Add rdd-guest socket bridge for Windows Docker socket forwarding

Build rdd-guest from rancher-desktop-daemon's cmd/rdd-guest and include
it in the VM image. Add a systemd unit that starts it on WSL2 instances
as part of rancher-desktop.target.

Signed-off-by: Nino Kodabande <nkodabande@suse.com>

Author: Nino-K

Dockerfile

@@ -17,6 +17,10 @@ WORKDIR /rd/rd-init
 RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
     go build -ldflags '-s -w' -o /go/bin/rd-init .
 
+WORKDIR /rd/rdd-guest
+RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 go build -ldflags '-s -w' -o /go/bin/rdd-guest .
+
 FROM registry.opensuse.org/opensuse/bci/kiwi:10 AS builder
 ARG type=qcow2.xz
 ARG NERDCTL_VERSION

config.sh

@@ -117,6 +117,7 @@ if [[ ${kiwi_profiles:-} =~ wsl ]]; then
     systemctl enable network-setup
     systemctl enable rancher-desktop-guest-agent.service
     systemctl enable wsl-proxy.service
+    systemctl enable rdd-guest.service
     # Do not manage /tmp; that is managed by WSL.
     mkdir -p /usr/local/lib/tmpfiles.d
     touch /usr/local/lib/tmpfiles.d/fs-tmp.conf

root/usr/local/lib/systemd/system/rdd-guest.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Rancher Desktop Guest Socket Bridge
+Documentation=https://github.com/rancher-sandbox/rancher-desktop-daemon
+ConditionVirtualization=wsl
+
+[Service]
+ExecStart=/usr/local/bin/rdd-guest
+Restart=on-failure
+RestartSec=5s
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=rancher-desktop.target

src/rdd-guest/go.mod

@@ -0,0 +1,12 @@
+module github.com/rancher-sandbox/rancher-desktop-opensuse/src/rdd-guest
+
+go 1.23.0
+
+require github.com/mdlayher/vsock v1.2.1
+
+require (
+	github.com/mdlayher/socket v0.5.1 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+)

src/rdd-guest/go.sum

@@ -0,0 +1,12 @@
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
+github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
+github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ=
+github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=

src/rdd-guest/main.go

@@ -0,0 +1,95 @@
+// Package main is the rdd-guest agent that runs inside the Lima/WSL2 VM.
+// It listens on a vsock port and forwards connections to the Docker socket,
+// enabling the Windows host to reach /var/run/docker.sock via Hyper-V vsock.
+//
+package main
+
+import (
+	"context"
+	"errors"
+	"io"
+	"log"
+	"net"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/mdlayher/vsock"
+)
+
+const (
+	vsockPort     = 6660
+	dockerSockPath = "/var/run/docker.sock"
+)
+
+func main() {
+	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
+	defer stop()
+
+	l, err := vsock.Listen(vsockPort, nil)
+	if err != nil {
+		log.Fatalf("vsock listen: %v", err)
+	}
+	defer l.Close()
+
+	log.Printf("rdd-guest: listening on vsock port %d", vsockPort)
+
+	go func() {
+		<-ctx.Done()
+		l.Close()
+	}()
+
+	for {
+		conn, err := l.Accept()
+		if err != nil {
+			if ctx.Err() != nil {
+				return
+			}
+			log.Printf("rdd-guest: accept: %v", err)
+			continue
+		}
+		go handleConn(conn)
+	}
+}
+
+// TODO: once rancher-desktop-daemon is public, replace the inlined halfCloser,
+// pipe(), and handleConn() here with a direct import of pkg/socketbridge, which
+// contains the implementations (HalfCloser interface, Pipe function).
+// halfCloser is a net.Conn that can independently close the write side.
+type halfCloser interface {
+	net.Conn
+	CloseWrite() error
+}
+
+// handleConn forwards bytes between the vsock connection and the Docker socket.
+func handleConn(vsockConn net.Conn) {
+	defer vsockConn.Close()
+
+	dockerConn, err := (&net.Dialer{}).DialContext(context.Background(), "unix", dockerSockPath)
+	if err != nil {
+		log.Printf("rdd-guest: dial docker: %v", err)
+		return
+	}
+	defer dockerConn.Close()
+
+	pipe(vsockConn.(halfCloser), dockerConn.(halfCloser))
+}
+
+// pipe bidirectionally proxies between a and b until both directions are done.
+func pipe(a, b halfCloser) {
+	done := make(chan error, 2)
+
+	forward := func(dst, src halfCloser) {
+		_, err := io.Copy(dst, src)
+		if err != nil && !errors.Is(err, io.EOF) {
+			log.Printf("rdd-guest: copy: %v", err)
+		}
+		_ = dst.CloseWrite()
+		done <- err
+	}
+
+	go forward(a, b)
+	go forward(b, a)
+	<-done
+	<-done
+}