marma-dev
diff --git a/‎internal/vm/guestmanager/block_cims.go‎
Lines changed: 58 additions & 0 deletions b/‎internal/vm/guestmanager/block_cims.go‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎internal/vm/guestmanager/combinedlayers_lcow.go‎
Lines changed: 56 additions & 0 deletions b/‎internal/vm/guestmanager/combinedlayers_lcow.go‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎internal/vm/guestmanager/combinedlayers_wcow.go‎
Lines changed: 94 additions & 0 deletions b/‎internal/vm/guestmanager/combinedlayers_wcow.go‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎internal/vm/guestmanager/device_lcow.go‎
Lines changed: 75 additions & 0 deletions b/‎internal/vm/guestmanager/device_lcow.go‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎internal/vm/guestmanager/doc.go‎
Lines changed: 51 additions & 0 deletions b/‎internal/vm/guestmanager/doc.go‎
Lines changed: 51 additions & 0 deletions
@@ -0,0 +1,58 @@
+//go:build windows
+
+package guestmanager
+
+import (
+	"context"
+	"fmt"
+
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
+)
+
+// CIMsManager exposes guest WCOW block CIM operations.
+type CIMsManager interface {
+	// AddWCOWBlockCIMs adds WCOW block CIM mounts in the guest.
+	AddWCOWBlockCIMs(ctx context.Context, settings *guestresource.CWCOWBlockCIMMounts) error
+	// RemoveWCOWBlockCIMs removes WCOW block CIM mounts from the guest.
+	RemoveWCOWBlockCIMs(ctx context.Context, settings *guestresource.CWCOWBlockCIMMounts) error
+}
+
+var _ CIMsManager = (*Guest)(nil)
+
+// AddWCOWBlockCIMs adds WCOW block CIM mounts in the guest.
+func (gm *Guest) AddWCOWBlockCIMs(ctx context.Context, settings *guestresource.CWCOWBlockCIMMounts) error {
+	request := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeWCOWBlockCims,
+			RequestType:  guestrequest.RequestTypeAdd,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, request.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to add WCOW block CIMs: %w", err)
+	}
+
+	return nil
+}
+
+// RemoveWCOWBlockCIMs removes WCOW block CIM mounts in the guest.
+func (gm *Guest) RemoveWCOWBlockCIMs(ctx context.Context, settings *guestresource.CWCOWBlockCIMMounts) error {
+	request := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeWCOWBlockCims,
+			RequestType:  guestrequest.RequestTypeRemove,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, request.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to remove WCOW block CIMs: %w", err)
+	}
+
+	return nil
+}
@@ -0,0 +1,56 @@
+//go:build windows
+
+package guestmanager
+
+import (
+	"context"
+	"fmt"
+
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
+)
+
+// LCOWLayersManager exposes combined layer operations in the LCOW guest.
+type LCOWLayersManager interface {
+	// AddLCOWCombinedLayers adds combined layers to the LCOW guest.
+	AddLCOWCombinedLayers(ctx context.Context, settings guestresource.LCOWCombinedLayers) error
+	// RemoveLCOWCombinedLayers removes combined layers from the LCOW guest.
+	RemoveLCOWCombinedLayers(ctx context.Context, settings guestresource.LCOWCombinedLayers) error
+}
+
+var _ LCOWLayersManager = (*Guest)(nil)
+
+// AddLCOWCombinedLayers adds LCOW combined layers in the guest.
+func (gm *Guest) AddLCOWCombinedLayers(ctx context.Context, settings guestresource.LCOWCombinedLayers) error {
+	modifyRequest := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeCombinedLayers,
+			RequestType:  guestrequest.RequestTypeAdd,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, modifyRequest.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to add LCOW combined layers: %w", err)
+	}
+	return nil
+}
+
+// RemoveLCOWCombinedLayers removes LCOW combined layers in the guest.
+func (gm *Guest) RemoveLCOWCombinedLayers(ctx context.Context, settings guestresource.LCOWCombinedLayers) error {
+	modifyRequest := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeCombinedLayers,
+			RequestType:  guestrequest.RequestTypeRemove,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, modifyRequest.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to remove LCOW combined layers: %w", err)
+	}
+	return nil
+}
@@ -0,0 +1,94 @@
+//go:build windows
+
+package guestmanager
+
+import (
+	"context"
+	"fmt"
+
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
+)
+
+// WCOWLayersManager exposes combined layer operations in the WCOW guest.
+type WCOWLayersManager interface {
+	// AddWCOWCombinedLayers adds combined layers to the WCOW guest.
+	AddWCOWCombinedLayers(ctx context.Context, settings guestresource.WCOWCombinedLayers) error
+	// AddCWCOWCombinedLayers adds combined layers to the CWCOW guest.
+	AddCWCOWCombinedLayers(ctx context.Context, settings guestresource.CWCOWCombinedLayers) error
+	// RemoveWCOWCombinedLayers removes combined layers from the WCOW guest.
+	RemoveWCOWCombinedLayers(ctx context.Context, settings guestresource.WCOWCombinedLayers) error
+	// RemoveCWCOWCombinedLayers removes combined layers from the CWCOW guest.
+	RemoveCWCOWCombinedLayers(ctx context.Context, settings guestresource.CWCOWCombinedLayers) error
+}
+
+var _ WCOWLayersManager = (*Guest)(nil)
+
+// AddWCOWCombinedLayers adds WCOW combined layers in the guest.
+func (gm *Guest) AddWCOWCombinedLayers(ctx context.Context, settings guestresource.WCOWCombinedLayers) error {
+	modifyRequest := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeCombinedLayers,
+			RequestType:  guestrequest.RequestTypeAdd,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, modifyRequest.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to add WCOW combined layers: %w", err)
+	}
+	return nil
+}
+
+// AddCWCOWCombinedLayers adds combined layers in the CWCOW guest.
+func (gm *Guest) AddCWCOWCombinedLayers(ctx context.Context, settings guestresource.CWCOWCombinedLayers) error {
+	modifyRequest := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeCWCOWCombinedLayers,
+			RequestType:  guestrequest.RequestTypeAdd,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, modifyRequest.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to add CWCOW combined layers: %w", err)
+	}
+	return nil
+}
+
+// RemoveWCOWCombinedLayers removes WCOW combined layers in the guest.
+func (gm *Guest) RemoveWCOWCombinedLayers(ctx context.Context, settings guestresource.WCOWCombinedLayers) error {
+	modifyRequest := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeCombinedLayers,
+			RequestType:  guestrequest.RequestTypeRemove,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, modifyRequest.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to remove WCOW combined layers: %w", err)
+	}
+	return nil
+}
+
+// RemoveCWCOWCombinedLayers removes combined layers in CWCOW guest.
+func (gm *Guest) RemoveCWCOWCombinedLayers(ctx context.Context, settings guestresource.CWCOWCombinedLayers) error {
+	modifyRequest := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeCWCOWCombinedLayers,
+			RequestType:  guestrequest.RequestTypeRemove,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, modifyRequest.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to remove CWCOW combined layers: %w", err)
+	}
+	return nil
+}
@@ -0,0 +1,75 @@
+//go:build windows
+
+package guestmanager
+
+import (
+	"context"
+	"fmt"
+
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
+)
+
+// LCOWDeviceManager exposes VPCI and VPMem device operations in the LCOW guest.
+type LCOWDeviceManager interface {
+	// AddVPCIDevice adds a VPCI device to the guest.
+	AddVPCIDevice(ctx context.Context, settings guestresource.LCOWMappedVPCIDevice) error
+	// AddVPMemDevice adds a VPMem device to the guest.
+	AddVPMemDevice(ctx context.Context, settings guestresource.LCOWMappedVPMemDevice) error
+	// RemoveVPMemDevice removes a VPMem device from the guest.
+	RemoveVPMemDevice(ctx context.Context, settings guestresource.LCOWMappedVPMemDevice) error
+}
+
+var _ LCOWDeviceManager = (*Guest)(nil)
+
+// AddVPCIDevice adds a VPCI device in the guest.
+func (gm *Guest) AddVPCIDevice(ctx context.Context, settings guestresource.LCOWMappedVPCIDevice) error {
+	request := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeVPCIDevice,
+			RequestType:  guestrequest.RequestTypeAdd,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, request.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to add VPCI device: %w", err)
+	}
+	return nil
+}
+
+// AddVPMemDevice adds a VPMem device in the guest.
+func (gm *Guest) AddVPMemDevice(ctx context.Context, settings guestresource.LCOWMappedVPMemDevice) error {
+	request := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeVPMemDevice,
+			RequestType:  guestrequest.RequestTypeAdd,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, request.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to add VPMem device: %w", err)
+	}
+	return nil
+}
+
+// RemoveVPMemDevice removes a VPMem device in the guest.
+func (gm *Guest) RemoveVPMemDevice(ctx context.Context, settings guestresource.LCOWMappedVPMemDevice) error {
+	request := &hcsschema.ModifySettingRequest{
+		GuestRequest: guestrequest.ModificationRequest{
+			ResourceType: guestresource.ResourceTypeVPMemDevice,
+			RequestType:  guestrequest.RequestTypeRemove,
+			Settings:     settings,
+		},
+	}
+
+	err := gm.modify(ctx, request.GuestRequest)
+	if err != nil {
+		return fmt.Errorf("failed to remove VPMem device: %w", err)
+	}
+	return nil
+}
@@ -0,0 +1,51 @@
+//go:build windows
+
+/*
+Package guestmanager manages guest-side operations for utility VMs (UVMs) via the
+GCS (Guest Compute Service) connection.
+
+It provides a concrete [Guest] struct, a top-level [Manager] interface that
+aggregates connection lifecycle and container/process operations, and a set of
+granular resource-scoped manager interfaces:
+
+  - [Manager] – connection lifecycle, container and process creation, stack dumps,
+    and container state deletion.
+  - [LCOWNetworkManager] – add and remove network interfaces in an LCOW guest.
+  - [WCOWNetworkManager] – add and remove network interfaces and namespaces in a WCOW guest.
+  - [LCOWDirectoryManager] – map and unmap directories in an LCOW guest.
+  - [WCOWDirectoryManager] – map directories in a WCOW guest.
+  - [LCOWScsiManager] – add and remove mapped virtual disks and SCSI devices in an LCOW guest.
+  - [WCOWScsiManager] – add and remove mapped virtual disks and SCSI devices in a WCOW guest.
+  - [LCOWLayersManager] – add and remove combined layers in an LCOW guest.
+  - [WCOWLayersManager] – add and remove combined layers in a WCOW guest.
+  - [CIMsManager] – add and remove WCOW block CIM mounts.
+  - [LCOWDeviceManager] – add and remove VPCI and VPMem devices in an LCOW guest.
+  - [SecurityPolicyManager] – add security policies and inject policy fragments.
+
+All interfaces are implemented by [Guest].
+
+This package is strictly guest-side. It does not own or modify host-side UVM
+state; that is the responsibility of the sibling vmmanager package. It also does
+not store UVM host or guest state — state management belongs to the orchestration
+layer above.
+
+# Creating a Guest
+
+After the UVM has been started via vmmanager, create a [Guest] and establish the
+GCS connection:
+
+	g, err := guestmanager.New(ctx, uvm)
+	if err != nil { // handle error }
+	if err := g.CreateConnection(ctx); err != nil { // handle error }
+
+After the connection is established, use the manager interfaces for guest-side changes:
+
+	_ = g.AddLCOWNetworkInterface(ctx, &guestresource.LCOWNetworkAdapter{...})
+	_ = g.AddLCOWMappedVirtualDisk(ctx, guestresource.LCOWMappedVirtualDisk{...})
+
+# Layer Boundaries
+
+This package covers guest-side changes executed over the GCS connection. Host-side
+VM configuration and lifecycle operations belong in the sibling vmmanager package.
+*/
+package guestmanager