ospp project (feature) add namespace overlayfs cgroup (#949)

## 开发进展：
## namespace
- pid_namespace 基本实现，基于pid_struct等数据结构实现隔离
- mnt_namespace 基本实现，挂载点的隔离通过不同的挂载树来实现
- usernamespace 作为支持性的namespace，目前受限实现全局静态
## overlayfs
- 实现若干个文件系统的叠加，在mount中传入多个路径作为多个fs的mount路径以及最后merge层的fs路径
- copy-up机制的，除最上层外其他层为只读层，满足写时拷贝，需要修改的时候copy到上层修改
- whiteout特殊文件，用于标记在下层需要被删除的文件用来掩盖需要删除的文件
## cgroups
- 目前cgroups还处于框架阶段，之后具体实现具体的内存、CPU等子系统

user/apps/test_namespace/Cargo.toml

@@ -0,0 +1,7 @@
+[package]
+name = "test-namespace"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+nix = { version = "0.29.0", features = ["sched", "process"] }

user/apps/test_namespace/Makefile

@@ -0,0 +1,56 @@
+TOOLCHAIN="+nightly-2023-08-15-x86_64-unknown-linux-gnu"
+RUSTFLAGS+=""
+
+ifdef DADK_CURRENT_BUILD_DIR
+# 如果是在dadk中编译，那么安装到dadk的安装目录中
+	INSTALL_DIR = $(DADK_CURRENT_BUILD_DIR)
+else
+# 如果是在本地编译，那么安装到当前目录下的install目录中
+	INSTALL_DIR = ./install
+endif
+
+ifeq ($(ARCH), x86_64)
+	export RUST_TARGET=x86_64-unknown-linux-musl
+else ifeq ($(ARCH), riscv64)
+	export RUST_TARGET=riscv64gc-unknown-linux-gnu
+else 
+# 默认为x86_86，用于本地编译
+	export RUST_TARGET=x86_64-unknown-linux-musl
+endif
+
+run:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
+
+build:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
+
+clean:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
+
+test:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET)
+
+doc:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) doc --target $(RUST_TARGET)
+
+fmt:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt
+
+fmt-check:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt --check
+
+run-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
+
+build-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
+
+clean-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
+
+test-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
+
+.PHONY: install
+install:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path . --no-track --root $(INSTALL_DIR) --force

user/apps/test_namespace/makefile.toml

@@ -0,0 +1,63 @@
+# Makefile.toml
+
+[env]
+TOOLCHAIN = "+nightly-2023-08-15-x86_64-unknown-linux-gnu"
+
+ARCH = { default = "x86_64" }
+RUST_TARGET = { default = { if = "eq(env.ARCH, 'riscv64')", value = "riscv64gc-unknown-linux-gnu", else = "x86_64-unknown-linux-musl" } }
+INSTALL_DIR = { default = { if = "defined(env.DADK_CURRENT_BUILD_DIR)", value = "${DADK_CURRENT_BUILD_DIR}", else = "./install" } }
+
+[tasks.build]
+description = "Build the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "build", "--target", "${RUST_TARGET}"]
+
+[tasks.run]
+description = "Run the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "run", "--target", "${RUST_TARGET}"]
+
+[tasks.clean]
+description = "Clean the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "clean", "--target", "${RUST_TARGET}"]
+
+[tasks.test]
+description = "Run the tests"
+command = "cargo"
+args = ["${TOOLCHAIN}", "test", "--target", "${RUST_TARGET}"]
+
+[tasks.doc]
+description = "Generate documentation"
+command = "cargo"
+args = ["${TOOLCHAIN}", "doc", "--target", "${RUST_TARGET}"]
+
+[tasks.fmt]
+description = "Format the code"
+command = "cargo"
+args = ["${TOOLCHAIN}", "fmt"]
+
+[tasks.fmt-check]
+description = "Check code format"
+command = "cargo"
+args = ["${TOOLCHAIN}", "fmt", "--check"]
+
+[tasks.run-release]
+description = "Run the project in release mode"
+command = "cargo"
+args = ["${TOOLCHAIN}", "run", "--target", "${RUST_TARGET}", "--release"]
+
+[tasks.build-release]
+description = "Build the project in release mode"
+command = "cargo"
+args = ["${TOOLCHAIN}", "build", "--target", "${RUST_TARGET}", "--release"]
+
+[tasks.test-release]
+description = "Test the project in release mode"
+command = "cargo"
+args = ["${TOOLCHAIN}", "test", "--target", "${RUST_TARGET}", "--release"]
+
+[tasks.install]
+description = "Install the project"
+command = "cargo"
+args = ["${TOOLCHAIN}", "install", "--target", "${RUST_TARGET}", "--path", ".", "--no-track", "--root", "${INSTALL_DIR}", "--force"]

user/apps/test_namespace/src/main.rs

@@ -0,0 +1,38 @@
+extern crate nix;
+use nix::sched::{self, CloneFlags};
+use nix::sys::wait::{waitpid, WaitStatus};
+use nix::unistd::{self, fork, ForkResult};
+use std::process;
+
+fn main() {
+    let clone_flags = CloneFlags::CLONE_NEWPID | CloneFlags::CLONE_NEWNS;
+
+    println!("Parent process. PID: {}", unistd::getpid());
+    unsafe {
+        match fork() {
+            Ok(ForkResult::Parent { child }) => {
+                println!("Parent process. Child PID: {}", child);
+                match waitpid(child, None) {
+                    Ok(WaitStatus::Exited(pid, status)) => {
+                        println!("Child {} exited with status: {}", pid, status);
+                    }
+                    Ok(_) => println!("Child process did not exit normally."),
+                    Err(e) => println!("Error waiting for child process: {:?}", e),
+                }
+            }
+            Ok(ForkResult::Child) => {
+                // 使用 unshare 创建新的命名空间
+                println!("Child process. PID: {}", unistd::getpid());
+                if let Err(e) = sched::unshare(clone_flags) {
+                    println!("Failed to unshare: {:?}", e);
+                    process::exit(1);
+                }
+                println!("Child process. PID: {}", unistd::getpid());
+            }
+            Err(err) => {
+                println!("Fork failed: {:?}", err);
+                process::exit(1);
+            }
+        }
+    }
+}