feat: remaining optional features

README.md

@@ -16,6 +16,13 @@ This is a personal project for me to explore and better understand the OCI Runti
 - [ ] Implement [Cgroups v2](https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#control-groups)
 - [ ] Implement optional [Seccomp](https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#seccomp)
 - [ ] Implement optional [AppArmor](https://github.com/opencontainers/runtime-spec/blob/main/config.md#linux-process)
+- [ ] Build, version and package
+- [ ] Integration tests for other tools
+- [ ] Rollback (step 12)
+- [ ] When `terminal` is enabled then bind mount the pseudoterminal pty to `/dev/console` (https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#default-devices).
+- [ ] Refactor and tidy-up
+
+
 
 ## Installation
 

container/container_init.go

@@ -1,6 +1,7 @@
 package container
 
 import (
+	"bytes"
 	"fmt"
 	"net"
 	"os"
@@ -73,27 +74,27 @@ func (c *Container) Init(reexecCmd string, reexecArgs []string) error {
 			})
 		}
 
-		// FIXME: why does this segfault??
-		// if ns.Type == specs.TimeNamespace {
-		// 	if c.Spec.Linux.TimeOffsets != nil && len(c.Spec.Linux.TimeOffsets) > 0 {
-		// 		var tos bytes.Buffer
-		// 		for clock, offset := range c.Spec.Linux.TimeOffsets {
-		// 			if n, err := tos.WriteString(
-		// 				fmt.Sprintf("%s %d %d\n", clock, offset.Secs, offset.Nanosecs),
-		// 			); err != nil || n == 0 {
-		// 				return fmt.Errorf("write time offsets")
-		// 			}
-		// 		}
-		//
-		// if err := os.WriteFile(
-		// 	"/proc/self/timens_offsets",
-		// 	tos.Bytes(),
-		// 	0644,
-		// ); err != nil {
-		// 	return fmt.Errorf("write timens offsets: %w", err)
-		// }
-		// 	}
-		// }
+		if ns.Type == specs.TimeNamespace {
+			if c.Spec.Linux.TimeOffsets != nil {
+				var tos bytes.Buffer
+
+				for clock, offset := range c.Spec.Linux.TimeOffsets {
+					if n, err := tos.WriteString(
+						fmt.Sprintf("%s %d %d\n", clock, offset.Secs, offset.Nanosecs),
+					); err != nil || n == 0 {
+						return fmt.Errorf("write time offsets")
+					}
+				}
+
+				if err := os.WriteFile(
+					"/proc/self/timens_offsets",
+					tos.Bytes(),
+					0644,
+				); err != nil {
+					return fmt.Errorf("write timens offsets: %w", err)
+				}
+			}
+		}
 
 		if ns.Path == "" {
 			cloneFlags |= ns.ToFlag()

container/container_reexec.go

@@ -15,7 +15,9 @@ import (
 	"github.com/nixpig/brownie/capabilities"
 	"github.com/nixpig/brownie/cgroups"
 	"github.com/nixpig/brownie/filesystem"
+	"github.com/nixpig/brownie/iopriority"
 	"github.com/nixpig/brownie/scheduler"
+	"github.com/nixpig/brownie/sysctl"
 	"github.com/nixpig/brownie/terminal"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
@@ -41,6 +43,28 @@ func (c *Container) Reexec() error {
 		if err := pty.Connect(); err != nil {
 			return fmt.Errorf("connect pty: %w", err)
 		}
+
+		// TODO: mount /dev/console??
+		// if _, err := os.Stat(filepath.Join(c.Rootfs(), "/dev/console")); os.IsNotExist(err) {
+		// 	f, err := os.Create(filepath.Join(c.Rootfs(), "/dev/console"))
+		// 	if err != nil && !os.IsExist(err) {
+		// 		return fmt.Errorf("create rootfs dev/console: %w", err)
+		// 	}
+		// 	if f != nil {
+		// 		f.Close()
+		// 	}
+		// }
+		//
+		// if err := syscall.Mount(
+		// 	pty.Slave.Name(),
+		// 	filepath.Join(c.Rootfs(), "dev/console"),
+		// 	"",
+		// 	uintptr(0),
+		// 	"",
+		// ); err != nil {
+		// 	return fmt.Errorf("mount rootfs dev/console: %w", err)
+		// }
+
 	}
 
 	if err := filesystem.SetupRootfs(c.Rootfs(), c.Spec); err != nil {
@@ -116,12 +140,11 @@ func (c *Container) Reexec() error {
 		return err
 	}
 
-	// FIXME: why does this segfault??
-	// if c.Spec.Linux.Sysctl != nil {
-	// if err := sysctl.SetSysctl(c.Spec.Linux.Sysctl); err != nil {
-	// 	return fmt.Errorf("set sysctl: %w", err)
-	// }
-	// }
+	if c.Spec.Linux.Sysctl != nil {
+		if err := sysctl.SetSysctl(c.Spec.Linux.Sysctl); err != nil {
+			return fmt.Errorf("set sysctl: %w", err)
+		}
+	}
 
 	if err := filesystem.MountMaskedPaths(
 		c.Spec.Linux.MaskedPaths,
@@ -205,12 +228,11 @@ func (c *Container) Reexec() error {
 		}
 	}
 
-	// FIXME: why does this segfault??
-	// if c.Spec.Process.IOPriority != nil {
-	// if err := iopriority.SetIOPriority(*c.Spec.Process.IOPriority); err != nil {
-	// 	return fmt.Errorf("set iop: %w", err)
-	// }
-	// }
+	if c.Spec.Process.IOPriority != nil {
+		if err := iopriority.SetIOPriority(*c.Spec.Process.IOPriority); err != nil {
+			return fmt.Errorf("set iop: %w", err)
+		}
+	}
 
 	if err := syscall.Setuid(int(c.Spec.Process.User.UID)); err != nil {
 		return fmt.Errorf("set UID: %w", err)

main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"fmt"
-	"io"
 	"log/slog"
 	"os"
 
@@ -17,7 +16,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	logger := slog.New(slog.NewTextHandler(io.MultiWriter(log, os.Stdout), nil))
+	logger := slog.New(slog.NewTextHandler(log, nil))
 	slog.SetDefault(logger)
 
 	if err := gons.Status(); err != nil {