added isolation feature for running containers

2025-04-02 15:20:32 +02:00 · 2025-04-02 15:20:32 +02:00 · 5f6420a421
commit 5f6420a421
parent d5bc0bbfc4
3 changed files with 31 additions and 4 deletions
--- a/examples/buildah.rs
+++ b/examples/buildah.rs
@ -19,7 +19,8 @@ pub fn run_buildah_example() -> Result<(), BuildahError> {
    
    // Step 2: Run a command in the container
    println!("\n=== Installing nginx in container ===");
-    let install_result = buildah::run(container_id, "dnf install -y nginx").unwrap();
+    // Use chroot isolation to avoid BPF issues
+    let install_result = buildah::run_with_isolation(container_id, "dnf install -y nginx", "chroot").unwrap();
    println!("{:#?}", install_result);
    println!("Installation output: {}", install_result.stdout);
    
--- a/src/virt/buildah/containers.rs
+++ b/src/virt/buildah/containers.rs
@ -8,10 +8,26 @@ pub fn from(image: &str) -> Result<CommandResult, BuildahError> {
 }

 /// Run a command in a container
+///
+/// # Arguments
+///
+/// * `container` - The container ID or name
+/// * `command` - The command to run
 pub fn run(container: &str, command: &str) -> Result<CommandResult, BuildahError> {
    execute_buildah_command(&["run", container, "sh", "-c", command])
 }

+/// Run a command in a container with specified isolation
+///
+/// # Arguments
+///
+/// * `container` - The container ID or name
+/// * `command` - The command to run
+/// * `isolation` - Isolation method (e.g., "chroot", "rootless", "oci")
+pub fn run_with_isolation(container: &str, command: &str, isolation: &str) -> Result<CommandResult, BuildahError> {
+    execute_buildah_command(&["run", "--isolation", isolation, container, "sh", "-c", command])
+}
+
 /// Copy files into a container
 pub fn copy(container: &str, source: &str, dest: &str) -> Result<CommandResult, BuildahError> {
    execute_buildah_command(&["copy", container, source, dest])
--- a/src/virt/buildah/containers_test.rs
+++ b/src/virt/buildah/containers_test.rs
@ -64,8 +64,11 @@ mod tests {
        test_execute_buildah_command(&["from", image])
    }

-    fn test_run(container: &str, command: &str) -> Result<CommandResult, BuildahError> {
-        test_execute_buildah_command(&["run", container, "sh", "-c", command])
+    fn test_run(container: &str, command: &str, isolation: Option<&str>) -> Result<CommandResult, BuildahError> {
+        match isolation {
+            Some(iso) => test_execute_buildah_command(&["run", "--isolation", iso, container, "sh", "-c", command]),
+            None => test_execute_buildah_command(&["run", container, "sh", "-c", command])
+        }
    }

    fn test_copy(container: &str, source: &str, dest: &str) -> Result<CommandResult, BuildahError> {
@ -107,11 +110,18 @@ mod tests {
        
        let container = "my-container";
        let command = "echo hello";
-        let result = test_run(container, command);
        
+        // Test without isolation
+        let result = test_run(container, command, None);
        assert!(result.is_ok());
        let cmd = get_last_command();
        assert_eq!(cmd, vec!["run", "my-container", "sh", "-c", "echo hello"]);
+        
+        // Test with isolation
+        let result = test_run(container, command, Some("chroot"));
+        assert!(result.is_ok());
+        let cmd = get_last_command();
+        assert_eq!(cmd, vec!["run", "--isolation", "chroot", "my-container", "sh", "-c", "echo hello"]);
    }

    #[test]