From a933aee8d13d7b0b18434603882560610ecea06f Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 12:13:10 -0800 Subject: [PATCH 1/7] Improvements to the startProcess command --- vminitd/Sources/vminitd/Server+GRPC.swift | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index 9b9d9228..2aca74b8 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -593,6 +593,26 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid return .with { $0.pid = pid } + } catch let err as ContainerizationError { + log.error( + "startProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + switch err.code { + case .notFound: + throw GRPCStatus( + code: .notFound, + message: "startProcess: \(err)" + ) + default: + throw GRPCStatus( + code: .internalError, + message: "startProcess: failed to start process: \(err)" + ) + } } catch { log.error( "startProcess", @@ -601,6 +621,9 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid "containerID": "\(request.containerID)", "error": "\(error)", ]) + if error is GRPCStatus { + throw error + } throw GRPCStatus( code: .internalError, message: "startProcess: failed to start process: \(error)" From 07b66a44ec64b858e81394c1757eb4ff2d3daa95 Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 12:22:27 -0800 Subject: [PATCH 2/7] Improvements to the waitProcess command --- vminitd/Sources/vminitd/Server+GRPC.swift | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index 2aca74b8..b9ba31f2 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -697,6 +697,26 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid $0.exitCode = exitStatus.exitStatus $0.exitedAt = Google_Protobuf_Timestamp(date: exitStatus.exitedAt) } + } catch let err as ContainerizationError { + log.error( + "waitProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + switch err.code { + case .notFound: + throw GRPCStatus( + code: .notFound, + message: "waitProcess: \(err)" + ) + default: + throw GRPCStatus( + code: .internalError, + message: "waitProcess: failed to wait on process: \(err)" + ) + } } catch { log.error( "waitProcess", @@ -705,6 +725,9 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid "containerID": "\(request.containerID)", "error": "\(error)", ]) + if error is GRPCStatus { + throw error + } throw GRPCStatus( code: .internalError, message: "waitProcess: failed to wait on process: \(error)" From 0f564e6f0bd9e0157762e1e304ddc3e21db8e1eb Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 12:28:28 -0800 Subject: [PATCH 3/7] Improvements to the killProcess command --- vminitd/Sources/vminitd/Server+GRPC.swift | 46 ++++++++++++++++++----- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index b9ba31f2..d22bb53e 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -525,17 +525,45 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid "signal": "\(request.signal)", ]) - if !request.hasContainerID { - throw ContainerizationError( - .invalidArgument, - message: "processes in the root of the vm not implemented" - ) - } + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } - let ctr = try await self.state.get(container: request.containerID) - try await ctr.kill(execID: request.id, request.signal) + let ctr = try await self.state.get(container: request.containerID) + try await ctr.kill(execID: request.id, request.signal) - return .init() + return .init() + } catch let err as ContainerizationError { + log.error( + "killProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + switch err.code { + case .notFound: + throw GRPCStatus(code: .notFound, message: "killProcess: \(err)") + default: + throw GRPCStatus(code: .internalError, message: "killProcess: failed to kill process: \(err)") + } + } catch { + log.error( + "killProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + if error is GRPCStatus { + throw error + } + throw GRPCStatus(code: .internalError, message: "killProcess: failed to kill process: \(error)") + } } func deleteProcess( From 1396faea5575092330a9927de7dd8a5dea0a185e Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 12:37:29 -0800 Subject: [PATCH 4/7] Improve the deleteProcess command --- vminitd/Sources/vminitd/Server+GRPC.swift | 60 +++++++++++++++++------ 1 file changed, 44 insertions(+), 16 deletions(-) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index d22bb53e..4afa85f2 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -576,25 +576,53 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid "containerID": "\(request.containerID)", ]) - if !request.hasContainerID { - throw ContainerizationError( - .invalidArgument, - message: "processes in the root of the vm not implemented" - ) - } + do { + if !request.hasContainerID { + throw ContainerizationError( + .invalidArgument, + message: "processes in the root of the vm not implemented" + ) + } - let ctr = try await self.state.get(container: request.containerID) + let ctr = try await self.state.get(container: request.containerID) - // Are we trying to delete the container itself? - if request.id == request.containerID { - try await ctr.delete() - try await state.remove(container: request.id) - } else { - // Or just a single exec. - try await ctr.deleteExec(id: request.id) - } + // Are we trying to delete the container itself? + if request.id == request.containerID { + try await ctr.delete() + try await state.remove(container: request.id) + } else { + // Or just a single exec. + try await ctr.deleteExec(id: request.id) + } - return .init() + return .init() + } catch let err as ContainerizationError { + log.error( + "deleteProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(err)", + ]) + switch err.code { + case .notFound: + throw GRPCStatus(code: .notFound, message: "deleteProcess: \(err)") + default: + throw GRPCStatus(code: .internalError, message: "deleteProcess: \(err)") + } + } catch { + log.error( + "deleteProcess", + metadata: [ + "id": "\(request.id)", + "containerID": "\(request.containerID)", + "error": "\(error)", + ]) + if error is GRPCStatus { + throw error + } + throw GRPCStatus(code: .internalError, message: "deleteProcess: \(error)") + } } func startProcess( From 04444e699953bbc1e4cf3aa93db65610ade04243 Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 13:00:48 -0800 Subject: [PATCH 5/7] Improvements to the ipAddrAdd command --- vminitd/Sources/vminitd/Server+GRPC.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index 4afa85f2..c15510e5 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -876,7 +876,7 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid metadata: [ "error": "\(error)" ]) - throw GRPCStatus(code: .internalError, message: "ip-addr-add: \(error)") + throw GRPCStatus(code: .internalError, message: "failed to set IP address on interface \(request.interface): \(error)") } return .init() From e60d9ed6d7af9472ccc947cefe4fa33cda748e5f Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 13:06:20 -0800 Subject: [PATCH 6/7] Improvements to the ipRouteAddDefault command --- vminitd/Sources/vminitd/Server+GRPC.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index c15510e5..ae45f4d6 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -934,7 +934,7 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid metadata: [ "error": "\(error)" ]) - throw GRPCStatus(code: .internalError, message: "ip-route-add-default: \(error)") + throw GRPCStatus(code: .internalError, message: "failed to set default gateway on interface \(request.interface): \(error)") } return .init() From 5cc372e12c347055e58c50134872489a6085657c Mon Sep 17 00:00:00 2001 From: Dmitry Kovba Date: Tue, 4 Nov 2025 13:06:31 -0800 Subject: [PATCH 7/7] Improvements to the configureDns command --- vminitd/Sources/vminitd/Server+GRPC.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift index ae45f4d6..d36f25c5 100644 --- a/vminitd/Sources/vminitd/Server+GRPC.swift +++ b/vminitd/Sources/vminitd/Server+GRPC.swift @@ -975,7 +975,7 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid metadata: [ "error": "\(error)" ]) - throw GRPCStatus(code: .internalError, message: "configure-dns: \(error)") + throw GRPCStatus(code: .internalError, message: "failed to configure DNS at location \(request.location): \(error)") } return .init()