Update LinuxIntelRdt to align with runtime-spec

Cargo.toml

@@ -3,6 +3,10 @@ resolver = "2"
 members = ["crates/*", "tests/contest/*", "tools/*"]
 exclude = ["experiment/seccomp", "experiment/selinux"]
 
+# NOTE: temp for developing
+[patch.crates-io]
+oci-spec = { git = "https://github.com/youki-dev/oci-spec-rs", branch = "main" }
+
 [workspace.dependencies]
 anyhow = "1.0.102"
 caps = "0.5.6"

crates/libcontainer/src/container/builder_impl.rs

@@ -12,7 +12,9 @@ use super::{Container, ContainerStatus};
 use crate::error::{CreateContainerError, LibcontainerError, MissingSpecError};
 use crate::notify_socket::NotifyListener;
 use crate::process::args::{ContainerArgs, ContainerType};
-use crate::process::intel_rdt::delete_resctrl_subdirectory;
+use crate::process::intel_rdt::{
+    delete_resctrl_monitoring_subdirectory, delete_resctrl_subdirectory,
+};
 use crate::process::{self};
 use crate::syscall::syscall::SyscallType;
 use crate::user_ns::UserNamespaceConfig;
@@ -192,7 +194,7 @@ impl ContainerBuilderImpl {
             pid_file: self.pid_file.to_owned(),
         };
 
-        let (init_pid, need_to_clean_up_intel_rdt_dir) =
+        let (init_pid, intel_rdt_dir, intel_rdt_monitoring_dir) =
             process::container_main_process::container_main_process(&container_args).map_err(
                 |err| {
                     tracing::error!("failed to run container process {}", err);
@@ -206,7 +208,8 @@ impl ContainerBuilderImpl {
                 .set_status(ContainerStatus::Created)
                 .set_creator(nix::unistd::geteuid().as_raw())
                 .set_pid(init_pid.as_raw())
-                .set_clean_up_intel_rdt_directory(need_to_clean_up_intel_rdt_dir)
+                .set_intel_rdt_dir(intel_rdt_dir)
+                .set_intel_rdt_monitoring_dir(intel_rdt_monitoring_dir)
                 .save()?;
         }
 
@@ -231,9 +234,16 @@ impl ContainerBuilderImpl {
         }
 
         if let Some(container) = &self.container {
-            if let Some(true) = container.clean_up_intel_rdt_subdirectory() {
-                if let Err(e) = delete_resctrl_subdirectory(container.id()) {
-                    tracing::error!(id = ?container.id(), error = ?e, "failed to delete resctrl subdirectory");
+            if let Some(path) = container.intel_rdt_monitoring_dir() {
+                if let Err(e) = delete_resctrl_monitoring_subdirectory(path) {
+                    tracing::error!(path = ?path, error = ?e, "failed to delete resctrl monitoring subdirectory");
+                    errors.push(e.to_string());
+                }
+            }
+
+            if let Some(path) = container.intel_rdt_dir() {
+                if let Err(e) = delete_resctrl_subdirectory(path) {
+                    tracing::error!(path = ?path, error = ?e, "failed to delete resctrl subdirectory");
                     errors.push(e.to_string());
                 }
             }

crates/libcontainer/src/container/container.rs

@@ -130,13 +130,22 @@ impl Container {
         self
     }
 
-    pub fn set_clean_up_intel_rdt_directory(&mut self, clean_up: bool) -> &mut Self {
-        self.state.clean_up_intel_rdt_subdirectory = Some(clean_up);
+    pub fn set_intel_rdt_dir(&mut self, dir: Option<PathBuf>) -> &mut Self {
+        self.state.intel_rdt_dir = dir;
         self
     }
 
-    pub fn clean_up_intel_rdt_subdirectory(&self) -> Option<bool> {
-        self.state.clean_up_intel_rdt_subdirectory
+    pub fn intel_rdt_dir(&self) -> Option<&PathBuf> {
+        self.state.intel_rdt_dir.as_ref()
+    }
+
+    pub fn set_intel_rdt_monitoring_dir(&mut self, dir: Option<PathBuf>) -> &mut Self {
+        self.state.intel_rdt_monitoring_dir = dir;
+        self
+    }
+
+    pub fn intel_rdt_monitoring_dir(&self) -> Option<&PathBuf> {
+        self.state.intel_rdt_monitoring_dir.as_ref()
     }
 
     pub fn status(&self) -> ContainerStatus {

crates/libcontainer/src/container/container_delete.rs

@@ -8,7 +8,9 @@ use super::{Container, ContainerStatus};
 use crate::config::YoukiConfig;
 use crate::error::LibcontainerError;
 use crate::hooks;
-use crate::process::intel_rdt::delete_resctrl_subdirectory;
+use crate::process::intel_rdt::{
+    delete_resctrl_monitoring_subdirectory, delete_resctrl_subdirectory,
+};
 
 impl Container {
     /// Deletes the container
@@ -69,41 +71,12 @@ impl Container {
         // Once reached here, the container is verified that it can be deleted.
         debug_assert!(self.status().can_delete());
 
-        if let Some(true) = &self.clean_up_intel_rdt_subdirectory() {
-            if let Err(err) = delete_resctrl_subdirectory(self.id()) {
-                tracing::warn!(
-                    "failed to delete resctrl subdirectory due to: {err:?}, continue to delete"
-                );
-            }
-        }
-
+        let mut config_opt = None;
         if self.root.exists() {
             match YoukiConfig::load(&self.root) {
                 Ok(config) => {
-                    tracing::debug!("config: {:?}", config);
-
-                    // remove the cgroup created for the container
-                    // check https://man7.org/linux/man-pages/man7/cgroups.7.html
-                    // creating and removing cgroups section for more information on cgroups
-                    let cmanager = libcgroups::common::create_cgroup_manager(
-                        libcgroups::common::CgroupConfig {
-                            cgroup_path: config.cgroup_path.to_owned(),
-                            systemd_cgroup: self.systemd(),
-                            container_name: self.id().to_string(),
-                        },
-                    )?;
-                    cmanager.remove().map_err(|err| {
-                        tracing::error!(cgroup_path = ?config.cgroup_path, "failed to remove cgroup due to: {err:?}");
-                        err
-                    })?;
-
-                    if let Some(hooks) = config.hooks.as_ref() {
-                        hooks::run_hooks(hooks.poststop().as_ref(), Some(&self.state), None, None)
-                            .map_err(|err| {
-                                tracing::error!(err = ?err, "failed to run post stop hooks");
-                                err
-                            })?;
-                    }
+                    tracing::debug!("config: {config:?}");
+                    config_opt = Some(config);
                 }
                 Err(err) => {
                     // There is a brief window where the container state is
@@ -115,7 +88,49 @@ impl Container {
                     );
                 }
             }
+        }
+
+        if let Some(path) = self.intel_rdt_monitoring_dir() {
+            if let Err(err) = delete_resctrl_monitoring_subdirectory(path) {
+                tracing::warn!(
+                    "failed to delete resctrl monitoring subdirectory due to: {err:?}, continue to delete"
+                );
+            }
+        }
 
+        if let Some(path) = self.intel_rdt_dir() {
+            if let Err(err) = delete_resctrl_subdirectory(path) {
+                tracing::warn!(
+                    "failed to delete resctrl subdirectory due to: {err:?}, continue to delete"
+                );
+            }
+        }
+
+        if let Some(config) = config_opt {
+            // remove the cgroup created for the container
+            // check https://man7.org/linux/man-pages/man7/cgroups.7.html
+            // creating and removing cgroups section for more information on cgroups
+            let cmanager =
+                libcgroups::common::create_cgroup_manager(libcgroups::common::CgroupConfig {
+                    cgroup_path: config.cgroup_path.to_owned(),
+                    systemd_cgroup: self.systemd(),
+                    container_name: self.id().to_string(),
+                })?;
+            cmanager.remove().map_err(|err| {
+                        tracing::error!(cgroup_path = ?config.cgroup_path, "failed to remove cgroup due to: {err:?}");
+                        err
+                    })?;
+
+            if let Some(hooks) = config.hooks.as_ref() {
+                hooks::run_hooks(hooks.poststop().as_ref(), Some(&self.state), None, None)
+                    .map_err(|err| {
+                        tracing::error!(err = ?err, "failed to run post stop hooks");
+                        err
+                    })?;
+            }
+        }
+
+        if self.root.exists() {
             // remove the directory storing container state
             tracing::debug!("remove dir {:?}", self.root);
             fs::remove_dir_all(&self.root).map_err(|err| {

crates/libcontainer/src/container/state.rs

@@ -119,8 +119,14 @@ pub struct State {
     pub creator: Option<u32>,
     // Specifies if systemd should be used to manage cgroups
     pub use_systemd: bool,
-    // Specifies if the Intel RDT subdirectory needs be cleaned up.
-    pub clean_up_intel_rdt_subdirectory: Option<bool>,
+    // Specifies the Intel RDT subdirectory path that needs to be cleaned up.
+    pub intel_rdt_dir: Option<PathBuf>,
+    /// Indicates the dedicated monitoring group subdirectory (`mon_groups/<container_id>`)
+    /// within the resctrl filesystem that needs to be cleaned up.
+    /// As per OCI runtime-spec v1.3.0, if `enable_monitoring` is true, the runtime MUST
+    /// create this group and MUST remove it when the container is deleted.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub intel_rdt_monitoring_dir: Option<PathBuf>,
 }
 
 impl State {
@@ -142,7 +148,8 @@ impl State {
             created: None,
             creator: None,
             use_systemd: false,
-            clean_up_intel_rdt_subdirectory: None,
+            intel_rdt_dir: None,
+            intel_rdt_monitoring_dir: None,
         }
     }
 

crates/libcontainer/src/process/container_main_process.rs

@@ -50,7 +50,9 @@ pub enum ProcessError {
 
 type Result<T> = std::result::Result<T, ProcessError>;
 
-pub fn container_main_process(container_args: &ContainerArgs) -> Result<(Pid, bool)> {
+pub fn container_main_process(
+    container_args: &ContainerArgs,
+) -> Result<(Pid, Option<PathBuf>, Option<PathBuf>)> {
     // We use a set of channels to communicate between parent and child process.
     // Each channel is uni-directional. Because we will pass these channel to
     // cloned process, we have to be deligent about closing any unused channel.
@@ -132,16 +134,18 @@ pub fn container_main_process(container_args: &ContainerArgs) -> Result<(Pid, bo
     // The intermediate process will send the init pid once it forks the init
     // process.  The intermediate process should exit after this point.
     let init_pid = main_receiver.wait_for_intermediate_ready()?;
-    let mut need_to_clean_up_intel_rdt_subdirectory = false;
+    let mut intel_rdt_dir = None;
+    let mut intel_rdt_monitoring_dir = None;
 
     if let Some(linux) = container_args.spec.linux() {
         if let Some(intel_rdt) = linux.intel_rdt() {
             let container_id = container_args
                 .container
                 .as_ref()
                 .map(|container| container.id());
-            need_to_clean_up_intel_rdt_subdirectory =
-                setup_intel_rdt(container_id, &init_pid, intel_rdt)?;
+            let (dir, mon_dir) = setup_intel_rdt(container_id, &init_pid, intel_rdt)?;
+            intel_rdt_dir = dir;
+            intel_rdt_monitoring_dir = mon_dir;
         }
     }
 
@@ -278,7 +282,7 @@ pub fn container_main_process(container_args: &ContainerArgs) -> Result<(Pid, bo
         Err(err) => return Err(ProcessError::WaitIntermediateProcess(err)),
     };
 
-    Ok((init_pid, need_to_clean_up_intel_rdt_subdirectory))
+    Ok((init_pid, intel_rdt_dir, intel_rdt_monitoring_dir))
 }
 
 fn setup_mapping(config: &UserNamespaceConfig, pid: Pid) -> Result<()> {