Update runc #1
Open
Update runc #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sebastiaan van Stijn (1): libct/userns: split userns detection from internal userns code LGTMs: kolyshkin cyphar
This reverts commit 20b95f2. > Conflicts: > libcontainer/init_linux.go Signed-off-by: Akihiro Suda <[email protected]>
For issue 4328 Signed-off-by: Akihiro Suda <[email protected]>
Add a CI job to ensure go fix produces no result. Quoting `go doc cmd/fix`: > Fix finds Go programs that use old APIs and rewrites them to use newer > ones. After you update to a new Go release, fix helps make the > necessary changes to your programs. Signed-off-by: Kir Kolyshkin <[email protected]>
ci/gha: add go-fix job
Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
The code already checked if err == nil above, so the linter complains:
> libcontainer/container_linux.go:534:18: nilness: tautological condition: non-nil != nil (govet)
> } else if err != nil {
> ^
Fix the issue, enable the check.
Signed-off-by: Kir Kolyshkin <[email protected]>
This function never returns error since 2016 (commit 556f798), so let's remove it. Signed-off-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Avi Deitcher <[email protected]>
The logic for how we create mountpoints is spread over each mountpoint preparation function, when in reality the behaviour is pretty uniform with only a handful of exceptions. So just move it all to one function that is easier to understand. Signed-off-by: Aleksa Sarai <[email protected]>
document how to build under alpine
…tpoint-refactor rootfs: consolidate mountpoint creation logic
Documentation was moved from https://docs.gtk.org/glib/gvariant-text.html to https://docs.gtk.org/glib/gvariant-text-format.html. Signed-off-by: ver4a <[email protected]>
Fix link to gvariant documentation in systemd docs.
In all the three cases, we check that the program returned non-zero exit code. This can be done in a much simpler manner. Signed-off-by: Kir Kolyshkin <[email protected]>
1. Rename current -> got, expected -> want. 2. check_cgroup_value: add file name to output. 3. Improve functions description. This is mostly to simplify debugging test failures. Example output before: current 500000 !? 500 After: cpu.max.burst: got 500000, want 500 Signed-off-by: Kir Kolyshkin <[email protected]>
A kernel bug which resulted in cpu.max.burst value read which is 1000 times smaller than it should be has recently been fixed (see [1]). Adapt the test so it works with either broken or fixed kernel. [1]: https://lore.kernel.org/all/[email protected]/ Signed-off-by: Kir Kolyshkin <[email protected]>
libct/int/seccomp_test: simplify exit code checks
Fix cpu burst test failure on newer kernels
Signed-off-by: lifubang <[email protected]>
[CI] ensure we can download the specific version's go
- drop Go 1.21; - add Go 1.23; - for a few jobs that were using Go 1.21, switch to 1.22; Also, bump go to 1.22 in go.mod. Signed-off-by: Kir Kolyshkin <[email protected]>
The warnings fixed were:
libcontainer/configs/config_test.go:205:12: printf: non-constant format string in call to (*testing.common).Errorf (govet)
t.Errorf(fmt.Sprintf("Expected error to not occur but it was %+v", err))
^
libcontainer/cgroups/fs/blkio_test.go:481:13: printf: non-constant format string in call to (*testing.common).Errorf (govet)
t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err))
^
libcontainer/cgroups/fs/blkio_test.go:595:13: printf: non-constant format string in call to (*testing.common).Errorf (govet)
t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err))
^
Signed-off-by: Kir Kolyshkin <[email protected]>
Add Go 1.23, drop 1.21
This reverts commit 9d9273c. This commit broke the build for several other projects (see comments here: opencontainers#4270, after the merge) and we don't really need this to be able to set the version without changing the file. With this commit reverted, we can still run: make VERSION="1.2.3" and it just works. It doesn't take it from an env variable, but that is what broke all the other projects (VERSION is just too generic as an env var, especially for a project like runc that is embedded in many others). Signed-off-by: Rodrigo Campos <[email protected]>
The following commands are moved from `contrib/cmd` to `tests/cmd`: - fs-idmap - pidfd-kill - recvtty - remap-rootfs - sd-helper - seccompagent Signed-off-by: Akihiro Suda <[email protected]>
Add this new make variable so users can specify build information without modifying the runc version nor the source code. Signed-off-by: Rodrigo Campos <[email protected]>
Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION
…/go_modules/github.com/cyphar/filepath-securejoin-0.3.6 build(deps): bump github.com/cyphar/filepath-securejoin from 0.3.5 to 0.3.6
…/go_modules/golang.org/x/net-0.33.0 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.16.0 to 0.17.0. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](cilium/ebpf@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…/go_modules/github.com/cilium/ebpf-0.17.0 build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.17.0 to 0.17.1. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](cilium/ebpf@v0.17.0...v0.17.1) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…/go_modules/github.com/cilium/ebpf-0.17.1
Adam Korczynski (1): remove broken fuzzer from oss-fuzz build script LGTMs: kolyshkin cyphar
Introduce a common parent struct `containerProcess`, let both `initProcess` and `setnsProcess` are inherited from it. Signed-off-by: lfbzhm <[email protected]>
refactor init and setns process
This allows to omit a call to c.currentOCIState (which can be somewhat costly when there are many annotations) when the hooks of a given kind won't be run. Signed-off-by: Kir Kolyshkin <[email protected]>
SpecState field of initConfig is only needed to run hooks that are executed inside a container -- namely CreateContainer and StartContainer. If these hooks are not configured, there is no need to fill, marshal and unmarshal SpecState. While at it, inline updateSpecState as it is trivial and only has one user. Signed-off-by: Kir Kolyshkin <[email protected]>
Move the nil check inside, simplifying the callers. Fixes: bfbd030 ("Add I/O priority") Fixes: 770728e ("Support `process.scheduler`") Signed-off-by: Kir Kolyshkin <[email protected]>
This code is not in libcontainer, meaning it is only used by a short lived binary (runc start/run/exec). Unlike code in libcontainer (see CreateLibcontainerConfig), here we don't have to care about copying the structures supplied as input, meaning we can just reuse the pointers directly. Fixes: bfbd030 ("Add I/O priority") Fixes: 770728e ("Support `process.scheduler`") Signed-off-by: Kir Kolyshkin <[email protected]>
For some reason, io priority is set in different places between runc start/run and runc exec: - for runc start/run, it is done in the middle of (*linuxStandardInit).Init, close to the place where we exec runc init. - for runc exec, it is done much earlier, in (*setnsProcess) start(). Let's move setIOPriority call for runc exec to (*linuxSetnsInit).Init, so it is in the same logical place as for runc start/run. Also, move the function itself to init_linux.go as it's part of init. Should not have any visible effect, except part of runc init is run with a different I/O priority. While at it, rename setIOPriority to setupIOPriority, and make it accept the whole *configs.Config, for uniformity with other similar functions. Fixes: bfbd030 ("Add I/O priority") Signed-off-by: Kir Kolyshkin <[email protected]>
This is an internal implementation detail and should not be either public or visible. Amend setIOPriority to do own class conversion. Fixes: bfbd030 ("Add I/O priority") Signed-off-by: Kir Kolyshkin <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
libct: add/use configs.HasHook
Bumps google.golang.org/protobuf from 1.36.0 to 1.36.1. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Fixups to scheduler/priority settings
Signed-off-by: Rin Arakaki <[email protected]>
…/go_modules/google.golang.org/protobuf-1.36.1 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1
Fix `go.mod` link in README.md
This helper was added for runc-dmz in commit dac4171, but runc-dmz was later removed in commit 871057d, which forgot to remove the helper. Signed-off-by: Kir Kolyshkin <[email protected]>
Kir Kolyshkin (1): libct/system: rm Fexecve LGTMs: lifubang cyphar
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.29.0. - [Commits](golang/sys@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…/go_modules/golang.org/x/sys-0.29.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.34.0. - [Commits](golang/net@v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…/go_modules/golang.org/x/net-0.34.0
commit 133359d Author: Nick Petrovic <[email protected]> Date: Fri Dec 22 13:15:28 2023 -0500 add config and tcp-skip-in-flight flags/options
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.