LinuxContainer: Add ability to close stdin (#201)

This allows the user the ability to raise an EOF for the containers
stdin. Today there's no way to close stdin so something as simple as
"cat" and relying on EOF to move the process forward doesn't work

Author: dcantah

Sources/Containerization/Agent/Vminitd.swift

@@ -198,6 +198,16 @@ extension Vminitd: VirtualMachineAgent {
         _ = try await client.deleteProcess(request)
     }
 
+    public func closeProcessStdin(id: String, containerID: String?) async throws {
+        let request = Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest.with {
+            $0.id = id
+            if let containerID {
+                $0.containerID = containerID
+            }
+        }
+        _ = try await client.closeProcessStdin(request)
+    }
+
     public func up(name: String, mtu: UInt32? = nil) async throws {
         let request = Com_Apple_Containerization_Sandbox_V3_IpLinkSetRequest.with {
             $0.interface = name

Sources/Containerization/LinuxContainer.swift

@@ -715,6 +715,13 @@ extension LinuxContainer {
         return try await state.vm.dial(port)
     }
 
+    /// Close the containers standard input to signal no more input is
+    /// arriving.
+    public func closeStdin() async throws {
+        let state = try self.state.startedState("closeStdin")
+        return try await state.process.closeStdin()
+    }
+
     /// Relay a unix socket from in the container to the host, or from the host
     /// to inside the container.
     public func relayUnixSocket(socket: UnixSocketConfiguration) async throws {

Sources/Containerization/LinuxProcess.swift

@@ -211,8 +211,30 @@ extension LinuxProcess {
                                 try handle.write(contentsOf: data)
                             } catch {
                                 self.logger?.error("failed to write to stdin: \(error)")
+                                break
+                            }
+                        }
+
+                        do {
+                            self.logger?.debug("stdin relay finished, closing")
+
+                            // There's two ways we can wind up here:
+                            //
+                            // 1. The stream finished on its own (e.g. we wrote all the
+                            // data) and we will close the underlying stdin in the guest below.
+                            //
+                            // 2. The client explicitly called closeStdin() themselves
+                            // which will cancel this relay task AFTER actually closing
+                            // the fds. If the client did that, then this task will be
+                            // cancelled, and the fds are already gone so there's nothing
+                            // for us to do.
+                            if Task.isCancelled {
                                 return
                             }
+
+                            try await self._closeStdin()
+                        } catch {
+                            self.logger?.error("failed to close stdin: \(error)")
                         }
                     }
                 }
@@ -361,6 +383,28 @@ extension LinuxProcess {
         }
     }
 
+    public func closeStdin() async throws {
+        do {
+            try await self._closeStdin()
+            self.state.withLock {
+                $0.stdinRelay?.cancel()
+            }
+        } catch {
+            throw ContainerizationError(
+                .internalError,
+                message: "failed to close stdin",
+                cause: error,
+            )
+        }
+    }
+
+    func _closeStdin() async throws {
+        try await self.agent.closeProcessStdin(
+            id: self.id,
+            containerID: self.owningContainer
+        )
+    }
+
     /// Wait on the process to exit with an optional timeout. Returns the exit code of the process.
     @discardableResult
     public func wait(timeoutInSeconds: Int64? = nil) async throws -> Int32 {

Sources/Containerization/SandboxContext/SandboxContext.grpc.swift

@@ -104,6 +104,11 @@ public protocol Com_Apple_Containerization_Sandbox_V3_SandboxContextClientProtoc
     callOptions: CallOptions?
   ) -> UnaryCall<Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse>
 
+  func closeProcessStdin(
+    _ request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest,
+    callOptions: CallOptions?
+  ) -> UnaryCall<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>
+
   func proxyVsock(
     _ request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest,
     callOptions: CallOptions?
@@ -408,6 +413,24 @@ extension Com_Apple_Containerization_Sandbox_V3_SandboxContextClientProtocol {
     )
   }
 
+  /// Close IO for a given process.
+  ///
+  /// - Parameters:
+  ///   - request: Request to send to CloseProcessStdin.
+  ///   - callOptions: Call options.
+  /// - Returns: A `UnaryCall` with futures for the metadata, status and response.
+  public func closeProcessStdin(
+    _ request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest,
+    callOptions: CallOptions? = nil
+  ) -> UnaryCall<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse> {
+    return self.makeUnaryCall(
+      path: Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.closeProcessStdin.path,
+      request: request,
+      callOptions: callOptions ?? self.defaultCallOptions,
+      interceptors: self.interceptors?.makeCloseProcessStdinInterceptors() ?? []
+    )
+  }
+
   /// Proxy a vsock port to a unix domain socket in the guest, or vice versa.
   ///
   /// - Parameters:
@@ -704,6 +727,11 @@ public protocol Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncClientP
     callOptions: CallOptions?
   ) -> GRPCAsyncUnaryCall<Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse>
 
+  func makeCloseProcessStdinCall(
+    _ request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest,
+    callOptions: CallOptions?
+  ) -> GRPCAsyncUnaryCall<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>
+
   func makeProxyVsockCall(
     _ request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest,
     callOptions: CallOptions?
@@ -928,6 +956,18 @@ extension Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncClientProtoco
     )
   }
 
+  public func makeCloseProcessStdinCall(
+    _ request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest,
+    callOptions: CallOptions? = nil
+  ) -> GRPCAsyncUnaryCall<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse> {
+    return self.makeAsyncUnaryCall(
+      path: Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.closeProcessStdin.path,
+      request: request,
+      callOptions: callOptions ?? self.defaultCallOptions,
+      interceptors: self.interceptors?.makeCloseProcessStdinInterceptors() ?? []
+    )
+  }
+
   public func makeProxyVsockCall(
     _ request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest,
     callOptions: CallOptions? = nil
@@ -1207,6 +1247,18 @@ extension Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncClientProtoco
     )
   }
 
+  public func closeProcessStdin(
+    _ request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest,
+    callOptions: CallOptions? = nil
+  ) async throws -> Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse {
+    return try await self.performAsyncUnaryCall(
+      path: Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.closeProcessStdin.path,
+      request: request,
+      callOptions: callOptions ?? self.defaultCallOptions,
+      interceptors: self.interceptors?.makeCloseProcessStdinInterceptors() ?? []
+    )
+  }
+
   public func proxyVsock(
     _ request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest,
     callOptions: CallOptions? = nil
@@ -1377,6 +1429,9 @@ public protocol Com_Apple_Containerization_Sandbox_V3_SandboxContextClientInterc
   /// - Returns: Interceptors to use when invoking 'resizeProcess'.
   func makeResizeProcessInterceptors() -> [ClientInterceptor<Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse>]
 
+  /// - Returns: Interceptors to use when invoking 'closeProcessStdin'.
+  func makeCloseProcessStdinInterceptors() -> [ClientInterceptor<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>]
+
   /// - Returns: Interceptors to use when invoking 'proxyVsock'.
   func makeProxyVsockInterceptors() -> [ClientInterceptor<Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse>]
 
@@ -1424,6 +1479,7 @@ public enum Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata {
       Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.killProcess,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.waitProcess,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.resizeProcess,
+      Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.closeProcessStdin,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.proxyVsock,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.stopVsockProxy,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata.Methods.ipLinkSet,
@@ -1521,6 +1577,12 @@ public enum Com_Apple_Containerization_Sandbox_V3_SandboxContextClientMetadata {
       type: GRPCCallType.unary
     )
 
+    public static let closeProcessStdin = GRPCMethodDescriptor(
+      name: "CloseProcessStdin",
+      path: "/com.apple.containerization.sandbox.v3.SandboxContext/CloseProcessStdin",
+      type: GRPCCallType.unary
+    )
+
     public static let proxyVsock = GRPCMethodDescriptor(
       name: "ProxyVsock",
       path: "/com.apple.containerization.sandbox.v3.SandboxContext/ProxyVsock",
@@ -1626,6 +1688,9 @@ public protocol Com_Apple_Containerization_Sandbox_V3_SandboxContextProvider: Ca
   /// not have a pty allocated.
   func resizeProcess(request: Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, context: StatusOnlyCallContext) -> EventLoopFuture<Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse>
 
+  /// Close IO for a given process.
+  func closeProcessStdin(request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, context: StatusOnlyCallContext) -> EventLoopFuture<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>
+
   /// Proxy a vsock port to a unix domain socket in the guest, or vice versa.
   func proxyVsock(request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, context: StatusOnlyCallContext) -> EventLoopFuture<Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse>
 
@@ -1792,6 +1857,15 @@ extension Com_Apple_Containerization_Sandbox_V3_SandboxContextProvider {
         userFunction: self.resizeProcess(request:context:)
       )
 
+    case "CloseProcessStdin":
+      return UnaryServerHandler(
+        context: context,
+        requestDeserializer: ProtobufDeserializer<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest>(),
+        responseSerializer: ProtobufSerializer<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>(),
+        interceptors: self.interceptors?.makeCloseProcessStdinInterceptors() ?? [],
+        userFunction: self.closeProcessStdin(request:context:)
+      )
+
     case "ProxyVsock":
       return UnaryServerHandler(
         context: context,
@@ -1972,6 +2046,12 @@ public protocol Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvide
     context: GRPCAsyncServerCallContext
   ) async throws -> Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse
 
+  /// Close IO for a given process.
+  func closeProcessStdin(
+    request: Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest,
+    context: GRPCAsyncServerCallContext
+  ) async throws -> Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse
+
   /// Proxy a vsock port to a unix domain socket in the guest, or vice versa.
   func proxyVsock(
     request: Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest,
@@ -2172,6 +2252,15 @@ extension Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvider {
         wrapping: { try await self.resizeProcess(request: $0, context: $1) }
       )
 
+    case "CloseProcessStdin":
+      return GRPCAsyncServerHandler(
+        context: context,
+        requestDeserializer: ProtobufDeserializer<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest>(),
+        responseSerializer: ProtobufSerializer<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>(),
+        interceptors: self.interceptors?.makeCloseProcessStdinInterceptors() ?? [],
+        wrapping: { try await self.closeProcessStdin(request: $0, context: $1) }
+      )
+
     case "ProxyVsock":
       return GRPCAsyncServerHandler(
         context: context,
@@ -2317,6 +2406,10 @@ public protocol Com_Apple_Containerization_Sandbox_V3_SandboxContextServerInterc
   ///   Defaults to calling `self.makeInterceptors()`.
   func makeResizeProcessInterceptors() -> [ServerInterceptor<Com_Apple_Containerization_Sandbox_V3_ResizeProcessRequest, Com_Apple_Containerization_Sandbox_V3_ResizeProcessResponse>]
 
+  /// - Returns: Interceptors to use when handling 'closeProcessStdin'.
+  ///   Defaults to calling `self.makeInterceptors()`.
+  func makeCloseProcessStdinInterceptors() -> [ServerInterceptor<Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinRequest, Com_Apple_Containerization_Sandbox_V3_CloseProcessStdinResponse>]
+
   /// - Returns: Interceptors to use when handling 'proxyVsock'.
   ///   Defaults to calling `self.makeInterceptors()`.
   func makeProxyVsockInterceptors() -> [ServerInterceptor<Com_Apple_Containerization_Sandbox_V3_ProxyVsockRequest, Com_Apple_Containerization_Sandbox_V3_ProxyVsockResponse>]
@@ -2373,6 +2466,7 @@ public enum Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata {
       Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.killProcess,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.waitProcess,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.resizeProcess,
+      Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.closeProcessStdin,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.proxyVsock,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.stopVsockProxy,
       Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata.Methods.ipLinkSet,
@@ -2470,6 +2564,12 @@ public enum Com_Apple_Containerization_Sandbox_V3_SandboxContextServerMetadata {
       type: GRPCCallType.unary
     )
 
+    public static let closeProcessStdin = GRPCMethodDescriptor(
+      name: "CloseProcessStdin",
+      path: "/com.apple.containerization.sandbox.v3.SandboxContext/CloseProcessStdin",
+      type: GRPCCallType.unary
+    )
+
     public static let proxyVsock = GRPCMethodDescriptor(
       name: "ProxyVsock",
       path: "/com.apple.containerization.sandbox.v3.SandboxContext/ProxyVsock",