Add option to spawn processes as siblings

Signed-off-by: Jorge Prendes <[email protected]>

crates/libcontainer/src/container/builder_impl.rs

@@ -57,6 +57,8 @@ pub(super) struct ContainerBuilderImpl {
     pub stdout: Option<OwnedFd>,
     // RawFd set to stderr of the container init process.
     pub stderr: Option<OwnedFd>,
+    // Indicate if the init process should be a sibling of the main process.
+    pub as_sibling: bool,
 }
 
 impl ContainerBuilderImpl {
@@ -172,6 +174,7 @@ impl ContainerBuilderImpl {
             stdin: self.stdin.as_ref().map(|x| x.as_raw_fd()),
             stdout: self.stdout.as_ref().map(|x| x.as_raw_fd()),
             stderr: self.stderr.as_ref().map(|x| x.as_raw_fd()),
+            as_sibling: self.as_sibling,
         };
 
         let (init_pid, need_to_clean_up_intel_rdt_dir) =

crates/libcontainer/src/container/init_builder.rs

@@ -21,6 +21,7 @@ pub struct InitContainerBuilder {
     use_systemd: bool,
     detached: bool,
     no_pivot: bool,
+    as_sibling: bool,
 }
 
 impl InitContainerBuilder {
@@ -33,6 +34,7 @@ impl InitContainerBuilder {
             use_systemd: true,
             detached: true,
             no_pivot: false,
+            as_sibling: false,
         }
     }
 
@@ -42,6 +44,13 @@ impl InitContainerBuilder {
         self
     }
 
+    /// Sets if the init process should be run as a child or a sibling of
+    /// the calling process
+    pub fn as_sibling(mut self, as_sibling: bool) -> Self {
+        self.as_sibling = as_sibling;
+        self
+    }
+
     pub fn with_detach(mut self, detached: bool) -> Self {
         self.detached = detached;
         self
@@ -106,6 +115,7 @@ impl InitContainerBuilder {
             stdin: self.base.stdin,
             stdout: self.base.stdout,
             stderr: self.base.stderr,
+            as_sibling: self.as_sibling,
         };
 
         builder_impl.create()?;

crates/libcontainer/src/container/tenant_builder.rs

@@ -43,6 +43,7 @@ pub struct TenantContainerBuilder {
     capabilities: Vec<String>,
     process: Option<PathBuf>,
     detached: bool,
+    as_sibling: bool,
 }
 
 impl TenantContainerBuilder {
@@ -59,6 +60,7 @@ impl TenantContainerBuilder {
             capabilities: Vec::new(),
             process: None,
             detached: false,
+            as_sibling: false,
         }
     }
 
@@ -95,6 +97,13 @@ impl TenantContainerBuilder {
         self
     }
 
+    /// Sets if the init process should be run as a child or a sibling of
+    /// the calling process
+    pub fn as_sibling(mut self, as_sibling: bool) -> Self {
+        self.as_sibling = as_sibling;
+        self
+    }
+
     pub fn with_detach(mut self, detached: bool) -> Self {
         self.detached = detached;
         self
@@ -145,6 +154,7 @@ impl TenantContainerBuilder {
             stdin: self.base.stdin,
             stdout: self.base.stdout,
             stderr: self.base.stderr,
+            as_sibling: self.as_sibling,
         };
 
         let pid = builder_impl.create()?;

crates/libcontainer/src/process/args.rs

@@ -50,4 +50,6 @@ pub struct ContainerArgs {
     pub stdout: Option<RawFd>,
     // RawFd set to stderr of the container init process.
     pub stderr: Option<RawFd>,
+    // Indicate if the init process should be a sibling of the main process.
+    pub as_sibling: bool,
 }

crates/libcontainer/src/process/container_main_process.rs

@@ -84,7 +84,13 @@ pub fn container_main_process(container_args: &ContainerArgs) -> Result<(Pid, bo
         ProcessError::SyscallOther(err)
     })?;
 
-    let intermediate_pid = fork::container_clone(cb).map_err(|err| {
+    let container_clone_fn = if container_args.as_sibling {
+        fork::container_clone_sibling
+    } else {
+        fork::container_clone
+    };
+
+    let intermediate_pid = container_clone_fn(cb).map_err(|err| {
         tracing::error!("failed to fork intermediate process: {}", err);
         ProcessError::IntermediateProcessFailed(err)
     })?;