feat: merge pulled container layers into a single rootfs dir (#28)

* feat: [ongoing] overlayfs merge

* feat: fix some permissions issues around copying non-writable or non-readable files/dirs

* feat: fixing permissions - ongoing

* feat: the first permissionguard solution

* refactor(overlayfs): improve permission handling during layer merging

- Replace ad-hoc permission management with PermissionGuard struct
- Add support for nested directory structures with mixed permissions
- Improve permission restoration with ordered tracking
- Add more comprehensive test cases for permission scenarios
- Clean up error handling and logging

* fix: put linux support temporarily on hold

Author: appcypher

.github/workflows/tests_and_checks.yml

@@ -221,4 +221,7 @@ jobs:
         run: |
           LIBRARY_PATH=${{ github.workspace }}/build/libkrunfw:${{ github.workspace }}/build/libkrun/target/release:${{ env.LIBRARY_PATH }} \
           LD_LIBRARY_PATH=${{ github.workspace }}/build/libkrunfw:${{ github.workspace }}/build/libkrun/target/release:${{ env.LD_LIBRARY_PATH }} \
-          cargo test --all-features
+          cargo test --all-features && \
+          LIBRARY_PATH=${{ github.workspace }}/build/libkrunfw:${{ github.workspace }}/build/libkrun/target/release:${{ env.LIBRARY_PATH }} \
+          LD_LIBRARY_PATH=${{ github.workspace }}/build/libkrunfw:${{ github.workspace }}/build/libkrun/target/release:${{ env.LD_LIBRARY_PATH }} \
+          cargo test --all-features -- --ignored

.todo.md

@@ -0,0 +1,3 @@
+## monofs
+
+- [ ] Implement tombstone for deletes.

Cargo.lock

@@ -58,6 +58,11 @@ typed-path.workspace = true
 uuid.workspace = true
 xattr.workspace = true
 sysinfo = "0.32.0"
+nix = { version = "0.29", features = ["mount", "user", "fs"] }
+tar = "0.4"
+flate2 = "1.0"
+walkdir = "2.4"
+scopeguard = "1.2"
 
 [dev-dependencies]
 test-log.workspace = true

monocore/Cargo.toml

@@ -12,8 +12,6 @@ PREFIX ?= /usr/local
 MONOCORE_RELEASE_BIN := ../target/release/monocore
 MONOKRUN_RELEASE_BIN := ../target/release/monokrun
 EXAMPLES_DIR := ../target/release/examples
-FIXTURES_DIR := fixtures
-DISTRO_ROOTFS := rootfs-alpine
 BUILD_DIR := build
 BENCHES_DIR := ../target/release
 
@@ -22,7 +20,7 @@ DARWIN_LIB_PATH := /usr/local/lib
 LINUX_LIB_PATH := /usr/local/lib64
 
 # Phony targets
-.PHONY: all install clean example unpack_rootfs bench build_monokrun
+.PHONY: all install clean example bench build_monokrun
 
 # Default target
 all: $(MONOCORE_RELEASE_BIN)
@@ -53,16 +51,8 @@ clean:
 	cargo clean
 	rm -rf $(BUILD_DIR)
 
-# Unpack rootfs
-unpack_rootfs: $(BUILD_DIR)/$(DISTRO_ROOTFS)-$(ARCH)
-
-$(BUILD_DIR)/$(DISTRO_ROOTFS)-$(ARCH): $(FIXTURES_DIR)/$(DISTRO_ROOTFS)-$(ARCH).tar.gz
-	mkdir -p $(BUILD_DIR)/$(DISTRO_ROOTFS)-$(ARCH)
-	tar -xzf $< -C $(BUILD_DIR)
-	touch $@
-
 # Run examples
-example: build_monokrun unpack_rootfs
+example: build_monokrun
 	@if [ -z "$(word 2,$(MAKECMDGOALS))" ]; then \
 		echo "Usage: make example <example_name> [-- <args>]"; \
 			exit 1; \
@@ -74,9 +64,9 @@ _run_example:
 ifeq ($(OS),Darwin)
 	cargo build --example $(EXAMPLE_NAME) --release
 	codesign --entitlements monocore.entitlements --force -s - $(EXAMPLES_DIR)/$(EXAMPLE_NAME)
-	DYLD_LIBRARY_PATH=$(DARWIN_LIB_PATH):$$RUST_DYLD_LIBRARY_PATH $(EXAMPLES_DIR)/$(EXAMPLE_NAME) $(ARGS) || exit $$?
+	RUST_BACKTRACE=1 DYLD_LIBRARY_PATH=$(DARWIN_LIB_PATH):$$RUST_DYLD_LIBRARY_PATH $(EXAMPLES_DIR)/$(EXAMPLE_NAME) $(ARGS) || exit $$?
 else
-	LD_LIBRARY_PATH=$(LINUX_LIB_PATH):$$LD_LIBRARY_PATH cargo run --example $(EXAMPLE_NAME) --release -- $(ARGS) || exit $$?
+	RUST_BACKTRACE=1 LD_LIBRARY_PATH=$(LINUX_LIB_PATH):$$LD_LIBRARY_PATH cargo run --example $(EXAMPLE_NAME) --release -- $(ARGS) || exit $$?
 endif
 
 # Run benchmarks

monocore/Makefile

@@ -25,7 +25,6 @@
 - [Directory Structure](#directory-structure)
 - [Quick Start](#quick-start)
 - [Development](#development)
-- [Contributing](#contributing)
 - [License](#license)
 
 ## Features
@@ -71,15 +70,13 @@ graph TD
     oci_layer --> oci_layer_hash["[hash]"]
 
     monocore_root --> microvm[microvm/]
-    microvm --> microvm_tag["[repo-name]__[tag]/"]
-    microvm --> microvm_instance["[repo-name]__[tag]__[uuid]/"]
-    microvm_tag --> microvm_service[service.toml]
-    microvm_tag --> microvm_cid["[repo-name]__[tag].cid"]
-    microvm_tag --> microvm_rootfs[rootfs/]
-    microvm_instance --> microvm_instance_rootfs[rootfs/]
+    microvm --> microvm_service["[service-name]/"]
+    microvm_service --> microvm_toml[service.toml]
+    microvm_service --> microvm_cid["[service-name].cid"]
+    microvm_service --> microvm_rootfs[rootfs/]
 
     monocore_root --> run[run/]
-    run --> run_service["[service-name]__[supervisor-pid].json"]
+    run --> run_service["[service-name]__[pid].json"]
 
     monocore_root --> log[log/]
     log --> log_stderr["[service-name].stderr.log"]
@@ -137,19 +134,9 @@ async fn main() -> anyhow::Result<()> {
 
 ### Prerequisites
 - Rust toolchain (1.75+)
-- libkrun development files
-
-### Building
-```bash
-# Build the library
-cargo build
-
-# Run tests
-cargo test
-
-# Try an example
-cargo run --example microvm_shell
-```
+- libkrun (see [monocore/README.md](http://github.com/appcypher/monocore#setup))
+- Linux OS for full functionality (OverlayFS support)
+  - macOS users should use Docker Desktop or a Linux VM for development
 
 ### Examples
 The `examples/` directory showcases key features:
@@ -158,14 +145,8 @@ The `examples/` directory showcases key features:
 - `orchestration_basic.rs`: Service orchestration
 - `orchestration_load.rs`: Load testing
 
-## Contributing
-
-Please read our [Contributing Guide](../../CONTRIBUTING.md) for details on:
-- Code style and conventions
-- Commit message format
-- Pull request process
-- Testing requirements
+Check the top of each file for usage instructions.
 
 ## License
 
-This project is licensed under the [Apache License 2.0](../../LICENSE).
+This project is licensed under the [Apache License 2.0](./LICENSE).

monocore/README.md

@@ -13,9 +13,9 @@ use tracing::{error, info};
 // Function: main
 //--------------------------------------------------------------------------------------------------
 
-/// Entry point for the runtime supervisor process.
+/// Entry point for the runtime supervisor and microvm subprocess.
 ///
-/// Handles both supervisor and subprocess modes based on command line arguments.
+/// Handles both supervisor and microvm subprocess modes based on command line arguments.
 ///
 /// # Arguments
 ///

monocore/bin/monokrun.rs

@@ -29,9 +29,11 @@
 //! make example microvm_curl -- --local-only localhost:8080
 //! ```
 
+#[cfg(all(unix, not(target_os = "linux")))] // TODO: Linux support temporarily on hold
 use anyhow::{Context, Result};
 use clap::Parser;
-use monocore::vm::MicroVm;
+#[cfg(all(unix, not(target_os = "linux")))] // TODO: Linux support temporarily on hold
+use monocore::{utils, vm::MicroVm};
 
 //--------------------------------------------------------------------------------------------------
 // Types
@@ -53,18 +55,27 @@ struct Args {
 // Functions: main
 //--------------------------------------------------------------------------------------------------
 
-fn main() -> Result<()> {
-    tracing_subscriber::fmt::init();
+#[cfg(all(unix, not(target_os = "linux")))] // TODO: Linux support temporarily on hold
+#[tokio::main]
+async fn main() -> Result<()> {
+    tracing_subscriber::fmt()
+        .with_max_level(tracing::Level::DEBUG)
+        .init();
 
     // Parse command line arguments
     let args = Args::parse();
 
-    // Use the architecture-specific build directory
-    let rootfs_path = format!("build/rootfs-fedora-{}", get_current_arch());
+    // Use specific directories for OCI and rootfs
+    let oci_dir = format!("{}/build/oci", env!("CARGO_MANIFEST_DIR"));
+    let merge_dir = format!("{}/build/rootfs/fedora", env!("CARGO_MANIFEST_DIR"));
+
+    // Pull and merge Fedora image
+    utils::pull_docker_image(&oci_dir, "library/fedora", "latest").await?;
+    utils::merge_image_layers(&oci_dir, &merge_dir, "library/fedora", "latest").await?;
 
     // Build the MicroVm
     let vm = MicroVm::builder()
-        .root_path(&rootfs_path)
+        .root_path(format!("{}/merged", merge_dir))
         .num_vcpus(1)
         .exec_path("/bin/curl")
         .args([args.target.as_str()])
@@ -80,17 +91,7 @@ fn main() -> Result<()> {
     Ok(())
 }
 
-//--------------------------------------------------------------------------------------------------
-// Functions: *
-//--------------------------------------------------------------------------------------------------
-
-// Add this function to determine the current architecture
-fn get_current_arch() -> &'static str {
-    if cfg!(target_arch = "x86_64") {
-        "x86_64"
-    } else if cfg!(target_arch = "aarch64") {
-        "arm64"
-    } else {
-        panic!("Unsupported architecture")
-    }
+#[cfg(target_os = "linux")] // TODO: Linux support temporarily on hold
+fn main() {
+    panic!("This example is not yet supported on Linux");
 }