Merge branch 'main' into add-vminit-api-freeze-thaw

Author: saehejkang

.github/workflows/linux-build.yml

@@ -55,3 +55,6 @@ jobs:
 
       - name: Build vminitd (musl)
         run: make -C vminitd
+
+      - name: Run unit tests
+        run: swift test --disable-automatic-resolution -Xswiftc -warnings-as-errors

.swift-version

@@ -1 +1 @@
-6.3
+6.3.0

Makefile

@@ -89,6 +89,10 @@ ifeq ($(LIBC),all)
 else
 	$(call linux_run,make containerization && make -C vminitd LIBC=$(LIBC))
 endif
+
+.PHONY: linux-test
+linux-test:
+	$(call linux_run,swift test $(SWIFT_CONFIGURATION))
 endif
 
 .PHONY: all

Sources/Containerization/HTTP2ConnectBufferingHandler.swift

@@ -0,0 +1,90 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2026 Apple Inc. and the Containerization project authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+import ContainerizationError
+import GRPCCore
+import GRPCNIOTransportCore
+import NIOCore
+import NIOPosix
+
+/// Buffers incoming bytes until the full gRPC HTTP/2 pipeline is configured, then replays them.
+///
+/// This prevents the race condition where the vminitd server's initial HTTP/2 SETTINGS frame
+/// arrives and is discarded before `configureGRPCClientPipeline` has finished installing
+/// `ClientConnectionHandler`.
+///
+/// The handler is added via `ClientBootstrap.channelInitializer`, which runs before
+/// `registerAlreadyConfigured0` adds the fd to epoll/kqueue — guaranteeing it is in place
+/// before any bytes can arrive on the socket.
+///
+/// When `NIOHTTP2Handler` is added to the pipeline (inside `configureGRPCClientPipeline`), its
+/// `handlerAdded` fires an outbound flush (the HTTP/2 client preface). We intercept that flush
+/// and schedule a deferred removal via the event loop. Because `configureGRPCClientPipeline` runs
+/// as a single synchronous event loop task, the deferred removal is guaranteed to run after that
+/// entire task completes — i.e., after `ClientConnectionHandler` is also in the pipeline.
+/// Buffered bytes are replayed atomically as part of the pipeline removal.
+
+// FIXME: This handler is needed until the swift GRPC libraries offers us a way to create a
+// client transport from an existing fd. Remove this type when such an API exists.
+public final class HTTP2ConnectBufferingHandler: ChannelDuplexHandler, RemovableChannelHandler {
+    public typealias InboundIn = ByteBuffer
+    public typealias InboundOut = ByteBuffer
+    public typealias OutboundIn = ByteBuffer
+    public typealias OutboundOut = ByteBuffer
+
+    private var removalScheduled = false
+    private var bufferedReads: [NIOAny] = []
+
+    public init() {}
+
+    public func channelRead(context: ChannelHandlerContext, data: NIOAny) {
+        bufferedReads.append(data)
+    }
+
+    public func channelReadComplete(context: ChannelHandlerContext) {
+        // Suppress while buffering; a single readComplete is emitted after replay.
+    }
+
+    public func flush(context: ChannelHandlerContext) {
+        if !removalScheduled {
+            removalScheduled = true
+            // Defer removal to the next event loop task. configureGRPCClientPipeline runs as a
+            // single synchronous event loop task, so this deferred task is guaranteed to run
+            // after that whole task completes (including ClientConnectionHandler being added).
+            context.eventLoop.assumeIsolatedUnsafeUnchecked().execute {
+                context.pipeline.syncOperations.removeHandler(self, promise: nil)
+            }
+        }
+        context.flush()
+    }
+
+    public func removeHandler(context: ChannelHandlerContext, removalToken: ChannelHandlerContext.RemovalToken) {
+        var didRead = false
+        while !bufferedReads.isEmpty {
+            context.fireChannelRead(bufferedReads.removeFirst())
+            didRead = true
+        }
+        if didRead {
+            context.fireChannelReadComplete()
+        }
+        context.leavePipeline(removalToken: removalToken)
+    }
+
+    public func channelInactive(context: ChannelHandlerContext) {
+        bufferedReads.removeAll()
+        context.fireChannelInactive()
+    }
+}

Sources/Containerization/LinuxContainer.swift

@@ -530,6 +530,9 @@ extension LinuxContainer {
             let mib: UInt64 = 1.mib()
             let vmMemory = (self.memoryInBytes + guestAgentOverhead + mib - 1) & ~(mib - 1)
 
+            // Give the guest agent a core to play with outside of the container.
+            let vmCpus = self.cpus + 1
+
             // Prepare file mounts. This transforms single-file mounts into directory shares.
             let fileMountContext = try FileMountContext.prepare(mounts: self.config.mounts)
             // This is dumb, but alas.
@@ -542,7 +545,7 @@ extension LinuxContainer {
             }
 
             let vmConfig = VMConfiguration(
-                cpus: self.cpus,
+                cpus: vmCpus,
                 memoryInBytes: vmMemory,
                 interfaces: self.interfaces,
                 mountsByID: [self.id: containerMounts],

Sources/Containerization/VZVirtualMachineManager.swift

@@ -55,11 +55,14 @@ public struct VZVirtualMachineManager: VirtualMachineManager {
         // Clamp to system RAM as Virtualization.framework bounds us to this.
         let memoryInBytes = min(vmConfig.memoryInBytes, ProcessInfo.processInfo.physicalMemory)
 
+        // Clamp to system CPU count as Virtualization.framework bounds us to this.
+        let cpus = min(vmConfig.cpus, ProcessInfo.processInfo.activeProcessorCount)
+
         return try VZVirtualMachineInstance(
             group: self.group,
             logger: self.logger,
             with: { instanceConfig in
-                instanceConfig.cpus = vmConfig.cpus
+                instanceConfig.cpus = cpus
                 instanceConfig.memoryInBytes = memoryInBytes
 
                 instanceConfig.kernel = self.kernel

Sources/Containerization/Vminitd.swift

@@ -24,70 +24,6 @@ import GRPCNIOTransportCore
 import NIOCore
 import NIOPosix
 
-/// Buffers incoming bytes until the full gRPC HTTP/2 pipeline is configured, then replays them.
-///
-/// This prevents the race condition where the vminitd server's initial HTTP/2 SETTINGS frame
-/// arrives and is discarded before `configureGRPCClientPipeline` has finished installing
-/// `ClientConnectionHandler`.
-///
-/// The handler is added via `ClientBootstrap.channelInitializer`, which runs before
-/// `registerAlreadyConfigured0` adds the fd to epoll/kqueue — guaranteeing it is in place
-/// before any bytes can arrive on the socket.
-///
-/// When `NIOHTTP2Handler` is added to the pipeline (inside `configureGRPCClientPipeline`), its
-/// `handlerAdded` fires an outbound flush (the HTTP/2 client preface). We intercept that flush
-/// and schedule a deferred removal via the event loop. Because `configureGRPCClientPipeline` runs
-/// as a single synchronous event loop task, the deferred removal is guaranteed to run after that
-/// entire task completes — i.e., after `ClientConnectionHandler` is also in the pipeline.
-/// Buffered bytes are replayed atomically as part of the pipeline removal.
-private final class HTTP2ConnectBufferingHandler: ChannelDuplexHandler, RemovableChannelHandler {
-    typealias InboundIn = ByteBuffer
-    typealias InboundOut = ByteBuffer
-    typealias OutboundIn = ByteBuffer
-    typealias OutboundOut = ByteBuffer
-
-    private var removalScheduled = false
-    private var bufferedReads: [NIOAny] = []
-
-    func channelRead(context: ChannelHandlerContext, data: NIOAny) {
-        bufferedReads.append(data)
-    }
-
-    func channelReadComplete(context: ChannelHandlerContext) {
-        // Suppress while buffering; a single readComplete is emitted after replay.
-    }
-
-    func flush(context: ChannelHandlerContext) {
-        if !removalScheduled {
-            removalScheduled = true
-            // Defer removal to the next event loop task. configureGRPCClientPipeline runs as a
-            // single synchronous event loop task, so this deferred task is guaranteed to run
-            // after that whole task completes (including ClientConnectionHandler being added).
-            context.eventLoop.assumeIsolatedUnsafeUnchecked().execute {
-                context.pipeline.syncOperations.removeHandler(self, promise: nil)
-            }
-        }
-        context.flush()
-    }
-
-    func removeHandler(context: ChannelHandlerContext, removalToken: ChannelHandlerContext.RemovalToken) {
-        var didRead = false
-        while !bufferedReads.isEmpty {
-            context.fireChannelRead(bufferedReads.removeFirst())
-            didRead = true
-        }
-        if didRead {
-            context.fireChannelReadComplete()
-        }
-        context.leavePipeline(removalToken: removalToken)
-    }
-
-    func channelInactive(context: ChannelHandlerContext) {
-        bufferedReads.removeAll()
-        context.fireChannelInactive()
-    }
-}
-
 /// A remote connection into the vminitd Linux guest agent via a port (vsock).
 /// Used to modify the runtime environment of the Linux sandbox.
 public struct Vminitd: Sendable {

Sources/ContainerizationEXT4/EXT4+FileTree.swift

@@ -69,8 +69,7 @@ extension EXT4 {
         var root: Ptr<FileTreeNode>
 
         init(_ root: InodeNumber, _ name: String) {
-            self.root = Ptr<FileTreeNode>.allocate(capacity: 1)
-            self.root.initialize(to: FileTreeNode(inode: root, name: name, parent: nil))
+            self.root = Ptr(FileTreeNode(inode: root, name: name, parent: nil))
         }
 
         func lookup(path: FilePath) -> Ptr<FileTreeNode>? {