feat: Add LinuxContainer block I/O resources#1
Open
chrisgeo wants to merge 12 commits into
Open
Conversation
This was referenced May 6, 2026
chrisgeo
changed the title
chrisgeo
force-pushed
the
feat/chaos-1380-blkio-runtime
branch
from
409ec3f to
5268c48
Compare
Signed-off-by: michael_crosby <michael_crosby@apple.com>
This pull request enhances the handling of file and directory copy operations in Linux containers, particularly by improving destination path resolution and error handling for the `copyIn` operation with the `Stat RPC` This PR is needed for [container#1190](apple/container#1190)
External Swift Package Manager consumers can only see products declared in the top-level `Package.swift`. The `VminitdCore` library was declared inside the `vminitd` subpackage, so it was impossible to build a custom `vminitd` against it via a URL dependency on `containerization`. This change moves the `VminitdCore` to the top-level `Package.swift`.
- Closes apple#745. - Facilitates TOCTOU-safe recursion over directory contents. - Replace FileDescriptor extensions with a static utility type to prevent potential namespacing issues as this project and Swift evolve.
- Grammar fix in comment.
- Closes apple#749. - ExportOperation hardcoded the pushed index descriptor's mediaType to the OCI image index type. RegistryClient.push uses that descriptor's mediaType as the HTTP Content-Type header. When the source index was in Docker manifest.list.v2+json format (the common case for images pulled from Docker Hub and other public registries), the body's embedded mediaType field disagreed with the header, and OCI registries rejected the index PUT with HTTP 400 MANIFEST_INVALID. - Use the source index's mediaType for the pushed descriptor so the header always matches the body. Per-architecture child manifests are unaffected because they were already pushed with their actual mediaType. - Add a parameterized unit test for ExportOperation.export covering both Docker manifest.list
…#754) The `IPv4Address(_ bytes: [UInt8])` initializer in ContainerizationExtras shifts the third octet by 16 bits instead of 8: ```swift self.value = (UInt32(bytes[0]) << 24) | (UInt32(bytes[1]) << 16) | (UInt32(bytes[2]) << 16) // should be << 8 | UInt32(bytes[3]) ``` Because `bytes[2]` lands in the same bit range as `bytes[1]`, the second octet gets corrupted by the OR, the third octet is dropped, and bits 8 through 15 are always left zero. Concretely, decoding `[192, 168, 1, 1]` yields `192.169.0.1` instead of `192.168.1.1`, and `[18, 52, 86, 120]` yields `18.118.0.120` instead of `18.52.86.120`. This went unnoticed because the `bytes` computed property getter uses the correct `>> 8` for the third octet, but there was no test exercising the byte-array initializer, so the encode and decode paths were never checked against each other. The sibling `IPv6Address(_ bytes:)` initializer uses the correct descending shifts (`<< 120, << 112, ... << 8, << 0`), which is what the IPv4 version should mirror. The fix changes the third octet shift to 8 bits so the initializer is the exact inverse of the `bytes` property. I also added two tests to the initializer suite: a valid-input test that asserts both the resulting `value` and that `init(bytes).bytes == bytes` round-trips, and an invalid-length test. The round-trip test fails on the current code and passes with the fix. Verification: `swift test --filter ContainerizationExtrasTests` passes 221 tests in 26 suites (the IPv4Address suite goes from 23 to 25 tests). The new round-trip test fails before the one-line change and passes after. Signed-off-by: Aditya Singh <adisin650@gmail.com>
Small documentation improvements for better consistency: - Fixed capitalization (url → URL) in kernel README - Added bash syntax highlighting to code block in lab.md - Improved formatting consistency in ctr-example README (added colon + code fence) Co-authored-by: pickle-RickA <273219719+pickle-RickA@users.noreply.github.com>
Mirrors the LinuxRLimit/LinuxCapabilities pattern so the public API can evolve independently of the OCI spec types. Configuration.blockIO now holds the wrapper and is converted via toOCI() at spec assembly.
chrisgeo
force-pushed
the
feat/chaos-1380-blkio-runtime
branch
from
3d009df to
14dec0e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Validation