fix(shim): rewrite cgroups v2 parsing logic

[Mossaka]

this commit rewrites the cgroups v2 parsing logic in get_cgroup function which is used to fetch stats of a container. The reason for the rewrite was that in some cases the original logic would panic due to index of bound for parsing paths like

0::/kubepods-besteffort-pod162385e5_7f69_4c38_ba9c_db0a8f02b35e.slice:cri-containerd:278a0aac1fff30dfbc41b4a32ba9de4519928fe7480213dba87aa1498838ef34

we ran into this issue in deleting a spin container in the spin shim.

the rewrite replaces index access to properly propogate the error to the caller of the function and added a few unit tests for the parsing logic.

see more discussion spinframework/containerd-shim-spin#39, containerd/runwasi#418

[Mossaka]

The cgroups v2 parsing logic is inspired by https://github.com/opencontainers/runc/blob/1950892f69597aa844cbf000fbdf77610dda3a44/libcontainer/cgroups/fs2/defaultpath.go#L83

[jsturtevant]

Couple of questions:

• Is the path with colons like that valid?
• What is generating the path with colons and should this be fixed in the code generating the path to be more idiomatic?

[radu-matei]

I can validate that with this patch, what we are seeing in spinframework/containerd-shim-spin#39 is now fixed.

[jprendes]

LGTM.
Left minor comments.

[Mossaka]

Is the path with colons like that valid?

I think runc with Go impl can actually handle path with colons. So it should be valid.

What is generating the path with colons and should this be fixed in the code generating the path to be more idiomatic?

Maybe youki's libcgroups? I am not entirely sure

[Mossaka]

Could you please take a look, @mxpv 🙏?

[jsturtevant]

is there any concern about resolving symlinks or relative paths via canonicalize here?

[jsturtevant]

In the go implementation the path is cleaned here https://github.com/opencontainers/runc/blob/1950892f69597aa844cbf000fbdf77610dda3a44/libcontainer/cgroups/fs2/defaultpath.go#L48

[jprendes]

Testing is harder if the actual path has to exist. Maybe we can just normalize it instead of canonicalizing it, although rust's stdlib doesnt have a normalize method, that would require a 3rd party crate.

[jprendes]

Or do something like this:
https://github.com/containers/youki/blob/0b89e1d52089c8c328496dab02dcc2bcf5e1b53c/crates/libcontainer/src/utils.rs#L92

[Mossaka]

If I understand the Go's CleanPath correctly, it's like normalizing the path but without verifying it exists in the filesystem, unlick fs::canonicalize() right?

[jsturtevant]

I think the key is:

//  "This ensures that a
// path resulting from prepending another path will always resolve to lexically
// be a subdirectory of the prefixed path."

[jsturtevant]

In the go implementation the path is cleaned here https://github.com/opencontainers/runc/blob/1950892f69597aa844cbf000fbdf77610dda3a44/libcontainer/cgroups/fs2/defaultpath.go#L48

@Burning1020 @mxpv does this path need be cleaned? It is there in the go code but I am not sure if I completely understand why it is needed. If not we should be ok to merge this.

[mxpv]

Frankly speaking (in longer term) I think we should not carry cgroups related code in the shim crate. shim crate supposed to be the foundation for building new shim runtimes for containers on all platforms, without carrying any implementation details.

[Burning1020]

lgtm

[Mossaka]

I think there are two pending issues which are not resolved by this PR where I made an issue for each