File krunvm-0.2.3+git12dac81.obscpio of Package krunvm
07070100000000000041ED000000000000000000000001636923F100000000000000000000000000000000000000000000002000000000krunvm-0.2.3+git12dac81/.github07070100000001000041ED000000000000000000000001636923F100000000000000000000000000000000000000000000002A00000000krunvm-0.2.3+git12dac81/.github/workflows07070100000002000081A4000000000000000000000001636923F100000378000000000000000000000000000000000000003B00000000krunvm-0.2.3+git12dac81/.github/workflows/code_quality.ymlname: Code Quality (rustfmt and clippy)
on: [pull_request, create]
jobs:
build:
if: github.event_name == 'pull_request'
name: Code Quality (clippy, rustfmt)
runs-on: ubuntu-latest
strategy:
matrix:
rust:
- stable
target:
- x86_64-unknown-linux-gnu
steps:
- name: Code checkout
uses: actions/checkout@v2
- name: Install Rust toolchain (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
with:
toolchain: ${{ matrix.rust }}
target: ${{ matrix.target }}
override: true
components: rustfmt, clippy
- name: Install asciidoctor
run: sudo apt-get install -y asciidoctor
- name: Formatting (rustfmt)
run: cargo fmt -- --check
- name: Clippy (all features)
run: cargo clippy --all-targets --all-features
07070100000003000081A4000000000000000000000001636923F100000038000000000000000000000000000000000000002300000000krunvm-0.2.3+git12dac81/.gitignore/build/
target
*.rs.bk
*.iml
.idea
__pycache__
*.pyc
*~
07070100000004000081A4000000000000000000000001636923F1000000BD000000000000000000000000000000000000002B00000000krunvm-0.2.3+git12dac81/CODE-OF-CONDUCT.md## The krunvm Project Community Code of Conduct
The krunvm Project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/master/CODE-OF-CONDUCT.md).
07070100000005000081A4000000000000000000000001636923F10000229E000000000000000000000000000000000000002300000000krunvm-0.2.3+git12dac81/Cargo.lock# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "ansi_term"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
dependencies = [
"winapi",
]
[[package]]
name = "arrayref"
version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
[[package]]
name = "arrayvec"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
[[package]]
name = "atty"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
dependencies = [
"hermit-abi",
"libc",
"winapi",
]
[[package]]
name = "autocfg"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]]
name = "base64"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"
[[package]]
name = "bitflags"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
[[package]]
name = "blake2b_simd"
version = "0.5.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
dependencies = [
"arrayref",
"arrayvec",
"constant_time_eq",
]
[[package]]
name = "cfg-if"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
[[package]]
name = "cfg-if"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "clap"
version = "2.33.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002"
dependencies = [
"ansi_term",
"atty",
"bitflags",
"strsim",
"textwrap",
"unicode-width",
"vec_map",
]
[[package]]
name = "confy"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2913470204e9e8498a0f31f17f90a0de801ae92c8c5ac18c49af4819e6786697"
dependencies = [
"directories",
"serde",
"toml",
]
[[package]]
name = "constant_time_eq"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
[[package]]
name = "crossbeam-utils"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7e9d99fa91428effe99c5c6d4634cdeba32b8cf784fc428a2a687f61a952c49"
dependencies = [
"autocfg",
"cfg-if 1.0.0",
"lazy_static",
]
[[package]]
name = "directories"
version = "2.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "551a778172a450d7fc12e629ca3b0428d00f6afa9a43da1b630d54604e97371c"
dependencies = [
"cfg-if 0.1.10",
"dirs-sys",
]
[[package]]
name = "dirs-sys"
version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e93d7f5705de3e49895a2b5e0b8855a1c27f080192ae9c32a6432d50741a57a"
dependencies = [
"libc",
"redox_users",
"winapi",
]
[[package]]
name = "getrandom"
version = "0.1.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
dependencies = [
"cfg-if 1.0.0",
"libc",
"wasi",
]
[[package]]
name = "hermit-abi"
version = "0.1.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
dependencies = [
"libc",
]
[[package]]
name = "krunvm"
version = "0.2.3"
dependencies = [
"clap",
"confy",
"libc",
"serde",
"serde_derive",
"text_io",
]
[[package]]
name = "lazy_static"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "libc"
version = "0.2.90"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba4aede83fc3617411dc6993bc8c70919750c1c257c6ca6a502aed6e0e2394ae"
[[package]]
name = "proc-macro2"
version = "1.0.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
dependencies = [
"unicode-xid",
]
[[package]]
name = "quote"
version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7"
dependencies = [
"proc-macro2",
]
[[package]]
name = "redox_syscall"
version = "0.1.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce"
[[package]]
name = "redox_users"
version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "de0737333e7a9502c789a36d7c7fa6092a49895d4faa31ca5df163857ded2e9d"
dependencies = [
"getrandom",
"redox_syscall",
"rust-argon2",
]
[[package]]
name = "rust-argon2"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
dependencies = [
"base64",
"blake2b_simd",
"constant_time_eq",
"crossbeam-utils",
]
[[package]]
name = "serde"
version = "1.0.124"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd761ff957cb2a45fbb9ab3da6512de9de55872866160b23c25f1a841e99d29f"
[[package]]
name = "serde_derive"
version = "1.0.124"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1800f7693e94e186f5e25a28291ae1570da908aff7d97a095dec1e56ff99069b"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "strsim"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
[[package]]
name = "syn"
version = "1.0.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3fd9d1e9976102a03c542daa2eff1b43f9d72306342f3f8b3ed5fb8908195d6f"
dependencies = [
"proc-macro2",
"quote",
"unicode-xid",
]
[[package]]
name = "text_io"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6cb170b4f47dc48835fbc56259c12d8963e542b05a24be2e3a1f5a6c320fd2d4"
[[package]]
name = "textwrap"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
dependencies = [
"unicode-width",
]
[[package]]
name = "toml"
version = "0.5.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a31142970826733df8241ef35dc040ef98c679ab14d7c3e54d827099b3acecaa"
dependencies = [
"serde",
]
[[package]]
name = "unicode-width"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9337591893a19b88d8d87f2cec1e73fad5cdfd10e5a6f349f498ad6ea2ffb1e3"
[[package]]
name = "unicode-xid"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
[[package]]
name = "vec_map"
version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
[[package]]
name = "wasi"
version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
[[package]]
name = "winapi"
version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
dependencies = [
"winapi-i686-pc-windows-gnu",
"winapi-x86_64-pc-windows-gnu",
]
[[package]]
name = "winapi-i686-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
07070100000006000081A4000000000000000000000001636923F100000174000000000000000000000000000000000000002300000000krunvm-0.2.3+git12dac81/Cargo.toml[package]
name = "krunvm"
version = "0.2.3"
authors = ["Sergio Lopez <slp@redhat.com>"]
description = "Create microVMs from OCI images"
repository = "https://github.com/containers/krunvm"
license = "Apache-2.0"
edition = "2018"
build = "build.rs"
[dependencies]
clap = "2.33.3"
confy = "0.4.0"
libc = "0.2.82"
serde = "1.0.120"
serde_derive = "1.0.120"
text_io = "0.1.8"
07070100000007000081A4000000000000000000000001636923F100002C5E000000000000000000000000000000000000002000000000krunvm-0.2.3+git12dac81/LICENSE
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
07070100000008000081A4000000000000000000000001636923F10000022A000000000000000000000000000000000000002100000000krunvm-0.2.3+git12dac81/MakefileOS = $(shell uname -s)
KRUNVM_RELEASE = target/release/krunvm
KRUNVM_DEBUG = target/debug/krunvm
INIT_BINARY = init/init
ifeq ($(PREFIX),)
PREFIX := /usr/local
endif
.PHONY: install clean
all: $(KRUNVM_RELEASE)
debug: $(KRUNVM_DEBUG)
$(KRUNVM_RELEASE):
cargo build --release
ifeq ($(OS),Darwin)
codesign --entitlements krunvm.entitlements --force -s - $@
endif
$(KRUNVM_DEBUG):
cargo build --debug
install: $(KRUNVM_RELEASE)
install -d $(DESTDIR)$(PREFIX)/bin
install -m 755 $(KRUNVM_RELEASE) $(DESTDIR)$(PREFIX)/bin
clean:
cargo clean
07070100000009000081A4000000000000000000000001636923F10000042B000000000000000000000000000000000000002200000000krunvm-0.2.3+git12dac81/README.md# krunvm
```krunvm``` is a CLI-based utility for creating microVMs from OCI images, using [libkrun](https://github.com/containers/libkrun) and [buildah](https://github.com/containers/buildah).
## Features
* Minimal footprint
* Fast boot time
* Zero disk image maintenance
* Zero network configuration
* Support for mapping host volumes into the guest
* Support for exposing guest ports to the host
## Demo
[](https://asciinema.org/a/CGtTS93VsdzWwUfkY1kqVnaik)
## Supported platforms
- Linux/KVM on x86_64.
- Linux/KVM on AArch64.
- macOS/Hypervisor.framework on ARM64.
## Installation
### macOS
```
brew tap slp/krun
brew install krunvm
```
### Fedora
```
dnf copr enable -y slp/libkrunfw
dnf copr enable -y slp/libkrun
dnf copr enable -y slp/krunvm
dnf install -y krunvm
```
### Building from sources
#### Dependencies
* Rust Toolchain
* [libkrun](https://github.com/containers/libkrun)
* [buildah](https://github.com/containers/buildah)
#### Building
```
cargo build --release
```
0707010000000A000081A4000000000000000000000001636923F1000000EE000000000000000000000000000000000000002400000000krunvm-0.2.3+git12dac81/SECURITY.md## Security and Disclosure Information Policy for the krunvm Project
The krunvm Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.
0707010000000B000081A4000000000000000000000001636923F1000006A0000000000000000000000000000000000000002100000000krunvm-0.2.3+git12dac81/build.rsuse std::path::Path;
use std::{env, fs, io, process};
const COMMANDS: [&str; 7] = [
"krunvm",
"krunvm-changevm",
"krunvm-create",
"krunvm-config",
"krunvm-delete",
"krunvm-list",
"krunvm-start",
];
fn main() {
let outdir = match env::var_os("OUT_DIR") {
Some(outdir) => outdir,
None => {
panic!("OUT_DIR environment variable not defined.");
}
};
fs::create_dir_all(&outdir).unwrap();
for command in COMMANDS {
if let Err(err) = generate_man_page(&outdir, command) {
panic!("failed to generate man page: {}", err);
}
}
#[cfg(target_os = "macos")]
println!("cargo:rustc-link-search=/opt/homebrew/lib");
}
fn generate_man_page<P: AsRef<Path>>(outdir: P, command: &str) -> io::Result<()> {
// If asciidoctor isn't installed, fallback to asciidoc.
if let Err(err) = process::Command::new("asciidoctor").output() {
eprintln!("Error from running 'asciidoctor': {}", err);
return Err(err);
}
let outdir = outdir.as_ref();
let outfile = outdir.join(format!("{}.1", command));
let cwd = env::current_dir()?;
let txt_path = cwd.join("docs").join(format!("{}.1.txt", command));
let result = process::Command::new("asciidoctor")
.arg("--doctype")
.arg("manpage")
.arg("--backend")
.arg("manpage")
.arg("--out-file")
.arg(&outfile)
.arg(&txt_path)
.spawn()?
.wait()?;
if !result.success() {
let msg = format!("'asciidoctor' failed with exit code {:?}", result.code());
return Err(io::Error::new(io::ErrorKind::Other, msg));
}
Ok(())
}
0707010000000C000041ED000000000000000000000001636923F100000000000000000000000000000000000000000000001D00000000krunvm-0.2.3+git12dac81/docs0707010000000D000081A4000000000000000000000001636923F1000006AD000000000000000000000000000000000000003300000000krunvm-0.2.3+git12dac81/docs/krunvm-changevm.1.txtkrunvm-changevm(1)
==================
NAME
----
krunvm-changevm - Change the configuration of a microVM
SYNOPSIS
--------
*krunvm changevm* [_OPTIONS_] _microVM_
DESCRIPTION
-----------
*krunvm changevm* changes the configuration of an existing microVM.
When run without any _OPTIONS_, it displays the current configuration
of the microVM.
OPTIONS
-------
*--remove-ports*::
Removes all port mappings.
*--remote-volumes*::
Removes all volume mappings.
*--cpus* _NUM_::
Changes the number of vCPUs that will be created for this microVM.
*--mem* _NUM_::
Changes the amount of RAM, in MiB, that will be available to this
microVM.
+
The memory configured for the microVM will not be reserved
immediately. Instead, it will be provided as the guest demands it, and
both the guest and libkrun (acting as the Virtual Machine Monitor)
will attempt to return as many pages as possible to the host.
*--name* _NAME_::
Assigns a new name to the microVM.
*-p, --port* _HOST_PORT:GUEST_PORT_::
Exposes a port in the guest running in the microVM through a port in the host.
+
This option can be specified multiple times to expose as many guest
ports as desired.
*-v, --volume* _HOST_PATH:GUEST_PATH_::
Makes _HOST_PATH_ visible in the guest running in the microVM through _GUEST_PATH_.
+
This option can be specified multiple times to make more paths in the
host visible in the guest.
*-w, --workdir* _GUEST_PATH_::
Configures _GUEST_PATH_ as the working directory for the first
binary executed in the microVM.
+
An empty string ("") tells krunvm to not set a working directory
explicitly, letting libkrun decide which one should be set.
SEE ALSO
--------
*krunvm(1)*, *krunvm-create(1)*
0707010000000E000081A4000000000000000000000001636923F1000002F2000000000000000000000000000000000000003100000000krunvm-0.2.3+git12dac81/docs/krunvm-config.1.txtkrunvm-config(1)
================
NAME
----
krunvm-config - Configure default values
SYNOPSIS
--------
*krunvm config* [_OPTIONS_]
DESCRIPTION
-----------
*krunvm config* configures the default values that will be used for
newly created microVMs when a explicit value has not been passed to
*krunvm-create(1)*
When run without any _OPTIONS_ it displays the current default values.
OPTIONS
-------
*--cpus* _NUM_::
Sets the default number of vCPUs that will be configured for newly
created microVMs.
*--dns* _IP_::
Sets the default IP that will be configured as DNS for newly created
microVMs.
*--mem* _NUM_::
Sets the default mount of RAM, in MiB, that will be configured for
newly created microVMs.
SEE ALSO
--------
*krunvm(1)*
0707010000000F000081A4000000000000000000000001636923F10000066F000000000000000000000000000000000000003100000000krunvm-0.2.3+git12dac81/docs/krunvm-create.1.txtkrunvm-create(1)
================
NAME
----
krunvm-create - Create a new microVM from an OCI image
SYNOPSIS
--------
*krunvm create* [_OPTIONS_] _IMAGE_
DESCRIPTION
-----------
*krunvm create* creates a new microVM from the OCI image specified by
_IMAGE_. Please refer to buildah-from(1) for information about the
format supported by the _IMAGE_ argument.
OPTIONS
-------
*--cpus* _NUM_::
The number of vCPUs that will be created for this microVM.
*--mem* _NUM_::
The amount of RAM, in MiB, that will be available to this microVM.
+
The memory configured for the microVM will not be reserved
immediately. Instead, it will be provided as the guest demands it, and
both the guest and libkrun (acting as the Virtual Machine Monitor)
will attempt to return as many pages as possible to the host.
*--name* _NAME_::
The name to be assigned to this microVM.
*-p, --port* _HOST_PORT:GUEST_PORT_::
Exposes a port in the guest running in the microVM through a port in the host.
+
This option can be specified multiple times to expose as many guest
ports as desired.
*-v, --volume* _HOST_PATH:GUEST_PATH_::
Makes _HOST_PATH_ visible in the guest running in the microVM through _GUEST_PATH_.
+
This option can be specified multiple times to make more paths in the
host visible in the guest.
*-w, --workdir* _GUEST_PATH_::
Configures _GUEST_PATH_ as the working directory for the first
binary executed in the microVM.
+
An empty string ("") tells krunvm to not set a working directory
explicitly, letting libkrun decide which one should be set.
SEE ALSO
--------
*buildah(1)*, *buildah-from(1)*, *krunvm(1)*, *krunvm-changevm(1)*
07070100000010000081A4000000000000000000000001636923F10000015D000000000000000000000000000000000000003100000000krunvm-0.2.3+git12dac81/docs/krunvm-delete.1.txtkrunvm-delete(1)
================
NAME
----
krunvm-delete - Deletes an existing microVM
SYNOPSIS
--------
*krunvm delete* _microVM_
DESCRIPTION
-----------
*krunvm delete* deletes an existing microVM configuration and requests
to buildah(1) to unmount and remove the OCI image that was backing it.
SEE ALSO
--------
*buildah(1)*, *krunvm(1)*
07070100000011000081A4000000000000000000000001636923F100000148000000000000000000000000000000000000002F00000000krunvm-0.2.3+git12dac81/docs/krunvm-list.1.txtkrunvm-list(1)
==============
NAME
----
krunvm-list - Lists the existing microVMs
SYNOPSIS
--------
*krunvm list*
DESCRIPTION
-----------
*krunvm list* lists the microVMs created by *krunvm-create(1)* that
have not been removed by *krunvm-delete(1)*.
SEE ALSO
--------
*krunvm(1)*, *krunvm-create(1)*, *krunvm-delete(1)*
07070100000012000081A4000000000000000000000001636923F100000398000000000000000000000000000000000000003000000000krunvm-0.2.3+git12dac81/docs/krunvm-start.1.txtkrunvm-start(1)
===============
NAME
----
krunvm-start - Starts an existing microVM
SYNOPSIS
--------
*krunvm start* [_OPTIONS_] _microVM_ [_COMMAND_] [-- ARGS]
DESCRIPTION
-----------
*krunvm start* starts an existing microVM created by krunvm-create(1)
and attaches stdin/stdout to its virtio-console providing a seamless
experience for interacting with the guest running inside it.
_COMMAND_ is the first binary to be executed in the microVM. If it's
not present in the command line, krunvm-start(1) lets libkrun decide
which binary will be executed.
Additional arguments for _COMMAND_ can be specified in the command
line by appending _--_ followed by _ARGS_.
OPTIONS
-------
*--cpus* _NUM_::
Override the number of vCPUs configured for this microVM.
*--mem* _NUM_::
Override amount of RAM, in MiB, configured for this microVM.
SEE ALSO
--------
*krunvm(1)*, *krunvm-create(1)*, *krunvm-changevm(1)*
07070100000013000081A4000000000000000000000001636923F1000005C5000000000000000000000000000000000000002A00000000krunvm-0.2.3+git12dac81/docs/krunvm.1.txtkrunvm(1)
=========
NAME
----
krunvm - Create microVMs from OCI images
SYNOPSIS
--------
*krunvm* [_GLOBAL_OPTIONS_] *command*
DESCRIPTION
-----------
krunvm is a CLI utility to create, manage and start microVMs which are
generated from OCI images, providing an interface that resembles
operating on conventional containers.
krunvm uses buildah(1) to download the OCI image and mount it into a
local directory, and libkrun to launch the microVM.
The local directory where the OCI image has been mounted is used as
the root filesystem for the microVM, serviced by a virtio-fs
device/server bundled into libkrun.
krunvm supports mounting additional local directories into the
microVM and exposing ports from the guest to the host (and the
networks connected to it).
Networking to the guest running in the microVM is provided by
libkrun's TSI (Transparent Socket Impersonation), enabling a seamless
experience that doesn't require network bridges nor other explicit
network configuration.
GLOBAL OPTIONS
--------------
*-v* _NUM_::
Sets the verbosity level, from the lowest (0) to the highest (5).
COMMANDS
--------
|===
|Command | Description
|krunvm-changevm(1) | Change the configuration of a microVM
|krunvm-config(1) | Configure global values
|krunvm-create(1) | Create a new microVM
|krunvm-delete(1) | Delete an existing microVM
|krunvm-list(1) | List the existing microVMs
|krunvm-start(1) | Start an existing microVM
|===
SEE ALSO
--------
*buildah(1)*
07070100000014000081A4000000000000000000000001636923F100000136000000000000000000000000000000000000002C00000000krunvm-0.2.3+git12dac81/krunvm.entitlements<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.hypervisor</key>
<true/>
<key>com.apple.security.cs.disable-library-validationr</key>
<true/>
</dict>
</plist>
07070100000015000041ED000000000000000000000001636923F100000000000000000000000000000000000000000000001C00000000krunvm-0.2.3+git12dac81/src07070100000016000081A4000000000000000000000001636923F10000036F000000000000000000000000000000000000002800000000krunvm-0.2.3+git12dac81/src/bindings.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
#[link(name = "krun")]
extern "C" {
pub fn krun_set_log_level(level: u32) -> i32;
pub fn krun_create_ctx() -> i32;
pub fn krun_free_ctx(ctx: u32) -> i32;
pub fn krun_set_vm_config(ctx: u32, num_vcpus: u8, ram_mib: u32) -> i32;
pub fn krun_set_root(ctx: u32, root_path: *const i8) -> i32;
pub fn krun_set_mapped_volumes(ctx: u32, mapped_volumes: *const *const i8) -> i32;
pub fn krun_set_port_map(ctx: u32, port_map: *const *const i8) -> i32;
pub fn krun_set_workdir(ctx: u32, workdir_path: *const i8) -> i32;
pub fn krun_set_exec(
ctx: u32,
exec_path: *const i8,
argv: *const *const i8,
envp: *const *const i8,
) -> i32;
pub fn krun_set_env(ctx: u32, envp: *const *const i8) -> i32;
pub fn krun_start_enter(ctx: u32) -> i32;
}
07070100000017000081A4000000000000000000000001636923F100000DAB000000000000000000000000000000000000002800000000krunvm-0.2.3+git12dac81/src/changevm.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use std::collections::HashMap;
use crate::{ArgMatches, KrunvmConfig, APP_NAME};
use super::list::printvm;
use super::utils::{parse_mapped_ports, parse_mapped_volumes};
pub fn changevm(cfg: &mut KrunvmConfig, matches: &ArgMatches) {
let mut cfg_changed = false;
let name = matches.value_of("NAME").unwrap();
let mut vmcfg = if let Some(new_name) = matches.value_of("new-name") {
if cfg.vmconfig_map.contains_key(new_name) {
println!("A VM with name {} already exists", new_name);
std::process::exit(-1);
}
let mut vmcfg = match cfg.vmconfig_map.remove(name) {
None => {
println!("No VM found with name {}", name);
std::process::exit(-1);
}
Some(vmcfg) => vmcfg,
};
cfg_changed = true;
let name = new_name.to_string();
vmcfg.name = name.clone();
cfg.vmconfig_map.insert(name.clone(), vmcfg);
cfg.vmconfig_map.get_mut(&name).unwrap()
} else {
match cfg.vmconfig_map.get_mut(name) {
None => {
println!("No VM found with name {}", name);
std::process::exit(-1);
}
Some(vmcfg) => vmcfg,
}
};
if let Some(cpus_str) = matches.value_of("cpus") {
match cpus_str.parse::<u32>() {
Err(_) => println!("Invalid value for \"cpus\""),
Ok(cpus) => {
if cpus > 8 {
println!("Error: the maximum number of CPUs supported is 8");
} else {
vmcfg.cpus = cpus;
cfg_changed = true;
}
}
}
}
if let Some(mem_str) = matches.value_of("mem") {
match mem_str.parse::<u32>() {
Err(_) => println!("Invalid value for \"mem\""),
Ok(mem) => {
if mem > 16384 {
println!("Error: the maximum amount of RAM supported is 16384 MiB");
} else {
vmcfg.mem = mem;
cfg_changed = true;
}
}
}
}
if matches.is_present("remove-volumes") {
vmcfg.mapped_volumes = HashMap::new();
cfg_changed = true;
} else {
let volume_matches = if matches.is_present("volume") {
matches.values_of("volume").unwrap().collect()
} else {
vec![]
};
let mapped_volumes = parse_mapped_volumes(volume_matches);
if !mapped_volumes.is_empty() {
vmcfg.mapped_volumes = mapped_volumes;
cfg_changed = true;
}
}
if matches.is_present("remove-ports") {
vmcfg.mapped_ports = HashMap::new();
cfg_changed = true;
} else {
let port_matches = if matches.is_present("port") {
matches.values_of("port").unwrap().collect()
} else {
vec![]
};
let mapped_ports = parse_mapped_ports(port_matches);
if !mapped_ports.is_empty() {
vmcfg.mapped_ports = mapped_ports;
cfg_changed = true;
}
}
if let Some(workdir) = matches.value_of("workdir") {
vmcfg.workdir = workdir.to_string();
cfg_changed = true;
}
println!();
printvm(vmcfg);
println!();
if cfg_changed {
confy::store(APP_NAME, &cfg).unwrap();
}
}
07070100000018000081A4000000000000000000000001636923F100000699000000000000000000000000000000000000002600000000krunvm-0.2.3+git12dac81/src/config.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use crate::{ArgMatches, KrunvmConfig, APP_NAME};
pub fn config(cfg: &mut KrunvmConfig, matches: &ArgMatches) {
let mut cfg_changed = false;
if let Some(cpus_str) = matches.value_of("cpus") {
match cpus_str.parse::<u32>() {
Err(_) => println!("Invalid value for \"cpus\""),
Ok(cpus) => {
if cpus > 8 {
println!("Error: the maximum number of CPUs supported is 8");
} else {
cfg.default_cpus = cpus;
cfg_changed = true;
}
}
}
}
if let Some(mem_str) = matches.value_of("mem") {
match mem_str.parse::<u32>() {
Err(_) => println!("Invalid value for \"mem\""),
Ok(mem) => {
if mem > 16384 {
println!("Error: the maximum amount of RAM supported is 16384 MiB");
} else {
cfg.default_mem = mem;
cfg_changed = true;
}
}
}
}
if let Some(dns) = matches.value_of("dns") {
cfg.default_dns = dns.to_string();
cfg_changed = true;
}
if cfg_changed {
confy::store(APP_NAME, &cfg).unwrap();
}
println!("Global configuration:");
println!(
"Default number of CPUs for newly created VMs: {}",
cfg.default_cpus
);
println!(
"Default amount of RAM (MiB) for newly created VMs: {}",
cfg.default_mem
);
println!(
"Default DNS server for newly created VMs: {}",
cfg.default_dns
);
}
07070100000019000081A4000000000000000000000001636923F10000191D000000000000000000000000000000000000002600000000krunvm-0.2.3+git12dac81/src/create.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use std::fs;
use std::io::Write;
#[cfg(target_os = "macos")]
use std::path::Path;
use std::process::Command;
use super::utils::{
get_buildah_args, mount_container, parse_mapped_ports, parse_mapped_volumes, umount_container,
BuildahCommand,
};
use crate::{ArgMatches, KrunvmConfig, VmConfig, APP_NAME};
#[cfg(target_os = "macos")]
const KRUNVM_ROSETTA_FILE: &str = ".krunvm-rosetta";
fn fix_resolv_conf(rootfs: &str, dns: &str) -> Result<(), std::io::Error> {
let resolvconf_dir = format!("{}/etc/", rootfs);
fs::create_dir_all(resolvconf_dir)?;
let resolvconf = format!("{}/etc/resolv.conf", rootfs);
let mut file = fs::File::create(resolvconf)?;
file.write_all(b"options use-vc\nnameserver ")?;
file.write_all(dns.as_bytes())?;
file.write_all(b"\n")?;
Ok(())
}
fn export_container_config(
cfg: &KrunvmConfig,
rootfs: &str,
image: &str,
) -> Result<(), std::io::Error> {
let mut args = get_buildah_args(cfg, BuildahCommand::Inspect);
args.push(image.to_string());
let output = match Command::new("buildah")
.args(&args)
.stderr(std::process::Stdio::inherit())
.output()
{
Ok(output) => output,
Err(err) => {
if err.kind() == std::io::ErrorKind::NotFound {
println!("{} requires buildah to manage the OCI images, and it wasn't found on this system.", APP_NAME);
} else {
println!("Error executing buildah: {}", err);
}
std::process::exit(-1);
}
};
let exit_code = output.status.code().unwrap_or(-1);
if exit_code != 0 {
println!(
"buildah returned an error: {}",
std::str::from_utf8(&output.stdout).unwrap()
);
std::process::exit(-1);
}
let mut file = fs::File::create(format!("{}/.krun_config.json", rootfs))?;
file.write_all(&output.stdout)?;
Ok(())
}
pub fn create(cfg: &mut KrunvmConfig, matches: &ArgMatches) {
let mut cpus = match matches.value_of("cpus") {
Some(c) => match c.parse::<u32>() {
Err(_) => {
println!("Invalid value for \"cpus\"");
std::process::exit(-1);
}
Ok(cpus) => cpus,
},
None => cfg.default_cpus,
};
let mem = match matches.value_of("mem") {
Some(m) => match m.parse::<u32>() {
Err(_) => {
println!("Invalid value for \"mem\"");
std::process::exit(-1);
}
Ok(mem) => mem,
},
None => cfg.default_mem,
};
let dns = match matches.value_of("dns") {
Some(d) => d,
None => &cfg.default_dns,
};
let workdir = matches.value_of("workdir").unwrap();
let volume_matches = if matches.is_present("volume") {
matches.values_of("volume").unwrap().collect()
} else {
vec![]
};
let mapped_volumes = parse_mapped_volumes(volume_matches);
let port_matches = if matches.is_present("port") {
matches.values_of("port").unwrap().collect()
} else {
vec![]
};
let mapped_ports = parse_mapped_ports(port_matches);
let image = matches.value_of("IMAGE").unwrap();
let name = matches.value_of("name");
if let Some(name) = name {
if cfg.vmconfig_map.contains_key(name) {
println!("A VM with this name already exists");
std::process::exit(-1);
}
}
let mut args = get_buildah_args(cfg, BuildahCommand::From);
#[cfg(target_os = "macos")]
let force_x86 = matches.is_present("x86");
#[cfg(target_os = "macos")]
if force_x86 {
let home = match std::env::var("HOME") {
Err(e) => {
println!("Error reading \"HOME\" enviroment variable: {}", e);
std::process::exit(-1);
}
Ok(home) => home,
};
let path = format!("{}/{}", home, KRUNVM_ROSETTA_FILE);
if !Path::new(&path).is_file() {
println!(
"
To use Rosetta for Linux you need to create the file...
{}
...with the contents that the \"rosetta\" binary expects to be served from
its specific ioctl.
For more information, please refer to this post:
https://threedots.ovh/blog/2022/06/quick-look-at-rosetta-on-linux/
",
path
);
std::process::exit(-1);
}
if cpus != 1 {
println!("x86 microVMs on Aarch64 are restricted to 1 CPU");
cpus = 1;
}
args.push("--arch".to_string());
args.push("x86_64".to_string());
}
args.push(image.to_string());
let output = match Command::new("buildah")
.args(&args)
.stderr(std::process::Stdio::inherit())
.output()
{
Ok(output) => output,
Err(err) => {
if err.kind() == std::io::ErrorKind::NotFound {
println!("{} requires buildah to manage the OCI images, and it wasn't found on this system.", APP_NAME);
} else {
println!("Error executing buildah: {}", err);
}
std::process::exit(-1);
}
};
let exit_code = output.status.code().unwrap_or(-1);
if exit_code != 0 {
println!(
"buildah returned an error: {}",
std::str::from_utf8(&output.stdout).unwrap()
);
std::process::exit(-1);
}
let container = std::str::from_utf8(&output.stdout).unwrap().trim();
let name = if let Some(name) = name {
name.to_string()
} else {
container.to_string()
};
let vmcfg = VmConfig {
name: name.clone(),
cpus,
mem,
dns: dns.to_string(),
container: container.to_string(),
workdir: workdir.to_string(),
mapped_volumes,
mapped_ports,
};
let rootfs = mount_container(cfg, &vmcfg).unwrap();
export_container_config(cfg, &rootfs, image).unwrap();
fix_resolv_conf(&rootfs, dns).unwrap();
#[cfg(target_os = "macos")]
if force_x86 {
_ = fs::create_dir(format!("{}/.rosetta", rootfs));
}
umount_container(cfg, &vmcfg).unwrap();
cfg.vmconfig_map.insert(name.clone(), vmcfg);
confy::store(APP_NAME, cfg).unwrap();
println!("microVM created with name: {}", name);
}
0707010000001A000081A4000000000000000000000001636923F10000027A000000000000000000000000000000000000002600000000krunvm-0.2.3+git12dac81/src/delete.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use crate::{ArgMatches, KrunvmConfig, APP_NAME};
use super::utils::{remove_container, umount_container};
pub fn delete(cfg: &mut KrunvmConfig, matches: &ArgMatches) {
let name = matches.value_of("NAME").unwrap();
let vmcfg = match cfg.vmconfig_map.remove(name) {
None => {
println!("No VM found with that name");
std::process::exit(-1);
}
Some(vmcfg) => vmcfg,
};
umount_container(cfg, &vmcfg).unwrap();
remove_container(cfg, &vmcfg).unwrap();
confy::store(APP_NAME, &cfg).unwrap();
}
0707010000001B000081A4000000000000000000000001636923F10000031D000000000000000000000000000000000000002400000000krunvm-0.2.3+git12dac81/src/list.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use crate::{ArgMatches, KrunvmConfig, VmConfig};
pub fn printvm(vm: &VmConfig) {
println!("{}", vm.name);
println!(" CPUs: {}", vm.cpus);
println!(" RAM (MiB): {}", vm.mem);
println!(" DNS server: {}", vm.dns);
println!(" Buildah container: {}", vm.container);
println!(" Workdir: {}", vm.workdir);
println!(" Mapped volumes: {:?}", vm.mapped_volumes);
println!(" Mapped ports: {:?}", vm.mapped_ports);
}
pub fn list(cfg: &KrunvmConfig, _matches: &ArgMatches) {
if cfg.vmconfig_map.is_empty() {
println!("No microVMs found");
} else {
for (_name, vm) in cfg.vmconfig_map.iter() {
println!();
printvm(vm);
}
println!();
}
}
0707010000001C000081A4000000000000000000000001636923F10000300E000000000000000000000000000000000000002400000000krunvm-0.2.3+git12dac81/src/main.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use std::collections::HashMap;
#[cfg(target_os = "macos")]
use std::fs::File;
#[cfg(target_os = "macos")]
use std::io::{self, Read, Write};
use clap::{crate_version, App, Arg, ArgMatches};
use serde_derive::{Deserialize, Serialize};
#[cfg(target_os = "macos")]
use text_io::read;
#[allow(unused)]
mod bindings;
mod changevm;
mod config;
mod create;
mod delete;
mod list;
mod start;
mod utils;
const APP_NAME: &str = "krunvm";
#[derive(Default, Debug, Serialize, Deserialize)]
pub struct VmConfig {
name: String,
cpus: u32,
mem: u32,
container: String,
workdir: String,
dns: String,
mapped_volumes: HashMap<String, String>,
mapped_ports: HashMap<String, String>,
}
#[derive(Debug, Serialize, Deserialize)]
pub struct KrunvmConfig {
version: u8,
default_cpus: u32,
default_mem: u32,
default_dns: String,
storage_volume: String,
vmconfig_map: HashMap<String, VmConfig>,
}
impl Default for KrunvmConfig {
fn default() -> KrunvmConfig {
KrunvmConfig {
version: 1,
default_cpus: 2,
default_mem: 1024,
default_dns: "1.1.1.1".to_string(),
storage_volume: String::new(),
vmconfig_map: HashMap::new(),
}
}
}
#[cfg(target_os = "macos")]
fn check_case_sensitivity(volume: &str) -> Result<bool, io::Error> {
let first_path = format!("{}/krunvm_test", volume);
let second_path = format!("{}/krunVM_test", volume);
{
let mut first = File::create(&first_path)?;
first.write_all(b"first")?;
}
{
let mut second = File::create(&second_path)?;
second.write_all(b"second")?;
}
let mut data = String::new();
{
let mut test = File::open(&first_path)?;
test.read_to_string(&mut data)?;
}
if data == "first" {
let _ = std::fs::remove_file(first_path);
let _ = std::fs::remove_file(second_path);
Ok(true)
} else {
let _ = std::fs::remove_file(first_path);
Ok(false)
}
}
#[cfg(target_os = "macos")]
fn check_volume(cfg: &mut KrunvmConfig) {
if !cfg.storage_volume.is_empty() {
return;
}
println!(
"
On macOS, krunvm requires a dedicated, case-sensitive volume.
You can easily create such volume by executing something like
this on another terminal:
diskutil apfs addVolume disk3 \"Case-sensitive APFS\" krunvm
NOTE: APFS volume creation is a non-destructive action that
doesn't require a dedicated disk nor \"sudo\" privileges. The
new volume will share the disk space with the main container
volume.
"
);
loop {
print!("Please enter the mountpoint for this volume [/Volumes/krunvm]: ");
io::stdout().flush().unwrap();
let answer: String = read!("{}\n");
let volume = if answer.is_empty() {
"/Volumes/krunvm".to_string()
} else {
answer.to_string()
};
print!("Checking volume... ");
match check_case_sensitivity(&volume) {
Ok(res) => {
if res {
println!("success.");
println!("The volume has been configured. Please execute krunvm again");
cfg.storage_volume = volume;
confy::store(APP_NAME, cfg).unwrap();
std::process::exit(-1);
} else {
println!("failed.");
println!("This volume failed the case sensitivity test.");
}
}
Err(err) => {
println!("error.");
println!("There was an error running the test: {}", err);
}
}
}
}
#[cfg(target_os = "linux")]
fn check_unshare() {
let uid = unsafe { libc::getuid() };
if uid != 0 && !std::env::vars().any(|(key, _)| key == "BUILDAH_ISOLATION") {
println!("Please re-run krunvm inside a \"buildah unshare\" session");
std::process::exit(-1);
}
}
fn main() {
let mut cfg: KrunvmConfig = confy::load(APP_NAME).unwrap();
let mut app = App::new("krunvm")
.version(crate_version!())
.author("Sergio Lopez <slp@redhat.com>")
.about("Manage microVMs created from OCI images")
.arg(
Arg::with_name("v")
.short("v")
.multiple(true)
.help("Sets the level of verbosity"),
)
.subcommand(
App::new("changevm")
.about("Change the configuration of a microVM")
.arg(
Arg::with_name("cpus")
.long("cpus")
.help("Number of vCPUs")
.takes_value(true),
)
.arg(
Arg::with_name("mem")
.long("mem")
.help("Amount of RAM in MiB")
.takes_value(true),
)
.arg(
Arg::with_name("workdir")
.long("workdir")
.short("w")
.help("Working directory inside the microVM")
.takes_value(true),
)
.arg(
Arg::with_name("remove-volumes")
.long("remove-volumes")
.help("Remove all volume mappings"),
)
.arg(
Arg::with_name("volume")
.long("volume")
.short("v")
.help("Volume in form \"host_path:guest_path\" to be exposed to the guest")
.takes_value(true)
.multiple(true)
.number_of_values(1),
)
.arg(
Arg::with_name("remove-ports")
.long("remove-ports")
.help("Remove all port mappings"),
)
.arg(
Arg::with_name("port")
.long("port")
.short("p")
.help("Port in format \"host_port:guest_port\" to be exposed to the host")
.takes_value(true)
.multiple(true)
.number_of_values(1),
)
.arg(
Arg::with_name("new-name")
.long("name")
.help("Assign a new name to the VM")
.takes_value(true),
)
.arg(
Arg::with_name("NAME")
.help("Name of the VM to be modified")
.required(true),
),
)
.subcommand(
App::new("config")
.about("Configure global values")
.arg(
Arg::with_name("cpus")
.long("cpus")
.help("Default number of vCPUs for newly created VMs")
.takes_value(true),
)
.arg(
Arg::with_name("mem")
.long("mem")
.help("Default amount of RAM in MiB for newly created VMs")
.takes_value(true),
)
.arg(
Arg::with_name("dns")
.long("dns")
.help("DNS server to use in the microVM")
.takes_value(true),
),
)
.subcommand(
App::new("delete").about("Delete an existing microVM").arg(
Arg::with_name("NAME")
.help("Name of the microVM to be deleted")
.required(true)
.index(1),
),
)
.subcommand(
App::new("list").about("List microVMs").arg(
Arg::with_name("debug")
.short("d")
.help("print debug information verbosely"),
),
)
.subcommand(
App::new("start")
.about("Start an existing microVM")
.arg(Arg::with_name("cpus").long("cpus").help("Number of vCPUs"))
.arg(
Arg::with_name("mem")
.long("mem")
.help("Amount of RAM in MiB"),
)
.arg(
Arg::with_name("NAME")
.help("Name of the microVM")
.required(true)
.index(1),
)
.arg(
Arg::with_name("COMMAND")
.help("Command to run inside the VM")
.index(2),
)
.arg(
Arg::with_name("ARGS")
.help("Arguments to be passed to the command executed in the VM")
.multiple(true)
.last(true),
),
);
let mut create = App::new("create")
.about("Create a new microVM")
.arg(
Arg::with_name("cpus")
.long("cpus")
.help("Number of vCPUs")
.takes_value(true),
)
.arg(
Arg::with_name("mem")
.long("mem")
.help("Amount of RAM in MiB")
.takes_value(true),
)
.arg(
Arg::with_name("dns")
.long("dns")
.help("DNS server to use in the microVM")
.takes_value(true),
)
.arg(
Arg::with_name("workdir")
.long("workdir")
.short("w")
.help("Working directory inside the microVM")
.takes_value(true)
.default_value(""),
)
.arg(
Arg::with_name("volume")
.long("volume")
.short("v")
.help("Volume in form \"host_path:guest_path\" to be exposed to the guest")
.takes_value(true)
.multiple(true)
.number_of_values(1),
)
.arg(
Arg::with_name("port")
.long("port")
.short("p")
.help("Port in format \"host_port:guest_port\" to be exposed to the host")
.takes_value(true)
.multiple(true)
.number_of_values(1),
)
.arg(
Arg::with_name("name")
.long("name")
.help("Assign a name to the VM")
.takes_value(true),
)
.arg(
Arg::with_name("IMAGE")
.help("OCI image to use as template")
.required(true),
);
if cfg!(target_os = "macos") {
create = create.arg(
Arg::with_name("x86")
.long("x86")
.short("x")
.help("Create a x86_64 microVM even on an Aarch64 host"),
);
}
app = app.subcommand(create);
let matches = app.clone().get_matches();
#[cfg(target_os = "macos")]
check_volume(&mut cfg);
#[cfg(target_os = "linux")]
check_unshare();
if let Some(matches) = matches.subcommand_matches("changevm") {
changevm::changevm(&mut cfg, matches);
} else if let Some(matches) = matches.subcommand_matches("config") {
config::config(&mut cfg, matches);
} else if let Some(matches) = matches.subcommand_matches("create") {
create::create(&mut cfg, matches);
} else if let Some(matches) = matches.subcommand_matches("delete") {
delete::delete(&mut cfg, matches);
} else if let Some(matches) = matches.subcommand_matches("list") {
list::list(&cfg, matches);
} else if let Some(matches) = matches.subcommand_matches("start") {
start::start(&cfg, matches);
} else {
app.print_long_help().unwrap();
println!();
}
}
0707010000001D000081A4000000000000000000000001636923F100001AB0000000000000000000000000000000000000002500000000krunvm-0.2.3+git12dac81/src/start.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use std::ffi::CString;
use std::fs::File;
#[cfg(target_os = "linux")]
use std::io::{Error, ErrorKind};
use std::os::unix::io::AsRawFd;
#[cfg(target_os = "macos")]
use std::path::Path;
use super::bindings;
use super::utils::{mount_container, umount_container};
use crate::{ArgMatches, KrunvmConfig, VmConfig};
#[cfg(target_os = "linux")]
fn map_volumes(_ctx: u32, vmcfg: &VmConfig, rootfs: &str) {
for (host_path, guest_path) in vmcfg.mapped_volumes.iter() {
let host_dir = CString::new(host_path.to_string()).unwrap();
let guest_dir = CString::new(format!("{}{}", rootfs, guest_path)).unwrap();
let ret = unsafe { libc::mkdir(guest_dir.as_ptr(), 0o755) };
if ret < 0 && Error::last_os_error().kind() != ErrorKind::AlreadyExists {
println!("Error creating directory {:?}", guest_dir);
std::process::exit(-1);
}
unsafe { libc::umount(guest_dir.as_ptr()) };
let ret = unsafe {
libc::mount(
host_dir.as_ptr(),
guest_dir.as_ptr(),
std::ptr::null(),
libc::MS_BIND | libc::MS_REC,
std::ptr::null(),
)
};
if ret < 0 {
println!("Error mounting volume {}", guest_path);
std::process::exit(-1);
}
}
}
#[cfg(target_os = "macos")]
fn map_volumes(ctx: u32, vmcfg: &VmConfig, rootfs: &str) {
let mut volumes = Vec::new();
for (host_path, guest_path) in vmcfg.mapped_volumes.iter() {
let full_guest = format!("{}{}", &rootfs, guest_path);
let full_guest_path = Path::new(&full_guest);
if !full_guest_path.exists() {
std::fs::create_dir(full_guest_path)
.expect("Couldn't create guest_path for mapped volume");
}
let map = format!("{}:{}", host_path, guest_path);
volumes.push(CString::new(map).unwrap());
}
let mut vols: Vec<*const i8> = Vec::new();
for vol in volumes.iter() {
vols.push(vol.as_ptr());
}
vols.push(std::ptr::null());
let ret = unsafe { bindings::krun_set_mapped_volumes(ctx, vols.as_ptr()) };
if ret < 0 {
println!("Error setting VM mapped volumes");
std::process::exit(-1);
}
}
unsafe fn exec_vm(vmcfg: &VmConfig, rootfs: &str, cmd: Option<&str>, args: Vec<CString>) {
//bindings::krun_set_log_level(9);
let ctx = bindings::krun_create_ctx() as u32;
let ret = bindings::krun_set_vm_config(ctx, vmcfg.cpus as u8, vmcfg.mem);
if ret < 0 {
println!("Error setting VM config");
std::process::exit(-1);
}
let c_rootfs = CString::new(rootfs).unwrap();
let ret = bindings::krun_set_root(ctx, c_rootfs.as_ptr() as *const i8);
if ret < 0 {
println!("Error setting VM rootfs");
std::process::exit(-1);
}
map_volumes(ctx, vmcfg, rootfs);
let mut ports = Vec::new();
for (host_port, guest_port) in vmcfg.mapped_ports.iter() {
let map = format!("{}:{}", host_port, guest_port);
ports.push(CString::new(map).unwrap());
}
let mut ps: Vec<*const i8> = Vec::new();
for port in ports.iter() {
ps.push(port.as_ptr() as *const i8);
}
ps.push(std::ptr::null());
let ret = bindings::krun_set_port_map(ctx, ps.as_ptr());
if ret < 0 {
println!("Error setting VM port map");
std::process::exit(-1);
}
if !vmcfg.workdir.is_empty() {
let c_workdir = CString::new(vmcfg.workdir.clone()).unwrap();
let ret = bindings::krun_set_workdir(ctx, c_workdir.as_ptr() as *const i8);
if ret < 0 {
println!("Error setting VM workdir");
std::process::exit(-1);
}
}
let hostname = CString::new(format!("HOSTNAME={}", vmcfg.name)).unwrap();
let home = CString::new("HOME=/root").unwrap();
let env: [*const i8; 3] = [
hostname.as_ptr() as *const i8,
home.as_ptr() as *const i8,
std::ptr::null(),
];
if let Some(cmd) = cmd {
let mut argv: Vec<*const i8> = Vec::new();
for a in args.iter() {
argv.push(a.as_ptr() as *const i8);
}
argv.push(std::ptr::null());
let c_cmd = CString::new(cmd).unwrap();
let ret = bindings::krun_set_exec(
ctx,
c_cmd.as_ptr() as *const i8,
argv.as_ptr() as *const *const i8,
env.as_ptr() as *const *const i8,
);
if ret < 0 {
println!("Error setting VM config");
std::process::exit(-1);
}
} else {
let ret = bindings::krun_set_env(ctx, env.as_ptr() as *const *const i8);
if ret < 0 {
println!("Error setting VM environment variables");
std::process::exit(-1);
}
}
let ret = bindings::krun_start_enter(ctx);
if ret < 0 {
println!("Error starting VM");
std::process::exit(-1);
}
}
fn set_rlimits() {
let mut limit = libc::rlimit {
rlim_cur: 0,
rlim_max: 0,
};
let ret = unsafe { libc::getrlimit(libc::RLIMIT_NOFILE, &mut limit) };
if ret < 0 {
panic!("Couldn't get RLIMIT_NOFILE value");
}
limit.rlim_cur = limit.rlim_max;
let ret = unsafe { libc::setrlimit(libc::RLIMIT_NOFILE, &limit) };
if ret < 0 {
panic!("Couldn't set RLIMIT_NOFILE value");
}
}
fn set_lock(rootfs: &str) -> File {
let lock_path = format!("{}/.krunvm.lock", rootfs);
let file = File::create(lock_path).expect("Couldn't create lock file");
let ret = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_EX | libc::LOCK_NB) };
if ret < 0 {
println!("Couldn't acquire lock file. Is another instance of this VM already running?");
std::process::exit(-1);
}
file
}
pub fn start(cfg: &KrunvmConfig, matches: &ArgMatches) {
let cmd = matches.value_of("COMMAND");
let name = matches.value_of("NAME").unwrap();
let vmcfg = match cfg.vmconfig_map.get(name) {
None => {
println!("No VM found with name {}", name);
std::process::exit(-1);
}
Some(vmcfg) => vmcfg,
};
umount_container(cfg, vmcfg).expect("Error unmounting container");
let rootfs = mount_container(cfg, vmcfg).expect("Error mounting container");
let args: Vec<CString> = if cmd.is_some() {
match matches.values_of("ARGS") {
Some(a) => a.map(|val| CString::new(val).unwrap()).collect(),
None => Vec::new(),
}
} else {
Vec::new()
};
set_rlimits();
let _file = set_lock(&rootfs);
unsafe { exec_vm(vmcfg, &rootfs, cmd, args) };
umount_container(cfg, vmcfg).expect("Error unmounting container");
}
0707010000001E000081A4000000000000000000000001636923F1000020EF000000000000000000000000000000000000002500000000krunvm-0.2.3+git12dac81/src/utils.rs// Copyright 2021 Red Hat, Inc.
// SPDX-License-Identifier: Apache-2.0
use std::collections::HashMap;
use std::path::Path;
use std::process::Command;
use crate::{KrunvmConfig, VmConfig, APP_NAME};
pub enum BuildahCommand {
From,
Inspect,
Mount,
Unmount,
Remove,
}
#[cfg(target_os = "linux")]
pub fn get_buildah_args(_cfg: &KrunvmConfig, cmd: BuildahCommand) -> Vec<String> {
match cmd {
BuildahCommand::From => vec!["from".to_string()],
BuildahCommand::Inspect => vec!["inspect".to_string()],
BuildahCommand::Mount => vec!["mount".to_string()],
BuildahCommand::Unmount => vec!["umount".to_string()],
BuildahCommand::Remove => vec!["rm".to_string()],
}
}
#[cfg(target_os = "macos")]
pub fn get_buildah_args(cfg: &KrunvmConfig, cmd: BuildahCommand) -> Vec<String> {
let mut hbpath = std::env::current_exe().unwrap();
hbpath.pop();
hbpath.pop();
let hbpath = hbpath.as_path().display();
let policy_json = format!("{}/etc/containers/policy.json", hbpath);
let registries_json = format!("{}/etc/containers/registries.conf", hbpath);
let storage_root = format!("{}/root", cfg.storage_volume);
let storage_runroot = format!("{}/runroot", cfg.storage_volume);
let mut args = vec![
"--root".to_string(),
storage_root,
"--runroot".to_string(),
storage_runroot,
];
match cmd {
BuildahCommand::From => {
args.push("--signature-policy".to_string());
args.push(policy_json);
args.push("--registries-conf".to_string());
args.push(registries_json);
args.push("from".to_string());
args.push("--os".to_string());
args.push("linux".to_string());
}
BuildahCommand::Inspect => {
args.push("inspect".to_string());
}
BuildahCommand::Mount => {
args.push("mount".to_string());
}
BuildahCommand::Unmount => {
args.push("umount".to_string());
}
BuildahCommand::Remove => {
args.push("rm".to_string());
}
}
args
}
pub fn parse_mapped_ports(port_matches: Vec<&str>) -> HashMap<String, String> {
let mut mapped_ports = HashMap::new();
for port in port_matches.iter() {
let vtuple: Vec<&str> = port.split(':').collect();
if vtuple.len() != 2 {
println!("Invalid value for \"port\"");
std::process::exit(-1);
}
let host_port: u16 = match vtuple[0].parse() {
Ok(p) => p,
Err(_) => {
println!("Invalid host port");
std::process::exit(-1);
}
};
let guest_port: u16 = match vtuple[1].parse() {
Ok(p) => p,
Err(_) => {
println!("Invalid guest port");
std::process::exit(-1);
}
};
mapped_ports.insert(host_port.to_string(), guest_port.to_string());
}
mapped_ports
}
pub fn parse_mapped_volumes(volume_matches: Vec<&str>) -> HashMap<String, String> {
let mut mapped_volumes = HashMap::new();
for volume in volume_matches.iter() {
let vtuple: Vec<&str> = volume.split(':').collect();
if vtuple.len() != 2 {
println!("Invalid value for \"volume\"");
std::process::exit(-1);
}
let host_path = Path::new(vtuple[0]);
if !host_path.is_absolute() {
println!("Invalid volume, host_path is not an absolute path");
std::process::exit(-1);
}
if !host_path.exists() {
println!("Invalid volume, host_path does not exists");
std::process::exit(-1);
}
let guest_path = Path::new(vtuple[1]);
if !guest_path.is_absolute() {
println!("Invalid volume, guest_path is not an absolute path");
std::process::exit(-1);
}
if guest_path.components().count() != 2 {
println!(
"Invalid volume, only single direct root children are supported as guest_path"
);
std::process::exit(-1);
}
mapped_volumes.insert(
host_path.to_str().unwrap().to_string(),
guest_path.to_str().unwrap().to_string(),
);
}
mapped_volumes
}
#[cfg(target_os = "macos")]
fn fix_root_mode(rootfs: &str) {
let mut args = vec!["-w", "user.containers.override_stat", "0:0:0555"];
args.push(rootfs);
let output = match Command::new("xattr")
.args(&args)
.stderr(std::process::Stdio::inherit())
.output()
{
Ok(output) => output,
Err(err) => {
if err.kind() == std::io::ErrorKind::NotFound {
println!("{} requires xattr to manage the OCI images, and it wasn't found on this system.", APP_NAME);
} else {
println!("Error executing xattr: {}", err);
}
std::process::exit(-1);
}
};
let exit_code = output.status.code().unwrap_or(-1);
if exit_code != 0 {
println!("xattr returned an error: {}", exit_code);
std::process::exit(-1);
}
}
#[allow(unused_variables)]
pub fn mount_container(cfg: &KrunvmConfig, vmcfg: &VmConfig) -> Result<String, std::io::Error> {
let mut args = get_buildah_args(cfg, BuildahCommand::Mount);
args.push(vmcfg.container.clone());
let output = match Command::new("buildah")
.args(&args)
.stderr(std::process::Stdio::inherit())
.output()
{
Ok(output) => output,
Err(err) => {
if err.kind() == std::io::ErrorKind::NotFound {
println!("{} requires buildah to manage the OCI images, and it wasn't found on this system.", APP_NAME);
} else {
println!("Error executing buildah: {}", err);
}
std::process::exit(-1);
}
};
let exit_code = output.status.code().unwrap_or(-1);
if exit_code != 0 {
println!(
"buildah returned an error: {}",
std::str::from_utf8(&output.stdout).unwrap()
);
std::process::exit(-1);
}
let rootfs = std::str::from_utf8(&output.stdout).unwrap().trim();
#[cfg(target_os = "macos")]
fix_root_mode(&rootfs);
Ok(rootfs.to_string())
}
#[allow(unused_variables)]
pub fn umount_container(cfg: &KrunvmConfig, vmcfg: &VmConfig) -> Result<(), std::io::Error> {
let mut args = get_buildah_args(cfg, BuildahCommand::Unmount);
args.push(vmcfg.container.clone());
let output = match Command::new("buildah")
.args(&args)
.stderr(std::process::Stdio::inherit())
.output()
{
Ok(output) => output,
Err(err) => {
if err.kind() == std::io::ErrorKind::NotFound {
println!("{} requires buildah to manage the OCI images, and it wasn't found on this system.", APP_NAME);
} else {
println!("Error executing buildah: {}", err);
}
std::process::exit(-1);
}
};
let exit_code = output.status.code().unwrap_or(-1);
if exit_code != 0 {
println!(
"buildah returned an error: {}",
std::str::from_utf8(&output.stdout).unwrap()
);
std::process::exit(-1);
}
Ok(())
}
#[allow(unused_variables)]
pub fn remove_container(cfg: &KrunvmConfig, vmcfg: &VmConfig) -> Result<(), std::io::Error> {
let mut args = get_buildah_args(cfg, BuildahCommand::Remove);
args.push(vmcfg.container.clone());
let output = match Command::new("buildah")
.args(&args)
.stderr(std::process::Stdio::inherit())
.output()
{
Ok(output) => output,
Err(err) => {
if err.kind() == std::io::ErrorKind::NotFound {
println!("{} requires buildah to manage the OCI images, and it wasn't found on this system.", APP_NAME);
} else {
println!("Error executing buildah: {}", err);
}
std::process::exit(-1);
}
};
let exit_code = output.status.code().unwrap_or(-1);
if exit_code != 0 {
println!(
"buildah returned an error: {}",
std::str::from_utf8(&output.stdout).unwrap()
);
std::process::exit(-1);
}
Ok(())
}
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!155 blocks
