Add SQLite connection pool and cgroups support with tests

Author: tayyebi

CMakeLists.txt

@@ -111,6 +111,29 @@ if(UNIX AND EXISTS "${CMAKE_SOURCE_DIR}/src/sandbox/ruleset.cpp")
   endif()
 endif()
 
+# SQLite pool test
+find_package(SQLite3)
+if (SQLite3_FOUND)
+  message(STATUS "Found SQLite3: ${SQLite3_LIBRARIES}")
+  add_executable(sqlite_pool_test tests/sqlite_pool_test.cpp src/services/sqlite_pool.cpp)
+  target_include_directories(sqlite_pool_test PRIVATE src)
+  target_link_libraries(sqlite_pool_test PRIVATE ${SQLite3_LIBRARIES})
+  add_test(NAME sqlite_pool_test COMMAND sqlite_pool_test)
+  set_tests_properties(sqlite_pool_test PROPERTIES LABELS "smoke;sqlite")
+  target_compile_definitions(native_node PRIVATE -DHAVE_SQLITE3=1)
+  target_link_libraries(native_node PRIVATE ${SQLite3_LIBRARIES})
+else()
+  message(WARNING "SQLite3 not found: sqlite pool tests will be skipped")
+endif()
+
+# cgroups v2 test
+if(UNIX)
+  add_executable(cgroups_test tests/cgroups_test.cpp src/sandbox/cgroups.cpp)
+  target_include_directories(cgroups_test PRIVATE src)
+  add_test(NAME cgroups_test COMMAND cgroups_test)
+  set_tests_properties(cgroups_test PROPERTIES LABELS "smoke;cgroups")
+endif()
+
 
 # Installation
 install(TARGETS native_node RUNTIME DESTINATION bin)

src/sandbox/cgroups.cpp

@@ -0,0 +1,63 @@
+#include "cgroups.h"
+#include <string>
+#include <fstream>
+#include <iostream>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <cerrno>
+#include <cstring>
+#include <sstream>
+
+namespace sandbox {
+
+static const std::string CGROUP_ROOT = "/sys/fs/cgroup";
+
+bool is_cgroup_v2_available() {
+    struct stat st;
+    std::string controllers = CGROUP_ROOT + "/cgroup.controllers";
+    if (stat(controllers.c_str(), &st) == 0) return true;
+    return false;
+}
+
+static bool write_file(const std::string& path, const std::string& data) {
+    std::ofstream ofs(path);
+    if (!ofs.is_open()) return false;
+    ofs << data;
+    return !ofs.fail();
+}
+
+std::string create_transient_cgroup(const std::string& name) {
+    if (!is_cgroup_v2_available()) return "";
+    std::string path = CGROUP_ROOT + "/" + name;
+    // mkdir
+    if (mkdir(path.c_str(), 0755) != 0) {
+        if (errno == EEXIST) return path;
+        std::cerr << "[cgroups] mkdir failed: " << strerror(errno) << std::endl;
+        return "";
+    }
+    return path;
+}
+
+bool add_pid_to_cgroup(const std::string& cgroup_path, pid_t pid) {
+    if (pid == 0) pid = getpid();
+    std::string procs = cgroup_path + "/cgroup.procs";
+    std::ostringstream ss;
+    ss << pid << "\n";
+    if (!write_file(procs, ss.str())) {
+        std::cerr << "[cgroups] failed to write pid to " << procs << std::endl;
+        return false;
+    }
+    return true;
+}
+
+bool remove_transient_cgroup(const std::string& cgroup_path) {
+    // attempt to rmdir (will fail if not empty)
+    if (rmdir(cgroup_path.c_str()) != 0) {
+        std::cerr << "[cgroups] rmdir failed: " << strerror(errno) << std::endl;
+        return false;
+    }
+    return true;
+}
+
+} // namespace sandbox

src/sandbox/cgroups.h

@@ -0,0 +1,21 @@
+#pragma once
+
+#include <string>
+
+namespace sandbox {
+
+// Detect whether cgroup v2 is available on this system (unified hierarchy)
+bool is_cgroup_v2_available();
+
+// Create a transient cgroup under the given base (e.g., "/sys/fs/cgroup") with the
+// provided name. Returns the full path of the created cgroup on success, empty string on failure.
+// Note: Requires appropriate privileges to write to the cgroup filesystem.
+std::string create_transient_cgroup(const std::string& name);
+
+// Add the current process (or PID) to the given cgroup path (full path), returns true on success.
+bool add_pid_to_cgroup(const std::string& cgroup_path, pid_t pid = 0);
+
+// Remove the transient cgroup; best effort.
+bool remove_transient_cgroup(const std::string& cgroup_path);
+
+} // namespace sandbox

src/services/services.cpp

@@ -1,6 +1,9 @@
 #include "services.h"
 #include <iostream>
 #include <atomic>
+#include "sqlite_pool.h"
+
+static std::unique_ptr<services::SQLiteConnectionPool> g_sqlite_pool;
 
 namespace services {
 
@@ -9,12 +12,23 @@ static std::atomic<bool> g_initialized{false};
 
 bool initialize() {
     std::cout << "[services] initializing (SQLite, MailApp, PropertyStore stubs)" << std::endl;
+    // Initialize SQLite connection pool (WAL mode)
+    g_sqlite_pool = std::make_unique<services::SQLiteConnectionPool>("./data/native_node.db", 4);
+    if (!g_sqlite_pool->initialize()) {
+        std::cerr << "[services] failed to initialize SQLite pool" << std::endl;
+        return false;
+    }
+
     g_initialized = true;
     return true;
 }
 
 void shutdown() {
     std::cout << "[services] shutdown" << std::endl;
+    if (g_sqlite_pool) {
+        g_sqlite_pool->shutdown();
+        g_sqlite_pool.reset();
+    }
     g_initialized = false;
 }
 

src/services/sqlite_pool.cpp

@@ -0,0 +1,96 @@
+#include "sqlite_pool.h"
+#include <iostream>
+#include <cassert>
+#include <thread>
+
+namespace services {
+
+SQLiteConnectionPool::SQLiteConnectionPool(const std::string& db_path, size_t pool_size)
+    : db_path_(db_path), pool_size_(pool_size) {}
+
+SQLiteConnectionPool::~SQLiteConnectionPool() {
+    shutdown();
+}
+
+bool SQLiteConnectionPool::initialize() {
+    std::lock_guard<std::mutex> lk(mtx_);
+    if (initialized_) return true;
+
+    conns_.resize(pool_size_, nullptr);
+    in_use_.assign(pool_size_, false);
+
+    for (size_t i = 0; i < pool_size_; ++i) {
+        sqlite3* db = nullptr;
+        int rc = sqlite3_open(db_path_.c_str(), &db);
+        if (rc != SQLITE_OK) {
+            std::cerr << "[sqlite_pool] failed to open db: " << sqlite3_errstr(rc) << std::endl;
+            // close previously opened
+            for (auto c : conns_) if (c) sqlite3_close(c);
+            return false;
+        }
+
+        // Enable WAL mode
+        char* errmsg = nullptr;
+        rc = sqlite3_exec(db, "PRAGMA journal_mode=WAL;", nullptr, nullptr, &errmsg);
+        if (rc != SQLITE_OK) {
+            std::cerr << "[sqlite_pool] failed to set WAL mode: " << (errmsg ? errmsg : "") << std::endl;
+            if (errmsg) sqlite3_free(errmsg);
+            sqlite3_close(db);
+            for (auto c : conns_) if (c) sqlite3_close(c);
+            return false;
+        }
+
+        conns_[i] = db;
+    }
+
+    initialized_ = true;
+    std::cout << "[sqlite_pool] initialized with " << pool_size_ << " connections (WAL enabled)" << std::endl;
+    return true;
+}
+
+void SQLiteConnectionPool::shutdown() {
+    std::lock_guard<std::mutex> lk(mtx_);
+    for (auto c : conns_) {
+        if (c) sqlite3_close(c);
+    }
+    conns_.clear();
+    in_use_.clear();
+    initialized_ = false;
+}
+
+sqlite3* SQLiteConnectionPool::acquire() {
+    std::unique_lock<std::mutex> lk(mtx_);
+    cv_.wait(lk, [this]() {
+        for (bool b : in_use_) if (!b) return true; return false;
+    });
+    for (size_t i = 0; i < conns_.size(); ++i) {
+        if (!in_use_[i]) {
+            in_use_[i] = true;
+            return conns_[i];
+        }
+    }
+    return nullptr; // should not reach
+}
+
+void SQLiteConnectionPool::release(sqlite3* conn) {
+    std::lock_guard<std::mutex> lk(mtx_);
+    for (size_t i = 0; i < conns_.size(); ++i) {
+        if (conns_[i] == conn) {
+            in_use_[i] = false;
+            cv_.notify_one();
+            return;
+        }
+    }
+}
+
+// SQLiteConnHandle
+SQLiteConnHandle::SQLiteConnHandle(SQLiteConnectionPool& pool, sqlite3* conn)
+    : pool_(pool), conn_(conn) {}
+
+SQLiteConnHandle::~SQLiteConnHandle() {
+    if (conn_) pool_.release(conn_);
+}
+
+sqlite3* SQLiteConnHandle::get() { return conn_; }
+
+} // namespace services

src/services/sqlite_pool.h

@@ -0,0 +1,49 @@
+#pragma once
+
+#include <string>
+#include <memory>
+#include <mutex>
+#include <condition_variable>
+#include <vector>
+#include <sqlite3.h>
+
+namespace services {
+
+// A simple fixed-size SQLite connection pool that opens multiple connections
+// to the same database file and sets WAL mode on each connection.
+class SQLiteConnectionPool {
+public:
+    explicit SQLiteConnectionPool(const std::string& db_path, size_t pool_size = 4);
+    ~SQLiteConnectionPool();
+
+    // Initialize the pool (open connections and set PRAGMA journal_mode=WAL)
+    bool initialize();
+    void shutdown();
+
+    // Acquire a sqlite3* connection from the pool. Blocks until available.
+    sqlite3* acquire();
+    // Release a connection back to the pool
+    void release(sqlite3* conn);
+
+private:
+    std::string db_path_;
+    size_t pool_size_;
+    std::vector<sqlite3*> conns_;
+    std::vector<bool> in_use_;
+    std::mutex mtx_;
+    std::condition_variable cv_;
+    bool initialized_ = false;
+};
+
+// RAII handle that returns connection to pool on destruction
+class SQLiteConnHandle {
+public:
+    SQLiteConnHandle(SQLiteConnectionPool& pool, sqlite3* conn);
+    ~SQLiteConnHandle();
+    sqlite3* get();
+private:
+    SQLiteConnectionPool& pool_;
+    sqlite3* conn_ = nullptr;
+};
+
+} // namespace services

tests/cgroups_test.cpp

@@ -0,0 +1,31 @@
+#include <iostream>
+#include "sandbox/cgroups.h"
+
+int main() {
+    std::cout << "cgroups_test: starting" << std::endl;
+    if (!sandbox::is_cgroup_v2_available()) {
+        std::cout << "cgroup v2 not available; skipping test" << std::endl;
+        return 0;
+    }
+
+    const std::string name = "native_node_test_12345";
+    std::string path = sandbox::create_transient_cgroup(name);
+    if (path.empty()) {
+        std::cerr << "failed to create transient cgroup (maybe insufficient privileges)" << std::endl;
+        return 2;
+    }
+
+    if (!sandbox::add_pid_to_cgroup(path)) {
+        std::cerr << "failed to add pid to cgroup" << std::endl;
+        sandbox::remove_transient_cgroup(path);
+        return 2;
+    }
+
+    if (!sandbox::remove_transient_cgroup(path)) {
+        std::cerr << "failed to remove cgroup (may need cleanup)" << std::endl;
+        return 2;
+    }
+
+    std::cout << "cgroups_test: succeeded" << std::endl;
+    return 0;
+}