Implement cgroup v1/v2 detection and container lifecycle management

- Add cgroup.go with automatic v1/v2 detection
- Add container.go with state management (created, running, exited, failed)
- Implement rm, logs, and inspect CLI commands
- Update info command to show cgroup details
- Update ps command to show container states
- Store container metadata in state.json files

Co-authored-by: j143 <53068787+j143@users.noreply.github.com>

Author: Copilot

cgroup.go

@@ -0,0 +1,189 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+// CgroupVersion represents the cgroup version
+type CgroupVersion int
+
+const (
+	CgroupUnknown CgroupVersion = iota
+	CgroupV1
+	CgroupV2
+)
+
+// CgroupInfo contains information about cgroup capabilities
+type CgroupInfo struct {
+	Version         CgroupVersion
+	Available       bool
+	MemorySupported bool
+	CPUSupported    bool
+	BasePath        string
+	ErrorMessage    string
+}
+
+// DetectCgroupVersion detects whether the system uses cgroup v1 or v2
+func DetectCgroupVersion() CgroupInfo {
+	info := CgroupInfo{
+		Version:   CgroupUnknown,
+		Available: false,
+	}
+
+	// Check for cgroup v2 (unified hierarchy)
+	if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); err == nil {
+		info.Version = CgroupV2
+		info.BasePath = "/sys/fs/cgroup"
+		info.Available = true
+		
+		// Check if memory controller is available
+		controllersData, err := os.ReadFile("/sys/fs/cgroup/cgroup.controllers")
+		if err == nil {
+			controllers := string(controllersData)
+			info.MemorySupported = strings.Contains(controllers, "memory")
+			info.CPUSupported = strings.Contains(controllers, "cpu")
+		}
+		
+		return info
+	}
+
+	// Check for cgroup v1
+	if _, err := os.Stat("/sys/fs/cgroup/memory"); err == nil {
+		info.Version = CgroupV1
+		info.BasePath = "/sys/fs/cgroup"
+		info.Available = true
+		
+		// For v1, check if we can access the memory subsystem
+		memoryPath := "/sys/fs/cgroup/memory"
+		if stat, err := os.Stat(memoryPath); err == nil && stat.IsDir() {
+			info.MemorySupported = true
+		}
+		
+		// Check CPU subsystem
+		cpuPath := "/sys/fs/cgroup/cpu"
+		if stat, err := os.Stat(cpuPath); err == nil && stat.IsDir() {
+			info.CPUSupported = true
+		}
+		
+		return info
+	}
+
+	info.ErrorMessage = "No cgroup filesystem detected"
+	return info
+}
+
+// SetupCgroupsV2 sets up cgroups for v2 (unified hierarchy)
+func SetupCgroupsV2(containerID string, memoryLimit int64) error {
+	cgroupPath := filepath.Join("/sys/fs/cgroup/basic-docker", containerID)
+	
+	// Create the cgroup directory
+	if err := os.MkdirAll(cgroupPath, 0755); err != nil {
+		return fmt.Errorf("failed to create cgroup v2 directory: %w", err)
+	}
+
+	// Enable memory controller in subtree_control
+	parentControl := "/sys/fs/cgroup/basic-docker/cgroup.subtree_control"
+	// First ensure parent cgroup exists
+	parentPath := "/sys/fs/cgroup/basic-docker"
+	if err := os.MkdirAll(parentPath, 0755); err != nil {
+		return fmt.Errorf("failed to create parent cgroup: %w", err)
+	}
+	
+	// Try to enable memory controller
+	if err := os.WriteFile(parentControl, []byte("+memory"), 0644); err != nil {
+		// It's OK if this fails - may not have permission
+		// Continue without memory limits
+		return nil
+	}
+
+	// Set memory limit if supported
+	memoryMaxFile := filepath.Join(cgroupPath, "memory.max")
+	if err := os.WriteFile(memoryMaxFile, []byte(strconv.FormatInt(memoryLimit, 10)), 0644); err != nil {
+		// Not fatal - just means we can't set limits
+		return nil
+	}
+
+	// Add current process to cgroup
+	procsFile := filepath.Join(cgroupPath, "cgroup.procs")
+	pid := os.Getpid()
+	if err := os.WriteFile(procsFile, []byte(strconv.Itoa(pid)), 0644); err != nil {
+		return fmt.Errorf("failed to add process to cgroup: %w", err)
+	}
+
+	return nil
+}
+
+// SetupCgroupsV1 sets up cgroups for v1
+func SetupCgroupsV1(containerID string, memoryLimit int64) error {
+	cgroupPath := filepath.Join("/sys/fs/cgroup/memory/basic-docker", containerID)
+	
+	// Create the cgroup directory
+	if err := os.MkdirAll(cgroupPath, 0755); err != nil {
+		return fmt.Errorf("failed to create cgroup v1 directory: %w", err)
+	}
+
+	// Set memory limit
+	memoryLimitFile := filepath.Join(cgroupPath, "memory.limit_in_bytes")
+	if err := os.WriteFile(memoryLimitFile, []byte(strconv.FormatInt(memoryLimit, 10)), 0644); err != nil {
+		// Not fatal - just means we can't set limits
+		return nil
+	}
+
+	// Add current process to cgroup
+	procsFile := filepath.Join(cgroupPath, "cgroup.procs")
+	pid := os.Getpid()
+	if err := os.WriteFile(procsFile, []byte(strconv.Itoa(pid)), 0644); err != nil {
+		return fmt.Errorf("failed to add process to cgroup: %w", err)
+	}
+
+	return nil
+}
+
+// SetupCgroupsWithDetection automatically detects cgroup version and sets up accordingly
+func SetupCgroupsWithDetection(containerID string, memoryLimit int64) error {
+	info := DetectCgroupVersion()
+	
+	if !info.Available {
+		// Cgroups not available - degrade gracefully
+		return nil
+	}
+
+	switch info.Version {
+	case CgroupV2:
+		return SetupCgroupsV2(containerID, memoryLimit)
+	case CgroupV1:
+		return SetupCgroupsV1(containerID, memoryLimit)
+	default:
+		return nil
+	}
+}
+
+// CleanupCgroup removes the cgroup directory for a container
+func CleanupCgroup(containerID string) error {
+	info := DetectCgroupVersion()
+	
+	if !info.Available {
+		return nil
+	}
+
+	var cgroupPath string
+	switch info.Version {
+	case CgroupV2:
+		cgroupPath = filepath.Join("/sys/fs/cgroup/basic-docker", containerID)
+	case CgroupV1:
+		cgroupPath = filepath.Join("/sys/fs/cgroup/memory/basic-docker", containerID)
+	default:
+		return nil
+	}
+
+	// Remove the cgroup directory
+	if err := os.Remove(cgroupPath); err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("failed to remove cgroup: %w", err)
+	}
+
+	return nil
+}

container.go

@@ -0,0 +1,167 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+// ContainerState represents the state of a container
+type ContainerState string
+
+const (
+	StateCreated ContainerState = "created"
+	StateRunning ContainerState = "running"
+	StateExited  ContainerState = "exited"
+	StateFailed  ContainerState = "failed"
+)
+
+// ContainerMetadata contains the state and metadata of a container
+type ContainerMetadata struct {
+	ID          string         `json:"id"`
+	State       ContainerState `json:"state"`
+	Image       string         `json:"image"`
+	Command     string         `json:"command"`
+	Args        []string       `json:"args"`
+	CreatedAt   time.Time      `json:"created_at"`
+	StartedAt   *time.Time     `json:"started_at,omitempty"`
+	FinishedAt  *time.Time     `json:"finished_at,omitempty"`
+	ExitCode    *int           `json:"exit_code,omitempty"`
+	Error       string         `json:"error,omitempty"`
+	PID         int            `json:"pid,omitempty"`
+	RootfsPath  string         `json:"rootfs_path"`
+}
+
+// SaveContainerState saves the container state to disk
+func SaveContainerState(metadata ContainerMetadata) error {
+	containerDir := filepath.Join(baseDir, "containers", metadata.ID)
+	if err := os.MkdirAll(containerDir, 0755); err != nil {
+		return fmt.Errorf("failed to create container directory: %w", err)
+	}
+
+	stateFile := filepath.Join(containerDir, "state.json")
+	data, err := json.MarshalIndent(metadata, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal container state: %w", err)
+	}
+
+	if err := os.WriteFile(stateFile, data, 0644); err != nil {
+		return fmt.Errorf("failed to write container state: %w", err)
+	}
+
+	return nil
+}
+
+// LoadContainerState loads the container state from disk
+func LoadContainerState(containerID string) (*ContainerMetadata, error) {
+	stateFile := filepath.Join(baseDir, "containers", containerID, "state.json")
+	data, err := os.ReadFile(stateFile)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, fmt.Errorf("container %s not found", containerID)
+		}
+		return nil, fmt.Errorf("failed to read container state: %w", err)
+	}
+
+	var metadata ContainerMetadata
+	if err := json.Unmarshal(data, &metadata); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal container state: %w", err)
+	}
+
+	return &metadata, nil
+}
+
+// UpdateContainerState updates specific fields of the container state
+func UpdateContainerState(containerID string, updateFn func(*ContainerMetadata)) error {
+	metadata, err := LoadContainerState(containerID)
+	if err != nil {
+		return err
+	}
+
+	updateFn(metadata)
+
+	return SaveContainerState(*metadata)
+}
+
+// ListAllContainers lists all containers with their states
+func ListAllContainers() ([]ContainerMetadata, error) {
+	containerDir := filepath.Join(baseDir, "containers")
+	if _, err := os.Stat(containerDir); os.IsNotExist(err) {
+		return []ContainerMetadata{}, nil
+	}
+
+	entries, err := os.ReadDir(containerDir)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read containers directory: %w", err)
+	}
+
+	var containers []ContainerMetadata
+	for _, entry := range entries {
+		if !entry.IsDir() {
+			continue
+		}
+
+		containerID := entry.Name()
+		metadata, err := LoadContainerState(containerID)
+		if err != nil {
+			// If we can't load state, create a minimal metadata
+			metadata = &ContainerMetadata{
+				ID:    containerID,
+				State: StateExited,
+			}
+		}
+
+		containers = append(containers, *metadata)
+	}
+
+	return containers, nil
+}
+
+// RemoveContainer removes a container and its associated resources
+func RemoveContainer(containerID string) error {
+	// Load container state first
+	metadata, err := LoadContainerState(containerID)
+	if err != nil {
+		// If state doesn't exist, still try to remove directory
+		containerDir := filepath.Join(baseDir, "containers", containerID)
+		if err := os.RemoveAll(containerDir); err != nil {
+			return fmt.Errorf("failed to remove container directory: %w", err)
+		}
+		return nil
+	}
+
+	// Can't remove running containers
+	if metadata.State == StateRunning {
+		return fmt.Errorf("cannot remove running container %s (stop it first)", containerID)
+	}
+
+	// Clean up cgroup if it exists
+	if err := CleanupCgroup(containerID); err != nil {
+		fmt.Printf("Warning: failed to cleanup cgroup: %v\n", err)
+	}
+
+	// Remove container directory
+	containerDir := filepath.Join(baseDir, "containers", containerID)
+	if err := os.RemoveAll(containerDir); err != nil {
+		return fmt.Errorf("failed to remove container directory: %w", err)
+	}
+
+	return nil
+}
+
+// GetContainerLogs reads the logs from a container
+func GetContainerLogs(containerID string) (string, error) {
+	logFile := filepath.Join(baseDir, "containers", containerID, "stdout.log")
+	
+	data, err := os.ReadFile(logFile)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil // No logs yet
+		}
+		return "", fmt.Errorf("failed to read container logs: %w", err)
+	}
+
+	return string(data), nil
+}