Add src and documentation

Author: flouthoc

Cargo.lock

@@ -0,0 +1,11 @@
+[package]
+name = "vas-quod"
+version = "0.1.0"
+authors = ["flouthoc <https://twitter.com/flouthoc>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+getopts = "0.2"
+nix = "0.19.1"

Cargo.toml

@@ -0,0 +1,31 @@
+# vas-quod 
+
+
+ A tiny minimal container runtime written in Rust.
+ The idea is to support a minimal isolated containers without using existing runtimes, vas-quod uses linux [syscall](https://en.wikipedia.org/wiki/System_call) to achieve isolated containers { namespaces, cgroups, chroot, unshare }.
+ 
+ ![](../blob/master/assets/vas-quod.png?raw=true)
+ 
+
+## Usage
+
+
+```bash 
+Usage: ./vas-quod - minimal container runtime [options]
+Options:
+    -r, --rootfs path   Path to root file-system eg. --rootfs /home/alpinefs
+    -c, --command command
+                        Command to be executed eg. --command `curl
+                        http://google.com`
+    -h, --help          print this help menu
+```
+
+* #### rootfs
+Path to root filesystem
+* #### command
+Container entrypoint command
+
+## Roadmap
+* Add Support for network bridges.
+* Implement `-m` or `--mount` to mount read-only files from host machine.
+

README.md

@@ -0,0 +1,46 @@
+use std::fs;
+use std::path::PathBuf;
+
+use std::process;
+use nix::unistd;
+
+use std::os::unix::fs::PermissionsExt;
+
+static CGROUP_PATH: &str = "/sys/fs/cgroup/pids";
+
+pub fn cgroup_init(group_name: &str) {	
+	let mut cgroups_path = PathBuf::from(CGROUP_PATH);
+	if !cgroups_path.exists() {
+		println!("Error: Missing Cgroups Support");
+		process::exit(0);
+	}
+
+	cgroups_path.push(group_name);
+	if !cgroups_path.exists() {
+		fs::create_dir_all(&cgroups_path).unwrap();
+		let mut permission = fs::metadata(&cgroups_path).unwrap().permissions();
+    	permission.set_mode(0o777);
+		fs::set_permissions(&cgroups_path, permission).ok();
+	}
+
+	let pids_max = cgroups_path.join("pids.max");
+	let notify_on_release = cgroups_path.join("notify_on_release");
+	let procs = cgroups_path.join("cgroup.procs");
+	
+	fs::write(pids_max, b"20").unwrap();
+    fs::write(notify_on_release, b"1").unwrap();
+    fs::write(procs,format!("{}", unistd::getpid().as_raw())).unwrap();
+
+}
+
+#[allow(dead_code)]
+pub fn cgroup_deinit(group_name: &str){
+	let mut cgroups_path = PathBuf::from(CGROUP_PATH);
+	if !cgroups_path.exists() {
+		println!("Error: Missing Cgroups Support");
+		process::exit(0);
+	}
+	cgroups_path.push(group_name);
+	fs::remove_dir(cgroups_path).expect("Failed to remove the cgroup");
+}
+

assets/vas-quod.png

@@ -0,0 +1,8 @@
+use nix::unistd;
+
+static ROOT_PATH: &str = "/";
+
+pub fn set_root_fs(rootfs: &str){
+	unistd::chroot(rootfs).unwrap();
+	let _status = unistd::chdir(ROOT_PATH);
+}

src/cgroup.rs

@@ -0,0 +1,53 @@
+extern crate getopts;
+use getopts::Options;
+use std::env;
+
+mod runtime;
+mod cgroup;
+mod filesystem;
+mod mount;
+mod namespace;
+
+fn run(rootfs: Option<String>, command_string: Option<String>){
+	let rootfs = rootfs.unwrap();
+	let command_string = command_string.unwrap();
+
+	let child_command_buffer = command_string.split(" ");
+	let mut child_command_vector = child_command_buffer.collect::<Vec<&str>>();
+	let command = child_command_vector[0];
+	child_command_vector.drain(0..1);
+
+	runtime::run_container(&rootfs, command, child_command_vector);
+}
+
+fn print_usage(program: &str, opts: Options) {
+	let brief = format!("Usage: {} vas-quod [options]", program);
+	print!("{}", opts.usage(&brief));
+}
+
+
+fn main() {
+	let args: Vec<String> = env::args().collect();
+    let program = args[0].clone();
+
+    let mut opts = Options::new();
+    opts.optopt("r", "rootfs", "Path to root file-system eg. --rootfs /home/alpinefs", "path");
+	opts.optopt("c", "command", "Command to be executed eg. --command `curl http://google.com`", "command");
+    opts.optflag("h", "help", "print this help menu");
+    let matches = match opts.parse(&args[1..]) {
+        Ok(m) => { m }
+        Err(_f) => {
+			println!("Error: Unrecognzied Options");
+        	print_usage(&program, opts);
+			return
+		}
+    };
+    if matches.opt_present("h") || !matches.opt_present("r") || !matches.opt_present("c") {
+        print_usage(&program, opts);
+        return;
+    }
+
+    let rootfs = matches.opt_str("r");
+	let command_string = matches.opt_str("c");
+	run(rootfs, command_string);
+}

src/filesystem.rs

@@ -0,0 +1,13 @@
+use nix::mount;
+
+static PROC: &str = "proc";
+
+pub fn mount_proc(){
+	const NONE: Option<&'static [u8]> = None;
+	mount::mount(Some(PROC), PROC, Some(PROC), mount::MsFlags::empty(), NONE).expect("Failed to mount the /proc");
+}
+
+pub fn unmount_proc(){
+	mount::umount("proc").unwrap();
+}
+	

src/main.rs

@@ -0,0 +1,5 @@
+use nix::sched;
+
+pub fn create_isolated_namespace(){
+	sched::unshare(sched::CloneFlags::CLONE_NEWNS).expect("Failed to unshare");
+}

src/mount.rs

@@ -0,0 +1,48 @@
+use nix::sched;
+use nix::sys::signal::Signal;
+use nix::unistd;
+use std::process::Command;
+
+use crate::cgroup;
+use crate::filesystem;
+use crate::mount;
+use crate::namespace;
+
+static CGROUP_NAME: &str = "vasquod-container";
+static HOSTNAME: &str = "vasquod";
+
+fn set_hostname(hostname: &str){
+	// can also use libc here
+	unistd::sethostname(hostname).unwrap()
+}
+
+fn spawn_child(hostname: &str, cgroup_name: &str, rootfs: &str, command: &str, command_args: &[&str]) -> isize {
+
+	namespace::create_isolated_namespace();	
+	cgroup::cgroup_init(cgroup_name);
+	set_hostname(hostname);
+	
+	filesystem::set_root_fs(rootfs);
+	mount::mount_proc();	
+	
+	Command::new(command).args(command_args).spawn().expect("Failed to execute container command").wait().unwrap();
+
+	mount::unmount_proc();
+	return 0;
+}
+
+pub fn run_container(rootfs: &str, command: &str, command_args: Vec<&str>){
+
+	let group_name = CGROUP_NAME;
+	let hostname = HOSTNAME;
+	const STACK_SIZE: usize = 1024 * 1024;
+    let stack: &mut [u8; STACK_SIZE] = &mut [0; STACK_SIZE];
+	
+	let cb = Box::new(|| spawn_child(hostname, group_name, rootfs, command, command_args.as_slice()));
+
+	//SSee `man clone`
+	let clone_flags = sched::CloneFlags::CLONE_NEWNS | sched::CloneFlags::CLONE_NEWPID | sched::CloneFlags::CLONE_NEWCGROUP | sched::CloneFlags::CLONE_NEWUTS | sched::CloneFlags::CLONE_NEWIPC | sched::CloneFlags::CLONE_NEWNET;
+
+	let _child_pid = sched::clone(cb, stack, clone_flags, Some(Signal::SIGCHLD as i32)).expect("Failed to create child process");
+
+}