homebrew-ec-foss · HemanthKR07 · Aug 1, 2025 · Aug 5, 2025 · Aug 5, 2025 · Aug 6, 2025
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@
 bento_project_context_and_plan.txt
 architecture.md
 unit-test.md
+busybox
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/libbento/Cargo.toml b/crates/libbento/Cargo.toml
@@ -4,6 +4,10 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
-nix = { version = "0.30.1", features = ["sched", "process", "hostname", "user"] }
+nix = { version = "0.30.1", features = ["sched", "process", "hostname", "user", "fs", "mount"] }
 libc = "0.2.174"
-anyhow = "1.0.98"
+anyhow = "1.0"
+log = "0.4.27"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+libseccomp = "0.3"
diff --git a/crates/libbento/src/config.json b/crates/libbento/src/config.json
@@ -0,0 +1,5 @@
+{
+  "root": {
+    "path": "/tmp/bento_rootfs"
+  }
+}
diff --git a/crates/libbento/src/config.rs b/crates/libbento/src/config.rs
@@ -0,0 +1,18 @@
+use anyhow::Result;
+
+#[derive(Debug)]
+pub struct Config {
+    pub root: RootConfig,
+}
+
+#[derive(Debug)]
+pub struct RootConfig {
+    pub path: String,
+}
+
+pub fn load_config(container_id: &str) -> Result<Config> {
+    let root_path = format!("/run/container/{container_id}/rootfs");
+    Ok(Config {
+        root: RootConfig { path: root_path },
+    })
+}
diff --git a/crates/libbento/src/config2.rs b/crates/libbento/src/config2.rs
@@ -0,0 +1,33 @@
+// This file is trying to mimic the config.json file and call the seccomp module.
+use anyhow::{Context, Result};
+use serde::Deserialize;
+use std::{fs::File, io::Read, path::PathBuf};
+
+#[derive(Debug, Deserialize)]
+pub struct SeccompConfig {
+    #[serde(rename = "defaultAction")]
+    pub default_action: String, // this is for unspecified syscalls
+    pub architectures: Vec<String>,
+    pub syscalls: Vec<SyscallRule>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct SyscallRule {
+    pub names: Vec<String>,
+    pub action: String, // like Allow and Kill actions
+}
+
+fn get_path(container_id: &str) -> PathBuf {
+    PathBuf::from(format!("/run/container/{container_id}/config.json"))
+}
+
+pub fn load_config(container_id: &str) -> Result<SeccompConfig> {
+    let config_path = get_path(container_id);
+    let mut file = File::open(&config_path)
+        .with_context(|| format!("Failed to open config file at {}", config_path.display()))?;
+    let mut contents = String::new();
+    file.read_to_string(&mut contents)
+        .with_context(|| format!("Failed to read config file at {}", config_path.display()))?;
+    serde_json::from_str(&contents)
+        .with_context(|| format!("Failed to parse config file at {}", config_path.display()))
+}