cellos-supervisor 0.5.1

CellOS execution-cell runner — boots cells in Firecracker microVMs or gVisor, enforces narrow typed authority, emits signed CloudEvents.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

//! Linux-only: bring `lo` up inside a new network namespace (`SIOCGIFFLAGS` / `SIOCSIFFLAGS`).

/// After `unshare(CLONE_NEWNET)`, the loopback interface may be down; bring it up before `execve`.
pub fn loopback_up_after_newnet() -> std::io::Result<()> {
    // SAFETY: ioctl on an `AF_INET`/`SOCK_DGRAM` socket with a zeroed `ifreq` for `lo`.
    unsafe {
        let fd = libc::socket(libc::AF_INET, libc::SOCK_DGRAM, 0);
        if fd < 0 {
            return Err(std::io::Error::last_os_error());
        }
        let mut ifr: libc::ifreq = std::mem::zeroed();
        let name = b"lo\0";
        std::ptr::copy_nonoverlapping(
            name.as_ptr().cast(),
            ifr.ifr_name.as_mut_ptr(),
            std::cmp::min(name.len(), ifr.ifr_name.len()),
        );
        if libc::ioctl(
            fd,
            libc::SIOCGIFFLAGS as libc::c_ulong,
            &mut ifr as *mut libc::ifreq,
        ) < 0
        {
            let e = std::io::Error::last_os_error();
            libc::close(fd);
            return Err(e);
        }
        let flags = ifr.ifr_ifru.ifru_flags as libc::c_int;
        ifr.ifr_ifru.ifru_flags = (flags | libc::IFF_UP | libc::IFF_LOOPBACK) as libc::c_short;
        if libc::ioctl(
            fd,
            libc::SIOCSIFFLAGS as libc::c_ulong,
            &mut ifr as *mut libc::ifreq,
        ) < 0
        {
            let e = std::io::Error::last_os_error();
            libc::close(fd);
            return Err(e);
        }
        libc::close(fd);
        Ok(())
    }
}