kata agent + runc 进程

2020-12-04 16:03:03

root@ubuntu:/# ls /run/libcontainer/ -al
total 0
drwx------  3 root root  60 Dec  4 06:37 .
drwxr-xr-x 11 root root 220 Dec  4 06:37 ..
drwx------  3 root root  60 Dec  4 06:37 9ddf50af4f9d18ab65ce13c7334ff3f0c9c9736aa81a05089042484714e746be
root@ubuntu:/# ls /run/libcontainer/*/     
root@ubuntu:/# ls /run/libcontainer/*/*
root@ubuntu:/# ls /run/libcontainer/*/state.json
ls: cannot access '/run/libcontainer/*/state.json': No such file or directory
root@ubuntu:/# ls /run/libcontainer/*/          
root@ubuntu:/# ls /run/libcontainer/*/*/state.json
root@ubuntu:/# cat  /run/libcontainer/*/*/state.json  











































root@ubuntu:/# ps -e -o pid,cmd
    1 /sbin/init
    2 [kthreadd]
    3 [rcu_gp]
    4 [rcu_par_gp]
    6 [kworker/0:0H-kb]
    7 [kworker/u2:0-ev]
    8 [mm_percpu_wq]
    9 [ksoftirqd/0]
   10 [rcu_sched]
   11 [migration/0]
   12 [cpuhp/0]
   13 [kdevtmpfs]
   14 [netns]
   15 [oom_reaper]
   16 [writeback]
   17 [kcompactd0]
   18 [kblockd]
   19 [blkcg_punt_bio]
   21 [kswapd0]
   22 [xfsalloc]
   23 [xfs_mru_cache]
   24 [kthrotld]
   26 [khvcd]
   27 [hwrng]
   29 [scsi_eh_0]
   30 [scsi_tmf_0]
   31 [uas]
   32 [usbip_event]
   33 [ipv6_addrconf]
   34 [jbd2/vda1-8]
   35 [ext4-rsv-conver]
   51 /lib/systemd/systemd-journald
   55 /usr/bin/Xvfb :8 -ac -screen 0 720x1280x24
   56 /usr/bin/kata-agent
   57 /opt/openvmi/bin/openvmi session-manager --run-multiple 
   59 [kworker/u2:2-ev]
   65 /bin/bash
   79 /bin/bash
  105 [kworker/0:1H-kb]
 2814 [kworker/0:1-cgr]
 2837 [kworker/0:2-eve]
 2850 ps -e -o pid,cmd


root@ubuntu:/# ls -al /proc/79/ns/   
total 0
dr-x--x--x 2 root root 0 Dec  4 07:55 .
dr-xr-xr-x 9 root root 0 Dec  4 06:37 ..
lrwxrwxrwx 1 root root 0 Dec  4 07:55 cgroup -> 'cgroup:[4026531835]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 ipc -> 'ipc:[4026532171]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 mnt -> 'mnt:[4026532173]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 net -> 'net:[4026531897]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 pid -> 'pid:[4026532174]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 pid_for_children -> 'pid:[4026532174]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 Dec  4 07:55 uts -> 'uts:[4026532172]'



 libcontainerPath = "/run/libcontainer"

func (a *agentGRPC) finishCreateContainer(ctr *container, req *pb.CreateContainerRequest, config *configs.Config) (resp *gpb.Empty, err error) {
        containerPath := filepath.Join(libcontainerPath, a.sandbox.id)
        factory, err := libcontainer.New(containerPath, libcontainer.Cgroupfs)
        if err != nil {
                return emptyResp, err

        ctr.container, err = factory.Create(req.ContainerId, config)
        if err != nil {
                return emptyResp, err
        ctr.config = *config

        ctr.initProcess, err = buildProcess(req.OCI.Process, req.ExecId, true)
        if err != nil {
                return emptyResp, err




func (a *agentGRPC) ExecProcess(ctx context.Context, req *pb.ExecProcessRequest) (*gpb.Empty, error) {
        ctr, err := a.getContainer(req.ContainerId)
        if err != nil {
                return emptyResp, err

        status, err := ctr.container.Status()
        if err != nil {
                return nil, err

        if status == libcontainer.Stopped {
                return nil, grpcStatus.Errorf(codes.FailedPrecondition, "Cannot exec in stopped container %s", req.ContainerId)

        proc, err := buildProcess(req.Process, req.ExecId, false)
        if err != nil {
                return emptyResp, err

        if err := a.execProcess(ctr, proc, false); err != nil {
                return emptyResp, err

        return emptyResp, a.postExecProcess(ctr, proc)


// Shared function between CreateContainer and ExecProcess, because those expect
// a process to be run.
func (a *agentGRPC) execProcess(ctr *container, proc *process, createContainer bool) (err error) {
        if ctr == nil {
                return grpcStatus.Error(codes.InvalidArgument, "Container cannot be nil")

        if proc == nil {
                return grpcStatus.Error(codes.InvalidArgument, "Process cannot be nil")

        // This lock is very important to avoid any race with reaper.reap().
        // Indeed, if we don't lock this here, we could potentially get the
        // SIGCHLD signal before the channel has been created, meaning we will
        // miss the opportunity to get the exit code, leading WaitProcess() to
        // wait forever on the new channel.
        // This lock has to be taken before we run the new process.
        defer a.sandbox.subreaper.unlock()

        if createContainer {
                err = ctr.container.Start(&proc.process)
        } else {
                err = ctr.container.Run(&(proc.process))
        if err != nil {
                return grpcStatus.Errorf(codes.Internal, "Could not run process: %v", err)

        // Get process PID
        pid, err := proc.process.Pid()
        if err != nil {
                return err

        proc.exitCodeCh = make(chan int, 1)

        // Create process channel to allow WaitProcess to wait on it.
        // This channel is buffered so that reaper.reap() will not
        // block until WaitProcess listen onto this channel.
        a.sandbox.subreaper.setExitCodeCh(pid, proc.exitCodeCh)

        return nil


func (c *linuxContainer) start(process *Process) error {
    parent, err := c.newParentProcess(process) /*  1. 创建parentProcess */

    err := parent.start();                     /*  2. 启动这个parentProcess */




/* utils_linux.go */
func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOpts *libcontainer.CriuOpts) (int, error) {
    id := context.Args().First()

    container, err := createContainer(context, id, spec)

    r := &runner{
        container:       container,
        action:          action,
        init:            true,     
    return r.run(spec.Process)


func (r *runner) run(config *specs.Process) (int, error) { 
    process, err := newProcess(*config, r.init)                                  /*  第1部分 */
    switch r.action {
    case CT_ACT_CREATE:
        err = r.container.Start(process)   /* runc start */                      /*  第2部分 */
    case CT_ACT_RESTORE:
        err = r.container.Restore(process, r.criuOpts) /* runc restore */
    case CT_ACT_RUN:
        err = r.container.Run(process)     /* runc run */
        panic("Unknown action")
    return status, err



func (c *linuxContainer) start(process *Process) error {
    parent, err := c.newParentProcess(process) /*  1. 创建parentProcess */

    err := parent.start();                     /*  2. 启动这个parentProcess */


来源: https://www.cnblogs.com/dream397/p/14086303.html

