gvisor/pkg/shim/proc/init_state.go

// Copyright 2018 The containerd Authors.
// Copyright 2018 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package proc

import (
	"context"
	"fmt"

	"github.com/containerd/containerd/errdefs"
	"github.com/containerd/containerd/pkg/process"
	runc "github.com/containerd/go-runc"
	"golang.org/x/sys/unix"
	"gvisor.dev/gvisor/pkg/shim/utils"
)

type stateTransition int

const (
	running stateTransition = iota
	stopped
	deleted
)

func (s stateTransition) String() string {
	switch s {
	case running:
		return "running"
	case stopped:
		return "stopped"
	case deleted:
		return "deleted"
	default:
		panic(fmt.Sprintf("unknown state: %d", s))
	}
}

type initState interface {
	Start(context.Context) error
	Delete(context.Context) error
	Exec(context.Context, string, *ExecConfig) (process.Process, error)
	State(ctx context.Context) (string, error)
	Stats(context.Context, string) (*runc.Stats, error)
	Kill(context.Context, uint32, bool) error
	SetExited(int)
}

type createdState struct {
	p *Init
}

func (s *createdState) name() string {
	return "created"
}

func (s *createdState) transition(transition stateTransition) {
	switch transition {
	case running:
		s.p.initState = &runningState{p: s.p}
	case stopped:
		s.p.initState = &stoppedState{process: s.p}
	case deleted:
		s.p.initState = &deletedState{}
	default:
		panic(fmt.Sprintf("invalid state transition %q to %q", s.name(), transition))
	}
}

func (s *createdState) Start(ctx context.Context) error {
	if err := s.p.start(ctx); err != nil {
		// Containerd doesn't allow deleting container in created state.
		// However, for gvisor, a non-root container in created state can
		// only go to running state. If the container can't be started,
		// it can only stay in created state, and never be deleted.
		// To work around that, we treat non-root container in start failure
		// state as stopped.
		if !s.p.Sandbox {
			s.p.io.Close()
			s.p.setExited(internalErrorCode)
			s.transition(stopped)
		}
		return err
	}
	s.transition(running)
	return nil
}

func (s *createdState) Delete(ctx context.Context) error {
	if err := s.p.delete(ctx); err != nil {
		return err
	}
	s.transition(deleted)
	return nil
}

func (s *createdState) Kill(ctx context.Context, sig uint32, all bool) error {
	return s.p.kill(ctx, sig, all)
}

func (s *createdState) SetExited(status int) {
	s.p.setExited(status)
	s.transition(stopped)
}

func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
	return s.p.exec(path, r)
}

func (s *createdState) State(ctx context.Context) (string, error) {
	state, err := s.p.state(ctx)
	if err == nil && state == statusStopped {
		s.transition(stopped)
	}
	return state, err
}

func (s *createdState) Stats(ctx context.Context, id string) (*runc.Stats, error) {
	return s.p.stats(ctx, id)
}

type runningState struct {
	p *Init
}

func (s *runningState) name() string {
	return "running"
}

func (s *runningState) transition(transition stateTransition) {
	switch transition {
	case stopped:
		s.p.initState = &stoppedState{process: s.p}
	default:
		panic(fmt.Sprintf("invalid state transition %q to %q", s.name(), transition))
	}
}

func (s *runningState) Start(ctx context.Context) error {
	return fmt.Errorf("cannot start a running container")
}

func (s *runningState) Delete(ctx context.Context) error {
	return fmt.Errorf("cannot delete a running container")
}

func (s *runningState) Kill(ctx context.Context, sig uint32, all bool) error {
	return s.p.kill(ctx, sig, all)
}

func (s *runningState) SetExited(status int) {
	s.p.setExited(status)
	s.transition(stopped)
}

func (s *runningState) Exec(_ context.Context, path string, r *ExecConfig) (process.Process, error) {
	return s.p.exec(path, r)
}

func (s *runningState) State(ctx context.Context) (string, error) {
	state, err := s.p.state(ctx)
	if err == nil && state == "stopped" {
		s.transition(stopped)
	}
	return state, err
}

func (s *runningState) Stats(ctx context.Context, id string) (*runc.Stats, error) {
	return s.p.stats(ctx, id)
}

type stoppedState struct {
	process *Init
}

func (s *stoppedState) name() string {
	return "stopped"
}

func (s *stoppedState) transition(transition stateTransition) {
	switch transition {
	case deleted:
		s.process.initState = &deletedState{}
	default:
		panic(fmt.Sprintf("invalid state transition %q to %q", s.name(), transition))
	}
}

func (s *stoppedState) Start(context.Context) error {
	return fmt.Errorf("cannot start a stopped container")
}

func (s *stoppedState) Delete(ctx context.Context) error {
	if err := s.process.delete(ctx); err != nil {
		return err
	}
	s.transition(deleted)
	return nil
}

func (s *stoppedState) Kill(_ context.Context, signal uint32, _ bool) error {
	return handleStoppedKill(signal)
}

func (s *stoppedState) SetExited(status int) {
	s.process.setExited(status)
}

func (s *stoppedState) Exec(context.Context, string, *ExecConfig) (process.Process, error) {
	return nil, fmt.Errorf("cannot exec in a stopped state")
}

func (s *stoppedState) State(context.Context) (string, error) {
	return "stopped", nil
}

func (s *stoppedState) Stats(context.Context, string) (*runc.Stats, error) {
	return nil, fmt.Errorf("cannot stat a stopped container")
}

func handleStoppedKill(signal uint32) error {
	switch unix.Signal(signal) {
	case unix.SIGTERM, unix.SIGKILL:
		// Container is already stopped, so everything inside the container has
		// already been killed.
		return nil
	default:
		return utils.ErrToGRPCf(errdefs.ErrNotFound, "process not found")
	}
}