Add exec and terminal support

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>

execution/executor.go

@@ -7,17 +7,19 @@ import (
 )
 
 type CreateOpts struct {
-	Bundle string
-	Stdin  string
-	Stdout string
-	Stderr string
+	Bundle  string
+	Console bool
+	Stdin   string
+	Stdout  string
+	Stderr  string
 }
 
-type CreateProcessOpts struct {
-	Spec   specs.Process
-	Stdin  string
-	Stdout string
-	Stderr string
+type StartProcessOpts struct {
+	Spec    specs.Process
+	Console bool
+	Stdin   string
+	Stdout  string
+	Stderr  string
 }
 
 type Executor interface {
@@ -30,7 +32,7 @@ type Executor interface {
 	Delete(*Container) error
 	Start(*Container) error
 
-	StartProcess(*Container, CreateProcessOpts) (Process, error)
+	StartProcess(*Container, StartProcessOpts) (Process, error)
 	SignalProcess(*Container, string, os.Signal) error
 	DeleteProcess(*Container, string) error
 }

execution/executors/oci/console.go

@@ -0,0 +1,54 @@
+package oci
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+// NewConsole returns an initialized console that can be used within a container by copying bytes
+// from the master side to the slave that is attached as the tty for the container's init process.
+func newConsole(uid, gid int) (*os.File, string, error) {
+	master, err := os.OpenFile("/dev/ptmx", syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_CLOEXEC, 0)
+	if err != nil {
+		return nil, "", err
+	}
+	console, err := ptsname(master)
+	if err != nil {
+		return nil, "", err
+	}
+	if err := unlockpt(master); err != nil {
+		return nil, "", err
+	}
+	if err := os.Chmod(console, 0600); err != nil {
+		return nil, "", err
+	}
+	if err := os.Chown(console, uid, gid); err != nil {
+		return nil, "", err
+	}
+	return master, console, nil
+}
+
+func ioctl(fd uintptr, flag, data uintptr) error {
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, flag, data); err != 0 {
+		return err
+	}
+	return nil
+}
+
+// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
+// unlockpt should be called before opening the slave side of a pty.
+func unlockpt(f *os.File) error {
+	var u int32
+	return ioctl(f.Fd(), syscall.TIOCSPTLCK, uintptr(unsafe.Pointer(&u)))
+}
+
+// ptsname retrieves the name of the first available pts for the given master.
+func ptsname(f *os.File) (string, error) {
+	var n int32
+	if err := ioctl(f.Fd(), syscall.TIOCGPTN, uintptr(unsafe.Pointer(&n))); err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("/dev/pts/%d", n), nil
+}

execution/executors/oci/oci.go

@@ -3,6 +3,7 @@ package oci
 import (
 	"errors"
 	"fmt"
+	"io"
 	"os"
 	"path/filepath"
 	"syscall"
@@ -62,16 +63,43 @@ func getRuncIO(stdin, stdout, stderr string) (io runc.IO, err error) {
 	return
 }
 
+func setupConsole(rio runc.IO) (*os.File, string, error) {
+	master, console, err := newConsole(0, 0)
+	if err != nil {
+		return nil, "", err
+	}
+	go io.Copy(master, rio.Stdin)
+	go func() {
+		io.Copy(rio.Stdout, master)
+		master.Close()
+	}()
+
+	return master, console, nil
+}
+
 func (r *OCIRuntime) Create(id string, o execution.CreateOpts) (container *execution.Container, err error) {
-	io, err := getRuncIO(o.Stdin, o.Stdout, o.Stderr)
+	rio, err := getRuncIO(o.Stdin, o.Stdout, o.Stderr)
 	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		if err != nil {
-			closeRuncIO(io)
+			closeRuncIO(rio)
 		}
 	}()
+	consolePath := ""
+	if o.Console {
+		master, console, err := setupConsole(rio)
+		if err != nil {
+			return nil, err
+		}
+		consolePath = console
+		defer func() {
+			if err != nil {
+				master.Close()
+			}
+		}()
+	}
 
 	if container, err = execution.NewContainer(r.root, id, o.Bundle, "created"); err != nil {
 		return nil, err
@@ -89,7 +117,8 @@ func (r *OCIRuntime) Create(id string, o execution.CreateOpts) (container *execu
 	pidFile := filepath.Join(initDir, "pid")
 	err = r.runc.Create(id, o.Bundle, &runc.CreateOpts{
 		PidFile: pidFile,
-		IO:      io,
+		Console: consolePath,
+		IO:      rio,
 	})
 	if err != nil {
 		return nil, err
@@ -112,7 +141,7 @@ func (r *OCIRuntime) Create(id string, o execution.CreateOpts) (container *execu
 
 	container.AddProcess(process, true)
 
-	r.ios[id] = io
+	r.ios[id] = rio
 
 	return container, nil
 }
@@ -145,6 +174,10 @@ func (r *OCIRuntime) load(runcC *runc.Container) (*execution.Container, error) {
 	for _, d := range dirs {
 		pid, err := runc.ReadPidFile(filepath.Join(d, "pid"))
 		if err != nil {
+			if os.IsNotExist(err) {
+				// Process died in between
+				continue
+			}
 			return nil, err
 		}
 		process, err := newProcess(filepath.Base(d), pid)
@@ -203,16 +236,29 @@ func (r *OCIRuntime) Resume(c *execution.Container) error {
 	return r.runc.Resume(c.ID())
 }
 
-func (r *OCIRuntime) StartProcess(c *execution.Container, o execution.CreateProcessOpts) (p execution.Process, err error) {
-	io, err := getRuncIO(o.Stdin, o.Stdout, o.Stderr)
+func (r *OCIRuntime) StartProcess(c *execution.Container, o execution.StartProcessOpts) (p execution.Process, err error) {
+	rio, err := getRuncIO(o.Stdin, o.Stdout, o.Stderr)
 	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		if err != nil {
-			closeRuncIO(io)
+			closeRuncIO(rio)
 		}
 	}()
+	consolePath := ""
+	if o.Console {
+		master, console, err := setupConsole(rio)
+		if err != nil {
+			return nil, err
+		}
+		consolePath = console
+		defer func() {
+			if err != nil {
+				master.Close()
+			}
+		}()
+	}
 
 	processStateDir, err := c.StateDir().NewProcess()
 	if err != nil {
@@ -227,8 +273,10 @@ func (r *OCIRuntime) StartProcess(c *execution.Container, o execution.CreateProc
 	pidFile := filepath.Join(processStateDir, "pid")
 	if err := r.runc.ExecProcess(c.ID(), o.Spec, &runc.ExecOpts{
 		PidFile: pidFile,
-		Detach:  true,
-		IO:      io,
+		Detach:  false,
+		Console: consolePath,
+		Cwd:     o.Spec.Cwd,
+		IO:      rio,
 	}); err != nil {
 		return nil, err
 	}
@@ -244,7 +292,7 @@ func (r *OCIRuntime) StartProcess(c *execution.Container, o execution.CreateProc
 
 	c.AddProcess(process, false)
 
-	r.ios[fmt.Sprintf("%s-%s", c.ID(), process.ID())] = io
+	r.ios[fmt.Sprintf("%s-%s", c.ID(), process.ID())] = rio
 
 	return process, nil
 }

execution/service.go

@@ -10,7 +10,10 @@ import (
 	"golang.org/x/net/context"
 )
 
-var emptyResponse = &google_protobuf.Empty{}
+var (
+	emptyResponse      = &google_protobuf.Empty{}
+	ErrProcessNotFound = fmt.Errorf("Process not found")
+)
 
 func New(executor Executor) (*Service, error) {
 	return &Service{
@@ -28,10 +31,11 @@ func (s *Service) Create(ctx context.Context, r *api.CreateContainerRequest) (*a
 	var err error
 
 	container, err := s.executor.Create(r.ID, CreateOpts{
-		Bundle: r.BundlePath,
-		Stdin:  r.Stdin,
-		Stdout: r.Stdout,
-		Stderr: r.Stderr,
+		Bundle:  r.BundlePath,
+		Console: r.Console,
+		Stdin:   r.Stdin,
+		Stdout:  r.Stdout,
+		Stderr:  r.Stderr,
 	})
 	if err != nil {
 		return nil, err
@@ -112,12 +116,24 @@ func (s *Service) StartProcess(ctx context.Context, r *api.StartProcessRequest)
 	}
 
 	// TODO: generate spec
-	var spec specs.Process
-	process, err := s.executor.StartProcess(container, CreateProcessOpts{
-		Spec:   spec,
-		Stdin:  r.Stdin,
-		Stdout: r.Stdout,
-		Stderr: r.Stderr,
+	spec := specs.Process{
+		Terminal: r.Process.Terminal,
+		ConsoleSize: specs.Box{
+			80,
+			80,
+		},
+		Args:            r.Process.Args,
+		Env:             r.Process.Env,
+		Cwd:             r.Process.Cwd,
+		NoNewPrivileges: true,
+	}
+
+	process, err := s.executor.StartProcess(container, StartProcessOpts{
+		Spec:    spec,
+		Console: r.Console,
+		Stdin:   r.Stdin,
+		Stdout:  r.Stdout,
+		Stderr:  r.Stderr,
 	})
 	if err != nil {
 		return nil, err
@@ -137,7 +153,7 @@ func (s *Service) GetProcess(ctx context.Context, r *api.GetProcessRequest) (*ap
 	}
 	process := container.GetProcess(r.ProcessId)
 	if process == nil {
-		return nil, fmt.Errorf("Make me a constant! Process not foumd!")
+		return nil, ErrProcessNotFound
 	}
 	return &api.GetProcessResponse{
 		Process: toGRPCProcess(process),