feat(3199): Add Linux personality support #3202

tommady · 2025-07-20T05:51:27Z

Description

Type of Change

Bug fix (non-breaking change that fixes an issue)
New feature (non-breaking change that adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Documentation update
Refactoring (no functional changes)
Performance improvement
Test updates
CI/CD related changes
Other (please describe):

Testing

Added new unit tests
Added new integration tests
Ran existing test suite
Tested manually (please provide steps)

using PerLinux

"linux": {
        "personality": {
            "domain": "LINUX"
        },

 sudo ./target/debug/youki --log-level info run testcon --bundle ./youki-bundle
 INFO libcgroups::common: cgroup manager V2 will be used
 WARN libcgroups::v2::util: Controller rdma is not yet implemented.
 WARN libcgroups::v2::util: Controller misc is not yet implemented.
 WARN libcgroups::v2::util: Controller dmem is not yet implemented.
 WARN libcgroups::v2::util: Controller rdma is not yet implemented.
 WARN libcgroups::v2::util: Controller misc is not yet implemented.
 WARN libcgroups::v2::util: Controller dmem is not yet implemented.
───────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: /proc/self/personality
───────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ 00000000
───────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 INFO libcgroups::common: cgroup manager V2 will be used

using PerLinux32

"linux": {
        "personality": {
            "domain": "LINUX32"
        },

sudo ./target/debug/youki --log-level info run testcon --bundle ./youki-bundle
 INFO libcgroups::common: cgroup manager V2 will be used
 WARN libcgroups::v2::util: Controller rdma is not yet implemented.
 WARN libcgroups::v2::util: Controller misc is not yet implemented.
 WARN libcgroups::v2::util: Controller dmem is not yet implemented.
 WARN libcgroups::v2::util: Controller rdma is not yet implemented.
 WARN libcgroups::v2::util: Controller misc is not yet implemented.
 WARN libcgroups::v2::util: Controller dmem is not yet implemented.
───────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: /proc/self/personality
───────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ 00000008
───────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 INFO libcgroups::common: cgroup manager V2 will be used

Related Issues

Fixes #3199

Additional Context

please use this config.json

{
    "ociVersion": "1.0.2-dev",
    "root": {
        "path": "rootfs",
        "readonly": true
    },
    "mounts": [
        {
            "destination": "/proc",
            "type": "proc",
            "source": "proc"
        },
        {
            "destination": "/dev",
            "type": "tmpfs",
            "source": "tmpfs",
            "options": [
                "nosuid",
                "strictatime",
                "mode=755",
                "size=65536k"
            ]
        },
        {
            "destination": "/dev/pts",
            "type": "devpts",
            "source": "devpts",
            "options": [
                "nosuid",
                "noexec",
                "newinstance",
                "ptmxmode=0666",
                "mode=0620",
                "gid=5"
            ]
        },
        {
            "destination": "/dev/shm",
            "type": "tmpfs",
            "source": "shm",
            "options": [
                "nosuid",
                "noexec",
                "nodev",
                "mode=1777",
                "size=65536k"
            ]
        },
        {
            "destination": "/dev/mqueue",
            "type": "mqueue",
            "source": "mqueue",
            "options": [
                "nosuid",
                "noexec",
                "nodev"
            ]
        },
        {
            "destination": "/sys",
            "type": "sysfs",
            "source": "sysfs",
            "options": [
                "nosuid",
                "noexec",
                "nodev",
                "ro"
            ]
        },
        {
            "destination": "/sys/fs/cgroup",
            "type": "cgroup",
            "source": "cgroup",
            "options": [
                "nosuid",
                "noexec",
                "nodev",
                "relatime",
                "ro"
            ]
        }
    ],
    "process": {
        "terminal": true,
        "user": {
            "uid": 0,
            "gid": 0
        },
        "args": [
            "/bin/bat",
            "/proc/self/personality"
        ],
        "env": [
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "TERM=xterm",
            "HOME=/root"
        ],
        "cwd": "/",
        "capabilities": {
            "bounding": [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "effective": [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "inheritable": [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "permitted": [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "ambient": [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ]
        },
        "rlimits": [
            {
                "type": "RLIMIT_NOFILE",
                "hard": 1024,
                "soft": 1024
            }
        ],
        "noNewPrivileges": true
    },
    "hostname": "youki",
    "annotations": {},
    "linux": {
        "personality": {
            "domain": "LINUX"
        },
        "resources": {
            "devices": []
        },
        "namespaces": [
            {
                "type": "pid"
            },
            {
                "type": "network"
            },
            {
                "type": "ipc"
            },
            {
                "type": "uts"
            },
            {
                "type": "mount"
            },
            {
                "type": "cgroup"
            }
        ],
        "maskedPaths": [
            "/proc/acpi",
            "/proc/asound",
            "/proc/kcore",
            "/proc/keys",
            "/proc/latency_stats",
            "/proc/timer_list",
            "/proc/timer_stats",
            "/proc/sched_debug",
            "/sys/firmware",
            "/proc/scsi"
        ],
        "readonlyPaths": [
            "/proc/bus",
            "/proc/fs",
            "/proc/irq",
            "/proc/sys",
            "/proc/sysrq-trigger"
        ]
    }
}

Signed-off-by: tommady <[email protected]>

…init_builder.rs Signed-off-by: tommady <[email protected]>

Signed-off-by: tommady <[email protected]>

…f personality flag exists Signed-off-by: tommady <[email protected]>

tommady · 2025-07-27T09:46:19Z

Hi @saku3
I am done with the personality supporting.
Please take a moment to review while you have the time. 🙇🏻

BTW, I am not sure where to add the integration test. If needed, please guide me. Currently, I am testing manually.

Thanks.

tommady · 2025-07-27T09:47:12Z

hi @utam0k
could you kindly add a label for this PR?
thanks

crates/libcontainer/src/process/init/process.rs

crates/libcontainer/src/syscall/linux.rs

crates/libcontainer/src/process/init/process.rs

saku3 · 2025-07-28T12:30:45Z

BTW, I am not sure where to add the integration test. If needed, please guide me. Currently, I am testing manually.

I think it would be appropriate to add the test to the following integration tests:
https://github.com/youki-dev/youki/tree/main/tests/contest

You may want to refer to the following for the test:
https://github.com/opencontainers/runc/blob/main/tests/integration/personality.bats

Signed-off-by: tommady <[email protected]>

tommady · 2025-07-29T11:24:13Z

BTW, I am not sure where to add the integration test. If needed, please guide me. Currently, I am testing manually.

I think it would be appropriate to add the test to the following integration tests: https://github.com/youki-dev/youki/tree/main/tests/contest

You may want to refer to the following for the test: https://github.com/opencontainers/runc/blob/main/tests/integration/personality.bats

Hi @saku3
thank you for guiding me on how to add an integration test; I have done so.
but ahah seems the validate-contest-runc is not happy, which required this PR to be merged
#3201

please help review again while you have time.

thanks

tests/contest/contest/src/tests/personality/mod.rs

Signed-off-by: tommady <[email protected]>

tommady added 5 commits July 20, 2025 05:46

fix(3199): impl linux personality syscall

8320ccc

Signed-off-by: tommady <[email protected]>

let init process to use personality

3714489

Signed-off-by: tommady <[email protected]>

add personality into container builder_impl.rs tenant_builder.rs and …

4ca22d1

…init_builder.rs Signed-off-by: tommady <[email protected]>

use spec linux personality to detect should we set the personality

5771b52

Signed-off-by: tommady <[email protected]>

undo the oci-spec version from main back to 0.8.1 and add a warning i…

550fcab

…f personality flag exists Signed-off-by: tommady <[email protected]>

tommady marked this pull request as ready for review July 27, 2025 09:43

saku3 reviewed Jul 28, 2025

View reviewed changes

tommady added 3 commits July 28, 2025 13:25

address comment on src/process/init/process.rs

317c74e

Signed-off-by: tommady <[email protected]>

address comment on src/syscall/linux.rs

9d47816

Signed-off-by: tommady <[email protected]>

add integration test

e405406

Signed-off-by: tommady <[email protected]>

saku3 reviewed Aug 2, 2025

View reviewed changes

tests/contest/contest/src/tests/personality/mod.rs Outdated Show resolved Hide resolved

tests/contest/contest/src/tests/personality/mod.rs Outdated Show resolved Hide resolved

tommady added 2 commits August 3, 2025 03:47

address comment, consolidate the personality integration test

34d6d64

Signed-off-by: tommady <[email protected]>

change to use ctx instead of args.spec.linux

9be102c

Signed-off-by: tommady <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(3199): Add Linux personality support #3202

feat(3199): Add Linux personality support #3202

tommady commented Jul 20, 2025 •

edited

Loading

Uh oh!

tommady commented Jul 27, 2025

Uh oh!

tommady commented Jul 27, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

saku3 commented Jul 28, 2025

Uh oh!

tommady commented Jul 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

feat(3199): Add Linux personality support #3202

Are you sure you want to change the base?

feat(3199): Add Linux personality support #3202

Conversation

tommady commented Jul 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Type of Change

Testing

Related Issues

Additional Context

Uh oh!

tommady commented Jul 27, 2025

Uh oh!

tommady commented Jul 27, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

saku3 commented Jul 28, 2025

Uh oh!

tommady commented Jul 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

tommady commented Jul 20, 2025 •

edited

Loading