From 65b5eacaa500e702b982c6848e1ffc18094bc9a9 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Fri, 9 Jun 2023 11:07:25 +0200 Subject: demo: with mknod and podman Splited common functions in web/common.sh and created new script for mknod demo. The demo uses the mount namespace of the caller. Additionally, this removes extra commented lines in demo/mknod.hjson. --- demo/mknod.hjson | 31 +---------------- web/common.sh | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ web/demo_connect.sh | 76 +----------------------------------------- web/demo_mknod_podman.sh | 72 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 160 insertions(+), 105 deletions(-) create mode 100644 web/common.sh create mode 100755 web/demo_mknod_podman.sh diff --git a/demo/mknod.hjson b/demo/mknod.hjson index 01f3c07..7055aee 100644 --- a/demo/mknod.hjson +++ b/demo/mknod.hjson @@ -26,37 +26,8 @@ "major": 1, "minor": { "tag": { "get": "minor" } } }, - "context": { "cwd": "caller" } + "context": { "mnt": "caller" } }, "return": { "value": 0 } } ] - -/* - * INTFLAGS, LONGFLAGS, U32FLAGS - * - * "field": { "in": [ "ipc", "mount", "uts" ] } - * flags & set - * !!(flags & (ipc | mount | ns)) - * - * "field": { "all": [ "ipc", "mount", "uts" ] } - * flags & set == set - * flags & (ipc | mount | ns) == (ipc | mount | ns) - * - * "field": { "not": [ "ipc", "mount", "uts" ] } - * !(flags & set) - * - * "field": { "ipc": false, "mount": true, "uts": false } - * flags & set == set - * !(flags & ipc) && (flags & mount) && !(flags & utc) - * - * "field": { "ipc" } - * flags == ipc - * - * INTMASK - * value = (target value & known values) - * - * INT, LONG, U32 - * "arg": { "in": [ 0, 1 ] } - * arg == 0 || arg == 1 - */ diff --git a/web/common.sh b/web/common.sh new file mode 100644 index 0000000..b815dd4 --- /dev/null +++ b/web/common.sh @@ -0,0 +1,86 @@ +#!/bin/sh -ef +# +# SPDX-License-Identifier: GPL-2.0-or-later +# +# web/demo_connect.sh: Prepare asciinema(1) demo for connect example +# +# Copyright (c) 2023 Red Hat GmbH +# Author: Stefano Brivio +# Alice Frosi + +SEITAN_DIR=$(pwd) + +setup_common() { + tmux new-session -d -s $SESSION + tmux send-keys -t $SESSION 'PS1="$ "' + tmux send-keys -t $SESSION C-m + tmux send-keys -t $SESSION clear + tmux send-keys -t $SESSION C-m + + tmux set -t $SESSION window-status-format '#W' + tmux set -t $SESSION window-status-current-format '#W' + tmux set -t $SESSION status-left '' + tmux set -t $SESSION window-status-separator '' + + tmux set -t $SESSION window-status-style 'bg=colour1 fg=colour15 bold' + tmux set -t $SESSION status-right '' + tmux set -t $SESSION status-style 'bg=colour1 fg=colour15 bold' + tmux set -t $SESSION status-right-style 'bg=colour1 fg=colour15 bold' + tmux send-keys -t $SESSION "cd ${SEITAN_DIR}" ENTER + sleep 1 +} + +script() { + IFS=' +' + for line in $(eval printf '%s\\\n' \$SCRIPT_${1}); do + unset IFS + case ${line} in + "@") tmux send-keys -t $SESSION C-m ;; + "#"*) sleep ${#line} ;; + *) cmd_write "${line}" ;; + esac + IFS=' +' + done + unset IFS +} + +cmd_write() { + __str="${@}" + while [ -n "${__str}" ]; do + __rem="${__str#?}" + __first="${__str%"$__rem"}" + if [ "${__first}" = ";" ]; then + tmux send-keys -t $SESSION -l '\;' + else + tmux send-keys -t $SESSION -l "${__first}" + fi + sleep 0.05 || : + __str="${__rem}" + done + sleep 2 + tmux send-keys -t $SESSION "C-m" +} + +wait_seitan_exit() { + while [ "$(pgrep seitan)" != "" ] ; do sleep 1; done +} + +clear_panes() { + wait_seitan_exit + panes=$(tmux list-panes |awk '{ print $1 }' | sed 's/://') + for p in $panes + do + tmux select-pane -t $p + tmux send-keys -t $SESSION clear + tmux send-keys -t $SESSION C-m + done + sleep 1 +} + +teardown_common() { + sleep 5 + tmux kill-session -t $SESSION + sleep 5 +} diff --git a/web/demo_connect.sh b/web/demo_connect.sh index ee6ffb0..0d27022 100755 --- a/web/demo_connect.sh +++ b/web/demo_connect.sh @@ -8,32 +8,13 @@ # Author: Stefano Brivio # Alice Frosi -SEITAN_DIR=$(pwd) SESSION=demo VIDEO=seitan-connect PSEITAN=1 PEATER=2 PSERVER=3 -setup_common() { - tmux new-session -d -s $SESSION - tmux send-keys -t $SESSION 'PS1="$ "' - tmux send-keys -t $SESSION C-m - tmux send-keys -t $SESSION clear - tmux send-keys -t $SESSION C-m - - tmux set -t $SESSION window-status-format '#W' - tmux set -t $SESSION window-status-current-format '#W' - tmux set -t $SESSION status-left '' - tmux set -t $SESSION window-status-separator '' - - tmux set -t $SESSION window-status-style 'bg=colour1 fg=colour15 bold' - tmux set -t $SESSION status-right '' - tmux set -t $SESSION status-style 'bg=colour1 fg=colour15 bold' - tmux set -t $SESSION status-right-style 'bg=colour1 fg=colour15 bold' - tmux send-keys -t $SESSION "cd ${SEITAN_DIR}" ENTER - sleep 1 -} +source web/common.sh split_panes() { tmux split-window -h @@ -80,61 +61,6 @@ SCRIPT_seitan=' ./seitan -p $(pgrep seitan-eater) -i demo/connect.gluten ' -cmd_write() { - __str="${@}" - while [ -n "${__str}" ]; do - __rem="${__str#?}" - __first="${__str%"$__rem"}" - if [ "${__first}" = ";" ]; then - tmux send-keys -t $SESSION -l '\;' - else - tmux send-keys -t $SESSION -l "${__first}" - fi - sleep 0.05 || : - __str="${__rem}" - done - sleep 2 - tmux send-keys -t $SESSION "C-m" -} - -script() { - IFS=' -' - for line in $(eval printf '%s\\\n' \$SCRIPT_${1}); do - unset IFS - case ${line} in - "@") tmux send-keys -t $SESSION C-m ;; - "#"*) sleep ${#line} ;; - *) cmd_write "${line}" ;; - esac - IFS=' -' - done - unset IFS -} - -wait_seitan_exit() { - while [ "$(pgrep seitan)" != "" ] ; do sleep 1; done -} - -clear_panes() { - wait_seitan_exit - panes=$(tmux list-panes |awk '{ print $1 }' | sed 's/://') - for p in $panes - do - tmux select-pane -t $p - tmux send-keys -t $SESSION clear - tmux send-keys -t $SESSION C-m - done - sleep 1 -} - -teardown_common() { - sleep 5 - tmux kill-session -t $SESSION - sleep 5 -} - printf '\e[8;22;80t' setup_common diff --git a/web/demo_mknod_podman.sh b/web/demo_mknod_podman.sh new file mode 100755 index 0000000..3650e18 --- /dev/null +++ b/web/demo_mknod_podman.sh @@ -0,0 +1,72 @@ +#!/bin/sh -ef + + +SESSION=dmknod +VIDEO=seitan-mknod +PSEITAN=2 +PPODMAN=1 +source web/common.sh + +split_panes() { + tmux split-window -h + tmux send-keys -t $SESSION 'PS1="$ " && clear' ENTER +} + +SCRIPT_podman_no_seitan=' +sudo podman run -ti \ + --runtime /usr/bin/crun -u 1000 \ + --rm --cap-drop ALL \ + quay.io/fedora/fedora \ + mknod /dev/lol c 1 7 +## +' + +SCRIPT_cooker=' +clear +cat demo/mknod.hjson +### +clear +./seitan-cooker demo/mknod.hjson demo/mknod.gluten demo/mknod.bpf +### +clear +' + +SCRIPT_seitan=' +sudo ./seitan -s /tmp/seitan.sock -i demo/mknod.gluten +## +' + +SCRIPT_podman_seitan=" +sudo podman run -ti --runtime /usr/bin/crun -u 1000 --rm --cap-drop ALL \\ + --annotation run.oci.seccomp_bpf_data=\"$(base64 -w0 demo/mknod.bpf)\" \ + --annotation run.oci.seccomp.receiver=/tmp/seitan.sock \\ + quay.io/fedora/fedora \\ + sh -c 'mknod /dev/lol c 1 7 && ls /dev/lol' +## +" + +# Pre-pull image before starting the recording +sudo podman pull quay.io/fedora/fedora + +setup_common + +tmux send-keys -t $SESSION -l 'reset' +tmux send-keys -t $SESSION C-m +tmux rename-window -t $SESSION 'Seitan demo: run mknod in container' +sleep 10 + +asciinema rec --overwrite ${VIDEO}.cast -c 'tmux attach -t $SESSION' & +tmux refresh-client + +script podman_no_seitan +script cooker + +# Start seitan and podman +split_panes +tmux select-pane -t $PSEITAN +script seitan +tmux select-pane -t $PPODMAN +script podman_seitan + +teardown_common +gzip -fk9 ${VIDEO}.cast -- cgit v1.2.3