ospp project (feature) add namespace overlayfs cgroup (#949)

## 开发进展： ## namespace - pid_namespace 基本实现，基于pid_struct等数据结构实现隔离 - mnt_namespace 基本实现，挂载点的隔离通过不同的挂载树来实现 - usernamespace 作为支持性的namespace，目前受限实现全局静态 ## overlayfs - 实现若干个文件系统的叠加，在mount中传入多个路径作为多个fs的mount路径以及最后merge层的fs路径 - copy-up机制的，除最上层外其他层为只读层，满足写时拷贝，需要修改的时候copy到上层修改 - whiteout特殊文件，用于标记在下层需要被删除的文件用来掩盖需要删除的文件 ## cgroups - 目前cgroups还处于框架阶段，之后具体实现具体的内存、CPU等子系统
2025-06-18 08:06:32 +00:00 · 2024-10-31 00:50:34 +08:00
parent 84c528f53d
commit f5b2038871
43 changed files with 2279 additions and 56 deletions
--- a/user/apps/test_namespace/Cargo.toml
+++ b/user/apps/test_namespace/Cargo.toml
@ -0,0 +1,7 @@
+[package]
+name = "test-namespace"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+nix = { version = "0.29.0", features = ["sched", "process"] }
--- a/user/apps/test_namespace/Makefile
+++ b/user/apps/test_namespace/Makefile
@ -0,0 +1,56 @@
+TOOLCHAIN="+nightly-2023-08-15-x86_64-unknown-linux-gnu"
+RUSTFLAGS+=""
+
+ifdef DADK_CURRENT_BUILD_DIR
+# 如果是在dadk中编译，那么安装到dadk的安装目录中
+	INSTALL_DIR = $(DADK_CURRENT_BUILD_DIR)
+else
+# 如果是在本地编译，那么安装到当前目录下的install目录中
+	INSTALL_DIR = ./install
+endif
+
+ifeq ($(ARCH), x86_64)
+	export RUST_TARGET=x86_64-unknown-linux-musl
+else ifeq ($(ARCH), riscv64)
+	export RUST_TARGET=riscv64gc-unknown-linux-gnu
+else 
+# 默认为x86_86，用于本地编译
+	export RUST_TARGET=x86_64-unknown-linux-musl
+endif
+
+run:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
+
+build:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
+
+clean:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
+
+test:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET)
+
+doc:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) doc --target $(RUST_TARGET)
+
+fmt:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt
+
+fmt-check:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt --check
+
+run-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
+
+build-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
+
+clean-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
+
+test-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
+
+.PHONY: install
+install:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path . --no-track --root $(INSTALL_DIR) --force
--- a/user/apps/test_namespace/makefile.toml
+++ b/user/apps/test_namespace/makefile.toml
@ -0,0 +1,63 @@
+# Makefile.toml
+
+[env]
+TOOLCHAIN = "+nightly-2023-08-15-x86_64-unknown-linux-gnu"
+
+ARCH = { default = "x86_64" }
+RUST_TARGET = { default = { if = "eq(env.ARCH, 'riscv64')", value = "riscv64gc-unknown-linux-gnu", else = "x86_64-unknown-linux-musl" } }
+INSTALL_DIR = { default = { if = "defined(env.DADK_CURRENT_BUILD_DIR)", value = "${DADK_CURRENT_BUILD_DIR}", else = "./install" } }
+
+[tasks.build]
+description = "Build the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "build", "--target", "${RUST_TARGET}"]
+
+[tasks.run]
+description = "Run the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "run", "--target", "${RUST_TARGET}"]
+
+[tasks.clean]
+description = "Clean the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "clean", "--target", "${RUST_TARGET}"]
+
+[tasks.test]
+description = "Run the tests"
+command = "cargo"
+args = ["${TOOLCHAIN}", "test", "--target", "${RUST_TARGET}"]
+
+[tasks.doc]
+description = "Generate documentation"
+command = "cargo"
+args = ["${TOOLCHAIN}", "doc", "--target", "${RUST_TARGET}"]
+
+[tasks.fmt]
+description = "Format the code"
+command = "cargo"
+args = ["${TOOLCHAIN}", "fmt"]
+
+[tasks.fmt-check]
+description = "Check code format"
+command = "cargo"
+args = ["${TOOLCHAIN}", "fmt", "--check"]
+
+[tasks.run-release]
+description = "Run the project in release mode"
+command = "cargo"
+args = ["${TOOLCHAIN}", "run", "--target", "${RUST_TARGET}", "--release"]
+
+[tasks.build-release]
+description = "Build the project in release mode"
+command = "cargo"
+args = ["${TOOLCHAIN}", "build", "--target", "${RUST_TARGET}", "--release"]
+
+[tasks.test-release]
+description = "Test the project in release mode"
+command = "cargo"
+args = ["${TOOLCHAIN}", "test", "--target", "${RUST_TARGET}", "--release"]
+
+[tasks.install]
+description = "Install the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "install", "--target", "${RUST_TARGET}", "--path", ".", "--no-track", "--root", "${INSTALL_DIR}", "--force"]
--- a/user/apps/test_namespace/src/main.rs
+++ b/user/apps/test_namespace/src/main.rs
@ -0,0 +1,38 @@
+extern crate nix;
+use nix::sched::{self, CloneFlags};
+use nix::sys::wait::{waitpid, WaitStatus};
+use nix::unistd::{self, fork, ForkResult};
+use std::process;
+
+fn main() {
+    let clone_flags = CloneFlags::CLONE_NEWPID | CloneFlags::CLONE_NEWNS;
+
+    println!("Parent process. PID: {}", unistd::getpid());
+    unsafe {
+        match fork() {
+            Ok(ForkResult::Parent { child }) => {
+                println!("Parent process. Child PID: {}", child);
+                match waitpid(child, None) {
+                    Ok(WaitStatus::Exited(pid, status)) => {
+                        println!("Child {} exited with status: {}", pid, status);
+                    }
+                    Ok(_) => println!("Child process did not exit normally."),
+                    Err(e) => println!("Error waiting for child process: {:?}", e),
+                }
+            }
+            Ok(ForkResult::Child) => {
+                // 使用 unshare 创建新的命名空间
+                println!("Child process. PID: {}", unistd::getpid());
+                if let Err(e) = sched::unshare(clone_flags) {
+                    println!("Failed to unshare: {:?}", e);
+                    process::exit(1);
+                }
+                println!("Child process. PID: {}", unistd::getpid());
+            }
+            Err(err) => {
+                println!("Fork failed: {:?}", err);
+                process::exit(1);
+            }
+        }
+    }
+}
--- a/user/apps/test_overlayfs/.gitignore
+++ b/user/apps/test_overlayfs/.gitignore
@ -0,0 +1 @@
+test_ovrlayfs
--- a/user/apps/test_overlayfs/Makefile
+++ b/user/apps/test_overlayfs/Makefile
@ -0,0 +1,20 @@
+ifeq ($(ARCH), x86_64)
+	CROSS_COMPILE=x86_64-linux-musl-
+else ifeq ($(ARCH), riscv64)
+	CROSS_COMPILE=riscv64-linux-musl-
+endif
+
+CC=$(CROSS_COMPILE)gcc
+
+.PHONY: all
+all: main.c
+	$(CC) -static -o test_overlayfs main.c
+
+.PHONY: install clean
+install: all
+	mv test_overlayfs $(DADK_CURRENT_BUILD_DIR)/test_overlayfs
+
+clean:
+	rm test_overlayfs *.o
+
+fmt:
--- a/user/apps/test_overlayfs/main.c
+++ b/user/apps/test_overlayfs/main.c
@ -0,0 +1,92 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+
+// #define LOWERDIR "/tmp/overlayfs/lower"
+// #define UPPERDIR "/tmp/overlayfs/upper"
+// #define WORKDIR "/tmp/overlayfs/work"
+// #define MERGEDDIR "/tmp/overlayfs/merged"
+
+// void create_directories()
+// {
+//     mkdir(LOWERDIR, 0755);
+//     mkdir(UPPERDIR, 0755);
+//     mkdir(WORKDIR, 0755);
+//     mkdir(MERGEDDIR, 0755);
+// }
+#define TMPDIR "/tmp"
+#define OVERLAYFSDIR "/tmp/overlayfs"
+#define LOWERDIR "/tmp/overlayfs/lower"
+#define UPPERDIR "/tmp/overlayfs/upper"
+#define WORKDIR "/tmp/overlayfs/work"
+#define MERGEDDIR "/tmp/overlayfs/merged"
+
+void create_directories()
+{
+    mkdir(TMPDIR, 0755);
+    mkdir(OVERLAYFSDIR, 0755);
+    mkdir(LOWERDIR, 0755);
+    mkdir(UPPERDIR, 0755);
+    mkdir(WORKDIR, 0755);
+    mkdir(MERGEDDIR, 0755);
+    printf("step1 : success\n");
+}
+
+void create_lower_file()
+{
+    char filepath[256];
+    snprintf(filepath, sizeof(filepath), "%s/lowerfile.txt", LOWERDIR);
+
+    int fd = open(filepath, O_CREAT | O_WRONLY, 0644);
+    if (fd < 0)
+    {
+        perror("Failed to create file in lowerdir");
+        exit(EXIT_FAILURE);
+    }
+    write(fd, "This is a lower layer file.\n", 28);
+    close(fd);
+    printf("step2 : success\n");
+}
+
+void mount_overlayfs()
+{
+    char options[1024];
+    snprintf(options, sizeof(options),
+             "lowerdir=%s,upperdir=%s,workdir=%s",
+             LOWERDIR, UPPERDIR, WORKDIR);
+
+    if (mount("overlay", MERGEDDIR, "overlay", 0, options) != 0)
+    {
+        perror("Mount failed");
+        exit(EXIT_FAILURE);
+    }
+    printf("OverlayFS mounted successfully.\n");
+    printf("step3 : success\n");
+}
+
+void create_directory_in_merged()
+{
+    char dirpath[256];
+    snprintf(dirpath, sizeof(dirpath), "%s/newdir", UPPERDIR);
+
+    if (mkdir(dirpath, 0755) != 0)
+    {
+        perror("Failed to create directory in merged dir");
+        exit(EXIT_FAILURE);
+    }
+    printf("Directory created in merged: %s\n", dirpath);
+    printf("step4 : success\n");
+}
+
+int main()
+{
+    create_directories();
+    mount_overlayfs();
+    create_directory_in_merged();
+    return 0;
+}