Fix review comments

acond/src/container.rs

@@ -249,7 +249,7 @@ impl Container {
 
         #[cfg(not(feature = "interactive"))]
         if _timeout == 0 {
-            Err(anyhow!(utils::ERR_RPC_NOT_SUPPORT_IA_MODE))
+            return Err(anyhow!(utils::ERR_RPC_INVALID_TIMEOUT));
         } else {
             let (crdstdin, pwrstdin) = unistd::pipe()?;
             fcntl::fcntl(pwrstdin, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC))?;
@@ -390,7 +390,11 @@ fn create_child(fork_args: &ForkArgs) -> Result<Pid> {
             unistd::write(cwrfd, &i32::from(pid).to_be_bytes())?;
             process::exit(0);
         }
-        Err(_) => Err(anyhow!(utils::ERR_RPC_FAIL_FORK)),
+        Err(errno) => {
+            return Err(anyhow!(
+                utils::ERR_RPC_SYSTEM_ERROR.replace("{}", format!("{}", errno).as_str())
+            ));
+        }
     }
 }
 
@@ -463,8 +467,10 @@ fn run_child(fork_args: &ForkArgs, slave: Option<i32>, cwrfd: i32, crdfd: i32) -
             return Ok(child);
         }
         Ok(ForkResult::Child) => (),
-        Err(_) => {
-            return Err(anyhow!(utils::ERR_RPC_FAIL_FORK));
+        Err(errno) => {
+            return Err(anyhow!(
+                utils::ERR_RPC_SYSTEM_ERROR.replace("{}", format!("{}", errno).as_str())
+            ));
         }
     }
 

acond/src/ipc.rs

@@ -165,7 +165,7 @@ async fn handle_request(stream: UnixStream, tx: mpsc::Sender<Request>) -> Result
         match stream.try_read(&mut msg_hdr_bytes) {
             Ok(n) => {
                 if n != msg_hdr_bytes.len() {
-                    resp_bytes = Some(utils::ERR_IPC_INVALID_REQ_FORMAT.as_bytes().to_vec());
+                    resp_bytes = Some(utils::ERR_IPC_INVALID_REQUEST.as_bytes().to_vec());
                 } else {
                     msg_hdr = bincode::deserialize(&msg_hdr_bytes)?;
                 }
@@ -184,7 +184,7 @@ async fn handle_request(stream: UnixStream, tx: mpsc::Sender<Request>) -> Result
             match stream.try_read(&mut data) {
                 Ok(n) => {
                     if n != data.len() {
-                        resp_bytes = Some(utils::ERR_IPC_INVALID_REQ_FORMAT.as_bytes().to_vec());
+                        resp_bytes = Some(utils::ERR_IPC_INVALID_REQUEST.as_bytes().to_vec());
                     } else {
                         msg_hdr_bytes.append(&mut data);
                     }
@@ -314,7 +314,7 @@ async fn dispatch_request(request: &Request, service: &AconService) -> Result<Ve
             }
         }
 
-        _ => Err(anyhow!(utils::ERR_IPC_NOT_SUPPORT_REQ)),
+        _ => Err(anyhow!(utils::ERR_IPC_NOT_SUPPORTED)),
     }
 }
 

acond/src/rpc.rs

@@ -47,7 +47,7 @@ impl AconService for TDAconService {
         let mut pod = ref_pod.write().await;
 
         if pod.finalized {
-            return Err(Status::permission_denied(utils::ERR_RPC_REJECT_MANIFEST));
+            return Err(Status::permission_denied(utils::ERR_RPC_MANIFEST_FINALIZED));
         }
 
         let verified = utils::verify_signature(manifest_bytes, signature_bytes, signer_bytes)
@@ -94,7 +94,9 @@ impl AconService for TDAconService {
             .is_manifest_accepted(&image)
             .map_err(|e| Status::unknown(e.to_string()))?;
         if !is_accepted {
-            return Err(Status::permission_denied(utils::ERR_RPC_REJECT_MANIFEST));
+            return Err(Status::permission_denied(
+                utils::ERR_RPC_INCOMPATIBLE_POLICY,
+            ));
         }
 
         utils::create_alias_link(&image).map_err(|e| Status::unknown(e.to_string()))?;
@@ -121,7 +123,7 @@ impl AconService for TDAconService {
         let mut pod = ref_pod.write().await;
 
         if pod.finalized {
-            return Err(Status::permission_denied(utils::ERR_RPC_REJECT_MANIFEST));
+            return Err(Status::permission_denied(utils::ERR_RPC_MANIFEST_FINALIZED));
         }
 
         utils::measure_image(None).map_err(|e| Status::unknown(e.to_string()))?;
@@ -305,9 +307,7 @@ impl AconService for TDAconService {
         }
 
         if !utils::start_with_uppercase(command) {
-            return Err(Status::invalid_argument(
-                utils::ERR_RPC_INVALID_COMMAND.replace("{}", command),
-            ));
+            return Err(Status::invalid_argument(utils::ERR_RPC_PRIVATE_ENTRYPOINT));
         }
 
         let ref_pod = self.pod.clone();
@@ -317,7 +317,7 @@ impl AconService for TDAconService {
             .ok_or_else(|| Status::invalid_argument(utils::ERR_RPC_INVALID_CONTAINER_ID))?;
 
         if !container.is_running() {
-            return Err(Status::unknown(utils::ERR_RPC_CONTAINER_EXITED));
+            return Err(Status::unknown(utils::ERR_RPC_CONTAINER_TERMINATED));
         }
 
         let (stdout, stderr) = container
@@ -343,7 +343,7 @@ impl AconService for TDAconService {
             .ok_or_else(|| Status::invalid_argument(utils::ERR_RPC_INVALID_CONTAINER_ID))?;
 
         if !container.is_running() {
-            return Err(Status::unknown(utils::ERR_RPC_CONTAINER_EXITED));
+            return Err(Status::unknown(utils::ERR_RPC_CONTAINER_TERMINATED));
         }
 
         let image = pod

acond/src/utils.rs

@@ -30,31 +30,31 @@ use std::{
 use tar::Archive;
 
 pub const REPORT_API_VERSION: &str = "1.0.0";
-pub const ERR_CFG_INVALID_VSOCK_PORT: &str = "Invalid kernel parameter: vsock port";
-pub const ERR_CFG_INVALID_TCPIP_PORT: &str = "Invalid kernel parameter: TCP/IP port";
-pub const ERR_CFG_INVALID_TIMEOUT: &str = "Invalid kernel parameter: timeout";
-pub const ERR_RPC_REJECT_MANIFEST: &str = "Manifest rejected according to the launch policy";
+pub const ERR_CFG_INVALID_VSOCK_PORT: &str = "Invalid kernel cmdline parameter - acond.vsock_port";
+pub const ERR_CFG_INVALID_TCPIP_PORT: &str = "Invalid kernel cmdline parameter - acond.tcp_port";
+pub const ERR_CFG_INVALID_TIMEOUT: &str = "Invalid kernel cmdline parameter - acond.timeout";
+pub const ERR_RPC_INCOMPATIBLE_POLICY: &str = "Incompatible polices";
+pub const ERR_RPC_MANIFEST_FINALIZED: &str = "Manifests finalized";
 pub const ERR_RPC_INVALID_SIGNATURE: &str = "Invalid digital signature";
 pub const ERR_RPC_INVALID_CERTIFICATE: &str = "Invalid certificate";
 pub const ERR_RPC_INVALID_HASH_ALGORITHM: &str = "Invalid hash algorithm";
-pub const ERR_RPC_REJECT_BLOB: &str = "Blob rejected as no manifests require the blob";
+pub const ERR_RPC_REJECT_BLOB: &str = "No referencing manifest";
 pub const ERR_RPC_INVALID_IMAGE_ID: &str = "Invalid Image ID";
 pub const ERR_RPC_INVALID_CONTAINER_ID: &str = "Invalid Container ID";
-pub const ERR_RPC_CONTAINER_EXITED: &str = "Container terminated";
+pub const ERR_RPC_CONTAINER_TERMINATED: &str = "Container terminated";
 pub const ERR_RPC_CONTAINER_RESTART_TIMEOUT: &str = "Timeout restarting container";
 pub const ERR_RPC_CONTAINER_NOT_ALLOW_RESTART: &str = "Restarting container not allowed";
 pub const ERR_RPC_CONTAINER_NOT_ALLOW_KILL: &str = "Signal not allowed";
 pub const ERR_RPC_NO_IMAGES: &str = "No images in current TD";
 pub const ERR_RPC_INVALID_LPOLICY_FORMAT: &str = "Invalid launch policy format";
 pub const ERR_RPC_INVALID_MALIAS_FORMAT: &str = "Invalid manifest alias format";
 #[cfg(not(feature = "interactive"))]
-pub const ERR_RPC_NOT_SUPPORT_IA_MODE: &str = "Interactive mode not supported";
-pub const ERR_RPC_FAIL_FORK: &str = "Fail to execute fork";
+pub const ERR_RPC_INVALID_TIMEOUT: &str = "Invalid timeout";
 pub const ERR_RPC_BUFFER_EXCEED: &str = "Stdin buffer size exceeds capture size";
-pub const ERR_RPC_INVALID_COMMAND: &str = "Command not start with a capital letter";
+pub const ERR_RPC_PRIVATE_ENTRYPOINT: &str = "Private entry point";
 pub const ERR_RPC_SYSTEM_ERROR: &str = "System error, errno: {}";
-pub const ERR_IPC_INVALID_REQ_FORMAT: &str = "Invalid request struct format";
-pub const ERR_IPC_NOT_SUPPORT_REQ: &str = "Request not supported";
+pub const ERR_IPC_INVALID_REQUEST: &str = "Invalid structure format";
+pub const ERR_IPC_NOT_SUPPORTED: &str = "Request not supported";
 
 const ATTEST_DEV_PATH: &str = "/dev/tdx_guest";
 const STORAGE_ROOT: &str = "/run/acond";