updates

saehejkang · saehejkang · commit 7cd8a3615079 · 2026-06-01T22:14:20.000-07:00
diff --git a/Sources/Containerization/LinuxContainer.swift b/Sources/Containerization/LinuxContainer.swift
@@ -1014,14 +1014,15 @@ extension LinuxContainer {
     }
 
     // Perform filesystem operations in the container.
-    public func filesystemOperation(operation: FilesystemOperation, path: String) async throws {
+    public func filesystemOperation(operation: FilesystemOperation, path: String) async throws -> UInt64? {
         try await self.state.withLock {
             let state = try $0.startedState("filesystemOperation")
-            try await state.vm.withAgent { agent in
+            return try await state.vm.withAgent { agent in
                 guard let vminitd = agent as? Vminitd else {
                     throw ContainerizationError(.unsupported, message: "filesystemOperation requires Vminitd agent")
                 }
-                try await vminitd.filesystemOperation(operation: operation, path: path)
+                let guestPath = URL(filePath: Self.guestRootfsPath(self.id)).appending(path: path).path
+                return try await vminitd.filesystemOperation(operation: operation, path: guestPath)
             }
         }
     }
diff --git a/Sources/Containerization/VirtualMachineAgent.swift b/Sources/Containerization/VirtualMachineAgent.swift
@@ -41,7 +41,7 @@ public protocol VirtualMachineAgent: Sendable {
     /// Close any resources held by the agent.
     func close() async throws
     // Perform a filesystem operation on the given path.
-    func filesystemOperation(operation: FilesystemOperation, path: String) async throws
+    func filesystemOperation(operation: FilesystemOperation, path: String) async throws -> UInt64?
 
     // POSIX-y
     func getenv(key: String) async throws -> String
diff --git a/Sources/Containerization/Vminitd.swift b/Sources/Containerization/Vminitd.swift
@@ -203,12 +203,19 @@ extension Vminitd: VirtualMachineAgent {
     }
 
     /// Perform a filesystem operation on a path inside the sandbox's environment.
-    public func filesystemOperation(operation: FilesystemOperation, path: String) async throws {
-        _ = try await client.filesystemOperation(
+    public func filesystemOperation(operation: FilesystemOperation, path: String) async throws -> UInt64? {
+        let response = try await client.filesystemOperation(
             .with {
                 $0.operation = operation.toProtoOperation()
                 $0.path = path
             })
+
+        switch operation {
+        case .trim:
+            return response.trim.trimmedBytes
+        case .freeze, .thaw:
+            return nil
+        }
     }
 
     public func createProcess(
diff --git a/Sources/Integration/ContainerTests.swift b/Sources/Integration/ContainerTests.swift
@@ -4034,7 +4034,7 @@ extension IntegrationSuite {
             try await writerContainer.create()
             try await writerContainer.start()
 
-            try await writerContainer.filesystemOperation(operation: .freeze, path: "/data")
+            _ = try await writerContainer.filesystemOperation(operation: .freeze, path: "/data")
 
             let writeExec = try await writerContainer.exec("write-hello") { config in
                 config.arguments = ["/bin/sh", "-c", "echo hello > /data/hello.txt"]
@@ -4052,13 +4052,13 @@ extension IntegrationSuite {
                 try? FileManager.default.removeItem(at: cloneImageURL)
             }
 
-            try await writerContainer.filesystemOperation(operation: .thaw, path: "/data")
+            _ = try await writerContainer.filesystemOperation(operation: .thaw, path: "/data")
 
             try await writerContainer.kill(.kill)
             _ = try await writerContainer.wait()
             try await writerContainer.stop()
         } catch {
-            try? await writerContainer.filesystemOperation(operation: .thaw, path: "/data")
+            _ = try? await writerContainer.filesystemOperation(operation: .thaw, path: "/data")
             try? await writerContainer.stop()
             throw error
         }
@@ -4138,6 +4138,142 @@ extension IntegrationSuite {
         }
     }
 
+    func testTrimExt4Clone() async throws {
+        let id = "test-trim-ext4-clone"
+        let bs = try await bootstrap(id)
+
+        let diskImageURL = Self.testDir.appending(component: "\(id)-data.ext4")
+        try? FileManager.default.removeItem(at: diskImageURL)
+
+        let filesystem = try EXT4.Formatter(FilePath(diskImageURL.absolutePath()), minDiskSize: 64.mib())
+        try filesystem.close()
+
+        let cloneImageURL = Self.testDir.appending(component: "\(id)-data-clone.ext4")
+        try? FileManager.default.removeItem(at: cloneImageURL)
+
+        let writerContainer = try LinuxContainer("\(id)-writer", rootfs: bs.rootfs, vmm: bs.vmm) { config in
+            config.process.arguments = ["/bin/sleep", "1000"]
+            config.mounts.append(
+                Mount.block(
+                    format: "ext4",
+                    source: diskImageURL.absolutePath(),
+                    destination: "/data"
+                ))
+            config.bootLog = bs.bootLog
+        }
+
+        do {
+            try await writerContainer.create()
+            try await writerContainer.start()
+
+            let writeExec = try await writerContainer.exec("write-temp") { config in
+                config.arguments = [
+                    "/bin/sh",
+                    "-c",
+                    "dd if=/dev/zero of=/data/trim.dat bs=1M count=8 status=none && sync && rm /data/trim.dat && sync",
+                ]
+            }
+            try await writeExec.start()
+            let writeStatus = try await writeExec.wait()
+            try await writeExec.delete()
+            guard writeStatus.exitCode == 0 else {
+                throw IntegrationError.assert(msg: "trim setup exec failed with status \(writeStatus)")
+            }
+
+            let trimmedBytes = try await writerContainer.filesystemOperation(operation: .trim, path: "/data")
+            guard let trimmedBytes, trimmedBytes > 0 else {
+                throw IntegrationError.assert(msg: "expected trim to reclaim bytes")
+            }
+
+            try FileManager.default.copyItem(at: diskImageURL, to: cloneImageURL)
+            defer {
+                try? FileManager.default.removeItem(at: diskImageURL)
+                try? FileManager.default.removeItem(at: cloneImageURL)
+            }
+
+            try await writerContainer.kill(.kill)
+            _ = try await writerContainer.wait()
+            try await writerContainer.stop()
+        } catch {
+            try? await writerContainer.stop()
+            throw error
+        }
+
+        let verifyContainer = try LinuxContainer("\(id)-reader", rootfs: bs.rootfs, vmm: bs.vmm) { config in
+            config.mounts.append(
+                Mount.block(
+                    format: "ext4",
+                    source: cloneImageURL.absolutePath(),
+                    destination: "/data"
+                ))
+            config.process.arguments = ["/bin/sleep", "1000"]
+            config.bootLog = bs.bootLog
+        }
+
+        do {
+            try await verifyContainer.create()
+            try await verifyContainer.start()
+
+            let mountBuffer = BufferWriter()
+            let mountExec = try await verifyContainer.exec("verify-mount") { config in
+                config.arguments = ["/bin/sh", "-c", "grep ' /data ' /proc/mounts"]
+                config.stdout = mountBuffer
+            }
+            try await mountExec.start()
+            var status = try await mountExec.wait()
+            try await mountExec.delete()
+            guard status.exitCode == 0 else {
+                throw IntegrationError.assert(msg: "failed to verify /data mount, status \(status)")
+            }
+
+            let mountOutput = String(data: mountBuffer.data, encoding: .utf8) ?? ""
+            guard mountOutput.contains(" /data ") && mountOutput.contains(" ext4 ") else {
+                throw IntegrationError.assert(msg: "expected ext4 mount at /data, got: \(mountOutput)")
+            }
+
+            let dmesgBuffer = BufferWriter()
+            let dmesgExec = try await verifyContainer.exec("verify-dmesg-clean") { config in
+                config.arguments = [
+                    "/bin/sh", "-c",
+                    "if dmesg | grep -Eiq 'fsck|recovering journal|recovery complete'; then dmesg | grep -Ei 'fsck|recovering journal|recovery complete'; exit 1; fi",
+                ]
+                config.stdout = dmesgBuffer
+            }
+            try await dmesgExec.start()
+            status = try await dmesgExec.wait()
+            try await dmesgExec.delete()
+            guard status.exitCode == 0 else {
+                let dmesgOutput = String(data: dmesgBuffer.data, encoding: .utf8) ?? ""
+                throw IntegrationError.assert(msg: "dmesg indicates filesystem recovery on cloned image: \(dmesgOutput)")
+            }
+
+            let lsBuffer = BufferWriter()
+            let lsExec = try await verifyContainer.exec("verify-no-hello") { config in
+                config.arguments = ["ls", "-1", "/data"]
+                config.stdout = lsBuffer
+            }
+            try await lsExec.start()
+            status = try await lsExec.wait()
+            try await lsExec.delete()
+            guard status.exitCode == 0 else {
+                throw IntegrationError.assert(msg: "ls /data failed with status \(status)")
+            }
+
+            let lsOutput = String(data: lsBuffer.data, encoding: .utf8) ?? ""
+            let listedFiles = Set(lsOutput.split(whereSeparator: \.isNewline).map(String.init))
+            guard !listedFiles.contains("trim.dat") else {
+                throw IntegrationError.assert(msg: "expected cloned /data to not contain trim.dat, got: \(lsOutput)")
+            }
+
+            try await verifyContainer.kill(.kill)
+            _ = try await verifyContainer.wait()
+            try await verifyContainer.stop()
+        } catch {
+            try? await verifyContainer.stop()
+            throw error
+        }
+    }
+
     func testUseInitBasic() async throws {
         let id = "test-use-init-basic"
 
diff --git a/Sources/Integration/Suite.swift b/Sources/Integration/Suite.swift
@@ -351,6 +351,7 @@ struct IntegrationSuite: AsyncParsableCommand {
                 Test("container writable layer size", testWritableLayerSize),
                 Test("container writable layer DNS and hosts", testWritableLayerWithDNSAndHosts),
                 Test("container frozen ext4 clone", testFrozenExt4Clone),
+                Test("container trim ext4 clone", testTrimExt4Clone),
                 Test("large stdin input", testLargeStdinInput),
                 Test("exec large stdin input", testExecLargeStdinInput),
                 Test("exec custom path resolution", testExecCustomPathResolution),

Original file line number	Diff line number	Diff line change
`@@ -1014,14 +1014,15 @@ extension LinuxContainer {`
`1014`	`1014`	`}`
`1015`	`1015`
`1016`	`1016`	`// Perform filesystem operations in the container.`
`1017`		`- public func filesystemOperation(operation: FilesystemOperation, path: String) async throws {`
	`1017`	`+ public func filesystemOperation(operation: FilesystemOperation, path: String) async throws -> UInt64? {`
`1018`	`1018`	`try await self.state.withLock {`
`1019`	`1019`	`let state = try $0.startedState("filesystemOperation")`
`1020`		`- try await state.vm.withAgent { agent in`
	`1020`	`+ return try await state.vm.withAgent { agent in`
`1021`	`1021`	`guard let vminitd = agent as? Vminitd else {`
`1022`	`1022`	`throw ContainerizationError(.unsupported, message: "filesystemOperation requires Vminitd agent")`
`1023`	`1023`	`}`
`1024`		`- try await vminitd.filesystemOperation(operation: operation, path: path)`
	`1024`	`+ let guestPath = URL(filePath: Self.guestRootfsPath(self.id)).appending(path: path).path`
	`1025`	`+ return try await vminitd.filesystemOperation(operation: operation, path: guestPath)`
`1025`	`1026`	`}`
`1026`	`1027`	`}`
`1027`	`1028`	`}`