hostOnlyNetwork?.releaseInterface(containerId) + } + throw error + } +} + +private func runContainerSession( + container: LinuxContainer, + containerId: String, + instanceName: String, + agentName: String, + definition: AgentDefinition, + options: AgentOptions, + containerRootfsPath: URL, + agentCachePath: URL, + hostWorkspacePath: String, + guestWorkspacePath: String, + extraEnvVars: [String], + proxyIP: String?, + allowedHosts: [String], + passthroughArgs: [String] +) async throws { + // create() boots the VM and brings up the vmnet bridge on the host. + try await container.create() + + // Start the proxy now that the bridge interface is up. + var hostProxy: HostProxy? + if let proxyIP { + let proxy = try await HostProxy( + host: proxyIP, + port: 0, + allowedHosts: allowedHosts + ) + hostProxy = proxy + } + + // start() launches the container process. + try await container.start() + + // Write instance state. + let instanceState = InstanceState( + id: containerId, + name: instanceName, + agent: agentName, + workspace: hostWorkspacePath, + status: .running, + createdAt: Date(), + cpus: options.cpus, + memoryMB: try options.memoryBytes / (1024 * 1024) + ) + try instanceState.save(appRoot: Sandboxy.appRoot) + + let sigwinchStream = AsyncSignalHandler.create(notify: [SIGWINCH]) + let current = try Terminal.current + try current.setraw() + defer { current.tryReset() } + + // Build environment for the agent process. + var envVarsBuilder = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm-256color", + "HOME=/root", + ] + for envVar in definition.environmentVariables { + if envVar.contains("=") { + envVarsBuilder.append(envVar) + } else if let value = ProcessInfo.processInfo.environment[envVar] { + envVarsBuilder.append("\(envVar)=\(value)") + } + } + + envVarsBuilder.append(contentsOf: extraEnvVars) + + if options.sshAgent, ProcessInfo.processInfo.environment["SSH_AUTH_SOCK"] != nil { + envVarsBuilder.append("SSH_AUTH_SOCK=/tmp/ssh-agent.sock") + } + + if let proxyIP, let proxyPort = hostProxy?.port { + let proxyURL = "http://\(proxyIP):\(proxyPort)" + envVarsBuilder.append("HTTP_PROXY=\(proxyURL)") + envVarsBuilder.append("HTTPS_PROXY=\(proxyURL)") + envVarsBuilder.append("http_proxy=\(proxyURL)") + envVarsBuilder.append("https_proxy=\(proxyURL)") + envVarsBuilder.append("NO_PROXY=localhost,127.0.0.1") + envVarsBuilder.append("no_proxy=localhost,127.0.0.1") + envVarsBuilder.append("GLOBAL_AGENT_HTTP_PROXY=\(proxyURL)") + envVarsBuilder.append("GLOBAL_AGENT_HTTPS_PROXY=\(proxyURL)") + envVarsBuilder.append("GLOBAL_AGENT_NO_PROXY=localhost,127.0.0.1") + + // Prepend global-agent bootstrap to NODE_OPTIONS so Node.js http/https + // modules respect the proxy environment variables. + if let idx = envVarsBuilder.firstIndex(where: { $0.hasPrefix("NODE_OPTIONS=") }) { + let existing = String(envVarsBuilder[idx].dropFirst("NODE_OPTIONS=".count)) + envVarsBuilder[idx] = "NODE_OPTIONS=-r /usr/local/lib/node_modules/global-agent/dist/routines/bootstrap.js \(existing)" + } else { + envVarsBuilder.append("NODE_OPTIONS=-r /usr/local/lib/node_modules/global-agent/dist/routines/bootstrap.js") + } + } + + var launchArgsBuilder = definition.launchCommand + launchArgsBuilder.append(contentsOf: passthroughArgs) + + let envVars = envVarsBuilder + let launchArgs = launchArgsBuilder + + let agentProcess = try await container.exec("agent-session") { config in + config.arguments = launchArgs + config.environmentVariables = envVars + config.workingDirectory = guestWorkspacePath + config.terminal = true + config.stdin = current + config.stdout = current + } + + try await agentProcess.start() + try? await agentProcess.resize(to: try current.size) + + try await withThrowingTaskGroup(of: Void.self) { group in + group.addTask { + for await _ in sigwinchStream.signals { + try await agentProcess.resize(to: try current.size) + } + } + + let status = try await agentProcess.wait() + group.cancelAll() + + try await agentProcess.delete() + + // Stop container so rootfs is cleanly unmounted before caching. + try await container.stop() + + if options.removeAfterRun { + ProgressUI.printStatus("Instance \u{1b}[1m\(instanceName)\u{1b}[0m removed (--rm).") + } else { + // Preserve the rootfs for all instances. + let namedDir = InstanceState.namedRootfsDir(appRoot: Sandboxy.appRoot) + try FileManager.default.createDirectory(at: namedDir, withIntermediateDirectories: true) + let namedPath = InstanceState.namedRootfsPath(appRoot: Sandboxy.appRoot, name: instanceName) + removeIfExists(at: namedPath) + try FileManager.default.copyItem(at: containerRootfsPath, to: namedPath) + + let stopped = InstanceState( + id: instanceState.id, + name: instanceState.name, + agent: instanceState.agent, + workspace: instanceState.workspace, + status: .stopped, + createdAt: instanceState.createdAt, + stoppedAt: Date(), + cpus: instanceState.cpus, + memoryMB: instanceState.memoryMB + ) + try stopped.save(appRoot: Sandboxy.appRoot) + + ProgressUI.printStatus("Instance \u{1b}[1m\(instanceName)\u{1b}[0m saved. Resume with: sandboxy run \(agentName) --name \(instanceName)") + } + + if status.exitCode != 0 { + throw ExitCode(status.exitCode) + } + } + + if let proxy = hostProxy { + try await proxy.stop() + } +} + +private func configureContainer( + config: inout LinuxContainer.Configuration, + definition: AgentDefinition, + options: AgentOptions, + containerId: String, + hostWorkspacePath: String, + guestWorkspacePath: String, + extraMounts: [MountSpec] +) throws { + config.cpus = options.cpus + config.memoryInBytes = try options.memoryBytes + + config.process.arguments = ["/bin/sleep", "infinity"] + config.process.workingDirectory = "/" + config.process.capabilities = .allCapabilities + config.useInit = true + + // SSH agent forwarding. + if options.sshAgent, + let authSock = ProcessInfo.processInfo.environment["SSH_AUTH_SOCK"] + { + let guestSocketPath = "/tmp/ssh-agent.sock" + config.sockets.append( + UnixSocketConfiguration( + source: URL(fileURLWithPath: authSock), + destination: URL(fileURLWithPath: guestSocketPath), + direction: .into + ) + ) + } + + config.mounts.append( + Mount.share( + source: hostWorkspacePath, + destination: guestWorkspacePath + ) + ) + + if !options.noAgentMounts { + for agentMount in definition.mounts { + let hostPath = agentMount.resolvedHostPath + if FileManager.default.fileExists(atPath: hostPath) { + config.mounts.append( + Mount.share( + source: hostPath, + destination: agentMount.containerPath, + options: agentMount.readOnly ? ["ro"] : [] + ) + ) + } + } + } + + for mountSpec in extraMounts { + config.mounts.append(mountSpec.toMount()) + } + + var hosts = Hosts.default + if #available(macOS 26, *), !config.interfaces.isEmpty { + let interface = config.interfaces[0] + hosts.entries.append( + Hosts.Entry( + ipAddress: interface.ipv4Address.address.description, + hostnames: [containerId] + ) + ) + } + config.hosts = hosts +} + +func installAgent( + in container: LinuxContainer, + definition: AgentDefinition +) async throws { + for (index, command) in definition.installCommands.enumerated() { + let truncated = command.count > 80 ? String(command.prefix(77)) + "..." : command + ProgressUI.printDetail("[\(index + 1)/\(definition.installCommands.count)] \(truncated)") + + let buffer = OutputCapture(streamToStdout: true) + let execId = "install-\(index)" + let process = try await container.exec(execId) { config in + config.arguments = ["/bin/sh", "-c", command] + config.workingDirectory = "/" + config.stdout = buffer + config.stderr = buffer + config.capabilities = .allCapabilities + config.environmentVariables = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "DEBIAN_FRONTEND=noninteractive", + "HOME=/root", + ] + } + + try await process.start() + let status = try await process.wait() + try await process.delete() + + guard status.exitCode == 0 else { + throw SandboxyError.installFailed( + step: index + 1, + command: command, + exitCode: status.exitCode + ) + } + } +} + +func removeIfExists(at url: URL) { + let path = url.path(percentEncoded: false) + if FileManager.default.fileExists(atPath: path) { + do { + try FileManager.default.removeItem(at: url) + } catch { + log.warning("Failed to remove \(path): \(error)") + } + } +} + +/// A parsed `hostpath:containerpath[:ro|rw]` mount specification from the CLI. +struct MountSpec { + let hostPath: String + let containerPath: String + let readOnly: Bool + + static func parse(_ spec: String) throws -> MountSpec { + let parts = spec.split(separator: ":", maxSplits: 2).map(String.init) + guard parts.count >= 2 else { + throw SandboxyError.invalidMountSpec(spec: spec) + } + + let readOnly: Bool + if parts.count == 3 { + switch parts[2] { + case "ro": + readOnly = true + case "rw": + readOnly = false + default: + throw SandboxyError.invalidMountSpec(spec: spec) + } + } else { + readOnly = false + } + + // Resolve host path to absolute. + let hostPath = URL(fileURLWithPath: parts[0], relativeTo: .currentDirectory()) + .absoluteURL.path(percentEncoded: false) + + return MountSpec(hostPath: hostPath, containerPath: parts[1], readOnly: readOnly) + } + + func toMount() -> Containerization.Mount { + Containerization.Mount.share( + source: hostPath, + destination: containerPath, + options: readOnly ? ["ro"] : [] + ) + } +} + +func progressEventAdapter(for progress: ProgressBar) -> ProgressHandler { + { events in + for event in events { + switch event.event { + case "add-size": + if let value = event.value as? Int64 { + progress.add(size: value) + } + case "add-total-size": + if let value = event.value as? Int64 { + progress.add(totalSize: value) + } + case "add-items": + if let value = event.value as? Int { + progress.add(items: value) + } + case "add-total-items": + if let value = event.value as? Int { + progress.add(totalItems: value) + } + default: + break + } + } + } +} + +/// Pulls an image, showing a progress bar only if the image isn't already cached locally. +func pullImageWithProgress(reference: String) async throws -> Containerization.Image { + do { + return try await Sandboxy.imageStore.get(reference: reference) + } catch { + let progressConfig = try ProgressConfig( + description: "Pulling image (\(reference))", + showItems: true, + ignoreSmallSize: true + ) + let progress = ProgressBar(config: progressConfig) + defer { progress.finish() } + progress.start() + progress.set(itemsName: "blobs") + return try await Sandboxy.imageStore.pull( + reference: reference, + progress: progressEventAdapter(for: progress) + ) + } +} + +/// Resolves a `KEY=VALUE` or `KEY` environment variable specification. +/// +/// - `KEY=VALUE`: passed through as-is. +/// - `KEY`: looks up the variable in the host environment and produces `KEY=`. +/// Throws if the variable is not set. +enum EnvSpec { + static func resolve(_ spec: String) throws -> String { + if let eqIndex = spec.firstIndex(of: "=") { + // KEY=VALUE: Use as-is, but validate key is non-empty. + let key = spec[spec.startIndex.. SandboxyConfig { + let fm = FileManager.default + let agentsDir = configRoot.appendingPathComponent("agents") + try fm.createDirectory(at: agentsDir, withIntermediateDirectories: true) + + let config = try SandboxyConfig.load(configRoot: configRoot) + if let dataDir = config.dataDir { + appRoot = URL(fileURLWithPath: dataDir) + } + + try fm.createDirectory(at: appRoot, withIntermediateDirectories: true) + return config + } + + /// User configuration directory (`~/.config/sandboxy/`). + /// Holds `config.json` and `agents/` definition files. + static let configRoot: URL = { + FileManager.default.homeDirectoryForCurrentUser + .appendingPathComponent(".config") + .appendingPathComponent("sandboxy") + }() + + private static let _contentStore: ContentStore = { + try! LocalContentStore(path: appRoot.appendingPathComponent("content")) + }() + + private static let _imageStore: ImageStore = { + try! ImageStore( + path: appRoot, + contentStore: contentStore + ) + }() + + static var imageStore: ImageStore { + _imageStore + } + + static var contentStore: ContentStore { + _contentStore + } +} diff --git a/examples/sandboxy/Sources/sandboxy/SandboxyConfig.swift b/examples/sandboxy/Sources/sandboxy/SandboxyConfig.swift new file mode 100644 index 0000000..d946970 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/SandboxyConfig.swift @@ -0,0 +1,81 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// Optional configuration file for overriding sandboxy defaults. +/// +/// If `config.json` exists in the sandboxy config directory, it is +/// loaded at startup and its values override the built-in defaults. Any field +/// can be omitted to keep the default. +/// +/// Location: `~/.config/sandboxy/config.json` +/// +/// Example: +/// ```json +/// { +/// "dataDir": "/Volumes/fast/sandboxy", +/// "kernel": "/path/to/vmlinux", +/// "initfsReference": "ghcr.io/apple/containerization/vminit:latest", +/// "defaultCPUs": 4, +/// "defaultMemory": "4g" +/// } +/// ``` +struct SandboxyConfig: Codable, Sendable { + /// Directory for runtime data (caches, content store, containers). + /// Defaults to `~/Library/Application Support/com.apple.containerization.sandboxy`. + var dataDir: String? + /// Path to a Linux kernel binary on disk. When set, the auto-download is skipped. + var kernel: String? + /// OCI reference for the VM init image. + var initfsReference: String? + /// Default number of CPUs for new containers. + var defaultCPUs: Int? + /// Default memory for new containers (e.g. "4g", "512m", "4096" for MB). + var defaultMemory: String? + + /// Built-in defaults used when no config file is present. + static let defaults = SandboxyConfig( + initfsReference: "ghcr.io/apple/containerization/vminit:0.30.0", + defaultCPUs: 4, + defaultMemory: "4g" + ) + + /// Loads the config from `/config.json`, falling back to defaults + /// for any missing fields. + static func load(configRoot: URL) throws -> SandboxyConfig { + let configPath = configRoot.appendingPathComponent("config.json") + + guard FileManager.default.fileExists(atPath: configPath.path(percentEncoded: false)) else { + return .defaults + } + + do { + let data = try Data(contentsOf: configPath) + let userConfig = try JSONDecoder().decode(SandboxyConfig.self, from: data) + + return SandboxyConfig( + dataDir: userConfig.dataDir, + kernel: userConfig.kernel, + initfsReference: userConfig.initfsReference ?? defaults.initfsReference, + defaultCPUs: userConfig.defaultCPUs ?? defaults.defaultCPUs, + defaultMemory: userConfig.defaultMemory ?? defaults.defaultMemory + ) + } catch { + throw SandboxyError.configFailedToLoad(error: error) + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/SandboxyError.swift b/examples/sandboxy/Sources/sandboxy/SandboxyError.swift new file mode 100644 index 0000000..d112c97 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/SandboxyError.swift @@ -0,0 +1,52 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +enum SandboxyError: Error, CustomStringConvertible { + case configFailedToLoad(error: Swift.Error) + case installFailed(step: Int, command: String, exitCode: Int32) + case kernelDownloadFailed(reason: String) + case proxyFailed(reason: String) + case kernelNotFound(path: String) + case incompleteAgentDefinition(missing: [String]) + case invalidMountSpec(spec: String) + case envVarNotSet(name: String) + + var description: String { + switch self { + case .configFailedToLoad(let error): + return "Failed to load sandbox config: \(error)" + case .installFailed(let step, let command, let exitCode): + return """ + Installation step \(step) failed (exit code \(exitCode)). + Command: \(command) + """ + case .kernelDownloadFailed(let reason): + return "Failed to download kernel: \(reason)" + case .proxyFailed(let reason): + return "Proxy failed: \(reason)" + case .kernelNotFound(let path): + return "Kernel not found at \(path). Provide a valid path with -k or omit to auto-download." + case .incompleteAgentDefinition(let missing): + return "Agent definition is missing required fields: \(missing.joined(separator: ", ")). Use 'sandboxy config --agent claude' to see a complete example." + case .invalidMountSpec(let spec): + return "Invalid mount specification: '\(spec)'. Expected format: hostpath:containerpath[:ro|rw]" + case .envVarNotSet(let name): + return "Environment variable '\(name)' is not set on the host." + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/Int+Formatted.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/Int+Formatted.swift new file mode 100644 index 0000000..28f7ee2 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/Int+Formatted.swift @@ -0,0 +1,52 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension Int { + func formattedTime() -> String { + let secondsInMinute = 60 + let secondsInHour = secondsInMinute * 60 + let secondsInDay = secondsInHour * 24 + + let days = self / secondsInDay + let hours = (self % secondsInDay) / secondsInHour + let minutes = (self % secondsInHour) / secondsInMinute + let seconds = self % secondsInMinute + + var components = [String]() + if days > 0 { + components.append("\(days)d") + } + if hours > 0 || days > 0 { + components.append("\(hours)h") + } + if minutes > 0 || hours > 0 || days > 0 { + components.append("\(minutes)m") + } + components.append("\(seconds)s") + return components.joined(separator: " ") + } + + func formattedNumber() -> String { + let formatter = NumberFormatter() + formatter.numberStyle = .decimal + guard let formattedNumber = formatter.string(from: NSNumber(value: self)) else { + return "" + } + return formattedNumber + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/Int64+Formatted.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/Int64+Formatted.swift new file mode 100644 index 0000000..34b73ff --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/Int64+Formatted.swift @@ -0,0 +1,36 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension Int64 { + func formattedSize() -> String { + let formattedSize = ByteCountFormatter.string(fromByteCount: self, countStyle: .binary) + return formattedSize + } + + func formattedSizeSpeed(from startTime: DispatchTime) -> String { + let elapsedTimeNanoseconds = DispatchTime.now().uptimeNanoseconds - startTime.uptimeNanoseconds + let elapsedTimeSeconds = Double(elapsedTimeNanoseconds) / 1_000_000_000 + guard elapsedTimeSeconds > 0 else { + return "0 B/s" + } + + let speed = Double(self) / elapsedTimeSeconds + let formattedSpeed = ByteCountFormatter.string(fromByteCount: Int64(speed), countStyle: .binary) + return "\(formattedSpeed)/s" + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+Add.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+Add.swift new file mode 100644 index 0000000..3710895 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+Add.swift @@ -0,0 +1,236 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension ProgressBar { + /// A handler function to update the progress bar. + /// - Parameter events: The events to handle. + public func handler(_ events: [ProgressUpdateEvent]) { + for event in events { + switch event { + case .setDescription(let description): + set(description: description) + case .setSubDescription(let subDescription): + set(subDescription: subDescription) + case .setItemsName(let itemsName): + set(itemsName: itemsName) + case .addTasks(let tasks): + add(tasks: tasks) + case .setTasks(let tasks): + set(tasks: tasks) + case .addTotalTasks(let totalTasks): + add(totalTasks: totalTasks) + case .setTotalTasks(let totalTasks): + set(totalTasks: totalTasks) + case .addSize(let size): + add(size: size) + case .setSize(let size): + set(size: size) + case .addTotalSize(let totalSize): + add(totalSize: totalSize) + case .setTotalSize(let totalSize): + set(totalSize: totalSize) + case .addItems(let items): + add(items: items) + case .setItems(let items): + set(items: items) + case .addTotalItems(let totalItems): + add(totalItems: totalItems) + case .setTotalItems(let totalItems): + set(totalItems: totalItems) + case .custom: + // Custom events are handled by the client. + break + } + } + } + + /// Performs a check to see if the progress bar should be finished. + public func checkIfFinished() { + let state = self.state.withLock { $0 } + + var finished = true + var defined = false + if let totalTasks = state.totalTasks, totalTasks > 0 { + // For tasks, we're showing the current task rather than the number of completed tasks. + finished = finished && state.tasks == totalTasks + defined = true + } + if let totalItems = state.totalItems, totalItems > 0 { + finished = finished && state.items == totalItems + defined = true + } + if let totalSize = state.totalSize, totalSize > 0 { + finished = finished && state.size == totalSize + defined = true + } + if defined && finished { + finish() + } + } + + /// Sets the current tasks. + /// - Parameter newTasks: The current tasks to set. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func set(tasks newTasks: Int, render: Bool = true) { + state.withLock { $0.tasks = newTasks } + if render { + self.render() + } + checkIfFinished() + } + + /// Performs an addition to the current tasks. + /// - Parameter delta: The tasks to add to the current tasks. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func add(tasks delta: Int, render: Bool = true) { + state.withLock { + let newTasks = $0.tasks + delta + $0.tasks = newTasks + } + if render { + self.render() + } + } + + /// Sets the total tasks. + /// - Parameter newTotalTasks: The total tasks to set. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func set(totalTasks newTotalTasks: Int, render: Bool = true) { + state.withLock { $0.totalTasks = newTotalTasks } + if render { + self.render() + } + } + + /// Performs an addition to the total tasks. + /// - Parameter delta: The tasks to add to the total tasks. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func add(totalTasks delta: Int, render: Bool = true) { + state.withLock { + let totalTasks = $0.totalTasks ?? 0 + let newTotalTasks = totalTasks + delta + $0.totalTasks = newTotalTasks + } + if render { + self.render() + } + } + + /// Sets the items name. + /// - Parameter newItemsName: The current items to set. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func set(itemsName newItemsName: String, render: Bool = true) { + state.withLock { $0.itemsName = newItemsName } + if render { + self.render() + } + } + + /// Sets the current items. + /// - Parameter newItems: The current items to set. + public func set(items newItems: Int, render: Bool = true) { + state.withLock { $0.items = newItems } + if render { + self.render() + } + } + + /// Performs an addition to the current items. + /// - Parameter delta: The items to add to the current items. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func add(items delta: Int, render: Bool = true) { + state.withLock { + let newItems = $0.items + delta + $0.items = newItems + } + if render { + self.render() + } + } + + /// Sets the total items. + /// - Parameter newTotalItems: The total items to set. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func set(totalItems newTotalItems: Int, render: Bool = true) { + state.withLock { $0.totalItems = newTotalItems } + if render { + self.render() + } + } + + /// Performs an addition to the total items. + /// - Parameter delta: The items to add to the total items. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func add(totalItems delta: Int, render: Bool = true) { + state.withLock { + let totalItems = $0.totalItems ?? 0 + let newTotalItems = totalItems + delta + $0.totalItems = newTotalItems + } + if render { + self.render() + } + } + + /// Sets the current size. + /// - Parameter newSize: The current size to set. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func set(size newSize: Int64, render: Bool = true) { + state.withLock { $0.size = newSize } + if render { + self.render() + } + } + + /// Performs an addition to the current size. + /// - Parameter delta: The size to add to the current size. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func add(size delta: Int64, render: Bool = true) { + state.withLock { + let newSize = $0.size + delta + $0.size = newSize + } + if render { + self.render() + } + } + + /// Sets the total size. + /// - Parameter newTotalSize: The total size to set. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func set(totalSize newTotalSize: Int64, render: Bool = true) { + state.withLock { $0.totalSize = newTotalSize } + if render { + self.render() + } + } + + /// Performs an addition to the total size. + /// - Parameter delta: The size to add to the total size. + /// - Parameter render: The flag indicating whether the progress bar has to render after the update. + public func add(totalSize delta: Int64, render: Bool = true) { + state.withLock { + let totalSize = $0.totalSize ?? 0 + let newTotalSize = totalSize + delta + $0.totalSize = newTotalSize + } + if render { + self.render() + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+State.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+State.swift new file mode 100644 index 0000000..0771e79 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+State.swift @@ -0,0 +1,100 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +extension ProgressBar { + /// State for the progress bar. + struct State { + /// A flag indicating whether the progress bar is finished. + var finished = false + var iteration = 0 + private let speedInterval: DispatchTimeInterval = .seconds(1) + + var description: String + var subDescription: String + var itemsName: String + + var tasks: Int + var totalTasks: Int? + + var items: Int + var totalItems: Int? + + private var sizeUpdateTime: DispatchTime? + private var sizeUpdateValue: Int64 = 0 + var size: Int64 { + didSet { + calculateSizeSpeed() + } + } + + var totalSize: Int64? + private var sizeUpdateSpeed: String? + var sizeSpeed: String? { + guard sizeUpdateTime == nil || sizeUpdateTime! > .now() - speedInterval - speedInterval else { + return Int64(0).formattedSizeSpeed(from: startTime) + } + return sizeUpdateSpeed + } + var averageSizeSpeed: String { + size.formattedSizeSpeed(from: startTime) + } + + var percent: String { + var value = 0 + if let totalSize, totalSize > 0 { + value = Int(size * 100 / totalSize) + } else if let totalItems, totalItems > 0 { + value = Int(items * 100 / totalItems) + } + value = min(value, 100) + return "\(value)%" + } + + var startTime: DispatchTime + var output = "" + var renderTask: Task? + + init( + description: String = "", subDescription: String = "", itemsName: String = "", tasks: Int = 0, totalTasks: Int? = nil, items: Int = 0, totalItems: Int? = nil, + size: Int64 = 0, totalSize: Int64? = nil, startTime: DispatchTime = .now() + ) { + self.description = description + self.subDescription = subDescription + self.itemsName = itemsName + self.tasks = tasks + self.totalTasks = totalTasks + self.items = items + self.totalItems = totalItems + self.size = size + self.totalSize = totalSize + self.startTime = startTime + } + + private mutating func calculateSizeSpeed() { + if sizeUpdateTime == nil || sizeUpdateTime! < .now() - speedInterval { + let partSize = size - sizeUpdateValue + let partStartTime = sizeUpdateTime ?? startTime + let partSizeSpeed = partSize.formattedSizeSpeed(from: partStartTime) + self.sizeUpdateSpeed = partSizeSpeed + + sizeUpdateTime = .now() + sizeUpdateValue = size + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+Terminal.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+Terminal.swift new file mode 100644 index 0000000..ce84cc5 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressBar+Terminal.swift @@ -0,0 +1,95 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ContainerizationOS +import Foundation + +enum EscapeSequence { + static let hideCursor = "\u{001B}[?25l" + static let showCursor = "\u{001B}[?25h" + static let moveUp = "\u{001B}[1A" + static let clearToEndOfLine = "\u{001B}[K" +} + +extension ProgressBar { + var termWidth: Int { + guard + let terminalHandle = term, + let terminal = try? Terminal(descriptor: terminalHandle.fileDescriptor) + else { + return 0 + } + + return (try? Int(terminal.size.width)) ?? 0 + } + + /// Clears the progress bar and resets the cursor. + public func clearAndResetCursor() { + state.withLock { s in + clear(state: &s) + resetCursor() + } + } + + /// Clears the progress bar. + public func clear() { + state.withLock { s in + clear(state: &s) + } + } + + /// Clears the progress bar (caller must hold state lock). + func clear(state: inout State) { + displayText("", state: &state) + } + + /// Resets the cursor. + public func resetCursor() { + display(EscapeSequence.showCursor) + } + + func display(_ text: String) { + guard let term else { + return + } + termQueue.sync { + try? term.write(contentsOf: Data(text.utf8)) + try? term.synchronize() + } + } + + func displayText(_ text: String, terminating: String = "\r") { + state.withLock { s in + displayText(text, state: &s, terminating: terminating) + } + } + + func displayText(_ text: String, state: inout State, terminating: String = "\r") { + state.output = text + + // Clears previously printed lines. + var lines = "" + if terminating.hasSuffix("\r") && termWidth > 0 { + let lineCount = (text.count - 1) / termWidth + for _ in 0.. + let term: FileHandle? + let termQueue = DispatchQueue(label: "com.apple.container.ProgressBar") + + /// Returns `true` if the progress bar has finished. + public var isFinished: Bool { + state.withLock { $0.finished } + } + + /// Creates a new progress bar. + /// - Parameter config: The configuration for the progress bar. + public init(config: ProgressConfig) { + self.config = config + term = isatty(config.terminal.fileDescriptor) == 1 ? config.terminal : nil + let state = State( + description: config.initialDescription, itemsName: config.initialItemsName, totalTasks: config.initialTotalTasks, + totalItems: config.initialTotalItems, + totalSize: config.initialTotalSize) + self.state = Mutex(state) + display(EscapeSequence.hideCursor) + } + + /// Allows resetting the progress state. + public func reset() { + state.withLock { + $0 = State(description: config.initialDescription) + } + } + + /// Allows resetting the progress state of the current task. + public func resetCurrentTask() { + state.withLock { + $0 = State(description: $0.description, itemsName: $0.itemsName, tasks: $0.tasks, totalTasks: $0.totalTasks, startTime: $0.startTime) + } + } + + /// Updates the description of the progress bar and increments the tasks by one. + /// - Parameter description: The description of the action being performed. + public func set(description: String) { + resetCurrentTask() + + state.withLock { + $0.description = description + $0.subDescription = "" + $0.tasks += 1 + } + } + + /// Updates the additional description of the progress bar. + /// - Parameter subDescription: The additional description of the action being performed. + public func set(subDescription: String) { + resetCurrentTask() + + state.withLock { $0.subDescription = subDescription } + } + + private func start(intervalSeconds: TimeInterval) async { + while true { + let done = state.withLock { s -> Bool in + guard !s.finished else { + return true + } + render(state: &s) + s.iteration += 1 + return false + } + + if done { + return + } + + let intervalNanoseconds = UInt64(intervalSeconds * 1_000_000_000) + guard (try? await Task.sleep(nanoseconds: intervalNanoseconds)) != nil else { + return + } + } + } + + /// Starts an animation of the progress bar. + /// - Parameter intervalSeconds: The time interval between updates in seconds. + public func start(intervalSeconds: TimeInterval = 0.04) { + state.withLock { + if $0.renderTask != nil { + return + } + $0.renderTask = Task(priority: .utility) { + await start(intervalSeconds: intervalSeconds) + } + } + } + + /// Finishes the progress bar. + /// - Parameter clearScreen: If true, clears the progress bar from the screen. + public func finish(clearScreen: Bool = false) { + state.withLock { s in + guard !s.finished else { return } + + s.finished = true + s.renderTask?.cancel() + + let shouldClear = clearScreen || config.clearOnFinish + if !config.disableProgressUpdates && !shouldClear { + let output = draw(state: s) + displayText(output, state: &s, terminating: "\n") + } + + if shouldClear { + clear(state: &s) + } + resetCursor() + } + } +} + +extension ProgressBar { + private func secondsSinceStart(from startTime: DispatchTime) -> Int { + let timeDifferenceNanoseconds = DispatchTime.now().uptimeNanoseconds - startTime.uptimeNanoseconds + let timeDifferenceSeconds = Int(floor(Double(timeDifferenceNanoseconds) / 1_000_000_000)) + return timeDifferenceSeconds + } + + func render(force: Bool = false) { + guard term != nil && !config.disableProgressUpdates else { + return + } + state.withLock { s in + render(state: &s, force: force) + } + } + + func render(state: inout State, force: Bool = false) { + guard term != nil && !config.disableProgressUpdates else { + return + } + guard force || !state.finished else { + return + } + let output = draw(state: state) + displayText(output, state: &state) + } + + /// Detail levels for progressive truncation. + enum DetailLevel: Int, CaseIterable { + case full = 0 // Everything shown + case noSpeed // Drop speed from parens + case noSize // Drop size from parens + case noParens // Drop parens entirely (items, size, speed) + case noTime // Drop time + case noDescription // Drop description/subdescription + case minimal // Just spinner, tasks, percent + } + + func draw(state: State) -> String { + let width = termWidth + // If no terminal or width unknown, use full detail + guard width > 0 else { + return draw(state: state, detail: .full) + } + + // Add a small buffer to prevent wrapping issues during resize + let bufferChars = 4 + let targetWidth = max(1, width - bufferChars) + + for detail in DetailLevel.allCases { + let output = draw(state: state, detail: detail) + if output.count <= targetWidth { + return output + } + } + + return draw(state: state, detail: .minimal) + } + + func draw(state: State, detail: DetailLevel) -> String { + var components = [String]() + + // Spinner - always shown if configured (unless using progress bar) + if config.showSpinner && !config.showProgressBar { + if !state.finished { + let spinnerIcon = config.theme.getSpinnerIcon(state.iteration) + components.append("\(spinnerIcon)") + } else { + components.append("\(config.theme.done)") + } + } + + // Tasks [x/y] - always shown if configured + if config.showTasks, let totalTasks = state.totalTasks { + let tasks = min(state.tasks, totalTasks) + components.append("[\(tasks)/\(totalTasks)]") + } + + // Description - dropped at noDescription level + if detail.rawValue < DetailLevel.noDescription.rawValue { + if config.showDescription && !state.description.isEmpty { + components.append("\(state.description)") + if !state.subDescription.isEmpty { + components.append("\(state.subDescription)") + } + } + } + + let allowProgress = !config.ignoreSmallSize || state.totalSize == nil || state.totalSize! > Int64(1024 * 1024) + let value = state.totalSize != nil ? state.size : Int64(state.items) + let total = state.totalSize ?? Int64(state.totalItems ?? 0) + + // Percent - always shown if configured + if config.showPercent && total > 0 && allowProgress { + components.append("\(state.finished ? "100%" : state.percent)") + } + + // Progress bar - always shown if configured + if config.showProgressBar, total > 0, allowProgress { + let usedWidth = components.joined(separator: " ").count + 45 + let remainingWidth = max(config.width - usedWidth, 1) + let barLength = state.finished ? remainingWidth : Int(Int64(remainingWidth) * value / total) + let barPaddingLength = remainingWidth - barLength + let bar = "\(String(repeating: config.theme.bar, count: barLength))\(String(repeating: " ", count: barPaddingLength))" + components.append("|\(bar)|") + } + + // Additional components in parens - progressively dropped + if detail.rawValue < DetailLevel.noParens.rawValue { + var additionalComponents = [String]() + + // Items - dropped at noParens level + if config.showItems, state.items > 0 { + var itemsName = "" + if !state.itemsName.isEmpty { + itemsName = " \(state.itemsName)" + } + if state.finished { + if let totalItems = state.totalItems { + additionalComponents.append("\(totalItems.formattedNumber())\(itemsName)") + } + } else { + if let totalItems = state.totalItems { + additionalComponents.append("\(state.items.formattedNumber()) of \(totalItems.formattedNumber())\(itemsName)") + } else { + additionalComponents.append("\(state.items.formattedNumber())\(itemsName)") + } + } + } + + // Size and speed - progressively dropped + if state.size > 0 && allowProgress { + if state.finished { + // Size - dropped at noSize level + if detail.rawValue < DetailLevel.noSize.rawValue { + if config.showSize { + if let totalSize = state.totalSize { + var formattedTotalSize = totalSize.formattedSize() + formattedTotalSize = adjustFormattedSize(formattedTotalSize) + additionalComponents.append(formattedTotalSize) + } + } + } + } else { + // Size - dropped at noSize level + var formattedCombinedSize = "" + if detail.rawValue < DetailLevel.noSize.rawValue && config.showSize { + var formattedSize = state.size.formattedSize() + formattedSize = adjustFormattedSize(formattedSize) + if let totalSize = state.totalSize { + var formattedTotalSize = totalSize.formattedSize() + formattedTotalSize = adjustFormattedSize(formattedTotalSize) + formattedCombinedSize = combineSize(size: formattedSize, totalSize: formattedTotalSize) + } else { + formattedCombinedSize = formattedSize + } + } + + // Speed - dropped at noSpeed level + var formattedSpeed = "" + if detail.rawValue < DetailLevel.noSpeed.rawValue && config.showSpeed { + formattedSpeed = "\(state.sizeSpeed ?? state.averageSizeSpeed)" + formattedSpeed = adjustFormattedSize(formattedSpeed) + } + + if !formattedCombinedSize.isEmpty && !formattedSpeed.isEmpty { + additionalComponents.append(formattedCombinedSize) + additionalComponents.append(formattedSpeed) + } else if !formattedCombinedSize.isEmpty { + additionalComponents.append(formattedCombinedSize) + } else if !formattedSpeed.isEmpty { + additionalComponents.append(formattedSpeed) + } + } + } + + if additionalComponents.count > 0 { + let joinedAdditionalComponents = additionalComponents.joined(separator: ", ") + components.append("(\(joinedAdditionalComponents))") + } + } + + // Time - dropped at noTime level + if detail.rawValue < DetailLevel.noTime.rawValue && config.showTime { + let timeDifferenceSeconds = secondsSinceStart(from: state.startTime) + let formattedTime = timeDifferenceSeconds.formattedTime() + components.append("[\(formattedTime)]") + } + + return components.joined(separator: " ") + } + + private func adjustFormattedSize(_ size: String) -> String { + // Ensure we always have one digit after the decimal point to prevent flickering. + let zero = Int64(0).formattedSize() + let decimalSep = Locale.current.decimalSeparator ?? "." + guard !size.contains(decimalSep), let first = size.first, first.isNumber || !size.contains(zero) else { + return size + } + var size = size + for unit in ["MB", "GB", "TB"] { + size = size.replacingOccurrences(of: " \(unit)", with: "\(decimalSep)0 \(unit)") + } + return size + } + + private func combineSize(size: String, totalSize: String) -> String { + let sizeComponents = size.split(separator: " ", maxSplits: 1) + let totalSizeComponents = totalSize.split(separator: " ", maxSplits: 1) + guard sizeComponents.count == 2, totalSizeComponents.count == 2 else { + return "\(size)/\(totalSize)" + } + let sizeNumber = sizeComponents[0] + let sizeUnit = sizeComponents[1] + let totalSizeNumber = totalSizeComponents[0] + let totalSizeUnit = totalSizeComponents[1] + guard sizeUnit == totalSizeUnit else { + return "\(size)/\(totalSize)" + } + return "\(sizeNumber)/\(totalSizeNumber) \(totalSizeUnit)" + } + + func draw() -> String { + state.withLock { draw(state: $0) } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressConfig.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressConfig.swift new file mode 100644 index 0000000..5579ef1 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressConfig.swift @@ -0,0 +1,170 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// A configuration for displaying a progress bar. +public struct ProgressConfig: Sendable { + /// The file handle for progress updates. + let terminal: FileHandle + /// The initial description of the progress bar. + let initialDescription: String + /// The initial additional description of the progress bar. + let initialSubDescription: String + /// The initial items name (e.g., "files"). + let initialItemsName: String + /// A flag indicating whether to show a spinner (e.g., "⠋"). + /// The spinner is hidden when a progress bar is shown. + public let showSpinner: Bool + /// A flag indicating whether to show tasks and total tasks (e.g., "[1]" or "[1/3]"). + public let showTasks: Bool + /// A flag indicating whether to show the description (e.g., "Downloading..."). + public let showDescription: Bool + /// A flag indicating whether to show a percentage (e.g., "100%"). + /// The percentage is hidden when no total size and total items are set. + public let showPercent: Bool + /// A flag indicating whether to show a progress bar (e.g., "|███ |"). + /// The progress bar is hidden when no total size and total items are set. + public let showProgressBar: Bool + /// A flag indicating whether to show items and total items (e.g., "(22 it)" or "(22/22 it)"). + public let showItems: Bool + /// A flag indicating whether to show a size and a total size (e.g., "(22 MB)" or "(22/22 MB)"). + public let showSize: Bool + /// A flag indicating whether to show a speed (e.g., "(4.834 MB/s)"). + /// The speed is combined with the size and total size (e.g., "(22/22 MB, 4.834 MB/s)"). + /// The speed is hidden when no total size is set. + public let showSpeed: Bool + /// A flag indicating whether to show the elapsed time (e.g., "[4s]"). + public let showTime: Bool + /// The flag indicating whether to ignore small size values (less than 1 MB). For example, this may help to avoid reaching 100% after downloading metadata before downloading content. + public let ignoreSmallSize: Bool + /// The initial total tasks of the progress bar. + let initialTotalTasks: Int? + /// The initial total size of the progress bar. + let initialTotalSize: Int64? + /// The initial total items of the progress bar. + let initialTotalItems: Int? + /// The width of the progress bar in characters. + public let width: Int + /// The theme of the progress bar. + public let theme: ProgressTheme + /// The flag indicating whether to clear the progress bar before resetting the cursor. + public let clearOnFinish: Bool + /// The flag indicating whether to update the progress bar. + public let disableProgressUpdates: Bool + /// Creates a new instance of `ProgressConfig`. + /// - Parameters: + /// - terminal: The file handle for progress updates. The default value is `FileHandle.standardError`. + /// - description: The initial description of the progress bar. The default value is `""`. + /// - subDescription: The initial additional description of the progress bar. The default value is `""`. + /// - itemsName: The initial items name. The default value is `"it"`. + /// - showSpinner: A flag indicating whether to show a spinner. The default value is `true`. + /// - showTasks: A flag indicating whether to show tasks and total tasks. The default value is `false`. + /// - showDescription: A flag indicating whether to show the description. The default value is `true`. + /// - showPercent: A flag indicating whether to show a percentage. The default value is `true`. + /// - showProgressBar: A flag indicating whether to show a progress bar. The default value is `false`. + /// - showItems: A flag indicating whether to show items and a total items. The default value is `false`. + /// - showSize: A flag indicating whether to show a size and a total size. The default value is `true`. + /// - showSpeed: A flag indicating whether to show a speed. The default value is `true`. + /// - showTime: A flag indicating whether to show the elapsed time. The default value is `true`. + /// - ignoreSmallSize: A flag indicating whether to ignore small size values. The default value is `false`. + /// - totalTasks: The initial total tasks of the progress bar. The default value is `nil`. + /// - totalItems: The initial total items of the progress bar. The default value is `nil`. + /// - totalSize: The initial total size of the progress bar. The default value is `nil`. + /// - width: The width of the progress bar in characters. The default value is `120`. + /// - theme: The theme of the progress bar. The default value is `nil`. + /// - clearOnFinish: The flag indicating whether to clear the progress bar before resetting the cursor. The default is `true`. + /// - disableProgressUpdates: The flag indicating whether to update the progress bar. The default is `false`. + public init( + terminal: FileHandle = .standardError, + description: String = "", + subDescription: String = "", + itemsName: String = "it", + showSpinner: Bool = true, + showTasks: Bool = false, + showDescription: Bool = true, + showPercent: Bool = true, + showProgressBar: Bool = false, + showItems: Bool = false, + showSize: Bool = true, + showSpeed: Bool = true, + showTime: Bool = true, + ignoreSmallSize: Bool = false, + totalTasks: Int? = nil, + totalItems: Int? = nil, + totalSize: Int64? = nil, + width: Int = 120, + theme: ProgressTheme? = nil, + clearOnFinish: Bool = true, + disableProgressUpdates: Bool = false + ) throws { + if let totalTasks { + guard totalTasks > 0 else { + throw Error.invalid("totalTasks must be greater than zero") + } + } + if let totalItems { + guard totalItems > 0 else { + throw Error.invalid("totalItems must be greater than zero") + } + } + if let totalSize { + guard totalSize > 0 else { + throw Error.invalid("totalSize must be greater than zero") + } + } + + self.terminal = terminal + self.initialDescription = description + self.initialSubDescription = subDescription + self.initialItemsName = itemsName + + self.showSpinner = showSpinner + self.showTasks = showTasks + self.showDescription = showDescription + self.showPercent = showPercent + self.showProgressBar = showProgressBar + self.showItems = showItems + self.showSize = showSize + self.showSpeed = showSpeed + self.showTime = showTime + + self.ignoreSmallSize = ignoreSmallSize + self.initialTotalTasks = totalTasks + self.initialTotalItems = totalItems + self.initialTotalSize = totalSize + + self.width = width + self.theme = theme ?? DefaultProgressTheme() + self.clearOnFinish = clearOnFinish + self.disableProgressUpdates = disableProgressUpdates + } +} + +extension ProgressConfig { + /// An enumeration of errors that can occur when creating a `ProgressConfig`. + public enum Error: Swift.Error, CustomStringConvertible { + case invalid(String) + + /// The description of the error. + public var description: String { + switch self { + case .invalid(let reason): + return "failed to validate config (\(reason))" + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressTaskCoordinator.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressTaskCoordinator.swift new file mode 100644 index 0000000..ae09ca7 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressTaskCoordinator.swift @@ -0,0 +1,72 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +/// A type that represents a task whose progress is being monitored. +public struct ProgressTask: Sendable, Equatable { + private var id = UUID() + private var coordinator: ProgressTaskCoordinator + + init(manager: ProgressTaskCoordinator) { + self.coordinator = manager + } + + static public func == (lhs: ProgressTask, rhs: ProgressTask) -> Bool { + lhs.id == rhs.id + } + + /// Returns `true` if this task is the currently active task, `false` otherwise. + public func isCurrent() async -> Bool { + guard let currentTask = await coordinator.currentTask else { + return false + } + return currentTask == self + } +} + +/// A type that coordinates progress tasks to ignore updates from completed tasks. +public actor ProgressTaskCoordinator { + var currentTask: ProgressTask? + + /// Creates an instance of `ProgressTaskCoordinator`. + public init() {} + + /// Returns a new task that should be monitored for progress updates. + public func startTask() -> ProgressTask { + let newTask = ProgressTask(manager: self) + currentTask = newTask + return newTask + } + + /// Performs cleanup when the monitored tasks complete. + public func finish() { + currentTask = nil + } + + /// Returns a handler that updates the progress of a given task. + /// - Parameters: + /// - task: The task whose progress is being updated. + /// - progressUpdate: The handler to invoke when progress updates are received. + public static func handler(for task: ProgressTask, from progressUpdate: @escaping ProgressUpdateHandler) -> ProgressUpdateHandler { + { events in + // Ignore updates from completed tasks. + if await task.isCurrent() { + await progressUpdate(events) + } + } + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressTheme.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressTheme.swift new file mode 100644 index 0000000..44b5bc3 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressTheme.swift @@ -0,0 +1,37 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// A theme for progress bar. +public protocol ProgressTheme: Sendable { + /// The icons used to represent a spinner. + var spinner: [String] { get } + /// The icon used to represent a progress bar. + var bar: String { get } + /// The icon used to indicate that a progress bar finished. + var done: String { get } +} + +public struct DefaultProgressTheme: ProgressTheme { + public let spinner = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"] + public let bar = "█" + public let done = "✔" +} + +extension ProgressTheme { + func getSpinnerIcon(_ iteration: Int) -> String { + spinner[iteration % spinner.count] + } +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressUpdate.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressUpdate.swift new file mode 100644 index 0000000..cf92db4 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/ProgressUpdate.swift @@ -0,0 +1,41 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +public enum ProgressUpdateEvent: Sendable { + case setDescription(String) + case setSubDescription(String) + case setItemsName(String) + case addTasks(Int) + case setTasks(Int) + case addTotalTasks(Int) + case setTotalTasks(Int) + case addItems(Int) + case setItems(Int) + case addTotalItems(Int) + case setTotalItems(Int) + case addSize(Int64) + case setSize(Int64) + case addTotalSize(Int64) + case setTotalSize(Int64) + case custom(String) +} + +public typealias ProgressUpdateHandler = @Sendable (_ events: [ProgressUpdateEvent]) async -> Void + +public protocol ProgressAdapter { + associatedtype T + static func handler(from progressUpdate: ProgressUpdateHandler?) -> (@Sendable ([T]) async -> Void)? +} diff --git a/examples/sandboxy/Sources/sandboxy/TerminalProgress/StandardError.swift b/examples/sandboxy/Sources/sandboxy/TerminalProgress/StandardError.swift new file mode 100644 index 0000000..9295f86 --- /dev/null +++ b/examples/sandboxy/Sources/sandboxy/TerminalProgress/StandardError.swift @@ -0,0 +1,25 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import Foundation + +struct StandardError { + func write(_ string: String) { + if let data = string.data(using: .utf8) { + FileHandle.standardError.write(data) + } + } +} diff --git a/examples/sandboxy/sandboxy.entitlements b/examples/sandboxy/sandboxy.entitlements new file mode 100644 index 0000000..d7d0d6e --- /dev/null +++ b/examples/sandboxy/sandboxy.entitlements @@ -0,0 +1,8 @@ + + + + + com.apple.security.virtualization + + + diff --git a/images/linux-dev/Dockerfile b/images/linux-dev/Dockerfile new file mode 100644 index 0000000..8d3a8f3 --- /dev/null +++ b/images/linux-dev/Dockerfile @@ -0,0 +1,132 @@ +# Copyright © 2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG SWIFT_VERSION=6.3 +FROM swift:${SWIFT_VERSION}-noble + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + make \ + libarchive-dev \ + libbz2-dev \ + liblzma-dev \ + libssl-dev \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ARG SWIFT_SDK_URL +ARG SWIFT_SDK_CHECKSUM +RUN if [ -n "$SWIFT_SDK_URL" ]; then \ + swift sdk install "$SWIFT_SDK_URL" --checksum "$SWIFT_SDK_CHECKSUM"; \ + fi + +# x86_64 cross-build tooling +# --- +# Used by `make dist-x86_64` to produce a Linux x86_64 deployment +# tarball from this aarch64 dev container. Adds: Zig (used as a +# clang-based cross C/C++ compiler — its bundled musl + LLVM lets us +# target x86_64-linux-musl from any host arch), wrapper scripts that +# look like a standard `x86_64-linux-musl-*` toolchain so autotools' +# `--host=x86_64-linux-musl` works, parallel `x86_64-linux-gnu-*` +# wrappers pinned at glibc 2.35 for virtiofsd's dynamic build, +# Rust stable + both x86_64-unknown-linux-{musl,gnu} targets, +# autotools/gperf, static-musl builds of zlib, xz, bzip2, libarchive, +# libcap-ng, and libseccomp at /opt/cross-x86_64-musl, and +# glibc-dynamic builds of libcap-ng and libseccomp at +# /opt/cross-x86_64-gnu. + +# Build deps for static-musl C libraries. +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + autoconf \ + automake \ + libtool \ + gperf \ + curl \ + ca-certificates \ + xz-utils \ + build-essential \ + pkg-config \ + lld \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Zig (cross compiler). Pin to a specific release; bump as needed. +# Zig provides clang-based `zig cc -target ...` plus `zig ar`, `zig +# ranlib`, etc., bundled with musl libc — no need for a separate +# arch-specific gcc cross toolchain. +# +# The SHA256 is captured from the upstream release index +# (https://ziglang.org/download/) and verified before extraction so a +# tampered tarball can't poison the dev image. +ARG ZIG_VERSION=0.13.0 +ARG ZIG_AARCH64_SHA256=041ac42323837eb5624068acd8b00cd5777dac4cf91179e8dad7a7e90dd0c556 +RUN set -eux; \ + curl -fsSL -o /tmp/zig.tar.xz \ + "https://ziglang.org/download/${ZIG_VERSION}/zig-linux-aarch64-${ZIG_VERSION}.tar.xz"; \ + echo "${ZIG_AARCH64_SHA256} /tmp/zig.tar.xz" | sha256sum -c -; \ + tar -xJf /tmp/zig.tar.xz -C /opt; \ + rm /tmp/zig.tar.xz; \ + ln -s "/opt/zig-linux-aarch64-${ZIG_VERSION}" /opt/zig +ENV PATH="/opt/zig:${PATH}" + +# Wrapper scripts that look like conventional cross toolchains — +# `x86_64-linux-musl-{gcc,g++,cc,c++,ar,ranlib,strip}` for the musl +# side (used by cctl, vminitd, cloud-hypervisor) and parallel +# `x86_64-linux-gnu-*` wrappers for virtiofsd's glibc-dynamic build. +# All dispatch to zig under the hood. Lets autotools' +# `--host=x86_64-linux-{musl,gnu}` and cargo's +# CARGO_TARGET_X86_64_UNKNOWN_LINUX_{MUSL,GNU}_LINKER point at these +# names without knowing about Zig. +# +# The C/C++ wrappers filter out `--target=` args that cc-rs +# (used by Rust build scripts like zstd-sys, libseccomp-sys) adds — +# cc-rs emits the Rust-form triple (e.g. x86_64-unknown-linux-musl) +# which Zig refuses to parse, and we always set our own -target. +COPY images/linux-dev/wrappers/ /usr/local/bin/ +RUN chmod +x /usr/local/bin/x86_64-linux-musl-* \ + && ln -s x86_64-linux-musl-gcc /usr/local/bin/x86_64-linux-musl-cc \ + && ln -s x86_64-linux-musl-g++ /usr/local/bin/x86_64-linux-musl-c++ \ + && chmod +x /usr/local/bin/x86_64-linux-gnu-* \ + && ln -s x86_64-linux-gnu-gcc /usr/local/bin/x86_64-linux-gnu-cc \ + && ln -s x86_64-linux-gnu-g++ /usr/local/bin/x86_64-linux-gnu-c++ + +# Rust toolchain at the same path the existing build-cloud-hypervisor / +# build-virtiofsd targets expect, with the x86_64-musl cross target +# pre-installed so dist-x86_64 doesn't redo it on every run. Also +# installs cargo-zigbuild — a cargo subcommand that uses Zig as the +# linker and handles the Rust+musl+Zig integration (specifically: it +# strips Rust's self-contained musl crt files so they don't collide +# with Zig's, and wires up libunwind correctly). +RUN curl --proto '=https' --tlsv1.2 -fsSL https://sh.rustup.rs \ + | sh -s -- -y --default-toolchain stable --profile minimal \ + && /root/.cargo/bin/rustup target add x86_64-unknown-linux-musl \ + && /root/.cargo/bin/rustup target add x86_64-unknown-linux-gnu \ + && /root/.cargo/bin/cargo install --locked cargo-zigbuild +ENV PATH="/root/.cargo/bin:${PATH}" + +# Static-musl C libraries (libarchive + deps for cctl, libcap-ng + +# libseccomp for virtiofsd). Installs to /opt/cross-x86_64-musl; +# build-dist-x86_64.sh adds -L/-I flags pointing at that prefix when +# linking the host-side binaries. +COPY scripts/build-musl-x86_64-deps.sh /tmp/build-musl-x86_64-deps.sh +RUN /tmp/build-musl-x86_64-deps.sh && rm /tmp/build-musl-x86_64-deps.sh + +# Glibc-dynamic C libraries for virtiofsd. virtiofsd ships +# glibc-dynamic in the x86_64 tarball so deployment hosts use their +# system libseccomp.so.2 + libcap-ng.so.0; this prefix only provides +# the link-time .so + headers + pkg-config files. cloud-hypervisor +# and cctl stay musl-static and link against /opt/cross-x86_64-musl/. +COPY scripts/build-glibc-x86_64-deps.sh /tmp/build-glibc-x86_64-deps.sh +RUN /tmp/build-glibc-x86_64-deps.sh && rm /tmp/build-glibc-x86_64-deps.sh diff --git a/images/linux-dev/wrappers/x86_64-linux-gnu-ar b/images/linux-dev/wrappers/x86_64-linux-gnu-ar new file mode 100755 index 0000000..6c3646a --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-gnu-ar @@ -0,0 +1,2 @@ +#!/bin/sh +exec /opt/zig/zig ar "$@" diff --git a/images/linux-dev/wrappers/x86_64-linux-gnu-g++ b/images/linux-dev/wrappers/x86_64-linux-gnu-g++ new file mode 100755 index 0000000..ea64733 --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-gnu-g++ @@ -0,0 +1,24 @@ +#!/bin/bash +# Wrapper that dispatches to `zig c++ -target x86_64-linux-gnu.2.35`. +# Mirrors x86_64-linux-musl-g++ but pins a glibc 2.35 baseline. +# +# See x86_64-linux-gnu-gcc for the rationale behind intercepting +# `-print-prog-name=ld`. +case " $* " in + *" -print-prog-name=ld "*) + echo /usr/local/bin/x86_64-linux-gnu-ld + exit 0 + ;; +esac + +# Filters out `--target=` args that cc-rs adds — cc-rs +# emits the Rust-form triple (x86_64-unknown-linux-gnu) which Zig +# can't parse. We always pass our own -target below. +args=() +for arg in "$@"; do + case "$arg" in + --target=*) ;; + *) args+=("$arg") ;; + esac +done +exec /opt/zig/zig c++ -target x86_64-linux-gnu.2.35 "${args[@]}" diff --git a/images/linux-dev/wrappers/x86_64-linux-gnu-gcc b/images/linux-dev/wrappers/x86_64-linux-gnu-gcc new file mode 100755 index 0000000..59f921e --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-gnu-gcc @@ -0,0 +1,31 @@ +#!/bin/bash +# Wrapper that dispatches to `zig cc -target x86_64-linux-gnu.2.35`. +# Mirrors x86_64-linux-musl-gcc but pins a glibc 2.35 baseline; the +# resulting binaries run on any host with glibc >= 2.35. +# +# Intercepts `-print-prog-name=ld` and returns our cross-ld wrapper — +# libtool uses that query to discover the linker before probing it +# with `-m elf_x86_64` to decide whether shared library builds are +# supported. zig cc passes the query through to the host `/usr/bin/ld`, +# which is aarch64-only and rejects the x86_64 emulation mode, causing +# libtool to silently disable shared-lib emission. Pointing libtool at +# our ld.lld-backed wrapper makes the probe succeed. +case " $* " in + *" -print-prog-name=ld "*) + echo /usr/local/bin/x86_64-linux-gnu-ld + exit 0 + ;; +esac + +# Filters out `--target=` args that cc-rs (Rust build +# scripts like libseccomp-sys, capng-sys) adds — cc-rs emits the +# Rust-form triple (x86_64-unknown-linux-gnu) which Zig can't parse. +# We always pass our own -target below, so cc-rs's is redundant. +args=() +for arg in "$@"; do + case "$arg" in + --target=*) ;; + *) args+=("$arg") ;; + esac +done +exec /opt/zig/zig cc -target x86_64-linux-gnu.2.35 "${args[@]}" diff --git a/images/linux-dev/wrappers/x86_64-linux-gnu-ld b/images/linux-dev/wrappers/x86_64-linux-gnu-ld new file mode 100755 index 0000000..15daeca --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-gnu-ld @@ -0,0 +1,9 @@ +#!/bin/sh +# Wrapper that points the autotools / libtool linker probe at +# LLVM's lld, which can produce x86_64 ELF output on an aarch64 +# host. The system `/usr/bin/ld` on the dev image is aarch64-only +# and rejects `-m elf_x86_64`, causing libtool to silently disable +# shared-library builds. libtool searches PATH for `-ld` +# before falling back to plain `ld`; this wrapper satisfies the +# search and unblocks shared-lib emission. +exec ld.lld "$@" diff --git a/images/linux-dev/wrappers/x86_64-linux-gnu-ranlib b/images/linux-dev/wrappers/x86_64-linux-gnu-ranlib new file mode 100755 index 0000000..5118caa --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-gnu-ranlib @@ -0,0 +1,2 @@ +#!/bin/sh +exec /opt/zig/zig ranlib "$@" diff --git a/images/linux-dev/wrappers/x86_64-linux-gnu-strip b/images/linux-dev/wrappers/x86_64-linux-gnu-strip new file mode 100755 index 0000000..052a9b9 --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-gnu-strip @@ -0,0 +1,2 @@ +#!/bin/sh +exec /opt/zig/zig strip "$@" diff --git a/images/linux-dev/wrappers/x86_64-linux-musl-ar b/images/linux-dev/wrappers/x86_64-linux-musl-ar new file mode 100755 index 0000000..6c3646a --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-musl-ar @@ -0,0 +1,2 @@ +#!/bin/sh +exec /opt/zig/zig ar "$@" diff --git a/images/linux-dev/wrappers/x86_64-linux-musl-g++ b/images/linux-dev/wrappers/x86_64-linux-musl-g++ new file mode 100755 index 0000000..57b7ee3 --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-musl-g++ @@ -0,0 +1,14 @@ +#!/bin/bash +# Wrapper that dispatches to `zig c++ -target x86_64-linux-musl`. +# Filters out `--target=` args that cc-rs (Rust build +# scripts) adds — cc-rs emits the Rust-form triple +# (x86_64-unknown-linux-musl) which Zig can't parse. We always pass +# our own -target below, so cc-rs's is redundant. +args=() +for arg in "$@"; do + case "$arg" in + --target=*) ;; + *) args+=("$arg") ;; + esac +done +exec /opt/zig/zig c++ -target x86_64-linux-musl "${args[@]}" diff --git a/images/linux-dev/wrappers/x86_64-linux-musl-gcc b/images/linux-dev/wrappers/x86_64-linux-musl-gcc new file mode 100755 index 0000000..fd43c98 --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-musl-gcc @@ -0,0 +1,14 @@ +#!/bin/bash +# Wrapper that dispatches to `zig cc -target x86_64-linux-musl`. +# Filters out `--target=` args that cc-rs (Rust build +# scripts like zstd-sys) adds — cc-rs emits the Rust-form triple +# (x86_64-unknown-linux-musl) which Zig can't parse. We always pass +# our own -target below, so cc-rs's is redundant. +args=() +for arg in "$@"; do + case "$arg" in + --target=*) ;; + *) args+=("$arg") ;; + esac +done +exec /opt/zig/zig cc -target x86_64-linux-musl "${args[@]}" diff --git a/images/linux-dev/wrappers/x86_64-linux-musl-ranlib b/images/linux-dev/wrappers/x86_64-linux-musl-ranlib new file mode 100755 index 0000000..5118caa --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-musl-ranlib @@ -0,0 +1,2 @@ +#!/bin/sh +exec /opt/zig/zig ranlib "$@" diff --git a/images/linux-dev/wrappers/x86_64-linux-musl-strip b/images/linux-dev/wrappers/x86_64-linux-musl-strip new file mode 100755 index 0000000..052a9b9 --- /dev/null +++ b/images/linux-dev/wrappers/x86_64-linux-musl-strip @@ -0,0 +1,2 @@ +#!/bin/sh +exec /opt/zig/zig strip "$@" diff --git a/kernel/Makefile b/kernel/Makefile new file mode 100644 index 0000000..bc955b1 --- /dev/null +++ b/kernel/Makefile @@ -0,0 +1,74 @@ +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +KSOURCE ?= https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.18.5.tar.xz +KIMAGE ?= kernel-build:0.1 +MAKEFILE_DIR := $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))) +GIT_VERSION := $(shell git -C $(MAKEFILE_DIR) rev-parse --short=12 HEAD 2>/dev/null || echo unknown) +TARGET_ARCH ?= + +# Resolve the effective target arch (TARGET_ARCH override, else host). +EFFECTIVE_ARCH := $(if $(TARGET_ARCH),$(TARGET_ARCH),$(shell uname -m)) +ifneq (,$(filter $(EFFECTIVE_ARCH),aarch64)) +EFFECTIVE_ARCH := arm64 +endif +ifneq (,$(filter $(EFFECTIVE_ARCH),amd64)) +EFFECTIVE_ARCH := x86_64 +endif + +# Compressed (vmlinuz) for x86_64 bzImage; uncompressed (vmlinux) for arm64 Image. +ifeq ($(EFFECTIVE_ARCH),x86_64) +KERNEL_OUTPUT := vmlinuz-x86_64 +else +KERNEL_OUTPUT := vmlinux-arm64 +endif + +BIN_DIR := $(abspath $(MAKEFILE_DIR)/../bin) + +.DEFAULT_GOAL := all + +.PHONY: all +all: kernel-build-image +all: kernel-build +all: kernel-install + +.PHONY: kernel-build-image +kernel-build-image: + container build $(MAKEFILE_DIR)/image -f $(MAKEFILE_DIR)/image/Dockerfile -t ${KIMAGE} + +.PHONY: kernel-build +kernel-build: +ifeq (,$(wildcard $(MAKEFILE_DIR)/source.tar.xz)) + curl -SsL -o $(MAKEFILE_DIR)/source.tar.xz ${KSOURCE} +endif + container run \ + --cpus 8 \ + --rm \ + --memory 16g \ + -v $(MAKEFILE_DIR):/kernel \ + --env LOCALVERSION=-cz-${GIT_VERSION} \ + $(if $(TARGET_ARCH),--env TARGET_ARCH=$(TARGET_ARCH),) \ + --cwd /kernel \ + ${KIMAGE} \ + /bin/bash -c "./build.sh" + +.PHONY: kernel-install +kernel-install: + @mkdir -p $(BIN_DIR) + @cp -L $(MAKEFILE_DIR)/$(KERNEL_OUTPUT) $(BIN_DIR)/$(KERNEL_OUTPUT) + @echo "Installed $(KERNEL_OUTPUT) -> $(BIN_DIR)/$(KERNEL_OUTPUT)" + +.PHONY: x86_64 +x86_64: + $(MAKE) all TARGET_ARCH=x86_64 diff --git a/kernel/README.md b/kernel/README.md new file mode 100644 index 0000000..797aa4f --- /dev/null +++ b/kernel/README.md @@ -0,0 +1,24 @@ +# Containerization Kernel Configuration + +This directory includes an optimized kernel configuration to produce a fast and lightweight kernel for container use. + +- `config-arm64` and `config-x86_64` include the per-arch kernel `CONFIG_` options. +- `Makefile` includes the kernel version and source package URL. +- `build.sh` scripts the kernel build process. +- `image/` includes the configuration for an image with build tooling. + +## Building + +1. The build process relies on having the `container` tool installed (https://github.com/apple/container/releases). +2. Run `make`. This should create the image used for building the resulting Linux kernel, and then run a container with that image to perform the kernel build. + +### Target architecture + +The build target is selected by the `TARGET_ARCH` make variable, which accepts either `arm64` or `x86_64`. When unset, it falls back to the build host's architecture (as reported by `uname -m`, with `aarch64`/`amd64` normalized to `arm64`/`x86_64`). + +- `make` (default) → builds for the host arch +- `make TARGET_ARCH=arm64` → `vmlinux-arm64` (uncompressed `Image`) +- `make TARGET_ARCH=x86_64` → `vmlinuz-x86_64` (compressed `bzImage`, cross-compiled inside the arm64 container) +- `make x86_64` → convenience alias for `make TARGET_ARCH=x86_64` + +The `z` suffix on the x86 name follows Linux convention for a compressed kernel image. The resulting kernel is copied into the repo's `bin/` directory. diff --git a/kernel/build.sh b/kernel/build.sh new file mode 100755 index 0000000..a338de3 --- /dev/null +++ b/kernel/build.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +TARGET_ARCH="${TARGET_ARCH:-$(uname -m)}" + +case "${TARGET_ARCH}" in + aarch64|arm64) + CONFIG=config-arm64 + KARCH=arm64 + CROSS_COMPILE=aarch64-linux-gnu- + IMAGE_PATH=arch/arm64/boot/Image + OUTPUT_NAME=vmlinux-arm64 + ;; + x86_64|amd64) + CONFIG=config-x86_64 + KARCH=x86_64 + CROSS_COMPILE=x86_64-linux-gnu- + IMAGE_PATH=arch/x86/boot/bzImage + OUTPUT_NAME=vmlinuz-x86_64 + ;; + *) + echo "Unsupported target architecture: ${TARGET_ARCH}" >&2 + exit 1 + ;; +esac + +mkdir -p /kbuild +tar -xf /kernel/source.tar.xz -C /kbuild --strip-components=1 +cp "/kernel/${CONFIG}" /kbuild/.config + +( + cd /kbuild + make ARCH="${KARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig && \ + make ARCH="${KARCH}" CROSS_COMPILE="${CROSS_COMPILE}" -j$((`nproc`-1)) LOCALVERSION="${LOCALVERSION}" && \ + cp "${IMAGE_PATH}" "/kernel/${OUTPUT_NAME}" +) diff --git a/kernel/config-arm64 b/kernel/config-arm64 new file mode 100644 index 0000000..429535b --- /dev/null +++ b/kernel/config-arm64 @@ -0,0 +1,4201 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/arm64 6.1.68 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (containerization) 9.4.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=90400 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23400 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23400 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=0 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="sandbox-vm" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +CONFIG_AUDIT=y +CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_SHOW_LEVEL=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_IRQ_IPI=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set +# end of IRQ subsystem + +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_ARCH_HAS_TICK_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +CONFIG_BPF_SYSCALL=y +# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set +CONFIG_USERMODE_DRIVER=y +CONFIG_BPF_PRELOAD=y +CONFIG_BPF_PRELOAD_UMD=y +# end of BPF subsystem + +CONFIG_PREEMPT_NONE_BUILD=y +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +# CONFIG_PREEMPT_DYNAMIC is not set +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_HAVE_SCHED_AVG_IRQ=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TREE_SRCU=y +CONFIG_TASKS_RCU_GENERIC=y +CONFIG_TASKS_TRACE_RCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=21 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +# CONFIG_PRINTK_INDEX is not set +CONFIG_GENERIC_SCHED_CLOCK=y + +# +# Scheduler features +# +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_NUMA_BALANCING=y +# CONFIG_NUMA_BALANCING_DEFAULT_ENABLED is not set +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set +CONFIG_MEMCG=y +CONFIG_MEMCG_V1=y +CONFIG_MEMCG_KMEM=y +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +CONFIG_RT_GROUP_SCHED=y +CONFIG_CGROUP_PIDS=y +# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_CPUSETS_V1=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y +# CONFIG_CGROUP_MISC is not set +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_SCHED_AUTOGROUP=y +# CONFIG_SYSFS_DEPRECATED is not set +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y +# CONFIG_RD_ZSTD is not set +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_EXPERT=y +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y +CONFIG_RSEQ=y +# CONFIG_DEBUG_RSEQ is not set +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y +CONFIG_GUEST_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +# CONFIG_PROFILING is not set +# end of General setup + +CONFIG_ARM64=y +CONFIG_GCC_SUPPORTS_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_64BIT=y +CONFIG_MMU=y +CONFIG_ARM64_PAGE_SHIFT=12 +CONFIG_ARM64_CONT_PTE_SHIFT=4 +CONFIG_ARM64_CONT_PMD_SHIFT=4 +CONFIG_ARCH_MMAP_RND_BITS_MIN=18 +CONFIG_ARCH_MMAP_RND_BITS_MAX=33 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=11 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_GENERIC_CSUM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y +CONFIG_SMP=y +CONFIG_KERNEL_MODE_NEON=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_ARCH_PROC_KCORE_TEXT=y + +# +# Platform selection +# +# CONFIG_ARCH_ACTIONS is not set +# CONFIG_ARCH_SUNXI is not set +# CONFIG_ARCH_ALPINE is not set +# CONFIG_ARCH_APPLE is not set +# CONFIG_ARCH_BCM is not set +# CONFIG_ARCH_BERLIN is not set +# CONFIG_ARCH_BITMAIN is not set +# CONFIG_ARCH_EXYNOS is not set +# CONFIG_ARCH_SPARX5 is not set +# CONFIG_ARCH_K3 is not set +# CONFIG_ARCH_LG1K is not set +# CONFIG_ARCH_HISI is not set +# CONFIG_ARCH_KEEMBAY is not set +# CONFIG_ARCH_MEDIATEK is not set +# CONFIG_ARCH_MESON is not set +# CONFIG_ARCH_MVEBU is not set +# CONFIG_ARCH_NXP is not set +# CONFIG_ARCH_NPCM is not set +# CONFIG_ARCH_QCOM is not set +# CONFIG_ARCH_REALTEK is not set +# CONFIG_ARCH_RENESAS is not set +# CONFIG_ARCH_ROCKCHIP is not set +# CONFIG_ARCH_SEATTLE is not set +# CONFIG_ARCH_INTEL_SOCFPGA is not set +# CONFIG_ARCH_SYNQUACER is not set +# CONFIG_ARCH_TEGRA is not set +# CONFIG_ARCH_SPRD is not set +# CONFIG_ARCH_THUNDER is not set +# CONFIG_ARCH_THUNDER2 is not set +# CONFIG_ARCH_UNIPHIER is not set +# CONFIG_ARCH_VEXPRESS is not set +# CONFIG_ARCH_VISCONTI is not set +# CONFIG_ARCH_XGENE is not set +# CONFIG_ARCH_ZYNQMP is not set +# end of Platform selection + +# +# Kernel Features +# + +# +# ARM errata workarounds via the alternatives framework +# +CONFIG_AMPERE_ERRATUM_AC03_CPU_38=y +CONFIG_ARM64_WORKAROUND_CLEAN_CACHE=y +CONFIG_ARM64_ERRATUM_826319=y +CONFIG_ARM64_ERRATUM_827319=y +CONFIG_ARM64_ERRATUM_824069=y +CONFIG_ARM64_ERRATUM_819472=y +CONFIG_ARM64_ERRATUM_832075=y +CONFIG_ARM64_ERRATUM_834220=y +CONFIG_ARM64_ERRATUM_843419=y +CONFIG_ARM64_LD_HAS_FIX_ERRATUM_843419=y +CONFIG_ARM64_ERRATUM_1024718=y +CONFIG_ARM64_WORKAROUND_SPECULATIVE_AT=y +CONFIG_ARM64_ERRATUM_1165522=y +CONFIG_ARM64_ERRATUM_1319367=y +CONFIG_ARM64_ERRATUM_1530923=y +CONFIG_ARM64_WORKAROUND_REPEAT_TLBI=y +CONFIG_ARM64_ERRATUM_2441007=y +CONFIG_ARM64_ERRATUM_1286807=y +CONFIG_ARM64_ERRATUM_1463225=y +CONFIG_ARM64_ERRATUM_1542419=y +CONFIG_ARM64_ERRATUM_1508412=y +CONFIG_ARM64_ERRATUM_2051678=y +CONFIG_ARM64_ERRATUM_2077057=y +CONFIG_ARM64_ERRATUM_2658417=y +CONFIG_ARM64_WORKAROUND_TSB_FLUSH_FAILURE=y +CONFIG_ARM64_ERRATUM_2054223=y +CONFIG_ARM64_ERRATUM_2067961=y +CONFIG_ARM64_ERRATUM_2441009=y +CONFIG_ARM64_ERRATUM_2457168=y +CONFIG_ARM64_ERRATUM_2966298=y +CONFIG_CAVIUM_ERRATUM_22375=y +CONFIG_CAVIUM_ERRATUM_23144=y +CONFIG_CAVIUM_ERRATUM_23154=y +CONFIG_CAVIUM_ERRATUM_27456=y +CONFIG_CAVIUM_ERRATUM_30115=y +CONFIG_CAVIUM_TX2_ERRATUM_219=y +CONFIG_FUJITSU_ERRATUM_010001=y +CONFIG_HISILICON_ERRATUM_161600802=y +CONFIG_QCOM_FALKOR_ERRATUM_1003=y +CONFIG_QCOM_FALKOR_ERRATUM_1009=y +CONFIG_QCOM_QDF2400_ERRATUM_0065=y +CONFIG_QCOM_FALKOR_ERRATUM_E1041=y +# CONFIG_NVIDIA_CARMEL_CNP_ERRATUM is not set +CONFIG_SOCIONEXT_SYNQUACER_PREITS=y +# end of ARM errata workarounds via the alternatives framework + +CONFIG_ARM64_4K_PAGES=y +# CONFIG_ARM64_16K_PAGES is not set +# CONFIG_ARM64_64K_PAGES is not set +# CONFIG_ARM64_VA_BITS_39 is not set +CONFIG_ARM64_VA_BITS_48=y +CONFIG_ARM64_VA_BITS=48 +CONFIG_ARM64_PA_BITS_48=y +CONFIG_ARM64_PA_BITS=48 +# CONFIG_CPU_BIG_ENDIAN is not set +CONFIG_CPU_LITTLE_ENDIAN=y +CONFIG_SCHED_MC=y +# CONFIG_SCHED_CLUSTER is not set +CONFIG_SCHED_SMT=y +CONFIG_NR_CPUS=128 +CONFIG_HOTPLUG_CPU=y +CONFIG_NUMA=y +CONFIG_NODES_SHIFT=10 +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_HW_PERF_EVENTS=y +CONFIG_PARAVIRT=y +CONFIG_PARAVIRT_TIME_ACCOUNTING=y +# CONFIG_KEXEC is not set +CONFIG_KEXEC_FILE=y +# CONFIG_KEXEC_SIG is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_TRANS_TABLE=y +# CONFIG_XEN is not set +CONFIG_ARCH_FORCE_MAX_ORDER=11 +CONFIG_UNMAP_KERNEL_AT_EL0=y +CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y +CONFIG_RODATA_FULL_DEFAULT_ENABLED=y +# CONFIG_ARM64_SW_TTBR0_PAN is not set +CONFIG_ARM64_TAGGED_ADDR_ABI=y +# CONFIG_COMPAT is not set + +# +# ARMv8.1 architectural features +# +CONFIG_ARM64_HW_AFDBM=y +CONFIG_ARM64_PAN=y +CONFIG_AS_HAS_LDAPR=y +CONFIG_AS_HAS_LSE_ATOMICS=y +CONFIG_ARM64_LSE_ATOMICS=y +CONFIG_ARM64_USE_LSE_ATOMICS=y +# end of ARMv8.1 architectural features + +# +# ARMv8.2 architectural features +# +CONFIG_AS_HAS_ARMV8_2=y +CONFIG_AS_HAS_SHA3=y +# CONFIG_ARM64_PMEM is not set +CONFIG_ARM64_RAS_EXTN=y +CONFIG_ARM64_CNP=y +# end of ARMv8.2 architectural features + +# +# ARMv8.3 architectural features +# +CONFIG_ARM64_PTR_AUTH=y +CONFIG_ARM64_PTR_AUTH_KERNEL=y +CONFIG_CC_HAS_BRANCH_PROT_PAC_RET=y +CONFIG_CC_HAS_SIGN_RETURN_ADDRESS=y +CONFIG_AS_HAS_PAC=y +CONFIG_AS_HAS_CFI_NEGATE_RA_STATE=y +# end of ARMv8.3 architectural features + +# +# ARMv8.4 architectural features +# +CONFIG_ARM64_AMU_EXTN=y +CONFIG_AS_HAS_ARMV8_4=y +CONFIG_ARM64_TLB_RANGE=y +# end of ARMv8.4 architectural features + +# +# ARMv8.5 architectural features +# +CONFIG_AS_HAS_ARMV8_5=y +CONFIG_ARM64_BTI=y +CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI=y +CONFIG_ARM64_E0PD=y +CONFIG_ARM64_AS_HAS_MTE=y +CONFIG_ARM64_MTE=y +# end of ARMv8.5 architectural features + +# +# ARMv8.7 architectural features +# +CONFIG_ARM64_EPAN=y +# end of ARMv8.7 architectural features + +# CONFIG_ARM64_SVE is not set +# CONFIG_ARM64_PSEUDO_NMI is not set +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_CC_HAVE_STACKPROTECTOR_SYSREG=y +CONFIG_STACKPROTECTOR_PER_TASK=y +CONFIG_ARCH_NR_GPIO=0 +# end of Kernel Features + +# +# Boot options +# +# CONFIG_ARM64_ACPI_PARKING_PROTOCOL is not set +CONFIG_CMDLINE="" +CONFIG_EFI_STUB=y +CONFIG_EFI=y +CONFIG_DMI=y +# end of Boot options + +# +# Power management options +# +# CONFIG_SUSPEND is not set +CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_HIBERNATION_SNAPSHOT_DEV=y +CONFIG_PM_STD_PARTITION="" +CONFIG_PM_SLEEP=y +CONFIG_PM_SLEEP_SMP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_CPU_PM=y +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_HIBERNATION_HEADER=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +# end of Power management options + +# +# CPU Power Management +# + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set + +# +# ARM CPU Idle Drivers +# +# CONFIG_ARM_PSCI_CPUIDLE is not set +# end of ARM CPU Idle Drivers +# end of CPU Idle + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +# CONFIG_CPU_FREQ_STAT is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set +# CONFIG_CPU_FREQ_GOV_SCHEDUTIL is not set + +# +# CPU frequency scaling drivers +# +# CONFIG_CPUFREQ_DT is not set +# CONFIG_ACPI_CPPC_CPUFREQ is not set +# end of CPU Frequency scaling +# end of CPU Power Management + +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_GENERIC_GSI=y +CONFIG_ACPI_CCA_REQUIRED=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +# CONFIG_ACPI_AC is not set +# CONFIG_ACPI_BATTERY is not set +CONFIG_ACPI_BUTTON=y +# CONFIG_ACPI_VIDEO is not set +# CONFIG_ACPI_FAN is not set +# CONFIG_ACPI_TAD is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_MCFG=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_MEMORY=y +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_BGRT is not set +CONFIG_ACPI_REDUCED_HARDWARE_ONLY=y +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_IORT=y +CONFIG_ACPI_GTDT=y +CONFIG_ACPI_PPTT=y +CONFIG_ACPI_PCC=y +# CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_VIOT=y +CONFIG_ACPI_PRMT=y +CONFIG_IRQ_BYPASS_MANAGER=y +CONFIG_HAVE_KVM=y +CONFIG_HAVE_KVM_IRQCHIP=y +CONFIG_HAVE_KVM_IRQFD=y +CONFIG_HAVE_KVM_IRQ_ROUTING=y +CONFIG_HAVE_KVM_EVENTFD=y +CONFIG_KVM_MMIO=y +CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y +CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL=y +CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y +CONFIG_HAVE_KVM_IRQ_BYPASS=y +CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE=y +CONFIG_KVM_XFER_TO_GUEST_WORK=y +CONFIG_VIRTUALIZATION=y +CONFIG_KVM=y +# CONFIG_NVHE_EL2_DEBUG is not set + +# +# General architecture-dependent options +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +CONFIG_ARCH_HAS_SUBPAGE_FAULTS=y +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_GENERIC_IDLE_POLL_SETUP=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_KEEPINITRD=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_ARCH_MMAP_RND_BITS=18 +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT=y +CONFIG_CLONE_BACKWARDS=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_COMPILER_H=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +# CONFIG_LOCK_EVENT_COUNTS is not set +CONFIG_ARCH_HAS_RELR=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_KEY=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAVE_TRACE_MMIO_ACCESS=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_CGROUP_RWSTAT=y +CONFIG_BLK_DEV_BSG_COMMON=y +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_BLK_DEV_INTEGRITY=y +# CONFIG_BLK_DEV_ZONED is not set +CONFIG_BLK_DEV_THROTTLING=y +# CONFIG_BLK_DEV_THROTTLING_LOW is not set +CONFIG_BLK_WBT=y +CONFIG_BLK_WBT_MQ=y +# CONFIG_BLK_CGROUP_IOLATENCY is not set +# CONFIG_BLK_CGROUP_IOCOST is not set +# CONFIG_BLK_CGROUP_IOPRIO is not set +CONFIG_BLK_DEBUG_FS=y +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_AIX_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +# CONFIG_MSDOS_PARTITION is not set +# CONFIG_LDM_PARTITION is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set +# CONFIG_CMDLINE_PARTITION is not set +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_PM=y + +# +# IO Schedulers +# +# CONFIG_MQ_IOSCHED_DEADLINE is not set +# CONFIG_MQ_IOSCHED_KYBER is not set +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_PREEMPT_NOTIFIERS=y +CONFIG_ASN1=y +CONFIG_ARCH_INLINE_SPIN_TRYLOCK=y +CONFIG_ARCH_INLINE_SPIN_TRYLOCK_BH=y +CONFIG_ARCH_INLINE_SPIN_LOCK=y +CONFIG_ARCH_INLINE_SPIN_LOCK_BH=y +CONFIG_ARCH_INLINE_SPIN_LOCK_IRQ=y +CONFIG_ARCH_INLINE_SPIN_LOCK_IRQSAVE=y +CONFIG_ARCH_INLINE_SPIN_UNLOCK=y +CONFIG_ARCH_INLINE_SPIN_UNLOCK_BH=y +CONFIG_ARCH_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE=y +CONFIG_ARCH_INLINE_READ_LOCK=y +CONFIG_ARCH_INLINE_READ_LOCK_BH=y +CONFIG_ARCH_INLINE_READ_LOCK_IRQ=y +CONFIG_ARCH_INLINE_READ_LOCK_IRQSAVE=y +CONFIG_ARCH_INLINE_READ_UNLOCK=y +CONFIG_ARCH_INLINE_READ_UNLOCK_BH=y +CONFIG_ARCH_INLINE_READ_UNLOCK_IRQ=y +CONFIG_ARCH_INLINE_READ_UNLOCK_IRQRESTORE=y +CONFIG_ARCH_INLINE_WRITE_LOCK=y +CONFIG_ARCH_INLINE_WRITE_LOCK_BH=y +CONFIG_ARCH_INLINE_WRITE_LOCK_IRQ=y +CONFIG_ARCH_INLINE_WRITE_LOCK_IRQSAVE=y +CONFIG_ARCH_INLINE_WRITE_UNLOCK=y +CONFIG_ARCH_INLINE_WRITE_UNLOCK_BH=y +CONFIG_ARCH_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE=y +CONFIG_INLINE_SPIN_TRYLOCK=y +CONFIG_INLINE_SPIN_TRYLOCK_BH=y +CONFIG_INLINE_SPIN_LOCK=y +CONFIG_INLINE_SPIN_LOCK_BH=y +CONFIG_INLINE_SPIN_LOCK_IRQ=y +CONFIG_INLINE_SPIN_LOCK_IRQSAVE=y +CONFIG_INLINE_SPIN_UNLOCK_BH=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE=y +CONFIG_INLINE_READ_LOCK=y +CONFIG_INLINE_READ_LOCK_BH=y +CONFIG_INLINE_READ_LOCK_IRQ=y +CONFIG_INLINE_READ_LOCK_IRQSAVE=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_BH=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK_IRQRESTORE=y +CONFIG_INLINE_WRITE_LOCK=y +CONFIG_INLINE_WRITE_LOCK_BH=y +CONFIG_INLINE_WRITE_LOCK_IRQ=y +CONFIG_INLINE_WRITE_LOCK_IRQSAVE=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_BH=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ARCH_BINFMT_ELF_STATE=y +CONFIG_ARCH_BINFMT_ELF_EXTRA_PHDRS=y +CONFIG_ARCH_HAVE_ELF_PROT=y +CONFIG_ARCH_USE_GNU_PROPERTY=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_ZPOOL=y +CONFIG_SWAP=y +CONFIG_ZSWAP=y +# CONFIG_ZSWAP_DEFAULT_ON is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_DEFLATE is not set +CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_842 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4HC is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set +CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" +CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y +# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD is not set +# CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC is not set +CONFIG_ZSWAP_ZPOOL_DEFAULT="zbud" +CONFIG_ZBUD=y +# CONFIG_Z3FOLD is not set +CONFIG_ZSMALLOC=y +CONFIG_ZSMALLOC_STAT=y + +# +# SLAB allocator options +# +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLOB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLAB_FREELIST_HARDENED=y +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_ARCH_KEEP_MEMBLOCK=y +CONFIG_NUMA_KEEP_MEMINFO=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y +CONFIG_MEMORY_HOTPLUG=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_DEVICE_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +CONFIG_KSM=y +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +# CONFIG_MEMORY_FAILURE is not set +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set +CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y +CONFIG_THP_SWAP=y +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_FRONTSWAP=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ARCH_HAS_ZONE_DMA_SET=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_ZONE_DEVICE=y +# CONFIG_DEVICE_PRIVATE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_PERCPU_STATS=y +# CONFIG_GUP_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_SECRETMEM=y +# CONFIG_ANON_VMA_NAME is not set +CONFIG_USERFAULTFD=y +CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y +# CONFIG_LRU_GEN is not set +CONFIG_LOCK_MM_AND_FIND_VMA=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +CONFIG_PACKET_DIAG=y +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +CONFIG_UNIX_DIAG=y +CONFIG_TLS=y +# CONFIG_TLS_DEVICE is not set +# CONFIG_TLS_TOE is not set +CONFIG_XFRM=y +CONFIG_XFRM_OFFLOAD=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_AH=y +CONFIG_XFRM_ESP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_XFRM_ESPINTCP=y +CONFIG_XDP_SOCKETS=y +# CONFIG_XDP_SOCKETS_DIAG is not set +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y +CONFIG_NET_IPIP=y +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +CONFIG_SYN_COOKIES=y +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +CONFIG_NET_FOU=y +CONFIG_NET_FOU_IP_TUNNELS=y +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_TUNNEL=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +CONFIG_INET_UDP_DIAG=y +CONFIG_INET_RAW_DIAG=y +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_ROUTE_INFO=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_ESP_OFFLOAD=y +CONFIG_INET6_ESPINTCP=y +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_TUNNEL=y +# CONFIG_IPV6_VTI is not set +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_FOU=y +CONFIG_IPV6_FOU_TUNNEL=y +CONFIG_IPV6_MULTIPLE_TABLES=y +# CONFIG_IPV6_SUBTREES is not set +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +# CONFIG_MPTCP is not set +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_BRIDGE_NETFILTER=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +# CONFIG_NETFILTER_NETLINK_HOOK is not set +CONFIG_NETFILTER_NETLINK_ACCT=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_SYSLOG=y +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_SECMARK is not set +CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +# CONFIG_NF_CONNTRACK_SANE is not set +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=y +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_NUMGEN=y +CONFIG_NFT_CT=y +CONFIG_NFT_CONNLIMIT=y +CONFIG_NFT_LOG=y +CONFIG_NFT_LIMIT=y +CONFIG_NFT_MASQ=y +CONFIG_NFT_REDIR=y +CONFIG_NFT_NAT=y +CONFIG_NFT_TUNNEL=y +CONFIG_NFT_OBJREF=y +CONFIG_NFT_QUEUE=y +CONFIG_NFT_QUOTA=y +CONFIG_NFT_REJECT=y +CONFIG_NFT_REJECT_INET=y +CONFIG_NFT_COMPAT=y +CONFIG_NFT_HASH=y +CONFIG_NFT_FIB=y +CONFIG_NFT_FIB_INET=y +CONFIG_NFT_XFRM=y +CONFIG_NFT_SOCKET=y +CONFIG_NFT_OSF=y +CONFIG_NFT_TPROXY=y +CONFIG_NFT_SYNPROXY=y +CONFIG_NF_DUP_NETDEV=y +CONFIG_NFT_DUP_NETDEV=y +CONFIG_NFT_FWD_NETDEV=y +CONFIG_NFT_FIB_NETDEV=y +CONFIG_NFT_REJECT_NETDEV=y +# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_AUDIT=y +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +CONFIG_NETFILTER_XT_TARGET_HMARK=y +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +CONFIG_NETFILTER_XT_TARGET_RATEEST=y +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TRACE=y +# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_BPF=y +CONFIG_NETFILTER_XT_MATCH_CGROUP=y +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_CPU=y +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +# CONFIG_NETFILTER_XT_MATCH_IPVS is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OSF=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_RATEEST=y +CONFIG_NETFILTER_XT_MATCH_REALM=y +CONFIG_NETFILTER_XT_MATCH_RECENT=y +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_SOCKET=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y +# end of Core Netfilter Configuration + +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +# CONFIG_IP_SET_BITMAP_IP is not set +# CONFIG_IP_SET_BITMAP_IPMAC is not set +# CONFIG_IP_SET_BITMAP_PORT is not set +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +# CONFIG_IP_SET_HASH_IPPORT is not set +# CONFIG_IP_SET_HASH_IPPORTIP is not set +# CONFIG_IP_SET_HASH_IPPORTNET is not set +# CONFIG_IP_SET_HASH_IPMAC is not set +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +# CONFIG_IP_SET_HASH_NET is not set +# CONFIG_IP_SET_HASH_NETNET is not set +# CONFIG_IP_SET_HASH_NETPORT is not set +# CONFIG_IP_SET_HASH_NETIFACE is not set +# CONFIG_IP_SET_LIST_SET is not set +CONFIG_IP_VS=y +# CONFIG_IP_VS_IPV6 is not set +# CONFIG_IP_VS_DEBUG is not set +CONFIG_IP_VS_TAB_BITS=12 + +# +# IPVS transport protocol load balancing support +# +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y +CONFIG_IP_VS_PROTO_AH_ESP=y +CONFIG_IP_VS_PROTO_ESP=y +CONFIG_IP_VS_PROTO_AH=y +CONFIG_IP_VS_PROTO_SCTP=y + +# +# IPVS scheduler +# +# CONFIG_IP_VS_RR is not set +# CONFIG_IP_VS_WRR is not set +# CONFIG_IP_VS_LC is not set +# CONFIG_IP_VS_WLC is not set +# CONFIG_IP_VS_FO is not set +# CONFIG_IP_VS_OVF is not set +# CONFIG_IP_VS_LBLC is not set +# CONFIG_IP_VS_LBLCR is not set +CONFIG_IP_VS_DH=y +# CONFIG_IP_VS_SH is not set +# CONFIG_IP_VS_MH is not set +# CONFIG_IP_VS_SED is not set +# CONFIG_IP_VS_NQ is not set +# CONFIG_IP_VS_TWOS is not set + +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# +# IPVS MH scheduler +# +CONFIG_IP_VS_MH_TAB_INDEX=12 + +# +# IPVS application helper +# +# CONFIG_IP_VS_NFCT is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_SOCKET_IPV4=y +CONFIG_NF_TPROXY_IPV4=y +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=y +CONFIG_NFT_DUP_IPV4=y +CONFIG_NFT_FIB_IPV4=y +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_DUP_IPV4=y +CONFIG_NF_LOG_ARP=y +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_RPFILTER=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_SOCKET_IPV6=y +CONFIG_NF_TPROXY_IPV6=y +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=y +CONFIG_NFT_DUP_IPV6=y +CONFIG_NFT_FIB_IPV6=y +CONFIG_NF_DUP_IPV6=y +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +CONFIG_IP6_NF_MATCH_RPFILTER=y +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_MATCH_SRH=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_TARGET_SYNPROXY=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_TABLES_BRIDGE=y +# CONFIG_NFT_BRIDGE_META is not set +# CONFIG_NFT_BRIDGE_REJECT is not set +CONFIG_NF_CONNTRACK_BRIDGE=y +CONFIG_BRIDGE_NF_EBTABLES=y +CONFIG_BRIDGE_EBT_BROUTE=y +CONFIG_BRIDGE_EBT_T_FILTER=y +CONFIG_BRIDGE_EBT_T_NAT=y +CONFIG_BRIDGE_EBT_802_3=y +CONFIG_BRIDGE_EBT_AMONG=y +CONFIG_BRIDGE_EBT_ARP=y +CONFIG_BRIDGE_EBT_IP=y +CONFIG_BRIDGE_EBT_IP6=y +CONFIG_BRIDGE_EBT_LIMIT=y +CONFIG_BRIDGE_EBT_MARK=y +CONFIG_BRIDGE_EBT_PKTTYPE=y +CONFIG_BRIDGE_EBT_STP=y +CONFIG_BRIDGE_EBT_VLAN=y +CONFIG_BRIDGE_EBT_ARPREPLY=y +CONFIG_BRIDGE_EBT_DNAT=y +CONFIG_BRIDGE_EBT_MARK_T=y +CONFIG_BRIDGE_EBT_REDIRECT=y +CONFIG_BRIDGE_EBT_SNAT=y +CONFIG_BRIDGE_EBT_LOG=y +CONFIG_BRIDGE_EBT_NFLOG=y +CONFIG_BPFILTER=y +CONFIG_BPFILTER_UMH=y +# CONFIG_IP_DCCP is not set +CONFIG_IP_SCTP=y +# CONFIG_SCTP_DBG_OBJCNT is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set +CONFIG_SCTP_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_COOKIE_HMAC_SHA1 is not set +CONFIG_INET_SCTP_DIAG=y +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +CONFIG_STP=y +CONFIG_BRIDGE=y +CONFIG_BRIDGE_IGMP_SNOOPING=y +# CONFIG_BRIDGE_VLAN_FILTERING is not set +# CONFIG_BRIDGE_MRP is not set +# CONFIG_BRIDGE_CFM is not set +# CONFIG_NET_DSA is not set +CONFIG_VLAN_8021Q=y +# CONFIG_VLAN_8021Q_GVRP is not set +# CONFIG_VLAN_8021Q_MVRP is not set +CONFIG_LLC=y +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +CONFIG_NET_SCH_CBQ=y +CONFIG_NET_SCH_HTB=y +CONFIG_NET_SCH_HFSC=y +CONFIG_NET_SCH_PRIO=y +CONFIG_NET_SCH_MULTIQ=y +CONFIG_NET_SCH_RED=y +CONFIG_NET_SCH_SFB=y +CONFIG_NET_SCH_SFQ=y +CONFIG_NET_SCH_TEQL=y +CONFIG_NET_SCH_TBF=y +CONFIG_NET_SCH_CBS=y +CONFIG_NET_SCH_ETF=y +CONFIG_NET_SCH_TAPRIO=y +CONFIG_NET_SCH_GRED=y +CONFIG_NET_SCH_DSMARK=y +CONFIG_NET_SCH_NETEM=y +CONFIG_NET_SCH_DRR=y +CONFIG_NET_SCH_MQPRIO=y +CONFIG_NET_SCH_SKBPRIO=y +CONFIG_NET_SCH_CHOKE=y +CONFIG_NET_SCH_QFQ=y +CONFIG_NET_SCH_CODEL=y +CONFIG_NET_SCH_FQ_CODEL=y +CONFIG_NET_SCH_CAKE=y +CONFIG_NET_SCH_FQ=y +CONFIG_NET_SCH_HHF=y +CONFIG_NET_SCH_PIE=y +CONFIG_NET_SCH_FQ_PIE=y +CONFIG_NET_SCH_INGRESS=y +CONFIG_NET_SCH_PLUG=y +CONFIG_NET_SCH_ETS=y +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +CONFIG_NET_CLS_BASIC=y +CONFIG_NET_CLS_ROUTE4=y +CONFIG_NET_CLS_FW=y +CONFIG_NET_CLS_U32=y +CONFIG_CLS_U32_PERF=y +CONFIG_CLS_U32_MARK=y +CONFIG_NET_CLS_FLOW=y +CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_CLS_BPF=y +CONFIG_NET_CLS_FLOWER=y +CONFIG_NET_CLS_MATCHALL=y +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +CONFIG_NET_EMATCH_CMP=y +CONFIG_NET_EMATCH_NBYTE=y +CONFIG_NET_EMATCH_U32=y +CONFIG_NET_EMATCH_META=y +CONFIG_NET_EMATCH_TEXT=y +# CONFIG_NET_EMATCH_IPSET is not set +CONFIG_NET_EMATCH_IPT=y +CONFIG_NET_CLS_ACT=y +CONFIG_NET_ACT_POLICE=y +CONFIG_NET_ACT_GACT=y +CONFIG_GACT_PROB=y +CONFIG_NET_ACT_MIRRED=y +CONFIG_NET_ACT_SAMPLE=y +CONFIG_NET_ACT_IPT=y +CONFIG_NET_ACT_NAT=y +CONFIG_NET_ACT_PEDIT=y +CONFIG_NET_ACT_SIMP=y +CONFIG_NET_ACT_SKBEDIT=y +CONFIG_NET_ACT_CSUM=y +CONFIG_NET_ACT_MPLS=y +CONFIG_NET_ACT_VLAN=y +CONFIG_NET_ACT_BPF=y +CONFIG_NET_ACT_CONNMARK=y +CONFIG_NET_ACT_CTINFO=y +CONFIG_NET_ACT_SKBMOD=y +CONFIG_NET_ACT_IFE=y +CONFIG_NET_ACT_TUNNEL_KEY=y +CONFIG_NET_ACT_GATE=y +CONFIG_NET_IFE_SKBMARK=y +CONFIG_NET_IFE_SKBPRIO=y +CONFIG_NET_IFE_SKBTCINDEX=y +CONFIG_NET_TC_SKB_EXT=y +CONFIG_NET_SCH_FIFO=y +# CONFIG_DCB is not set +CONFIG_DNS_RESOLVER=y +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +CONFIG_VSOCKETS=y +CONFIG_VSOCKETS_DIAG=y +# CONFIG_VSOCKETS_LOOPBACK is not set +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VIRTIO_VSOCKETS_COMMON=y +CONFIG_NETLINK_DIAG=y +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +CONFIG_NET_L3_MASTER_DEV=y +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_STREAM_PARSER is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_STREAM_PARSER=y +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +# CONFIG_WIRELESS is not set +# CONFIG_RFKILL is not set +# CONFIG_NET_9P is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +CONFIG_PSAMPLE=y +CONFIG_NET_IFE=y +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_NET_SOCK_MSG=y +CONFIG_PAGE_POOL=y +# CONFIG_PAGE_POOL_STATS is not set +CONFIG_FAILOVER=y +# CONFIG_ETHTOOL_NETLINK is not set + +# +# Device Drivers +# +CONFIG_ARM_AMBA=y +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCI_DOMAINS_GENERIC=y +CONFIG_PCI_SYSCALL=y +CONFIG_PCIEPORTBUS=y +# CONFIG_HOTPLUG_PCI_PCIE is not set +CONFIG_PCIEAER=y +# CONFIG_PCIEAER_INJECT is not set +# CONFIG_PCIE_ECRC is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y +# CONFIG_PCIE_DPC is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +CONFIG_PCI_DEBUG=y +CONFIG_PCI_STUB=y +CONFIG_PCI_ECAM=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +# CONFIG_PCI_P2PDMA is not set +CONFIG_PCI_LABEL=y +# CONFIG_PCIE_BUS_TUNE_OFF is not set +CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_PEER2PEER is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +# CONFIG_HOTPLUG_PCI_ACPI_IBM is not set +# CONFIG_HOTPLUG_PCI_CPCI is not set +# CONFIG_HOTPLUG_PCI_SHPC is not set + +# +# PCI controller drivers +# +# CONFIG_PCI_FTPCI100 is not set +CONFIG_PCI_HOST_COMMON=y +CONFIG_PCI_HOST_GENERIC=y +# CONFIG_PCIE_XILINX is not set +# CONFIG_PCI_XGENE is not set +# CONFIG_PCIE_ALTERA is not set +# CONFIG_PCI_HOST_THUNDER_PEM is not set +# CONFIG_PCI_HOST_THUNDER_ECAM is not set +# CONFIG_PCIE_MICROCHIP_HOST is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_HISI is not set +# CONFIG_PCIE_KIRIN is not set +# CONFIG_PCI_MESON is not set +# CONFIG_PCIE_AL is not set +# end of DesignWare PCI Core Support + +# +# Mobiveil PCIe Core Support +# +# end of Mobiveil PCIe Core Support + +# +# Cadence PCIe controllers support +# +# CONFIG_PCIE_CADENCE_PLAT_HOST is not set +# CONFIG_PCI_J721E_HOST is not set +# end of Cadence PCIe controllers support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_FW_LOADER_PAGED_BUF=y +CONFIG_FW_LOADER_SYSFS=y +CONFIG_EXTRA_FIRMWARE="" +CONFIG_FW_LOADER_USER_HELPER=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +# CONFIG_FW_LOADER_COMPRESS is not set +# CONFIG_FW_CACHE is not set +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +CONFIG_GENERIC_ARCH_TOPOLOGY=y +CONFIG_GENERIC_ARCH_NUMA=y +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_BRCMSTB_GISB_ARB is not set +# CONFIG_VEXPRESS_CONFIG is not set +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# CONFIG_ARM_SCMI_PROTOCOL is not set +# end of ARM System Control and Management Interface Protocol + +# CONFIG_ARM_SCPI_PROTOCOL is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +CONFIG_DMI_SYSFS=y +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_ARM_FFA_TRANSPORT is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_ESRT=y +CONFIG_EFI_PARAMS_FROM_FDT=y +CONFIG_EFI_RUNTIME_WRAPPERS=y +CONFIG_EFI_GENERIC_STUB=y +# CONFIG_EFI_ZBOOT is not set +CONFIG_EFI_ARMSTUB_DTB_LOADER=y +CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_RESET_ATTACK_MITIGATION is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +CONFIG_EFI_EARLYCON=y +# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set +# CONFIG_EFI_DISABLE_RUNTIME is not set +# CONFIG_EFI_COCO_SECRET is not set +# end of EFI (Extensible Firmware Interface) Support + +CONFIG_ARM_PSCI_FW=y +# CONFIG_ARM_PSCI_CHECKER is not set +CONFIG_HAVE_ARM_SMCCC=y +CONFIG_HAVE_ARM_SMCCC_DISCOVERY=y +# CONFIG_ARM_SMCCC_SOC_ID is not set + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +CONFIG_DTC=y +CONFIG_OF=y +# CONFIG_OF_UNITTEST is not set +CONFIG_OF_FLATTREE=y +CONFIG_OF_EARLY_FLATTREE=y +CONFIG_OF_KOBJ=y +CONFIG_OF_ADDRESS=y +CONFIG_OF_IRQ=y +CONFIG_OF_RESERVED_MEM=y +# CONFIG_OF_OVERLAY is not set +CONFIG_OF_NUMA=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +CONFIG_BLK_DEV_NULL_BLK=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_ZRAM=y +CONFIG_ZRAM_DEF_COMP_LZORLE=y +# CONFIG_ZRAM_DEF_COMP_LZO is not set +CONFIG_ZRAM_DEF_COMP="lzo-rle" +# CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_MEMORY_TRACKING is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=16384 +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# CONFIG_NVME_TARGET is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_OPEN_DICE is not set +# CONFIG_VCPU_STALL_DETECTOR is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# CONFIG_TI_ST is not set +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_HABANA_AI is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# CONFIG_GP_PCI1XXXX is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# end of SCSI device support + +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +CONFIG_WIREGUARD=y +# CONFIG_WIREGUARD_DEBUG is not set +# CONFIG_EQUALIZER is not set +# CONFIG_IFB is not set +# CONFIG_NET_TEAM is not set +CONFIG_MACVLAN=y +# CONFIG_MACVTAP is not set +CONFIG_IPVLAN_L3S=y +CONFIG_IPVLAN=y +# CONFIG_IPVTAP is not set +CONFIG_VXLAN=y +CONFIG_GENEVE=y +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +CONFIG_VETH=y +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_NET_VRF is not set +# CONFIG_ARCNET is not set +# CONFIG_ETHERNET is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PSE_CONTROLLER is not set +# CONFIG_MDIO_DEVICE is not set + +# +# PCS device drivers +# +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +# CONFIG_WLAN is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_NETDEVSIM is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +CONFIG_INPUT_FF_MEMLESS=y +CONFIG_INPUT_SPARSEKMAP=y +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +# CONFIG_KEYBOARD_ATKBD is not set +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +CONFIG_KEYBOARD_GPIO=y +CONFIG_KEYBOARD_GPIO_POLLED=y +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_OMAP4 is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_KEYBOARD_CAP11XX is not set +# CONFIG_KEYBOARD_BCM is not set +# CONFIG_KEYBOARD_CYPRESS_SF is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +CONFIG_INPUT_MISC=y +# CONFIG_INPUT_AD714X is not set +# CONFIG_INPUT_ATMEL_CAPTOUCH is not set +# CONFIG_INPUT_BMA150 is not set +# CONFIG_INPUT_E3X0_BUTTON is not set +# CONFIG_INPUT_MMA8450 is not set +# CONFIG_INPUT_GPIO_BEEPER is not set +# CONFIG_INPUT_GPIO_DECODER is not set +# CONFIG_INPUT_GPIO_VIBRA is not set +# CONFIG_INPUT_KXTJ9 is not set +CONFIG_INPUT_UINPUT=y +# CONFIG_INPUT_PCF8574 is not set +# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set +# CONFIG_INPUT_DA7280_HAPTICS is not set +# CONFIG_INPUT_ADXL34X is not set +# CONFIG_INPUT_IQS269A is not set +# CONFIG_INPUT_IQS626A is not set +# CONFIG_INPUT_IQS7222 is not set +# CONFIG_INPUT_CMA3000 is not set +# CONFIG_INPUT_SOC_BUTTON_ARRAY is not set +# CONFIG_INPUT_DRV260X_HAPTICS is not set +# CONFIG_INPUT_DRV2665_HAPTICS is not set +# CONFIG_INPUT_DRV2667_HAPTICS is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +# CONFIG_SERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +# CONFIG_LDISC_AUTOLOAD is not set + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_DMA=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_EXAR=y +CONFIG_SERIAL_8250_NR_UARTS=1 +CONFIG_SERIAL_8250_RUNTIME_UARTS=1 +# CONFIG_SERIAL_8250_EXTENDED is not set +CONFIG_SERIAL_8250_FSL=y +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_PERICOM=y +CONFIG_SERIAL_OF_PLATFORM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_AMBA_PL010 is not set +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y +# CONFIG_SERIAL_EARLYCON_ARM_SEMIHOST is not set +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SIFIVE is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_XILINX_PS_UART is not set +CONFIG_SERIAL_ARC=y +# CONFIG_SERIAL_ARC_CONSOLE is not set +CONFIG_SERIAL_ARC_NR_PORTS=1 +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +CONFIG_SERIAL_MCTRL_GPIO=y +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +# CONFIG_HVC_DCC is not set +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_DEV_CTRL_TTYPORT=y +# CONFIG_TTY_PRINTK is not set +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIRTIO=y +# CONFIG_HW_RANDOM_CCTRNG is not set +# CONFIG_HW_RANDOM_XIPHERA is not set +CONFIG_HW_RANDOM_ARM_SMCCC_TRNG=y +CONFIG_HW_RANDOM_CN10K=y +# CONFIG_APPLICOM is not set +CONFIG_DEVMEM=y +CONFIG_DEVPORT=y +# CONFIG_TCG_TPM is not set +# CONFIG_XILLYBUS is not set +# CONFIG_RANDOM_TRUST_CPU is not set +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +CONFIG_I2C_COMPAT=y +# CONFIG_I2C_CHARDEV is not set +# CONFIG_I2C_MUX is not set +CONFIG_I2C_HELPER_AUTO=y +CONFIG_I2C_ALGOBIT=y + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +# CONFIG_I2C_AMD756 is not set +# CONFIG_I2C_AMD8111 is not set +# CONFIG_I2C_AMD_MP2 is not set +# CONFIG_I2C_I801 is not set +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_PIIX4 is not set +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_CADENCE is not set +# CONFIG_I2C_CBUS_GPIO is not set +# CONFIG_I2C_DESIGNWARE_PLATFORM is not set +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_EMEV2 is not set +# CONFIG_I2C_GPIO is not set +# CONFIG_I2C_HISI is not set +# CONFIG_I2C_NOMADIK is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_RK3X is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_THUNDERX is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_PCI1XXXX is not set +# CONFIG_I2C_TAOS_EVM is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_VIRTIO is not set +# end of I2C Hardware Bus support + +# CONFIG_I2C_SLAVE is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +CONFIG_PPS_DEBUG=y + +# +# PPS clients support +# +CONFIG_PPS_CLIENT_KTIMER=y +CONFIG_PPS_CLIENT_LDISC=y +CONFIG_PPS_CLIENT_GPIO=y + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# end of PTP clock support + +# CONFIG_PINCTRL is not set +CONFIG_GPIOLIB=y +CONFIG_GPIOLIB_FASTPATH_LIMIT=512 +CONFIG_OF_GPIO=y +CONFIG_GPIO_ACPI=y +CONFIG_GPIOLIB_IRQCHIP=y +# CONFIG_DEBUG_GPIO is not set +# CONFIG_GPIO_SYSFS is not set +# CONFIG_GPIO_CDEV is not set + +# +# Memory mapped GPIO drivers +# +# CONFIG_GPIO_74XX_MMIO is not set +# CONFIG_GPIO_ALTERA is not set +# CONFIG_GPIO_AMDPT is not set +# CONFIG_GPIO_CADENCE is not set +# CONFIG_GPIO_DWAPB is not set +# CONFIG_GPIO_EXAR is not set +# CONFIG_GPIO_FTGPIO010 is not set +# CONFIG_GPIO_GENERIC_PLATFORM is not set +# CONFIG_GPIO_GRGPIO is not set +# CONFIG_GPIO_HISI is not set +# CONFIG_GPIO_HLWD is not set +# CONFIG_GPIO_MB86S7X is not set +CONFIG_GPIO_PL061=y +# CONFIG_GPIO_SIFIVE is not set +# CONFIG_GPIO_XGENE is not set +# CONFIG_GPIO_XILINX is not set +# CONFIG_GPIO_AMD_FCH is not set +# end of Memory mapped GPIO drivers + +# +# I2C GPIO expanders +# +# CONFIG_GPIO_ADNP is not set +# CONFIG_GPIO_GW_PLD is not set +# CONFIG_GPIO_MAX7300 is not set +# CONFIG_GPIO_MAX732X is not set +# CONFIG_GPIO_PCA953X is not set +# CONFIG_GPIO_PCA9570 is not set +# CONFIG_GPIO_PCF857X is not set +# CONFIG_GPIO_TPIC2810 is not set +# end of I2C GPIO expanders + +# +# MFD GPIO expanders +# +# end of MFD GPIO expanders + +# +# PCI GPIO expanders +# +# CONFIG_GPIO_BT8XX is not set +# CONFIG_GPIO_PCI_IDIO_16 is not set +# CONFIG_GPIO_PCIE_IDIO_24 is not set +# CONFIG_GPIO_RDC321X is not set +# end of PCI GPIO expanders + +# +# Virtual GPIO drivers +# +# CONFIG_GPIO_AGGREGATOR is not set +# CONFIG_GPIO_MOCKUP is not set +CONFIG_GPIO_VIRTIO=y +# CONFIG_GPIO_SIM is not set +# end of Virtual GPIO drivers + +# CONFIG_W1 is not set +CONFIG_POWER_RESET=y +# CONFIG_POWER_RESET_GPIO is not set +# CONFIG_POWER_RESET_GPIO_RESTART is not set +# CONFIG_POWER_RESET_LTC2952 is not set +# CONFIG_POWER_RESET_RESTART is not set +# CONFIG_POWER_RESET_XGENE is not set +# CONFIG_POWER_RESET_SYSCON is not set +# CONFIG_POWER_RESET_SYSCON_POWEROFF is not set +# CONFIG_NVMEM_REBOOT_MODE is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_IP5XXX_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_CW2015 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SAMSUNG_SDI is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_LT3651 is not set +# CONFIG_CHARGER_LTC4162L is not set +# CONFIG_CHARGER_DETECTOR_MAX14656 is not set +# CONFIG_CHARGER_MAX77976 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_CHARGER_BQ24257 is not set +# CONFIG_CHARGER_BQ24735 is not set +# CONFIG_CHARGER_BQ2515X is not set +# CONFIG_CHARGER_BQ25890 is not set +# CONFIG_CHARGER_BQ25980 is not set +# CONFIG_CHARGER_BQ256XX is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_GOLDFISH is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_RT9455 is not set +# CONFIG_CHARGER_BD99954 is not set +# CONFIG_BATTERY_UG3105 is not set +# CONFIG_HWMON is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_OF=y +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +CONFIG_THERMAL_GOV_FAIR_SHARE=y +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_CPU_THERMAL is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_THERMAL_MMIO is not set +CONFIG_WATCHDOG=y +CONFIG_WATCHDOG_CORE=y +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +# CONFIG_WATCHDOG_SYSFS is not set +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# +# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set + +# +# Watchdog Device Drivers +# +# CONFIG_SOFT_WATCHDOG is not set +# CONFIG_GPIO_WATCHDOG is not set +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_ZIIRAVE_WATCHDOG is not set +# CONFIG_ARM_SP805_WATCHDOG is not set +# CONFIG_ARM_SBSA_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ARM_SMC_WATCHDOG is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_MEN_A21_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_ACT8945A is not set +# CONFIG_MFD_AS3711 is not set +# CONFIG_MFD_AS3722 is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_AAT2870_CORE is not set +# CONFIG_MFD_ATMEL_FLEXCOM is not set +# CONFIG_MFD_ATMEL_HLCDC is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_GATEWORKS_GSC is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_MP2629 is not set +# CONFIG_MFD_HI6421_PMIC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_HTC_I2CPLD is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_IQS62X is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77620 is not set +# CONFIG_MFD_MAX77650 is not set +# CONFIG_MFD_MAX77686 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77714 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6360 is not set +# CONFIG_MFD_MT6370 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_NTXEC is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_SY7636A is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT4831 is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RT5120 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_RK808 is not set +# CONFIG_MFD_RN5T618 is not set +# CONFIG_MFD_SEC_CORE is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_STMPE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS65010 is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TPS65217 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TI_LP87565 is not set +# CONFIG_MFD_TPS65218 is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65910 is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TC3589X is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_LOCHNAGAR is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ROHM_BD718XX is not set +# CONFIG_MFD_ROHM_BD71828 is not set +# CONFIG_MFD_ROHM_BD957XMUF is not set +# CONFIG_MFD_STPMIC1 is not set +# CONFIG_MFD_STMFX is not set +# CONFIG_MFD_ATC260X_I2C is not set +# CONFIG_MFD_QCOM_PM8008 is not set +# CONFIG_RAVE_SP_CORE is not set +# CONFIG_MFD_RSMU_I2C is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_DRM=y +# CONFIG_DRM_DEBUG_MM is not set +CONFIG_DRM_KMS_HELPER=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +CONFIG_DRM_GEM_SHMEM_HELPER=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# CONFIG_DRM_HDLCD is not set +# CONFIG_DRM_MALI_DISPLAY is not set +# CONFIG_DRM_KOMEDA is not set +# end of ARM devices + +# CONFIG_DRM_RADEON is not set +# CONFIG_DRM_AMDGPU is not set +# CONFIG_DRM_NOUVEAU is not set +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VKMS is not set +# CONFIG_DRM_VMWGFX is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_RCAR_DW_HDMI is not set +# CONFIG_DRM_RCAR_USE_LVDS is not set +# CONFIG_DRM_RCAR_USE_MIPI_DSI is not set +# CONFIG_DRM_QXL is not set +# CONFIG_DRM_VIRTIO_GPU is not set +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_LVDS is not set +# CONFIG_DRM_PANEL_SIMPLE is not set +# CONFIG_DRM_PANEL_EDP is not set +# CONFIG_DRM_PANEL_OLIMEX_LCD_OLINUXINO is not set +# CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E63M0 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E88A0_AMS452EF01 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set +# CONFIG_DRM_PANEL_SEIKO_43WVF1G is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_CDNS_DSI is not set +# CONFIG_DRM_CHIPONE_ICN6211 is not set +# CONFIG_DRM_CHRONTEL_CH7033 is not set +# CONFIG_DRM_DISPLAY_CONNECTOR is not set +# CONFIG_DRM_ITE_IT6505 is not set +# CONFIG_DRM_LONTIUM_LT8912B is not set +# CONFIG_DRM_LONTIUM_LT9211 is not set +# CONFIG_DRM_LONTIUM_LT9611 is not set +# CONFIG_DRM_LONTIUM_LT9611UXC is not set +# CONFIG_DRM_ITE_IT66121 is not set +# CONFIG_DRM_LVDS_CODEC is not set +# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set +# CONFIG_DRM_NWL_MIPI_DSI is not set +# CONFIG_DRM_NXP_PTN3460 is not set +# CONFIG_DRM_PARADE_PS8622 is not set +# CONFIG_DRM_PARADE_PS8640 is not set +# CONFIG_DRM_SIL_SII8620 is not set +# CONFIG_DRM_SII902X is not set +# CONFIG_DRM_SII9234 is not set +# CONFIG_DRM_SIMPLE_BRIDGE is not set +# CONFIG_DRM_THINE_THC63LVD1024 is not set +# CONFIG_DRM_TOSHIBA_TC358762 is not set +# CONFIG_DRM_TOSHIBA_TC358764 is not set +# CONFIG_DRM_TOSHIBA_TC358767 is not set +# CONFIG_DRM_TOSHIBA_TC358768 is not set +# CONFIG_DRM_TOSHIBA_TC358775 is not set +# CONFIG_DRM_TI_DLPC3433 is not set +# CONFIG_DRM_TI_TFP410 is not set +# CONFIG_DRM_TI_SN65DSI83 is not set +# CONFIG_DRM_TI_SN65DSI86 is not set +# CONFIG_DRM_TI_TPD12S015 is not set +# CONFIG_DRM_ANALOGIX_ANX6345 is not set +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# CONFIG_DRM_ANALOGIX_ANX7625 is not set +# CONFIG_DRM_I2C_ADV7511 is not set +# CONFIG_DRM_CDNS_MHDP8546 is not set +# end of Display Interface Bridges + +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_HISI_HIBMC is not set +# CONFIG_DRM_HISI_KIRIN is not set +# CONFIG_DRM_LOGICVC is not set +# CONFIG_DRM_ARCPGU is not set +# CONFIG_DRM_BOCHS is not set +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_SIMPLEDRM is not set +# CONFIG_DRM_PL111 is not set +# CONFIG_DRM_LIMA is not set +# CONFIG_DRM_PANFROST is not set +# CONFIG_DRM_TIDSS is not set +# CONFIG_DRM_SSD130X is not set +# CONFIG_DRM_LEGACY is not set +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y +CONFIG_DRM_NOMODESET=y + +# +# Frame buffer Devices +# +CONFIG_FB_CMDLINE=y +CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +CONFIG_FB_SYS_FILLRECT=y +CONFIG_FB_SYS_COPYAREA=y +CONFIG_FB_SYS_IMAGEBLIT=y +# CONFIG_FB_FOREIGN_ENDIAN is not set +CONFIG_FB_SYS_FOPS=y +CONFIG_FB_DEFERRED_IO=y +# CONFIG_FB_MODE_HELPERS is not set +# CONFIG_FB_TILEBLITTING is not set + +# +# Frame buffer hardware drivers +# +# CONFIG_FB_CIRRUS is not set +# CONFIG_FB_PM2 is not set +# CONFIG_FB_ARMCLCD is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_UVESA is not set +# CONFIG_FB_EFI is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set +# CONFIG_FB_I740 is not set +# CONFIG_FB_MATROX is not set +# CONFIG_FB_RADEON is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SSD1307 is not set +# CONFIG_FB_SM712 is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +CONFIG_LCD_CLASS_DEVICE=y +# CONFIG_LCD_PLATFORM is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BACKLIGHT_KTD253 is not set +# CONFIG_BACKLIGHT_QCOM_WLED is not set +# CONFIG_BACKLIGHT_ADP8860 is not set +# CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LM3639 is not set +# CONFIG_BACKLIGHT_GPIO is not set +# CONFIG_BACKLIGHT_LV5207LP is not set +# CONFIG_BACKLIGHT_BD6107 is not set +# CONFIG_BACKLIGHT_ARCXCNN is not set +# end of Backlight & LCD device support + +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set +# end of Console display driver support + +# CONFIG_LOGO is not set +# end of Graphics support + +# CONFIG_SOUND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +CONFIG_HIDRAW=y +CONFIG_UHID=y +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +# CONFIG_HID_A4TECH is not set +# CONFIG_HID_ACRUX is not set +# CONFIG_HID_AUREAL is not set +# CONFIG_HID_BELKIN is not set +# CONFIG_HID_CHERRY is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_EZKEY is not set +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_VRC2 is not set +# CONFIG_HID_XIAOMI is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +CONFIG_HID_REDRAGON=y +# CONFIG_HID_MICROSOFT is not set +# CONFIG_HID_MONTEREY is not set +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PXRC is not set +# CONFIG_HID_RAZER is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_TOPRE is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# end of Special HID drivers + +# +# I2C HID support +# +# CONFIG_I2C_HID_ACPI is not set +# CONFIG_I2C_HID_OF is not set +# CONFIG_I2C_HID_OF_ELAN is not set +# CONFIG_I2C_HID_OF_GOODIX is not set +# end of I2C HID support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +# CONFIG_USB_SUPPORT is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABEOZ9 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_HYM8563 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_NCT3018Y is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_ISL12026 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF85363 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8010 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3028 is not set +# CONFIG_RTC_DRV_RV3032 is not set +# CONFIG_RTC_DRV_RV8803 is not set +# CONFIG_RTC_DRV_SD3078 is not set + +# +# SPI RTC drivers +# +CONFIG_RTC_I2C_AND_SPI=y + +# +# SPI and I2C RTC drivers +# +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RX6110 is not set + +# +# Platform RTC drivers +# +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_EFI is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set +# CONFIG_RTC_DRV_ZYNQMP is not set + +# +# on-CPU RTC drivers +# +CONFIG_RTC_DRV_PL030=y +CONFIG_RTC_DRV_PL031=y +# CONFIG_RTC_DRV_CADENCE is not set +# CONFIG_RTC_DRV_FTRTC010 is not set +# CONFIG_RTC_DRV_R7301 is not set + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_GOLDFISH is not set +CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set + +# +# DMA Devices +# +CONFIG_DMA_ENGINE=y +CONFIG_DMA_ACPI=y +CONFIG_DMA_OF=y +# CONFIG_ALTERA_MSGDMA is not set +# CONFIG_AMBA_PL08X is not set +# CONFIG_DW_AXI_DMAC is not set +# CONFIG_FSL_EDMA is not set +# CONFIG_FSL_QDMA is not set +# CONFIG_INTEL_IDMA64 is not set +# CONFIG_MV_XOR_V2 is not set +# CONFIG_PL330_DMA is not set +# CONFIG_PLX_DMA is not set +# CONFIG_XILINX_DMA is not set +# CONFIG_XILINX_ZYNQMP_DMA is not set +# CONFIG_XILINX_ZYNQMP_DPDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QCOM_HIDMA is not set +# CONFIG_DW_DMAC is not set +# CONFIG_DW_DMAC_PCI is not set +# CONFIG_DW_EDMA is not set +# CONFIG_DW_EDMA_PCIE is not set +# CONFIG_SF_PDMA is not set + +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_SW_SYNC is not set +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +CONFIG_UIO=y +# CONFIG_UIO_CIF is not set +CONFIG_UIO_PDRV_GENIRQ=y +CONFIG_UIO_DMEM_GENIRQ=y +# CONFIG_UIO_AEC is not set +# CONFIG_UIO_SERCOS3 is not set +# CONFIG_UIO_PCI_GENERIC is not set +# CONFIG_UIO_NETX is not set +# CONFIG_UIO_PRUSS is not set +# CONFIG_UIO_MF624 is not set +CONFIG_VFIO=y +CONFIG_VFIO_IOMMU_TYPE1=y +CONFIG_VFIO_VIRQFD=y +# CONFIG_VFIO_NOIOMMU is not set +CONFIG_VFIO_PCI_CORE=y +CONFIG_VFIO_PCI_MMAP=y +CONFIG_VFIO_PCI_INTX=y +CONFIG_VFIO_PCI=y +# CONFIG_VFIO_PLATFORM is not set +# CONFIG_VFIO_MDEV is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO_ANCHOR=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_PMEM=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_MEM is not set +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_DMA_SHARED_BUFFER=y +# CONFIG_VDPA is not set +CONFIG_VHOST_MENU=y +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_VSOCK is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_HYPERV is not set +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_GOLDFISH is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +# CONFIG_SURFACE_PLATFORMS is not set +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Clock driver for ARM Reference designs +# +# CONFIG_CLK_ICST is not set +# CONFIG_CLK_SP810 is not set +# end of Clock driver for ARM Reference designs + +# CONFIG_COMMON_CLK_MAX9485 is not set +# CONFIG_COMMON_CLK_SI5341 is not set +# CONFIG_COMMON_CLK_SI5351 is not set +# CONFIG_COMMON_CLK_SI514 is not set +# CONFIG_COMMON_CLK_SI544 is not set +# CONFIG_COMMON_CLK_SI570 is not set +# CONFIG_COMMON_CLK_CDCE706 is not set +# CONFIG_COMMON_CLK_CDCE925 is not set +# CONFIG_COMMON_CLK_CS2000_CP is not set +# CONFIG_COMMON_CLK_AXI_CLKGEN is not set +# CONFIG_COMMON_CLK_XGENE is not set +# CONFIG_COMMON_CLK_RS9_PCIE is not set +# CONFIG_COMMON_CLK_VC5 is not set +# CONFIG_COMMON_CLK_VC7 is not set +# CONFIG_COMMON_CLK_FIXED_MMIO is not set +# CONFIG_XILINX_VCU is not set +# CONFIG_COMMON_CLK_XLNX_CLKWZRD is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_TIMER_OF=y +CONFIG_TIMER_ACPI=y +CONFIG_TIMER_PROBE=y +CONFIG_ARM_ARCH_TIMER=y +CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y +CONFIG_ARM_ARCH_TIMER_OOL_WORKAROUND=y +CONFIG_FSL_ERRATUM_A008585=y +CONFIG_HISILICON_ERRATUM_161010101=y +CONFIG_ARM64_ERRATUM_858921=y +# CONFIG_MICROCHIP_PIT64B is not set +# end of Clock Source drivers + +CONFIG_MAILBOX=y +# CONFIG_ARM_MHU is not set +# CONFIG_ARM_MHU_V2 is not set +# CONFIG_PLATFORM_MHU is not set +# CONFIG_PL320_MBOX is not set +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +# CONFIG_MAILBOX_TEST is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +CONFIG_IOMMU_IO_PGTABLE=y +CONFIG_IOMMU_IO_PGTABLE_LPAE=y +# CONFIG_IOMMU_IO_PGTABLE_LPAE_SELFTEST is not set +# CONFIG_IOMMU_IO_PGTABLE_ARMV7S is not set +# CONFIG_IOMMU_IO_PGTABLE_DART is not set +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEBUGFS is not set +CONFIG_IOMMU_DEFAULT_DMA_STRICT=y +# CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_OF_IOMMU=y +CONFIG_IOMMU_DMA=y +# CONFIG_ARM_SMMU is not set +# CONFIG_ARM_SMMU_V3 is not set +CONFIG_VIRTIO_IOMMU=y + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# CONFIG_SOC_BRCMSTB is not set +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# CONFIG_QUICC_ENGINE is not set +# CONFIG_FSL_RCPM is not set +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# CONFIG_A64FX_DIAG is not set +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# CONFIG_LITEX_SOC_CONTROLLER is not set +# end of Enable LiteX SoC Builder specific drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +CONFIG_IRQCHIP=y +CONFIG_ARM_GIC=y +CONFIG_ARM_GIC_MAX_NR=1 +CONFIG_ARM_GIC_V2M=y +CONFIG_ARM_GIC_V3=y +CONFIG_ARM_GIC_V3_ITS=y +CONFIG_ARM_GIC_V3_ITS_PCI=y +# CONFIG_AL_FIC is not set +# CONFIG_XILINX_INTC is not set +CONFIG_PARTITION_PERCPU=y +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_XGENE is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_CADENCE_TORRENT is not set +# CONFIG_PHY_CADENCE_DPHY is not set +# CONFIG_PHY_CADENCE_DPHY_RX is not set +# CONFIG_PHY_CADENCE_SALVO is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_ARM_CCI_PMU is not set +# CONFIG_ARM_CCN is not set +# CONFIG_ARM_CMN is not set +CONFIG_ARM_PMU=y +CONFIG_ARM_PMU_ACPI=y +# CONFIG_ARM_SMMU_V3_PMU is not set +# CONFIG_ARM_DSU_PMU is not set +# CONFIG_ARM_SPE_PMU is not set +# CONFIG_ARM_DMC620_PMU is not set +# CONFIG_ALIBABA_UNCORE_DRW_PMU is not set +# CONFIG_HISI_PMU is not set +# CONFIG_HISI_PCIE_PMU is not set +# CONFIG_HNS3_PMU is not set +# end of Performance monitor support + +CONFIG_RAS=y +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +CONFIG_LIBNVDIMM=y +CONFIG_BLK_DEV_PMEM=y +CONFIG_ND_CLAIM=y +CONFIG_ND_BTT=y +CONFIG_BTT=y +CONFIG_ND_PFN=y +CONFIG_NVDIMM_PFN=y +CONFIG_NVDIMM_DAX=y +CONFIG_OF_PMEM=y +CONFIG_DAX=y +CONFIG_DEV_DAX=y +CONFIG_DEV_DAX_PMEM=y +CONFIG_DEV_DAX_KMEM=y +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# CONFIG_HISI_PTT is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_FSI is not set +# CONFIG_TEE is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_MOST is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +CONFIG_EXT4_DEBUG=y +CONFIG_JBD2=y +CONFIG_JBD2_DEBUG=y +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_OCFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +CONFIG_FS_DAX=y +CONFIG_FS_DAX_PMD=y +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_FS_ENCRYPTION=y +CONFIG_FS_ENCRYPTION_ALGS=y +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +CONFIG_FANOTIFY=y +# CONFIG_QUOTA is not set +CONFIG_AUTOFS4_FS=y +CONFIG_AUTOFS_FS=y +CONFIG_FUSE_FS=y +CONFIG_CUSE=y +CONFIG_VIRTIO_FS=y +CONFIG_FUSE_DAX=y +CONFIG_OVERLAY_FS=y +# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set +CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y +# CONFIG_OVERLAY_FS_INDEX is not set +# CONFIG_OVERLAY_FS_XINO_AUTO is not set +# CONFIG_OVERLAY_FS_METACOPY is not set + +# +# Caches +# +CONFIG_NETFS_SUPPORT=y +# CONFIG_NETFS_STATS is not set +CONFIG_FSCACHE=y +# CONFIG_FSCACHE_STATS is not set +# CONFIG_FSCACHE_DEBUG is not set +CONFIG_CACHEFILES=y +# CONFIG_CACHEFILES_DEBUG is not set +# CONFIG_CACHEFILES_ERROR_INJECTION is not set +# CONFIG_CACHEFILES_ONDEMAND is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +CONFIG_UDF_FS=y +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="ascii" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +CONFIG_PROC_CHILDREN=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_TMPFS_INODE64 is not set +CONFIG_ARCH_SUPPORTS_HUGETLBFS=y +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +CONFIG_CONFIGFS_FS=y +CONFIG_EFIVAR_FS=y +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +CONFIG_SQUASHFS=y +CONFIG_SQUASHFS_FILE_CACHE=y +# CONFIG_SQUASHFS_FILE_DIRECT is not set +CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set +# CONFIG_SQUASHFS_XATTR is not set +CONFIG_SQUASHFS_ZLIB=y +# CONFIG_SQUASHFS_LZ4 is not set +# CONFIG_SQUASHFS_LZO is not set +CONFIG_SQUASHFS_XZ=y +# CONFIG_SQUASHFS_ZSTD is not set +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set +# CONFIG_SQUASHFS_EMBEDDED is not set +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_NFS_FS=y +CONFIG_NFS_V2=y +CONFIG_NFS_V3=y +# CONFIG_NFS_V3_ACL is not set +CONFIG_NFS_V4=y +# CONFIG_NFS_SWAP is not set +# CONFIG_NFS_V4_1 is not set +# CONFIG_ROOT_NFS is not set +# CONFIG_NFS_FSCACHE is not set +# CONFIG_NFS_USE_LEGACY_DNS is not set +CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DISABLE_UDP_SUPPORT=y +CONFIG_NFSD=y +# CONFIG_NFSD_V3_ACL is not set +CONFIG_NFSD_V4=y +# CONFIG_NFSD_BLOCKLAYOUT is not set +# CONFIG_NFSD_SCSILAYOUT is not set +# CONFIG_NFSD_FLEXFILELAYOUT is not set +CONFIG_GRACE_PERIOD=y +CONFIG_LOCKD=y +CONFIG_LOCKD_V4=y +CONFIG_NFS_COMMON=y +CONFIG_SUNRPC=y +CONFIG_SUNRPC_GSS=y +CONFIG_RPCSEC_GSS_KRB5=y +# CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set +# CONFIG_SUNRPC_DEBUG is not set +# CONFIG_CEPH_FS is not set +CONFIG_CIFS=y +# CONFIG_CIFS_STATS2 is not set +CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y +CONFIG_CIFS_UPCALL=y +CONFIG_CIFS_XATTR=y +CONFIG_CIFS_POSIX=y +# CONFIG_CIFS_DEBUG is not set +CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SMB_DIRECT is not set +# CONFIG_SMB_SERVER is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_CODEPAGE_737=y +CONFIG_NLS_CODEPAGE_775=y +CONFIG_NLS_CODEPAGE_850=y +CONFIG_NLS_CODEPAGE_852=y +CONFIG_NLS_CODEPAGE_855=y +CONFIG_NLS_CODEPAGE_857=y +CONFIG_NLS_CODEPAGE_860=y +CONFIG_NLS_CODEPAGE_861=y +CONFIG_NLS_CODEPAGE_862=y +CONFIG_NLS_CODEPAGE_863=y +CONFIG_NLS_CODEPAGE_864=y +CONFIG_NLS_CODEPAGE_865=y +CONFIG_NLS_CODEPAGE_866=y +CONFIG_NLS_CODEPAGE_869=y +CONFIG_NLS_CODEPAGE_936=y +CONFIG_NLS_CODEPAGE_950=y +CONFIG_NLS_CODEPAGE_932=y +CONFIG_NLS_CODEPAGE_949=y +CONFIG_NLS_CODEPAGE_874=y +CONFIG_NLS_ISO8859_8=y +CONFIG_NLS_CODEPAGE_1250=y +CONFIG_NLS_CODEPAGE_1251=y +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +CONFIG_NLS_MAC_ROMAN=y +CONFIG_NLS_MAC_CELTIC=y +CONFIG_NLS_MAC_CENTEURO=y +CONFIG_NLS_MAC_CROATIAN=y +CONFIG_NLS_MAC_CYRILLIC=y +CONFIG_NLS_MAC_GAELIC=y +CONFIG_NLS_MAC_GREEK=y +CONFIG_NLS_MAC_ICELAND=y +CONFIG_NLS_MAC_INUIT=y +CONFIG_NLS_MAC_ROMANIAN=y +CONFIG_NLS_MAC_TURKISH=y +CONFIG_NLS_UTF8=y +# CONFIG_DLM is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +CONFIG_PERSISTENT_KEYRINGS=y +# CONFIG_BIG_KEYS is not set +# CONFIG_TRUSTED_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +CONFIG_SECURITYFS=y +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +CONFIG_FORTIFY_SOURCE=y +# CONFIG_STATIC_USERMODEHELPER is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="yama,loadpin,safesetid,integrity" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# end of Memory initialization + +CONFIG_RANDSTRUCT_NONE=y +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +# CONFIG_CRYPTO_FIPS is not set +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +# CONFIG_CRYPTO_USER is not set +# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set +# CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +# CONFIG_CRYPTO_TEST is not set +# end of Crypto core or helper + +# +# Public-key cryptography +# +# CONFIG_CRYPTO_RSA is not set +# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_ECC=y +# CONFIG_CRYPTO_ECDH is not set +CONFIG_CRYPTO_ECDSA=y +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set +CONFIG_CRYPTO_CBC=y +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=y +CONFIG_CRYPTO_CTS=y +CONFIG_CRYPTO_ECB=y +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +CONFIG_CRYPTO_LRW=y +# CONFIG_CRYPTO_OFB is not set +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +# CONFIG_CRYPTO_BLAKE2B is not set +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HMAC=y +# CONFIG_CRYPTO_MD4 is not set +CONFIG_CRYPTO_MD5=y +# CONFIG_CRYPTO_MICHAEL_MIC is not set +CONFIG_CRYPTO_POLY1305=y +# CONFIG_CRYPTO_RMD160 is not set +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +# CONFIG_CRYPTO_SHA3 is not set +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRCT10DIF=y +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +# end of Random number generation + +# +# Userspace interface +# +CONFIG_CRYPTO_USER_API=y +# CONFIG_CRYPTO_USER_API_HASH is not set +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +CONFIG_CRYPTO_USER_API_RNG=y +# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set +# end of Userspace interface + +# CONFIG_CRYPTO_NHPOLY1305_NEON is not set +CONFIG_CRYPTO_CHACHA20_NEON=y + +# +# Accelerated Cryptographic Algorithms for CPU (arm64) +# +# CONFIG_CRYPTO_GHASH_ARM64_CE is not set +CONFIG_CRYPTO_POLY1305_NEON=y +# CONFIG_CRYPTO_SHA1_ARM64_CE is not set +# CONFIG_CRYPTO_SHA256_ARM64 is not set +# CONFIG_CRYPTO_SHA2_ARM64_CE is not set +# CONFIG_CRYPTO_SHA512_ARM64 is not set +# CONFIG_CRYPTO_SHA512_ARM64_CE is not set +# CONFIG_CRYPTO_SHA3_ARM64 is not set +# CONFIG_CRYPTO_SM3_NEON is not set +# CONFIG_CRYPTO_SM3_ARM64_CE is not set +# CONFIG_CRYPTO_POLYVAL_ARM64_CE is not set +# CONFIG_CRYPTO_AES_ARM64 is not set +# CONFIG_CRYPTO_AES_ARM64_CE is not set +# CONFIG_CRYPTO_AES_ARM64_CE_BLK is not set +# CONFIG_CRYPTO_AES_ARM64_NEON_BLK is not set +# CONFIG_CRYPTO_AES_ARM64_BS is not set +# CONFIG_CRYPTO_SM4_ARM64_CE is not set +# CONFIG_CRYPTO_SM4_ARM64_CE_BLK is not set +# CONFIG_CRYPTO_SM4_ARM64_NEON_BLK is not set +# CONFIG_CRYPTO_AES_ARM64_CE_CCM is not set +# CONFIG_CRYPTO_CRCT10DIF_ARM64_CE is not set +# end of Accelerated Cryptographic Algorithms for CPU (arm64) + +# CONFIG_CRYPTO_HW is not set +# CONFIG_ASYMMETRIC_KEY_TYPE is not set + +# +# Certificates for signature checking +# +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +# end of Certificates for signature checking + +CONFIG_BINARY_PRINTF=y + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_HAVE_ARCH_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y +# CONFIG_INDIRECT_PIO is not set + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y +CONFIG_CRYPTO_LIB_CHACHA=y +CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y +CONFIG_CRYPTO_LIB_CURVE25519=y +CONFIG_CRYPTO_LIB_DES=y +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=9 +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y +CONFIG_CRYPTO_LIB_POLY1305=y +CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +# CONFIG_CRC64_ROCKSOFT is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +CONFIG_XXHASH=y +CONFIG_AUDIT_GENERIC=y +CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_MICROLZMA is not set +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_BZIP2=y +CONFIG_DECOMPRESS_LZMA=y +CONFIG_DECOMPRESS_XZ=y +CONFIG_DECOMPRESS_LZO=y +CONFIG_DECOMPRESS_LZ4=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_DMA_DECLARE_COHERENT=y +CONFIG_ARCH_HAS_SETUP_DMA_OPS=y +CONFIG_ARCH_HAS_TEARDOWN_DMA_OPS=y +CONFIG_ARCH_HAS_SYNC_DMA_FOR_DEVICE=y +CONFIG_ARCH_HAS_SYNC_DMA_FOR_CPU=y +CONFIG_ARCH_HAS_DMA_PREP_COHERENT=y +CONFIG_SWIOTLB=y +# CONFIG_DMA_RESTRICTED_POOL is not set +CONFIG_DMA_NONCOHERENT_MMAP=y +CONFIG_DMA_COHERENT_POOL=y +CONFIG_DMA_DIRECT_REMAP=y +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_DMA_MAP_BENCHMARK is not set +CONFIG_SGL_ALLOC=y +# CONFIG_FORCE_NR_CPUS is not set +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_IRQ_POLL=y +CONFIG_LIBFDT=y +CONFIG_OID_REGISTRY=y +CONFIG_UCS2_STRING=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +CONFIG_SG_POOL=y +CONFIG_MEMREGION=y +CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y +CONFIG_SBITMAP=y +# end of Library routines + +CONFIG_GENERIC_IOREMAP=y +CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED=y + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +CONFIG_DYNAMIC_DEBUG=y +CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_SYMBOLIC_ERRNAME=y +# CONFIG_DEBUG_BUGVERBOSE is not set +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Compile-time checks and compiler options +# +CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_INFO_NONE=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +CONFIG_FRAME_WARN=2048 +CONFIG_STRIP_ASM_SYMS=y +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +CONFIG_DEBUG_SECTION_MISMATCH=y +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +CONFIG_VMLINUX_MAP=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 +CONFIG_MAGIC_SYSRQ_SERIAL=y +CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_FS_ALLOW_ALL=y +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +# CONFIG_PTDUMP_DEBUGFS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SHRINKER_DEBUG is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_SW_TAGS=y +CONFIG_HAVE_ARCH_KASAN_HW_TAGS=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SOFTLOCKUP_DETECTOR is not set +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +# CONFIG_SCHED_DEBUG is not set +CONFIG_SCHED_INFO=y +# CONFIG_SCHEDSTATS is not set +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +CONFIG_DEBUG_LIST=y +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=59 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_SAMPLES is not set +CONFIG_STRICT_DEVMEM=y +# CONFIG_IO_STRICT_DEVMEM is not set + +# +# arm64 Debugging +# +# CONFIG_PID_IN_CONTEXTIDR is not set +# CONFIG_CORESIGHT is not set +# end of arm64 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_LKDTM is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_STRING_SELFTEST is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_STRSCPY is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_SIPHASH is not set +# CONFIG_TEST_IDA is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_DYNAMIC_DEBUG is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_FREE_PAGES is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking diff --git a/kernel/config-x86_64 b/kernel/config-x86_64 new file mode 100644 index 0000000..7ca2317 --- /dev/null +++ b/kernel/config-x86_64 @@ -0,0 +1,3650 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 6.6.9 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="x86_64-linux-gnu-gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=90400 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23400 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23400 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=0 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="sandbox-vm" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +CONFIG_AUDIT=y +CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100 +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +CONFIG_BPF_SYSCALL=y +# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set +CONFIG_USERMODE_DRIVER=y +CONFIG_BPF_PRELOAD=y +CONFIG_BPF_PRELOAD_UMD=y +# end of BPF subsystem + +CONFIG_PREEMPT_BUILD=y +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_COUNT=y +CONFIG_PREEMPTION=y +CONFIG_PREEMPT_DYNAMIC=y +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +CONFIG_PREEMPT_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TREE_SRCU=y +CONFIG_TASKS_RCU_GENERIC=y +CONFIG_TASKS_RCU=y +CONFIG_TASKS_TRACE_RCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=21 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +# CONFIG_PRINTK_INDEX is not set +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# CONFIG_UCLAMP_TASK is not set +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_NUMA_BALANCING=y +# CONFIG_NUMA_BALANCING_DEFAULT_ENABLED is not set +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set +CONFIG_MEMCG=y +CONFIG_MEMCG_V1=y +CONFIG_MEMCG_KMEM=y +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +CONFIG_RT_GROUP_SCHED=y +CONFIG_CGROUP_PIDS=y +# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_CPUSETS_V1=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y +# CONFIG_CGROUP_MISC is not set +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_SCHED_AUTOGROUP=y +# CONFIG_SYSFS_DEPRECATED is not set +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y +CONFIG_RD_ZSTD=y +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_EXPERT=y +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y +CONFIG_RSEQ=y +# CONFIG_DEBUG_RSEQ is not set +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y +CONFIG_GUEST_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +# CONFIG_PROFILING is not set +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_NR_GPIO=1024 +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=5 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +# CONFIG_X86_EXTENDED_PLATFORM is not set +CONFIG_X86_INTEL_LPSS=y +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +# CONFIG_IOSF_MBI_DEBUG is not set +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +CONFIG_PROCESSOR_SELECT=y +CONFIG_CPU_SUP_INTEL=y +# CONFIG_CPU_SUP_AMD is not set +# CONFIG_CPU_SUP_HYGON is not set +# CONFIG_CPU_SUP_CENTAUR is not set +# CONFIG_CPU_SUP_ZHAOXIN is not set +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +# CONFIG_MAXSMP is not set +CONFIG_NR_CPUS_RANGE_BEGIN=2 +CONFIG_NR_CPUS_RANGE_END=512 +CONFIG_NR_CPUS_DEFAULT=64 +CONFIG_NR_CPUS=128 +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# end of Performance monitoring + +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_X86_IOPL_IOPERM is not set +# CONFIG_MICROCODE is not set +CONFIG_X86_MSR=y +CONFIG_X86_CPUID=y +CONFIG_X86_5LEVEL=y +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_X86_CPA_STATISTICS is not set +CONFIG_NUMA=y +# CONFIG_AMD_NUMA is not set +CONFIG_X86_64_ACPI_NUMA=y +# CONFIG_NUMA_EMU is not set +CONFIG_NODES_SHIFT=10 +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +# CONFIG_X86_PMEM_LEGACY is not set +CONFIG_X86_CHECK_BIOS_CORRUPTION=y +CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +# CONFIG_X86_UMIP is not set +CONFIG_CC_HAS_IBT=y +# CONFIG_X86_KERNEL_IBT is not set +# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +CONFIG_EFI=y +CONFIG_EFI_STUB=y +# CONFIG_EFI_MIXED is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +CONFIG_KEXEC_FILE=y +CONFIG_ARCH_HAS_KEXEC_PURGATORY=y +# CONFIG_KEXEC_SIG is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y +CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa +CONFIG_HOTPLUG_CPU=y +# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set +# CONFIG_DEBUG_HOTPLUG_CPU0 is not set +CONFIG_LEGACY_VSYSCALL_XONLY=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y + +# +# Power management and ACPI options +# +# CONFIG_SUSPEND is not set +# CONFIG_HIBERNATION is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +# CONFIG_ACPI_AC is not set +# CONFIG_ACPI_BATTERY is not set +CONFIG_ACPI_BUTTON=y +# CONFIG_ACPI_FAN is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_MEMORY=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_BGRT is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +CONFIG_PMIC_OPREGION=y +CONFIG_ACPI_VIOT=y +CONFIG_ACPI_PRMT=y +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +# CONFIG_CPU_FREQ_STAT is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +# CONFIG_X86_PCC_CPUFREQ is not set +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set +# CONFIG_X86_ACPI_CPUFREQ is not set +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +# end of CPU Idle + +CONFIG_INTEL_IDLE=y +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_MMCONF_FAM10H=y +# CONFIG_PCI_CNB20LE_QUIRK is not set +# CONFIG_ISA_BUS is not set +# CONFIG_ISA_DMA_API is not set +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32_ABI is not set +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +CONFIG_HAVE_KVM_PFNCACHE=y +CONFIG_HAVE_KVM_IRQCHIP=y +CONFIG_HAVE_KVM_IRQFD=y +CONFIG_HAVE_KVM_IRQ_ROUTING=y +CONFIG_HAVE_KVM_DIRTY_RING=y +CONFIG_HAVE_KVM_DIRTY_RING_TSO=y +CONFIG_HAVE_KVM_DIRTY_RING_ACQ_REL=y +CONFIG_HAVE_KVM_EVENTFD=y +CONFIG_KVM_MMIO=y +CONFIG_KVM_ASYNC_PF=y +CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y +CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y +CONFIG_HAVE_KVM_IRQ_BYPASS=y +CONFIG_HAVE_KVM_NO_POLL=y +CONFIG_KVM_XFER_TO_GUEST_WORK=y +CONFIG_HAVE_KVM_PM_NOTIFIER=y +CONFIG_VIRTUALIZATION=y +CONFIG_KVM=y +# CONFIG_KVM_WERROR is not set +CONFIG_KVM_INTEL=y +# CONFIG_KVM_AMD is not set +# CONFIG_KVM_XEN is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y + +# +# General architecture-dependent options +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y +CONFIG_GENERIC_ENTRY=y +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +# CONFIG_LOCK_EVENT_COUNTS is not set +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_CGROUP_RWSTAT=y +CONFIG_BLK_DEV_BSG_COMMON=y +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_BLK_DEV_INTEGRITY=y +# CONFIG_BLK_DEV_ZONED is not set +CONFIG_BLK_DEV_THROTTLING=y +# CONFIG_BLK_DEV_THROTTLING_LOW is not set +CONFIG_BLK_WBT=y +CONFIG_BLK_WBT_MQ=y +# CONFIG_BLK_CGROUP_IOLATENCY is not set +# CONFIG_BLK_CGROUP_IOCOST is not set +# CONFIG_BLK_CGROUP_IOPRIO is not set +CONFIG_BLK_DEBUG_FS=y +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_AIX_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +# CONFIG_MSDOS_PARTITION is not set +# CONFIG_LDM_PARTITION is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set +# CONFIG_CMDLINE_PARTITION is not set +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_PM=y + +# +# IO Schedulers +# +# CONFIG_MQ_IOSCHED_DEADLINE is not set +# CONFIG_MQ_IOSCHED_KYBER is not set +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_PREEMPT_NOTIFIERS=y +CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_ZPOOL=y +CONFIG_SWAP=y +CONFIG_ZSWAP=y +# CONFIG_ZSWAP_DEFAULT_ON is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_DEFLATE is not set +CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_842 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4HC is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set +CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" +CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y +# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD is not set +# CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC is not set +CONFIG_ZSWAP_ZPOOL_DEFAULT="zbud" +CONFIG_ZBUD=y +# CONFIG_Z3FOLD is not set +CONFIG_ZSMALLOC=y +CONFIG_ZSMALLOC_STAT=y + +# +# SLAB allocator options +# +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLOB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLAB_FREELIST_HARDENED=y +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_NUMA_KEEP_MEMINFO=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_DEVICE_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +CONFIG_KSM=y +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set +CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y +CONFIG_THP_SWAP=y +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_FRONTSWAP=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ARCH_HAS_ZONE_DMA_SET=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_ZONE_DEVICE=y +# CONFIG_DEVICE_PRIVATE is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_PERCPU_STATS=y +# CONFIG_GUP_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_SECRETMEM=y +# CONFIG_ANON_VMA_NAME is not set +CONFIG_USERFAULTFD=y +CONFIG_HAVE_ARCH_USERFAULTFD_WP=y +CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y +CONFIG_PTE_MARKER=y +CONFIG_PTE_MARKER_UFFD_WP=y +# CONFIG_LRU_GEN is not set +CONFIG_LOCK_MM_AND_FIND_VMA=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +CONFIG_PACKET_DIAG=y +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +CONFIG_UNIX_DIAG=y +CONFIG_TLS=y +# CONFIG_TLS_DEVICE is not set +# CONFIG_TLS_TOE is not set +CONFIG_XFRM=y +CONFIG_XFRM_OFFLOAD=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_AH=y +CONFIG_XFRM_ESP=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_XFRM_ESPINTCP=y +CONFIG_XDP_SOCKETS=y +# CONFIG_XDP_SOCKETS_DIAG is not set +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y +CONFIG_NET_IPIP=y +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +CONFIG_IP_MROUTE_COMMON=y +CONFIG_SYN_COOKIES=y +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +CONFIG_NET_FOU=y +CONFIG_NET_FOU_IP_TUNNELS=y +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_TUNNEL=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +CONFIG_INET_UDP_DIAG=y +CONFIG_INET_RAW_DIAG=y +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_ROUTE_INFO=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_ESP_OFFLOAD=y +CONFIG_INET6_ESPINTCP=y +CONFIG_INET6_IPCOMP=y +# CONFIG_IPV6_MIP6 is not set +CONFIG_IPV6_ILA=y +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_IPV6_VTI=y +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_FOU=y +CONFIG_IPV6_FOU_TUNNEL=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y +CONFIG_IPV6_PIMSM_V2=y +CONFIG_IPV6_SEG6_LWTUNNEL=y +CONFIG_IPV6_SEG6_HMAC=y +CONFIG_IPV6_SEG6_BPF=y +CONFIG_IPV6_RPL_LWTUNNEL=y +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +# CONFIG_MPTCP is not set +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_BRIDGE_NETFILTER=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +# CONFIG_NETFILTER_NETLINK_HOOK is not set +CONFIG_NETFILTER_NETLINK_ACCT=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_SYSLOG=y +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_SECMARK is not set +CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +# CONFIG_NF_CONNTRACK_SANE is not set +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=y +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_NUMGEN=y +CONFIG_NFT_CT=y +CONFIG_NFT_CONNLIMIT=y +CONFIG_NFT_LOG=y +CONFIG_NFT_LIMIT=y +CONFIG_NFT_MASQ=y +CONFIG_NFT_REDIR=y +CONFIG_NFT_NAT=y +CONFIG_NFT_TUNNEL=y +CONFIG_NFT_OBJREF=y +CONFIG_NFT_QUEUE=y +CONFIG_NFT_QUOTA=y +CONFIG_NFT_REJECT=y +CONFIG_NFT_REJECT_INET=y +CONFIG_NFT_COMPAT=y +CONFIG_NFT_HASH=y +CONFIG_NFT_FIB=y +CONFIG_NFT_FIB_INET=y +CONFIG_NFT_XFRM=y +CONFIG_NFT_SOCKET=y +CONFIG_NFT_OSF=y +CONFIG_NFT_TPROXY=y +CONFIG_NFT_SYNPROXY=y +CONFIG_NF_DUP_NETDEV=y +CONFIG_NFT_DUP_NETDEV=y +CONFIG_NFT_FWD_NETDEV=y +CONFIG_NFT_FIB_NETDEV=y +CONFIG_NFT_REJECT_NETDEV=y +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_AUDIT=y +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +CONFIG_NETFILTER_XT_TARGET_HMARK=y +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +CONFIG_NETFILTER_XT_TARGET_RATEEST=y +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TRACE=y +# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_BPF=y +CONFIG_NETFILTER_XT_MATCH_CGROUP=y +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_CPU=y +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +# CONFIG_NETFILTER_XT_MATCH_IPVS is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OSF=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_RATEEST=y +CONFIG_NETFILTER_XT_MATCH_REALM=y +CONFIG_NETFILTER_XT_MATCH_RECENT=y +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_SOCKET=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y +# end of Core Netfilter Configuration + +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +# CONFIG_IP_SET_BITMAP_IP is not set +# CONFIG_IP_SET_BITMAP_IPMAC is not set +# CONFIG_IP_SET_BITMAP_PORT is not set +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +# CONFIG_IP_SET_HASH_IPPORT is not set +# CONFIG_IP_SET_HASH_IPPORTIP is not set +# CONFIG_IP_SET_HASH_IPPORTNET is not set +# CONFIG_IP_SET_HASH_IPMAC is not set +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +# CONFIG_IP_SET_HASH_NET is not set +# CONFIG_IP_SET_HASH_NETNET is not set +# CONFIG_IP_SET_HASH_NETPORT is not set +# CONFIG_IP_SET_HASH_NETIFACE is not set +# CONFIG_IP_SET_LIST_SET is not set +CONFIG_IP_VS=y +# CONFIG_IP_VS_IPV6 is not set +# CONFIG_IP_VS_DEBUG is not set +CONFIG_IP_VS_TAB_BITS=12 + +# +# IPVS transport protocol load balancing support +# +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y +CONFIG_IP_VS_PROTO_AH_ESP=y +CONFIG_IP_VS_PROTO_ESP=y +CONFIG_IP_VS_PROTO_AH=y +CONFIG_IP_VS_PROTO_SCTP=y + +# +# IPVS scheduler +# +# CONFIG_IP_VS_RR is not set +# CONFIG_IP_VS_WRR is not set +# CONFIG_IP_VS_LC is not set +# CONFIG_IP_VS_WLC is not set +# CONFIG_IP_VS_FO is not set +# CONFIG_IP_VS_OVF is not set +# CONFIG_IP_VS_LBLC is not set +# CONFIG_IP_VS_LBLCR is not set +CONFIG_IP_VS_DH=y +# CONFIG_IP_VS_SH is not set +# CONFIG_IP_VS_MH is not set +# CONFIG_IP_VS_SED is not set +# CONFIG_IP_VS_NQ is not set +# CONFIG_IP_VS_TWOS is not set + +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# +# IPVS MH scheduler +# +CONFIG_IP_VS_MH_TAB_INDEX=12 + +# +# IPVS application helper +# +# CONFIG_IP_VS_NFCT is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_SOCKET_IPV4=y +CONFIG_NF_TPROXY_IPV4=y +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=y +CONFIG_NFT_DUP_IPV4=y +CONFIG_NFT_FIB_IPV4=y +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_DUP_IPV4=y +CONFIG_NF_LOG_ARP=y +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_RPFILTER=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_SOCKET_IPV6=y +CONFIG_NF_TPROXY_IPV6=y +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=y +CONFIG_NFT_DUP_IPV6=y +CONFIG_NFT_FIB_IPV6=y +CONFIG_NF_DUP_IPV6=y +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +CONFIG_IP6_NF_MATCH_RPFILTER=y +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_MATCH_SRH=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_TARGET_SYNPROXY=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_TABLES_BRIDGE=y +# CONFIG_NFT_BRIDGE_META is not set +# CONFIG_NFT_BRIDGE_REJECT is not set +CONFIG_NF_CONNTRACK_BRIDGE=y +CONFIG_BRIDGE_NF_EBTABLES=y +CONFIG_BRIDGE_EBT_BROUTE=y +CONFIG_BRIDGE_EBT_T_FILTER=y +CONFIG_BRIDGE_EBT_T_NAT=y +CONFIG_BRIDGE_EBT_802_3=y +CONFIG_BRIDGE_EBT_AMONG=y +CONFIG_BRIDGE_EBT_ARP=y +CONFIG_BRIDGE_EBT_IP=y +CONFIG_BRIDGE_EBT_IP6=y +CONFIG_BRIDGE_EBT_LIMIT=y +CONFIG_BRIDGE_EBT_MARK=y +CONFIG_BRIDGE_EBT_PKTTYPE=y +CONFIG_BRIDGE_EBT_STP=y +CONFIG_BRIDGE_EBT_VLAN=y +CONFIG_BRIDGE_EBT_ARPREPLY=y +CONFIG_BRIDGE_EBT_DNAT=y +CONFIG_BRIDGE_EBT_MARK_T=y +CONFIG_BRIDGE_EBT_REDIRECT=y +CONFIG_BRIDGE_EBT_SNAT=y +CONFIG_BRIDGE_EBT_LOG=y +CONFIG_BRIDGE_EBT_NFLOG=y +CONFIG_BPFILTER=y +CONFIG_BPFILTER_UMH=y +# CONFIG_IP_DCCP is not set +CONFIG_IP_SCTP=y +# CONFIG_SCTP_DBG_OBJCNT is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set +CONFIG_SCTP_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_COOKIE_HMAC_SHA1 is not set +CONFIG_INET_SCTP_DIAG=y +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +CONFIG_STP=y +CONFIG_BRIDGE=y +CONFIG_BRIDGE_IGMP_SNOOPING=y +# CONFIG_BRIDGE_VLAN_FILTERING is not set +# CONFIG_BRIDGE_MRP is not set +# CONFIG_BRIDGE_CFM is not set +# CONFIG_NET_DSA is not set +CONFIG_VLAN_8021Q=y +# CONFIG_VLAN_8021Q_GVRP is not set +# CONFIG_VLAN_8021Q_MVRP is not set +CONFIG_LLC=y +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +CONFIG_NET_SCH_CBQ=y +CONFIG_NET_SCH_HTB=y +CONFIG_NET_SCH_HFSC=y +CONFIG_NET_SCH_PRIO=y +CONFIG_NET_SCH_MULTIQ=y +CONFIG_NET_SCH_RED=y +CONFIG_NET_SCH_SFB=y +CONFIG_NET_SCH_SFQ=y +CONFIG_NET_SCH_TEQL=y +CONFIG_NET_SCH_TBF=y +CONFIG_NET_SCH_CBS=y +CONFIG_NET_SCH_ETF=y +CONFIG_NET_SCH_TAPRIO=y +CONFIG_NET_SCH_GRED=y +CONFIG_NET_SCH_DSMARK=y +CONFIG_NET_SCH_NETEM=y +CONFIG_NET_SCH_DRR=y +CONFIG_NET_SCH_MQPRIO=y +CONFIG_NET_SCH_SKBPRIO=y +CONFIG_NET_SCH_CHOKE=y +CONFIG_NET_SCH_QFQ=y +CONFIG_NET_SCH_CODEL=y +CONFIG_NET_SCH_FQ_CODEL=y +CONFIG_NET_SCH_CAKE=y +CONFIG_NET_SCH_FQ=y +CONFIG_NET_SCH_HHF=y +CONFIG_NET_SCH_PIE=y +CONFIG_NET_SCH_FQ_PIE=y +CONFIG_NET_SCH_INGRESS=y +CONFIG_NET_SCH_PLUG=y +CONFIG_NET_SCH_ETS=y +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +CONFIG_NET_CLS_BASIC=y +CONFIG_NET_CLS_ROUTE4=y +CONFIG_NET_CLS_FW=y +CONFIG_NET_CLS_U32=y +CONFIG_CLS_U32_PERF=y +CONFIG_CLS_U32_MARK=y +CONFIG_NET_CLS_FLOW=y +CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_CLS_BPF=y +CONFIG_NET_CLS_FLOWER=y +CONFIG_NET_CLS_MATCHALL=y +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +CONFIG_NET_EMATCH_CMP=y +CONFIG_NET_EMATCH_NBYTE=y +CONFIG_NET_EMATCH_U32=y +CONFIG_NET_EMATCH_META=y +CONFIG_NET_EMATCH_TEXT=y +CONFIG_NET_EMATCH_IPT=y +CONFIG_NET_CLS_ACT=y +CONFIG_NET_ACT_POLICE=y +CONFIG_NET_ACT_GACT=y +CONFIG_GACT_PROB=y +CONFIG_NET_ACT_MIRRED=y +CONFIG_NET_ACT_SAMPLE=y +CONFIG_NET_ACT_IPT=y +CONFIG_NET_ACT_NAT=y +CONFIG_NET_ACT_PEDIT=y +CONFIG_NET_ACT_SIMP=y +CONFIG_NET_ACT_SKBEDIT=y +CONFIG_NET_ACT_CSUM=y +CONFIG_NET_ACT_MPLS=y +CONFIG_NET_ACT_VLAN=y +CONFIG_NET_ACT_BPF=y +CONFIG_NET_ACT_CONNMARK=y +CONFIG_NET_ACT_CTINFO=y +CONFIG_NET_ACT_SKBMOD=y +CONFIG_NET_ACT_IFE=y +CONFIG_NET_ACT_TUNNEL_KEY=y +CONFIG_NET_ACT_GATE=y +CONFIG_NET_IFE_SKBMARK=y +CONFIG_NET_IFE_SKBPRIO=y +CONFIG_NET_IFE_SKBTCINDEX=y +CONFIG_NET_TC_SKB_EXT=y +CONFIG_NET_SCH_FIFO=y +# CONFIG_DCB is not set +CONFIG_DNS_RESOLVER=y +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +CONFIG_VSOCKETS=y +CONFIG_VSOCKETS_DIAG=y +# CONFIG_VSOCKETS_LOOPBACK is not set +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VIRTIO_VSOCKETS_COMMON=y +CONFIG_NETLINK_DIAG=y +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +CONFIG_NET_L3_MASTER_DEV=y +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_STREAM_PARSER is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_STREAM_PARSER=y +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +# CONFIG_WIRELESS is not set +# CONFIG_RFKILL is not set +# CONFIG_NET_9P is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +CONFIG_PSAMPLE=y +CONFIG_NET_IFE=y +CONFIG_LWTUNNEL=y +CONFIG_LWTUNNEL_BPF=y +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_NET_SOCK_MSG=y +CONFIG_PAGE_POOL=y +# CONFIG_PAGE_POOL_STATS is not set +CONFIG_FAILOVER=y +# CONFIG_ETHTOOL_NETLINK is not set + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +# CONFIG_HOTPLUG_PCI_PCIE is not set +CONFIG_PCIEAER=y +# CONFIG_PCIEAER_INJECT is not set +# CONFIG_PCIE_ECRC is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y +# CONFIG_PCIE_DPC is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +CONFIG_PCI_DEBUG=y +CONFIG_PCI_STUB=y +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +# CONFIG_PCI_P2PDMA is not set +CONFIG_PCI_LABEL=y +# CONFIG_PCIE_BUS_TUNE_OFF is not set +CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_PEER2PEER is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +# CONFIG_HOTPLUG_PCI_ACPI_IBM is not set +# CONFIG_HOTPLUG_PCI_CPCI is not set +# CONFIG_HOTPLUG_PCI_SHPC is not set + +# +# PCI controller drivers +# +# CONFIG_VMD is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_MESON is not set +# end of DesignWare PCI Core Support + +# +# Mobiveil PCIe Core Support +# +# end of Mobiveil PCIe Core Support + +# +# Cadence PCIe controllers support +# +# end of Cadence PCIe controllers support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_FW_LOADER_PAGED_BUF=y +CONFIG_FW_LOADER_SYSFS=y +CONFIG_EXTRA_FIRMWARE="" +CONFIG_FW_LOADER_USER_HELPER=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +# CONFIG_FW_LOADER_COMPRESS is not set +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +CONFIG_DMI_SYSFS=y +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_ESRT=y +CONFIG_EFI_RUNTIME_MAP=y +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_DXE_MEM_ATTRIBUTES=y +CONFIG_EFI_RUNTIME_WRAPPERS=y +CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_APPLE_PROPERTIES is not set +# CONFIG_RESET_ATTACK_MITIGATION is not set +# CONFIG_EFI_RCI2_TABLE is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +CONFIG_EFI_EARLYCON=y +# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set +# CONFIG_EFI_DISABLE_RUNTIME is not set +# CONFIG_EFI_COCO_SECRET is not set +# end of EFI (Extensible Firmware Interface) Support + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +CONFIG_BLK_DEV_NULL_BLK=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_ZRAM=y +CONFIG_ZRAM_DEF_COMP_LZORLE=y +# CONFIG_ZRAM_DEF_COMP_LZO is not set +CONFIG_ZRAM_DEF_COMP="lzo-rle" +# CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_MEMORY_TRACKING is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=16384 +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# CONFIG_NVME_TARGET is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# +# Altera FPGA firmware download module (requires I2C) +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_HABANA_AI is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# end of SCSI device support + +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +CONFIG_WIREGUARD=y +# CONFIG_WIREGUARD_DEBUG is not set +# CONFIG_EQUALIZER is not set +# CONFIG_IFB is not set +# CONFIG_NET_TEAM is not set +CONFIG_MACVLAN=y +# CONFIG_MACVTAP is not set +CONFIG_IPVLAN_L3S=y +CONFIG_IPVLAN=y +# CONFIG_IPVTAP is not set +CONFIG_VXLAN=y +CONFIG_GENEVE=y +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +CONFIG_VETH=y +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_NET_VRF is not set +# CONFIG_ARCNET is not set +# CONFIG_ETHERNET is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PSE_CONTROLLER is not set +# CONFIG_MDIO_DEVICE is not set + +# +# PCS device drivers +# +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +# CONFIG_WLAN is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_NETDEVSIM is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +CONFIG_INPUT_FF_MEMLESS=y +CONFIG_INPUT_SPARSEKMAP=y +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ATKBD is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +CONFIG_INPUT_MISC=y +# CONFIG_INPUT_AD714X is not set +# CONFIG_INPUT_E3X0_BUTTON is not set +# CONFIG_INPUT_PCSPKR is not set +# CONFIG_INPUT_ATLAS_BTNS is not set +CONFIG_INPUT_UINPUT=y +# CONFIG_INPUT_ADXL34X is not set +# CONFIG_INPUT_CMA3000 is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +# CONFIG_SERIO is not set +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +# CONFIG_LDISC_AUTOLOAD is not set + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_DMA=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_EXAR=y +CONFIG_SERIAL_8250_NR_UARTS=1 +CONFIG_SERIAL_8250_RUNTIME_UARTS=1 +# CONFIG_SERIAL_8250_EXTENDED is not set +CONFIG_SERIAL_8250_DWLIB=y +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_LPSS=y +CONFIG_SERIAL_8250_MID=y +CONFIG_SERIAL_8250_PERICOM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +CONFIG_SERIAL_ARC=y +# CONFIG_SERIAL_ARC_CONSOLE is not set +CONFIG_SERIAL_ARC_NR_PORTS=1 +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_DEV_CTRL_TTYPORT=y +# CONFIG_TTY_PRINTK is not set +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +CONFIG_HW_RANDOM_INTEL=y +CONFIG_HW_RANDOM_AMD=y +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=y +CONFIG_HW_RANDOM_VIRTIO=y +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +CONFIG_NVRAM=y +CONFIG_DEVPORT=y +# CONFIG_HPET is not set +CONFIG_HANGCHECK_TIMER=y +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_RANDOM_TRUST_CPU is not set +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices + +# +# I2C support +# +# CONFIG_I2C is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +CONFIG_PPS_DEBUG=y + +# +# PPS clients support +# +CONFIG_PPS_CLIENT_KTIMER=y +CONFIG_PPS_CLIENT_LDISC=y +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_PTP_1588_CLOCK_KVM=y +# end of PTP clock support + +CONFIG_PINCTRL=y +# CONFIG_DEBUG_PINCTRL is not set +# CONFIG_PINCTRL_AMD is not set + +# +# Intel pinctrl drivers +# +# CONFIG_PINCTRL_BAYTRAIL is not set +# CONFIG_PINCTRL_CHERRYVIEW is not set +# CONFIG_PINCTRL_LYNXPOINT is not set +# CONFIG_PINCTRL_ALDERLAKE is not set +# CONFIG_PINCTRL_BROXTON is not set +# CONFIG_PINCTRL_CANNONLAKE is not set +# CONFIG_PINCTRL_CEDARFORK is not set +# CONFIG_PINCTRL_DENVERTON is not set +# CONFIG_PINCTRL_ELKHARTLAKE is not set +# CONFIG_PINCTRL_EMMITSBURG is not set +# CONFIG_PINCTRL_GEMINILAKE is not set +# CONFIG_PINCTRL_ICELAKE is not set +# CONFIG_PINCTRL_JASPERLAKE is not set +# CONFIG_PINCTRL_LAKEFIELD is not set +# CONFIG_PINCTRL_LEWISBURG is not set +# CONFIG_PINCTRL_METEORLAKE is not set +# CONFIG_PINCTRL_SUNRISEPOINT is not set +# CONFIG_PINCTRL_TIGERLAKE is not set +# end of Intel pinctrl drivers + +# +# Renesas pinctrl drivers +# +# end of Renesas pinctrl drivers + +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_RESET=y +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_HWMON is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +CONFIG_THERMAL_GOV_FAIR_SHARE=y +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +# CONFIG_X86_PKG_TEMP_THERMAL is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + +CONFIG_WATCHDOG=y +CONFIG_WATCHDOG_CORE=y +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +# CONFIG_WATCHDOG_SYSFS is not set +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# +# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set + +# +# Watchdog Device Drivers +# +# CONFIG_SOFT_WATCHDOG is not set +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_EXAR_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_ITCO_WDT is not set +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_MADERA is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_RAVE_SP_CORE is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_APERTURE_HELPERS=y +# CONFIG_AGP is not set +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set + +# +# ARM devices +# +# end of ARM devices + +# +# Frame buffer Devices +# +CONFIG_FB_CMDLINE=y +CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set +# CONFIG_FB_FOREIGN_ENDIAN is not set +# CONFIG_FB_MODE_HELPERS is not set +# CONFIG_FB_TILEBLITTING is not set + +# +# Frame buffer hardware drivers +# +# CONFIG_FB_CIRRUS is not set +# CONFIG_FB_PM2 is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ARC is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_VGA16 is not set +# CONFIG_FB_UVESA is not set +# CONFIG_FB_VESA is not set +# CONFIG_FB_EFI is not set +# CONFIG_FB_N411 is not set +# CONFIG_FB_HGA is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set +# CONFIG_FB_I740 is not set +# CONFIG_FB_LE80578 is not set +# CONFIG_FB_MATROX is not set +# CONFIG_FB_RADEON is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SM712 is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +CONFIG_LCD_CLASS_DEVICE=y +# CONFIG_LCD_PLATFORM is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BACKLIGHT_APPLE is not set +# CONFIG_BACKLIGHT_QCOM_WLED is not set +# CONFIG_BACKLIGHT_SAHARA is not set +# end of Backlight & LCD device support + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set +# end of Console display driver support + +# CONFIG_LOGO is not set +# end of Graphics support + +# CONFIG_SOUND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +CONFIG_HIDRAW=y +CONFIG_UHID=y +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +# CONFIG_HID_A4TECH is not set +# CONFIG_HID_ACRUX is not set +# CONFIG_HID_AUREAL is not set +# CONFIG_HID_BELKIN is not set +# CONFIG_HID_CHERRY is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_EZKEY is not set +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_VRC2 is not set +# CONFIG_HID_XIAOMI is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +CONFIG_HID_REDRAGON=y +# CONFIG_HID_MICROSOFT is not set +# CONFIG_HID_MONTEREY is not set +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PXRC is not set +# CONFIG_HID_RAZER is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_TOPRE is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# end of Special HID drivers + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support + +# +# AMD SFH HID Support +# +# CONFIG_AMD_SFH_HID is not set +# end of AMD SFH HID Support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +# CONFIG_USB_SUPPORT is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set +CONFIG_RTC_I2C_AND_SPI=y +CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set + +# +# DMA Devices +# +CONFIG_DMA_ENGINE=y +CONFIG_DMA_VIRTUAL_CHANNELS=y +CONFIG_DMA_ACPI=y +# CONFIG_ALTERA_MSGDMA is not set +# CONFIG_INTEL_IDMA64 is not set +# CONFIG_INTEL_IDXD_COMPAT is not set +# CONFIG_INTEL_IOATDMA is not set +# CONFIG_PLX_DMA is not set +# CONFIG_AMD_PTDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QCOM_HIDMA is not set +CONFIG_DW_DMAC_CORE=y +# CONFIG_DW_DMAC is not set +CONFIG_DW_DMAC_PCI=y +# CONFIG_DW_EDMA is not set +# CONFIG_DW_EDMA_PCIE is not set +CONFIG_HSU_DMA=y +# CONFIG_SF_PDMA is not set +# CONFIG_INTEL_LDMA is not set + +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_SW_SYNC is not set +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +CONFIG_UIO=y +# CONFIG_UIO_CIF is not set +CONFIG_UIO_PDRV_GENIRQ=y +CONFIG_UIO_DMEM_GENIRQ=y +# CONFIG_UIO_AEC is not set +# CONFIG_UIO_SERCOS3 is not set +# CONFIG_UIO_PCI_GENERIC is not set +# CONFIG_UIO_NETX is not set +# CONFIG_UIO_PRUSS is not set +# CONFIG_UIO_MF624 is not set +CONFIG_VFIO=y +CONFIG_VFIO_IOMMU_TYPE1=y +CONFIG_VFIO_VIRQFD=y +# CONFIG_VFIO_NOIOMMU is not set +CONFIG_VFIO_PCI_CORE=y +CONFIG_VFIO_PCI_MMAP=y +CONFIG_VFIO_PCI_INTX=y +CONFIG_VFIO_PCI=y +# CONFIG_VFIO_PCI_VGA is not set +# CONFIG_VFIO_PCI_IGD is not set +# CONFIG_VFIO_MDEV is not set +CONFIG_IRQ_BYPASS_MANAGER=y +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO_ANCHOR=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_PMEM=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_MEM=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_DMA_SHARED_BUFFER=y +# CONFIG_VDPA is not set +CONFIG_VHOST_MENU=y +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_VSOCK is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Microsoft Hyper-V guest support +# +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +# CONFIG_SURFACE_PLATFORMS is not set +# CONFIG_X86_PLATFORM_DEVICES is not set +# CONFIG_P2SB is not set +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y +# CONFIG_XILINX_VCU is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEBUGFS is not set +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set +CONFIG_VIRTIO_IOMMU=y + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +CONFIG_RAS=y +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +CONFIG_LIBNVDIMM=y +CONFIG_BLK_DEV_PMEM=y +CONFIG_ND_CLAIM=y +CONFIG_ND_BTT=y +CONFIG_BTT=y +CONFIG_ND_PFN=y +CONFIG_NVDIMM_PFN=y +CONFIG_NVDIMM_DAX=y +CONFIG_DAX=y +CONFIG_DEV_DAX=y +CONFIG_DEV_DAX_PMEM=y +CONFIG_DEV_DAX_KMEM=y +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_MOST is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +CONFIG_EXT4_DEBUG=y +CONFIG_JBD2=y +CONFIG_JBD2_DEBUG=y +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_OCFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +CONFIG_FS_DAX=y +CONFIG_FS_DAX_PMD=y +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_FS_ENCRYPTION=y +CONFIG_FS_ENCRYPTION_ALGS=y +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +CONFIG_FANOTIFY=y +# CONFIG_QUOTA is not set +CONFIG_AUTOFS4_FS=y +CONFIG_AUTOFS_FS=y +CONFIG_FUSE_FS=y +CONFIG_CUSE=y +CONFIG_VIRTIO_FS=y +CONFIG_FUSE_DAX=y +CONFIG_OVERLAY_FS=y +# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set +CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y +# CONFIG_OVERLAY_FS_INDEX is not set +# CONFIG_OVERLAY_FS_XINO_AUTO is not set +# CONFIG_OVERLAY_FS_METACOPY is not set + +# +# Caches +# +CONFIG_NETFS_SUPPORT=y +# CONFIG_NETFS_STATS is not set +CONFIG_FSCACHE=y +# CONFIG_FSCACHE_STATS is not set +# CONFIG_FSCACHE_DEBUG is not set +CONFIG_CACHEFILES=y +# CONFIG_CACHEFILES_DEBUG is not set +# CONFIG_CACHEFILES_ERROR_INJECTION is not set +# CONFIG_CACHEFILES_ONDEMAND is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +CONFIG_UDF_FS=y +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="ascii" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +CONFIG_PROC_CHILDREN=y +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_TMPFS_INODE64 is not set +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y +CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +CONFIG_CONFIGFS_FS=y +CONFIG_EFIVAR_FS=y +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +CONFIG_SQUASHFS=y +CONFIG_SQUASHFS_FILE_CACHE=y +# CONFIG_SQUASHFS_FILE_DIRECT is not set +CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set +# CONFIG_SQUASHFS_XATTR is not set +CONFIG_SQUASHFS_ZLIB=y +# CONFIG_SQUASHFS_LZ4 is not set +# CONFIG_SQUASHFS_LZO is not set +CONFIG_SQUASHFS_XZ=y +# CONFIG_SQUASHFS_ZSTD is not set +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set +# CONFIG_SQUASHFS_EMBEDDED is not set +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_NFS_FS=y +CONFIG_NFS_V2=y +CONFIG_NFS_V3=y +# CONFIG_NFS_V3_ACL is not set +CONFIG_NFS_V4=y +# CONFIG_NFS_SWAP is not set +# CONFIG_NFS_V4_1 is not set +# CONFIG_ROOT_NFS is not set +# CONFIG_NFS_FSCACHE is not set +# CONFIG_NFS_USE_LEGACY_DNS is not set +CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DISABLE_UDP_SUPPORT=y +CONFIG_NFSD=y +# CONFIG_NFSD_V3_ACL is not set +CONFIG_NFSD_V4=y +# CONFIG_NFSD_BLOCKLAYOUT is not set +# CONFIG_NFSD_SCSILAYOUT is not set +# CONFIG_NFSD_FLEXFILELAYOUT is not set +CONFIG_GRACE_PERIOD=y +CONFIG_LOCKD=y +CONFIG_LOCKD_V4=y +CONFIG_NFS_COMMON=y +CONFIG_SUNRPC=y +CONFIG_SUNRPC_GSS=y +CONFIG_RPCSEC_GSS_KRB5=y +# CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set +# CONFIG_SUNRPC_DEBUG is not set +# CONFIG_CEPH_FS is not set +CONFIG_CIFS=y +# CONFIG_CIFS_STATS2 is not set +CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y +CONFIG_CIFS_UPCALL=y +CONFIG_CIFS_XATTR=y +CONFIG_CIFS_POSIX=y +# CONFIG_CIFS_DEBUG is not set +CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SMB_DIRECT is not set +# CONFIG_SMB_SERVER is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_CODEPAGE_737=y +CONFIG_NLS_CODEPAGE_775=y +CONFIG_NLS_CODEPAGE_850=y +CONFIG_NLS_CODEPAGE_852=y +CONFIG_NLS_CODEPAGE_855=y +CONFIG_NLS_CODEPAGE_857=y +CONFIG_NLS_CODEPAGE_860=y +CONFIG_NLS_CODEPAGE_861=y +CONFIG_NLS_CODEPAGE_862=y +CONFIG_NLS_CODEPAGE_863=y +CONFIG_NLS_CODEPAGE_864=y +CONFIG_NLS_CODEPAGE_865=y +CONFIG_NLS_CODEPAGE_866=y +CONFIG_NLS_CODEPAGE_869=y +CONFIG_NLS_CODEPAGE_936=y +CONFIG_NLS_CODEPAGE_950=y +CONFIG_NLS_CODEPAGE_932=y +CONFIG_NLS_CODEPAGE_949=y +CONFIG_NLS_CODEPAGE_874=y +CONFIG_NLS_ISO8859_8=y +CONFIG_NLS_CODEPAGE_1250=y +CONFIG_NLS_CODEPAGE_1251=y +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +CONFIG_NLS_MAC_ROMAN=y +CONFIG_NLS_MAC_CELTIC=y +CONFIG_NLS_MAC_CENTEURO=y +CONFIG_NLS_MAC_CROATIAN=y +CONFIG_NLS_MAC_CYRILLIC=y +CONFIG_NLS_MAC_GAELIC=y +CONFIG_NLS_MAC_GREEK=y +CONFIG_NLS_MAC_ICELAND=y +CONFIG_NLS_MAC_INUIT=y +CONFIG_NLS_MAC_ROMANIAN=y +CONFIG_NLS_MAC_TURKISH=y +CONFIG_NLS_UTF8=y +# CONFIG_DLM is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +CONFIG_PERSISTENT_KEYRINGS=y +# CONFIG_BIG_KEYS is not set +# CONFIG_TRUSTED_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +CONFIG_SECURITYFS=y +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +CONFIG_FORTIFY_SOURCE=y +# CONFIG_STATIC_USERMODEHELPER is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="yama,loadpin,safesetid,integrity" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# end of Memory initialization + +CONFIG_RANDSTRUCT_NONE=y +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +# CONFIG_CRYPTO_FIPS is not set +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +# CONFIG_CRYPTO_USER is not set +# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set +# CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +# CONFIG_CRYPTO_TEST is not set +CONFIG_CRYPTO_SIMD=y +# end of Crypto core or helper + +# +# Public-key cryptography +# +# CONFIG_CRYPTO_RSA is not set +# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_ECC=y +# CONFIG_CRYPTO_ECDH is not set +CONFIG_CRYPTO_ECDSA=y +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +CONFIG_CRYPTO_TWOFISH_COMMON=y +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set +CONFIG_CRYPTO_CBC=y +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=y +CONFIG_CRYPTO_CTS=y +CONFIG_CRYPTO_ECB=y +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +CONFIG_CRYPTO_LRW=y +# CONFIG_CRYPTO_OFB is not set +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +# CONFIG_CRYPTO_BLAKE2B is not set +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HMAC=y +# CONFIG_CRYPTO_MD4 is not set +CONFIG_CRYPTO_MD5=y +# CONFIG_CRYPTO_MICHAEL_MIC is not set +CONFIG_CRYPTO_POLY1305=y +# CONFIG_CRYPTO_RMD160 is not set +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +# CONFIG_CRYPTO_SHA3 is not set +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRCT10DIF=y +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +# end of Random number generation + +# +# Userspace interface +# +CONFIG_CRYPTO_USER_API=y +# CONFIG_CRYPTO_USER_API_HASH is not set +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +CONFIG_CRYPTO_USER_API_RNG=y +# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set +# end of Userspace interface + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +CONFIG_CRYPTO_CURVE25519_X86=y +CONFIG_CRYPTO_AES_NI_INTEL=y +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +CONFIG_CRYPTO_CHACHA20_X86_64=y +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +CONFIG_CRYPTO_BLAKE2S_X86=y +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +CONFIG_CRYPTO_POLY1305_X86_64=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +CONFIG_CRYPTO_CRC32C_INTEL=y +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +# CONFIG_CRYPTO_HW is not set +# CONFIG_ASYMMETRIC_KEY_TYPE is not set + +# +# Certificates for signature checking +# +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +# end of Certificates for signature checking + +CONFIG_BINARY_PRINTF=y + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y +CONFIG_CRYPTO_LIB_CHACHA=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y +CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y +CONFIG_CRYPTO_LIB_CURVE25519=y +CONFIG_CRYPTO_LIB_DES=y +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y +CONFIG_CRYPTO_LIB_POLY1305=y +CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +# CONFIG_CRC64_ROCKSOFT is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_ZSTD_COMMON=y +CONFIG_ZSTD_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_MICROLZMA is not set +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_BZIP2=y +CONFIG_DECOMPRESS_LZMA=y +CONFIG_DECOMPRESS_XZ=y +CONFIG_DECOMPRESS_LZO=y +CONFIG_DECOMPRESS_LZ4=y +CONFIG_DECOMPRESS_ZSTD=y +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_SWIOTLB=y +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_DMA_MAP_BENCHMARK is not set +CONFIG_SGL_ALLOC=y +# CONFIG_FORCE_NR_CPUS is not set +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_IRQ_POLL=y +CONFIG_OID_REGISTRY=y +CONFIG_UCS2_STRING=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y +CONFIG_SBITMAP=y +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +CONFIG_DYNAMIC_DEBUG=y +CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_SYMBOLIC_ERRNAME=y +# CONFIG_DEBUG_BUGVERBOSE is not set +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Compile-time checks and compiler options +# +CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_INFO_NONE=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +CONFIG_FRAME_WARN=2048 +CONFIG_STRIP_ASM_SYMS=y +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +CONFIG_DEBUG_SECTION_MISMATCH=y +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set +CONFIG_FRAME_POINTER=y +CONFIG_OBJTOOL=y +CONFIG_STACK_VALIDATION=y +CONFIG_VMLINUX_MAP=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 +CONFIG_MAGIC_SYSRQ_SERIAL=y +CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_FS_ALLOW_ALL=y +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +# CONFIG_PTDUMP_DEBUGFS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SHRINKER_DEBUG is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +# CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +# CONFIG_SCHED_DEBUG is not set +CONFIG_SCHED_INFO=y +# CONFIG_SCHEDSTATS is not set +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_DEBUG_PREEMPT is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +CONFIG_DEBUG_LIST=y +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=59 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +CONFIG_STRICT_DEVMEM=y +# CONFIG_IO_STRICT_DEVMEM is not set + +# +# x86 Debugging +# +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_EFI_PGT_DUMP is not set +# CONFIG_DEBUG_TLBFLUSH is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_DEBUG_BOOT_PARAMS is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_FPU is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set +# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_FRAME_POINTER=y +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_LKDTM is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_STRING_SELFTEST is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_STRSCPY is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_SIPHASH is not set +# CONFIG_TEST_IDA is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_DYNAMIC_DEBUG is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking diff --git a/kernel/image/Dockerfile b/kernel/image/Dockerfile new file mode 100644 index 0000000..99a9857 --- /dev/null +++ b/kernel/image/Dockerfile @@ -0,0 +1,30 @@ +FROM ubuntu:focal + +RUN apt-get update && apt-get install -y \ + autoconf \ + bc \ + binutils-multiarch \ + binutils-aarch64-linux-gnu \ + binutils-x86-64-linux-gnu \ + bison \ + flex \ + gcc \ + xz-utils \ + gcc-aarch64-linux-gnu \ + gcc-x86-64-linux-gnu \ + git \ + libncurses-dev \ + make \ + openssl \ + python-is-python3 \ +&& apt-get clean \ +&& rm -rf /var/lib/apt/lists/* + +COPY sources.list /etc/apt/sources.list + +RUN apt-get update \ +&& dpkg --add-architecture arm64 \ +&& dpkg --add-architecture amd64 \ +&& apt-get install -y libelf-dev:arm64 libelf-dev:amd64 \ +&& apt-get clean \ +&& rm -rf /var/lib/apt/lists/* \ No newline at end of file diff --git a/kernel/image/sources.list b/kernel/image/sources.list new file mode 100644 index 0000000..57bc29b --- /dev/null +++ b/kernel/image/sources.list @@ -0,0 +1,15 @@ +deb [arch=arm64] http://ports.ubuntu.com/ focal main restricted +deb [arch=arm64] http://ports.ubuntu.com/ focal-updates main restricted +deb [arch=arm64] http://ports.ubuntu.com/ focal universe +deb [arch=arm64] http://ports.ubuntu.com/ focal-updates universe +deb [arch=arm64] http://ports.ubuntu.com/ focal multiverse +deb [arch=arm64] http://ports.ubuntu.com/ focal-updates multiverse +deb [arch=arm64] http://ports.ubuntu.com/ focal-backports main restricted universe multiverse + +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal main +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal-updates main restricted +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal universe +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal-updates universe +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal multiverse +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal-updates multiverse +deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse \ No newline at end of file diff --git a/licenserc.toml b/licenserc.toml new file mode 100644 index 0000000..43b81fc --- /dev/null +++ b/licenserc.toml @@ -0,0 +1,27 @@ +additionalHeaders = ["scripts/cz-header-style.toml"] + +headerPath = "scripts/license-header.txt" + +includes = [ + "Makefile", + "*.Makefile", + "*.swift", + "*.h", + "*.cpp", + "*.c", + "*.sh", +] + +excludes = [ + "Sources/ContainerizationArchive/CArchive/include", +] + +[git] +attrs = 'enable' +ignore = 'enable' + +[properties] +copyrightOwner = "Apple Inc. and the Containerization project authors" + +[mapping.SWIFT_STYLE] +extensions = ["swift"] diff --git a/scripts/build-dist-x86_64.sh b/scripts/build-dist-x86_64.sh new file mode 100755 index 0000000..f0e0cf9 --- /dev/null +++ b/scripts/build-dist-x86_64.sh @@ -0,0 +1,243 @@ +#!/bin/bash +# Copyright © 2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Builds the x86_64 deployment tarball. +# +# Runs INSIDE the aarch64 Linux dev container (invoked by +# `make dist-x86_64` via the linux_run macro). Cross-compiles all four +# host-side binaries — cctl, vminitd, cloud-hypervisor, virtiofsd — +# to x86_64-linux-musl, packs an initfs.ext4 with the x86_64 guest +# binaries inside, and emits bin/containerization-x86_64-.tar.gz. +# +# See docs/x86_64-build.md for full documentation: prerequisites, +# pipeline stages, toolchain rationale, and troubleshooting. +# +# Force-rebuild env vars (default = skip stages whose outputs are +# up-to-date): +# REBUILD_VMINITD=1 vminitd + vmexec +# REBUILD_INITFS=1 initfs.ext4 (and the native aarch64 cctl packer) +# REBUILD_CH=1 cloud-hypervisor +# REBUILD_VIRTIOFSD=1 virtiofsd +# cctl x86 cross always rebuilds (Swift incremental handles no-ops). + +set -euo pipefail + +cd /workspace + +GIT_SHA=$(git rev-parse --short HEAD 2>/dev/null || echo unknown) +DIST_NAME="containerization-x86_64-${GIT_SHA}" +DIST_DIR="bin/dist-x86_64" +STAGE="${DIST_DIR}/${DIST_NAME}" +TGZ="bin/${DIST_NAME}.tar.gz" + +CROSS_PREFIX=/opt/cross-x86_64-musl +GNU_PREFIX=/opt/cross-x86_64-gnu +PATCH=/workspace/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch + +# Cargo cross env for the musl stages (cctl, vminitd, cloud-hypervisor). +# CC/CXX/AR are used by cc-rs (Rust build scripts that compile C, e.g. +# zstd-sys, libseccomp-sys, capng) — points them at the Zig-backed +# wrappers. Linker is intentionally NOT set here: cargo-zigbuild +# installs its own linker wrapper that strips Rust's self-contained +# musl crt files (which would otherwise collide with Zig's musl crt). +# Setting CARGO_TARGET_*_LINKER ourselves would override that and +# cause duplicate-symbol link errors. +# pkg-config (used by libseccomp-sys and libcap-ng's capng-sys) points +# at the static-musl prefix, not the aarch64 host. +# PKG_CONFIG_ALL_STATIC=1 makes pkg-config-rs emit +# `rustc-link-lib=static=...` for resolved libs — required because +# the C libs at $CROSS_PREFIX are static-only (.a, no .so), so the +# default dynamic link would fail to find the .so. +# +# virtiofsd has its own glibc-dynamic env block below; it overrides +# PKG_CONFIG_LIBDIR / SYSROOT_DIR in a subshell so the musl values +# stay correct for cloud-hypervisor. +. /root/.cargo/env +export CC_x86_64_unknown_linux_musl=x86_64-linux-musl-gcc +export CXX_x86_64_unknown_linux_musl=x86_64-linux-musl-g++ +export AR_x86_64_unknown_linux_musl=x86_64-linux-musl-ar +export PKG_CONFIG_LIBDIR="${CROSS_PREFIX}/lib/pkgconfig" +export PKG_CONFIG_SYSROOT_DIR="${CROSS_PREFIX}" +export PKG_CONFIG_ALLOW_CROSS=1 +# Add the static-musl cross prefix to rustc's native library search +# path so the linker finds the libseccomp.so / libcap-ng.so linker +# scripts that build-musl-x86_64-deps.sh installs alongside the .a +# files. The scripts redirect resolution to the static archives. +export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-L native=${CROSS_PREFIX}/lib" + +# Pre-flight checks +[ -f .local/cloud-hypervisor/Cargo.toml ] || { + echo "ERROR: missing .local/cloud-hypervisor source checkout." >&2 + echo " git clone -b v52.0 https://github.com/cloud-hypervisor/cloud-hypervisor .local/cloud-hypervisor" >&2 + exit 1 +} +[ -f .local/virtiofsd/Cargo.toml ] || { + echo "ERROR: missing .local/virtiofsd source checkout." >&2 + echo " git clone https://gitlab.com/virtio-fs/virtiofsd .local/virtiofsd" >&2 + exit 1 +} + +# Kernel candidates (prefer the compressed bzImage produced by +# `make -C kernel TARGET_ARCH=x86_64`, fall back to an uncompressed +# vmlinux). The kernel is required — a tarball without one isn't +# usable, so fail hard rather than silently producing one. +KERNEL_SRC= +for candidate in kernel/vmlinuz-x86_64 kernel/vmlinux-x86_64; do + if [ -f "$candidate" ]; then + if file "$candidate" | grep -qE 'x86 boot|x86-64'; then + KERNEL_SRC=$candidate + break + else + echo "ERROR: $candidate exists but is not x86_64." >&2 + file "$candidate" >&2 + exit 1 + fi + fi +done +if [ -z "${KERNEL_SRC}" ]; then + echo "ERROR: no x86_64 kernel found at kernel/vmlinuz-x86_64 or kernel/vmlinux-x86_64." >&2 + echo " build one with 'make -C kernel TARGET_ARCH=x86_64'." >&2 + exit 1 +fi + +mkdir -p "${DIST_DIR}" + +# Decide which steps need to run before doing any work, so log messages +# match what's actually happening. + +NEED_VMINITD=1 +if [ "${REBUILD_VMINITD:-0}" != "1" ] \ + && [ -x "${DIST_DIR}/vminitd" ] && [ -x "${DIST_DIR}/vmexec" ] \ + && [ -z "$(find vminitd/Sources vminitd/Package.swift Sources/Containerization/SandboxContext \ + -newer "${DIST_DIR}/vminitd" -print -quit 2>/dev/null)" ] \ + && [ -z "$(find vminitd/Sources vminitd/Package.swift Sources/Containerization/SandboxContext \ + -newer "${DIST_DIR}/vmexec" -print -quit 2>/dev/null)" ]; then + NEED_VMINITD=0 +fi + +NEED_INITFS=1 +if [ "${REBUILD_INITFS:-0}" != "1" ] \ + && [ "${NEED_VMINITD}" = "0" ] \ + && [ -f "${DIST_DIR}/initfs.ext4" ] \ + && [ "${DIST_DIR}/initfs.ext4" -nt "${DIST_DIR}/vminitd" ] \ + && [ "${DIST_DIR}/initfs.ext4" -nt "${DIST_DIR}/vmexec" ]; then + NEED_INITFS=0 +fi + +NEED_CH=1 +if [ "${REBUILD_CH:-0}" != "1" ] && [ -x "${DIST_DIR}/cloud-hypervisor" ]; then + NEED_CH=0 +fi + +NEED_VIRTIOFSD=1 +if [ "${REBUILD_VIRTIOFSD:-0}" != "1" ] && [ -x "${DIST_DIR}/virtiofsd" ]; then + NEED_VIRTIOFSD=0 +fi + +echo "==> Cross-compiling cctl to x86_64-linux-musl" +swift build -c release \ + --swift-sdk x86_64-swift-linux-musl \ + --product cctl \ + -Xswiftc -warnings-as-errors \ + -Xlinker -L"${CROSS_PREFIX}/lib" \ + --disable-automatic-resolution +CCTL_X86_64_BIN="$(swift build -c release --swift-sdk x86_64-swift-linux-musl --show-bin-path)/cctl" +install -m 755 "${CCTL_X86_64_BIN}" "${DIST_DIR}/cctl" + +if [ "${NEED_VMINITD}" = "1" ]; then + echo "==> Cross-compiling vminitd + vmexec to x86_64-linux-musl" + make -C vminitd \ + LIBC=musl \ + MUSL_ARCH=x86_64 \ + BUILD_CONFIGURATION=release \ + INSTALL_DIR="$(pwd)/${DIST_DIR}" +else + echo "==> Reusing staged vminitd + vmexec (sources unchanged; set REBUILD_VMINITD=1 to force)" +fi + +if [ "${NEED_CH}" = "1" ]; then + echo "==> Cross-compiling cloud-hypervisor to x86_64-unknown-linux-musl" + ( + cd .local/cloud-hypervisor + cargo zigbuild --release --target x86_64-unknown-linux-musl --bin cloud-hypervisor + ) + install -m 755 \ + ".local/cloud-hypervisor/target/x86_64-unknown-linux-musl/release/cloud-hypervisor" \ + "${DIST_DIR}/cloud-hypervisor" +else + echo "==> Reusing staged cloud-hypervisor (set REBUILD_CH=1 to force)" +fi + +if [ "${NEED_VIRTIOFSD}" = "1" ]; then + echo "==> Cross-compiling virtiofsd to x86_64-unknown-linux-gnu.2.35 (glibc-dynamic, with cap-drop patch)" + # virtiofsd ships glibc-dynamic: the deployment host provides + # libseccomp.so.2 and libcap-ng.so.0 at runtime. Subshell scopes + # the gnu env so it doesn't bleed into other stages. + ( + export CC_x86_64_unknown_linux_gnu=x86_64-linux-gnu-gcc + export CXX_x86_64_unknown_linux_gnu=x86_64-linux-gnu-g++ + export AR_x86_64_unknown_linux_gnu=x86_64-linux-gnu-ar + export PKG_CONFIG_LIBDIR="${GNU_PREFIX}/lib/pkgconfig" + export PKG_CONFIG_SYSROOT_DIR="${GNU_PREFIX}" + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-L native=${GNU_PREFIX}/lib" + cd .local/virtiofsd + if git apply --check "${PATCH}" 2>/dev/null; then + git apply "${PATCH}" + echo "applied virtiofsd cap-drop patch" + elif git apply --reverse --check "${PATCH}" 2>/dev/null; then + echo "virtiofsd cap-drop patch already applied" + else + echo "ERROR: virtiofsd cap-drop patch does not apply cleanly" >&2 + exit 1 + fi + cargo zigbuild --release --target x86_64-unknown-linux-gnu.2.35 + ) + install -m 755 \ + ".local/virtiofsd/target/x86_64-unknown-linux-gnu/release/virtiofsd" \ + "${DIST_DIR}/virtiofsd" +else + echo "==> Reusing staged virtiofsd (set REBUILD_VIRTIOFSD=1 to force)" +fi + +if [ "${NEED_INITFS}" = "1" ]; then + echo "==> Building aarch64 cctl natively (used to pack initfs.ext4)" + swift build -c release --product cctl -Xswiftc -warnings-as-errors --disable-automatic-resolution + NATIVE_CCTL="$(swift build -c release --show-bin-path)/cctl" + + echo "==> Building initfs.ext4 with x86_64 guest binaries" + rm -f "${DIST_DIR}/init.rootfs.tar.gz" "${DIST_DIR}/initfs.ext4" + "${NATIVE_CCTL}" rootfs create \ + --vminitd "${DIST_DIR}/vminitd" \ + --vmexec "${DIST_DIR}/vmexec" \ + --ext4 "${DIST_DIR}/initfs.ext4" \ + --label org.opencontainers.image.source=https://github.com/apple/containerization \ + --image vminit-x86_64:latest \ + "${DIST_DIR}/init.rootfs.tar.gz" +else + echo "==> Reusing staged initfs.ext4 (vminitd/vmexec unchanged; set REBUILD_INITFS=1 to force)" +fi + +echo "==> Staging tree at ${STAGE} and packaging" +rm -rf "${STAGE}" +mkdir -p "${STAGE}/bin" +install -m 755 "${DIST_DIR}/cctl" "${STAGE}/bin/cctl" +install -m 755 "${DIST_DIR}/cloud-hypervisor" "${STAGE}/bin/cloud-hypervisor" +install -m 755 "${DIST_DIR}/virtiofsd" "${STAGE}/bin/virtiofsd" +mkdir -p "${STAGE}/kernel" +cp "${KERNEL_SRC}" "${STAGE}/kernel/$(basename "${KERNEL_SRC}")" +cp "${DIST_DIR}/initfs.ext4" "${STAGE}/initfs.ext4" +rm -f "${TGZ}" +tar -czf "${TGZ}" -C "${DIST_DIR}" "${DIST_NAME}" +echo "wrote ${TGZ}" diff --git a/scripts/build-glibc-x86_64-deps.sh b/scripts/build-glibc-x86_64-deps.sh new file mode 100755 index 0000000..751815c --- /dev/null +++ b/scripts/build-glibc-x86_64-deps.sh @@ -0,0 +1,138 @@ +#!/bin/bash +# Copyright © 2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Builds x86_64-linux-gnu shared-library versions of libseccomp and +# libcap-ng (the two C libs virtiofsd links against) and installs them +# at /opt/cross-x86_64-gnu. Sibling of build-musl-x86_64-deps.sh; the +# Dockerfile invokes both at image build time. +# +# Why a separate prefix: virtiofsd ships glibc-dynamic in the x86_64 +# tarball (see docs/x86_64-build.md) so deployment hosts can use their +# system libseccomp.so.2 + libcap-ng.so.0; everything else in the tarball +# stays musl-static. Mixing static-musl .a archives and dynamic-gnu .so +# files at one prefix confuses pkg-config and the linker, so they live +# apart. +# +# The glibc baseline is pinned at 2.35 (Ubuntu 22.04 / Debian 12 / RHEL 9 +# era) via the Zig wrapper scripts at /usr/local/bin/x86_64-linux-gnu-*, +# which dispatch to `zig cc -target x86_64-linux-gnu.2.35`. Bump the +# wrapper triple if the baseline moves. +# +# Only two libraries here, both shared: virtiofsd's other build-script +# deps (zstd, etc.) come from cargo crates that vendor C sources, and +# cctl's libarchive lives on the musl side. + +set -euo pipefail + +HOST=x86_64-linux-gnu +PREFIX=/opt/cross-x86_64-gnu + +mkdir -p "${PREFIX}/lib" "${PREFIX}/include" + +export CC="${HOST}-gcc" +export CXX="${HOST}-g++" +export AR="${HOST}-ar" +export RANLIB="${HOST}-ranlib" +export STRIP="${HOST}-strip" +export PKG_CONFIG_PATH="${PREFIX}/lib/pkgconfig" + +WORK=$(mktemp -d) +trap 'rm -rf "${WORK}"' EXIT +cd "${WORK}" + +JOBS="$(nproc)" + +# fetch_extract URL ARCHIVE +# +# Downloads URL to ARCHIVE then extracts. Relies on HTTPS for transport +# integrity; no SHA pinning. The other build-time deps (apt packages, +# Zig, Rust toolchain) trust the same. +fetch_extract() { + local url=$1 archive=$2 + curl -fsSL -o "${archive}" "${url}" + tar -xf "${archive}" +} + +# Sanity check: cross compiler produces clean output for a trivial +# program. autotools / libtool turn unexpected compiler chatter into +# baffling configure errors; surfacing it here gives a real message. +echo "==> cross compiler sanity check" +"${CC}" --version +cat > "${WORK}/sanity.c" <<'EOF' +void foo(void) {} +EOF +out=$("${CC}" -c "${WORK}/sanity.c" -o "${WORK}/sanity.o" 2>&1) || { + echo "ERROR: cross compiler failed on trivial test.c:" >&2 + echo "${out}" >&2 + exit 1 +} +if [ -n "${out}" ]; then + echo "WARNING: cross compiler emitted output on a clean compile:" >&2 + echo "${out}" >&2 +fi + +# libcap-ng — github auto-archive (release artifacts for older tags +# aren't always uploaded). +LIBCAP_NG_VERSION=0.8.5 +fetch_extract "https://github.com/stevegrubb/libcap-ng/archive/refs/tags/v${LIBCAP_NG_VERSION}.tar.gz" libcap-ng.tar.gz +( + cd "libcap-ng-${LIBCAP_NG_VERSION}" + # GNU automake's strict mode requires these standard files to exist; + # the auto-archive tarball doesn't ship NEWS. Cheaper than + # configure.ac surgery. + touch NEWS README AUTHORS ChangeLog + autoreconf -i + ./configure --host="${HOST}" --prefix="${PREFIX}" \ + --disable-static --enable-shared \ + --without-python --without-python3 + make -j"${JOBS}" + make install +) + +# libseccomp — needs gperf at build time (installed via the Dockerfile +# alongside the musl deps). Built shared here. +LIBSECCOMP_VERSION=2.5.5 +fetch_extract "https://github.com/seccomp/libseccomp/releases/download/v${LIBSECCOMP_VERSION}/libseccomp-${LIBSECCOMP_VERSION}.tar.gz" libseccomp.tar.gz +( + cd "libseccomp-${LIBSECCOMP_VERSION}" + ./configure --host="${HOST}" --prefix="${PREFIX}" \ + --disable-static --enable-shared \ + --disable-python + make -j"${JOBS}" + make install +) + +# Drop libtool .la files — they encode build-host paths and confuse +# downstream consumers; the .so + pkg-config .pc files are sufficient. +rm -f "${PREFIX}/lib"/*.la + +# Force the unversioned dev symlinks (libseccomp.so, libcap-ng.so). +# libtool conservatively omits these when cross-compiling, but rustc's +# link step looks for them by unversioned name; without them the +# link fails with "unable to find dynamic system library 'seccomp'". +# Idempotent — `ln -sf` overwrites any existing symlink, and the loop +# picks up whatever versioned files libtool actually installed. +for stem in libseccomp libcap-ng; do + versioned=$(ls "${PREFIX}/lib/${stem}.so."* 2>/dev/null | sort -V | head -n1) + if [ -n "${versioned}" ]; then + ln -sf "$(basename "${versioned}")" "${PREFIX}/lib/${stem}.so" + else + echo "ERROR: no ${stem}.so.* found in ${PREFIX}/lib after install" >&2 + ls -la "${PREFIX}/lib" >&2 + exit 1 + fi +done + +echo "glibc-dynamic x86_64 C deps installed under ${PREFIX}" diff --git a/scripts/build-musl-x86_64-deps.sh b/scripts/build-musl-x86_64-deps.sh new file mode 100755 index 0000000..a0a44ab --- /dev/null +++ b/scripts/build-musl-x86_64-deps.sh @@ -0,0 +1,188 @@ +#!/bin/bash +# Copyright © 2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Builds static-musl x86_64 versions of the C libraries that cctl and +# virtiofsd link against, and installs them at /opt/cross-x86_64-musl +# (a standalone prefix — the Zig-based cross compiler has no +# traditional sysroot, so the build-dist-x86_64.sh script and the +# cargo cross flow add explicit -L / -I flags pointing here). +# +# Invoked once at dev-image build time; the resulting layer is cached +# until this script changes. Adding/removing a library here is the only +# reason to invalidate it. + +set -euo pipefail + +HOST=x86_64-linux-musl +PREFIX=/opt/cross-x86_64-musl + +mkdir -p "${PREFIX}/lib" "${PREFIX}/include" + +export CC="${HOST}-gcc" +export CXX="${HOST}-g++" +export AR="${HOST}-ar" +export RANLIB="${HOST}-ranlib" +export STRIP="${HOST}-strip" +export PKG_CONFIG_PATH="${PREFIX}/lib/pkgconfig" + +WORK=$(mktemp -d) +trap 'rm -rf "${WORK}"' EXIT +cd "${WORK}" + +JOBS="$(nproc)" + +# fetch_extract URL ARCHIVE +# +# Downloads URL to ARCHIVE then extracts. Relies on HTTPS for transport +# integrity; no SHA pinning. The other build-time deps (apt packages, +# Zig, Rust toolchain) trust the same. +fetch_extract() { + local url=$1 archive=$2 + curl -fsSL -o "${archive}" "${url}" + tar -xf "${archive}" +} + +# Sanity check: cross compiler is on PATH and produces clean output +# for a trivial program. If it doesn't, zlib's configure script (which +# treats any stderr/stdout from a test compile as evidence of -Werror) +# will fail with a misleading "Compiler error reporting is too harsh" +# error. Surfacing this here gives us a real error message instead. +echo "==> cross compiler sanity check" +"${CC}" --version +cat > "${WORK}/sanity.c" <<'EOF' +void foo(void) {} +EOF +out=$("${CC}" -c "${WORK}/sanity.c" -o "${WORK}/sanity.o" 2>&1) || { + echo "ERROR: cross compiler failed on trivial test.c:" >&2 + echo "${out}" >&2 + exit 1 +} +if [ -n "${out}" ]; then + echo "WARNING: cross compiler emitted output on a clean compile:" >&2 + echo "${out}" >&2 + echo "(this will trip up zlib's configure script — see fix below)" >&2 +fi + +# zlib — provides libz.a. Its configure does not take --host, so the +# CC env var is what selects the cross compiler. +ZLIB_VERSION=1.3.1 +fetch_extract "https://zlib.net/fossils/zlib-${ZLIB_VERSION}.tar.gz" zlib.tar.gz +( + cd "zlib-${ZLIB_VERSION}" + if ! ./configure --static --prefix="${PREFIX}"; then + echo "==================== zlib configure.log ====================" >&2 + [ -f configure.log ] && cat configure.log >&2 + echo "============================================================" >&2 + exit 1 + fi + make -j"${JOBS}" + make install +) + +# xz — provides liblzma.a. +XZ_VERSION=5.6.4 +fetch_extract "https://github.com/tukaani-project/xz/releases/download/v${XZ_VERSION}/xz-${XZ_VERSION}.tar.gz" xz.tar.gz +( + cd "xz-${XZ_VERSION}" + ./configure --host="${HOST}" --prefix="${PREFIX}" \ + --enable-static --disable-shared \ + --disable-doc --disable-scripts \ + --disable-xz --disable-xzdec --disable-lzmadec --disable-lzmainfo \ + --disable-lzma-links + make -j"${JOBS}" + make install +) + +# bzip2 — no autotools, drives a plain Makefile. Build only the static +# library; the bzip2 CLI tools are not needed. +BZIP2_VERSION=1.0.8 +fetch_extract "https://sourceware.org/pub/bzip2/bzip2-${BZIP2_VERSION}.tar.gz" bzip2.tar.gz +( + cd "bzip2-${BZIP2_VERSION}" + make CC="${CC}" AR="${AR}" RANLIB="${RANLIB}" libbz2.a -j"${JOBS}" + install -m 644 libbz2.a "${PREFIX}/lib/" + install -m 644 bzlib.h "${PREFIX}/include/" +) + +# libarchive — needs zlib + lzma + bz2 (built above). Disable optional +# deps that pull in extra toolchain weight (xml2, iconv, zstd, lz4, +# openssl, libb2). cctl uses libarchive for tar/ext layouts; the +# disabled formats are not used at runtime. +LIBARCHIVE_VERSION=3.7.7 +fetch_extract "https://github.com/libarchive/libarchive/releases/download/v${LIBARCHIVE_VERSION}/libarchive-${LIBARCHIVE_VERSION}.tar.gz" libarchive.tar.gz +( + cd "libarchive-${LIBARCHIVE_VERSION}" + ./configure --host="${HOST}" --prefix="${PREFIX}" \ + --enable-static --disable-shared \ + --disable-bsdtar --disable-bsdcat --disable-bsdcpio --disable-bsdunzip \ + --without-xml2 --without-iconv --without-zstd --without-lz4 \ + --without-openssl --without-libb2 \ + CPPFLAGS="-I${PREFIX}/include" \ + LDFLAGS="-L${PREFIX}/lib" + make -j"${JOBS}" + make install +) + +# libcap-ng — github auto-archive (release artifacts for older tags +# aren't always uploaded; the auto-archive URL is always available +# for any tag, but doesn't ship a pre-generated configure script, so +# we autoreconf it ourselves). +LIBCAP_NG_VERSION=0.8.5 +fetch_extract "https://github.com/stevegrubb/libcap-ng/archive/refs/tags/v${LIBCAP_NG_VERSION}.tar.gz" libcap-ng.tar.gz +( + cd "libcap-ng-${LIBCAP_NG_VERSION}" + # GNU automake's default (strict) mode requires these standard + # files to exist; the auto-archive tarball doesn't ship NEWS. + # Cheaper than configure.ac surgery. + touch NEWS README AUTHORS ChangeLog + autoreconf -i + ./configure --host="${HOST}" --prefix="${PREFIX}" \ + --enable-static --disable-shared \ + --without-python --without-python3 + make -j"${JOBS}" + make install +) + +# libseccomp — needs gperf at build time (installed via apt above). +LIBSECCOMP_VERSION=2.5.5 +fetch_extract "https://github.com/seccomp/libseccomp/releases/download/v${LIBSECCOMP_VERSION}/libseccomp-${LIBSECCOMP_VERSION}.tar.gz" libseccomp.tar.gz +( + cd "libseccomp-${LIBSECCOMP_VERSION}" + ./configure --host="${HOST}" --prefix="${PREFIX}" \ + --enable-static --disable-shared \ + --disable-python + make -j"${JOBS}" + make install +) + +# Linker-script `.so` shims for libseccomp + libcap-ng. The Rust +# `-sys` crates emit plain `cargo:rustc-link-lib=seccomp` (no +# static= prefix), and they don't declare `links = "..."` in their +# Cargo.toml, so cargo's build-script override can't match them. +# Instead we hand the linker fake `.so` files that are actually GNU +# ld linker scripts pointing at the static archive — when ld resolves +# `-lseccomp` to libseccomp.so it reads the script and pulls in +# libseccomp.a as if statically linked. Works regardless of -Bstatic +# vs -Bdynamic state and avoids needing to patch the -sys crates. +cat > "${PREFIX}/lib/libseccomp.so" < "${PREFIX}/lib/libcap-ng.so" </dev/null) +if [ -z "$GIT_ROOT" ]; then + echo "Error: Not in a git repository" + exit 1 +fi + +BOOT_LOGS_DIR="$GIT_ROOT/bin/integration-bootlogs" + +if [ ! -d "$BOOT_LOGS_DIR" ]; then + echo "Error: Boot logs directory not found: $BOOT_LOGS_DIR" + exit 1 +fi + +echo "Scanning boot logs in: $BOOT_LOGS_DIR" +echo "========================================" +echo "" + +PANIC_FOUND=0 + +for logfile in "$BOOT_LOGS_DIR"/*; do + if [ -f "$logfile" ]; then + if grep -qi "attempted to kill init\|Kernel panic\|end Kernel panic\|Attempted to kill the idle task\|Oops:" "$logfile"; then + echo "🚨 PANIC DETECTED in: $(basename "$logfile")" + echo "---" + grep -i -B 5 -A 10 "attempted to kill init\|Kernel panic\|end Kernel panic\|Attempted to kill the idle task\|Oops:" "$logfile" | head -30 + echo "" + echo "========================================" + echo "" + PANIC_FOUND=1 + fi + fi +done + +if [ $PANIC_FOUND -eq 0 ]; then + echo "✅ No kernel panics detected in boot logs" +else + echo "❌ Found kernel panics - Virtual machine(s) crashed during integration tests" +fi + +exit $PANIC_FOUND diff --git a/scripts/cz-header-style.toml b/scripts/cz-header-style.toml new file mode 100644 index 0000000..ccbb6a7 --- /dev/null +++ b/scripts/cz-header-style.toml @@ -0,0 +1,11 @@ +[SWIFT_STYLE] +firstLine = '//===----------------------------------------------------------------------===//' +endLine = "//===----------------------------------------------------------------------===//\n" +beforeEachLine = '// ' +afterEachLine = '' +allowBlankLines = false +multipleLines = true +padLines = false +firstLineDetectionPattern = '//\s?===' +lastLineDetectionPattern = '//\s?===' +skipLinePattern = '// swift-tools-version' diff --git a/scripts/ensure-hawkeye-exists.sh b/scripts/ensure-hawkeye-exists.sh new file mode 100755 index 0000000..c493d25 --- /dev/null +++ b/scripts/ensure-hawkeye-exists.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "Checking existence of hawkeye..." + +if command -v .local/bin/hawkeye >/dev/null 2>&1; then + echo "hawkeye found!" +else + echo "hawkeye not found in PATH" + echo "please install hawkeye. For convenience, you can run scripts/install-hawkeye.sh" + exit 1 +fi diff --git a/scripts/install-hawkeye.sh b/scripts/install-hawkeye.sh new file mode 100755 index 0000000..9104405 --- /dev/null +++ b/scripts/install-hawkeye.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euo pipefail + +if command -v .local/bin/hawkeye >/dev/null 2>&1; then + echo "hawkeye already installed" + exit 0 +fi + +# This installer supports Apple silicon (arm64 macOS) only. +if [ "$(uname -s)" != "Darwin" ] || [ "$(uname -m)" != "arm64" ]; then + echo "error: install-hawkeye.sh supports Apple silicon (arm64 macOS) only" >&2 + exit 1 +fi + +VERSION=v6.5.1 +ARTIFACT="hawkeye-aarch64-apple-darwin.tar.xz" +ARTIFACT_URL="https://github.com/korandoru/hawkeye/releases/download/${VERSION}/${ARTIFACT}" +# Pinned SHA-256 of ${ARTIFACT} for ${VERSION}; update when bumping VERSION. +EXPECTED_SHA256="99777f21e4e56c9946ed93621885532c6a0476377f497565c583f5911f2cbb1f" + +echo "Installing hawkeye ${VERSION}" +workdir="$(mktemp -d)" +trap 'rm -rf "${workdir}"' EXIT +tarball="${workdir}/${ARTIFACT}" + +# Download the tarball, verify it against the pinned checksum (aborts on +# mismatch), then extract just the hawkeye binary into .local/bin. +curl --proto '=https' --tlsv1.2 -LsSf "${ARTIFACT_URL}" -o "${tarball}" +echo "${EXPECTED_SHA256} ${tarball}" | shasum -a 256 -c - + +tar -xf "${tarball}" --strip-components 1 -C "${workdir}" +mkdir -p .local/bin +mv "${workdir}/hawkeye" .local/bin/hawkeye +chmod +x .local/bin/hawkeye + +echo "hawkeye ${VERSION} installed to .local/bin/hawkeye" diff --git a/scripts/license-header.txt b/scripts/license-header.txt new file mode 100644 index 0000000..8bf2151 --- /dev/null +++ b/scripts/license-header.txt @@ -0,0 +1,13 @@ +Copyright ©{{ " " }}{%- set created = attrs.git_file_created_year or attrs.disk_file_created_year -%}{%- set modified = attrs.git_file_modified_year or created -%}{%- if created != modified -%} {{created}}-{{modified}}{%- else -%}{{created}}{%- endif -%}{{ " " }}{{ props["copyrightOwner"] }}. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/scripts/make-docs.sh b/scripts/make-docs.sh new file mode 100755 index 0000000..a4a54be --- /dev/null +++ b/scripts/make-docs.sh @@ -0,0 +1,52 @@ +#! /bin/bash -e +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +opts=() +opts+=("--allow-writing-to-directory" "$1") +opts+=("generate-documentation") +opts+=("--target" "Containerization") +opts+=("--target" "ContainerizationArchive") +opts+=("--target" "ContainerizationError") +opts+=("--target" "ContainerizationEXT4") +opts+=("--target" "ContainerizationExtras") +opts+=("--target" "ContainerizationIO") +opts+=("--target" "ContainerizationNetlink") +opts+=("--target" "ContainerizationOCI") +opts+=("--target" "ContainerizationOS") +opts+=("--output-path" "$1") +opts+=("--disable-indexing") +opts+=("--transform-for-static-hosting") +opts+=("--enable-experimental-combined-documentation") +opts+=("--experimental-documentation-coverage") + +if [ ! -z "$2" ] ; then + opts+=("--hosting-base-path" "$2") +fi + +/usr/bin/swift package ${opts[@]} + +echo '{}' > "$1/theme-settings.json" + +cat > "$1/index.html" <<'EOF' + + + + + + +

If you are not redirected automatically, click here.

+ + +EOF diff --git a/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch b/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch new file mode 100644 index 0000000..8ec079b --- /dev/null +++ b/scripts/patches/virtiofsd-skip-cap-drop-with-sandbox-none.patch @@ -0,0 +1,41 @@ +# virtiofsd patch — skip capability drop when --sandbox=none. +# +# virtiofsd 1.13.3 unconditionally calls capng::apply (capset(2)) at +# startup when running as root. Inside apple/container's --virtualization +# dev container the default seccomp profile blocks capset(2), so virtiofsd +# fails with "failed to sync capabilities with the kernel" and +# process::exit(1)s before binding its socket. +# +# We already pass --sandbox=none to virtiofsd from VirtiofsdProcess (same +# rationale as why cloud-hypervisor runs with --seccomp false in the same +# environment). This patch extends the existing upstream gate ("We don't +# modify the capabilities if the user call us without any sandbox") so +# that --sandbox=none also skips cap drop at uid==0, matching the user's +# explicit opt-out from the sandbox. +# +# Applied automatically by `make build-virtiofsd` before `cargo build`. +# Targets virtiofsd 1.13.3 (.local/virtiofsd). + +diff --git a/src/main.rs b/src/main.rs +index 176e178..27dce55 100644 +--- a/src/main.rs ++++ b/src/main.rs +@@ -858,8 +858,17 @@ fn main() { + + // We don't modify the capabilities if the user call us without + // any sandbox (i.e. --sandbox=none) as unprivileged user ++ // ++ // CONTAINERIZATION-PATCH: also skip cap drop with --sandbox=none even ++ // when running as root. Inside apple/container's --virtualization dev ++ // container the seccomp profile blocks capset(2), so capng::apply ++ // fails with "failed to sync capabilities with the kernel" and ++ // virtiofsd process::exit(1)s before binding its socket. The ++ // user explicitly opted out of the sandbox; respect that and don't ++ // touch caps either. Same class of issue as why CH runs with ++ // --seccomp false in the same env. + let uid = unsafe { libc::geteuid() }; +- if uid == 0 { ++ if uid == 0 && !matches!(opt.sandbox, SandboxMode::None) { + drop_capabilities(fs_cfg.inode_file_handles, opt.modcaps); + } + diff --git a/scripts/pre-commit.fmt b/scripts/pre-commit.fmt new file mode 100755 index 0000000..58c9626 --- /dev/null +++ b/scripts/pre-commit.fmt @@ -0,0 +1,16 @@ +#! /bin/bash -e + +setup_error() { + echo failed to run: $1 1>&2 + echo run '"make pre-commit"' and try again 1>&2 + exit 1 +} + +if [ ! -z "${PRECOMMIT_NOFMT}" ] ; then + exit 0 +fi + +echo checking formatting and licenses 1>&2 +project_pathname=$(git rev-parse --show-toplevel) +cd "${project_pathname}" +make check diff --git a/signing/vz.entitlements b/signing/vz.entitlements new file mode 100644 index 0000000..d7d0d6e --- /dev/null +++ b/signing/vz.entitlements @@ -0,0 +1,8 @@ + + + + + com.apple.security.virtualization + + + diff --git a/vminitd/.devcontainer/Dockerfile b/vminitd/.devcontainer/Dockerfile new file mode 100644 index 0000000..228b28c --- /dev/null +++ b/vminitd/.devcontainer/Dockerfile @@ -0,0 +1,10 @@ +ARG SWIFT_VERSION=6.3.0 +FROM swift:${SWIFT_VERSION}-noble + +RUN apt-get update \ +&& apt-get install make \ +&& apt-get clean \ +&& rm -rf /var/lib/apt/lists/* +RUN swift sdk install \ + https://download.swift.org/swift-6.3-branch/static-sdk/swift-6.3-DEVELOPMENT-SNAPSHOT-2026-03-05-a/swift-6.3-DEVELOPMENT-SNAPSHOT-2026-03-05-a_static-linux-0.1.0.artifactbundle.tar.gz \ + --checksum f19419ad6a90d0fe5bbf8a28fbc47217ce212633c28257fc6549162558e6f9b6 diff --git a/vminitd/.devcontainer/devcontainer.json b/vminitd/.devcontainer/devcontainer.json new file mode 100644 index 0000000..f46c613 --- /dev/null +++ b/vminitd/.devcontainer/devcontainer.json @@ -0,0 +1,17 @@ +{ + "build": { + "dockerfile": "Dockerfile" + }, + "features": {}, + "customizations": { + "vscode": { + "extensions": [ + "swiftlang.swift-vscode" + ], + "settings": { + } + } + }, + "runArgs": [], + "mounts": [] +} diff --git a/vminitd/Makefile b/vminitd/Makefile new file mode 100644 index 0000000..1c996d9 --- /dev/null +++ b/vminitd/Makefile @@ -0,0 +1,115 @@ +# Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +BUILD_CONFIGURATION ?= debug +WARNINGS_AS_ERRORS ?= true +export GIT_COMMIT := $(shell git rev-parse HEAD) +export GIT_TAG := $(shell git describe --tags --exact-match 2>/dev/null || echo "") +export BUILD_TIME := $(shell date -u +%Y-%m-%dT%H:%M:%SZ) +SWIFT_WARNING_CONFIG := $(if $(filter-out false,$(WARNINGS_AS_ERRORS)),-Xswiftc -warnings-as-errors) +# MUSL_ARCH selects which Static Linux SDK triple to build against +# ($(MUSL_ARCH)-swift-linux-musl). Defaults to the host architecture +# so the in-tree aarch64 flow works unchanged, but callers can override +# (e.g. `make MUSL_ARCH=x86_64` for the dist-x86_64 cross-build path). +ifndef MUSL_ARCH +UNAME_M := $(shell uname -m) +ifeq ($(UNAME_M),arm64) +MUSL_ARCH := aarch64 +else ifeq ($(UNAME_M),aarch64) +MUSL_ARCH := aarch64 +else +MUSL_ARCH := x86_64 +endif +endif + +LIBC ?= musl +ifeq ($(LIBC),musl) +SWIFT_SDK_FLAGS := --swift-sdk $(MUSL_ARCH)-swift-linux-musl +endif + +SWIFT_CONFIGURATION := $(SWIFT_SDK_FLAGS) $(SWIFT_WARNING_CONFIG) -Xlinker -s --disable-automatic-resolution + +SWIFT_VERSION := 6.3.0 +SWIFT_SDK_URL := https://download.swift.org/swift-6.3-release/static-sdk/swift-6.3-RELEASE/swift-6.3-RELEASE_static-linux-0.1.0.artifactbundle.tar.gz +SWIFT_SDK_CHECKSUM := d2078b69bdeb5c31202c10e9d8a11d6f66f82938b51a4b75f032ccb35c4c286c +SWIFT_SDK_PATH := /tmp/$(notdir $(SWIFT_SDK_URL)) + +SYSTEM_TYPE := $(shell uname -s) +ifeq ($(SYSTEM_TYPE),Darwin) +SWIFTLY_URL := https://download.swift.org/swiftly/darwin/swiftly.pkg +SWIFTLY_FILENAME := $(notdir $(SWIFTLY_URL)) +SWIFTLY_BIN_DIR ?= ~/.swiftly/bin +SWIFT := $(SWIFTLY_BIN_DIR)/swift +else +SWIFT ?= swift +endif +BUILD_BIN_DIR := $(shell $(SWIFT) build -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --show-bin-path) + +ifeq ($(SYSTEM_TYPE),Darwin) +MACOS_VERSION := $(shell sw_vers -productVersion) +MACOS_MAJOR := $(shell echo $(MACOS_VERSION) | cut -d. -f1) +MACOS_RELEASE_TYPE := $(shell sw_vers | grep ReleaseType) +endif + +.DEFAULT_GOAL := all + +# INSTALL_DIR is where built binaries land. Defaults to ./bin so the +# in-tree aarch64 flow is unchanged. The dist-x86_64 cross-build +# overrides this to keep its artifacts out of vminitd/bin/. +INSTALL_DIR ?= ./bin + +.PHONY: all +all: + @echo Building vminitd and vmexec... + @mkdir -p $(INSTALL_DIR) + @rm -f $(INSTALL_DIR)/vminitd + @rm -f $(INSTALL_DIR)/vmexec + @$(SWIFT) --version + @$(SWIFT) build -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) + @install "$(BUILD_BIN_DIR)/vminitd" $(INSTALL_DIR)/ + @install "$(BUILD_BIN_DIR)/vmexec" $(INSTALL_DIR)/ + +.PHONY: cross-prep +cross-prep: swift linux-sdk + +.PHONY: swiftly +swiftly: + @if ! command -v ${SWIFTLY_BIN_DIR}/swiftly > /dev/null 2>&1; then \ + echo "Installing Swiftly..."; \ + curl -o /var/tmp/$(SWIFTLY_FILENAME) $(SWIFTLY_URL) && \ + installer -pkg /var/tmp/$(SWIFTLY_FILENAME) -target CurrentUserHomeDirectory && \ + ${SWIFTLY_BIN_DIR}/swiftly init --quiet-shell-followup --skip-install && \ + . ~/.swiftly/env.sh && \ + hash -r && \ + rm /var/tmp/$(SWIFTLY_FILENAME); \ + fi + +.PHONY: swift +swift: swiftly + @echo Installing Swift $(SWIFT_VERSION)... + @${SWIFTLY_BIN_DIR}/swiftly install $(SWIFT_VERSION) + +.PHONY: linux-sdk +linux-sdk: + @echo Installing Static Linux SDK... + @curl -L -o $(SWIFT_SDK_PATH) $(SWIFT_SDK_URL) + -@$(SWIFT) sdk install $(SWIFT_SDK_PATH) --checksum $(SWIFT_SDK_CHECKSUM) + @rm $(SWIFT_SDK_PATH) + +.PHONY: clean +clean: + @echo Cleaning the vminitd build files... + @rm -f ./bin/vminitd + @rm -f ./bin/vmexec + @rm -rf .build diff --git a/vminitd/Package.resolved b/vminitd/Package.resolved new file mode 100644 index 0000000..24f0ab2 --- /dev/null +++ b/vminitd/Package.resolved @@ -0,0 +1,249 @@ +{ + "originHash" : "264b211a5ea74fa24ced86faade5901700722c925484a26379cc4a6b40083c6c", + "pins" : [ + { + "identity" : "async-http-client", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/async-http-client.git", + "state" : { + "revision" : "4b99975677236d13f0754339864e5360142ff5a1", + "version" : "1.30.3" + } + }, + { + "identity" : "grpc-swift-2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-2.git", + "state" : { + "revision" : "f28854bc760a116e053fdfc4a48a9428c34625c0", + "version" : "2.3.0" + } + }, + { + "identity" : "grpc-swift-nio-transport", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-nio-transport.git", + "state" : { + "revision" : "2ca31f06658ed288a2560e23ad649acbb3d6b3a3", + "version" : "2.9.0" + } + }, + { + "identity" : "grpc-swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/grpc/grpc-swift-protobuf.git", + "state" : { + "revision" : "19153231a03c2fda1f4ea60da1b92a2cb9c011d8", + "version" : "2.2.0" + } + }, + { + "identity" : "swift-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-algorithms.git", + "state" : { + "revision" : "87e50f483c54e6efd60e885f7f5aa946cee68023", + "version" : "1.2.1" + } + }, + { + "identity" : "swift-argument-parser", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-argument-parser.git", + "state" : { + "revision" : "c5d11a805e765f52ba34ec7284bd4fcd6ba68615", + "version" : "1.7.0" + } + }, + { + "identity" : "swift-asn1", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-asn1.git", + "state" : { + "revision" : "a54383ada6cecde007d374f58f864e29370ba5c3", + "version" : "1.3.2" + } + }, + { + "identity" : "swift-async-algorithms", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-async-algorithms.git", + "state" : { + "revision" : "042e1c4d9d19748c9c228f8d4ebc97bb1e339b0b", + "version" : "1.0.4" + } + }, + { + "identity" : "swift-atomics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-atomics.git", + "state" : { + "revision" : "cd142fd2f64be2100422d658e7411e39489da985", + "version" : "1.2.0" + } + }, + { + "identity" : "swift-certificates", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-certificates.git", + "state" : { + "revision" : "f4cd9e78a1ec209b27e426a5f5c693675f95e75a", + "version" : "1.15.0" + } + }, + { + "identity" : "swift-collections", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-collections.git", + "state" : { + "revision" : "c1805596154bb3a265fd91b8ac0c4433b4348fb0", + "version" : "1.2.0" + } + }, + { + "identity" : "swift-crypto", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-crypto.git", + "state" : { + "revision" : "e8d6eba1fef23ae5b359c46b03f7d94be2f41fed", + "version" : "3.12.3" + } + }, + { + "identity" : "swift-distributed-tracing", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-distributed-tracing.git", + "state" : { + "revision" : "dc4030184203ffafbb2ec614352487235d747fe0", + "version" : "1.4.1" + } + }, + { + "identity" : "swift-http-structured-headers", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-structured-headers.git", + "state" : { + "revision" : "db6eea3692638a65e2124990155cd220c2915903", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-http-types", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-http-types.git", + "state" : { + "revision" : "a0a57e949a8903563aba4615869310c0ebf14c03", + "version" : "1.4.0" + } + }, + { + "identity" : "swift-log", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-log.git", + "state" : { + "revision" : "bbd81b6725ae874c69e9b8c8804d462356b55523", + "version" : "1.10.1" + } + }, + { + "identity" : "swift-nio", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio.git", + "state" : { + "revision" : "cd3e1152083706d77b223fb29110e590efcc70c0", + "version" : "2.101.2" + } + }, + { + "identity" : "swift-nio-extras", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-extras.git", + "state" : { + "revision" : "145db1962f4f33a4ea07a32e751d5217602eea29", + "version" : "1.28.0" + } + }, + { + "identity" : "swift-nio-http2", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-http2.git", + "state" : { + "revision" : "61d1b44f6e4e118792be1cff88ee2bc0267c6f9a", + "version" : "1.44.0" + } + }, + { + "identity" : "swift-nio-ssl", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-ssl.git", + "state" : { + "revision" : "173cc69a058623525a58ae6710e2f5727c663793", + "version" : "2.36.0" + } + }, + { + "identity" : "swift-nio-transport-services", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-nio-transport-services.git", + "state" : { + "revision" : "cd1e89816d345d2523b11c55654570acd5cd4c56", + "version" : "1.24.0" + } + }, + { + "identity" : "swift-numerics", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-numerics.git", + "state" : { + "revision" : "e0ec0f5f3af6f3e4d5e7a19d2af26b481acb6ba8", + "version" : "1.0.3" + } + }, + { + "identity" : "swift-protobuf", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-protobuf.git", + "state" : { + "revision" : "86970144a0b86068c81ff48ee29b3f97cae0b879", + "version" : "1.36.0" + } + }, + { + "identity" : "swift-service-context", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-service-context.git", + "state" : { + "revision" : "d0997351b0c7779017f88e7a93bc30a1878d7f29", + "version" : "1.3.0" + } + }, + { + "identity" : "swift-service-lifecycle", + "kind" : "remoteSourceControl", + "location" : "https://github.com/swift-server/swift-service-lifecycle.git", + "state" : { + "revision" : "e7187309187695115033536e8fc9b2eb87fd956d", + "version" : "2.8.0" + } + }, + { + "identity" : "swift-system", + "kind" : "remoteSourceControl", + "location" : "https://github.com/apple/swift-system.git", + "state" : { + "revision" : "7c6ad0fc39d0763e0b699210e4124afd5041c5df", + "version" : "1.6.4" + } + }, + { + "identity" : "zstd", + "kind" : "remoteSourceControl", + "location" : "https://github.com/facebook/zstd.git", + "state" : { + "revision" : "f8745da6ff1ad1e7bab384bd1f9d742439278e99", + "version" : "1.5.7" + } + } + ], + "version" : 3 +} diff --git a/vminitd/Package.swift b/vminitd/Package.swift new file mode 100644 index 0000000..673a48c --- /dev/null +++ b/vminitd/Package.swift @@ -0,0 +1,71 @@ +// swift-tools-version: 6.3 +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +// The swift-tools-version declares the minimum version of Swift required to build this package. + +import Foundation +import PackageDescription + +let gitCommit = ProcessInfo.processInfo.environment["GIT_COMMIT"] ?? "unspecified" +let gitTag = ProcessInfo.processInfo.environment["GIT_TAG"] ?? "" +let buildTime = ProcessInfo.processInfo.environment["BUILD_TIME"] ?? "unspecified" + +let package = Package( + name: "swift-vminitd", + platforms: [.macOS("15")], + products: [ + .executable(name: "vminitd", targets: ["vminitd"]), + .executable(name: "vmexec", targets: ["vmexec"]), + ], + dependencies: [ + .package(url: "https://github.com/apple/swift-argument-parser", from: "1.7.0"), + .package(url: "https://github.com/apple/swift-log.git", from: "1.10.1"), + .package(url: "https://github.com/apple/swift-system.git", from: "1.6.4"), + .package(name: "containerization", path: "../"), + ], + targets: [ + .target( + name: "CVersion", + cSettings: [ + .define("GIT_COMMIT", to: "\"\(gitCommit)\""), + .define("GIT_TAG", to: "\"\(gitTag)\""), + .define("BUILD_TIME", to: "\"\(buildTime)\""), + ] + ), + .executableTarget( + name: "vminitd", + dependencies: [ + .product(name: "ArgumentParser", package: "swift-argument-parser"), + .product(name: "ContainerizationOS", package: "containerization"), + .product(name: "Logging", package: "swift-log"), + .product(name: "VminitdCore", package: "containerization"), + "CVersion", + ] + ), + .executableTarget( + name: "vmexec", + dependencies: [ + .product(name: "Logging", package: "swift-log"), + .product(name: "ArgumentParser", package: "swift-argument-parser"), + .product(name: "SystemPackage", package: "swift-system"), + .product(name: "Containerization", package: "containerization"), + .product(name: "ContainerizationOS", package: "containerization"), + .product(name: "VminitdCore", package: "containerization"), + ] + ), + ] +) diff --git a/vminitd/Sources/CVersion/include/version.h b/vminitd/Sources/CVersion/include/version.h new file mode 100644 index 0000000..ab59dfe --- /dev/null +++ b/vminitd/Sources/CVersion/include/version.h @@ -0,0 +1,24 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CZ_VERSION_H +#define CZ_VERSION_H + +const char* CZ_get_git_commit(void); +const char* CZ_get_git_tag(void); +const char* CZ_get_build_time(void); + +#endif diff --git a/vminitd/Sources/CVersion/version.c b/vminitd/Sources/CVersion/version.c new file mode 100644 index 0000000..d390595 --- /dev/null +++ b/vminitd/Sources/CVersion/version.c @@ -0,0 +1,41 @@ +/* + * Copyright © 2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "version.h" + +#ifndef GIT_COMMIT +#define GIT_COMMIT "unspecified" +#endif + +#ifndef GIT_TAG +#define GIT_TAG "" +#endif + +#ifndef BUILD_TIME +#define BUILD_TIME "unspecified" +#endif + +const char* CZ_get_git_commit(void) { + return GIT_COMMIT; +} + +const char* CZ_get_git_tag(void) { + return GIT_TAG; +} + +const char* CZ_get_build_time(void) { + return BUILD_TIME; +} diff --git a/vminitd/Sources/Cgroup/Cgroup2Manager.swift b/vminitd/Sources/Cgroup/Cgroup2Manager.swift new file mode 100644 index 0000000..62fa78c --- /dev/null +++ b/vminitd/Sources/Cgroup/Cgroup2Manager.swift @@ -0,0 +1,770 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +// NOTE: Ideally this should live in ContainerizationOS/Linux, or just ContainerizationCgroups +// or something similar, but it's not there yet. It does what we need, but it'd need a lot more +// features and testing before it's ready to be public. + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +import LCShim +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging + +package enum Cgroup2Controller: String { + case pids + case memory + case cpuset + case cpu + case io + case hugetlb +} + +// Extremely simple cgroup manager. Our needs are simple for now, and this is +// reflected in the type. +public struct Cgroup2Manager: Sendable { + public static let defaultMountPoint = URL(filePath: "/sys/fs/cgroup") + + private static let killFile = "cgroup.kill" + private static let procsFile = "cgroup.procs" + private static let subtreeControlFile = "cgroup.subtree_control" + + private static let cg2Magic = 0x6367_7270 + + private let mountPoint: URL + private let path: URL + private let logger: Logger? + + package init( + mountPoint: URL = Self.defaultMountPoint, + group: URL, + logger: Logger? = nil + ) { + self.mountPoint = mountPoint + self.path = mountPoint.appending(path: group.path) + self.logger = logger + } + + public static func load( + mountPoint: URL = Self.defaultMountPoint, + group: URL, + logger: Logger? = nil + ) throws -> Cgroup2Manager { + let path = mountPoint.appending(path: group.path) + var s = statfs() + let res = statfs(path.path, &s) + if res != 0 { + throw Error.errno(errno: errno, message: "failed to statfs \(path.path)") + } + if Int64(s.f_type) != Self.cg2Magic { + throw Error.notCgroup + } + return Cgroup2Manager( + mountPoint: mountPoint, + group: group, + logger: logger + ) + } + + package static func loadFromPid(pid: Int32, logger: Logger? = nil) throws -> Cgroup2Manager { + let procCgPath = URL(filePath: "/proc/\(pid)/cgroup") + let fh = try FileHandle(forReadingFrom: procCgPath) + guard let data = try fh.readToEnd() else { + throw Error.errno(errno: errno, message: "failed to read \(procCgPath)") + } + + // If this fails we have bigger problems. + let str = String(data: data, encoding: .utf8)! + let parts = str.split(separator: ":") + if parts[0] != "0" { + throw Error.cgroup1 + } + + // We should really read /proc/pid/mountinfo, but for now just assume + // it's always at /sys/fs/cgroup. + let path = parts[1].trimmingCharacters(in: .whitespacesAndNewlines) + return Cgroup2Manager(group: URL(filePath: String(path)), logger: logger) + } + + package func create(perms: Int16 = 0o755) throws { + self.logger?.info( + "creating cgroup manager", + metadata: [ + "mountpoint": "\(self.mountPoint.path)", + "path": "\(self.path.path)", + ]) + + try FileManager.default.createDirectory( + at: self.path, + withIntermediateDirectories: true, + attributes: [.posixPermissions: perms] + ) + } + + private static func writeValue(path: URL, value: String, fileName: String) throws { + let file = path.appending(path: fileName) + let fd = open(file.path, O_WRONLY, 0) + if fd == -1 { + throw Error.errno(errno: errno, message: "failed to open \(file.path)") + } + defer { close(fd) } + + let bytes = Array(value.utf8) + let res = Syscall.retrying { + bytes.withUnsafeBytes { write(fd, $0.baseAddress!, bytes.count) } + } + if res == -1 { + throw Error.errno(errno: errno, message: "failed to write to \(file.path)") + } + } + + package func toggleSubtreeControllers(controllers: [Cgroup2Controller], enable: Bool) throws { + let value = controllers.map { (enable ? "+" : "-") + $0.rawValue }.joined(separator: " ") + let mountComponents = self.mountPoint.pathComponents + let pathComponents = self.path.pathComponents + + // First ensure it's set on the root. + var current = self.mountPoint + try Self.writeValue( + path: current, + value: value, + fileName: Self.subtreeControlFile + ) + + // Toggle everything except the leaf, as otherwise we won't be able to write + // to cgroup.procs, and what fun is that :) + if mountComponents.count < pathComponents.count - 1 { + for i in mountComponents.count...pathComponents.count - 2 { + current = current.appending(path: pathComponents[i]) + try Self.writeValue( + path: current, + value: value, + fileName: Self.subtreeControlFile + ) + } + } + } + + package func toggleAllAvailableControllers(enable: Bool) throws { + // Read available controllers from cgroup.controllers + let controllersFile = self.mountPoint.appending(path: "cgroup.controllers") + let controllersContent = try String(contentsOf: controllersFile, encoding: .utf8) + .trimmingCharacters(in: .whitespacesAndNewlines) + + // Parse controller names and convert to our enum + let availableControllers = + controllersContent + .split(separator: " ") + .compactMap { Cgroup2Controller(rawValue: String($0)) } + + if !availableControllers.isEmpty { + try toggleSubtreeControllers(controllers: availableControllers, enable: enable) + } + } + + public func addProcess(pid: Int32) throws { + self.logger?.debug( + "adding new proc to cgroup", + metadata: [ + "mountpoint": "\(self.mountPoint.path)", + "path": "\(self.path.path)", + ]) + + let pidStr = String(pid) + try Self.writeValue( + path: self.path, + value: pidStr, + fileName: Self.procsFile + ) + } + + public func applyResources(resources: ContainerizationOCI.LinuxResources) throws { + self.logger?.debug( + "applying cgroup resources", + metadata: [ + "path": "\(self.path.path)" + ]) + + if let memory = resources.memory, let limit = memory.limit { + // The OCI spec defines -1 as unlimited; cgroup v2 expects "max". + let value = limit < 0 ? "max" : String(limit) + try Self.writeValue( + path: self.path, + value: value, + fileName: "memory.max" + ) + } + + if let cpu = resources.cpu, let quota = cpu.quota, let period = cpu.period { + // cpu.max format is "quota period" + let value = "\(quota) \(period)" + try Self.writeValue( + path: self.path, + value: value, + fileName: "cpu.max" + ) + } + + if let pids = resources.pids { + // The OCI spec defines -1 as unlimited; cgroup v2 expects "max". + let value = pids.limit < 0 ? "max" : String(pids.limit) + try Self.writeValue( + path: self.path, + value: value, + fileName: "pids.max" + ) + } + } + + package func setMemoryHigh(bytes: UInt64) throws { + self.logger?.debug( + "setting memory.high", + metadata: [ + "path": "\(self.path.path)", + "bytes": "\(bytes)", + ]) + + try Self.writeValue( + path: self.path, + value: String(bytes), + fileName: "memory.high" + ) + } + + package func setMemoryLow(bytes: UInt64) throws { + self.logger?.debug( + "setting memory.low", + metadata: [ + "path": "\(self.path.path)", + "bytes": "\(bytes)", + ] + ) + + try Self.writeValue( + path: self.path, + value: String(bytes), + fileName: "memory.low") + } + + package func getMemoryEvents() throws -> MemoryEvents { + let content = try readFileContent(fileName: "memory.events") + let values = parseKeyValuePairs(content) + + return MemoryEvents( + low: values["low"] ?? 0, + high: values["high"] ?? 0, + max: values["max"] ?? 0, + oom: values["oom"] ?? 0, + oomKill: values["oom_kill"] ?? 0 + ) + } + + package func getMemoryEventsPath() -> String { + self.path.appending(path: "memory.events").path + } + + package func kill() throws { + try Self.writeValue( + path: self.path, + value: "1", + fileName: Self.killFile + ) + } + + package func delete(force: Bool = false) throws { + self.logger?.info( + "deleting cgroup manager", + metadata: [ + "mountpoint": "\(self.mountPoint.path)", + "path": "\(self.path.path)", + ]) + + if force { + try self.kill() + } + + // Recursively remove child cgroups first + try removeChildCgroups(at: self.path, force: force) + + let result = rmdir(self.path.path) + if result != 0 { + throw Error.errno(errno: errno, message: "failed to remove cgroup directory \(self.path.path)") + } + } + + private func removeChildCgroups(at path: URL, force: Bool) throws { + let fileManager = FileManager.default + + guard let contents = try? fileManager.contentsOfDirectory(atPath: path.path) else { + return + } + + // Remove child directories (potential nested cgroups) first + for item in contents { + let childPath = path.appending(path: item) + var isDirectory: ObjCBool = false + + if fileManager.fileExists(atPath: childPath.path, isDirectory: &isDirectory) && isDirectory.boolValue { + if force { + try Self.writeValue( + path: childPath, + value: "1", + fileName: Self.killFile + ) + } + + try removeChildCgroups(at: childPath, force: force) + let result = rmdir(childPath.path) + if result != 0 { + throw Error.errno(errno: errno, message: "failed to remove child cgroup \(childPath.path)") + } + } + } + } + + package func stats(_ categories: Cgroup2StatsCategory = .all) throws -> Cgroup2Stats { + Cgroup2Stats( + pids: categories.contains(.pids) ? try self.readPidsStats() : nil, + memory: categories.contains(.memory) ? try self.readMemoryStats() : nil, + cpu: categories.contains(.cpu) ? try self.readCPUStats() : nil, + io: categories.contains(.io) ? try self.readIOStats() : nil + ) + } + + private func readFileContent(fileName: String) throws -> String? { + let filePath = self.path.appending(path: fileName) + guard FileManager.default.fileExists(atPath: filePath.path) else { + return nil + } + return try String(contentsOf: filePath, encoding: .utf8) + .trimmingCharacters(in: .whitespacesAndNewlines) + } + + private func parseSingleValue(_ content: String?) -> UInt64? { + guard let content = content, !content.isEmpty else { return nil } + if content == "max" { + return UInt64.max + } + return UInt64(content) + } + + private func parseKeyValuePairs(_ content: String?) -> [String: UInt64] { + guard let content = content else { return [:] } + var result: [String: UInt64] = [:] + + for line in content.components(separatedBy: .newlines) { + let parts = line.components(separatedBy: .whitespaces) + if parts.count == 2, let value = UInt64(parts[1]) { + result[parts[0]] = value + } + } + return result + } + + private func readPidsStats() throws -> PidsStats? { + guard let currentContent = try readFileContent(fileName: "pids.current"), + let current = parseSingleValue(currentContent) + else { + return nil + } + + let maxContent = try readFileContent(fileName: "pids.max") + let max = parseSingleValue(maxContent) + + return PidsStats(current: current, max: max) + } + + private func readMemoryStats() throws -> MemoryStats? { + guard let usageContent = try readFileContent(fileName: "memory.current"), + let usage = parseSingleValue(usageContent) + else { + return nil + } + + let usageLimit = parseSingleValue(try readFileContent(fileName: "memory.max")) + let swapUsage = parseSingleValue(try readFileContent(fileName: "memory.swap.current")) + let swapLimit = parseSingleValue(try readFileContent(fileName: "memory.swap.max")) + + let statContent = try readFileContent(fileName: "memory.stat") + let statValues = parseKeyValuePairs(statContent) + + return MemoryStats( + usage: usage, + usageLimit: usageLimit, + swapUsage: swapUsage, + swapLimit: swapLimit, + anon: statValues["anon"] ?? 0, + file: statValues["file"] ?? 0, + kernelStack: statValues["kernel_stack"] ?? 0, + slab: statValues["slab"] ?? 0, + sock: statValues["sock"] ?? 0, + shmem: statValues["shmem"] ?? 0, + fileMapped: statValues["file_mapped"] ?? 0, + fileDirty: statValues["file_dirty"] ?? 0, + fileWriteback: statValues["file_writeback"] ?? 0, + pgfault: statValues["pgfault"] ?? 0, + pgmajfault: statValues["pgmajfault"] ?? 0, + workingsetRefaultAnon: statValues["workingset_refault_anon"] ?? 0, + workingsetRefaultFile: statValues["workingset_refault_file"] ?? 0, + workingsetActivate: statValues["workingset_activate"] ?? 0, + workingsetNodereclaim: statValues["workingset_nodereclaim"] ?? 0, + pgstealKswapd: statValues["pgsteal_kswapd"] ?? 0, + pgstealDirect: statValues["pgsteal_direct"] ?? 0, + pgstealKhugepaged: statValues["pgsteal_khugepaged"] ?? 0, + inactiveAnon: statValues["inactive_anon"] ?? 0, + activeAnon: statValues["active_anon"] ?? 0, + inactiveFile: statValues["inactive_file"] ?? 0, + activeFile: statValues["active_file"] ?? 0 + ) + } + + private func readCPUStats() throws -> CPUStats? { + let statContent = try readFileContent(fileName: "cpu.stat") + let statValues = parseKeyValuePairs(statContent) + + guard !statValues.isEmpty else { + return nil + } + + return CPUStats( + usageUsec: statValues["usage_usec"] ?? 0, + userUsec: statValues["user_usec"] ?? 0, + systemUsec: statValues["system_usec"] ?? 0, + nrPeriods: statValues["nr_periods"] ?? 0, + nrThrottled: statValues["nr_throttled"] ?? 0, + throttledUsec: statValues["throttled_usec"] ?? 0 + ) + } + + private func readIOStats() throws -> IOStats? { + guard let statContent = try readFileContent(fileName: "io.stat") else { + return IOStats(entries: []) + } + + var entries: [IOEntry] = [] + + for line in statContent.components(separatedBy: .newlines) { + guard !line.isEmpty else { continue } + + let parts = line.components(separatedBy: .whitespaces) + guard parts.count >= 2 else { continue } + + let deviceParts = parts[0].components(separatedBy: ":") + guard deviceParts.count == 2, + let major = UInt64(deviceParts[0]), + let minor = UInt64(deviceParts[1]) + else { + continue + } + + var rbytes: UInt64 = 0 + var wbytes: UInt64 = 0 + var rios: UInt64 = 0 + var wios: UInt64 = 0 + var dbytes: UInt64 = 0 + var dios: UInt64 = 0 + + for i in 1.. +#ifdef __linux__ +#include +#endif + +// CLONE_* flags +#ifndef CLONE_NEWNS +#define CLONE_NEWNS 0x00020000 +#endif +#ifndef CLONE_NEWCGROUP +#define CLONE_NEWCGROUP 0x02000000 +#endif +#ifndef CLONE_NEWUTS +#define CLONE_NEWUTS 0x04000000 +#endif +#ifndef CLONE_NEWIPC +#define CLONE_NEWIPC 0x08000000 +#endif +#ifndef CLONE_NEWUSER +#define CLONE_NEWUSER 0x10000000 +#endif +#ifndef CLONE_NEWPID +#define CLONE_NEWPID 0x20000000 +#endif + +extern int setns(int fd, int nstype); +extern int unshare(int flags); +extern int dup3(int oldfd, int newfd, int flags); +extern int execvpe(const char *file, char *const argv[], char *const envp[]); +extern int unlockpt(int fd); +extern char *ptsname(int fd); + +// splice(2) and flags. +extern ssize_t splice(int fd_in, off_t *off_in, int fd_out, off_t *off_out, + size_t len, unsigned int flags); +#ifndef SPLICE_F_MOVE +#define SPLICE_F_MOVE 1 +#endif +#ifndef SPLICE_F_NONBLOCK +#define SPLICE_F_NONBLOCK 2 +#endif + +// RLIMIT constants as plain integers. On glibc these are __rlimit_resource +// enum values which can't be used as Int32 in Swift. +#define CZ_RLIMIT_CPU 0 +#define CZ_RLIMIT_FSIZE 1 +#define CZ_RLIMIT_DATA 2 +#define CZ_RLIMIT_STACK 3 +#define CZ_RLIMIT_CORE 4 +#define CZ_RLIMIT_RSS 5 +#define CZ_RLIMIT_NPROC 6 +#define CZ_RLIMIT_NOFILE 7 +#define CZ_RLIMIT_MEMLOCK 8 +#define CZ_RLIMIT_AS 9 +#define CZ_RLIMIT_LOCKS 10 +#define CZ_RLIMIT_SIGPENDING 11 +#define CZ_RLIMIT_MSGQUEUE 12 +#define CZ_RLIMIT_NICE 13 +#define CZ_RLIMIT_RTPRIO 14 +#define CZ_RLIMIT_RTTIME 15 + +// setrlimit wrapper that accepts plain int for the resource parameter, +// avoiding glibc's __rlimit_resource enum type mismatch in Swift. +int CZ_setrlimit(int resource, unsigned long long soft, unsigned long long hard); + +int CZ_pivot_root(const char *new_root, const char *put_old); +int CZ_set_sub_reaper(); + +#ifndef SYS_pidfd_open +#define SYS_pidfd_open 434 +#endif +int CZ_pidfd_open(pid_t pid, unsigned int flags); + +#ifndef SYS_pidfd_getfd +#define SYS_pidfd_getfd 438 +#endif +int CZ_pidfd_getfd(int pidfd, int targetfd, unsigned int flags); + +int CZ_prctl_set_no_new_privs(); + +#endif diff --git a/vminitd/Sources/LCShim/syscall.c b/vminitd/Sources/LCShim/syscall.c new file mode 100644 index 0000000..094f6c6 --- /dev/null +++ b/vminitd/Sources/LCShim/syscall.c @@ -0,0 +1,52 @@ +/* + * Copyright © 2025-2026 Apple Inc. and the Containerization project authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifdef __linux__ +#include +#include +#include +#include + +#include "syscall.h" + +int CZ_pivot_root(const char *new_root, const char *put_old) { + return syscall(SYS_pivot_root, new_root, put_old); +} + +int CZ_set_sub_reaper() { return prctl(PR_SET_CHILD_SUBREAPER, 1); } + +int CZ_pidfd_open(pid_t pid, unsigned int flags) { + // Musl doesn't have pidfd_open. + return syscall(SYS_pidfd_open, pid, flags); +} + +int CZ_pidfd_getfd(int pidfd, int targetfd, unsigned int flags) { + // Musl doesn't have pidfd_getfd. + return syscall(SYS_pidfd_getfd, pidfd, targetfd, flags); +} + +int CZ_prctl_set_no_new_privs() { + return prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); +} + +int CZ_setrlimit(int resource, unsigned long long soft, + unsigned long long hard) { + struct rlimit limit; + limit.rlim_cur = (rlim_t)soft; + limit.rlim_max = (rlim_t)hard; + return setrlimit(resource, &limit); +} +#endif diff --git a/vminitd/Sources/VminitdCore/AgentCommand.swift b/vminitd/Sources/VminitdCore/AgentCommand.swift new file mode 100644 index 0000000..28c8a4e --- /dev/null +++ b/vminitd/Sources/VminitdCore/AgentCommand.swift @@ -0,0 +1,212 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ArgumentParser +import Cgroup +import Containerization +import ContainerizationError +import ContainerizationOS +import Foundation +import GRPCCore +import Logging +import NIOCore +import NIOPosix + +#if os(Linux) +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif +import LCShim +#endif + +public struct AgentCommand: AsyncParsableCommand { + public static let configuration = CommandConfiguration( + commandName: "agent", + abstract: "Run the vminitd agent daemon" + ) + + private static let foregroundEnvVar = "FOREGROUND" + public static let vsockPort = 1024 + + @OptionGroup var options: LogLevelOption + + public init() {} + + /// Bootstrap the vminitd environment and create an Initd server. + /// Handles mounts, cgroups, memory monitoring, and all pre-serve setup. + public static func bootstrap(options: LogLevelOption) async throws -> Initd { + let log = makeLogger(label: "vminitd", level: options.resolvedLogLevel()) + try adjustLimits(log) + + // When running under debug mode, launch vminitd as a sub process of pid1 + // so that we get a chance to collect better logs and errors before pid1 exists + // and the kernel panics. + #if DEBUG + log.info("DEBUG mode active, checking FOREGROUND env var") + let environment = ProcessInfo.processInfo.environment + let foreground = environment[foregroundEnvVar] + log.info("checking for shim var \(foregroundEnvVar)=\(String(describing: foreground))") + + if foreground == nil { + try runInForeground(log, logLevel: options.logLevel) + _exit(0) + } + + log.info("FOREGROUND is set, running as subprocess, setting subreaper") + // Since we are not running as pid1 in this mode we must set ourselves + // as a subreaper so that all child processes are reaped by us and not + // passed onto our parent. + CZ_set_sub_reaper() + #endif + + signal(SIGPIPE, SIG_IGN) + + log.info("vminitd booting", metadata: versionMetadata()) + + // Set of mounts necessary to be mounted prior to taking any RPCs. + // 1. /proc as the sysctl rpc wouldn't make sense if it wasn't there (NOTE: This is done before this method + // due to Swift seemingly requiring /proc to be present for the async runtime to spin up). + // 2. /run as that is where we store container state. + // 3. /sys as we need it for /sys/fs/cgroup + // 4. /sys/fs/cgroup to add the agent to a cgroup, as well as containers later. + let mounts = [ + ContainerizationOS.Mount( + type: "tmpfs", + source: "tmpfs", + target: "/run", + options: [] + ), + ContainerizationOS.Mount( + type: "sysfs", + source: "sysfs", + target: "/sys", + options: [] + ), + ContainerizationOS.Mount( + type: "cgroup2", + source: "none", + target: "/sys/fs/cgroup", + options: [] + ), + ] + + for mnt in mounts { + log.info("mounting \(mnt.target)") + + try mnt.mount(createWithPerms: 0o755) + } + try Binfmt.mount() + + let cgManager = Cgroup2Manager( + group: URL(filePath: "/vminitd"), + logger: log + ) + try cgManager.create() + try cgManager.toggleAllAvailableControllers(enable: true) + + // Set memory.high threshold to 80 MiB + let high: UInt64 = 80 * 1024 * 1024 + // Set memory.low to 50 MiB to avoid reclaiming vminitd's memory + let low: UInt64 = 50 * 1024 * 1024 + + try cgManager.setMemoryHigh(bytes: high) + try cgManager.setMemoryLow(bytes: low) + try cgManager.addProcess(pid: getpid()) + + let memoryMonitor = try MemoryMonitor( + cgroupManager: cgManager, + threshold: high, + logger: log + ) { [log] (currentUsage, highMark) in + log.warning( + "vminitd memory threshold exceeded", + metadata: [ + "threshold_bytes": "\(high)", + "current_bytes": "\(currentUsage)", + "high_events_total": "\(highMark)", + ]) + } + + let t = Thread { [log] in + do { + try memoryMonitor.run() + } catch { + log.error("memory monitor failed: \(error)") + } + } + t.start() + + let eg = MultiThreadedEventLoopGroup(numberOfThreads: 1) + let blockingPool = NIOThreadPool(numberOfThreads: 2) + blockingPool.start() + return Initd(log: log, group: eg, blockingPool: blockingPool) + } + + public mutating func run() async throws { + let server = try await Self.bootstrap(options: options) + + do { + server.log.info("serving vminitd API") + try await server.serve(port: Self.vsockPort) + server.log.info("vminitd API returned, syncing filesystems") + + #if os(Linux) + sync() + #endif + } catch { + server.log.error("vminitd boot error \(error)") + + #if os(Linux) + sync() + #endif + + _exit(1) + } + } + + private static func runInForeground(_ log: Logger, logLevel: String) throws { + log.info("running vminitd under pid1") + + var command = Command("/sbin/vminitd", arguments: ["agent", "--log-level", logLevel]) + command.attrs = .init(setsid: true) + command.stdin = .standardInput + command.stdout = .standardOutput + command.stderr = .standardError + command.environment = ["\(foregroundEnvVar)=1"] + + try command.start() + let exitCode = try command.wait() + log.info("child process exited with code: \(exitCode)") + } + + private static func adjustLimits(_ log: Logger) throws { + let nrOpen = try String(contentsOfFile: "/proc/sys/fs/nr_open", encoding: .utf8) + .trimmingCharacters(in: .whitespacesAndNewlines) + guard let max = UInt64(nrOpen) else { + throw POSIXError(.EINVAL) + } + log.debug("setting RLIMIT_NOFILE to \(max)") + guard CZ_setrlimit(CZ_RLIMIT_NOFILE, max, max) == 0 else { + throw POSIXError(.init(rawValue: errno)!) + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/CommandRunner.swift b/vminitd/Sources/VminitdCore/CommandRunner.swift new file mode 100644 index 0000000..6387d7e --- /dev/null +++ b/vminitd/Sources/VminitdCore/CommandRunner.swift @@ -0,0 +1,108 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOS +import Foundation +import Synchronization + +struct ProcessSubscription: Sendable { + fileprivate let id: UUID +} + +/// Protocol for running commands and waiting for their exit +protocol CommandRunner: Sendable { + func start(_ cmd: inout Command) throws -> ProcessSubscription + func wait(_ cmd: Command, subscription: ProcessSubscription) async throws -> Int32 +} + +struct DirectCommandRunner: CommandRunner { + func start(_ cmd: inout Command) throws -> ProcessSubscription { + try cmd.start() + return ProcessSubscription(id: UUID()) + } + + func wait(_ cmd: Command, subscription: ProcessSubscription) async throws -> Int32 { + var rus = rusage() + var ws = Int32() + + let result = wait4(cmd.pid, &ws, 0, &rus) + guard result == cmd.pid else { + throw POSIXError(.init(rawValue: errno)!) + } + return Command.toExitStatus(ws) + } +} + +final class ReaperCommandRunner: CommandRunner, Sendable { + private struct Subscriber { + let continuation: AsyncStream<(pid: pid_t, status: Int32)>.Continuation + let stream: AsyncStream<(pid: pid_t, status: Int32)> + } + + private let subscribers: Mutex<[UUID: Subscriber]> = Mutex([:]) + + func start(_ cmd: inout Command) throws -> ProcessSubscription { + // Subscribe before starting to avoid missing fast exits + let id = UUID() + let (stream, continuation) = AsyncStream<(pid: pid_t, status: Int32)>.makeStream() + + subscribers.withLock { subscribers in + subscribers[id] = Subscriber(continuation: continuation, stream: stream) + } + + try cmd.start() + + return ProcessSubscription(id: id) + } + + func wait(_ cmd: Command, subscription: ProcessSubscription) async throws -> Int32 { + let pid = cmd.pid + let id = subscription.id + + defer { + subscribers.withLock { subscribers in + subscribers[id]?.continuation.finish() + subscribers.removeValue(forKey: id) + } + } + + // Get the stream from the subscriber + guard let stream = subscribers.withLock({ $0[id]?.stream }) else { + throw POSIXError(.ECHILD) + } + + for await (exitPid, status) in stream { + if exitPid == pid { + return status + } + } + + throw POSIXError(.ECHILD) + } + + /// Broadcast exit to all subscribers + func notifyExit(pid: pid_t, status: Int32) { + subscribers.withLock { subscribers in + for subscriber in subscribers.values { + subscriber.continuation.yield((pid, status)) + } + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/ContainerProcess.swift b/vminitd/Sources/VminitdCore/ContainerProcess.swift new file mode 100644 index 0000000..e9fe82b --- /dev/null +++ b/vminitd/Sources/VminitdCore/ContainerProcess.swift @@ -0,0 +1,70 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOS +import Foundation + +/// Exit status information for a container process +struct ContainerExitStatus: Sendable { + var exitCode: Int32 + var exitedAt: Date +} + +/// Protocol for managing container processes +/// +/// This protocol abstracts the underlying container runtime implementation, +/// allowing for different backends like vmexec or runc. +protocol ContainerProcess: Sendable { + /// Unique identifier for the container process + var id: String { get } + + /// Process ID of the running container (nil if not started) + var pid: Int32? { get } + + /// Start the container process + /// - Returns: The process ID of the started container + /// - Throws: If the process fails to start + func start() async throws -> Int32 + + /// Wait for the container process to exit + /// - Returns: Exit status information when the process exits + func wait() async -> ContainerExitStatus + + /// Send a signal to the container process + /// - Parameter signal: The signal number to send + /// - Throws: If the signal cannot be sent + func kill(_ signal: Int32) async throws + + /// Resize the terminal for the container process + /// - Parameter size: The new terminal size + /// - Throws: If the terminal cannot be resized or process doesn't have a terminal + func resize(size: Terminal.Size) throws + + /// Close stdin for the container process + /// - Throws: If stdin cannot be closed + func closeStdin() throws + + /// Delete the container process and clean up resources + /// - Throws: If cleanup fails + func delete() async throws + + /// Set the exit status of the process. + func setExit(_ status: Int32) +} + +#endif diff --git a/vminitd/Sources/VminitdCore/HostStdio.swift b/vminitd/Sources/VminitdCore/HostStdio.swift new file mode 100644 index 0000000..2bb3139 --- /dev/null +++ b/vminitd/Sources/VminitdCore/HostStdio.swift @@ -0,0 +1,26 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +struct HostStdio: Sendable { + let stdin: UInt32? + let stdout: UInt32? + let stderr: UInt32? + let terminal: Bool +} + +#endif diff --git a/vminitd/Sources/VminitdCore/IOCloser+Extensions.swift b/vminitd/Sources/VminitdCore/IOCloser+Extensions.swift new file mode 100644 index 0000000..9a44108 --- /dev/null +++ b/vminitd/Sources/VminitdCore/IOCloser+Extensions.swift @@ -0,0 +1,32 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOS +import Foundation + +extension Socket: IOCloser {} + +extension Terminal: IOCloser { + var fileDescriptor: Int32 { + self.handle.fileDescriptor + } +} + +extension FileHandle: IOCloser {} + +#endif diff --git a/vminitd/Sources/VminitdCore/IOCloser.swift b/vminitd/Sources/VminitdCore/IOCloser.swift new file mode 100644 index 0000000..eb27ff2 --- /dev/null +++ b/vminitd/Sources/VminitdCore/IOCloser.swift @@ -0,0 +1,37 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +protocol IOCloser: Sendable { + var fileDescriptor: Int32 { get } + + func close() throws +} + +struct UnownedIOCloser: IOCloser { + private let inner: IOCloser + + var fileDescriptor: Int32 { inner.fileDescriptor } + + init(_ inner: IOCloser) { + self.inner = inner + } + + func close() throws {} +} + +#endif diff --git a/vminitd/Sources/VminitdCore/IOPair.swift b/vminitd/Sources/VminitdCore/IOPair.swift new file mode 100644 index 0000000..7d9df42 --- /dev/null +++ b/vminitd/Sources/VminitdCore/IOPair.swift @@ -0,0 +1,189 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationError +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +final class IOPair: Sendable { + private let io: Mutex + private let logger: Logger? + private let reason: String + + private struct IO { + let from: IOCloser + let to: IOCloser + let buffer: UnsafeMutableBufferPointer + var closed: Bool + var registeredFd: Int32? + + func drain() { + let readFrom = OSFile(fd: from.fileDescriptor) + let writeTo = OSFile(fd: to.fileDescriptor) + + while true { + let r = readFrom.read(buffer) + if r.read > 0 { + let view = UnsafeMutableBufferPointer( + start: buffer.baseAddress, + count: r.read + ) + + let w = writeTo.write(view) + if w.wrote != r.read { + return + } + } + + switch r.action { + case .eof, .again, .error(_): + return + default: + break + } + } + } + + mutating func close(logger: Logger?) { + if self.closed { + return + } + + // Try and drain IO first. + self.drain() + + // Remove the fd from our global epoll instance first. + if let fd = self.registeredFd { + do { + try ProcessSupervisor.default.unregisterFd(fd) + } catch { + logger?.error("failed to delete fd from epoll \(fd): \(error)") + } + self.registeredFd = nil + } + + do { + try self.from.close() + } catch { + logger?.error("failed to close reader fd for IOPair: \(error)") + } + + do { + try self.to.close() + } catch { + logger?.error("failed to close writer fd for IOPair: \(error)") + } + self.buffer.deallocate() + self.closed = true + } + } + + init( + readFrom: IOCloser, + writeTo: IOCloser, + reason: String, + logger: Logger? = nil + ) { + let buffer = UnsafeMutableBufferPointer.allocate(capacity: Int(getpagesize())) + self.io = Mutex( + IO( + from: readFrom, + to: writeTo, + buffer: buffer, + closed: false, + registeredFd: nil + )) + self.reason = reason + self.logger = logger + } + + func relay(ignoreHup: Bool = false) throws { + self.logger?.info("setting up relay for \(reason)") + + let (readFromFd, writeToFd) = self.io.withLock { io in + io.registeredFd = io.from.fileDescriptor + return (io.from.fileDescriptor, io.to.fileDescriptor) + } + + let readFrom = OSFile(fd: readFromFd) + let writeTo = OSFile(fd: writeToFd) + + try ProcessSupervisor.default.registerFd(readFromFd, mask: .input) { mask in + self.io.withLock { io in + if io.closed { + return + } + + if mask.isHangup && !mask.readyToRead { + self.logger?.debug("received EPOLLHUP with no EPOLLIN") + if !ignoreHup { + io.close(logger: self.logger) + } + return + } + + // Loop so we drain fully. + while true { + let r = readFrom.read(io.buffer) + if r.read > 0 { + let view = UnsafeMutableBufferPointer( + start: io.buffer.baseAddress, + count: r.read + ) + + let w = writeTo.write(view) + if w.wrote != r.read { + self.logger?.error("stopping relay: short write for stdio") + io.close(logger: self.logger) + return + } + } + + switch r.action { + case .error(let errno): + self.logger?.error("failed with errno \(errno) while reading for fd \(readFromFd)") + fallthrough + case .eof: + self.logger?.debug("closing relay for \(readFromFd)") + io.close(logger: self.logger) + return + case .again: + if mask.isHangup && !ignoreHup { + self.logger?.error("received EPOLLHUP and EAGAIN exiting") + self.close() + } + return + default: + break + } + } + } + } + } + + func close() { + self.io.withLock { io in + self.logger?.info("closing relay for \(reason)") + io.close(logger: self.logger) + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/InitCommand.swift b/vminitd/Sources/VminitdCore/InitCommand.swift new file mode 100644 index 0000000..1357b8e --- /dev/null +++ b/vminitd/Sources/VminitdCore/InitCommand.swift @@ -0,0 +1,113 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ArgumentParser +import ContainerizationOS +import LCShim + +#if canImport(Musl) +import Musl +private let _exit = Musl.exit +private let _kill = Musl.kill +#elseif canImport(Glibc) +import Glibc +private let _exit = Glibc.exit +private let _kill = Glibc.kill +#endif + +/// A minimal init process that: +/// - Spawns and monitors a child process +/// - Forwards signals to the child +/// - Reaps zombie processes +/// - Exits with the child's exit code +public struct InitCommand: ParsableCommand { + public static let configuration = CommandConfiguration( + commandName: "init", + abstract: "Run as a minimal init process" + ) + + public init() {} + + @Flag(name: .shortAndLong, help: "Send signals to the child's process group instead of just the child") + var processGroup: Bool = false + + @Argument(help: "The command to run") + var command: String + + @Argument(parsing: .captureForPassthrough, help: "Arguments for the command") + var arguments: [String] = [] + + /// Signals that should NOT be forwarded to the child. + private static let ignoredSignals: Set = [ + SIGCHLD, // We handle this for zombie reaping + SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGABRT, SIGTRAP, SIGSYS, // Synchronous signals + ] + + public mutating func run() throws { + // If we're not PID 1, register as a child subreaper so orphaned + // processes get reparented to us and we can reap them. + if getpid() != 1 { + CZ_set_sub_reaper() + } + + // Block all signals. We'll handle them synchronously via sigtimedwait + var allSignals = sigset_t() + sigfillset(&allSignals) + sigprocmask(SIG_BLOCK, &allSignals, nil) + + let resolvedCommand = Path.lookPath(command)?.path ?? command + + var cmd = Command(resolvedCommand, arguments: arguments) + cmd.stdin = .standardInput + cmd.stdout = .standardOutput + cmd.stderr = .standardError + + cmd.attrs = .init(setPGroup: true, setForegroundPGroup: true, setSignalDefault: true) + + try cmd.start() + let childPid = cmd.pid + let signalTarget = processGroup ? -childPid : childPid + var timeout = timespec(tv_sec: 0, tv_nsec: 100_000_000) + + // Handle signals and reap zombies + var childExitStatus: Int32? + while childExitStatus == nil { + var siginfo = siginfo_t() + let sig = sigtimedwait(&allSignals, &siginfo, &timeout) + + if sig > 0 && !Self.ignoredSignals.contains(sig) { + _ = _kill(signalTarget, sig) + } + + while true { + var status: Int32 = 0 + let pid = waitpid(-1, &status, WNOHANG) + if pid <= 0 { + break + } + if pid == childPid { + childExitStatus = Command.toExitStatus(status) + } + } + } + + _exit(childExitStatus ?? 1) + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/Logging.swift b/vminitd/Sources/VminitdCore/Logging.swift new file mode 100644 index 0000000..845d769 --- /dev/null +++ b/vminitd/Sources/VminitdCore/Logging.swift @@ -0,0 +1,117 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ArgumentParser +import Foundation +import Logging +import Synchronization + +public struct LogLevelOption: ParsableArguments { + @Option(name: .long, help: "Set the log level (trace, debug, info, notice, warning, error, critical)") + public var logLevel: String = "info" + + public init() {} + + public init(logLevel: String) { + self.logLevel = logLevel + } + + public func resolvedLogLevel() -> Logger.Level { + switch logLevel.lowercased() { + case "trace": + return .trace + case "debug": + return .debug + case "info": + return .info + case "notice": + return .notice + case "warning": + return .warning + case "error": + return .error + case "critical": + return .critical + default: + return .info + } + } +} + +private let _loggingBootstrapped = Mutex(false) +private let _versionMetadata = Mutex([:]) + +/// Set the version metadata logged on boot. +public func setVersionMetadata(_ metadata: Logger.Metadata) { + _versionMetadata.withLock { $0 = metadata } +} + +func versionMetadata() -> Logger.Metadata { + _versionMetadata.withLock { $0 } +} + +func makeLogger(label: String, level: Logger.Level) -> Logger { + _loggingBootstrapped.withLock { bootstrapped in + if !bootstrapped { + LoggingSystem.bootstrap { label in StderrLogHandler(label: label) } + bootstrapped = true + } + } + var log = Logger(label: label) + log.logLevel = level + return log +} + +private struct StderrLogHandler: LogHandler { + let label: String + var logLevel: Logger.Level = .info + var metadata: Logger.Metadata = [:] + + subscript(metadataKey key: String) -> Logger.Metadata.Value? { + get { metadata[key] } + set { metadata[key] = newValue } + } + + func log( + level: Logger.Level, message: Logger.Message, metadata: Logger.Metadata?, + source: String, file: String, function: String, line: UInt + ) { + var merged = self.metadata + metadata?.forEach { merged[$0] = $1 } + let metaStr = merged.isEmpty ? "" : " \(merged.map { "\($0): \($1)" }.sorted().joined(separator: ", "))" + let ts = isoTimestamp() + let data = "\(ts) \(level) \(label):\(metaStr) \(message)\n".data(using: .utf8) ?? Data() + FileHandle.standardError.write(data) + } + + func isoTimestamp() -> String { + let date = Date() + var time = time_t(date.timeIntervalSince1970) + var ms = Int(date.timeIntervalSince1970 * 1000) % 1000 + if ms < 0 { ms += 1000 } + var tm = tm() + gmtime_r(&time, &tm) + let buf = withUnsafeTemporaryAllocation(of: CChar.self, capacity: 32) { ptr -> String in + strftime(ptr.baseAddress!, 32, "%Y-%m-%dT%H:%M:%S", &tm) + return String(cString: ptr.baseAddress!) + } + return String(format: "%@.%03dZ", buf, ms) + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/ManagedContainer.swift b/vminitd/Sources/VminitdCore/ManagedContainer.swift new file mode 100644 index 0000000..545046a --- /dev/null +++ b/vminitd/Sources/VminitdCore/ManagedContainer.swift @@ -0,0 +1,286 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Cgroup +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging + +public actor ManagedContainer { + public let id: String + let initProcess: any ContainerProcess + + private let cgroupManager: Cgroup2Manager + private let log: Logger + private let bundle: ContainerizationOCI.Bundle + private let needsCgroupCleanup: Bool + private var execs: [String: any ContainerProcess] = [:] + + public var pid: Int32? { + self.initProcess.pid + } + + init( + id: String, + stdio: HostStdio, + spec: ContainerizationOCI.Spec, + ociRuntimePath: String? = nil, + log: Logger + ) async throws { + var cgroupsPath: String + if let cgPath = spec.linux?.cgroupsPath { + cgroupsPath = cgPath + } else { + cgroupsPath = "/container/\(id)" + } + + let bundle = try ContainerizationOCI.Bundle.create( + path: Self.craftBundlePath(id: id), + spec: spec + ) + log.debug("created bundle with spec \(spec)") + + let cgManager = Cgroup2Manager( + group: URL(filePath: cgroupsPath), + logger: log + ) + try cgManager.create() + + do { + try cgManager.toggleAllAvailableControllers(enable: true) + + let initProcess: any ContainerProcess + + if let runtimePath = ociRuntimePath { + // Use runc runtime + let runc = ProcessSupervisor.default.getRuncWithReaper( + Runc( + command: runtimePath, + root: "/run/runc" + ) + ) + initProcess = try RuncProcess( + id: id, + stdio: stdio, + bundle: bundle, + runc: runc, + log: log + ) + self.needsCgroupCleanup = false + log.info("created runc init process with runtime: \(runtimePath)") + } else { + // Use vmexec runtime + initProcess = try ManagedProcess( + id: id, + stdio: stdio, + bundle: bundle, + owningPid: nil, + log: log + ) + self.needsCgroupCleanup = true + log.info("created vmexec init process") + } + + self.cgroupManager = cgManager + self.initProcess = initProcess + self.id = id + self.bundle = bundle + self.log = log + } catch { + try? cgManager.delete() + throw error + } + } +} + +extension ManagedContainer { + // removeCgroupWithRetry will remove a cgroup path handling EAGAIN and EBUSY errors and + // retrying the remove after an exponential timeout + private func removeCgroupWithRetry() async throws { + var delay = 10 // 10ms + let maxRetries = 5 + + for i in 0.. Int32 { + let proc = try self.getExecOrInit(execID: execID) + return try await ProcessSupervisor.default.start(process: proc) + } + + func wait(execID: String) async throws -> ContainerExitStatus { + let proc = try self.getExecOrInit(execID: execID) + return await proc.wait() + } + + func kill(execID: String, _ signal: Int32) async throws { + let proc = try self.getExecOrInit(execID: execID) + try await proc.kill(signal) + } + + func resize(execID: String, size: Terminal.Size) throws { + let proc = try self.getExecOrInit(execID: execID) + try proc.resize(size: size) + } + + func closeStdin(execID: String) throws { + let proc = try self.getExecOrInit(execID: execID) + try proc.closeStdin() + } + + func deleteExec(id: String) throws { + try ensureExecExists(id) + do { + try self.bundle.deleteExecSpec(id: id) + } catch { + self.log.error("failed to remove exec spec from filesystem: \(error)") + } + self.execs.removeValue(forKey: id) + } + + func delete() async throws { + // Delete the init process if it's a RuncProcess + try await self.initProcess.delete() + + // Delete the bundle and cgroup + try self.bundle.delete() + if self.needsCgroupCleanup { + try await self.removeCgroupWithRetry() + } + } + + func stats(_ categories: Cgroup2StatsCategory = .all) throws -> Cgroup2Stats { + try self.cgroupManager.stats(categories) + } + + func getMemoryEvents() throws -> MemoryEvents { + try self.cgroupManager.getMemoryEvents() + } + + func getExecOrInit(execID: String) throws -> any ContainerProcess { + if execID == self.id { + return self.initProcess + } + guard let proc = self.execs[execID] else { + throw ContainerizationError( + .invalidState, + message: "exec \(execID) does not exist in container \(self.id)" + ) + } + return proc + } +} + +extension ContainerizationOCI.Bundle { + func createExecSpec(id: String, process: ContainerizationOCI.Process) throws { + let specDir = self.path.appending(path: "execs/\(id)") + + let fm = FileManager.default + try fm.createDirectory( + atPath: specDir.path, + withIntermediateDirectories: true + ) + + let specData = try JSONEncoder().encode(process) + let processConfigPath = specDir.appending(path: "process.json") + try specData.write(to: processConfigPath) + } + + func getExecSpecPath(id: String) -> URL { + self.path.appending(path: "execs/\(id)/process.json") + } + + func deleteExecSpec(id: String) throws { + let specDir = self.path.appending(path: "execs/\(id)") + + let fm = FileManager.default + try fm.removeItem(at: specDir) + } +} + +extension ManagedContainer { + static func craftBundlePath(id: String) -> URL { + URL(fileURLWithPath: "/run/container").appending(path: id) + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/ManagedProcess.swift b/vminitd/Sources/VminitdCore/ManagedProcess.swift new file mode 100644 index 0000000..ba4cd2d --- /dev/null +++ b/vminitd/Sources/VminitdCore/ManagedProcess.swift @@ -0,0 +1,348 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Cgroup +import Containerization +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +final class ManagedProcess: ContainerProcess, Sendable { + // swiftlint: disable type_name + protocol IO { + func attach(pid: Int32, fd: Int32) throws + func start(process: inout Command) throws + func resize(size: Terminal.Size) throws + func close() throws + func closeStdin() throws + func closeAfterExec() throws + } + // swiftlint: enable type_name + + private struct State { + init(io: IO) { + self.io = io + } + + let io: IO + var waiters: [CheckedContinuation] = [] + var exitStatus: ContainerExitStatus? = nil + var pid: Int32? + } + + private static let ackPid = "AckPid" + private static let ackConsole = "AckConsole" + + let id: String + + private let log: Logger + private let command: Command + private let state: Mutex + private let owningPid: Int32? + private let ackPipe: Pipe + private let syncPipe: Pipe + private let errorPipe: Pipe + private let terminal: Bool + private let bundle: ContainerizationOCI.Bundle + + var pid: Int32? { + self.state.withLock { + $0.pid + } + } + + init( + id: String, + stdio: HostStdio, + bundle: ContainerizationOCI.Bundle, + owningPid: Int32? = nil, + log: Logger + ) throws { + self.id = id + var log = log + log[metadataKey: "id"] = "\(id)" + self.log = log + self.owningPid = owningPid + + let syncPipe = Pipe() + try syncPipe.setCloexec() + self.syncPipe = syncPipe + + let ackPipe = Pipe() + try ackPipe.setCloexec() + self.ackPipe = ackPipe + + let errorPipe = Pipe() + try errorPipe.setCloexec() + self.errorPipe = errorPipe + + let args: [String] + if let owningPid { + args = [ + "exec", + "--parent-pid", + "\(owningPid)", + "--process-path", + bundle.getExecSpecPath(id: id).path, + ] + } else { + args = ["run", "--bundle-path", bundle.path.path] + } + + var command = Command( + "/sbin/vmexec", + arguments: args, + extraFiles: [ + syncPipe.fileHandleForWriting, + ackPipe.fileHandleForReading, + errorPipe.fileHandleForWriting, + ] + ) + + var io: IO + if stdio.terminal { + log.info("setting up terminal I/O") + let attrs = Command.Attrs(setsid: false, setctty: false) + command.attrs = attrs + io = try TerminalIO( + stdio: stdio, + log: log + ) + } else { + command.attrs = .init(setsid: false) + io = StandardIO( + stdio: stdio, + log: log + ) + } + + log.info("starting I/O") + + // Setup IO early. We expect the host to be listening already. + try io.start(process: &command) + + self.command = command + self.terminal = stdio.terminal + self.bundle = bundle + self.state = Mutex(State(io: io)) + } +} + +extension ManagedProcess { + func start() async throws -> Int32 { + do { + return try self.state.withLock { + log.info( + "starting managed process", + metadata: [ + "id": "\(id)" + ]) + + // Start the underlying process. + try command.start() + + defer { + try? self.ackPipe.fileHandleForWriting.close() + try? self.syncPipe.fileHandleForReading.close() + try? self.ackPipe.fileHandleForReading.close() + try? self.syncPipe.fileHandleForWriting.close() + try? self.errorPipe.fileHandleForWriting.close() + } + + // Close our side of any pipes. + try $0.io.closeAfterExec() + try self.ackPipe.fileHandleForReading.close() + try self.syncPipe.fileHandleForWriting.close() + try self.errorPipe.fileHandleForWriting.close() + + let size = MemoryLayout.size + guard let piddata = try syncPipe.fileHandleForReading.read(upToCount: size) else { + throw ContainerizationError(.internalError, message: "no PID data from sync pipe") + } + + guard piddata.count == size else { + throw ContainerizationError(.internalError, message: "invalid payload") + } + + let pid = piddata.withUnsafeBytes { ptr in + ptr.load(as: Int32.self) + } + + log.info( + "got back pid data", + metadata: [ + "pid": "\(pid)" + ]) + $0.pid = pid + + // This should probably happen in vmexec, but we don't need to set any cgroup + // toggles so the problem is much simpler to just do it here. + if let owningPid { + let cgManager = try Cgroup2Manager.loadFromPid(pid: owningPid) + try cgManager.addProcess(pid: pid) + } + + log.info( + "sending pid acknowledgement", + metadata: [ + "pid": "\(pid)" + ]) + try self.ackPipe.fileHandleForWriting.write(contentsOf: Self.ackPid.data(using: .utf8)!) + + if self.terminal { + log.info( + "wait for PTY FD", + metadata: [ + "id": "\(id)" + ]) + + // Wait for a new write that will contain the pty fd if we asked for one. + guard let ptyFd = try self.syncPipe.fileHandleForReading.read(upToCount: size) else { + throw ContainerizationError( + .internalError, + message: "no PTY data from sync pipe" + ) + } + let fd = ptyFd.withUnsafeBytes { ptr in + ptr.load(as: Int32.self) + } + log.info( + "received PTY FD from container, attaching", + metadata: [ + "id": "\(id)" + ]) + + try $0.io.attach(pid: pid, fd: fd) + try self.ackPipe.fileHandleForWriting.write(contentsOf: Self.ackConsole.data(using: .utf8)!) + } + + // Wait for the errorPipe to close (after exec). + if let errorData = try? self.errorPipe.fileHandleForReading.readToEnd(), + let errorString = String(data: errorData, encoding: .utf8), + !errorString.isEmpty + { + throw ContainerizationError( + .internalError, + message: "vmexec error: \(errorString.trimmingCharacters(in: .whitespacesAndNewlines))" + ) + } + + log.info( + "started managed process", + metadata: [ + "pid": "\(pid)", + "id": "\(id)", + ]) + + return pid + } + } catch { + if let errorData = try? self.errorPipe.fileHandleForReading.readToEnd(), + let errorString = String(data: errorData, encoding: .utf8), + !errorString.isEmpty + { + throw ContainerizationError( + .internalError, + message: "vmexec error: \(errorString.trimmingCharacters(in: .whitespacesAndNewlines))", + cause: error + ) + } + throw error + } + } + + func setExit(_ status: Int32) { + self.state.withLock { state in + self.log.info( + "managed process exit", + metadata: [ + "status": "\(status)" + ]) + + let exitStatus = ContainerExitStatus(exitCode: status, exitedAt: Date.now) + state.exitStatus = exitStatus + + do { + try state.io.close() + } catch { + self.log.error("failed to close I/O for process: \(error)") + } + + for waiter in state.waiters { + waiter.resume(returning: exitStatus) + } + + self.log.debug("\(state.waiters.count) managed process waiters signaled") + state.waiters.removeAll() + } + } + + /// Wait on the process to exit + func wait() async -> ContainerExitStatus { + await withCheckedContinuation { cont in + self.state.withLock { + if let status = $0.exitStatus { + cont.resume(returning: status) + return + } + $0.waiters.append(cont) + } + } + } + + func kill(_ signal: Int32) async throws { + try self.state.withLock { + guard let pid = $0.pid else { + throw ContainerizationError(.invalidState, message: "process PID is required") + } + + guard $0.exitStatus == nil else { + return + } + + self.log.info("sending signal \(signal) to process \(pid)") + guard Foundation.kill(pid, signal) == 0 else { + throw POSIXError.fromErrno() + } + } + } + + func resize(size: Terminal.Size) throws { + try self.state.withLock { + guard $0.exitStatus == nil else { + return + } + try $0.io.resize(size: size) + } + } + + func closeStdin() throws { + let io = self.state.withLock { $0.io } + try io.closeStdin() + } + + func delete() async throws { + // vmexec doesn't require explicit cleanup - the process is cleaned up + // when it exits and IO is closed via setExit() + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/MemoryMonitor.swift b/vminitd/Sources/VminitdCore/MemoryMonitor.swift new file mode 100644 index 0000000..d6dcd1c --- /dev/null +++ b/vminitd/Sources/VminitdCore/MemoryMonitor.swift @@ -0,0 +1,158 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Cgroup +import Foundation +import Logging + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +package final class MemoryMonitor: Sendable { + private static let inotifyEventSize = 0x10 + + private let cgroupManager: Cgroup2Manager + private let threshold: UInt64 + private let logger: Logger + private let inotifyFd: Int32 + private let watchDescriptor: Int32 + private let onThresholdExceeded: @Sendable (UInt64, UInt64) -> Void + + package init( + cgroupManager: Cgroup2Manager, + threshold: UInt64, + logger: Logger, + onThresholdExceeded: @escaping @Sendable (UInt64, UInt64) -> Void + ) throws { + self.cgroupManager = cgroupManager + self.threshold = threshold + self.logger = logger + self.onThresholdExceeded = onThresholdExceeded + + let fd = inotify_init() + guard fd != -1 else { + throw Error.inotifyInit(errno: errno) + } + self.inotifyFd = fd + + let eventsPath = cgroupManager.getMemoryEventsPath() + let wd = inotify_add_watch( + inotifyFd, + eventsPath, + UInt32(IN_MODIFY) + ) + guard wd != -1 else { + close(fd) + throw Error.inotifyAddWatch(errno: errno, path: eventsPath) + } + self.watchDescriptor = wd + } + + /// Run the monitoring loop. Call this from a dedicated thread. + /// This function blocks until an error occurs. + package func run() throws { + let eventsPath = cgroupManager.getMemoryEventsPath() + + logger.info( + "Started memory monitoring", + metadata: [ + "threshold_bytes": "\(threshold)", + "events_path": "\(eventsPath)", + ]) + + // Read initial state + var highCountMax: UInt64 = 0 + do { + let events = try cgroupManager.getMemoryEvents() + highCountMax = events.high + } catch { + throw Error.readMemoryEvents(error: error) + } + + let bufSize = Self.inotifyEventSize * 10 + var buffer = [UInt8](repeating: 0, count: bufSize) + while true { + let bytesRead = buffer.withUnsafeMutableBytes { ptr in + read(inotifyFd, ptr.baseAddress!, bufSize) + } + + if bytesRead < 0 { + if errno == EINTR { + continue + } + throw Error.readFailed(errno: errno) + } + + do { + let events = try cgroupManager.getMemoryEvents() + + if events.high > highCountMax { + highCountMax = events.high + + let stats = try cgroupManager.stats(.memory) + let currentUsage = stats.memory?.usage ?? 0 + + onThresholdExceeded(currentUsage, events.high) + } + + if events.oom > 0 || events.oomKill > 0 { + logger.error( + "OOM events detected", + metadata: [ + "oom_events": "\(events.oom)", + "oom_kill_events": "\(events.oomKill)", + ]) + } + } catch { + throw Error.readMemoryEvents(error: error) + } + } + } + + deinit { + inotify_rm_watch(inotifyFd, watchDescriptor) + close(inotifyFd) + } +} + +extension MemoryMonitor { + package enum Error: Swift.Error, CustomStringConvertible { + case inotifyInit(errno: Int32) + case inotifyAddWatch(errno: Int32, path: String) + case readFailed(errno: Int32) + case readMemoryEvents(error: Swift.Error) + + package var description: String { + switch self { + case .inotifyInit(let errno): + return "failed to initialize inotify: errno \(errno)" + case .inotifyAddWatch(let errno, let path): + return "failed to add inotify watch on \(path): errno \(errno)" + case .readFailed(let errno): + return "failed to read inotify events: errno \(errno)" + case .readMemoryEvents(let error): + return "failed to read memory events: \(error)" + } + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/OSFile+Splice.swift b/vminitd/Sources/VminitdCore/OSFile+Splice.swift new file mode 100644 index 0000000..7101b43 --- /dev/null +++ b/vminitd/Sources/VminitdCore/OSFile+Splice.swift @@ -0,0 +1,106 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Foundation +import LCShim + +extension OSFile { + struct SpliceFile: Sendable { + fileprivate var file: OSFile + fileprivate var offset: Int + fileprivate let pipe = Pipe() + + var fileDescriptor: Int32 { + file.fileDescriptor + } + + var reader: Int32 { + pipe.fileHandleForReading.fileDescriptor + } + + var writer: Int32 { + pipe.fileHandleForWriting.fileDescriptor + } + + init(fd: Int32) { + self.file = OSFile(fd: fd) + self.offset = 0 + } + + init(handle: FileHandle) { + self.file = OSFile(handle: handle) + self.offset = 0 + } + + init(from: OSFile, withOffset: Int = 0) { + self.file = from + self.offset = withOffset + } + + func close() throws { + try self.file.close() + } + } + + static func splice(from: inout SpliceFile, to: inout SpliceFile, count: Int = 1 << 16) throws -> (read: Int, wrote: Int, action: IOAction) { + let fromOffset = from.offset + let toOffset = to.offset + + while true { + while (from.offset - to.offset) < count { + let toRead = count - (from.offset - to.offset) + let bytesRead = LCShim.splice(from.fileDescriptor, nil, to.writer, nil, toRead, UInt32(bitPattern: LCShim.SPLICE_F_MOVE | LCShim.SPLICE_F_NONBLOCK)) + if bytesRead == -1 { + if errno != EAGAIN && errno != EIO { + throw POSIXError(.init(rawValue: errno)!) + } + break + } + if bytesRead == 0 { + return (0, 0, .eof) + } + from.offset += bytesRead + if bytesRead < toRead { + break + } + } + if from.offset == to.offset { + return (from.offset - fromOffset, to.offset - toOffset, .success) + } + while to.offset < from.offset { + let toWrite = from.offset - to.offset + let bytesWrote = LCShim.splice(to.reader, nil, to.fileDescriptor, nil, toWrite, UInt32(bitPattern: LCShim.SPLICE_F_MOVE | LCShim.SPLICE_F_NONBLOCK)) + if bytesWrote == -1 { + if errno != EAGAIN && errno != EIO { + throw POSIXError(.init(rawValue: errno)!) + } + break + } + to.offset += bytesWrote + if bytesWrote == 0 { + return (from.offset - fromOffset, to.offset - toOffset, .brokenPipe) + } + if bytesWrote < toWrite { + break + } + } + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/OSFile.swift b/vminitd/Sources/VminitdCore/OSFile.swift new file mode 100644 index 0000000..05f28fb --- /dev/null +++ b/vminitd/Sources/VminitdCore/OSFile.swift @@ -0,0 +1,132 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Foundation + +struct OSFile: Sendable { + enum IOAction: Equatable { + case eof + case again + case success + case brokenPipe + case error(_ errno: Int32) + } + + private let fd: Int32 + + var closed: Bool { + Foundation.fcntl(fd, F_GETFD) == -1 && errno == EBADF + } + + var fileDescriptor: Int32 { fd } + + init(fd: Int32) { + self.fd = fd + } + + init(handle: FileHandle) { + self.fd = handle.fileDescriptor + } + + func close() throws { + guard Foundation.close(self.fd) == 0 else { + throw POSIXError(.init(rawValue: errno)!) + } + } + + func read(_ buffer: UnsafeMutableBufferPointer) -> (read: Int, action: IOAction) { + if buffer.count == 0 { + return (0, .success) + } + + var bytesRead: Int = 0 + while true { + let n = Foundation.read( + self.fd, + buffer.baseAddress!.advanced(by: bytesRead), + buffer.count - bytesRead + ) + if n == -1 { + if errno == EAGAIN || errno == EIO { + return (bytesRead, .again) + } + return (bytesRead, .error(errno)) + } + + if n == 0 { + return (bytesRead, .eof) + } + + bytesRead += n + if bytesRead < buffer.count { + continue + } + return (bytesRead, .success) + } + } + + func write(_ buffer: UnsafeMutableBufferPointer) -> (wrote: Int, action: IOAction) { + if buffer.count == 0 { + return (0, .success) + } + + var bytesWrote: Int = 0 + while true { + let n = Foundation.write( + self.fd, + buffer.baseAddress!.advanced(by: bytesWrote), + buffer.count - bytesWrote + ) + if n == -1 { + if errno == EAGAIN || errno == EIO { + return (bytesWrote, .again) + } + return (bytesWrote, .error(errno)) + } + + if n == 0 { + return (bytesWrote, .brokenPipe) + } + + bytesWrote += n + if bytesWrote < buffer.count { + continue + } + return (bytesWrote, .success) + } + } + + static func pipe() -> (read: Self, write: Self) { + let pipe = Pipe() + return (Self(handle: pipe.fileHandleForReading), Self(handle: pipe.fileHandleForWriting)) + } + + static func open(path: String) throws -> Self { + try open(path: path, mode: O_RDONLY | O_CLOEXEC) + } + + static func open(path: String, mode: Int32) throws -> Self { + let fd = Foundation.open(path, mode) + if fd < 0 { + throw POSIXError(.init(rawValue: errno)!) + } + return Self(fd: fd) + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/PauseCommand.swift b/vminitd/Sources/VminitdCore/PauseCommand.swift new file mode 100644 index 0000000..968f407 --- /dev/null +++ b/vminitd/Sources/VminitdCore/PauseCommand.swift @@ -0,0 +1,82 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ArgumentParser +import Dispatch +import Logging + +#if canImport(Musl) +import Musl +private let _exit = Musl.exit +#elseif canImport(Glibc) +import Glibc +private let _exit = Glibc.exit +#endif + +public struct PauseCommand: ParsableCommand { + public static let configuration = CommandConfiguration( + commandName: "pause", + abstract: "Run the pause container" + ) + + public init() {} + + @OptionGroup var options: LogLevelOption + + public mutating func run() throws { + let log = makeLogger(label: "pause", level: options.resolvedLogLevel()) + + if getpid() != 1 { + log.warning("pause should be the first process") + } + + // NOTE: For whatever reason, using signal() for the below causes a swift compiler issue. + // Can revert whenever that is understood. + let sigintSource = DispatchSource.makeSignalSource(signal: SIGINT) + sigintSource.setEventHandler { + log.info("Shutting down, got SIGINT") + _exit(0) + } + sigintSource.resume() + + let sigtermSource = DispatchSource.makeSignalSource(signal: SIGTERM) + sigtermSource.setEventHandler { + log.info("Shutting down, got SIGTERM") + _exit(0) + } + sigtermSource.resume() + + let sigchldSource = DispatchSource.makeSignalSource(signal: SIGCHLD) + sigchldSource.setEventHandler { + var status: Int32 = 0 + while waitpid(-1, &status, WNOHANG) > 0 {} + } + sigchldSource.resume() + + log.info("pause container running, waiting for signals...") + + while true { + _ = pause() + } + + log.error("Error: infinite loop terminated") + _exit(42) + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/ProcessSupervisor.swift b/vminitd/Sources/VminitdCore/ProcessSupervisor.swift new file mode 100644 index 0000000..82e767b --- /dev/null +++ b/vminitd/Sources/VminitdCore/ProcessSupervisor.swift @@ -0,0 +1,168 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +final class ProcessSupervisor: Sendable { + private let poller: Epoll + private let handlers = Mutex<[Int32: @Sendable (Epoll.Mask) -> Void]>([:]) + + private let queue: DispatchQueue + // `DispatchSourceSignal` is thread-safe. + private nonisolated(unsafe) let source: DispatchSourceSignal + + private struct State { + var processes: [any ContainerProcess] = [] + var log: Logger? + } + + private let state: Mutex + private let reaperCommandRunner = ReaperCommandRunner() + + func setLog(_ log: Logger?) { + self.state.withLock { $0.log = log } + } + + static let `default` = ProcessSupervisor() + + private init() { + let queue = DispatchQueue(label: "process-supervisor") + self.source = DispatchSource.makeSignalSource(signal: SIGCHLD, queue: queue) + self.queue = queue + self.poller = try! Epoll() + self.state = Mutex(State()) + let t = Thread { + while true { + guard let events = self.poller.wait() else { + return + } + if events.isEmpty { + return + } + for event in events { + let handler = self.handlers.withLock { $0[event.fd] } + handler?(event.mask) + } + } + } + t.start() + } + + /// Register a file descriptor for epoll monitoring with a handler. + /// + /// The handler is stored before the fd is added to epoll, ensuring no + /// events are missed. + func registerFd( + _ fd: Int32, + mask: Epoll.Mask = [.input, .output], + handler: @escaping @Sendable (Epoll.Mask) -> Void + ) throws { + self.handlers.withLock { $0[fd] = handler } + do { + try self.poller.add(fd, mask: mask) + } catch { + self.handlers.withLock { _ = $0.removeValue(forKey: fd) } + throw error + } + } + + /// Remove a file descriptor from epoll monitoring and discard its handler. + func unregisterFd(_ fd: Int32) throws { + self.handlers.withLock { _ = $0.removeValue(forKey: fd) } + try self.poller.delete(fd) + } + + func ready() { + self.source.setEventHandler { + self.handleSignal() + } + self.source.resume() + } + + private func handleSignal() { + dispatchPrecondition(condition: .onQueue(queue)) + + let exited = Reaper.reap() + + for (pid, status) in exited { + reaperCommandRunner.notifyExit(pid: pid, status: status) + } + + self.state.withLock { state in + state.log?.debug("received SIGCHLD, reaping processes") + state.log?.debug("finished wait4 of \(exited.count) processes") + state.log?.debug("checking for exit of managed process", metadata: ["exits": "\(exited)", "processes": "\(state.processes.count)"]) + + let exitedProcesses = state.processes.filter { proc in + exited.contains { pid, _ in + proc.pid == pid + } + } + + for proc in exitedProcesses { + guard let pid = proc.pid else { + continue + } + + if let status = exited[pid] { + state.log?.debug( + "managed process exited", + metadata: [ + "pid": "\(pid)", + "status": "\(status)", + "count": "\(state.processes.count - 1)", + ]) + proc.setExit(status) + state.processes.removeAll(where: { $0.pid == pid }) + } + } + } + } + + func start(process: any ContainerProcess) async throws -> Int32 { + self.state.withLock { state in + state.log?.debug("in supervisor lock to start process") + state.processes.append(process) + } + do { + return try await process.start() + } catch { + self.state.withLock { state in + state.processes.removeAll(where: { $0.id == process.id }) + } + throw error + } + } + + /// Get a Runc instance configured with the reaper command runner + func getRuncWithReaper(_ base: Runc = Runc()) -> Runc { + var runc = base + runc.commandRunner = reaperCommandRunner + return runc + } + + deinit { + source.cancel() + poller.shutdown() + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/Runc/ConsoleSocket.swift b/vminitd/Sources/VminitdCore/Runc/ConsoleSocket.swift new file mode 100644 index 0000000..48d4a02 --- /dev/null +++ b/vminitd/Sources/VminitdCore/Runc/ConsoleSocket.swift @@ -0,0 +1,83 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOS +import Foundation + +/// A Unix socket for receiving PTY master file descriptors from runc +final class ConsoleSocket: Sendable { + private let socket: Socket + private let socketPath: String + + /// The path to the console socket + var path: String { socketPath } + + /// Create a new console socket at the specified path + init(path: String) throws { + let absPath = path.starts(with: "/") ? path : FileManager.default.currentDirectoryPath + "/" + path + self.socketPath = absPath + + let pathURL = URL(fileURLWithPath: absPath) + let dir = pathURL.deletingLastPathComponent().path + try FileManager.default.createDirectory( + atPath: dir, + withIntermediateDirectories: true, + attributes: nil + ) + + let socketType = try UnixType(path: absPath, unlinkExisting: true) + self.socket = try Socket(type: socketType) + + try socket.listen() + } + + /// Create a temporary console socket in the runtime directory + static func temporary() throws -> ConsoleSocket { + let tmpDir = "/tmp" + let socketDir = tmpDir + "/runc-console-\(UUID().uuidString)" + let socketPath = socketDir + "/console.sock" + + try FileManager.default.createDirectory( + atPath: socketDir, + withIntermediateDirectories: true, + attributes: nil + ) + + let socket = try ConsoleSocket(path: socketPath) + return socket + } + + /// Receive the PTY master file descriptor from runc + func receiveMaster() throws -> Int32 { + let connection = try socket.accept() + defer { try? connection.close() } + return try connection.receiveFileDescriptor() + } + + /// Close the socket and optionally remove the socket file + func close() throws { + try socket.close() + try FileManager.default.removeItem(atPath: socketPath) + } + + deinit { + try? close() + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/Runc/Runc.swift b/vminitd/Sources/VminitdCore/Runc/Runc.swift new file mode 100644 index 0000000..9c5447b --- /dev/null +++ b/vminitd/Sources/VminitdCore/Runc/Runc.swift @@ -0,0 +1,794 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOCI +import ContainerizationOS +import Foundation + +/// Log format for runc output +enum LogFormat: String, Sendable { + case json + case text +} + +/// Configuration and client for interacting with the runc binary +struct Runc: Sendable { + /// IO configuration for runc operations + struct IO: Sendable { + var stdin: FileHandle? + var stdout: FileHandle? + var stderr: FileHandle? + + init( + stdin: FileHandle? = nil, + stdout: FileHandle? = nil, + stderr: FileHandle? = nil + ) { + self.stdin = stdin + self.stdout = stdout + self.stderr = stderr + } + + static let inherit = IO() + } + + /// Path to the runc binary + var command: String + + /// Root directory for container state + var root: String? + + /// Enable debug output + var debug: Bool + + /// Path to log file + var log: String? + + /// Format for log output + var logFormat: LogFormat? + + /// Signal to send when parent process dies + var pdeathSignal: Int32? + + /// Set process group ID + var setpgid: Bool + + /// Path to criu binary for checkpoint/restore + var criu: String? + + /// Use systemd cgroup manager + var systemdCgroup: Bool + + /// Enable rootless mode + var rootless: Bool + + /// Additional arguments to pass to runc + var extraArgs: [String] + + /// Command runner to use instead of direct wait4 (for PID 1 environments with reapers) + var commandRunner: (any CommandRunner)? + + init( + command: String = "runc", + root: String? = nil, + debug: Bool = false, + log: String? = nil, + logFormat: LogFormat? = nil, + pdeathSignal: Int32? = nil, + setpgid: Bool = false, + criu: String? = nil, + systemdCgroup: Bool = false, + rootless: Bool = false, + extraArgs: [String] = [], + commandRunner: (any CommandRunner)? = nil + ) { + self.command = command + self.root = root + self.debug = debug + self.log = log + self.logFormat = logFormat + self.pdeathSignal = pdeathSignal + self.setpgid = setpgid + self.criu = criu + self.systemdCgroup = systemdCgroup + self.rootless = rootless + self.extraArgs = extraArgs + self.commandRunner = commandRunner + } +} + +/// Options for creating a container +struct CreateOpts: Sendable { + /// Path to file to write container PID + var pidFile: String? + + /// Path to console socket for terminal access + var consoleSocket: String? + + /// Detach from the container process + var detach: Bool + + /// Do not use pivot_root to change root + var noPivot: Bool + + /// Do not create a new session + var noNewKeyring: Bool + + /// Additional file descriptors to pass to the container + var extraFiles: [FileHandle] + + /// IO configuration for the runc process + var io: Runc.IO + + init( + pidFile: String? = nil, + consoleSocket: String? = nil, + detach: Bool = false, + noPivot: Bool = false, + noNewKeyring: Bool = false, + extraFiles: [FileHandle] = [], + io: Runc.IO = .inherit + ) { + self.pidFile = pidFile + self.consoleSocket = consoleSocket + self.detach = detach + self.noPivot = noPivot + self.noNewKeyring = noNewKeyring + self.extraFiles = extraFiles + self.io = io + } +} + +/// Options for executing a process in a container +struct ExecOpts: Sendable { + /// Path to file to write process PID + var pidFile: String? + + /// Path to console socket for terminal access + var consoleSocket: String? + + /// Detach from the process + var detach: Bool + + /// Path to process.json file + var processPath: String? + + /// IO configuration for the runc process + var io: Runc.IO + + init( + pidFile: String? = nil, + consoleSocket: String? = nil, + detach: Bool = false, + processPath: String? = nil, + io: Runc.IO = .inherit + ) { + self.pidFile = pidFile + self.consoleSocket = consoleSocket + self.detach = detach + self.processPath = processPath + self.io = io + } +} + +/// Options for deleting a container +struct DeleteOpts: Sendable { + /// Force deletion of a running container + var force: Bool + + init(force: Bool = false) { + self.force = force + } +} + +/// Options for restoring a container from checkpoint +struct RestoreOpts: Sendable { + /// Path to file to write container PID + var pidFile: String? + + /// Path to console socket for terminal access + var consoleSocket: String? + + /// Detach from the container process + var detach: Bool + + /// Do not use pivot_root to change root + var noPivot: Bool + + /// Do not create a new session + var noNewKeyring: Bool + + /// Path to checkpoint image + var imagePath: String? + + /// Path to parent checkpoint + var parentPath: String? + + /// Work directory for CRIU + var workPath: String? + + init( + pidFile: String? = nil, + consoleSocket: String? = nil, + detach: Bool = false, + noPivot: Bool = false, + noNewKeyring: Bool = false, + imagePath: String? = nil, + parentPath: String? = nil, + workPath: String? = nil + ) { + self.pidFile = pidFile + self.consoleSocket = consoleSocket + self.detach = detach + self.noPivot = noPivot + self.noNewKeyring = noNewKeyring + self.imagePath = imagePath + self.parentPath = parentPath + self.workPath = workPath + } +} + +/// Container information returned from list operation +struct Container: Sendable, Codable { + let id: String + let pid: Int + let status: String + let bundle: String + let rootfs: String + let created: Date + let annotations: [String: String]? + + enum CodingKeys: String, CodingKey { + case id + case pid + case status + case bundle + case rootfs + case created + case annotations + } +} + +extension Runc { + enum Error: Swift.Error, CustomStringConvertible { + case invalidJSON(String) + case commandFailed(Int32, String) + case invalidPidFile(String) + + var description: String { + switch self { + case .invalidJSON(let detail): + return "invalid JSON: \(detail)" + case .commandFailed(let status, let output): + return "command failed with status \(status): \(output)" + case .invalidPidFile(let path): + return "invalid or missing PID file: \(path)" + } + } + } +} + +// MARK: - Command Building and Execution + +extension Runc { + /// Build base arguments for runc command + func baseArgs() -> [String] { + var args: [String] = [] + + if let root = root { + args += ["--root", root] + } + + if debug { + args.append("--debug") + } + + if let log = log { + args += ["--log", log] + } + + if let logFormat = logFormat { + args += ["--log-format", logFormat.rawValue] + } + + if systemdCgroup { + args.append("--systemd-cgroup") + } + + if rootless { + args.append("--rootless") + } + + args += extraArgs + + return args + } + + /// Execute a runc command and return the output + func execute( + args: [String], + stdin: FileHandle? = nil, + stdout: FileHandle? = nil, + stderr: FileHandle? = nil, + extraFiles: [FileHandle] = [], + directory: String? = nil + ) async throws -> (status: Int32, output: Data) { + var cmd = Command( + command, + arguments: args, + directory: directory, + extraFiles: extraFiles + ) + + // Setup IO + let outPipe = Pipe() + cmd.stdin = stdin + cmd.stdout = stdout ?? outPipe.fileHandleForWriting + cmd.stderr = stderr ?? outPipe.fileHandleForWriting + + if let pdeathSignal = pdeathSignal { + cmd.attrs.pdeathSignal = pdeathSignal + } + + if setpgid { + cmd.attrs.setPGroup = true + } + + let exitStatus: Int32 + + if let runner = commandRunner { + let subscription = try runner.start(&cmd) + exitStatus = try await runner.wait(cmd, subscription: subscription) + } else { + try cmd.start() + exitStatus = try cmd.wait() + } + + var output = Data() + if stdout == nil { + try? outPipe.fileHandleForWriting.close() + output = try outPipe.fileHandleForReading.readToEnd() ?? Data() + } + + return (exitStatus, output) + } + + /// Execute command and parse JSON output + func executeJSON( + args: [String], + directory: String? = nil + ) async throws -> T { + let (status, output) = try await execute(args: args, directory: directory) + + guard status == 0 else { + let errorOutput = String(data: output, encoding: .utf8) ?? "" + throw Error.commandFailed(status, errorOutput) + } + + do { + return try JSONDecoder().decode(T.self, from: output) + } catch { + let outputStr = String(data: output, encoding: .utf8) ?? "" + throw Error.invalidJSON("failed to decode: \(error), output: \(outputStr)") + } + } + + /// Execute command without capturing output + func executeVoid( + args: [String], + stdin: FileHandle? = nil, + stdout: FileHandle? = nil, + stderr: FileHandle? = nil, + extraFiles: [FileHandle] = [], + directory: String? = nil + ) async throws { + let (status, output) = try await execute( + args: args, + stdin: stdin, + stdout: stdout, + stderr: stderr, + extraFiles: extraFiles, + directory: directory + ) + + guard status == 0 else { + let errorOutput = String(data: output, encoding: .utf8) ?? "" + throw Error.commandFailed(status, errorOutput) + } + } + + /// Read PID from a file + func readPidFile(_ path: String) throws -> Int { + guard let data = try? Data(contentsOf: URL(fileURLWithPath: path)), + let pidString = String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines), + let pid = Int(pidString) + else { + throw Error.invalidPidFile(path) + } + return pid + } +} + +extension Runc { + /// Create a container + func create( + id: String, + bundle: String, + opts: CreateOpts = CreateOpts() + ) async throws -> Int? { + var args = baseArgs() + ["create"] + + if let pidFile = opts.pidFile { + args += ["--pid-file", pidFile] + } + + if let consoleSocket = opts.consoleSocket { + args += ["--console-socket", consoleSocket] + } + + if opts.detach { + args.append("--detach") + } + + if opts.noPivot { + args.append("--no-pivot") + } + + if opts.noNewKeyring { + args.append("--no-new-keyring") + } + + args += ["--bundle", bundle, id] + + try await executeVoid( + args: args, + stdin: opts.io.stdin, + stdout: opts.io.stdout, + stderr: opts.io.stderr, + extraFiles: opts.extraFiles, + directory: bundle + ) + + // Read PID if pidFile was specified + if let pidFile = opts.pidFile { + return try readPidFile(pidFile) + } + + return nil + } + + /// Start a container + func start(id: String) async throws { + let args = baseArgs() + ["start", id] + try await executeVoid(args: args) + } + + /// Run a container (create + start) + func run( + id: String, + bundle: String, + opts: CreateOpts = CreateOpts() + ) async throws -> Int? { + var args = baseArgs() + ["run"] + + if let pidFile = opts.pidFile { + args += ["--pid-file", pidFile] + } + + if let consoleSocket = opts.consoleSocket { + args += ["--console-socket", consoleSocket] + } + + if opts.detach { + args.append("--detach") + } + + if opts.noPivot { + args.append("--no-pivot") + } + + if opts.noNewKeyring { + args.append("--no-new-keyring") + } + + args += ["--bundle", bundle, id] + + try await executeVoid( + args: args, + stdin: opts.io.stdin, + stdout: opts.io.stdout, + stderr: opts.io.stderr, + extraFiles: opts.extraFiles, + directory: bundle + ) + + // Read PID if pidFile was specified + if let pidFile = opts.pidFile { + return try readPidFile(pidFile) + } + + return nil + } + + /// Delete a container + func delete(id: String, opts: DeleteOpts = DeleteOpts()) async throws { + var args = baseArgs() + ["delete"] + + if opts.force { + args.append("--force") + } + + args.append(id) + + try await executeVoid(args: args) + } + + /// Send a signal to a container + func kill(id: String, signal: Int32, all: Bool = false) async throws { + var args = baseArgs() + ["kill"] + + if all { + args.append("--all") + } + + args += [id, String(signal)] + + try await executeVoid(args: args) + } + + /// Pause a container + func pause(id: String) async throws { + let args = baseArgs() + ["pause", id] + try await executeVoid(args: args) + } + + /// Resume a paused container + func resume(id: String) async throws { + let args = baseArgs() + ["resume", id] + try await executeVoid(args: args) + } + + /// Execute a process in a running container + func exec( + id: String, + processSpec: String, + opts: ExecOpts = ExecOpts() + ) async throws -> Int? { + var args = baseArgs() + ["exec"] + + if let pidFile = opts.pidFile { + args += ["--pid-file", pidFile] + } + + if let consoleSocket = opts.consoleSocket { + args += ["--console-socket", consoleSocket] + } + + if opts.detach { + args.append("--detach") + } + + if let processPath = opts.processPath { + args += ["--process", processPath] + } + + args += [id, processSpec] + + try await executeVoid( + args: args, + stdin: opts.io.stdin, + stdout: opts.io.stdout, + stderr: opts.io.stderr + ) + + // Read PID if pidFile was specified + if let pidFile = opts.pidFile { + return try readPidFile(pidFile) + } + + return nil + } + + /// Update container resources + func update(id: String, resources: String) async throws { + let args = baseArgs() + ["update", "--resources", resources, id] + try await executeVoid(args: args) + } + + /// Checkpoint a container + func checkpoint( + id: String, + imagePath: String, + leaveRunning: Bool = false, + workPath: String? = nil + ) async throws { + var args = baseArgs() + ["checkpoint"] + + if leaveRunning { + args.append("--leave-running") + } + + if let workPath = workPath { + args += ["--work-path", workPath] + } + + args += ["--image-path", imagePath, id] + + try await executeVoid(args: args) + } + + /// Restore a container from checkpoint + func restore( + id: String, + bundle: String, + opts: RestoreOpts = RestoreOpts() + ) async throws -> Int? { + var args = baseArgs() + ["restore"] + + if let pidFile = opts.pidFile { + args += ["--pid-file", pidFile] + } + + if let consoleSocket = opts.consoleSocket { + args += ["--console-socket", consoleSocket] + } + + if opts.detach { + args.append("--detach") + } + + if opts.noPivot { + args.append("--no-pivot") + } + + if opts.noNewKeyring { + args.append("--no-new-keyring") + } + + if let imagePath = opts.imagePath { + args += ["--image-path", imagePath] + } + + if let parentPath = opts.parentPath { + args += ["--parent-path", parentPath] + } + + if let workPath = opts.workPath { + args += ["--work-path", workPath] + } + + args += ["--bundle", bundle, id] + + try await executeVoid(args: args, directory: bundle) + + if let pidFile = opts.pidFile { + return try readPidFile(pidFile) + } + + return nil + } +} + +// MARK: - List and State Operations + +extension Runc { + /// List all containers + func list() async throws -> [Container] { + let args = baseArgs() + ["list", "--format", "json"] + let containers: [Container] = try await executeJSON(args: args) + return containers + } + + /// Get state of a specific container + func state(id: String) async throws -> ContainerizationOCI.State { + let args = baseArgs() + ["state", id] + let state: ContainerizationOCI.State = try await executeJSON(args: args) + return state + } + + /// List process IDs in a container + func ps(id: String) async throws -> [Int] { + let args = baseArgs() + ["ps", "--format", "json", id] + let (status, output) = try await execute(args: args) + + guard status == 0 else { + let errorOutput = String(data: output, encoding: .utf8) ?? "" + throw Error.commandFailed(status, errorOutput) + } + + // ps output is just an array of PIDs + let pids = try JSONDecoder().decode([Int].self, from: output) + return pids + } + + /// Get version information + func version() async throws -> String { + let args = [command, "--version"] + let (status, output) = try await execute(args: args) + + guard status == 0 else { + let errorOutput = String(data: output, encoding: .utf8) ?? "" + throw Error.commandFailed(status, errorOutput) + } + + return String(data: output, encoding: .utf8) ?? "" + } +} + +// MARK: - Events + +extension Runc { + /// Event from container runtime + struct Event: Codable, Sendable { + let type: String + let id: String + let stats: EventStats? + + enum CodingKeys: String, CodingKey { + case type + case id + case stats + } + } + + /// Statistics in an event + struct EventStats: Codable, Sendable { + let cpu: CPUStats? + let memory: MemoryStats? + let pids: PIDStats? + + enum CodingKeys: String, CodingKey { + case cpu + case memory + case pids + } + } + + struct CPUStats: Codable, Sendable { + let usage: CPUUsage? + let throttling: ThrottlingData? + + struct CPUUsage: Codable, Sendable { + let total: UInt64? + let percpu: [UInt64]? + } + + struct ThrottlingData: Codable, Sendable { + let periods: UInt64? + let throttledPeriods: UInt64? + let throttledTime: UInt64? + } + } + + struct MemoryStats: Codable, Sendable { + let usage: MemoryUsage? + let limit: UInt64? + + struct MemoryUsage: Codable, Sendable { + let usage: UInt64? + let max: UInt64? + } + } + + struct PIDStats: Codable, Sendable { + let current: UInt64? + let limit: UInt64? + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/RuncProcess.swift b/vminitd/Sources/VminitdCore/RuncProcess.swift new file mode 100644 index 0000000..eae35f8 --- /dev/null +++ b/vminitd/Sources/VminitdCore/RuncProcess.swift @@ -0,0 +1,564 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Containerization +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +/// A container process implementation that uses runc as the OCI runtime +final class RuncProcess: ContainerProcess, Sendable { + // swiftlint: disable type_name + protocol IO: Sendable { + func attachConsole(fd: Int32) throws + func create() throws + func getIO() -> Runc.IO + func closeAfterExec() throws + func resize(size: Terminal.Size) throws + func close() throws + func closeStdin() throws + } + // swiftlint: enable type_name + + private enum ProcessState { + case initial + case creating + case running(pid: Int32) + case exited(ContainerExitStatus) + } + + private struct State { + var state: ProcessState = .initial + var waiters: [CheckedContinuation] = [] + } + + let id: String + + private let log: Logger + private let runc: Runc + private let io: IO + private let state: Mutex + private let terminal: Bool + private let bundle: ContainerizationOCI.Bundle + private let consoleSocket: ConsoleSocket? + + var pid: Int32? { + self.state.withLock { + switch $0.state { + case .running(let pid): + return pid + default: + return nil + } + } + } + + init( + id: String, + stdio: HostStdio, + bundle: ContainerizationOCI.Bundle, + runc: Runc, + log: Logger + ) throws { + self.id = id + var log = log + log[metadataKey: "id"] = "\(id)" + self.log = log + self.runc = runc + self.bundle = bundle + self.terminal = stdio.terminal + + var io: IO + var consoleSocket: ConsoleSocket? = nil + + if stdio.terminal { + log.info("setting up terminal I/O for runc") + let socket = try ConsoleSocket.temporary() + consoleSocket = socket + io = try RuncTerminalIO( + stdio: stdio, + log: log + ) + } else { + io = RuncStandardIO( + stdio: stdio, + log: log + ) + } + + log.info("starting I/O for runc") + try io.create() + + self.consoleSocket = consoleSocket + self.io = io + self.state = Mutex(State()) + } + + func start() async throws -> Int32 { + try self.state.withLock { + guard case .initial = $0.state else { + throw ContainerizationError( + .invalidState, + message: "container already started" + ) + } + $0.state = .creating + } + + log.info( + "starting runc process", + metadata: [ + "id": "\(id)" + ]) + + let pidFilePath = self.bundle.path.appendingPathComponent("runc-pid").path + let runcIO = self.io.getIO() + + let opts: CreateOpts + if let consoleSocket { + opts = CreateOpts( + pidFile: pidFilePath, + consoleSocket: consoleSocket.path, + io: runcIO + ) + } else { + opts = CreateOpts( + pidFile: pidFilePath, + io: runcIO + ) + } + + guard + let pidInt = try await self.runc.create( + id: self.id, + bundle: self.bundle.path.path, + opts: opts + ) + else { + throw ContainerizationError( + .internalError, + message: "runc create did not return a PID" + ) + } + + let pid = Int32(pidInt) + + self.log.info( + "container created", + metadata: [ + "pid": "\(pid)" + ]) + + // Close the pipe ends we gave to runc now that it has inherited them + // and attach console if in terminal mode + if self.terminal, let consoleSocket = self.consoleSocket { + self.log.info("waiting for console FD from runc") + let ptyFd = try consoleSocket.receiveMaster() + + self.log.info( + "received PTY FD from runc, attaching", + metadata: [ + "id": "\(self.id)" + ]) + + try self.io.closeAfterExec() + try self.io.attachConsole(fd: ptyFd) + } else { + try self.io.closeAfterExec() + } + + try await self.runc.start(id: self.id) + + self.state.withLock { + $0.state = .running(pid: pid) + } + + self.log.info( + "started runc process", + metadata: [ + "pid": "\(pid)", + "id": "\(self.id)", + ]) + + return pid + } + + func setExit(_ status: Int32) { + self.state.withLock { + self.log.info( + "runc process exit", + metadata: [ + "status": "\(status)" + ]) + + let exitStatus = ContainerExitStatus(exitCode: status, exitedAt: Date.now) + $0.state = .exited(exitStatus) + + do { + try self.io.close() + } catch { + self.log.error("failed to close I/O for process: \(error)") + } + + for waiter in $0.waiters { + waiter.resume(returning: exitStatus) + } + + self.log.debug("\($0.waiters.count) runc process waiters signaled") + $0.waiters.removeAll() + } + } + + func wait() async -> ContainerExitStatus { + await withCheckedContinuation { cont in + self.state.withLock { + if case .exited(let exitStatus) = $0.state { + cont.resume(returning: exitStatus) + return + } + $0.waiters.append(cont) + } + } + } + + func kill(_ signal: Int32) async throws { + self.log.info("sending signal \(signal) to runc container \(id)") + try await self.runc.kill(id: self.id, signal: signal) + } + + func resize(size: Terminal.Size) throws { + try self.state.withLock { + if case .exited = $0.state { + return + } + try self.io.resize(size: size) + } + } + + func closeStdin() throws { + try self.io.closeStdin() + } + + func delete() async throws { + let shouldDelete = self.state.withLock { state -> Bool in + switch state.state { + case .initial, .creating: + return false + default: + return true + } + } + + guard shouldDelete else { + log.info("container was never created, skipping delete") + return + } + + log.info("deleting runc container", metadata: ["id": "\(id)"]) + + try await self.runc.delete( + id: self.id, + opts: DeleteOpts(force: true) + ) + + if let consoleSocket = self.consoleSocket { + try consoleSocket.close() + } + } +} + +// MARK: - RuncTerminalIO + +final class RuncTerminalIO: RuncProcess.IO & Sendable { + private struct State { + var stdinSocket: Socket? + var stdoutSocket: Socket? + + var stdin: IOPair? + var stdout: IOPair? + var terminal: Terminal? + } + + private let log: Logger? + private let hostStdio: HostStdio + private let state: Mutex + + init( + stdio: HostStdio, + log: Logger? + ) throws { + self.hostStdio = stdio + self.log = log + self.state = Mutex(State()) + } + + func resize(size: Terminal.Size) throws { + try self.state.withLock { + if let terminal = $0.terminal { + try terminal.resize(size: size) + } + } + } + + func create() throws { + try self.state.withLock { + if let stdinPort = self.hostStdio.stdin { + let type = VsockType( + port: stdinPort, + cid: VsockType.hostCID + ) + let stdinSocket = try Socket(type: type, closeOnDeinit: false) + try stdinSocket.connect() + $0.stdinSocket = stdinSocket + } + + if let stdoutPort = self.hostStdio.stdout { + let type = VsockType( + port: stdoutPort, + cid: VsockType.hostCID + ) + let stdoutSocket = try Socket(type: type, closeOnDeinit: false) + try stdoutSocket.connect() + $0.stdoutSocket = stdoutSocket + } + } + } + + func getIO() -> Runc.IO { + // Terminal mode doesn't pass pipes to runc, it uses the console socket + .inherit + } + + func closeAfterExec() throws { + // No pipes to close in terminal mode + } + + func attachConsole(fd: Int32) throws { + try self.state.withLock { + let term = try Terminal(descriptor: fd, setInitState: false) + $0.terminal = term + + if let stdinSocket = $0.stdinSocket { + let pair = IOPair( + readFrom: stdinSocket, + writeTo: term, + reason: "RuncTerminalIO stdin", + logger: log + ) + try pair.relay(ignoreHup: true) + $0.stdin = pair + } + + if let stdoutSocket = $0.stdoutSocket { + let pair = IOPair( + readFrom: term, + writeTo: stdoutSocket, + reason: "RuncTerminalIO stdout", + logger: log + ) + try pair.relay(ignoreHup: true) + $0.stdout = pair + } + } + } + + func close() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + if let stdout = $0.stdout { + stdout.close() + $0.stdout = nil + } + $0.terminal = nil + } + } + + func closeStdin() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + } + } +} + +// MARK: - RuncStandardIO + +final class RuncStandardIO: RuncProcess.IO & Sendable { + private struct State { + var stdin: IOPair? + var stdout: IOPair? + var stderr: IOPair? + + var stdinPipe: Pipe? + var stdoutPipe: Pipe? + var stderrPipe: Pipe? + } + + private let log: Logger? + private let hostStdio: HostStdio + private let state: Mutex + + init( + stdio: HostStdio, + log: Logger? + ) { + self.hostStdio = stdio + self.log = log + self.state = Mutex(State()) + } + + // NOP for non-terminal + func attachConsole(fd: Int32) throws {} + + func create() throws { + try self.state.withLock { + if let stdinPort = self.hostStdio.stdin { + let inPipe = Pipe() + $0.stdinPipe = inPipe + + let type = VsockType( + port: stdinPort, + cid: VsockType.hostCID + ) + let stdinSocket = try Socket(type: type, closeOnDeinit: false) + try stdinSocket.connect() + + let pair = IOPair( + readFrom: stdinSocket, + writeTo: inPipe.fileHandleForWriting, + reason: "RuncStandardIO stdin", + logger: log + ) + $0.stdin = pair + try pair.relay() + } + + if let stdoutPort = self.hostStdio.stdout { + let outPipe = Pipe() + $0.stdoutPipe = outPipe + + let type = VsockType( + port: stdoutPort, + cid: VsockType.hostCID + ) + let stdoutSocket = try Socket(type: type, closeOnDeinit: false) + try stdoutSocket.connect() + + let pair = IOPair( + readFrom: outPipe.fileHandleForReading, + writeTo: stdoutSocket, + reason: "RuncStandardIO stdout", + logger: log + ) + $0.stdout = pair + try pair.relay() + } + + if let stderrPort = self.hostStdio.stderr { + let errPipe = Pipe() + $0.stderrPipe = errPipe + + let type = VsockType( + port: stderrPort, + cid: VsockType.hostCID + ) + let stderrSocket = try Socket(type: type, closeOnDeinit: false) + try stderrSocket.connect() + + let pair = IOPair( + readFrom: errPipe.fileHandleForReading, + writeTo: stderrSocket, + reason: "RuncStandardIO stderr", + logger: log + ) + $0.stderr = pair + try pair.relay() + } + } + } + + func getIO() -> Runc.IO { + self.state.withLock { + Runc.IO( + stdin: $0.stdinPipe?.fileHandleForReading, + stdout: $0.stdoutPipe?.fileHandleForWriting, + stderr: $0.stderrPipe?.fileHandleForWriting + ) + } + } + + func closeAfterExec() throws { + try self.state.withLock { + // Close the pipe ends we gave to runc (the child inherited them) + if let stdinPipe = $0.stdinPipe { + try stdinPipe.fileHandleForReading.close() + $0.stdinPipe = nil + } + if let stdoutPipe = $0.stdoutPipe { + try stdoutPipe.fileHandleForWriting.close() + $0.stdoutPipe = nil + } + if let stderrPipe = $0.stderrPipe { + try stderrPipe.fileHandleForWriting.close() + $0.stderrPipe = nil + } + } + } + + func resize(size: Terminal.Size) throws { + throw ContainerizationError(.unsupported, message: "resize not supported for standard IO") + } + + func close() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + + if let stdout = $0.stdout { + stdout.close() + $0.stdout = nil + } + + if let stderr = $0.stderr { + stderr.close() + $0.stderr = nil + } + } + } + + func closeStdin() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/Server+GRPC.swift b/vminitd/Sources/VminitdCore/Server+GRPC.swift new file mode 100644 index 0000000..ff6d1c5 --- /dev/null +++ b/vminitd/Sources/VminitdCore/Server+GRPC.swift @@ -0,0 +1,1822 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import Cgroup +import Containerization +import ContainerizationArchive +import ContainerizationError +import ContainerizationExtras +import ContainerizationNetlink +import ContainerizationOCI +import ContainerizationOS +import Foundation +import GRPCCore +import GRPCProtobuf +import Logging +import NIOCore +import NIOPosix +import SwiftProtobuf +import SystemPackage + +private let _setenv = Foundation.setenv + +#if canImport(Musl) +import Musl +private let _mount = Musl.mount +private let _umount = Musl.umount2 +private let _kill = Musl.kill +private let _sync = Musl.sync +typealias _stat_struct = Musl.stat +private let _stat: @Sendable (UnsafePointer, UnsafeMutablePointer<_stat_struct>) -> Int32 = stat +#elseif canImport(Glibc) +import Glibc +private let _mount = Glibc.mount +private let _umount = Glibc.umount2 +private let _kill = Glibc.kill +private let _sync = Glibc.sync +typealias _stat_struct = Glibc.stat +private let _stat: @Sendable (UnsafePointer, UnsafeMutablePointer<_stat_struct>) -> Int32 = stat +#endif + +extension ContainerizationError { + func toRPCError(operation: String) -> RPCError { + let message = "\(operation): \(self)" + let code: RPCError.Code = { + switch self.code { + case .invalidArgument: + return .invalidArgument + case .notFound: + return .notFound + case .exists: + return .alreadyExists + case .cancelled: + return .cancelled + case .unsupported: + return .unimplemented + case .unknown: + return .unknown + case .internalError: + return .internalError + case .interrupted: + return .unavailable + case .invalidState: + return .failedPrecondition + case .timeout: + return .deadlineExceeded + default: + return .internalError + } + }() + return RPCError(code: code, message: message, cause: self) + } +} + +extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContext.SimpleServiceProtocol { + public func setTime( + request: Com_Apple_Containerization_Sandbox_V3_SetTimeRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SetTimeResponse { + log.trace( + "setTime", + metadata: [ + "sec": "\(request.sec)", + "usec": "\(request.usec)", + ]) + + var tv = timeval(tv_sec: time_t(request.sec), tv_usec: suseconds_t(request.usec)) + guard settimeofday(&tv, nil) == 0 else { + let error = swiftErrno("settimeofday") + log.error( + "setTime", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "failed to settimeofday", cause: error) + } + + return .init() + } + + public func setupEmulator( + request: Com_Apple_Containerization_Sandbox_V3_SetupEmulatorRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SetupEmulatorResponse { + log.debug( + "setupEmulator", + metadata: [ + "request": "\(request)" + ]) + + if !Binfmt.mounted() { + throw RPCError( + code: .internalError, + message: "\(Binfmt.path) is not mounted" + ) + } + + do { + let bfmt = Binfmt.Entry( + name: request.name, + type: request.type, + offset: request.offset, + magic: request.magic, + mask: request.mask, + flags: request.flags + ) + try bfmt.register(binaryPath: request.binaryPath) + } catch { + log.error( + "setupEmulator", + metadata: [ + "error": "\(error)" + ]) + throw RPCError( + code: .internalError, + message: "setupEmulator: failed to register binfmt_misc entry", + cause: error + ) + } + + return .init() + } + + public func sysctl( + request: Com_Apple_Containerization_Sandbox_V3_SysctlRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SysctlResponse { + log.debug( + "sysctl", + metadata: [ + "settings": "\(request.settings)" + ]) + + do { + let sysctlPath = URL(fileURLWithPath: "/proc/sys/") + for (k, v) in request.settings { + guard let data = v.data(using: .ascii) else { + throw RPCError(code: .internalError, message: "failed to convert \(v) to data buffer for sysctl write") + } + + let setting = + sysctlPath + .appendingPathComponent(k.replacingOccurrences(of: ".", with: "/")) + let fh = try FileHandle(forWritingTo: setting) + defer { try? fh.close() } + + try fh.write(contentsOf: data) + } + } catch { + log.error( + "sysctl", + metadata: [ + "error": "\(error)" + ]) + throw RPCError( + code: .internalError, + message: "sysctl: failed to set sysctl", + cause: error + ) + } + + return .init() + } + + public func proxyVsock( + request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse { + log.debug( + "proxyVsock", + metadata: [ + "id": "\(request.id)", + "port": "\(request.vsockPort)", + "guestPath": "\(request.guestPath)", + "action": "\(request.action)", + ]) + + let proxy = VsockProxy( + id: request.id, + action: request.action == .into ? .dial : .listen, + port: request.vsockPort, + path: URL(fileURLWithPath: request.guestPath), + udsPerms: request.guestSocketPermissions, + log: log + ) + + do { + try await proxy.start() + try await state.add(proxy: proxy) + } catch { + try? await proxy.close() + log.error( + "proxyVsock", + metadata: [ + "error": "\(error)" + ]) + throw RPCError( + code: .internalError, + message: "proxyVsock: failed to setup vsock proxy", + cause: error + ) + } + + log.info( + "proxyVsock started", + metadata: [ + "id": "\(request.id)", + "port": "\(request.vsockPort)", + "guestPath": "\(request.guestPath)", + ]) + + return .init() + } + + public func stopVsockProxy( + request: Com_Apple_Containerization_Sandbox_V3_StopVsockProxyRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_StopVsockProxyResponse { + log.debug( + "stopVsockProxy", + metadata: [ + "id": "\(request.id)" + ]) + + do { + let proxy = try await state.remove(proxy: request.id) + try await proxy.close() + } catch { + log.error( + "stopVsockProxy", + metadata: [ + "error": "\(error)" + ]) + throw RPCError( + code: .internalError, + message: "stopVsockProxy: failed to stop vsock proxy", + cause: error + ) + } + + log.info( + "stopVsockProxy completed", + metadata: [ + "id": "\(request.id)" + ]) + + return .init() + } + + public func mkdir(request: Com_Apple_Containerization_Sandbox_V3_MkdirRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_MkdirResponse + { + log.debug( + "mkdir", + metadata: [ + "path": "\(request.path)", + "all": "\(request.all)", + ]) + + do { + try FileManager.default.createDirectory( + atPath: request.path, + withIntermediateDirectories: request.all + ) + } catch { + log.error( + "mkdir", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "mkdir", cause: error) + } + + return .init() + } + + public func writeFile(request: Com_Apple_Containerization_Sandbox_V3_WriteFileRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_WriteFileResponse + { + log.debug( + "writeFile", + metadata: [ + "path": "\(request.path)", + "mode": "\(request.mode)", + "dataSize": "\(request.data.count)", + ]) + + do { + if request.flags.createParentDirs { + let fileURL = URL(fileURLWithPath: request.path) + let parentDir = fileURL.deletingLastPathComponent() + try FileManager.default.createDirectory( + at: parentDir, + withIntermediateDirectories: true + ) + } + + var flags = O_WRONLY + if request.flags.createIfMissing { + flags |= O_CREAT + } + if request.flags.append { + flags |= O_APPEND + } + + let mode = request.mode > 0 ? mode_t(request.mode) : mode_t(0644) + let fd = open(request.path, flags, mode) + guard fd != -1 else { + let error = swiftErrno("open") + throw RPCError( + code: .internalError, + message: "writeFile: failed to open file", + cause: error + ) + } + + let fh = FileHandle(fileDescriptor: fd, closeOnDealloc: true) + try fh.write(contentsOf: request.data) + } catch { + log.error( + "writeFile", + metadata: [ + "error": "\(error)" + ]) + if error is RPCError { + throw error + } + throw RPCError( + code: .internalError, + message: "writeFile", + cause: error + ) + } + + return .init() + } + + public func stat( + request: Com_Apple_Containerization_Sandbox_V3_StatRequest, + context: GRPCCore.ServerContext, + ) async throws -> Com_Apple_Containerization_Sandbox_V3_StatResponse { + log.debug( + "stat", + metadata: [ + "path": "\(request.path)" + ] + ) + + #if os(Linux) + var s = _stat_struct() + let result = _stat(request.path, &s) + if result == -1 { + let error = swiftErrno("stat") + if error.code == .ENOENT { + throw RPCError( + code: .notFound, + message: "stat: path not found '\(request.path)'", + cause: error + ) + } + return .with { $0.error = "\(error)" } + } + return .with { + $0.stat = .with { + $0.dev = UInt64(s.st_dev) + $0.ino = UInt64(s.st_ino) + $0.mode = s.st_mode + $0.nlink = UInt64(s.st_nlink) + $0.uid = s.st_uid + $0.gid = s.st_gid + $0.rdev = UInt64(s.st_rdev) + $0.size = Int64(s.st_size) + $0.blksize = Int64(s.st_blksize) + $0.blocks = Int64(s.st_blocks) + $0.atime = .with { + $0.seconds = Int64(s.st_atim.tv_sec) + $0.nanos = Int32(s.st_atim.tv_nsec) + } + $0.mtime = .with { + $0.seconds = Int64(s.st_mtim.tv_sec) + $0.nanos = Int32(s.st_mtim.tv_nsec) + } + $0.ctime = .with { + $0.seconds = Int64(s.st_ctim.tv_sec) + $0.nanos = Int32(s.st_ctim.tv_nsec) + } + } + } + #else + fatalError("stat not supported on platform") + #endif + } + + // Chunk size for streaming file transfers (1MB). + private static let copyChunkSize = 1024 * 1024 + + public func copy( + request: Com_Apple_Containerization_Sandbox_V3_CopyRequest, + response: GRPCCore.RPCWriter, + context: GRPCCore.ServerContext + ) async throws { + let path = request.path + let vsockPort = request.vsockPort + + log.debug( + "copy", + metadata: [ + "direction": "\(request.direction)", + "path": "\(path)", + "vsockPort": "\(vsockPort)", + "isArchive": "\(request.isArchive)", + "mode": "\(request.mode)", + "createParents": "\(request.createParents)", + ]) + + do { + switch request.direction { + case .copyIn: + try await handleCopyIn(request: request, response: response) + case .copyOut: + try await handleCopyOut(request: request, response: response) + case .UNRECOGNIZED(let value): + throw RPCError(code: .invalidArgument, message: "copy: unrecognized direction \(value)") + } + } catch { + log.error( + "copy failed", + metadata: [ + "direction": "\(request.direction)", + "path": "\(path)", + "error": "\(error)", + ]) + if error is RPCError { + throw error + } + throw RPCError(code: .internalError, message: "copy failed", cause: error) + } + } + + /// Handle a COPY_IN request: connect to host vsock port, read data, write to guest filesystem. + private func handleCopyIn( + request: Com_Apple_Containerization_Sandbox_V3_CopyRequest, + response: GRPCCore.RPCWriter + ) async throws { + let path = request.path + let isArchive = request.isArchive + + if request.createParents { + let parentDir = URL(fileURLWithPath: path).deletingLastPathComponent() + try FileManager.default.createDirectory(at: parentDir, withIntermediateDirectories: true) + } + + // Connect to the host's vsock port for data transfer. + let vsockType = VsockType(port: request.vsockPort, cid: VsockType.hostCID) + let sock = try Socket(type: vsockType, closeOnDeinit: false) + try sock.connect() + let sockFd = sock.fileDescriptor + + // Dispatch blocking I/O onto the thread pool. + let rejected: [String] = try await blockingPool.runIfActive { [self] in + defer { try? sock.close() } + + guard isArchive else { + let mode = request.mode > 0 ? mode_t(request.mode) : mode_t(0o644) + let fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, mode) + guard fd != -1 else { + throw RPCError( + code: .internalError, + message: "copy: failed to open file '\(path)': \(swiftErrno("open"))" + ) + } + defer { close(fd) } + + var buf = [UInt8](repeating: 0, count: Self.copyChunkSize) + while true { + let n = read(sockFd, &buf, buf.count) + if n == 0 { break } + guard n > 0 else { + throw RPCError( + code: .internalError, + message: "copy: vsock read error: \(swiftErrno("read"))" + ) + } + var written = 0 + while written < n { + let w = buf.withUnsafeBytes { ptr in + write(fd, ptr.baseAddress! + written, n - written) + } + guard w > 0 else { + throw RPCError( + code: .internalError, + message: "copy: write error: \(swiftErrno("write"))" + ) + } + written += w + } + } + return [] + } + let destURL = URL(fileURLWithPath: path) + try FileManager.default.createDirectory(at: destURL, withIntermediateDirectories: true) + + let fileHandle = FileHandle(fileDescriptor: sockFd, closeOnDealloc: false) + let reader = try ArchiveReader(format: .pax, filter: .gzip, fileHandle: fileHandle) + return try reader.extractContents(to: destURL) + } + + if !rejected.isEmpty { + log.info("copy: archive extracted", metadata: ["path": "\(path)", "rejectedCount": "\(rejected.count)"]) + for rejectedPath in rejected { + log.error("copy: rejected archive path", metadata: ["path": "\(rejectedPath)"]) + } + } + + log.debug("copy: copyIn complete", metadata: ["path": "\(path)", "isArchive": "\(isArchive)"]) + + // Send completion response. + try await response.write(.with { $0.status = .complete }) + } + + /// Handle a COPY_OUT request: stat path, send metadata, connect to host vsock port, write data. + private func handleCopyOut( + request: Com_Apple_Containerization_Sandbox_V3_CopyRequest, + response: GRPCCore.RPCWriter + ) async throws { + let path = request.path + var isDirectory: ObjCBool = false + guard FileManager.default.fileExists(atPath: path, isDirectory: &isDirectory) else { + throw RPCError(code: .notFound, message: "copy: path not found '\(path)'") + } + let isArchive = isDirectory.boolValue + + // Determine total size for single files. + var totalSize: UInt64 = 0 + if !isArchive { + let attrs = try FileManager.default.attributesOfItem(atPath: path) + if let size = attrs[.size] as? UInt64 { + totalSize = size + } + } + + // Send metadata response BEFORE connecting to vsock, so host knows what to expect. + try await response.write( + .with { + $0.status = .metadata + $0.isArchive = isArchive + $0.totalSize = totalSize + }) + + // Connect to the host's vsock port and dispatch blocking I/O onto the thread pool. + let vsockType = VsockType(port: request.vsockPort, cid: VsockType.hostCID) + let sock = try Socket(type: vsockType, closeOnDeinit: false) + try sock.connect() + + try await blockingPool.runIfActive { [self] in + defer { try? sock.close() } + + if isArchive { + let fileURL = URL(fileURLWithPath: path) + let writer = try ArchiveWriter(configuration: .init(format: .pax, filter: .gzip)) + try writer.open(fileDescriptor: sock.fileDescriptor) + try writer.archiveDirectory(fileURL) + try writer.finishEncoding() + } else { + let srcFd = open(path, O_RDONLY) + guard srcFd != -1 else { + throw RPCError( + code: .internalError, + message: "copy: failed to open '\(path)': \(swiftErrno("open"))" + ) + } + defer { close(srcFd) } + + var buf = [UInt8](repeating: 0, count: Self.copyChunkSize) + while true { + let n = read(srcFd, &buf, buf.count) + if n == 0 { break } + guard n > 0 else { + throw RPCError( + code: .internalError, + message: "copy: read error: \(swiftErrno("read"))" + ) + } + var written = 0 + while written < n { + let w = buf.withUnsafeBytes { ptr in + write(sock.fileDescriptor, ptr.baseAddress! + written, n - written) + } + guard w > 0 else { + throw RPCError( + code: .internalError, + message: "copy: vsock write error: \(swiftErrno("write"))" + ) + } + written += w + } + } + } + } + + log.debug( + "copy: copyOut complete", + metadata: [ + "path": "\(path)", + "isArchive": "\(isArchive)", + ]) + + // Send completion response after vsock data transfer is done. + try await response.write(.with { $0.status = .complete }) + } + + public func mount(request: Com_Apple_Containerization_Sandbox_V3_MountRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_MountResponse + { + log.debug( + "mount", + metadata: [ + "type": "\(request.type)", + "source": "\(request.source)", + "destination": "\(request.destination)", + ]) + + do { + let mnt = ContainerizationOS.Mount( + type: request.type, + source: request.source, + target: request.destination, + options: request.options + ) + + #if os(Linux) + try mnt.mount(createWithPerms: 0o755) + return .init() + #else + fatalError("mount not supported on platform") + #endif + } catch { + log.error( + "mount", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "mount", cause: error) + } + } + + public func filesystemOperation(request: Com_Apple_Containerization_Sandbox_V3_FilesystemOperationRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_FilesystemOperationResponse + { + let path = FilePath(request.path) + + log.debug( + "filesystemOperation", + metadata: [ + "operation": "\(String(describing: request.operation))", + "path": "\(path)", + ]) + + if !path.isAbsolute { + throw RPCError(code: .invalidArgument, message: "path must be absolute") + } + + var finfo = _stat_struct() + let rc = _stat(path.string, &finfo) + if rc != 0 { + let error = swiftErrno("stat") + throw RPCError(code: .notFound, message: "failed to stat path", cause: error) + } + + let fd = open(path.string, O_RDONLY | O_NOFOLLOW) + if fd < 0 { + if errno == ELOOP { + throw RPCError(code: .internalError, message: "path cannot be a symlink") + } + let error = swiftErrno("open") + throw RPCError(code: .internalError, message: "failed to open path", cause: error) + } + + defer { close(fd) } + + do { + switch request.operation { + case .freeze: + try freezeFilesystem(fd: fd) + case .thaw: + try thawFilesystem(fd: fd) + case .trim(let params): + switch params.schedule { + case .oneShot: + try trimFilesystem(fd: fd) + case .none: + throw RPCError(code: .invalidArgument, message: "trim schedule must be specified") + } + case .none: + throw RPCError(code: .invalidArgument, message: "invalid operation") + } + } catch { + log.error( + "filesystemOperation", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "filesystemOperation", cause: error) + } + + return .init() + } + + private func freezeFilesystem(fd: Int32) throws { + let FIFREEZE: UInt = 0xC004_5877 + let rc: CInt = ioctl(fd, FIFREEZE, 0) + if rc != 0 { + let error = swiftErrno("ioctl(FIFREEZE)") + throw RPCError(code: .internalError, message: "freeze failed", cause: error) + } + } + + private func thawFilesystem(fd: Int32) throws { + let FITHAW: UInt = 0xC004_5878 + let rc: CInt = ioctl(fd, FITHAW, 0) + if rc != 0 { + let error = swiftErrno("ioctl(FITHAW)") + throw RPCError(code: .internalError, message: "thaw failed", cause: error) + } + } + + private struct fitrim_range { + var start: UInt64 + var len: UInt64 + var min_len: UInt64 + } + + private func trimFilesystem(fd: Int32) throws { + let FITRIM: UInt = 0xC018_5879 + var trange = fitrim_range(start: 0, len: UInt64.max, min_len: 0) + let rc: CInt = ioctl(fd, FITRIM, &trange) + if rc != 0 { + let error = swiftErrno("ioctl(FITRIM)") + throw RPCError(code: .internalError, message: "trim failed", cause: error) + } + } + + public func umount(request: Com_Apple_Containerization_Sandbox_V3_UmountRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_UmountResponse + { + log.debug( + "umount", + metadata: [ + "path": "\(request.path)", + "flags": "\(request.flags)", + ]) + + #if os(Linux) + // Best effort EBUSY handle. + for _ in 0...50 { + let result = _umount(request.path, request.flags) + if result == -1 { + if errno == EBUSY { + try await Task.sleep(for: .milliseconds(10)) + continue + } + let error = swiftErrno("umount") + + log.error( + "umount", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .invalidArgument, message: "umount", cause: error) + } + break + } + return .init() + #else + fatalError("umount not supported on platform") + #endif + } + + public func setenv(request: Com_Apple_Containerization_Sandbox_V3_SetenvRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_SetenvResponse + { + log.debug( + "setenv", + metadata: [ + "key": "\(request.key)", + "value": "\(request.value)", + ]) + + guard _setenv(request.key, request.value, 1) == 0 else { + let error = swiftErrno("setenv") + + log.error( + "setEnv", + metadata: [ + "error": "\(error)" + ]) + + throw RPCError(code: .invalidArgument, message: "setenv", cause: error) + } + return .init() + } + + public func getenv(request: Com_Apple_Containerization_Sandbox_V3_GetenvRequest, context: GRPCCore.ServerContext) + async throws -> Com_Apple_Containerization_Sandbox_V3_GetenvResponse + { + log.debug( + "getenv", + metadata: [ + "key": "\(request.key)" + ]) + + let env = ProcessInfo.processInfo.environment[request.key] + return .with { + if let env { + $0.value = env + } + } + } + + public func createProcess( + request: Com_Apple_Containerization_Sandbox_V3_CreateProcessRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_CreateProcessResponse { + log.debug( + "createProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "stdin": "Port: \(request.stdin)", + "stdout": "Port: \(request.stdout)", + "stderr": "Port: \(request.stderr)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + var ociSpec = try JSONDecoder().decode( + ContainerizationOCI.Spec.self, + from: request.configuration + ) + + try ociAlterations(id: request.id, ociSpec: &ociSpec) + + guard let process = ociSpec.process else { + throw ContainerizationError( + .invalidArgument, + message: "oci runtime spec missing process configuration" + ) + } + + let stdioPorts = HostStdio( + stdin: request.hasStdin ? request.stdin : nil, + stdout: request.hasStdout ? request.stdout : nil, + stderr: request.hasStderr ? request.stderr : nil, + terminal: process.terminal + ) + + // This is an exec. + if let container = await self.state.containers[request.containerID] { + try await container.createExec( + id: request.id, + stdio: stdioPorts, + process: process + ) + } else { + // We need to make our new fangled container. + // The process ID must match the container ID for this. + guard request.id == request.containerID else { + throw ContainerizationError( + .invalidArgument, + message: "init process id must match container id" + ) + } + + // Write the etc/hostname file in the container rootfs since some init-systems + // depend on it. + let hostname = ociSpec.hostname + if let root = ociSpec.root, !hostname.isEmpty { + let etc = URL(fileURLWithPath: root.path).appendingPathComponent("etc") + try FileManager.default.createDirectory(atPath: etc.path, withIntermediateDirectories: true) + let hostnamePath = etc.appendingPathComponent("hostname") + try hostname.write(toFile: hostnamePath.path, atomically: true, encoding: .utf8) + } + + let ctr = try await ManagedContainer( + id: request.id, + stdio: stdioPorts, + spec: ociSpec, + ociRuntimePath: request.hasOciRuntimePath ? request.ociRuntimePath : nil, + log: self.log + ) + try await self.state.add(container: ctr) + } + + return .init() + } catch let err as ContainerizationError { + log.error( + "createProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "createProcess: failed to create process") + } catch { + log.error( + "createProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + if error is RPCError { + throw error + } + throw RPCError(code: .internalError, message: "createProcess: \(error)", cause: error) + } + } + + public func killProcess( + request: Com_Apple_Containerization_Sandbox_V3_KillProcessRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_KillProcessResponse { + log.debug( + "killProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "signal": "\(request.signal)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + let ctr = try await self.state.get(container: request.containerID) + try await ctr.kill(execID: request.id, request.signal) + + return .init() + } catch let err as ContainerizationError { + log.error( + "killProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "killProcess: failed to kill process") + } catch { + log.error( + "killProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + throw RPCError(code: .internalError, message: "killProcess: failed to kill process: \(error)") + } + } + + public func deleteProcess( + request: Com_Apple_Containerization_Sandbox_V3_DeleteProcessRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_DeleteProcessResponse { + log.debug( + "deleteProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + let ctr = try await self.state.get(container: request.containerID) + + // Are we trying to delete the container itself? + if request.id == request.containerID { + try await ctr.delete() + try await state.remove(container: request.id) + } else { + // Or just a single exec. + try await ctr.deleteExec(id: request.id) + } + + return .init() + } catch let err as ContainerizationError { + log.error( + "deleteProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "deleteProcess: failed to delete process") + } catch { + log.error( + "deleteProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + throw RPCError( + code: .internalError, + message: "deleteProcess: \(error)" + ) + } + } + + public func startProcess( + request: Com_Apple_Containerization_Sandbox_V3_StartProcessRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_StartProcessResponse { + log.debug( + "startProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + let ctr = try await self.state.get(container: request.containerID) + let pid = try await ctr.start(execID: request.id) + + return .with { + $0.pid = pid + } + } catch let err as ContainerizationError { + log.error( + "startProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "startProcess: failed to start process") + } catch { + log.error( + "startProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + throw RPCError( + code: .internalError, + message: "startProcess: failed to start process", + cause: error + ) + } + } + + public func resizeProcess( + request: Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse { + log.debug( + "resizeProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + let ctr = try await self.state.get(container: request.containerID) + let size = Terminal.Size( + width: UInt16(request.columns), + height: UInt16(request.rows) + ) + try await ctr.resize(execID: request.id, size: size) + } catch let err as ContainerizationError { + log.error( + "resizeProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "resizeProcess: failed to resize process") + } catch { + log.error( + "resizeProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + throw RPCError( + code: .internalError, + message: "resizeProcess: failed to resize process", + cause: error + ) + } + + return .init() + } + + public func waitProcess( + request: Com_Apple_Containerization_Sandbox_V3_WaitProcessRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_WaitProcessResponse { + log.debug( + "waitProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + let ctr = try await self.state.get(container: request.containerID) + let exitStatus = try await ctr.wait(execID: request.id) + + return .with { + $0.exitCode = exitStatus.exitCode + $0.exitedAt = Google_Protobuf_Timestamp(date: exitStatus.exitedAt) + } + } catch let err as ContainerizationError { + log.error( + "waitProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "waitProcess: failed to wait on process") + } catch { + log.error( + "waitProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + throw RPCError( + code: .internalError, + message: "waitProcess: failed to wait on process", + cause: error + ) + } + } + + public func closeProcessStdin( + request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse { + log.debug( + "closeProcessStdin", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + ]) + + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } + + let ctr = try await self.state.get(container: request.containerID) + + try await ctr.closeStdin(execID: request.id) + + return .init() + } catch let err as ContainerizationError { + log.error( + "closeProcessStdin", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + throw err.toRPCError(operation: "closeProcessStdin: failed to close process stdin") + } catch { + log.error( + "closeProcessStdin", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + throw RPCError( + code: .internalError, + message: "closeProcessStdin: failed to close process stdin", + cause: error + ) + } + } + + public func ipLinkSet( + request: Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpLinkSetResponse { + log.debug( + "ipLinkSet", + metadata: [ + "interface": "\(request.interface)", + "up": "\(request.up)", + ]) + + do { + let socket = try DefaultNetlinkSocket() + let session = NetlinkSession(socket: socket, log: log) + let mtuValue: UInt32? = request.hasMtu ? request.mtu : nil + try session.linkSet(interface: request.interface, up: request.up, mtu: mtuValue) + } catch { + log.error( + "ipLinkSet", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "ipLinkSet", cause: error) + } + + return .init() + } + + public func ipAddrAdd( + request: Com_Apple_Containerization_Sandbox_V3_IpAddrAddRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpAddrAddResponse { + log.debug( + "ipAddrAdd", + metadata: [ + "interface": "\(request.interface)", + "ipv4Address": "\(request.ipv4Address)", + "ipv6Address": "\(request.hasIpv6Address ? request.ipv6Address : "")", + ]) + + do { + let socket = try DefaultNetlinkSocket() + let session = NetlinkSession(socket: socket, log: log) + let ipv4Address = try CIDRv4(request.ipv4Address) + try session.addressAdd(interface: request.interface, ipv4Address: ipv4Address) + if request.hasIpv6Address { + // Suppress SLAAC on this interface before adding the static + // address: the host would provide a static IPv6 config, this + // auto-derived IPv6 config would compete with the static one. + let confPath = URL(fileURLWithPath: "/proc/sys/net/ipv6/conf/\(request.interface)") + for key in ["accept_ra", "autoconf"] { + let setting = confPath.appendingPathComponent(key) + do { + let fh = try FileHandle(forWritingTo: setting) + defer { try? fh.close() } + try fh.write(contentsOf: Data("0".utf8)) + } catch { + log.warning( + "ipAddrAdd: failed to disable IPv6 auto-configuration", + metadata: [ + "path": "\(setting.path)", + "error": "\(error)", + ]) + } + } + + let ipv6Address = try CIDRv6(request.ipv6Address) + try session.addressAdd(interface: request.interface, ipv6Address: ipv6Address) + } + } catch { + log.error( + "ipAddrAdd", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "ipAddrAdd", cause: error) + } + + return .init() + } + + public func ipRouteAddLink( + request: Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkRequest, context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpRouteAddLinkResponse { + log.debug( + "ipRouteAddLink", + metadata: [ + "interface": "\(request.interface)", + "dstIpv4Addr": "\(request.dstIpv4Addr)", + "srcIpv4Addr": "\(request.srcIpv4Addr)", + "dstIpv6Addr": "\(request.hasDstIpv6Addr ? request.dstIpv6Addr : "")", + "srcIpv6Addr": "\(request.hasSrcIpv6Addr ? request.srcIpv6Addr : "")", + ]) + + guard !request.dstIpv4Addr.isEmpty || request.hasDstIpv6Addr else { + throw RPCError( + code: .invalidArgument, + message: "ipRouteAddLink requires at least one of dstIpv4Addr or dstIpv6Addr" + ) + } + + do { + let socket = try DefaultNetlinkSocket() + let session = NetlinkSession(socket: socket, log: log) + if !request.dstIpv4Addr.isEmpty { + let dstIpv4Addr = try CIDRv4(request.dstIpv4Addr) + let srcIpv4Addr = request.srcIpv4Addr.isEmpty ? nil : try IPv4Address(request.srcIpv4Addr) + try session.routeAdd( + interface: request.interface, + dstIpv4Addr: dstIpv4Addr, + srcIpv4Addr: srcIpv4Addr + ) + } + if request.hasDstIpv6Addr { + let dstIpv6Addr = try CIDRv6(request.dstIpv6Addr) + let srcIpv6Addr = request.hasSrcIpv6Addr ? try IPv6Address(request.srcIpv6Addr) : nil + try session.routeAdd( + interface: request.interface, + dstIpv6Addr: dstIpv6Addr, + srcIpv6Addr: srcIpv6Addr + ) + } + } catch { + log.error( + "ipRouteAddLink", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "ipRouteAddLink", cause: error) + } + + return .init() + } + + public func ipRouteAddDefault( + request: Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse { + log.debug( + "ipRouteAddDefault", + metadata: [ + "interface": "\(request.interface)", + "ipv4Gateway": "\(request.ipv4Gateway)", + "ipv6Gateway": "\(request.hasIpv6Gateway ? request.ipv6Gateway : "")", + ]) + + do { + let socket = try DefaultNetlinkSocket() + let session = NetlinkSession(socket: socket, log: log) + if !request.ipv4Gateway.isEmpty { + let ipv4Gateway = try IPv4Address(request.ipv4Gateway) + try session.routeAddDefault(interface: request.interface, ipv4Gateway: ipv4Gateway) + } else if !request.hasIpv6Gateway { + // No v4 gateway and no v6 either: install a v4 default route + // with no gateway (preserves pre-IPv6 behavior). + try session.routeAddDefault(interface: request.interface, ipv4Gateway: nil) + } + if request.hasIpv6Gateway { + let ipv6Gateway = try IPv6Address(request.ipv6Gateway) + try session.routeAddDefault(interface: request.interface, ipv6Gateway: ipv6Gateway) + } + } catch { + log.error( + "ipRouteAddDefault", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "ipRouteAddDefault", cause: error) + } + + return .init() + } + + public func configureDns( + request: Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ConfigureDnsResponse { + let domain = request.hasDomain ? request.domain : nil + log.debug( + "configureDns", + metadata: [ + "location": "\(request.location)", + "nameservers": "\(request.nameservers)", + "domain": "\(domain ?? "")", + "searchDomains": "\(request.searchDomains)", + "options": "\(request.options)", + ]) + + do { + let etc = URL(fileURLWithPath: request.location).appendingPathComponent("etc") + try FileManager.default.createDirectory(atPath: etc.path, withIntermediateDirectories: true) + let resolvConf = etc.appendingPathComponent("resolv.conf") + let config = DNS( + nameservers: request.nameservers, + domain: domain, + searchDomains: request.searchDomains, + options: request.options + ) + let text = config.resolvConf + log.debug("writing to path \(resolvConf.path) \(text)") + try text.write(toFile: resolvConf.path, atomically: true, encoding: .utf8) + log.debug("wrote resolver configuration", metadata: ["path": "\(resolvConf.path)"]) + } catch { + log.error( + "configureDns", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "configureDns", cause: error) + } + + return .init() + } + + public func configureHosts( + request: Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ConfigureHostsResponse { + log.debug( + "configureHosts", + metadata: [ + "location": "\(request.location)" + ]) + + do { + let etc = URL(fileURLWithPath: request.location).appendingPathComponent("etc") + try FileManager.default.createDirectory(atPath: etc.path, withIntermediateDirectories: true) + let hostsPath = etc.appendingPathComponent("hosts") + + let config = request.toCZHosts() + let text = config.hostsFile + try text.write(toFile: hostsPath.path, atomically: true, encoding: .utf8) + + log.debug("wrote /etc/hosts configuration", metadata: ["path": "\(hostsPath.path)"]) + } catch { + log.error( + "configureHosts", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "configureHosts", cause: error) + } + + return .init() + } + + public func containerStatistics( + request: Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_ContainerStatisticsResponse { + log.debug( + "containerStatistics", + metadata: [ + "container_ids": "\(request.containerIds)", + "categories": "\(request.categories)", + ]) + + do { + // Parse requested categories (empty = all) + let categories = Set(request.categories) + let wantAll = categories.isEmpty + let wantProcess = wantAll || categories.contains(.process) + let wantMemory = wantAll || categories.contains(.memory) + let wantCPU = wantAll || categories.contains(.cpu) + let wantBlockIO = wantAll || categories.contains(.blockIo) + let wantNetwork = wantAll || categories.contains(.network) + let wantMemoryEvents = wantAll || categories.contains(.memoryEvents) + + // Get all network interfaces (skip loopback) only if needed + let interfaces = wantNetwork ? try getNetworkInterfaces() : [] + + // Get containers to query + let containerIDs: [String] + if request.containerIds.isEmpty { + containerIDs = await Array(state.containers.keys) + } else { + containerIDs = request.containerIds + } + + var containerStats: [Com_Apple_Containerization_Sandbox_V3_ContainerStats] = [] + + for containerID in containerIDs { + let container = try await state.get(container: containerID) + + // Only read the cgroup stat groups that were requested. + var cgCategories: Cgroup2StatsCategory = [] + if wantProcess { cgCategories.insert(.pids) } + if wantMemory { cgCategories.insert(.memory) } + if wantCPU { cgCategories.insert(.cpu) } + if wantBlockIO { cgCategories.insert(.io) } + + let cgStats: Cgroup2Stats? = cgCategories.isEmpty ? nil : try await container.stats(cgCategories) + + // Get network stats only if requested + var networkStats: [Com_Apple_Containerization_Sandbox_V3_NetworkStats] = [] + if wantNetwork { + let socket = try DefaultNetlinkSocket() + let session = NetlinkSession(socket: socket, log: log) + for interface in interfaces { + let responses = try session.linkGet(interface: interface, includeStats: true) + if responses.count == 1, let stats = try responses[0].getStatistics() { + networkStats.append( + .with { + $0.interface = interface + $0.receivedPackets = stats.rxPackets + $0.transmittedPackets = stats.txPackets + $0.receivedBytes = stats.rxBytes + $0.transmittedBytes = stats.txBytes + $0.receivedErrors = stats.rxErrors + $0.transmittedErrors = stats.txErrors + }) + } + } + } + + // Get memory events only if requested + var memoryEvents: MemoryEvents? + if wantMemoryEvents { + memoryEvents = try await container.getMemoryEvents() + } + + containerStats.append( + mapStatsToProto( + containerID: containerID, + cgStats: cgStats, + networkStats: networkStats, + memoryEvents: memoryEvents, + wantProcess: wantProcess, + wantMemory: wantMemory, + wantCPU: wantCPU, + wantBlockIO: wantBlockIO, + wantNetwork: wantNetwork, + wantMemoryEvents: wantMemoryEvents + ) + ) + } + + return .with { + $0.containers = containerStats + } + } catch { + log.error( + "containerStatistics", + metadata: [ + "error": "\(error)" + ]) + throw RPCError(code: .internalError, message: "containerStatistics", cause: error) + } + } + + private func swiftErrno(_ msg: Logger.Message) -> POSIXError { + let error = POSIXError(.init(rawValue: errno)!) + log.error( + msg, + metadata: [ + "error": "\(error)" + ]) + return error + } + + // NOTE: This is just crummy. It works because today the assumption is + // every NIC in the root net namespace is for the container(s), but if we + // ever supported individual containers having their own NICs/IPs then this + // logic needs to change. We only create ethernet devices today too, so that's + // what this filters for as well. + private func getNetworkInterfaces() throws -> [String] { + let netPath = URL(filePath: "/sys/class/net") + let interfaces = try FileManager.default.contentsOfDirectory( + at: netPath, + includingPropertiesForKeys: nil + ) + return + interfaces + .map { $0.lastPathComponent } + .filter { $0.hasPrefix("eth") } + } + + private func mapStatsToProto( + containerID: String, + cgStats: Cgroup2Stats?, + networkStats: [Com_Apple_Containerization_Sandbox_V3_NetworkStats], + memoryEvents: MemoryEvents?, + wantProcess: Bool, + wantMemory: Bool, + wantCPU: Bool, + wantBlockIO: Bool, + wantNetwork: Bool, + wantMemoryEvents: Bool + ) -> Com_Apple_Containerization_Sandbox_V3_ContainerStats { + .with { + $0.containerID = containerID + + if wantProcess, let pids = cgStats?.pids { + $0.process = .with { + $0.current = pids.current + $0.limit = pids.max ?? 0 + } + } + + if wantMemory, let memory = cgStats?.memory { + $0.memory = .with { + $0.usageBytes = memory.usage + $0.limitBytes = memory.usageLimit ?? 0 + $0.swapUsageBytes = memory.swapUsage ?? 0 + $0.swapLimitBytes = memory.swapLimit ?? 0 + $0.cacheBytes = memory.file + $0.kernelStackBytes = memory.kernelStack + $0.slabBytes = memory.slab + $0.pageFaults = memory.pgfault + $0.majorPageFaults = memory.pgmajfault + $0.inactiveFile = memory.inactiveFile + $0.anon = memory.anon + $0.workingsetRefaultAnon = memory.workingsetRefaultAnon + $0.workingsetRefaultFile = memory.workingsetRefaultFile + $0.pgstealKswapd = memory.pgstealKswapd + $0.pgstealDirect = memory.pgstealDirect + $0.pgstealKhugepaged = memory.pgstealKhugepaged + } + } + + if wantCPU, let cpu = cgStats?.cpu { + $0.cpu = .with { + $0.usageUsec = cpu.usageUsec + $0.userUsec = cpu.userUsec + $0.systemUsec = cpu.systemUsec + $0.throttlingPeriods = cpu.nrPeriods + $0.throttledPeriods = cpu.nrThrottled + $0.throttledTimeUsec = cpu.throttledUsec + } + } + + if wantBlockIO, let io = cgStats?.io { + $0.blockIo = .with { + $0.devices = io.entries.map { entry in + .with { + $0.major = entry.major + $0.minor = entry.minor + $0.readBytes = entry.rbytes + $0.writeBytes = entry.wbytes + $0.readOperations = entry.rios + $0.writeOperations = entry.wios + } + } + } + } + + if wantNetwork { + $0.networks = networkStats + } + + if wantMemoryEvents, let events = memoryEvents { + $0.memoryEvents = .with { + $0.low = events.low + $0.high = events.high + $0.max = events.max + $0.oom = events.oom + $0.oomKill = events.oomKill + } + } + } + } + + public func sync( + request: Com_Apple_Containerization_Sandbox_V3_SyncRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_SyncResponse { + log.debug("sync") + + _sync() + return .init() + } + + public func kill( + request: Com_Apple_Containerization_Sandbox_V3_KillRequest, + context: GRPCCore.ServerContext + ) async throws -> Com_Apple_Containerization_Sandbox_V3_KillResponse { + log.debug( + "kill", + metadata: [ + "pid": "\(request.pid)", + "signal": "\(request.signal)", + ]) + + let r = _kill(request.pid, request.signal) + return .with { + $0.result = r + } + } +} + +extension Com_Apple_Containerization_Sandbox_V3_ConfigureHostsRequest { + func toCZHosts() -> Hosts { + let entries = self.entries.map { + Hosts.Entry( + ipAddress: $0.ipAddress, + hostnames: $0.hostnames, + comment: $0.hasComment ? $0.comment : nil + ) + } + return Hosts( + entries: entries, + comment: self.hasComment ? self.comment : nil + ) + } +} + +extension Initd { + func ociAlterations(id: String, ociSpec: inout ContainerizationOCI.Spec) throws { + guard var process = ociSpec.process else { + throw ContainerizationError( + .invalidArgument, + message: "runtime spec without process field present" + ) + } + guard let root = ociSpec.root else { + throw ContainerizationError( + .invalidArgument, + message: "runtime spec without root field present" + ) + } + + if ociSpec.linux!.cgroupsPath.isEmpty { + ociSpec.linux!.cgroupsPath = "/container/\(id)" + } + + if process.cwd.isEmpty { + process.cwd = "/" + } + + // NOTE: The OCI runtime specs Username field is truthfully Windows exclusive, but we use this as a way + // to pass through the exact string representation of a username (or username:group, uid:group etc.) a client + // may have given us. + let username = process.user.username.isEmpty ? "\(process.user.uid):\(process.user.gid)" : process.user.username + let parsedUser = try User.getExecUser( + userString: username, + passwdPath: URL(filePath: root.path).appending(path: "etc/passwd"), + groupPath: URL(filePath: root.path).appending(path: "etc/group") + ) + process.user.uid = parsedUser.uid + process.user.gid = parsedUser.gid + process.user.additionalGids.append(contentsOf: parsedUser.sgids) + process.user.additionalGids.append(process.user.gid) + + var seenSuppGids = Set() + process.user.additionalGids = process.user.additionalGids.filter { + seenSuppGids.insert($0).inserted + } + + if !process.env.contains(where: { $0.hasPrefix("PATH=") }) { + process.env.append("PATH=\(LinuxProcessConfiguration.defaultPath)") + } + + if !process.env.contains(where: { $0.hasPrefix("HOME=") }) { + process.env.append("HOME=\(parsedUser.home)") + } + + // Defensive programming a tad, but ensure we have TERM set if + // the client requested a pty. + if process.terminal { + let termEnv = "TERM=" + if !process.env.contains(where: { $0.hasPrefix(termEnv) }) { + process.env.append("TERM=xterm") + } + } + + ociSpec.process = process + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/Server.swift b/vminitd/Sources/VminitdCore/Server.swift new file mode 100644 index 0000000..7ee1674 --- /dev/null +++ b/vminitd/Sources/VminitdCore/Server.swift @@ -0,0 +1,145 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationError +import Foundation +import GRPCCore +import GRPCNIOTransportHTTP2 +import GRPCProtobuf +import Logging +import NIOCore +import NIOPosix + +public final class Initd: Sendable { + public actor State { + private(set) var containers: [String: ManagedContainer] = [:] + var proxies: [String: VsockProxy] = [:] + + public typealias ContainerDeletedHandler = @Sendable (String) async -> Void + private var onContainerDeleted: [ContainerDeletedHandler] = [] + + public func onDelete(_ handler: @escaping ContainerDeletedHandler) { + onContainerDeleted.append(handler) + } + + public func get(container id: String) throws -> ManagedContainer { + guard let ctr = self.containers[id] else { + throw ContainerizationError( + .notFound, + message: "container \(id) not found" + ) + } + return ctr + } + + func add(container: ManagedContainer) throws { + guard containers[container.id] == nil else { + throw ContainerizationError( + .exists, + message: "container \(container.id) already exists" + ) + } + containers[container.id] = container + } + + func add(proxy: VsockProxy) throws { + guard proxies[proxy.id] == nil else { + throw ContainerizationError( + .exists, + message: "proxy \(proxy.id) already exists" + ) + } + proxies[proxy.id] = proxy + } + + func remove(proxy id: String) throws -> VsockProxy { + guard let proxy = proxies.removeValue(forKey: id) else { + throw ContainerizationError( + .notFound, + message: "proxy \(id) does not exist" + ) + } + return proxy + } + + func remove(container id: String) throws { + guard let _ = containers.removeValue(forKey: id) else { + throw ContainerizationError( + .notFound, + message: "container \(id) does not exist" + ) + } + let handlers = onContainerDeleted + Task { + for handler in handlers { + await handler(id) + } + } + } + } + + public let log: Logger + public let state: State + let group: MultiThreadedEventLoopGroup + let blockingPool: NIOThreadPool + + public init(log: Logger, group: MultiThreadedEventLoopGroup, blockingPool: NIOThreadPool) { + self.log = log + self.group = group + self.blockingPool = blockingPool + self.state = State() + } + + public func serve(port: Int, additionalServices: [any RegistrableRPCService] = []) async throws { + try await withThrowingTaskGroup(of: Void.self) { group in + log.debug("starting process supervisor") + + ProcessSupervisor.default.setLog(self.log) + ProcessSupervisor.default.ready() + + log.info( + "booting gRPC server on vsock", + metadata: [ + "port": "\(port)" + ]) + + let server = GRPCServer( + transport: .http2NIOPosix( + address: .vsock(contextID: .any, port: .init(port)), + transportSecurity: .plaintext, + eventLoopGroup: self.group + ), + services: [self] + additionalServices + ) + + log.info( + "gRPC API serving on vsock", + metadata: [ + "port": "\(port)" + ]) + + group.addTask { try await server.serve() } + + try await group.next() + log.info("closing gRPC server") + group.cancelAll() + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/StandardIO.swift b/vminitd/Sources/VminitdCore/StandardIO.swift new file mode 100644 index 0000000..49d32c4 --- /dev/null +++ b/vminitd/Sources/VminitdCore/StandardIO.swift @@ -0,0 +1,175 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationError +import ContainerizationOS +import Foundation +import Logging +import Synchronization + +final class StandardIO: ManagedProcess.IO & Sendable { + private struct State { + var stdin: IOPair? + var stdout: IOPair? + var stderr: IOPair? + + var stdinPipe: Pipe? + var stdoutPipe: Pipe? + var stderrPipe: Pipe? + } + + private let log: Logger? + private let hostStdio: HostStdio + private let state: Mutex + + init( + stdio: HostStdio, + log: Logger? + ) { + self.hostStdio = stdio + self.log = log + self.state = Mutex(State()) + } + + // NOP + func attach(pid: Int32, fd: Int32) throws {} + + func start(process: inout Command) throws { + try self.state.withLock { + if let stdinPort = self.hostStdio.stdin { + let inPipe = Pipe() + process.stdin = inPipe.fileHandleForReading + $0.stdinPipe = inPipe + + let type = VsockType( + port: stdinPort, + cid: VsockType.hostCID + ) + let stdinSocket = try Socket(type: type, closeOnDeinit: false) + try stdinSocket.connect() + + let pair = IOPair( + readFrom: stdinSocket, + writeTo: inPipe.fileHandleForWriting, + reason: "StandardIO stdin", + logger: log + ) + $0.stdin = pair + + try pair.relay() + } + + if let stdoutPort = self.hostStdio.stdout { + let outPipe = Pipe() + process.stdout = outPipe.fileHandleForWriting + $0.stdoutPipe = outPipe + + let type = VsockType( + port: stdoutPort, + cid: VsockType.hostCID + ) + let stdoutSocket = try Socket(type: type, closeOnDeinit: false) + try stdoutSocket.connect() + + let pair = IOPair( + readFrom: outPipe.fileHandleForReading, + writeTo: stdoutSocket, + reason: "StandardIO stdout", + logger: log + ) + $0.stdout = pair + + try pair.relay() + } + + if let stderrPort = self.hostStdio.stderr { + let errPipe = Pipe() + process.stderr = errPipe.fileHandleForWriting + $0.stderrPipe = errPipe + + let type = VsockType( + port: stderrPort, + cid: VsockType.hostCID + ) + let stderrSocket = try Socket(type: type, closeOnDeinit: false) + try stderrSocket.connect() + + let pair = IOPair( + readFrom: errPipe.fileHandleForReading, + writeTo: stderrSocket, + reason: "StandardIO stderr", + logger: log + ) + $0.stderr = pair + + try pair.relay() + } + } + } + + func resize(size: Terminal.Size) throws { + throw ContainerizationError(.unsupported, message: "resize not supported") + } + + func close() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + + if let stdout = $0.stdout { + stdout.close() + $0.stdout = nil + } + + if let stderr = $0.stderr { + stderr.close() + $0.stderr = nil + } + } + } + + func closeStdin() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + } + } + + func closeAfterExec() throws { + try self.state.withLock { + if let stdin = $0.stdinPipe { + try stdin.fileHandleForReading.close() + $0.stdinPipe = nil + } + if let stdout = $0.stdoutPipe { + try stdout.fileHandleForWriting.close() + $0.stdoutPipe = nil + } + if let stderr = $0.stderrPipe { + try stderr.fileHandleForWriting.close() + $0.stderrPipe = nil + } + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/TerminalIO.swift b/vminitd/Sources/VminitdCore/TerminalIO.swift new file mode 100644 index 0000000..976e970 --- /dev/null +++ b/vminitd/Sources/VminitdCore/TerminalIO.swift @@ -0,0 +1,169 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationOS +import Foundation +import LCShim +import Logging +import Synchronization + +final class TerminalIO: ManagedProcess.IO & Sendable { + private struct State { + var stdinSocket: Socket? + var stdoutSocket: Socket? + + var stdin: IOPair? + var stdout: IOPair? + var parent: Terminal? + } + + private let log: Logger? + private let hostStdio: HostStdio + private let state: Mutex + + init( + stdio: HostStdio, + log: Logger? + ) throws { + self.hostStdio = stdio + self.log = log + self.state = Mutex(State()) + } + + func resize(size: Terminal.Size) throws { + try self.state.withLock { + if let parent = $0.parent { + try parent.resize(size: size) + } + } + } + + func start(process: inout Command) throws { + try self.state.withLock { + process.stdin = nil + process.stdout = nil + process.stderr = nil + + if let stdinPort = self.hostStdio.stdin { + let type = VsockType( + port: stdinPort, + cid: VsockType.hostCID + ) + let stdinSocket = try Socket(type: type, closeOnDeinit: false) + try stdinSocket.connect() + $0.stdinSocket = stdinSocket + } + + if let stdoutPort = self.hostStdio.stdout { + let type = VsockType( + port: stdoutPort, + cid: VsockType.hostCID + ) + let stdoutSocket = try Socket(type: type, closeOnDeinit: false) + try stdoutSocket.connect() + $0.stdoutSocket = stdoutSocket + } + } + } + + func attach(pid: Int32, fd: Int32) throws { + try self.state.withLock { + let containerFd = CZ_pidfd_open(pid, 0) + guard containerFd != -1 else { + throw POSIXError.fromErrno() + } + defer { Foundation.close(Int32(containerFd)) } + + let hostFd = CZ_pidfd_getfd(containerFd, fd, 0) + guard hostFd != -1 else { + throw POSIXError.fromErrno() + } + + let term = try Terminal(descriptor: Int32(hostFd), setInitState: false) + $0.parent = term + + if let stdinSocket = $0.stdinSocket { + let pair = IOPair( + readFrom: stdinSocket, + writeTo: UnownedIOCloser(term), + reason: "TerminalIO stdin", + logger: log + ) + try pair.relay(ignoreHup: true) + $0.stdin = pair + } + + if let stdoutSocket = $0.stdoutSocket { + let pair = IOPair( + readFrom: term, + writeTo: stdoutSocket, + reason: "TerminalIO stdout", + logger: log + ) + try pair.relay(ignoreHup: true) + $0.stdout = pair + } + } + } + + func close() throws { + self.state.withLock { + // stdout must close before stdin because both IOPairs share the + // Terminal fd. stdout registered that fd with epoll (as its read + // source) and needs to unregister it while the fd is still valid. + // stdin closes the Terminal as its write destination, which would + // invalidate the fd before stdout can unregister. + if let stdout = $0.stdout { + stdout.close() + $0.stdout = nil + } + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + + // If IOPairs were never created (process exited before attach), + // close the raw sockets directly since they have closeOnDeinit + // disabled. + if let stdinSocket = $0.stdinSocket { + try? stdinSocket.close() + $0.stdinSocket = nil + } + if let stdoutSocket = $0.stdoutSocket { + try? stdoutSocket.close() + $0.stdoutSocket = nil + } + + $0.parent = nil + } + } + + // NOP + func closeAfterExec() throws {} + + func closeStdin() throws { + self.state.withLock { + if let stdin = $0.stdin { + stdin.close() + $0.stdin = nil + } + } + } +} + +#endif diff --git a/vminitd/Sources/VminitdCore/VsockProxy.swift b/vminitd/Sources/VminitdCore/VsockProxy.swift new file mode 100644 index 0000000..393fad1 --- /dev/null +++ b/vminitd/Sources/VminitdCore/VsockProxy.swift @@ -0,0 +1,414 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +#if os(Linux) + +import ContainerizationIO +import ContainerizationOS +import Foundation +import LCShim +import Logging + +actor VsockProxy { + enum Action { + case listen + case dial + } + + private enum SocketType { + case unix + case vsock + } + + let id: String + + private let path: URL + private let action: Action + private let port: UInt32 + private let udsPerms: UInt32? + private let log: Logger? + + private var listener: Socket? + private var task: Task<(), Never>? + private var connectionTasks: [UUID: Task<(), Never>] = [:] + + init( + id: String, + action: Action, + port: UInt32, + path: URL, + udsPerms: UInt32?, + log: Logger? = nil + ) { + self.id = id + self.action = action + self.port = port + self.path = path + self.udsPerms = udsPerms + self.log = log + } +} + +extension VsockProxy { + func start() throws { + guard listener == nil else { + return + } + + log?.debug( + "starting proxy", + metadata: [ + "vport": "\(port)", + "uds": "\(path)", + "action": "\(action)", + ]) + + switch action { + case .dial: + try dialHost() + case .listen: + try dialGuest() + } + } + + func close() throws { + guard let listener else { + return + } + + log?.debug( + "stopping proxy", + metadata: [ + "vport": "\(port)", + "uds": "\(path)", + "action": "\(action)", + ]) + + try listener.close() + + for (_, t) in connectionTasks { t.cancel() } + connectionTasks.removeAll() + + if action == .dial { + let fm = FileManager.default + if fm.fileExists(atPath: path.path) { + try fm.removeItem(at: path) + } + } + + task?.cancel() + self.listener = nil + } + + private func dialHost() throws { + let fm = FileManager.default + + let parentDir = path.deletingLastPathComponent() + try fm.createDirectory( + at: parentDir, + withIntermediateDirectories: true + ) + + let type = try UnixType( + path: path.path, + perms: udsPerms, + unlinkExisting: true + ) + let oldMask = umask(0) + defer { umask(oldMask) } + let uds = try Socket(type: type) + try uds.listen() + listener = uds + + try acceptLoop(socketType: .unix) + } + + private func dialGuest() throws { + let type = VsockType( + port: port, + cid: VsockType.anyCID + ) + let vsock = try Socket(type: type) + try vsock.listen() + listener = vsock + + try acceptLoop(socketType: .vsock) + } + + private func acceptLoop(socketType: SocketType) throws { + guard let listener else { + return + } + + let stream = try listener.acceptStream() + let task = Task { + do { + for try await conn in stream { + let connID = UUID() + let connTask = Task { + defer { self.connectionTasks[connID] = nil } + log?.debug( + "accepting connection", + metadata: [ + "vport": "\(port)", + "uds": "\(path)", + "action": "\(action)", + "socketType": "\(socketType)", + ]) + do { + try await handleConn( + conn: conn, + connType: socketType + ) + } catch { + self.log?.error("failed to handle connection: \(error)") + } + } + // Safe: actor serialization ensures this runs before connTask can execute its defer. + connectionTasks[connID] = connTask + } + } catch { + self.log?.error("failed to accept connection: \(error)") + } + } + self.task = task + } + + private func handleConn( + conn: ContainerizationOS.Socket, + connType: SocketType + ) async throws { + try await withCheckedThrowingContinuation { (c: CheckedContinuation) in + do { + // `relayTo` isn't used concurrently. + nonisolated(unsafe) var relayTo: ContainerizationOS.Socket + + switch connType { + case .unix: + let type = VsockType( + port: port, + cid: VsockType.hostCID + ) + relayTo = try Socket( + type: type, + closeOnDeinit: false + ) + case .vsock: + let type = try UnixType(path: path.path) + relayTo = try Socket( + type: type, + closeOnDeinit: false + ) + } + + try relayTo.connect() + + // `clientFile` isn't used concurrently. + nonisolated(unsafe) var clientFile = OSFile.SpliceFile(fd: conn.fileDescriptor) + nonisolated(unsafe) var eofFromClient = false + // `serverFile` isn't used concurrently. + nonisolated(unsafe) var serverFile = OSFile.SpliceFile(fd: relayTo.fileDescriptor) + nonisolated(unsafe) var eofFromServer = false + + // clean up when any of these conditions apply: + // - the client has completely hung up or errored + // - the server has completely hung up or errored + // - both the client and server have half closed via: + // - read hangup on epoll + // - EOF on splice + let cleanup = { @Sendable [log, port, path, action] in + log?.debug( + "cleaning up", + metadata: [ + "vport": "\(port)", + "uds": "\(path)", + "action": "\(action)", + "eofFromClient": "\(eofFromClient)", + "eofFromServer": "\(eofFromServer)", + "clientFd": "\(clientFile.fileDescriptor)", + "serverFd": "\(serverFile.fileDescriptor)", + ] + ) + + do { + try ProcessSupervisor.default.unregisterFd(clientFile.fileDescriptor) + try ProcessSupervisor.default.unregisterFd(serverFile.fileDescriptor) + try conn.close() + try relayTo.close() + } catch { + self.log?.error("Failed to clean up vsock proxy: \(error)") + } + c.resume() + } + + try! ProcessSupervisor.default.registerFd(clientFile.fileDescriptor, mask: [.input, .output]) { mask in + if mask.readyToRead && !eofFromClient { + let (fromEof, toEof) = Self.transferData( + fromFile: &clientFile, + toFile: &serverFile, + description: "readyToRead:toServer", + log: self.log + ) + eofFromClient = eofFromClient || fromEof + eofFromServer = eofFromServer || toEof + } + + if mask.readyToWrite && !eofFromServer { + let (fromEof, toEof) = Self.transferData( + fromFile: &serverFile, + toFile: &clientFile, + description: "readyToWrite:toClient", + log: self.log + ) + eofFromClient = eofFromClient || toEof + eofFromServer = eofFromServer || fromEof + } + + if mask.isHangup { + eofFromClient = true + eofFromServer = true + } else if mask.isRemoteHangup && !eofFromClient { + // half close, shut down client to server transfer + // we should see no more EPOLLIN events on the client fd + // and no more EPOLLOUT events on the server fd + eofFromClient = true + if shutdown(serverFile.fileDescriptor, Int32(SHUT_WR)) != 0 { + self.log?.warning( + "failed to shut down client reads", + metadata: [ + "vport": "\(self.port)", + "uds": "\(self.path)", + "errno": "\(errno)", + "eofFromClient": "\(eofFromClient)", + "eofFromServer": "\(eofFromServer)", + "clientFd": "\(clientFile.fileDescriptor)", + "serverFd": "\(serverFile.fileDescriptor)", + ] + ) + } + } + + if eofFromClient && eofFromServer { + return cleanup() + } + } + + try! ProcessSupervisor.default.registerFd(serverFile.fileDescriptor, mask: [.input, .output]) { mask in + if mask.readyToRead && !eofFromServer { + let (fromEof, toEof) = Self.transferData( + fromFile: &serverFile, + toFile: &clientFile, + description: "readyToRead:toClient", + log: self.log + ) + eofFromClient = eofFromClient || toEof + eofFromServer = eofFromServer || fromEof + } + + if mask.readyToWrite && !eofFromClient { + let (fromEof, toEof) = Self.transferData( + fromFile: &clientFile, + toFile: &serverFile, + description: "readyToWrite:toServer", + log: self.log + ) + eofFromClient = eofFromClient || fromEof + eofFromServer = eofFromServer || toEof + } + + if mask.isHangup { + eofFromClient = true + eofFromServer = true + } else if mask.isRemoteHangup && !eofFromServer { + // half close, shut down server to client transfer + // we should see no more EPOLLIN events on the server fd + // and no more EPOLLOUT events on the client fd + eofFromServer = true + if shutdown(clientFile.fileDescriptor, Int32(SHUT_WR)) != 0 { + self.log?.warning( + "failed to shut down server reads", + metadata: [ + "vport": "\(self.port)", + "uds": "\(self.path)", + "errno": "\(errno)", + "eofFromClient": "\(eofFromClient)", + "eofFromServer": "\(eofFromServer)", + "clientFd": "\(clientFile.fileDescriptor)", + "serverFd": "\(serverFile.fileDescriptor)", + ] + ) + } + } + + if eofFromClient && eofFromServer { + return cleanup() + } + } + } catch { + c.resume(throwing: error) + } + } + } + + private static func transferData( + fromFile: inout OSFile.SpliceFile, + toFile: inout OSFile.SpliceFile, + description: String, + log: Logger? + ) -> (Bool, Bool) { + do { + let (readBytes, writeBytes, action) = try OSFile.splice(from: &fromFile, to: &toFile) + log?.trace( + "transferred data", + metadata: [ + "description": "\(description)", + "action": "\(action)", + "readBytes": "\(readBytes)", + "writeBytes": "\(writeBytes)", + "fromFd": "\(fromFile.fileDescriptor)", + "toFd": "\(toFile.fileDescriptor)", + ] + ) + if action == .eof { + // half close, shut down client to server transfer + // we should see no more EPOLLIN events on the client fd + // and no more EPOLLOUT events on the server fd + if shutdown(toFile.fileDescriptor, Int32(SHUT_WR)) != 0 { + log?.warning( + "failed to shut down reads", + metadata: [ + "description": "\(description)", + "errno": "\(errno)", + "action": "\(action)", + "readBytes": "\(readBytes)", + "writeBytes": "\(writeBytes)", + "fromFd": "\(fromFile.fileDescriptor)", + "toFd": "\(toFile.fileDescriptor)", + ] + ) + } + return (true, false) + } else if action == .brokenPipe { + return (true, true) + } + return (false, false) + } catch { + return (true, true) + } + } +} + +#endif diff --git a/vminitd/Sources/vmexec/Console.swift b/vminitd/Sources/vmexec/Console.swift new file mode 100644 index 0000000..b868049 --- /dev/null +++ b/vminitd/Sources/vmexec/Console.swift @@ -0,0 +1,70 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import FoundationEssentials +import LCShim + +#if canImport(Musl) +import Musl +private let _close = Musl.close +#elseif canImport(Glibc) +import Glibc +private let _close = Glibc.close +#endif + +class Console { + let master: Int32 + let slavePath: String + + init() throws { + let masterFD = open("/dev/ptmx", O_RDWR | O_NOCTTY | O_CLOEXEC) + guard masterFD != -1 else { + throw App.Errno(stage: "open_ptmx") + } + + guard unlockpt(masterFD) == 0 else { + throw App.Errno(stage: "unlockpt") + } + + guard let slavePath = ptsname(masterFD) else { + throw App.Errno(stage: "ptsname") + } + + self.master = masterFD + self.slavePath = String(cString: slavePath) + } + + func configureStdIO() throws { + let path = self.slavePath + let slaveFD = open(path, O_RDWR) + guard slaveFD != -1 else { + throw App.Errno(stage: "open_pts") + } + defer { _ = _close(slaveFD) } + + for fd: Int32 in 0...2 { + guard dup3(slaveFD, fd, 0) != -1 else { + throw App.Errno(stage: "dup3") + } + } + } + + func close() throws { + guard _close(self.master) == 0 else { + throw App.Errno(stage: "close") + } + } +} diff --git a/vminitd/Sources/vmexec/ExecCommand.swift b/vminitd/Sources/vmexec/ExecCommand.swift new file mode 100644 index 0000000..b5a87f8 --- /dev/null +++ b/vminitd/Sources/vmexec/ExecCommand.swift @@ -0,0 +1,165 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import ContainerizationOCI +import ContainerizationOS +import FoundationEssentials +import LCShim +import Logging +import SystemPackage + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +struct ExecCommand: ParsableCommand { + static let configuration = CommandConfiguration( + commandName: "exec", + abstract: "Exec in a container" + ) + + @Option(name: .long, help: "path to an OCI runtime spec process configuration") + var processPath: String + + @Option(name: .long, help: "pid of the init process for the container") + var parentPid: Int + + func run() throws { + do { + let src = URL(fileURLWithPath: processPath) + let processBytes = try Data(contentsOf: src) + let process = try JSONDecoder().decode( + ContainerizationOCI.Process.self, + from: processBytes + ) + try execInNamespaces(process: process) + } catch { + App.writeError(error) + throw error + } + } + + static func enterNS(pidFd: Int32, nsType: Int32) throws { + guard setns(pidFd, nsType) == 0 else { + throw App.Errno(stage: "setns(fd)") + } + } + + private func execInNamespaces(process: ContainerizationOCI.Process) throws { + let syncPipe = FileDescriptor(rawValue: 3) + let ackPipe = FileDescriptor(rawValue: 4) + + let pidFd = CZ_pidfd_open(Int32(parentPid), 0) + guard pidFd > 0 else { + throw App.Errno(stage: "pidfd_open(\(parentPid))") + } + try Self.enterNS( + pidFd: pidFd, + nsType: CLONE_NEWCGROUP | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWNS + ) + + let processID = fork() + + guard processID != -1 else { + try? syncPipe.close() + try? ackPipe.close() + + throw App.Errno(stage: "fork") + } + + if processID == 0 { // child + // Wait for the grandparent to tell us that they acked our pid. + var pidAckBuffer = [UInt8](repeating: 0, count: App.ackPid.count) + let pidAckBytesRead = try pidAckBuffer.withUnsafeMutableBytes { buffer in + try ackPipe.read(into: buffer) + } + guard pidAckBytesRead > 0 else { + throw App.Failure(message: "read ack pipe") + } + let pidAckStr = String(decoding: pidAckBuffer[.. 0 else { + throw App.Failure(message: "read ack pipe") + } + let consoleAckStr = String(decoding: consoleAckBuffer[.. ContainerizationOS.Mount { + ContainerizationOS.Mount( + type: self.type, + source: self.source, + target: self.destination, + options: self.options + ) + } +} diff --git a/vminitd/Sources/vmexec/RunCommand.swift b/vminitd/Sources/vmexec/RunCommand.swift new file mode 100644 index 0000000..e20b86a --- /dev/null +++ b/vminitd/Sources/vmexec/RunCommand.swift @@ -0,0 +1,502 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import Cgroup +import ContainerizationOCI +import ContainerizationOS +import FoundationEssentials +import LCShim +import SystemPackage + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +struct RunCommand: ParsableCommand { + static let configuration = CommandConfiguration( + commandName: "run", + abstract: "Run a container" + ) + + @Option(name: .long, help: "path to an OCI bundle") + var bundlePath: String + + mutating func run() throws { + do { + let spec: ContainerizationOCI.Spec + do { + let bundle = try ContainerizationOCI.Bundle.load(path: URL(filePath: bundlePath)) + spec = try bundle.loadConfig() + } catch { + throw App.Failure(message: "failed to load OCI bundle at \(bundlePath): \(error)") + } + try execInNamespace(spec: spec) + } catch { + App.writeError(error) + throw error + } + } + + private func childRootSetup( + rootfs: ContainerizationOCI.Root, + mounts: [ContainerizationOCI.Mount] + ) throws { + // setup rootfs + try prepareRoot(rootfs: rootfs.path) + try mountRootfs(rootfs: rootfs.path, mounts: mounts) + try setDevSymlinks(rootfs: rootfs.path) + + try pivotRoot(rootfs: rootfs.path) + + // Remount ro if requested. + if rootfs.readonly { + try self.remountRootfsReadOnly() + } + + try reOpenDevNull() + } + + /// Mask paths per OCI `linux.maskedPaths`. Files (and any non-directory) + /// get `/dev/null` bind-mounted on top; directories get an empty read-only + /// tmpfs. Missing paths are skipped silently — matches runc's `maskPath`. + private func applyMaskedPaths(_ paths: [String]) throws { + for path in paths { + var st = stat() + if stat(path, &st) != 0 { + if errno == ENOENT { + continue + } + throw App.Errno(stage: "stat(\(path)) for mask") + } + + if (st.st_mode & S_IFMT) == S_IFDIR { + // Match runc: mask directories with a read-only tmpfs. MS_RDONLY + // is what actually prevents writes into the masked dir; a + // `size=0k` option would be a no-op (the kernel treats tmpfs + // size=0 as "no limit", not an empty filesystem). + guard mount("tmpfs", path, "tmpfs", UInt(MS_RDONLY | MS_NOSUID | MS_NODEV | MS_NOEXEC), nil) == 0 else { + throw App.Errno(stage: "mount(tmpfs mask \(path))") + } + } else { + guard mount("/dev/null", path, "bind", UInt(MS_BIND), nil) == 0 else { + throw App.Errno(stage: "mount(bind /dev/null -> \(path))") + } + } + } + } + + /// Make paths read-only per OCI `linux.readonlyPaths` by bind-mounting + /// each onto itself and remounting with `MS_RDONLY`. Missing paths are + /// skipped silently — matches runc's `readonlyPath`. The statfs fallback + /// mirrors `remountRootfsReadOnly()` for filesystems whose existing flags + /// (e.g. nosuid, nodev) must be preserved on the remount. + private func applyReadonlyPaths(_ paths: [String]) throws { + for path in paths { + var st = stat() + if stat(path, &st) != 0 { + if errno == ENOENT { + continue + } + throw App.Errno(stage: "stat(\(path)) for readonly") + } + + guard mount(path, path, "", UInt(MS_BIND | MS_REC), nil) == 0 else { + throw App.Errno(stage: "mount(bind \(path))") + } + + var flags = UInt(MS_BIND | MS_REMOUNT | MS_RDONLY) + if mount("", path, "", flags, "") == 0 { + continue + } + + var s = statfs() + guard statfs(path, &s) == 0 else { + throw App.Errno(stage: "statfs(\(path))") + } + flags |= UInt(s.f_flags) + + guard mount("", path, "", flags, "") == 0 else { + throw App.Errno(stage: "mount remount-ro \(path)") + } + } + } + + private func remountRootfsReadOnly() throws { + var flags = UInt(MS_BIND | MS_REMOUNT | MS_RDONLY) + + let ret = mount("", "/", "", flags, "") + if ret == 0 { + return + } + + var s = statfs() + guard statfs("/", &s) == 0 else { + throw App.Errno(stage: "statfs(/)") + } + flags |= UInt(s.f_flags) + + guard mount("", "/", "", flags, "") == 0 else { + throw App.Errno(stage: "mount rootfs ro") + } + } + + private func childSetup( + spec: ContainerizationOCI.Spec, + ackPipe: FileDescriptor, + syncPipe: FileDescriptor + ) throws { + guard let process = spec.process else { + throw App.Failure(message: "no process configuration found in runtime spec") + } + guard let root = spec.root else { + throw App.Failure(message: "no root found in runtime spec") + } + + // Wait for the grandparent to tell us that they acked our pid. + var pidAckBuffer = [UInt8](repeating: 0, count: App.ackPid.count) + let pidAckBytesRead = try pidAckBuffer.withUnsafeMutableBytes { buffer in + try ackPipe.read(into: buffer) + } + guard pidAckBytesRead > 0 else { + throw App.Failure(message: "read ack pipe") + } + let pidAckStr = String(decoding: pidAckBuffer[.. 0 else { + throw App.Failure(message: "read ack pipe") + } + let consoleAckStr = String(decoding: consoleAckBuffer[..= 0 else { + throw App.Errno(stage: "sysctl open(\(path))") + } + defer { close(fd) } + let bytes = Array(value.utf8) + let written = write(fd, bytes, bytes.count) + guard written == bytes.count else { + throw App.Errno(stage: "sysctl write(\(key)=\(value))") + } + } + } + + // Apply OCI maskedPaths/readonlyPaths AFTER sysctls (writes to + // /proc/sys/* would otherwise fail once /proc/sys is remounted ro) + // and BEFORE the user/capability change (mount() requires + // CAP_SYS_ADMIN, which we still have here as root). Mask runs first + // so a path appearing in both lists is hidden, not just locked. + try self.applyMaskedPaths(spec.linux?.maskedPaths ?? []) + try self.applyReadonlyPaths(spec.linux?.readonlyPaths ?? []) + + // Apply O_CLOEXEC to all file descriptors except stdio. + // This ensures that all unwanted fds we may have accidentally + // inherited are marked close-on-exec so they stay out of the + // container. + try App.applyCloseExecOnFDs() + + try App.setRLimits(rlimits: process.rlimits) + + // Prepare capabilities (before user change) + let preparedCaps = try App.prepareCapabilities(capabilities: process.capabilities ?? ContainerizationOCI.LinuxCapabilities()) + + // Change stdio to be owned by the requested user. + try App.fixStdioPerms(user: process.user) + + // Set uid, gid, and supplementary groups. + try App.setPermissions(user: process.user) + + // Finish capabilities (after user change) + try App.finishCapabilities(preparedCaps) + + // Set no_new_privs if requested by the OCI spec. + try App.setNoNewPrivileges(process: process) + + // Finally execve the container process. + try App.exec(process: process, currentEnv: process.env) + } + + private func setupNamespaces(namespaces: [ContainerizationOCI.LinuxNamespace]?) throws -> Int32 { + var unshareFlags: Int32 = 0 + + // Map namespace types to their corresponding CLONE flags + let nsTypeToFlag: [ContainerizationOCI.LinuxNamespaceType: Int32] = [ + .pid: CLONE_NEWPID, + .mount: CLONE_NEWNS, + .uts: CLONE_NEWUTS, + .ipc: CLONE_NEWIPC, + .user: CLONE_NEWUSER, + .cgroup: CLONE_NEWCGROUP, + ] + + guard let namespaces = namespaces else { + return CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUTS + } + + for ns in namespaces { + guard let flag = nsTypeToFlag[ns.type] else { + continue + } + + if ns.path.isEmpty { + unshareFlags |= flag + } else { + let fd = open(ns.path, O_RDONLY | O_CLOEXEC) + guard fd >= 0 else { + throw App.Errno(stage: "open(\(ns.path))") + } + defer { close(fd) } + + guard setns(fd, flag) == 0 else { + throw App.Errno(stage: "setns(\(ns.path))") + } + } + } + + return unshareFlags + } + + private func execInNamespace(spec: ContainerizationOCI.Spec) throws { + let syncPipe = FileDescriptor(rawValue: 3) + let ackPipe = FileDescriptor(rawValue: 4) + + let unshareFlags = try setupNamespaces(namespaces: spec.linux?.namespaces) + + guard unshare(unshareFlags) == 0 else { + throw App.Errno(stage: "unshare(\(unshareFlags))") + } + + let processID = fork() + guard processID != -1 else { + try? syncPipe.close() + try? ackPipe.close() + throw App.Errno(stage: "fork") + } + + if processID == 0 { // child + try childSetup(spec: spec, ackPipe: ackPipe, syncPipe: syncPipe) + } else { // parent process + // Setup cgroup before child enters cgroup namespace + if let linux = spec.linux { + let cgroupPath = linux.cgroupsPath + if !cgroupPath.isEmpty { + let cgroupManager = try Cgroup2Manager.load(group: URL(filePath: cgroupPath)) + + if let resources = linux.resources { + try cgroupManager.applyResources(resources: resources) + } + + try cgroupManager.addProcess(pid: processID) + } + } + + // Send our child's pid before we exit. + var childPid = processID + try withUnsafeBytes(of: &childPid) { bytes in + _ = try syncPipe.write(bytes) + } + } + } + + private func mountRootfs(rootfs: String, mounts: [ContainerizationOCI.Mount]) throws { + let containerMount = ContainerMount(rootfs: rootfs, mounts: mounts) + try containerMount.mountToRootfs() + try containerMount.configureConsole() + } + + private func prepareRoot(rootfs: String) throws { + guard mount("", "/", "", UInt(MS_SLAVE | MS_REC), nil) == 0 else { + throw App.Errno(stage: "mount(slave|rec)") + } + + guard mount(rootfs, rootfs, "bind", UInt(MS_BIND | MS_REC), nil) == 0 else { + throw App.Errno(stage: "mount(bind|rec)") + } + } + + private func setDevSymlinks(rootfs: String) throws { + let links: [(src: String, dst: String)] = [ + ("/proc/self/fd", "/dev/fd"), + ("/proc/self/fd/0", "/dev/stdin"), + ("/proc/self/fd/1", "/dev/stdout"), + ("/proc/self/fd/2", "/dev/stderr"), + ("/dev/rtc0", "/dev/rtc"), + ] + + let rootfsURL = URL(fileURLWithPath: rootfs) + for (src, dst) in links { + let dest = rootfsURL.appendingPathComponent(dst) + guard symlink(src, dest.path) == 0 else { + if errno == EEXIST { + continue + } + throw App.Errno(stage: "symlink(\(src) -> \(dest.path))") + } + } + } + + private func reOpenDevNull() throws { + let file = open("/dev/null", O_RDWR) + guard file != -1 else { + throw App.Errno(stage: "open(/dev/null)") + } + defer { close(file) } + + var devNullStat = stat() + try withUnsafeMutablePointer(to: &devNullStat) { pointer in + guard fstat(file, pointer) == 0 else { + throw App.Errno(stage: "fstat(/dev/null)") + } + } + + for fd: Int32 in 0...2 { + var fdStat = stat() + try withUnsafeMutablePointer(to: &fdStat) { pointer in + guard fstat(fd, pointer) == 0 else { + throw App.Errno(stage: "fstat(fd)") + } + } + + if fdStat.st_rdev == devNullStat.st_rdev { + guard dup3(file, fd, 0) != -1 else { + throw App.Errno(stage: "dup3(null)") + } + } + } + } + + /// Pivots the rootfs of the calling process in the namespace to the provided + /// rootfs in the argument. + /// + /// The pivot_root(".", ".") and unmount old root approach is exactly the same + /// as runc's pivot root implementation in: + /// https://github.com/opencontainers/runc/blob/main/libcontainer/rootfs_linux.go + private func pivotRoot(rootfs: String) throws { + let oldRoot = open("/", O_RDONLY | O_DIRECTORY) + if oldRoot <= 0 { + throw App.Errno(stage: "open(oldroot)") + } + defer { close(oldRoot) } + + let newRoot = open(rootfs, O_RDONLY | O_DIRECTORY) + if newRoot <= 0 { + throw App.Errno(stage: "open(newroot)") + } + defer { close(newRoot) } + + // change cwd to the new root + guard fchdir(newRoot) == 0 else { + throw App.Errno(stage: "fchdir(newroot)") + } + guard CZ_pivot_root(toCString("."), toCString(".")) == 0 else { + throw App.Errno(stage: "pivot_root()") + } + // change cwd to the old root + guard fchdir(oldRoot) == 0 else { + throw App.Errno(stage: "fchdir(oldroot)") + } + // mount old root rslave so that unmount doesn't propagate back to outside + // the namespace + guard mount("", ".", "", UInt(MS_SLAVE | MS_REC), nil) == 0 else { + throw App.Errno(stage: "mount(., slave|rec)") + } + // unmount old root + guard umount2(".", Int32(MNT_DETACH)) == 0 else { + throw App.Errno(stage: "umount(.)") + } + // switch cwd to the new root + guard chdir("/") == 0 else { + throw App.Errno(stage: "chdir(/)") + } + } + + private func toCString(_ str: String) -> UnsafeMutablePointer? { + let cString = str.utf8CString + let cStringCopy = UnsafeMutableBufferPointer.allocate(capacity: cString.count) + _ = cStringCopy.initialize(from: cString) + return UnsafeMutablePointer(cStringCopy.baseAddress) + } + + private func mountConsole(path: String) throws { + let console = "/dev/console" + if access(console, F_OK) != 0 { + let fd = open(console, O_RDWR | O_CREAT, mode_t(UInt16(0o600))) + guard fd != -1 else { + throw App.Errno(stage: "open(/dev/console)") + } + close(fd) + } + + guard mount(path, console, "bind", UInt(MS_BIND), nil) == 0 else { + throw App.Errno(stage: "mount(console)") + } + } +} diff --git a/vminitd/Sources/vmexec/vmexec.swift b/vminitd/Sources/vmexec/vmexec.swift new file mode 100644 index 0000000..956680c --- /dev/null +++ b/vminitd/Sources/vmexec/vmexec.swift @@ -0,0 +1,285 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +/// NOTE: This binary implements a very small subset of the OCI runtime spec, mostly just +/// the process configurations. Mounts, masked paths, and read-only paths are enforced. +/// The `network` namespace is currently ignored and we always spawn a new pid and mount +/// namespace. + +import ArgumentParser +import ContainerizationError +import ContainerizationOCI +import ContainerizationOS +import FoundationEssentials +import LCShim +import Logging +import SystemPackage + +#if canImport(Musl) +import Musl +#elseif canImport(Glibc) +import Glibc +#endif + +@main +struct App: ParsableCommand { + static let ackPid = "AckPid" + static let ackConsole = "AckConsole" + + static let configuration = CommandConfiguration( + commandName: "vmexec", + version: "0.1.0", + subcommands: [ + ExecCommand.self, + RunCommand.self, + ] + ) +} + +extension App { + /// Applies O_CLOEXEC to all file descriptors currently open for + /// the process except the stdio fd values + static func applyCloseExecOnFDs() throws { + let minFD = 2 // stdin, stdout, stderr should be preserved + + let fdList = try FileManager.default.contentsOfDirectory(atPath: "/proc/self/fd") + + for fdStr in fdList { + guard let fd = Int(fdStr) else { + continue + } + if fd <= minFD { + continue + } + + _ = fcntl(Int32(fd), F_SETFD, FD_CLOEXEC) + } + } + + static func exec(process: ContainerizationOCI.Process, currentEnv: [String]? = nil) throws { + guard !process.args.isEmpty else { + throw App.Errno(stage: "exec", info: "process args cannot be empty") + } + + let executableArg = process.args[0] + let resolvedExecutable: URL + + if executableArg.contains("/") { + if executableArg.hasPrefix("/") { + resolvedExecutable = URL(fileURLWithPath: executableArg) + } else { + resolvedExecutable = URL(fileURLWithPath: process.cwd).appendingPathComponent(executableArg).standardized + } + + guard FileManager.default.fileExists(atPath: resolvedExecutable.path) else { + throw App.Failure(message: "failed to find target executable \(executableArg)") + } + } else { + let path = Path.findPath(currentEnv) ?? Path.getCurrentPath() + guard let found = Path.lookPath(executableArg, path: path) else { + throw App.Failure(message: "failed to find target executable \(executableArg)") + } + resolvedExecutable = found + } + + let executable = strdup(resolvedExecutable.path) + var argv = process.args.map { strdup($0) } + argv += [nil] + let env = process.env.map { strdup($0) } + [nil] + let cwd = process.cwd + + // Create the working directory if it doesn't exist, this seems like the expected + // OCI runtime spec behavior. + if !FileManager.default.fileExists(atPath: cwd) { + try FileManager.default.createDirectory( + atPath: cwd, + withIntermediateDirectories: true, + attributes: [.posixPermissions: 0o755] + ) + } + + guard chdir(cwd) == 0 else { + throw App.Errno(stage: "chdir(cwd)", info: "failed to change directory to '\(cwd)'") + } + + guard execvpe(executable, argv, env) != -1 else { + throw App.Errno(stage: "execvpe(\(String(describing: executable)))", info: "failed to exec [\(process.args.joined(separator: " "))]") + } + fatalError("execvpe failed") + } + + static func setPermissions(user: ContainerizationOCI.User) throws { + if user.additionalGids.count > 0 { + guard setgroups(user.additionalGids.count, user.additionalGids) == 0 else { + throw App.Errno(stage: "setgroups()") + } + } + guard setgid(user.gid) == 0 else { + throw App.Errno(stage: "setgid()") + } + // NOTE: setuid has to be done last because once the uid has been + // changed, then the process will lose privilege to set the group + // and supplementary groups + guard setuid(user.uid) == 0 else { + throw App.Errno(stage: "setuid()") + } + } + + static func fixStdioPerms(user: ContainerizationOCI.User) throws { + for i in 0...2 { + var fdStat = stat() + try withUnsafeMutablePointer(to: &fdStat) { pointer in + guard fstat(Int32(i), pointer) == 0 else { + throw App.Errno(stage: "fstat(fd)") + } + } + + let desired = uid_t(user.uid) + if fdStat.st_uid != desired { + guard fchown(Int32(i), desired, fdStat.st_gid) != -1 else { + throw App.Errno(stage: "fchown(\(i))") + } + } + } + } + + static func setRLimits(rlimits: [ContainerizationOCI.POSIXRlimit]) throws { + for rl in rlimits { + let resource: Int32 + switch rl.type { + case "RLIMIT_AS": + resource = CZ_RLIMIT_AS + case "RLIMIT_CORE": + resource = CZ_RLIMIT_CORE + case "RLIMIT_CPU": + resource = CZ_RLIMIT_CPU + case "RLIMIT_DATA": + resource = CZ_RLIMIT_DATA + case "RLIMIT_FSIZE": + resource = CZ_RLIMIT_FSIZE + case "RLIMIT_LOCKS": + resource = CZ_RLIMIT_LOCKS + case "RLIMIT_MEMLOCK": + resource = CZ_RLIMIT_MEMLOCK + case "RLIMIT_MSGQUEUE": + resource = CZ_RLIMIT_MSGQUEUE + case "RLIMIT_NICE": + resource = CZ_RLIMIT_NICE + case "RLIMIT_NOFILE": + resource = CZ_RLIMIT_NOFILE + case "RLIMIT_NPROC": + resource = CZ_RLIMIT_NPROC + case "RLIMIT_RSS": + resource = CZ_RLIMIT_RSS + case "RLIMIT_RTPRIO": + resource = CZ_RLIMIT_RTPRIO + case "RLIMIT_RTTIME": + resource = CZ_RLIMIT_RTTIME + case "RLIMIT_SIGPENDING": + resource = CZ_RLIMIT_SIGPENDING + case "RLIMIT_STACK": + resource = CZ_RLIMIT_STACK + default: + errno = EINVAL + throw App.Errno(stage: "rlimit key unknown") + } + guard CZ_setrlimit(resource, rl.soft, rl.hard) == 0 else { + throw App.Errno(stage: "setrlimit()") + } + } + } + + static func prepareCapabilities(capabilities: ContainerizationOCI.LinuxCapabilities) throws -> ContainerizationOS.LinuxCapabilities? { + // Create capabilities instance from OCI config + var caps = ContainerizationOS.LinuxCapabilities() + + caps.set(which: [.effective], caps: (capabilities.effective ?? []).compactMap { try? CapabilityName(rawValue: $0) }) + caps.set(which: [.permitted], caps: (capabilities.permitted ?? []).compactMap { try? CapabilityName(rawValue: $0) }) + caps.set(which: [.inheritable], caps: (capabilities.inheritable ?? []).compactMap { try? CapabilityName(rawValue: $0) }) + caps.set(which: [.bounding], caps: (capabilities.bounding ?? []).compactMap { try? CapabilityName(rawValue: $0) }) + caps.set(which: [.ambient], caps: (capabilities.ambient ?? []).compactMap { try? CapabilityName(rawValue: $0) }) + + // Apply bounding set BEFORE user change (drop capabilities early) + do { + try caps.apply(kind: .bounds) + } catch { + throw App.Failure(message: "failed to apply bounding set capabilities: \(error)") + } + + // Set keep caps to preserve capabilities across setuid() + do { + try LinuxCapabilities.setKeepCaps() + } catch { + throw App.Failure(message: "failed to set keep caps: \(error)") + } + + return caps + } + + static func finishCapabilities(_ caps: ContainerizationOS.LinuxCapabilities?) throws { + guard let caps = caps else { return } + + do { + try LinuxCapabilities.clearKeepCaps() + } catch { + throw App.Failure(message: "failed to clear keep caps: \(error)") + } + + do { + try caps.apply(kind: [.caps]) + } catch { + throw App.Failure(message: "failed to apply final capabilities: \(error)") + } + + try? caps.apply(kind: [.ambs]) + } + + static func setNoNewPrivileges(process: ContainerizationOCI.Process) throws { + guard process.noNewPrivileges else { return } + guard CZ_prctl_set_no_new_privs() == 0 else { + throw App.Errno(stage: "prctl(PR_SET_NO_NEW_PRIVS)") + } + } + + static func Errno(stage: String, info: String = "") -> ContainerizationError { + let posix = POSIXError(.init(rawValue: errno)!, userInfo: ["stage": stage]) + return ContainerizationError(.internalError, message: "\(info) \(String(describing: posix))") + } + + static func Failure(message: String) -> ContainerizationError { + ContainerizationError( + .internalError, + message: message + ) + } + + static func writeError(_ error: Error) { + let errorPipe = FileDescriptor(rawValue: 5) + + let errorMessage: String + if let czError = error as? ContainerizationError { + errorMessage = czError.description + } else { + errorMessage = String(describing: error) + } + + let bytes = Array(errorMessage.utf8) + _ = try? bytes.withUnsafeBytes { buffer in + try errorPipe.write(buffer) + } + try? errorPipe.close() + } +} diff --git a/vminitd/Sources/vminitd/Application.swift b/vminitd/Sources/vminitd/Application.swift new file mode 100644 index 0000000..866f6b3 --- /dev/null +++ b/vminitd/Sources/vminitd/Application.swift @@ -0,0 +1,118 @@ +//===----------------------------------------------------------------------===// +// Copyright © 2025-2026 Apple Inc. and the Containerization project authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//===----------------------------------------------------------------------===// + +import ArgumentParser +import CVersion +import ContainerizationOS +import Foundation +import Logging +import VminitdCore + +@main +struct Application: AsyncParsableCommand { + static let configuration = CommandConfiguration( + commandName: "vminitd", + abstract: "Virtual machine init daemon", + version: "0.1.0", + subcommands: [ + AgentCommand.self, + InitCommand.self, + PauseCommand.self, + ], + defaultSubcommand: AgentCommand.self + ) + + static func main() async throws { + setVersionMetadata(Self.versionMetadata()) + + // Busybox-style: if invoked as .cz-init, run init mode directly. + let invoked = CommandLine.arguments.first?.split(separator: "/").last.map(String.init) ?? "" + if invoked == ".cz-init" { + let args = Array(CommandLine.arguments.dropFirst()) + var command = try InitCommand.parse(args) + try command.run() + return + } + + // Swift has issues spawning threads if /proc isn't mounted, + // so we do this synchronously before any async code runs. + try mountProc() + + // When running as PID 1 with a Musl-static build, Swift's runtime + // captures argc/argv as empty. Recover argv from /proc/self/cmdline. + var command = try parseAsRoot(Self.procSelfArgv()) + if let asyncCommand = command as? AsyncParsableCommand { + nonisolated(unsafe) var unsafeCommand = asyncCommand + try await unsafeCommand.run() + } else { + try command.run() + } + } + + private static func versionMetadata() -> Logger.Metadata { + let gitCommit = String(cString: CZ_get_git_commit()) + let gitTag = String(cString: CZ_get_git_tag()) + let buildTime = String(cString: CZ_get_build_time()) + var metadata: Logger.Metadata = ["commit": "\(gitCommit)", "built": "\(buildTime)"] + if !gitTag.isEmpty { + metadata["tag"] = "\(gitTag)" + } + return metadata + } + + private static func mountProc() throws { + if isProcMounted() { + return + } + + let mnt = ContainerizationOS.Mount( + type: "proc", + source: "proc", + target: "/proc", + options: [] + ) + try mnt.mount(createWithPerms: 0o755) + } + + // /proc/self/cmdline holds argv as NUL-separated bytes. Read it after + // mountProc(). Returns argv minus argv[0], suitable for parseAsRoot(_:). + private static func procSelfArgv() -> [String] { + guard let data = try? Data(contentsOf: URL(fileURLWithPath: "/proc/self/cmdline")) else { + return [] + } + let parts = data.split(separator: 0, omittingEmptySubsequences: true) + .map { String(decoding: $0, as: UTF8.self) } + return Array(parts.dropFirst()) + } + + private static func isProcMounted() -> Bool { + guard let data = try? String(contentsOfFile: "/proc/mounts", encoding: .utf8) else { + return false + } + + for line in data.split(separator: "\n") { + let fields = line.split(separator: " ") + if fields.count >= 2 { + let mountPoint = String(fields[1]) + if mountPoint == "/proc" { + return true + } + } + } + + return false + } +}