Implement gvproxy networking using cmdline wrapper

Converts the host networking code in `podman machine` to use the
`Command` type introduced in containers/gvisor-tap-vsock#258

[NO NEW TESTS NEEDED]

Signed-off-by: Jake Correnti <[email protected]>

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/containers/buildah v1.31.1-0.20230722114901-5ece066f82c6
 	github.com/containers/common v0.55.1-0.20230816154734-519ed7fea9bd
 	github.com/containers/conmon v2.0.20+incompatible
+	github.com/containers/gvisor-tap-vsock v0.7.1-0.20230823110538-89946edb7545
 	github.com/containers/image/v5 v5.26.1-0.20230807184415-3fb422379cfa
 	github.com/containers/libhvee v0.4.0
 	github.com/containers/ocicrypt v1.1.8

go.sum

@@ -250,6 +250,8 @@ github.com/containers/common v0.55.1-0.20230816154734-519ed7fea9bd h1:fdpl099M/X
 github.com/containers/common v0.55.1-0.20230816154734-519ed7fea9bd/go.mod h1:wtIdVQKHf4U+UfIz9B1htNZqqEeMNysQOevHNiNrru0=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
+github.com/containers/gvisor-tap-vsock v0.7.1-0.20230823110538-89946edb7545 h1:hq/sMnlCrq1aOa65rhT1F9++4tINITKym0BmiNT0TU0=
+github.com/containers/gvisor-tap-vsock v0.7.1-0.20230823110538-89946edb7545/go.mod h1:xNPOjiOf6KX2rrMwlGhiqmb2Ujqg6dfhwS9u3V6Z3cA=
 github.com/containers/image/v5 v5.26.1-0.20230807184415-3fb422379cfa h1:wDfVQtc6ik2MvsUmu/YRSyBAE5YUxdjcEDtuT1q2KDo=
 github.com/containers/image/v5 v5.26.1-0.20230807184415-3fb422379cfa/go.mod h1:apL4qwq31NV0gsSZQJPxYyTH0yzWavmMCjT8vsQaXSk=
 github.com/containers/libhvee v0.4.0 h1:HGHIIExgP2PjwjHKKoQM3B+3qakNIZcmmkiAO4luAZE=

pkg/machine/applehv/machine.go

@@ -18,6 +18,7 @@ import (
 	"time"
 
 	"github.com/containers/common/pkg/config"
+	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/machine"
 	"github.com/containers/podman/v4/pkg/util"
@@ -822,21 +823,18 @@ func getVMInfos() ([]*machine.ListResponse, error) {
 // setupStartHostNetworkingCmd generates the cmd that will be used to start the
 // host networking. Includes the ssh port, gvproxy pid file, gvproxy socket, and
 // a debug flag depending on the logrus log level
-func (m *MacMachine) setupStartHostNetworkingCmd(gvProxyBinary, forwardSock string, state machine.APIForwardingState) []string {
-	cmd := []string{gvProxyBinary}
-	// Add the ssh port
-	cmd = append(cmd, []string{"-ssh-port", fmt.Sprintf("%d", m.Port)}...)
-	// Add pid file
-	cmd = append(cmd, "-pid-file", m.GvProxyPid.GetPath())
-	// Add vfkit proxy listen
-	cmd = append(cmd, "-listen-vfkit", fmt.Sprintf("unixgram://%s", m.GvProxySock.GetPath()))
-	cmd, forwardSock, state = m.setupAPIForwarding(cmd)
-	if logrus.GetLevel() == logrus.DebugLevel {
-		cmd = append(cmd, "--debug")
-		fmt.Println(cmd)
-	}
-
-	return cmd
+func (m *MacMachine) setupStartHostNetworkingCmd() (gvproxy.Command, string, machine.APIForwardingState) {
+	cmd := gvproxy.NewCommand()
+	cmd.SSHPort = m.Port
+	cmd.PidFile = m.GvProxyPid.GetPath()
+	cmd.AddVfkitSocket(fmt.Sprintf("unixgram://%s", m.GvProxySock.GetPath()))
+	cmd.Debug = logrus.GetLevel() == logrus.DebugLevel
+
+	if cmd.Debug {
+		defer fmt.Println(cmd.ToCmdline())
+	}
+
+	return m.setupAPIForwarding(cmd)
 }
 
 func (m *MacMachine) startHostNetworking(ioEater *os.File) (string, machine.APIForwardingState, error) {
@@ -874,23 +872,22 @@ func (m *MacMachine) startHostNetworking(ioEater *os.File) (string, machine.APIF
 		return "", machine.NoForwarding, err
 	}
 
-	attr := new(os.ProcAttr)
-	gvproxy, err := cfg.FindHelperBinary("gvproxy", false)
+	gvproxyBinary, err := cfg.FindHelperBinary("gvproxy", false)
 	if err != nil {
 		return "", 0, err
 	}
 
-	attr.Files = []*os.File{ioEater, ioEater, ioEater}
-	cmd := m.setupStartHostNetworkingCmd(gvproxy, forwardSock, state)
-
-	_, err = os.StartProcess(cmd[0], cmd, attr)
-	if err != nil {
-		return "", 0, fmt.Errorf("unable to execute: %q: %w", cmd, err)
+	cmd, forwardSock, state := m.setupStartHostNetworkingCmd()
+	c := cmd.Cmd(gvproxyBinary)
+	c.ExtraFiles = []*os.File{ioEater, ioEater, ioEater}
+	if err := c.Start(); err != nil {
+		return "", 0, fmt.Errorf("unable to execute: %q: %w", cmd.ToCmdline(), err)
 	}
+
 	return forwardSock, state, nil
 }
 
-func (m *MacMachine) setupAPIForwarding(cmd []string) ([]string, string, machine.APIForwardingState) {
+func (m *MacMachine) setupAPIForwarding(cmd gvproxy.Command) (gvproxy.Command, string, machine.APIForwardingState) {
 	socket, err := m.forwardSocketPath()
 	if err != nil {
 		return cmd, "", machine.NoForwarding
@@ -904,10 +901,10 @@ func (m *MacMachine) setupAPIForwarding(cmd []string) ([]string, string, machine
 		forwardUser = "root"
 	}
 
-	cmd = append(cmd, []string{"-forward-sock", socket.GetPath()}...)
-	cmd = append(cmd, []string{"-forward-dest", destSock}...)
-	cmd = append(cmd, []string{"-forward-user", forwardUser}...)
-	cmd = append(cmd, []string{"-forward-identity", m.IdentityPath}...)
+	cmd.AddForwardSock(socket.GetPath())
+	cmd.AddForwardDest(destSock)
+	cmd.AddForwardUser(forwardUser)
+	cmd.AddForwardIdentity(m.IdentityPath)
 
 	link, err := m.userGlobalSocketLink()
 	if err != nil {

pkg/machine/hyperv/machine.go

@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/containers/common/pkg/config"
+	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/libhvee/pkg/hypervctl"
 	"github.com/containers/podman/v4/pkg/machine"
 	"github.com/containers/podman/v4/pkg/util"
@@ -596,7 +597,6 @@ func (m *HyperVMachine) startHostNetworking() (string, machine.APIForwardingStat
 		return "", machine.NoForwarding, err
 	}
 
-	attr := new(os.ProcAttr)
 	dnr, dnw, err := machine.GetDevNullFiles()
 	if err != nil {
 		return "", machine.NoForwarding, err
@@ -613,31 +613,31 @@ func (m *HyperVMachine) startHostNetworking() (string, machine.APIForwardingStat
 		}
 	}()
 
-	gvproxy, err := cfg.FindHelperBinary("gvproxy.exe", false)
+	gvproxyBinary, err := cfg.FindHelperBinary("gvproxy.exe", false)
 	if err != nil {
 		return "", 0, err
 	}
 
-	attr.Files = []*os.File{dnr, dnw, dnw}
-	cmd := []string{gvproxy}
-	// Add the ssh port
-	cmd = append(cmd, []string{"-ssh-port", fmt.Sprintf("%d", m.Port)}...)
-	cmd = append(cmd, []string{"-listen", fmt.Sprintf("vsock://%s", m.NetworkHVSock.KeyName)}...)
-	cmd = append(cmd, "-pid-file", m.GvProxyPid.GetPath())
+	cmd := gvproxy.NewCommand()
+	cmd.SSHPort = m.Port
+	cmd.AddEndpoint(fmt.Sprintf("vsock://%s", m.NetworkHVSock.KeyName))
+	cmd.PidFile = m.GvProxyPid.GetPath()
 
 	cmd, forwardSock, state = m.setupAPIForwarding(cmd)
 	if logrus.GetLevel() == logrus.DebugLevel {
-		cmd = append(cmd, "--debug")
+		cmd.Debug = true
 		fmt.Println(cmd)
 	}
-	_, err = os.StartProcess(cmd[0], cmd, attr)
-	if err != nil {
+
+	c := cmd.Cmd(gvproxyBinary)
+	c.ExtraFiles = []*os.File{dnr, dnw, dnw}
+	if err := c.Start(); err != nil {
 		return "", 0, fmt.Errorf("unable to execute: %q: %w", cmd, err)
 	}
 	return forwardSock, state, nil
 }
 
-func (m *HyperVMachine) setupAPIForwarding(cmd []string) ([]string, string, machine.APIForwardingState) {
+func (m *HyperVMachine) setupAPIForwarding(cmd gvproxy.Command) (gvproxy.Command, string, machine.APIForwardingState) {
 	socket, err := m.forwardSocketPath()
 	if err != nil {
 		return cmd, "", machine.NoForwarding
@@ -651,10 +651,10 @@ func (m *HyperVMachine) setupAPIForwarding(cmd []string) ([]string, string, mach
 		forwardUser = "root"
 	}
 
-	cmd = append(cmd, []string{"-forward-sock", socket.GetPath()}...)
-	cmd = append(cmd, []string{"-forward-dest", destSock}...)
-	cmd = append(cmd, []string{"-forward-user", forwardUser}...)
-	cmd = append(cmd, []string{"-forward-identity", m.IdentityPath}...)
+	cmd.AddForwardSock(socket.GetPath())
+	cmd.AddForwardDest(destSock)
+	cmd.AddForwardUser(forwardUser)
+	cmd.AddForwardIdentity(m.IdentityPath)
 
 	return cmd, "", machine.MachineLocal
 }

pkg/machine/qemu/machine.go

@@ -22,6 +22,7 @@ import (
 	"time"
 
 	"github.com/containers/common/pkg/config"
+	gvproxy "github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/containers/podman/v4/pkg/machine"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/util"
@@ -1354,7 +1355,6 @@ func (v *MachineVM) startHostNetworking() (string, machine.APIForwardingState, e
 		return "", machine.NoForwarding, err
 	}
 
-	attr := new(os.ProcAttr)
 	dnr, dnw, err := machine.GetDevNullFiles()
 	if err != nil {
 		return "", machine.NoForwarding, err
@@ -1363,11 +1363,10 @@ func (v *MachineVM) startHostNetworking() (string, machine.APIForwardingState, e
 	defer dnr.Close()
 	defer dnw.Close()
 
-	attr.Files = []*os.File{dnr, dnw, dnw}
-	cmd := []string{binary}
-	cmd = append(cmd, []string{"-listen-qemu", fmt.Sprintf("unix://%s", v.QMPMonitor.Address.GetPath()), "-pid-file", v.PidFilePath.GetPath()}...)
-	// Add the ssh port
-	cmd = append(cmd, []string{"-ssh-port", fmt.Sprintf("%d", v.Port)}...)
+	cmd := gvproxy.NewCommand()
+	cmd.AddQemuSocket(fmt.Sprintf("unix://%s", v.QMPMonitor.Address.GetPath()))
+	cmd.PidFile = v.PidFilePath.GetPath()
+	cmd.SSHPort = v.Port
 
 	var forwardSock string
 	var state machine.APIForwardingState
@@ -1376,17 +1375,19 @@ func (v *MachineVM) startHostNetworking() (string, machine.APIForwardingState, e
 	}
 
 	if logrus.GetLevel() == logrus.DebugLevel {
-		cmd = append(cmd, "--debug")
+		cmd.Debug = true
 		fmt.Println(cmd)
 	}
-	_, err = os.StartProcess(cmd[0], cmd, attr)
-	if err != nil {
-		return "", 0, fmt.Errorf("unable to execute: %q: %w", cmd, err)
+
+	c := cmd.Cmd(binary)
+	c.ExtraFiles = []*os.File{dnr, dnw, dnw}
+	if err := c.Start(); err != nil {
+		return "", 0, fmt.Errorf("unable to execute: %q: %w", cmd.ToCmdline(), err)
 	}
 	return forwardSock, state, nil
 }
 
-func (v *MachineVM) setupAPIForwarding(cmd []string) ([]string, string, machine.APIForwardingState) {
+func (v *MachineVM) setupAPIForwarding(cmd gvproxy.Command) (gvproxy.Command, string, machine.APIForwardingState) {
 	socket, err := v.forwardSocketPath()
 
 	if err != nil {
@@ -1401,10 +1402,10 @@ func (v *MachineVM) setupAPIForwarding(cmd []string) ([]string, string, machine.
 		forwardUser = "root"
 	}
 
-	cmd = append(cmd, []string{"-forward-sock", socket.GetPath()}...)
-	cmd = append(cmd, []string{"-forward-dest", destSock}...)
-	cmd = append(cmd, []string{"-forward-user", forwardUser}...)
-	cmd = append(cmd, []string{"-forward-identity", v.IdentityPath}...)
+	cmd.AddForwardSock(socket.GetPath())
+	cmd.AddForwardDest(destSock)
+	cmd.AddForwardUser(forwardUser)
+	cmd.AddForwardIdentity(v.IdentityPath)
 
 	// The linking pattern is /var/run/docker.sock -> user global sock (link) -> machine sock (socket)
 	// This allows the helper to only have to maintain one constant target to the user, which can be